Notices by Lorenzo Ancora :verified: (lorenzoancora@ieji.de)

@lxo no Alex, don't start victim blaming, it isn't worth it.😅

I don't really get upset about the mafia thing. I won't call you "racist". Nobody will raise the arm during your speech and call you racist. I never used this word in my life, because it sounds heavy and permanent.

As the entire world knows, we've created mafia and most of us (me included) don't get angry when others call us mafiosi. Mafia was born from desperation and is extremely common. Here we observe it every other day.
If I were a mafioso for real, discussion wouldn't be an option. But I'm friendly, even if I have to be bitter. Just remember to not use that word lightly if possible. It still hurts a bit.🙂

I thought an FSF board member would've been able to solve such a simple issue in days, if not minutes.
The reason why I'm upset with you is that nobody got in touch with me in 3 months, so I had the impression that you didn't pass anything to anyone. Or that you've been ignored like a person without weight.

@lxo and I hear "he's Italian so he's also a mafioso for sure" pitch. Don't worry, we are accustomed to that. 🤣

I'm not asking for an economic compensation. I want the Board to suspend the abuser for a fair amount of time and revert the misconfigurations he introduced. Nothing more.

See I'm doing everything possible to cultivate a friendly environment for everybody. Alex, don't you think my requests are most rightful? 🙂

@lxo sure you don't want to assist me before that? Xmas is near.🙂

@lxo note, only if you really care. I'm just trying really hard to avoid the DIY, which would harm some FSF projects. I also pictured volunteers raising the issue during speeches and events.😅

See that "pushing you around" is the last of my intentions, I'm friendly.

If you want to assist me, please get in touch via same old encrypted email this week. Don't forget man.👋

@lxo did you have a good holiday trip?🙂

@lxo you forgot again and 3 months w/o progress are enough. 😐

Bilateral losses seem now acceptable outcomes. I'll restore fairness personally during Xmas.

Ireland started a Pause Before You Post Awareness Campaign: sharing photos and videos of children online can lead to unintended oversharing of personal data, which, in the wrong hands, can have serious consequences. Wise initiative!

#socialmedia #video #photography #privacy #children #child #kids #safety #ireland

@lxo you're welcome. Don't worry, my name is hard to pronounce and remember for non-Italian speakers. 2018..2021+, you'll find everything you need on my website. (enable JS)

I'll get in touch with you in the weekend.👋

@lxo 2 emails in, 1 week has passed, still no answer.🪦📬

@Suiseiseki no, server-side any language (PHP, Python, Perl, C, ...) can be used to process and answer AJAX (JavaScript background requests). There is little difference from standard web requests.

If there is no documentation, it means the endpoint is just ad-hoc for internal use (Official website↔server or Official client↔server) and forbidden to 3rd party access. Abusing internal endpoints may violate the ToS or even be a felony, regardless of the goal and depending on the damage caused. 😅

>>Browsing the web safely and correctly requires modern web browsers, like Mozilla Firefox, Chromium/Google Chrome or Microsoft Edge, updated to their latest stable version.
>Those browsers contain malware
> Firefox also contains malware

@Suiseiseki all these browsers are widely used and perfectly safe.😅

I've asked you 3 times to not spread misinformation here. I can't allow you to terrorize the FOSS volunteers and the readers this way.

> Only cowards block.

Don't mix cowardice with wisdom.

@Suiseiseki text-only web browsers can have a smaller attack surface, but they are still susceptible to many XML-based and network-based attacks and are largely incompatible with any modern web application (like online banking, chats, games, ...) and with most websites which express through multimedia.

Browsing the web safely and correctly requires modern web browsers, like Mozilla Firefox, Chromium/Google Chrome or Microsoft Edge, updated to their latest stable version.

> Such sites do in fact still have an API - an undocumented JavaScript one
> wipe the entire EU off the face of the planet

@Suiseiseki if you keep talking about politics or intentionally sharing false information to scare the users I'll be forced to block you. This is the 3rd time I've asked you to stay on-topic. 😅

@lispi314 I don't want political discussions in my profile and I don't want to be involved in old ideologies. 😅

Let's focus on tech. Thank you in advance.

@Suiseiseki @tennoseremel

@lispi314 politics are divisive and are best fitted for dedicated channels, instead of intruding in technical discussions.

FOSS is a social movement which thrives on unity, so I'm kindly inviting you one last time in considering party politics as off-topic when discussing with me. 😅

@Suiseiseki if you don't update your web browser, every attack is possible with and without JS.

JS already requires permissions for critical operation.

JS requests are subject to CORS and cannot be arbitrary.

Web apps from YouTube to your bank need same-domain background requests to work, its normal.

Unless both the DNS and the site is compromised and you are specifically targeted, JavaScript can't hack your LAN.

JavaScript is executed in a sandbox and sometimes cached, never installed.

@coolbean public APIs existed for many websites, but were disabled years ago due to widespread (and extremely harmful) abuse by humans and bots alike.

Online banking apps are compulsory in the European Union, because hard-to-predict 2FA algorithms and system analysis are required by law. The standalone hardware key generators were banned years ago.

Online banking APIs exist, but are not public and reserved to corporate customers.

@Suiseiseki @tennoseremel @quasi @lxo @lispi314

@Suiseiseki we could say the same for Microsoft Visual Studio Code and other modern IDEs. Or for any interpreter really.

Emacs isn't special, stop obsessing over it. 😅

@Suiseiseki maybe I didn't explain myself: the verification of data integrity and correctness happens server-side too, not only client-side.

JavaScript is also needed to guarantee compatibility with older web browsers which don't support all HTML5 features. In addition, HTML5 forms can check the input for syntactical correctness, but cannot process nor alter collected data.

JavaScript exists for a good reason. 😅

@Suiseiseki the average user won't install a dedicated app only to browse a random website. 🤣

@tennoseremel @quasi @lxo @lispi314