Yeah I think this was hastily done to prevent the XSS injection attacks that were happening IIRC. They implemented encoding for content, but looks like they never got around to fully decoding it.
Issue could've been avoided by just restricting the encoding to when the user types content in (and before database insertion), and decoding when showing the content in the UI.
Definitely. You'd love Allsides.com btw. Gives great info on how a topic is covered across the spectrum and summarizes them really well. There's an RSS feed for it too.
Yeah they'd have to maintain upgrades security patches etc and could get pricey depending on how much storage and bandwidth is involved.
Renovate is great. Plus there's just something about Github owning dependabot that always bothered me.
I wasn’t alerted that the post had been removed
Are we supposed to get notifications for post removals? I'd be in favor for that.
What do you think of this?
Think it's a terrible idea. For some reason people dont get that many of us are on the fediverse because we want to get as far away from anything that even remotely resembles, copies, piggybacks off of, or otherwise has anything to do with corporate-owned, centralized, ad-infested, user-hostile, privacy-invasive, social media platforms.
The issue with node is the single threading and having to scale with worker threads AFAIK
People always say this but its not technically correct and can be misleading.
Technically, JavaScript runs single threaded but not Node.js itself and certainly not when using it on the backend in something like Express. IO operations and other things tooling libraries do can cause you to run out of a thread pool. But Node.js, when handling requests, gives you much of the benefit of multithreading without having to deal with multithreaded code.
Yeah, JavaScript/TS doesn't get a great rep being used on the backend. But I use it on quite a few of my projects, one of which gets thousands of requests per minute. I was skeptical of whether or not using Node on the backend would hold up, but the performance has been stellar.. pretty surprising, actually.
It's going to be interesting to see the reaction of all of these people who are gladly giving away all of their private/personal data and online behaviors for free. Just makes it easier for these companies to censor, retaliate, or use it against them when they're ready.
chippy cards
If you use RSS feeds, you can use Open RSS. For instance you can subscribe to the comments on this post using this feed:
https://openrss.org/lemmy.world/post/4010300