Skull giver

Having worked for a software company that needed translation services, I can confirm that translation software is indeed very necessary.

People would notice when the word “date” is interpreted as “date on a calendar” in one file and “romantic event” in another, but AI sure doesn’t.

Even Google’s apps have broken Dutch translations by reusing existing strings for different contexts that don’t mean the same elsewhere. “Search” gets translated to different words depending on if it’s used a noun or a verb, for fucks sake!

Hey, if Valve gets to wipe home directories in released software, developers should get the chance to do it in their test code.

Local folders are traditionally meant for protocols like POP3, where the standard procedure for email is to get downloaded and deleted from the server. IMAP is designed to keep email on the server, like you’d expect in most cases.

You can copy mail to local folders as a backup, but the problem you encountered is that the protocol was technically right, but you didn’t know about the details of migrating email providers. This problem should only happen in two scenarios: when your email vendor seriously fucks up, or when you migrate mail servers without first copying all the email over. As long as you keep backups for the first scenario, and remember to copy over email first during the next migration, you should be in the clear.

You can use your email in whatever method you prefer, of course. I prefer to keep email centralised around my server. If you’re going local-first, you could consider using the older POP3 protocol instead, which is more local-oriented.

If you have your client configured for IMAP, Thunderbird will synchronise with the new server.

If you did not transfer your emails from your old server to your new server, that means the new state is “empty inbox” and synchronising means “removing everything that’s available locally”.

To fix this, either do a server-to-server transfer from the old email provider to the new one (there are tools to do that, like imapsync), or try importing emails from a backup into Thunderbird after synchronisation succeeds, so that Thunderbird will upload the messages. It’s possible that you will need to use a tool to rewrite the message IDs so that Thunderbird treats the messages as new items.

If you have already cancelled your old server provider (so a server-to-server transfer is not possible), restoring from backups may be your only solution.

If you don’t have any backups, your email may not be lost. The first thing you need to do is copy Thunderbird’s data folder to a backup location, just in case Thunderbird tries to do maintenance on the file while you’re performing recovery. Then, use a tool like Thunderbird Reset Status (I can’t quickly find a more up to date tool but they probably exist) to unmark the emails in the Thunderbird mail store as deleted. Then set up backups for your new mail server.

If you use the trick above and Thunderbird starts deleting emails again, repeat the trick but break the email account settings first. Then, set up a second connection to your email account, drag over all the undeleted emails so they get uploaded to the new server.

Mastodon is just one of many applications that uses AP for their own custom purposes. MissKey and derived software has some kind of emoji response feature to posts that’s basically unimplemented anywhere else. Lemmy’s boosting trick to make comment sync make interoperability with timeline based social media a spamfest.

Maybe I should check again, but last time I looked into it there were no commonly used ActivityPub compliant servers. Everyone does their own thing just a little different to make the protocol work for their purposes. Even similar tools (see: MissKey/Mastodon, Lemmy/Kbin) took a while to actually interoperate.

As far as I can tell, the idea behind the original design, where servers are mostly content agnostic and clients decide on rendering content in specific ways, hasn’t been executed by anyone; servers and clients have been mixed together for practical reasons and that’s why we get these issues.

Building trust is hard. It’s easier to trust a few companies than to trust a million unknown servers. It’s why I prefer Wikipedia over amazingnotskgeneratedatalltopicalinformarion.biz when I’m looking up simple facts.

Furthermore, Facebook isn’t selling data directly. At least, not if they’re following the law. They got caught doing and fined doing that once and it’s not their main mode of operation. Like Google, their data is their gold mine, selling it directly would be corporate suicide. They simply provide advertisers with spots to put an ad, but when it comes to data processing, they’re doing all the work before advertisers get a chance to look at a user’s profile.

On the other hand, scraping ActivityPub for advertisers would be trivial. It’d be silly to go through the trouble to set up something like Threads if all you want is information, a basic AP server that follows ever Lemmy community and soaks up gigabytes an hour can be written as a weekend project.

Various Chinese data centers are scraping the hell out of my server, and they carry referer headers from other Fediverse servers. I’ve blocked half of East Asia and new IP addresses keep popping up. Whatever data you think Facebook may be selling, someone else is already selling based on your Fediverse behaviour. Whatever Petal Search and all the others are doing, I don’t believe for a second they’re being honest about it.

Most Fediverse software defaults to federation and accepting inbound follow requests. At least, Mastodon, Lemmy, GoToSocial, Kbin, and one of those fish named mastodonlikes did. Profiles are often public by default too. The vulnerability applies to a large section of the Fediverse default settings.

I’d like to think people would switch to the Fediverse despite the paradigm shift. The privacy risks are still there if there’s only one company managing them, so I’d prefer it if people used appropriate tools for sharing private stuff. I think platforms like Circles (a Matrix-based social media system) which leverage encryption to ensure nobody can read things they shouldn’t have been able to, are much more appropriate. Perhaps a similar system can be laid on top of ActivityPub as well (after all, every entity already has a public/private key pair).

I don’t think dansup was in the wrong here. Yes, it’s a security issue I suppose, but the problem lies within the underlying protocol. Any server you interact with can ignore any privacy markers you add to posts, you’re just not supposed to do that.

Whether this is a 0day depends on what you expect out of the Fediverse. If you treat it like a medium where every user or server has the potential to be hostile, like you probably should, this is a mere validation logic bug. If you treat it like the social media many of its servers are trying to be, it’s a gross violation of your basic privacy expectations.

This is exactly why ActivityPub makes for such a mediocre replacement for the big social media apps. You have to let go of any assumptions that at least some of your data remains exclusive to the ad algorithm and accept that everything you post or look at or scroll past is being recorded by malicious servers. Which, in turn, kind of makes it a failure, as replacing traditional social media is exactly what it’s supposed to do.

The Fediverse also lacks tooling to filter out the idiots and assholes. That kind of moderation is a lot easier when you have a centralised database and moderation staff on board, but the network of tiny servers with each their own moderation capabilities will promote the worst behaviour as much as the best behaviour.

But really, the worst part is the UX for apps. Fediverse apps suck at setting expectations. Of course Lemmy publishes when you’ve upvoted what posts, that’s essential for how the protocol works, but what other Reddit clone has a public voting history? Same with anyone using any form of the word “private” or even “unlisted”, as those only apply in a perfect world where servers have no bugs and where there are no malicious servers.

ActivityPub has a feature where most post objects can actually have different language representations within one item. On a protocol level, MissKey/Mastodon/Lemmy can have the same message in different languages, and the client can pick the one to display. Unfortunately, I’ve never seen anyone make use of it. Seems like a waste. If used, users with their display language set to German/Japanese will see the “machine translated:” post first, and people with English as a language will see the original. English first, and good implementations would allow the user to switch languages to compare.

deleted by creator

deleted by creator

deleted by creator

deleted by creator

deleted by creator

deleted by creator

deleted by creator

deleted by creator

deleted by creator

deleted by creator

deleted by creator