epicspongee
Yes, recently you took many steps backwards especially in Florida and the problems are real, but it is still a better situation than just a few years ago.
Seriously, it is just annoying at this point. It is ridiculous that you believe that you are somehow special and won’t be prosecuted by dictators like Putin, killed by Stalin for “anti communist behavior” etc.
Quite literally nobody is saying this. But to be completely fair, Cuba, a communist state, currently has better protections for LGBTQ+ people than any state in the US. ESPECIALLY Florida.
It not only verifies that any given incoming request is in the absolute correct format it also validates the timestamp in the user’s cookie (it’s a JWT thing).
This is false.
Lemmy’s JWTs are forever tokens that do not expire. They do not have any expiration time. Here is the line of code where they disable JWT expiration verification.
Lemmy’s JWTs are sent via a cookie and via a URL parameter. Pop open your browser console and look at it.
There is no way to revoke individual sessions other than changing your password.
If you are using a JWT cookie validation does not matter, you need to have robust JWT validation. Meaning JWTs should have short expiration times (~1hr), should be refreshed regularly, and should be sent in the header.
Yeah that article is really flawed. Mastodon instances do not federate with each and every other instance. It’s more like a web. Most of them will federate with mastodon.social, but even then they’re not getting all the content, just the content their users follow. No scaling problems on my server so far.