How do you feel about Linux and leftist infighting?
How do you feel about Linux and leftist infighting?
And both of those things SUUUUUCK.
It’s actually built into plex. If you have a library of t.v. shows you can just click the Shuffle button and it’ll play random episodes. Or you can make Categories of shows and shuffle those. If you’re asking how to get started with Plex and downloading content, well…I don’t want to get banned for piracy related reasons, so I’ll just say that, totally unrelated to this discussion, there’s a wealth of resources regarding how to get started with bittorrent and usenet. Which you can use for perfectly legal purposes, like downloading Liinux ISOs and open source textbooks.
Blockbuster died because its business model was rendered obsolete by virtue of widespread adoption of the internet and the advent of streaming. And because it refused to shift its business model away from physical media distribution to digital. Let me know when they invent something that makes the internet obsolete, will you? Because that is what it will take to dethrone YouTube.
A service people want to use is typically one with redundancy and high availability. Your laptop could overheat, have a drive failure, spontaneously lose its wifi connection, or a million other things. It’s fundamentally unreliable.
only reason we need a scalable system, is to handle high demand
Scalability isn’t just about distribution. It’s about reliability and convenience - two things your system as described lacks by design. A video file that no one but you has ever seen has the same exact degree of accessibility as one served to millions.
We could EASILY EASILY EASILY done it ourselves.
This is the copium talking. If it had been easy to do and monetizable, it would have already been done. That’s the other part of the problem here. There is no incentive for anyone to use this system to consume or distribute content other than to decouple from Google. Opposition to an existing service is not enough of a motivator for people to use a system. It has to provide some comparative benefit that outweighs the cost incurred by continuing to use the other service. The big thing that Youtube has is, obviously, content. Exabytes of it. Your new service would have…nothing. We have left the age of services starting up and gaining massive movements of people behind them. We are now in an age of the internet in which the inertia of existing services will carry them decades into the future. Youtube is now too big to fail, and too big to be replaced.
devastating to their bottom line in the long run if it works as planned.
Google knows their service is addictive and is banking on people being willing to eat an unlimited amount of shit in order to watch a bald man from Vancouver spend 12 minutes talking about his Peloton ride that morning. Realistically, they are probably right. There is no competition to YouTube. Hasn’t been for years. And there probably never will be ever again. Capitalism trends towards natural monopolies as infrastructure and complexity of operations makes startup costs prohibitive.
The internet was a mistake. We had a good run. Lot of fun was had, but it hasn’t made anyone’s life better. I say we roll things back to the ARPANET days. The internet should exclusively be used for disseminating post-graduate level academic research and DOD projects. Everyone else can read the newspaper on their train ride in their full 3 piece suits to their union job at the business factory.
Boy howdy, users sure would love to pivot to a peer distributed content system that randomly downloads chunks of a video file as they become available with speeds of anywhere between 2 bytes and 2 megabytes a second (which one you’ll get depends on who you’re getting the chunks from) with literally no guarantee of being able to even complete said download because the people they’re downloading it from may not all have the entire file’s worth of combined data across their respective computers, and they have to download the entire video before watching it to determine whether or not they even want to watch it in the first place. Also, there’s no capacity for monetization without literally doing what Google is trying to do and injecting advertisements directly into the video, so there’s no incentive for any content producers to use this system to distribute said content, meaning it would be a ghost town of a service from the start.
Yep, that would be a great system. /s
Man, you’re definitely spot on with this. For me, it’s a fast, easy source of superficial distraction that I can put on for background noise and don’t have to pay attention to. It’s ultimately what cable TV used to be for me. I’ll even leave on a streamer playing a game in the background on low volume if I’m going to sleep just for white noise. At this point, the behavior and desire for that kind of content is so ingrained in me that it’s sort of like an addiction. I wish there were alternatives to youtube, but that era of video content might just be straight up dying for some of us. I guess if anything I’ll start fleshing out my plex server with old t.v. shows and just put Gilligan’s Island or something on in the background.
This is the main thing that happened, I think. I met some old friends recently I hadn’t seen in a while and it’s wild how differently we engage with the internet. My main source of interaction is on a laptop, and even then a non-trivial amount of my web interaction is purely via the terminal. Of all of my friends, one of them had a PC, and they don’t use it. Their engagement with the internet is purely on mobile devices. I was dumbfounded. Like…how do you do stuff on a phone. I hate phones. They’re so much worse than a good keyboard. But I also hate the current version of the internet and they seem to love it.
And that, I think, is the core difference. It’s not that the phones took over, it’s that the keyboard died for the average user. A keyboard allows a complex degree of engagement that is difficult, if not truly impossible, to match on a device meant for short bursts of canned responses and auto-complete suggestions. It forces individually brief, but ultimately continuous pre-programmed engagement.
And that’s the entirety of the modern internet. It’s why tiktok is so popular. It’s why youtube shoves Shorts down your throat when you visit. It’s why Twitter took off. It’s also why a website like reddit, that was based initially around the kind of engagement I like, is so hard to monetize and why the attempts at dumbing it down and strangling it of anything that isn’t that same kind of superficial engagement (and by God are they trying) is so difficult for the website’s leadership: because all the other places that are more profitable than it are designed to do that from the jump, and they have to superimpose that strategy onto a content aggregator whose main attraction was a robust, nested comment system.
I keep thinking about what was, for me, the Golden Age of the internet. I know it’s different for everyone, but from around, I guess, 2009 to 2017 I was online a lot. And a lot of what the internet was and how it operated and the ideas there, especially on reddit, were so formative to who I am. And I keep feeling like I never appreciated it or really thought about how vibrant and interesting it was while it was like that. It feels like when you’re a kid and you see a wave for the first time, and it’s building and building and it seems like it’ll be building forever, getting bigger and bigger, but then suddenly it collapses under its own weight and is gone as if it were never there, and after the fact you just wish you’d appreciated it for the wonder it was in that moment. Part of it’s just getting older and the general feeling of nostalgia that comes with age, but sometimes that nostalgia is justified.
Part of me is glad that my continuing insistence that younger generations are dumber than I was at their age is not just me being an old man mad at kids for still having the youth that he squandered. A larger part of me is terrified at the prospect of a generation being continuously microdosed with levels of garbage entertainment and misinformation that would make George Orwell nauseous.
I had the attention span to sit down and play…maybe a quarter of GTA 5. If that. At this point, I don’t want to have to figure out what I was supposed to do or where to go. I want like…10 to 15 minutes of gameplay I can put down and then do something else and then come back and have another 15 minutes that’s equally self-contained. I just feel like GTA punishes you for trying to do that.
Oh boy a semantic argument
It turns out the language you use can be semantically ambiguous or misleading if you phrase it incorrectly. Today you learned.
And any web dev who remotely understands the point of CSP and why it was created, should instantly have alarm bells going off at the concept of triggering arbitrary ajax via html attributes.
Oh, did you finally manage to fucking Google how HTMX works so you could fish for more reasons to say it’s unsafe? What you’re describing is not a particular concern to HTMX. If an attacker can inject HTML into your page (for example, through an XSS vulnerability), they could potentially set up HTMX attributes to make requests to any endpoint, including endpoints designed to collect sensitive information. But, and this is very important, this is not a unique issue to HTMX; it’s a general security concern related to XSS vulnerabilities and improper CSP configurations.
Do you know what the correct cure for that is?
PROPER CSP CONFIGURATION.
“HTMX doesn’t bypass CSP! It just (proceeds to describe the exact mechanism by which it bypasses CSP)”
Do you genuinely not understand that CSP works on the browser API level? It doesn’t check to see if your JavaScript contains reference to disallowed endpoints and then prevents it from running. I don’t know how you “think” CSP operates, but what happens is this: The browser exposes an API to allow JavaScript to make HTTP requests - specifically XMLHttpRequest and fetch(). What CSP does is tell the browser “Hey, if you get an API request via XMLHttpRequest or fetch to a disallowed endpoint, don’t fucking issue it.” That’s it. HTMX does not magically bypass the underlying CSP mechanism, because those directives operate on a level beyond HTMX’s (or any JS library’s) influence BY DESIGN. You cannot bypass if it if’s properly configured. Two very serious questions: what part of this is confusing to you? And, have you ever tested this yourself in any capacity to even see if what you’re claiming is even true? Because I have tested it and CSP will block ANY HTMX issued request that is not allowed by CSP’s connect-src directive, assuming that’s set.
CSP works on the browser API level - all HTMX does is what you could do yourself with any AJAX: send an HTTP request to an endpoint. If the CSP disallows that endpoint, it will fail.
Removed by mod
Just to be clear, are you talking about some kind of templating library that literally transpiles all the htmx logic and instead packs it into individual ajax logic in js files “per element”, such that you don’t need to serve htmx client side and instead you pre-transpile all the ajax logic out to separate files?
My brother in Christ, what the fuck are you talking about “transpiling HTMX” and “serving HTMX client side?” You don’t “serve” HTMX and there’s nothing to “transpile into JavaScript.” It is JavaScript. That’s like saying you “serve React client side” and “transpile JavaScript into more JavaScript.” Jesus, I feel like I’m taking crazy pills.
Cause the very start of my statements was that if we had something like that then HTMX would be fine, as a templating lib that transpiled out to html+js.
Oh, okay, so you don’t actually know what HTMX is or how it works, then? Because HTMX (https://htmx.org/) is a JavaScript library. Like, literally just a JavaScript library. It’s like…4000 lines of JavaScript. In fact you can read the source code for it here: https://github.com/bigskysoftware/htmx/blob/master/src/htmx.js. For some…insane reason you seem to think HTMX is its own language. It’s not. It’s…just a JavaScript library. There is no other language called HTMX. There is no other mechanism or tool called HTMX. No implementation or protocol or ANYTHING else. It’s just a small JavaScript library.
invoke arbitrary logic with html attributes
Once again, HTMX enhances HTML with various attributes declaratively. It utilizes custom data attributes in HTML (like hx-get, hx-post) to specify how elements on the page should behave - essentially, how and where to fetch data or submit forms without a full page reload. This is a form of declarative programming that tells the htmx.js library (which is just doing fucking AJAX) what to do when certain events occur (e.g., a click or a form submission). The actions (like the actual requesting of data from an endpoint) are performed by the code in htmx.js.
This is a fancy way of saying “if you stick an hx-get attribute on a button, then you can just say where you want a GET request to go to and what element you want updated with the HTML returned from it and htmx.js will parse that out on page load and set an event listener for the button click to know when to initiate an AJAX request to the defined endpoint.” If you had an hx-get attribute in an element in a page and that page didn’t have the htmx.js library loaded it would do literally nothing.
And, once again, HTMX, being a JavaScript library, operates under the same security constraints as any JavaScript executed in the browser. This means that:
HTMX enables arbitrary invocation of ANY api endpoint with cookies included, through html attributes, which inherently can’t be covered by Content Security Policy
I want you to please explain how HTMX bypasses the Content Security Policy connect-src directive, or any -src directive, for that matter, assuming it is specified (which it should be). Because I’m genuinely curious why the HTMX dev team would include a section on CSP in their docs if it did literally nothing, as you say.
Actually, as an even more basic question…you do know that HTMX is literally just an AJAX library, right? It doesn’t actually “do” anything via HTML attributes. The additional HTMX attributes, like hx-get, hx-post, etc. just tells HTMX where and how to make the API requests. These requests are executed by the browser’s native fetch or XMLHttpRequest APIs, depending on compatibility and implementation. Therefore, HTMX is subject to the same security constraints and policies as any other JavaScript-based operation that makes HTTP requests. Which also, by definition, means that it adheres to the Content Security Policy directives configured for that website.
In other words, an HTML button element with hx-get=“https://www.some-endpoint.com/” on it would eventually translate into
const xhr = new XMLHttpRequest();
xhr.open("GET", "https://www.some-endpoint.com/");
xhr.send();
on click.
You do understand that, right?
the use of exciting or shocking stories or language at the expense of accuracy.
What part of this article is inaccurate?
You can say the title is clickbait, but that doesn’t make it sensationalist. I feel like either you and I have totally different definitions of sensationalist, or you think the article is doing something it’s not. The article does the following
I’d like to know what part of that is sensationalist to you, because in my mind that is a remarkably by the numbers tech article.
Also, the data itself is not “BS” - it’s something that is accurate, but has to be understood within a specific context. That’s literally what the article is doing - contextualizing the information. You are saying it’s sensationalizing the data. It’s not. If anything it’s doing the opposite. It’s making the data more mundane by providing logical explanations for it.
You know, for all the complaints I see of tankies, I have encountered 10x more people who incessantly complain about them.