There is way too much Threema hashtag spam. The desperation and insecurity are real from this platform's crowd. I'm probably going to have to mute the Threema hashtag. Especially when they're tagging every other messaging platform in their posts.
We get it, Threema. You're not very good but you pay spammers and shills well to spread FUD.
"Recent public reporting about organisations restricting access to public repositories due to AI-enabled code analysis illustrates how quickly leaders may reach for blanket closure in response to uncertainty. [...]
1. Private repositories can create a false sense of security. [...]"
"AI, open code and vulnerability risk in the public sector"
From: UK Government Digital Service and Department for Science, Innovation and Technology - Published - 14 May 2026
https://www.gov.uk/guidance/ai-open-code-and-vulnerability-risk-in-the-public-sector
Just to be clear, I think JavaScript is fine for authenticated or more complex content. If I'm a user of a server, it seems acceptable that I should trust it and enable JavaScript.
However, if I am some random visitor to your instance and just trying to view a post or user profile, that should not require JavaScript.
The JavaScript ecosystem (e.g., npm) is rife with supply chain hacks. Plus, there are many poorly maintained Mastodon instances (e.g., mastodon.social, I think?). Although, I guess those poorly maintained instances are not pulling down the latest backdoored npm packages... Regardless, it is a security risk to require visitors run JavaScript from every instance they visit for simple content.
Does anyone have recommendations for a Mastodon fork that doesn't require visitors to enable JavaScript to view basic content? The JavaScript dependency is a security risk and user hostile. Visitors should not be required to enable JavaScript when simply visiting a Mastodon server. Plus, the recommendation to use a native app doesn't even work for all Mastodon/ActivityPub instances.
Also, the requirement for JavaScript makes the Mastodon development team seem incompetent. They can't even make a basic web site that doesn't require JavaScript. I could do that when I was in middle school.
>To use the Mastodon web application, please enable JavaScript. Alternatively, try one of the native apps for Mastodon for your platform.
RE: https://infosec.exchange/@merill/116526154572354011
I guess this tells us the state of Microsoft and Windows when Microsoft employees excitedly flee to MacOS.
The same goes for popular forum software @Discourse. Why are modern browsers blocked from viewing the HTML only page? Why should I enable JavaScript for some random Discourse instance?
JavaScript is a massive security risk and is often user hostile. It should be used for additional functionality not core functionality (of most websites). This just doesn't scale well. Users shouldn't be required or trained to enable JavaScript for the hundreds of random Fediverse servers and forums they may visit.
Again, this is likely due to incompetence and direct hostility against users.
If you're a web developer and your website requires JavaScript for basic functionality, you're incompetent and shouldn't be developing websites.
No, I'm not going to enable JavaScript for your random Fediverse/Lemmy service. I'm sick and tired of having to trust random websites to execute code on my system. You don't need more than HTML and CSS to display a rich website. There is no reason for the JavaScript dependency. It should provide extra functionality, not base functionality.
Also, this website appears to be using Cloudflare, which is protecting the folks DDoSing Ubuntu infrastructure right now. What a joke.
tante
Aristotelis Tzafalias