tal

Looks like the Stylish trait

a long-standing ability that allowed one to get a small, constant amount of morale by wearing fancy or very fancy clothing

is gone.

Just noticed this after doing a build out of git.

I kind of regret this. I'm not saying that it's the most-realistic trait, but it made it interesting to collect fancy items.

Related PR on GitHub:

https://github.com/CleverRaven/Cataclysm-DDA/pull/79745

For those not familiar, there are numerous messages containing images being repeatedly spammed to many Threadiverse users talking about a Polish girl named "Nicole". This has been ongoing for some time now.

Lemmy permits external inline image references to be embedded in messages. This means that if a unique image URL or set of image URLs are sent to each user, it's possible to log the IP addresses that fetch these images; by analyzing the log, one can determine the IP address that a user has.

In some earlier discussion, someone had claimed that local lemmy instances cache these on their local pict-rs instance and rewrite messages to reference the local image.

It does appear that there is a closed issue on the lemmy issue tracker referencing such a deanonymization attack:

https://github.com/LemmyNet/lemmy/issues/1036

I had not looked into these earlier, but it looks like such rewriting and caching intending to avoid this attack is not occurring, at least on my home instance. I hadn't looked until the most-recent message, but the image embedded here is indeed remote:

https://lemmy.doesnotexist.club/pictrs/image/323899d9-79dd-4670-8cf9-f6d008c37e79.png

I haven't stored and looked through a list of these, but as I recall, the user sending them is bouncing around different instances. They certainly are not using the same hostname for their lemmy instance as the pict-rs instance; this message was sent from nicole92 on lemmy.latinlok.com, though the image is hosted on lemmy.doesnotexist.club. I don't know whether they are moving around where the pict-rs instance is located from message to message. If not, it might be possible to block the pict-rs instance in your browser. That will only be a temporary fix, since I see no reason that they couldn't also be moving the hostname on the pict-rs instance.

Another mitigation would be to route one's client software or browser through a VPN.

I don't know if there are admins working on addressing the issue; I'd assume so, but I wanted to at least mention that there might be privacy implications to other users.

In any event, regardless of whether the "Nicole" spammer is aiming to deanonymize users, as things stand, it does appear that someone could do so.

My own take is that the best fix here on the lemmy-and-other-Threadiverse-software-side would be to disable inline images in messages. Someone who wants to reference an image can always link to an external image in a messages, and permit a user to click through. But if remote inline image references can be used, there's no great way to prevent a user's IP address from being exposed.

If anyone has other suggestions to mitigate this (maybe a Greasemonkey snippet to require a click to load inline images as a patch for the lemmy Web UI?), I'm all ears.

CHANG: Now, the budget bill does not specifically mention Medicaid, but that's because the budget just gives instructions to lawmakers on the committee that oversees Medicaid to find $880 billion in cuts over the next decade. The legislation doesn't explain exactly where lawmakers should make those cuts, so I started by asking Park very simply, can Congress find $880 billion in federal savings without cutting spending for Medicaid?

PARK: It cannot, unless you're cutting Medicare, and both Speaker Johnson, other House Republican leaders and President Trump have said that they do not want to cut Medicare. So if you take Medicare off the table, Medicaid constitutes 93% of all mandatory spending that remains under the jurisdiction of the Energy and Commerce Committee.

CHANG: Speaker Johnson has talked about how there is about $50 billion worth of fraud in Medicaid each year. Is that an accurate estimate? I'm just curious.

PARK: It is not. What he's trying to do is equate a measure that's used in the federal government to assess improper payments. But he's trying to equate these improper payments as fraud, and the vast majority of improper payments are not because the payments shouldn't have been made, but there were some errors in terms of the documentation related to that payment or errors in terms of some of the procedural steps that were taken in making those payments. But there's no finding that that was actually fraud or even payments that should not have been made.

PARK:...So states are essentially left holding the bag. They're going to have to make the painful choices in terms of cutting eligibility, cutting benefits, cutting payments to providers like hospitals and nursing homes that serve Medicaid beneficiaries. And in fact, that's one of the reasons it's politically attractive to some federal policymakers, is because they're not explicitly cutting Medicaid benefits. They're making states, legislatures, governors have to make the politically difficult choices, the politically painful choices that they'll have no choice but to make in light of these massive cost shifts that they could face.

I've typed up a summary/semi-transcript below while I listened through for people who don't like listening to podcasts.

The dead cat strategy, also known as deadcatting, is the political strategy of deliberately making a shocking announcement to divert media attention away from problems or failures in other areas.[1][2] The present name for the strategy has been associated with British former prime minister Boris Johnson's political strategist Lynton Crosby.

Europe's four biggest porn platforms, Pornhub, XNXX, StripChat, and XVideos, all recorded major drops in traffic in the latest transparency reports that EU law requires them which, if true, would exempt them from some of the most arduous requirements of the Digital Services Act (DSA).