Formerly /u/Zalack on Reddit.e

Also Zalack@kbin.social

  • 0 Posts
  • 33 Comments
Joined 1 year ago
cake
Cake day: August 3rd, 2023

help-circle











  • Why shouldn’t we, as engineers, be entitled to a small percentage of the profits that are generated by our code? Why are the shareholders entitled to it instead?

    I worked in Hollywood before becoming a programmer, and even as a low level worker, IATSE still got residuals from union shows that went to our healthcare and pension funds. My healthcare was 100% covered by that fund for a top-of-the-line plan, and I got contributions to both a pension AND a 401K that were ON TOP of my base pay rather than deducted from it.

    Lastly, we were paid hourly, which means overtime, but also had a weekly minimum. Mine was 50 hours. So if I was asked to work at all during a week I was entitled to 50 hours of pay unless I chose to take days off myself.

    Unions fucking rock and software engineers work in a field that is making historic profits off of our labor. We deserve a piece of that.








  • Sorry you’re right that I wasn’t being precise with my terminology. It’s not a DDOS but it could be used to slow down targeted features, take up some HTTP connections, inflate the target’s DB, and waste CPU cycles, so it shares some characteristics of one.

    In general, you want to be very very careful of implementing features that allow untrusted parties to supply potentially unbounded resources to your server.

    And yeah, it would be trivial to write a set of scripts that pretend to be a lemmy instance and supply an endless number of fake communities to the target server. The nice thing about this attack vector is that it’s also not bound by the normal rate limiting since it’s the target server making the requests. There are definitely a bunch of ways lemmy could mitigate such an attack, but the current approach of “list communities current users are subscribed to” seems like a decent first approach.