I feel like recently developed games and apps expect the user to have a “moden” sized RAM, meaning that the decs don’t give a crap about optimizing RAM-usage.

Intellij: Has a modern GUI for Git with code cleanup, import optimization and visualization of changes.

Me: Open terminal, ‘git commit -m “wrote code” && git push’. Then realize I forgot to add half of the files, so I make another commit. Then realize I forgot to cleanup bad indents, so I make another commit. Then realize my code doesn’t even build, so I make another commit, etc.

Tu-tu, turu turu

That’s impressive. I didn’t start using linux until my late 20’s

It just seems like the perspective is off. Implementing some script which reads images of the website which depicts the CAPTCHA, sending it to some AI-solution which can succeed some percentage of the time. Adding this to something which can interact with the website (not sure if you’ll need to indirectly act through something like selenium or if you can make direct web-calls), while also ensuring that the CAPTCHA doesn’t receive other suspicious data.

If you go through that trouble, I would be amazed if combining 2 or 3 words from a dictionary into a username would be the kryptonite of your bot farm.

Again, I don’t know, and it might be a much more preventative solution than I can understand, but it feels like a strange security by obscurity.

Emails, sure. Captchas require a fair bit of elbow grease. Generating a random username which looks fine is nothing in the landscape of bot protection.

I just don’t see how the username is an attack vector. The sign-up has email verification and CAPTCHA. Requiring the username to be something sensible seems excessive.

But honestly, I don’t know. Maybe this stops a lot more bot farms than I’d expect.

If I were a bot farm owner, I would likely just generate more “realistic” person usernames. Generating a unique username which doesn’t look like random letters is trivial, and I don’t really think that creating that obstacle is a real hinderance to anyone.

Sure, and I’d probably understand it from the instance owners perspective better if I were in their shoes. And to be fair to them, my username was randomly generated by youtube at some point. So if they just outright reject appeals from generated usernames, I definitely fall into that category. I just feel like that’s a bad process and practice for instances which are among the top of the suggested list for new users.

Considering that some bots might also have automatic appeals integrated makes it more reasonable to expect that automated rejection.

You quoted the appeal-part of my comment. I would understand if a bot is implemented to suspend users with usernames which is just a generated string of high entropy, like my own. But rejecting an appeal should not be an automated process.

I can’t imagine that the automated ban helps a lot either. Generating random usernames which looks like real people’s usernames is pretty much a trivial task. Using a high-entropy string is just a choice on the developers side.

Yep, maybe that’s it. It has been my username on reddit for ~12 years, and I carried over to lemmy when I joined here. And joining mastodon, I’d like to keep it still. But if the large mastodon servers are suspending and ignoring appeals due to a suspicious username, I’m kinda unhappy with those instances.

I completely understand that mastodon are compiled of individual admins per server, and they can do what they want with their instance. But I’d expect the highest suggested instances to at least answer the appeals when suspending users. If I joined a random tiny instance of someone who wants to keep it to themselves, I’d understand, but the instances I joined are huge with a welcomming message etc.