Note: This post now archived and as such no longer works
Salient demonstration, but if image proxying were to come to Lemmy I’d hope it was made optional, as it could overburden smaller instances, especially one-person instances (like mine). We also need a simple integrated way of configuring object storage.
It would also introduce some nasty side effects. Imagine someone posting CSAM in memes@ and having that shit replicated across thousands of servers.
Mastodon does this and I can’t say I’m a big fan of that approach to be honest.
A better solution could be having an image proxy as a separate service, and somehow managing a list of proxies that are used for loading the image. Of course the clients themselves would have to deal with choosing to use the proxy… except if the backend serves the proxied image URL instead of the original one (and maybe that too under a new name)
Man, I remember I scared the crap out of trolls on Reddit when we started arguing over DM, and I added a link to a meme that tracked their IP and system info (without them knowing ofc). Let’s just say they went AFK quickly after that. Good times!
deleted by creator
Jokes on you! I use a Firefox extension that spoofs my browser profile. https://addons.mozilla.org/en-US/firefox/addon/chameleon-ext/
deleted by creator
Whoa I m totally pigged out
I got mobile client from Liftoff.
So what is happening if I don’t see an image?
it is because the website providing the image is overloaded and cannot create an image.
You just have to reload the image and eventually you will see one.
Easiest way to stop this from happening is to use ublock origin to block all third party request on your instance.
One way to do this is via dynamic filtering. This is for advanced users so be sure to read the info page: https://github.com/gorhill/uBlock/wiki/Dynamic-filtering
(Consider backing up your ublock settings before doing this)
If you are using lemmy.ml your rule would be this:
lemmy.ml * 3p blockif you’re using another instance then change the domain or use both rules cause you might end up visiting the others as well. Note that adding this rule wont work unless enable advanced features in ublock origin.
EDIT: THIS MIGHT BREAK THINGS ON YOUR INSTANCE, its recommended to learn how to use dynamic filtering to unbreak it: https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-quick-guide If it breaks stuff just remove that rule.
You could also block it using static filters but I can’t remember how to do that exactly, if you know please reply below.
- Mlem - knows exactly that it’s Mlem.
- Memmy - sees Mobile Safari webkit.
- Voyager - same as Memmy.
- Thunder - just sees Mobile Client.
Voyager on Android
Which would be correct as Voyager is a Web App
Doesn’t know it’s sync.
- Jerboa - also just sees a Mobile Client
My connection says that im viewing it from a unknown device
- Connect - also says a mobile client
Same for Liftoff on Android
- Infinity for Lemmy - just says Android
- Lemmios
unknown device?
It kinda knows.
unkown
Oh, how did I not notice that before? Now should be fixed.
Still says unkown for me.
The unkown sounds pretty fucking scary to me
The user-agent detection definitely isn’t great. If it doesn’t recognize a client, it just says unknown. But that wasn’t the main point of the post anyway, this was just meant as a quick proof of concept for anyone curious.
Whats the point of unknown?
Hey FBI dude, I’m jerkin’ it, can you gimme some time alone?
Made a meme one that took 3 minutes to program, 5 minutes to find a good offline GeoIP location source for, 10 minutes to come up with a design for, and half an hour to make sure nothing got logged by the web server.
Finally. Someone noticed 🥹
I’m not using a VPN and the location isn’t accurate.
I’m not using a VPN or anything and it got my location wrong by 700 kilometers 🤔
Are you sure you are where you think you are? When’s the last time you looked outside?
Oh no! I’ve been kidnapped!
I wonder why the Baltimore community is so dead, then.
You can run Geolocation with images now? What the heck? How?
It’s not the image, it’s a normal image. The server does the hard work when you make the request, and then it just builds the image accordingly.
Yeah I saw OPs explanation in the comments. That is fucking cool! And scary! I’ve never needed to generate images with code before, so Ive never even considered something like this before.
The image is generated on demand by a PHP script. It’s not a static image file. Every time the web browser sends a GET /poc.png, a new image is generated based on the information your browser or app sends the server.
It’s actually how a lot of tracking code works. The image data returned may be the same, but the data collection through cookies and maybe even some passive fingerprinting all happen every time you send a request.
You have the code for this? Very interested in how you implemented it
Probably has bugs. Probably no security bugs. Feedback is welcome (but I don’t care enough about this to try my hardest).
require_once('/var/www/html/geoip2.phar'); use GeoIp2\Database\Reader; $ip = $_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']; $cityReader = new Reader('/var/local/php/GeoLite2-City.mmdb'); $record = $cityReader->city($ip); header('Content-Type: image/png'); $image = @imagecreatefrompng('lemmybase.png'); $black = imagecolorallocate($image, 0, 0, 0); // "Some City, SS, Country Name" $text = $record->city->name . ', ' . $record->mostSpecificSubdivision->isoCode . ', ' . $record->country->name; /* $font_path = '/tmp/ComicSand.ttf'; */ $font_path = '/usr/share/fonts/ubuntu/Ubuntu-M.ttf'; // Render text imagettftext($image, 30, 0, 28, 224, $black, $font_path, chunk_split($text, 22)); // Dump image to web server imagepng($image); // Free resources imagedestroy($image);Edit: damn, Lemmy really hates
< ? php. Just imagine that’s the first line in the file.Damn, PHP is such a sleeper of a language, I always forget how useful it can be.Thanks for sharing!
PHP is underappreciated, especially recent PHP. Null coalescing operators! Actually typed variables that produce an error if you pass the wrong type! It’s superior to Python despite it’s mid-2000s-spaghetti-college-kid-developer reputation.
Hell, I may get downvoted for this, but I honestly believe PHP’s Doctrine is superior to Java/Kotlin’s Hibernate. Symfony and Spring are almost equally good in terms of functionality, though PHP is quite a lot slower, sadly.
Genuinely curious, how is it superior to Python in your opinion?
Edit: Apart from the things you listed 😅
It can run natively on an Apache server without any frameworks required to render user website markup and serve pages. That’s a pretty awesome advantage.
Nice, sounds like it’s getting modernized. I’ll have to give it another round, thanks!
PHP is the OG bad-ass for getting shit done. No setup, no compile, no deployment pipelines. Hell, you can create and write the files right there on the server with nothing more than an SSH terminal if you want.
PHP is pretty damn awesome really… Sad that it’s gone out of favor IMHO
My location is accurate, to give some good feedback on your program too lol
Haha it’s just an IP lookup in a free database I’ve downloaded, I did 0% of the hard work. Thanks for the reply anyway!
It’s got me about an hour from where I actually am
Great, hot milfs near my location
Joke’s on you. IP geolocation where I am is an unreliable mess and your image got it wrong by about 1000km!
I’m sure it would be better if I paid MaxMind money, but that’d go a bit far for a stupid meme picture that I’ll probably take down in less than a week.
Location is right, but I highly doubt anyone near me is using Lemmy (dictatorship here).
deleted by creator
If you live in a dictatorship and this thing can get your location right, you should probably be using some kind of VPN. Wouldn’t want you to run into trouble with the regime!
I hate this so much. Its super cool but MAN what the hell. I don’t think I’m going to ever turn off my VPN anymore. I’m in a super small town and that image is correct.
It’s cached somewhere because I can’t get it to update. Maybe time for a new account too. Hmmmm
It’s should only be cached in your browser. Try opening the image in a new tab and hitting Ctrl+Shift+R. Opening it in a porn tab or clearing your browser cache should also work.
Yeah, app cache had to be cleared. We good
I was wondering for a second why my town of all places was posted lmao. Also made me realize I forgot to turn my vpn back on.
Woah this is really cool. Though I was way off for me and I’m not on a VPN right now.
That’s a good thing to be honest, but feel free to send in corrections to the data source if you want internet companies to stalk you.
Hah, not my town, but close. That’s where my ISP is located though.
This is great, because it located me about a full day’s drive from where I live, so I’m still pretty anonymous :-)
Thanks for the heads-up.
Routing my Lemmy mobile app through orbot from now on. Seems to have fixed the issue.
Hey. I wanted to do this tomorrow.
Well I have a new idea which is pretty similar
deleted by creator
I’m plannig to make one of these “dox’d memes” where someone says something controversial and another one answers with the ip address.
Ah, I see! I was also thinking of maybe using something like Google Earth to make a GIF that zooms into your local area but that was waaaaaaay to computationally expensive to render on the server.
Thought about adding the user’s location, but was worried PythonAnywhere could somehow cache the image between multiple people. A great demo though!
I’m fine with this. Instances shouldn’t proxy or cache images because it opens instance owners to a lot more liability than text. A client side setting to not load images in comments by default is better.
Each instance stores post thumbnails locally even if the post was on another server. It actually takes up quite a bit of hdd space.
What does it say? on jerboa is states that i use unknown mobile client, with infinity, android client. All i have is adaway on my phone
