PrincipleOfCharity

PrincipleOfCharity, 9 months ago

I feel like this needs to be pushed back on a little bit. Don’t let perfect be the enemy of the good. Having a password manager that provides good passwords and TOTP as a second factor is way better than only using a password.

Sure, it would be nice if you had two devices. A phone password manager and a usb security key, but for many people it is inconvenient to carry a security key to plug when you need it. I’d rather that person keep a TOTP on their phone in that case rather than not use two factor due to inconvenience.

Your concern is mostly about “what if someone steals your phone or computer” then they have both factors. However, your average person isn’t getting hacked by someone they know, and random local thieves aren’t typically sophisticated enough to do more than re-sell stolen computer equipment. The average person is getting hacked by some dude in a foreign country who dumped a password database or phished a password. That person isn’t stealing your device so the fact that both factors are in the same place doesn’t really mean anything.

Also, most password managers are locked by biometrics these days. In that case, it isn’t really the app that is the second factor. It is your fingerprint or face. Someone may steal your device, but if they can’t get into the password manager that needs a password and biometrics then they don’t have anything.

PrincipleOfCharity, 9 months ago

Just wait until you learn that if you are going to use removed finger-tips then they don’t necessarily have to be your own…

PrincipleOfCharity, 9 months ago

ActivityPub is all about pushing content around to subscribing servers. It sort of expects the subscribers to always be online which would not work for a phone. Servers could resend missed events, but essentially you would miss every event that occurs while the phone is asleep or doesn’t have the app running.

Also, every event that occurs needs to be processed and stored whether or not you are actively looking at it so it would be a huge battery drain while it was running.

It is definitely a service best run on an always-on server with a client application in a phone just asking the server for the latest stuff on-demand.

PrincipleOfCharity, 9 months ago

Then the p2p network is really the “server” and the phone is still just a client. I’m also not sure that a p2p network could be queried very well because something would have to be able to produce aggregated and sorted results. It isn’t like pulling one file from a swarm. It would be like a blockchain and the phone would have to download the whole dataset from the p2p network before running queries on it.

What you are talking about sounds kind of like the Nostr protocol. It is a distributed social network trying to solve the same problem that ActivityPub is but in a slightly different way. All the events are cached on multiple relays and the client applications query those relays looking for information that gets aggregated and sorted on the client however it wants.

PrincipleOfCharity, 9 months ago (edited 9 months ago)

Now I think I see what you are saying. People have suggested that Lemmy needs a separate protocol to connect with other Lemmy instances to more efficiently synchronize. Gossipsub could do that. It would also be nice if each Lemmy instance only needed to keep a minimal amount of data at any one time to service the clients that connect to it while the rest exists in the swarm.

I still don’t think that you would want a phone to function as your server and your client, though. All that coordinating takes bandwidth and processing power. Phones are ill-equipped for that. Also, usually to p2p effectively you need to be able to make direct connections through firewalls. Opening your phone directly to the Internet would be a bad idea, plus I doubt any phone companies would let you do that. Without a direct connection, you would need to proxy your connection through some server somewhere and deal with bandwidth costs. Might as well just connect to a server as a client.

Maybe the final solution is software like Lemmy running with decentralized identities via the Nostr protocol that is federated out using Gossipsub.

PrincipleOfCharity, 9 months ago

For what it is worth, I looked to see if anyone had done Nostr over Gossipsub and I came across a project called Gossip. Looks like they are trying to use the Nostr protocol in a psuedo-gossipsub way. That coupled with the proposed Nostr NIP 72 which would allow Lemmy-like communities could make this the solution you were looking for. Obviously these are in their infancy, but it may be an idea to follow.

PrincipleOfCharity, 9 months ago

I have also thought this is a good idea. I think that the ActivityPub standard should have a required field that lists a copyright license. Then a copyleft style copyright should be created that allows storing and indexing for distribution via open-source standards, and disallows using for AI training and data scraping. If every single post has a copyleft license then it would be risky for bigtech to repurpose it because if a whistleblower called them out that could be a huge class action suit.

A good question is if a single post can be copyrighted. I think it could. Perhaps you would consider each post like a collaborative work of art. People keep adding to it, and at the end of the day the whole chain could function as a “work”. Especially since there is a lot of useful value and knowledge in some post threads.

PrincipleOfCharity, 10 months ago (edited 10 months ago)

You can do that, but there are a couple of things to keep in mind.

Different apps may only be compatible with certain database products and versions. I could be a real pain if you have to spin up a new version of a database and migrate just for one service that updated their dependencies or have to keep an old database version around for legacy software.

If you stop using a service then it’s data is still in the database. This will get bloated after a while. If the database is only for one service then wiping it out when you are done isn’t a big deal. However, if you use a shared database then you likely have to go in and remove schemas, tables, and users manually; praying you don’t mess something up for another service.

When each service has its own database moving it to another instance is as easy as copying all the files. If the database is shared then you need to make sure the database connection is exposed to all the systems that are trying to connect to it. If it’s all local then that’s pretty safe, but if you have services on different cloud providers then you have to be more careful to not expose your database to the world.

Single use databases don’t typically consume a lot of resources unless the service using it is massive. It typically is easier to allow each service to have its own database.

PrincipleOfCharity, 11 months ago

Physics and math. J/k. I’ve seen similar numbers thrown about. Here is a link to a Quora question What happens to the human body when a submarine implodes from 2 years ago that may be of interest.

When a submarine hull collapses, it moves inward at about 1,500 miles per hour - that’s 2,200 feet per second. A modern nuclear submarine’s hull radius is about 20 feet. So the time required for complete collapse is 20 / 2,200 seconds = about 1 millisecond.

A human brain responds instinctually to stimulus at about 25 milliseconds. Human rational response (sense→reason→act) is at best 150 milliseconds.

The air inside a sub has a fairly high concentration of hydrocarbon vapors. When the hull collapses it behaves like a very large piston on a very large Diesel engine. The air auto-ignites and an explosion follows the initial rapid implosion. Large blobs of fat (that would be humans) incinerate and are turned to ash and dust quicker than you can blink your eye.

PrincipleOfCharity, 1 year ago

Interesting thought that is definitely worth considering. I used the term “Reddit refugee” in reference to my status. I am a little hesitant to shrink language by turning it into a competition or making words political. Refugee legitimately has multiple definitions, and the appropriate course of action would be to qualify the term; political refugee or Reddit refugee.

This sort of concept leads to all sorts of other similar issues. If I am having difficulty making it through a hike and I comment that I need to just “soldier on”, does that make light of the sacrifices of real soldiers who are dying all over the world? Should most people be disallowed from saying that they are starving because there are people in the world who are actually starving and not just hungry? Is it insensitive to say that I’m struggling to make it through the day at work when others, somewhere, are struggling to even stay alive?

For what it is worth, I’m okay with “refugee” by itself implying “political refugee”, and requiring other forms to be qualified.

PrincipleOfCharity, 1 year ago

• 100 searches: Free
• 300 searches: $5/month
• 1000 searches: $10/month
• Unlimited: $25/month

Going over is 1.5¢ per search.