makeasnek

makeasnek, 6 months ago

Personally I’m excited to see Flatpak become more widespread and usable, fixing some “rough around the edges” aspects of it. I’ve been using it quite a bit this past few months and I think it presents a really coherent, simple vision for how to do package distribution that solves a lot of pain points. The sandboxing functionality is critical and easy to use, I don’t need every app to have access to everything in my home directory.

makeasnek, 6 months ago

Run !boinc . You can choose from over a dozen different scientific research projects from cancer research to finding pulsars and solving mathematical conjectures. It’s entirely open-source and runs on every platform. You can also earn Gridcoin for your computational contributions to some projects, but it’s optional. I’ve been crunching BOINC for 10+ years it’s an awesome way to contribute to the greater good.

makeasnek, 7 months ago

If you want privacy/security, check out qubes

makeasnek, 7 months ago

I have been crunching BOINC for years. Very fun to be involved with and helps heat my apartment in winter.

makeasnek, 7 months ago

Heart disease is a major killer, this is excellent news! If you are effected by heart disease or know somebody who has been (or if you’re just enthusiastic about medicine), consider donating some of your computer’s idle time to DENIS@Home. You can set it to only run when your computer is idle, and it helps researchers who are working to refine electrical models of the heart. Fair warning: They don’t always have workunits available, I encourage you to check out the many other !boinc projects if you are interested. World Community Grid is another great health one, as is SiDock.

makeasnek, 7 months ago

Whenever there is a small task that will take less than a few minutes, I ask myself “When else are you going to have 80 seconds?” and usually that makes me realize I should just get it done now. Sometimes I still say “tomorrow” and reminds me to pick a specific time to do the task.

makeasnek, 7 months ago

I see a lot of people here frustrated with our two party system. I too am frustrated. Donate to FairVote to get ranked choice on the ballot in more states. Ranked choice voting allows voters to express actual preferences between more than two parties and it is a win no matter who you normally vote for. Many states have a ballot measure system that can be used to pass legislation without requiring the agreement of the state legislature. Several US states have implemented ranked choice voting already. fairvote.org

makeasnek, 7 months ago

OBS is an absolute powerhouse, an amazing example of what OSS can do

makeasnek, 7 months ago

Any joe shmoe can spin up an instance, post your personal details (or personal details they made up), and bada bing bada boom, your identity is compromised forever.

Replace “instance” with “website” and that’s how the internet works. There are avenues in the legal system to combat this, but generally people can post speech (illegal or not) very easily with the internet, having rapid, free, open communication is a net positive for society even if occasionally there are downsides.

Lemmy can’t solve doxxing or other forms of abuse any better than a centralized service can, which they don’t do particularly well as it is. What Lemmy does do it put control over what content is promoted into the hands of users and instance admins, as opposed to a few execs at Meta. If an instance has poor moderation, it will be ‘de-federated’ by other lemmy instances, which means content from their instance won’t travel across the fediverse. So in general, I think you can expect good moderation. Unlike centralized services, instance admins are not incentivized to shove polarizing content and misinformation into your feed. That pipeline of increasingly polarizing content is the root cause of many situations which involve doxxing in the first place.

makeasnek, 7 months ago

I don’t care so much if my personal info is posted to a website like kiwifarms or someone’s private blog, because those websites are harder to find in search results

So is most of Lemmy

Big companies have a desire to protect themselves from prosecution for hosting illegal activity.

So do Lemmy instance hosters, the hosting companies they use, and the other instances which federate with them.

They specifically hire people to moderate content and reduce their liability.

Once can expect lemmy instances to do this once they reach a certain size. If you don’t moderate sufficiently, you get de-federated, and your users won’t want to use your instance, so lemmy instances which want to grow will keep a handle on good moderation,

But she can run a Lemmy instance that will federate with the entire rest of the fediverse and expose her content to potentially thousands of people.

If she posts it to a lemmy community the mod that community or instance will remove it. If she hosts her own instance for the purposes of doxxing people nobody will even see the post (since it’s not getting upvoted across fedi) and other instances will de-federate.

Ultimately, if you are at high risk of doxxing, the best measures to protect yourself are mostly based not around which platforms you trust or not, but around engaging with those platforms in a way which protects your privacy. Might want to check out the surveillance self-defense guide. ssd.eff.org

makeasnek, 7 months ago

Show up in every election and vote (and be engaged in other ways politically). It’s very easy to ignore people who don’t vote. Don’t like your options at the polls? Participate in primaries and donate to campaigns pushing ranked choice voting.

makeasnek, 7 months ago

It’s my understanding that nostr relays can make moderation choices much like lemmy or mastodon instances do. But the scope is different. In mastodon or lemmy, if a mod takes an issue with you, they can remove you from that instance (and any followers you had following you on that instance). If a nostr relay operator doesn’t like you, they can ban you from that relay, but your followers can follow you via other relays. This is because your identity is tied to your public key, not your relay or instance.

makeasnek, 7 months ago

Not really. If you are a ban-worthy user on mastodon, other instances may ban your user id, or ban your entire instance if they think your instance’s mod actions aren’t enough generally. I imagine a “common blocklist” like currently exists in e-mail, mastodon, and other federated networks would emerge so that the actions of one mod can be done more-or-less automatically by mods on other relays.

E-mail is federated and much less moderated than fediverse and even though spam exists it seems like a manageable signal to noise ratio. Anti-spam tools are pretty effective.

makeasnek, 7 months ago

Agreed. The lack of self-hosting ability really comes down to the refusal of the wider web to upgrade away from SMTP. If you follow all the latest backwards-compatible protocols (DKMS etc) you can still get a decent outbound delivery rate.

There were many, many elegant solutions proposed to stop spam but none of them got implemented to avoid breaking backwards compatibility with SMTP. Then again, at this point, most people have moved away from e-mail to other forms of communication anyways due to e-mails problems (spam included). Unless the younger generation gets a sudden, renewed interest in e-mail, it will probably not really exist in another 50 years.

I do think blockchain will probably solve the issue of assigning senders a “spam score” universally once and for all instead of our current system which is a grab bag of blocklists plus each provider’s secret sauce. Once you have a universal blocklist every e-mail provider can use and contribute to, it becomes easy to identify most senders as “safe” and new senders will just have to spend a bit of time earning their trust.

makeasnek, 7 months ago (edited 7 months ago)

It seems there would be some easy-to-implement solutions to this problem. Like having a link to an alternate account in every mastodon profile so that if your server does suddenly disappear or if a single instance bans you, your followers can seamlessly follow you to a new server. It doesn’t solve the issue of migrating all your content or your followees though, but perhaps that’s just a matter of regularly backing those things up somehow. Instances could automatically designate a “failover” instance run by another party and could automate this function as part of the sign-up process so users only had to register once.

My understanding is that in nostr, you run the same risk of “relay suddenly disappears” if you only have your content on a single relay. You don’t lose followers but you may lose people you follow. Or perhaps that is stored at the client level and not the relay level? idk

makeasnek, 7 months ago

You do lose your identity though. If your instance suddenly disappears you have to start from step zero. You have no followers, you follow nobody, and nobody knows you exist. By social graph I mean your connections to others which mastodon facilitates (a list of people you follow and the connection so that others follow you) plus the entirety of the content you have posted since you started your account, your DMs, etc. Losing your social graph isn’t an inconvenience, it’s losing the totality of the features mastodon gives you as a user all at once. Social media connections are important for people socially, in the job market, etc. Those connections are meaningful. On a network-wide level, it’s frustrating for users to be following people and then just have those people vanish off the face of the earth because their instance died. It’s terrible UX.

You can no longer tweet as the “old you” and as far as anybody else knows, “new you” is a different person pretending to be “old you” unless they authenticate you in some other way and that’s a major pain.

I don’t think the ultimate solution is just “pick a stable instance”. All instances will eventually experience instability or close, what happens to those users when they do? An account should be 100% portable between instances. And ideally, a somewhat automatic mechanism should be in place so that recovering from an instance loss isn’t hard.

I know this fediverse stuff is in its infancy, I know we’ll get all these problems figured out in time.

makeasnek, 7 months ago

FWIW nobody who is actually knowledgeable about crypto ever thought anything positive about NFTs. It’s all just wallstreetbets types who read one article and think they’re economists now. The tech is interesting and has applications but monkey jpegs are what idiots spent millions on for some reason.

makeasnek, 7 months ago

Yep. After the civil war, a full third of US money was counterfeit which is why the secret service was created.

makeasnek, 7 months ago (edited 7 months ago)

Even in single instances of trust there can be advantages to using blockchain for those applications:

• Decentralization can give you better uptime/availability of those documents. If the DMVs website or authentication service goes down, documents can still be authenticated since they and/or their signatures stored in a distributed manner. The internet can go down at your bar but if you have a recent copy of a chain, you can still verify somebody’s ID.
• It can make them easier to transfer between parties, and creates a digital “paper trail” which can conform to whatever requirements one might have. For example, you could easily require several parties to sign off any time the document is moved or assigned to a new person.
• You can use those documents and their signatures with smart contracts or other decentralized apps. For example, you could sign up for an account at a bank or a platform like eBay using your NFT’d digital ID and the bank could accept it would needing to manually verify if the id “looks fake” or if your blurry phone picture is going to cut it. They don’t have to call up the government and ask them to verify it or pay some third party to match your address against their database of known people, etc.
• Maybe you need better transparency in how many documents are issued and (potentially) to whom. Voting systems, for example, are a use case for this. It could be used for shareholder governance structures, etc.
• Blockchains can enforce rules which centralized entities can’t, which is important to consider. An example of how this is useful: imagine the government has a digital ID system and it’s run in a centralized fashion, which makes sense, because they are the issuing authority right? Now imagine that centralized system gets hacked and an attacker starts printing and authenticating a bunch of fake ID requests. In the time between when this attack happens and when somebody figures it out, which could be hours to days, banks and other entities could be relying on those fake documents and potentially lose millions. An example of a rule a blockchain can enforce is “this ID issuing authority cannot issue in a single day more than 10% above it’s daily average of issuances over a six month period”, limiting the scope of an attack. One may say “Well, but blockchain can be hacked too!” which is true, but it’s less likely because the software for these networks has thousands of eyes on it whereas there may only be a couple system admins approving changes to your state-run ID database. Open source software is more secure than proprietary for this reason. Additionally, a security flaw needs to effect 51% of the network which isn’t likely to happen when you have a diversity of software versions.
• Many smart contracts need ways to protect against sybil attacks (ie one person pretending to be multiple). Quadratic funding being used for charity fundraising is a perfect example. By using credentials issued on chain by centralized authorities, they can verify a person is not multiple people. Quadratic funding is an awesome way to fund public goods.

makeasnek, 7 months ago

Nobody who is knowledgeable about crypto ever thought dogecoin was anything but a meme coin or pump and dump scheme. They would have known it offered zero benefits technologically over existing cryptos. Some may have bought it to cash in on the crazy market surrounding it, but they never thought doge was the future or anything. The people who thought that were the “i read one article and I’m a crypto expert now” crowd referenced in my original comment.

makeasnek, 7 months ago

Exactly. Same with NFTs

makeasnek, 7 months ago (edited 7 months ago)

Scams/theft: person has the wallet lost through scam or left, how do you invalidate the lost credentials or tickets.

In these examples, we are talking about credentials issued by a central authority. That authority can re-issue new credentials and invalidate old ones. Easy peasy.

If we’re talking about the risk that people have their crypto stolen in general, yes it does carry that risk same as cash. There are several strategies to mitigate this: people can park larger amounts at institutions if they want or they can use things like multi-sig wallets. You have one smaller pot of money which is your everyday spending wallet which you (or somebody who gains access to it) can spend from whenever you want, and one which is “multi-sig” meaning at least one of your trusted friends/family members/etc also has to sign off if money moves out of that account. You can have multiple people on the multi-sig wallet and set the rules for example 2 of 5 friends or what have you. You wouldn’t leave $10,000 in your phone’s mobile wallet just like you wouldn’t carry a briefcase with $10,000 in cash on the subway. Small money in your spending wallet, big money in your multi-sig.

This is similar to how one stores money normally. You have some cash in your wallet and you put the rest in a bank. In order to withdraw significant money from your bank account, the bank is going to undertake some kind of investigation to make sure it’s actually you. This might be checking your ID at the teller for example. They might also include some type of fraud guarantees where they will cover any losses you experience. That kind of a system is not incompatible with blockchain and I expect with time industries will appear to mitigate these kinds of risks from an insurance perspective.

Also, generally speaking, no system is going to completely eliminate theft and fraud. 99% of the fraud and theft committed over human history has been done using traditional currency, including the kinds of fraud that aren’t even called fraud because the “right people” are doing them like bank bailouts or market manipulation. Even highly-credentialed systems like Paypal are rife with fraud, ask any ebay seller. So we can’t expect crypto or any other technology to eliminate it either, there will always be some. The best we can do is try to find technological, social, and educational methods for reducing it.

Wallet loss: loss through any number of means: fire, incompetence, computer being destroyed, loss of account to cloud backup etc

Same risks as cash, multi-sig or institutional holdings as explained above can solve this.

Issuer need to invalidate: if tickets/credentials were purchased by fraud or an issue occurs where they need to invalidate

Same as answer 1

makeasnek, 7 months ago

I’ve never tried this distro before, but I would have to say GNU/Linux. It’s supporters are really annoying. That alone makes me never want to try it.

makeasnek, 7 months ago (edited 7 months ago)

Man these bankers can’t even keep up. Bitcoin has been doing this for 15 years across all borders and the recent lightning upgrade makes it even better. It’s accessible to anybody with a cell phone in every country regardless of their credit history, the stability of their banking system, or the reliability of their national currency. And no government or politician can increase the supply thereby decreasing the portion of it you own. It does this 24/7 365 with zero downtime, no bank holidays, and for .1% of global electricity usage. Less than remittance services alone like Western Union use and mostly from renewables. It is the first truly international currency.

You can send a million dollars for less than 50c in fees on the main chain or <1c in fees on lightning. Lightning transactions confirm in microseconds, main chain transactions confirm in seconds to minutes depending on block timing and how much security you want to guarantee.

makeasnek, 7 months ago

For everyday spending, I would consider “The tx is valid, signed, seen by nodes, and has a fee high enough to make it into the next couple blocks” as plenty of confirmation on main chain. That part takes seconds. Like if I’m splitting a bill w a friend a merchant selling somebody a coffee a double-spend attack is really not even in my realm of considerations, I don’t need it to make it into a block.

makeasnek, 7 months ago

A. Lightning solves this with their super fast confirmation times.

B. Merchants do this regularly. The equivalent to a full block confirmation (the money is yours now and the transaction can’t be reversed) for credit cards is on the order of 30 days. Venmo and paypal have similar policies. Plus higher fees. Plus sometimes they charge or otherwise punish you even in the unlikely event you win the dispute.

The risk of fraud is the cost of doing business and buyer-initiated fraud is rampant on these platforms. It’s why I don’t sell anything > $50 USD on ebay, because the buyer can just say it “doesn’t work” and get to keep the item and get their money back.

makeasnek, 7 months ago (edited 7 months ago)

CBDCs are one of the greatest threats to freedom and liberty over the next 50 years. People should be very skeptical about giving this much control and surveillance power over to the government.

makeasnek, 7 months ago

Same, sucks that they just went offline while providing users no migration path

makeasnek, 7 months ago

This problem, btw is exactly what nostr solves. With nostr your identity is tied to your key, not to your instance (they call them relays). So if your instance dies, you don’t lose your followers, you just start publishing to a new relay.

makeasnek, 7 months ago

Looks to be back online Nov 10

makeasnek, 7 months ago (edited 7 months ago)

Yes but decentralized does not inherently mean more private. Look at Bitcoin, everybody’s balance and every transaction they’ve ever made is public. There are some enhancements that make it more private, but it’s very not private as a baseline. Or look at Lemmy or Mastadon, your instance admin can read all your DMs even though technologically there’s little reason this needs to be the case.

Decentralized tech is the future for a simple reason: it’s cheaper and more efficient. Web 2.0 and “platforms” inherently required centralization, there was no real peer-to-peer way to do social media at the time, the tech really wasn’t ready. What federated stuff did exist was either archaic, hard to use, etc. Things like authentication and establishing network-wide policies were really hard to do, still are, but decentralized tech has some leaps and bounds in this area thanks to DLT (distributed ledger technology). Governments are investing big in open source software and some policy advocates are coming around to the idea that your data needs to be portable and exportable between platforms. We now have more than an entire generation of people who have seen the downsides of centralized platforms like Facebook.

A single company to run a service like Facebook simply no longer needs to exist, and those companies have every incentive to engage in “rent-seeking behaviour” ie enshittification. As a user or a company, you can choose between a decentralized alternative (no rent-seeking) or to pay some middleman ever-increasing costs to do the same thing. Why would you pick the middleman? Uber doesn’t need to exist, a platform for coordinating rides and customers can easily be run decentralized with smart contracts. Smart contract platform A has to compete with Smart contract platform B for the ridesharing market, that will lead to better prices and administration for everyone while eliminating much of the incentive for rent-seeking behaviour since it’s much harder to establish a monopoly. Plus, all somebody needs to do to compete with the “next uber” is write a smart contract. They don’t need to get a massive data center with PoP all over the globe. They don’t need to solve how to store massive central databases of users, they just plug into some other external authentication system. Drivers could switch between smart contract platforms at will, just like they now switch between Uber or Lyft depending on the fares that hour.

The market will choose the most efficient option. The most efficient option is not one or two massive companies with a duopoly engaging in rent-seeking because they can because they are the middleman.

Every time these sites die (Uber still was living off VC money last I checked) and users migrate, it’s another opportunity for a decentralized alternative to replace them. As long as federated and decentralized alternatives don’t absolutely fumble this, it seems inevitable that they will replace current centralized web2 infrastructure.

makeasnek, 7 months ago (edited 7 months ago)

The short answer is that while torrents show great possibility for content distribution (as an alternative to CDNs for example), they inherently rely on some centralized resources and don’t make sense for a lot of use cases. Most websites are a bunch of small files, torrenting is really much more useful for offloading large bandwidth loads. On small files, the overhead for torrents is a waste. That’s why your favorite linux ISO has a torrent but your favourite website doesn’t.

One major issue is difficulty in accurately tracking the contribution of each member of the swarm. I download a file and I seed it to the next person, sounds great right? But what if the next person doesn’t come along for a long time? Do I keep that slot open for them just in case? How long? How I prove I actually “paid my dues” whether that was waiting for peers or actually delivering to them? How do we track users across different swarms? Do we want a single user ID to be tracked across all content they’ve ever downloaded? When you get into the weeds with these kinds of questions you can see how quickly torrenting is not a great technology for a number of use cases.

Being somewhat centralized, by the way, is how BitTorrent solved the spam issue which plagued P2P networks prior to it. Instead of searching the entire network and everything it contains (and everything every spammer added it to it), you instead rely on a trusted messenger like a torrent index to find your content. The torrent file or magnet link points to a link in a DHT and there you go, no need to worry about trusting peers since you are downloading a file by hash not by name. And you know the hash is right because some trusted messenger gave it to you. Without some form of centralization (as in previous P2P networks), your view of the network was whatever your closest peers wanted it to be, which you essentially got assigned at random and had no reason to trust or not trust. You couldn’t verify they were accurately letting you participate in the wider network. Even a 100% trustworthy peer was only as good as the other peers they were connected to. For every one peer passing you bad data, you needed at least two peers to prove them wrong.

Blockchain gets us close to solving some of these problems as we now have technology for establishing distributed ledgers which could track things like network behavior over time, upload/download ratio, etc. This solves the “who do I trust to say this other peer is a good one?” problem: you trust the ledger. But an underlying problem to applying Blockchain to solve this problem is that ultimately people are just going to be self-reporting their bandwidth. Get another peer to validate it, you say? Of course! But how do we know that peer is not the same person (how do we avoid sybil attacks)? Until we have a solid way to do “proof of bandwidth” or “proof of network availability”, that problem will remain. There are many people working on this problem (they’ve already solved proof of storage so perhaps this could be solved in a similar way) but as of right now I know of no good working implementation that protects against sybil attacks. Then again, if you can use blockchain or some other technology to establish some kind of decentralized datastore for humanity, you don’t need torrents at all as you would instead be using that other base layer protocol for storage and retrieval.

IPFS was intended as a decentralized replacement for much of the way the the current internet works. It was supposed to be this “other protocol”, but the system is byzantinely complex and seems to have suffered from a lack of usability, good leadership, and promotion. When you have an awesome technology and nobody uses it, there are always good reasons for lack of adoption. I don’t know enough about those reasons to really cover them here, but suffice to say they actually do exist. Then again, IPFS has been around for a while now (15 years?) and people use it for stuff so clearly it has some utility.

That said, if you want to code on this problem and contribute to helping solve data storage/transmission problems, there are certainly many OSS projects which could use your help.

makeasnek, 7 months ago

Qubes

makeasnek, 7 months ago

I’m working on !boinc and !gridcoin . BOINC is a tool used by scientists to distribute computational workloads to the computers of volunteers, Gridcoin is a cryptocurrency which issues rewards for people who use BOINC (like mining crypto but for science instead of hashes). I’m not a direct dev on either project, but I code tools which make those projects easier to use, write documentation, etc.

makeasnek, 8 months ago

Pro tip: The Electronic Frontier Foundation is a non-profit which has been defending your right to privacy for many years. If you shop on Amazon, you can give a portion of the purchase price to EFF. You pay the same amount and daddy bezos gets a few less dollars. Use the affiliate link, not the smile link as smile has been sunsetted: www.eff.org/node/58741

makeasnek, 8 months ago

These things happen, best you can do is fix them when they do and accept responsibility. Cheers to the devs. Memory-safe languages are the future

makeasnek, 8 months ago

Cloudflare MITMs a good portion of internet traffic. They can even see inside SSL tunnels for most websites you visit. It’s an absolute privacy nightmare.

makeasnek, 8 months ago (edited 8 months ago)

Important notice: Fossil fuel companies have shifted the narrive they push from “climate change isn’t real” to “climate change is real but there’s nothing we can do about it”. We can absolutely do something about it: fight it like the existential threat that it is. Whatever power you can levy in life whether at home, at work, at the voting booth, with your investments, or in the streets: use it.