makeasnek

makeasnek , 17 days ago

If you want privacy/security, check out qubes

makeasnek OP , 21 days ago

I have been crunching BOINC for years. Very fun to be involved with and helps heat my apartment in winter.

makeasnek , 21 days ago

Heart disease is a major killer, this is excellent news! If you are effected by heart disease or know somebody who has been (or if you’re just enthusiastic about medicine), consider donating some of your computer’s idle time to DENIS@Home. You can set it to only run when your computer is idle, and it helps researchers who are working to refine electrical models of the heart. Fair warning: They don’t always have workunits available, I encourage you to check out the many other !boinc projects if you are interested. World Community Grid is another great health one, as is SiDock.

makeasnek , 26 days ago

OBS is an absolute powerhouse, an amazing example of what OSS can do

makeasnek , 28 days ago

Any joe shmoe can spin up an instance, post your personal details (or personal details they made up), and bada bing bada boom, your identity is compromised forever.

Replace “instance” with “website” and that’s how the internet works. There are avenues in the legal system to combat this, but generally people can post speech (illegal or not) very easily with the internet, having rapid, free, open communication is a net positive for society even if occasionally there are downsides.

Lemmy can’t solve doxxing or other forms of abuse any better than a centralized service can, which they don’t do particularly well as it is. What Lemmy does do it put control over what content is promoted into the hands of users and instance admins, as opposed to a few execs at Meta. If an instance has poor moderation, it will be ‘de-federated’ by other lemmy instances, which means content from their instance won’t travel across the fediverse. So in general, I think you can expect good moderation. Unlike centralized services, instance admins are not incentivized to shove polarizing content and misinformation into your feed. That pipeline of increasingly polarizing content is the root cause of many situations which involve doxxing in the first place.

makeasnek , 27 days ago

I don’t care so much if my personal info is posted to a website like kiwifarms or someone’s private blog, because those websites are harder to find in search results

So is most of Lemmy

Big companies have a desire to protect themselves from prosecution for hosting illegal activity.

So do Lemmy instance hosters, the hosting companies they use, and the other instances which federate with them.

They specifically hire people to moderate content and reduce their liability.

Once can expect lemmy instances to do this once they reach a certain size. If you don’t moderate sufficiently, you get de-federated, and your users won’t want to use your instance, so lemmy instances which want to grow will keep a handle on good moderation,

But she can run a Lemmy instance that will federate with the entire rest of the fediverse and expose her content to potentially thousands of people.

If she posts it to a lemmy community the mod that community or instance will remove it. If she hosts her own instance for the purposes of doxxing people nobody will even see the post (since it’s not getting upvoted across fedi) and other instances will de-federate.

Ultimately, if you are at high risk of doxxing, the best measures to protect yourself are mostly based not around which platforms you trust or not, but around engaging with those platforms in a way which protects your privacy. Might want to check out the surveillance self-defense guide. ssd.eff.org

makeasnek , 27 days ago

Show up in every election and vote (and be engaged in other ways politically). It’s very easy to ignore people who don’t vote. Don’t like your options at the polls? Participate in primaries and donate to campaigns pushing ranked choice voting.

makeasnek OP , 29 days ago

It’s my understanding that nostr relays can make moderation choices much like lemmy or mastodon instances do. But the scope is different. In mastodon or lemmy, if a mod takes an issue with you, they can remove you from that instance (and any followers you had following you on that instance). If a nostr relay operator doesn’t like you, they can ban you from that relay, but your followers can follow you via other relays. This is because your identity is tied to your public key, not your relay or instance.

makeasnek OP , 29 days ago

Not really. If you are a ban-worthy user on mastodon, other instances may ban your user id, or ban your entire instance if they think your instance’s mod actions aren’t enough generally. I imagine a “common blocklist” like currently exists in e-mail, mastodon, and other federated networks would emerge so that the actions of one mod can be done more-or-less automatically by mods on other relays.

E-mail is federated and much less moderated than fediverse and even though spam exists it seems like a manageable signal to noise ratio. Anti-spam tools are pretty effective.

makeasnek OP , 29 days ago

Agreed. The lack of self-hosting ability really comes down to the refusal of the wider web to upgrade away from SMTP. If you follow all the latest backwards-compatible protocols (DKMS etc) you can still get a decent outbound delivery rate.

There were many, many elegant solutions proposed to stop spam but none of them got implemented to avoid breaking backwards compatibility with SMTP. Then again, at this point, most people have moved away from e-mail to other forms of communication anyways due to e-mails problems (spam included). Unless the younger generation gets a sudden, renewed interest in e-mail, it will probably not really exist in another 50 years.

I do think blockchain will probably solve the issue of assigning senders a “spam score” universally once and for all instead of our current system which is a grab bag of blocklists plus each provider’s secret sauce. Once you have a universal blocklist every e-mail provider can use and contribute to, it becomes easy to identify most senders as “safe” and new senders will just have to spend a bit of time earning their trust.

makeasnek OP , 29 days ago (edited 29 days ago)

It seems there would be some easy-to-implement solutions to this problem. Like having a link to an alternate account in every mastodon profile so that if your server does suddenly disappear or if a single instance bans you, your followers can seamlessly follow you to a new server. It doesn’t solve the issue of migrating all your content or your followees though, but perhaps that’s just a matter of regularly backing those things up somehow. Instances could automatically designate a “failover” instance run by another party and could automate this function as part of the sign-up process so users only had to register once.

My understanding is that in nostr, you run the same risk of “relay suddenly disappears” if you only have your content on a single relay. You don’t lose followers but you may lose people you follow. Or perhaps that is stored at the client level and not the relay level? idk

makeasnek OP , 28 days ago

You do lose your identity though. If your instance suddenly disappears you have to start from step zero. You have no followers, you follow nobody, and nobody knows you exist. By social graph I mean your connections to others which mastodon facilitates (a list of people you follow and the connection so that others follow you) plus the entirety of the content you have posted since you started your account, your DMs, etc. Losing your social graph isn’t an inconvenience, it’s losing the totality of the features mastodon gives you as a user all at once. Social media connections are important for people socially, in the job market, etc. Those connections are meaningful. On a network-wide level, it’s frustrating for users to be following people and then just have those people vanish off the face of the earth because their instance died. It’s terrible UX.

You can no longer tweet as the “old you” and as far as anybody else knows, “new you” is a different person pretending to be “old you” unless they authenticate you in some other way and that’s a major pain.

I don’t think the ultimate solution is just “pick a stable instance”. All instances will eventually experience instability or close, what happens to those users when they do? An account should be 100% portable between instances. And ideally, a somewhat automatic mechanism should be in place so that recovering from an instance loss isn’t hard.

I know this fediverse stuff is in its infancy, I know we’ll get all these problems figured out in time.

makeasnek , 29 days ago

FWIW nobody who is actually knowledgeable about crypto ever thought anything positive about NFTs. It’s all just wallstreetbets types who read one article and think they’re economists now. The tech is interesting and has applications but monkey jpegs are what idiots spent millions on for some reason.

makeasnek , 29 days ago

Yep. After the civil war, a full third of US money was counterfeit which is why the secret service was created.

makeasnek , 29 days ago (edited 29 days ago)

Even in single instances of trust there can be advantages to using blockchain for those applications:

• Decentralization can give you better uptime/availability of those documents. If the DMVs website or authentication service goes down, documents can still be authenticated since they and/or their signatures stored in a distributed manner. The internet can go down at your bar but if you have a recent copy of a chain, you can still verify somebody’s ID.
• It can make them easier to transfer between parties, and creates a digital “paper trail” which can conform to whatever requirements one might have. For example, you could easily require several parties to sign off any time the document is moved or assigned to a new person.
• You can use those documents and their signatures with smart contracts or other decentralized apps. For example, you could sign up for an account at a bank or a platform like eBay using your NFT’d digital ID and the bank could accept it would needing to manually verify if the id “looks fake” or if your blurry phone picture is going to cut it. They don’t have to call up the government and ask them to verify it or pay some third party to match your address against their database of known people, etc.
• Maybe you need better transparency in how many documents are issued and (potentially) to whom. Voting systems, for example, are a use case for this. It could be used for shareholder governance structures, etc.
• Blockchains can enforce rules which centralized entities can’t, which is important to consider. An example of how this is useful: imagine the government has a digital ID system and it’s run in a centralized fashion, which makes sense, because they are the issuing authority right? Now imagine that centralized system gets hacked and an attacker starts printing and authenticating a bunch of fake ID requests. In the time between when this attack happens and when somebody figures it out, which could be hours to days, banks and other entities could be relying on those fake documents and potentially lose millions. An example of a rule a blockchain can enforce is “this ID issuing authority cannot issue in a single day more than 10% above it’s daily average of issuances over a six month period”, limiting the scope of an attack. One may say “Well, but blockchain can be hacked too!” which is true, but it’s less likely because the software for these networks has thousands of eyes on it whereas there may only be a couple system admins approving changes to your state-run ID database. Open source software is more secure than proprietary for this reason. Additionally, a security flaw needs to effect 51% of the network which isn’t likely to happen when you have a diversity of software versions.
• Many smart contracts need ways to protect against sybil attacks (ie one person pretending to be multiple). Quadratic funding being used for charity fundraising is a perfect example. By using credentials issued on chain by centralized authorities, they can verify a person is not multiple people. Quadratic funding is an awesome way to fund public goods.

makeasnek , 29 days ago

Nobody who is knowledgeable about crypto ever thought dogecoin was anything but a meme coin or pump and dump scheme. They would have known it offered zero benefits technologically over existing cryptos. Some may have bought it to cash in on the crazy market surrounding it, but they never thought doge was the future or anything. The people who thought that were the “i read one article and I’m a crypto expert now” crowd referenced in my original comment.

makeasnek , 29 days ago

Exactly. Same with NFTs

makeasnek , 28 days ago (edited 28 days ago)

Scams/theft: person has the wallet lost through scam or left, how do you invalidate the lost credentials or tickets.

In these examples, we are talking about credentials issued by a central authority. That authority can re-issue new credentials and invalidate old ones. Easy peasy.

If we’re talking about the risk that people have their crypto stolen in general, yes it does carry that risk same as cash. There are several strategies to mitigate this: people can park larger amounts at institutions if they want or they can use things like multi-sig wallets. You have one smaller pot of money which is your everyday spending wallet which you (or somebody who gains access to it) can spend from whenever you want, and one which is “multi-sig” meaning at least one of your trusted friends/family members/etc also has to sign off if money moves out of that account. You can have multiple people on the multi-sig wallet and set the rules for example 2 of 5 friends or what have you. You wouldn’t leave $10,000 in your phone’s mobile wallet just like you wouldn’t carry a briefcase with $10,000 in cash on the subway. Small money in your spending wallet, big money in your multi-sig.

This is similar to how one stores money normally. You have some cash in your wallet and you put the rest in a bank. In order to withdraw significant money from your bank account, the bank is going to undertake some kind of investigation to make sure it’s actually you. This might be checking your ID at the teller for example. They might also include some type of fraud guarantees where they will cover any losses you experience. That kind of a system is not incompatible with blockchain and I expect with time industries will appear to mitigate these kinds of risks from an insurance perspective.

Also, generally speaking, no system is going to completely eliminate theft and fraud. 99% of the fraud and theft committed over human history has been done using traditional currency, including the kinds of fraud that aren’t even called fraud because the “right people” are doing them like bank bailouts or market manipulation. Even highly-credentialed systems like Paypal are rife with fraud, ask any ebay seller. So we can’t expect crypto or any other technology to eliminate it either, there will always be some. The best we can do is try to find technological, social, and educational methods for reducing it.

Wallet loss: loss through any number of means: fire, incompetence, computer being destroyed, loss of account to cloud backup etc

Same risks as cash, multi-sig or institutional holdings as explained above can solve this.

Issuer need to invalidate: if tickets/credentials were purchased by fraud or an issue occurs where they need to invalidate

Same as answer 1

makeasnek , 28 days ago

I’ve never tried this distro before, but I would have to say GNU/Linux. It’s supporters are really annoying. That alone makes me never want to try it.

makeasnek , 1 month ago (edited 1 month ago)

Yes but decentralized does not inherently mean more private. Look at Bitcoin, everybody’s balance and every transaction they’ve ever made is public. There are some enhancements that make it more private, but it’s very not private as a baseline. Or look at Lemmy or Mastadon, your instance admin can read all your DMs even though technologically there’s little reason this needs to be the case.

Decentralized tech is the future for a simple reason: it’s cheaper and more efficient. Web 2.0 and “platforms” inherently required centralization, there was no real peer-to-peer way to do social media at the time, the tech really wasn’t ready. What federated stuff did exist was either archaic, hard to use, etc. Things like authentication and establishing network-wide policies were really hard to do, still are, but decentralized tech has some leaps and bounds in this area thanks to DLT (distributed ledger technology). Governments are investing big in open source software and some policy advocates are coming around to the idea that your data needs to be portable and exportable between platforms. We now have more than an entire generation of people who have seen the downsides of centralized platforms like Facebook.

A single company to run a service like Facebook simply no longer needs to exist, and those companies have every incentive to engage in “rent-seeking behaviour” ie enshittification. As a user or a company, you can choose between a decentralized alternative (no rent-seeking) or to pay some middleman ever-increasing costs to do the same thing. Why would you pick the middleman? Uber doesn’t need to exist, a platform for coordinating rides and customers can easily be run decentralized with smart contracts. Smart contract platform A has to compete with Smart contract platform B for the ridesharing market, that will lead to better prices and administration for everyone while eliminating much of the incentive for rent-seeking behaviour since it’s much harder to establish a monopoly. Plus, all somebody needs to do to compete with the “next uber” is write a smart contract. They don’t need to get a massive data center with PoP all over the globe. They don’t need to solve how to store massive central databases of users, they just plug into some other external authentication system. Drivers could switch between smart contract platforms at will, just like they now switch between Uber or Lyft depending on the fares that hour.

The market will choose the most efficient option. The most efficient option is not one or two massive companies with a duopoly engaging in rent-seeking because they can because they are the middleman.

Every time these sites die (Uber still was living off VC money last I checked) and users migrate, it’s another opportunity for a decentralized alternative to replace them. As long as federated and decentralized alternatives don’t absolutely fumble this, it seems inevitable that they will replace current centralized web2 infrastructure.

makeasnek , 1 month ago (edited 1 month ago)

The short answer is that while torrents show great possibility for content distribution (as an alternative to CDNs for example), they inherently rely on some centralized resources and don’t make sense for a lot of use cases. Most websites are a bunch of small files, torrenting is really much more useful for offloading large bandwidth loads. On small files, the overhead for torrents is a waste. That’s why your favorite linux ISO has a torrent but your favourite website doesn’t.

One major issue is difficulty in accurately tracking the contribution of each member of the swarm. I download a file and I seed it to the next person, sounds great right? But what if the next person doesn’t come along for a long time? Do I keep that slot open for them just in case? How long? How I prove I actually “paid my dues” whether that was waiting for peers or actually delivering to them? How do we track users across different swarms? Do we want a single user ID to be tracked across all content they’ve ever downloaded? When you get into the weeds with these kinds of questions you can see how quickly torrenting is not a great technology for a number of use cases.

Being somewhat centralized, by the way, is how BitTorrent solved the spam issue which plagued P2P networks prior to it. Instead of searching the entire network and everything it contains (and everything every spammer added it to it), you instead rely on a trusted messenger like a torrent index to find your content. The torrent file or magnet link points to a link in a DHT and there you go, no need to worry about trusting peers since you are downloading a file by hash not by name. And you know the hash is right because some trusted messenger gave it to you. Without some form of centralization (as in previous P2P networks), your view of the network was whatever your closest peers wanted it to be, which you essentially got assigned at random and had no reason to trust or not trust. You couldn’t verify they were accurately letting you participate in the wider network. Even a 100% trustworthy peer was only as good as the other peers they were connected to. For every one peer passing you bad data, you needed at least two peers to prove them wrong.

Blockchain gets us close to solving some of these problems as we now have technology for establishing distributed ledgers which could track things like network behavior over time, upload/download ratio, etc. This solves the “who do I trust to say this other peer is a good one?” problem: you trust the ledger. But an underlying problem to applying Blockchain to solve this problem is that ultimately people are just going to be self-reporting their bandwidth. Get another peer to validate it, you say? Of course! But how do we know that peer is not the same person (how do we avoid sybil attacks)? Until we have a solid way to do “proof of bandwidth” or “proof of network availability”, that problem will remain. There are many people working on this problem (they’ve already solved proof of storage so perhaps this could be solved in a similar way) but as of right now I know of no good working implementation that protects against sybil attacks. Then again, if you can use blockchain or some other technology to establish some kind of decentralized datastore for humanity, you don’t need torrents at all as you would instead be using that other base layer protocol for storage and retrieval.

IPFS was intended as a decentralized replacement for much of the way the the current internet works. It was supposed to be this “other protocol”, but the system is byzantinely complex and seems to have suffered from a lack of usability, good leadership, and promotion. When you have an awesome technology and nobody uses it, there are always good reasons for lack of adoption. I don’t know enough about those reasons to really cover them here, but suffice to say they actually do exist. Then again, IPFS has been around for a while now (15 years?) and people use it for stuff so clearly it has some utility.

That said, if you want to code on this problem and contribute to helping solve data storage/transmission problems, there are certainly many OSS projects which could use your help.

makeasnek , 1 month ago

Qubes

makeasnek , 1 month ago

I’m working on !boinc and !gridcoin . BOINC is a tool used by scientists to distribute computational workloads to the computers of volunteers, Gridcoin is a cryptocurrency which issues rewards for people who use BOINC (like mining crypto but for science instead of hashes). I’m not a direct dev on either project, but I code tools which make those projects easier to use, write documentation, etc.

makeasnek OP , 1 month ago

If you want to help develop a patent-free shelf-stable anti-viral for COVID, consider donating your computer’s spare processing power to the SiDock project. They are an international scientific collaboration using computers to sift through millions of potential compounds. It works on Windows, Mac, and Linux, no PhD required! It runs in the background when your computer is not in use so it won’t slow anything down.

makeasnek OP , 1 month ago (edited 1 month ago)

If you want to help develop a patent-free shelf-stable anti-viral for COVID, consider donating your computer’s spare processing power to the SiDock project. They are an international scientific collaboration using computers to sift through millions of potential compounds. It works on Windows, Mac, and Linux, no PhD required! It runs in the background when your computer is not in use so it won’t slow anything down.

makeasnek OP , 1 month ago

🤣🤣🤣

makeasnek OP , 1 month ago

They aren’t using live sars-cov2 virus. They want to use the nose so that people will gain immunity to infection. Also, people hate needles. Muscle injections generate a different type of immunity which is robust against system-wide infection (hospitalization) but not against the initial infection which begins in the respiratory system. FluMist, which is also delivered as a nasal mist, is reasonably effective and has been available for years.

makeasnek OP , 1 month ago

It can be you. It doesn’t have to be Big Corps or Government. It can be federated instances, it can be self-ownership of data, it can be E2E encrypted.

makeasnek OP , 1 month ago (edited 1 month ago)

“What’s the problem if the government had one random inspection of your house per year. Nobody entering or leaving your house is getting searched, just the house itself and whatever you store in it. Your house is still private. Nobody else is getting let in, just the government.” They’ll only use this new search power to look for pedophiles. Promise.

The problem is you have a right to privacy. The government should have to prove a reasonable basis to suspect you of a crime to violate it, and at least in theory that authority is overseen by an independent judiciary. Owning a phone isn’t a reasonable basis to suspect you of a crime and read all your text messages. Privacy and free speech are basic human rights, they are necessary for democracies to function properly and for us to advance as a civilization and share information and ideas and grow.

makeasnek OP , 1 month ago

Yes. But the government can provide an “updated” hash database. Such updates would be frequent. There is no way for whatsapp to know what files were used to make those updated hashes. Unless the government distributes copies of the underlying CSAM to the messenger app providers which kinda goes against supposedly trying to stop the proliferation of CSAM in the first place.

makeasnek , 1 month ago

There are several Linux distributions specifically made for “kiosk” type applications. I don’t have any specific ones to suggest, but if you search “Linux distro for kiosk” that should return plenty of results. Might be easier to use one of those to suit your needs than modifying a normal distro like Debian, Fedora, Ubuntu, etc

makeasnek OP , 1 month ago

Pro tip: The Electronic Frontier Foundation is a non-profit which has been defending your right to privacy for many years. If you shop on Amazon, you can give a portion of the purchase price to EFF. You pay the same amount and daddy bezos gets a few less dollars. Use the affiliate link, not the smile link as smile has been sunsetted: www.eff.org/node/58741

makeasnek OP , 1 month ago

Agreed. Some people have to shop there for whatever reason. If that’s you, the link is good to use :).

makeasnek , 1 month ago

If it’s just port blocking, why not run the services on other ports? OpenVPN or any other VPN software could get you secure remote access without issue, you run OpenVPN on whatever port you want and then you can connect to any service on your home machine from outside the house. A Tor hidden service could also be used, though you would sacrifice some speed and reliability.

makeasnek , 1 month ago

Meanwhile when the US Govt has a list of actual child rapists (ahem Epstein) not a single one of them faces any jail time. Well, except for Trump, but that’s for other reasons unrelated to being on Epstein’s list. All these laws are smokescreens to take away your privacy and bring greater government control. They have nothing to do with preventing child abuse.

makeasnek , 1 month ago

use mastadon or nostr, they are actually decentralized. Bluesky is just twitter 2.0 with the same broken incentives and the same broken business model.