• 41 Posts
  • 200 Comments
Joined 1 year ago
cake
Cake day: June 17th, 2023

help-circle


  • How have I made your point at all?

    You have acknowledged the importance of having multiple points of failure. It’s a good start because the defect at hand is software with a single point of failure.

    You’re a bit incoherent with what you’re talking about.

    I suppose I assumed I was talking to someone with a bit of engineering history. It’s becoming clear that you don’t grasp software design. You’ve apparently not had any formal training in engineering and likely (at best) you’ve just picked up how to write a bit of code along the way. Software engineering so much more than that. You are really missing the big picture.

    This has nothing to do with software design or anything else along those lines.

    What an absurd claim to make. Of course it does. When software fails to to protect the data it’s entrusted with, it’s broken. Either the design is broken, or the implementation is broken (but design in the case at hand). Data integrity is paramount to infosec and critical to the duty of an application. Integrity is basically infosec 101. If you ever enter an infosec program, it’s the very first concept you’ll be taught. Then later on you might be taught that a good software design is built with security integrated into the design in early stages, as opposed to being an afterthought. Another concept you’ve not yet encounted is the principle of security in depth, which basically means it’s a bad idea to rely on a single mechanism. E.g. if you rely on the user to make a backup copy but then fail to protect the primary copy, you’ve failed to create security in depth, which requires having BOTH a primary copy AND a secondary copy.

    This is a simple thing. If your data is valuable you secure it yourself.

    That has nothing to do with the software defect being reported. While indeed it is a good idea to create backups, this does not excuse or obviate a poor software design that entails data loss and ultimately triggers a need for data recovery. When a software defect triggers the need for data recovery, in effect you have lost one of the redundant points of failure you advocated for.

    When you reach the university level, hopefully you will be given a human factors class of some kind. Or if your first tech job is in aerospace or a notably non-sloppy project, you’ll hopefully at least learn human factors on the job. If you write software that’s intolerant to human errors and which fails to account for human characteristics, you’ve created a poor design (or most likely, no design… just straight to code). When you blame the user, you’ve not only failed as an engineer but also in accountablity. If a user suffers from data loss because your software failed to protect the data, and you blame the user, any respectable org will either sack you or correct you. It is the duty of tech creators to assume that humans fuck up and to produce tools that is resilient to that. (maybe not in the gaming industry but just about any other type of project)

    Good software is better than your underdeveloped understanding of technology reveals.

    Thinking that a federated service is going to have a uniform or homogenous approach to things is folly

    Where do you get /uniform/ from? Where do you get /homogenous approach/ from? Mbin has a software defect that Lemmy does not. Reporting mbin’s defect in no way derives and expectation that mbin mirror Lemmy. Lemmy is merely an example of a tool that does not have the particular defect herein. Lemmy demonstrates one possible way to protect against data loss. There are many different ways mbin can solve this problem, but it has wholly failed because it did fuck all. It did nothing to protect from data loss.

    on your end and a failure of understanding what the technology is.

    It’s a failure on your part to understand how to design quality software. Judging from the quality of apps over the past couple decades, it seems kids are no longer getting instruction on how to build quality technology and you have been conditioned by this shift in recent decades toward poorly designed technology. It’s really sad to see.


  • Exactly. You’ve made my point for me. Precisely why this defect is a defect. The user’s view should be separate and disjoint from the timeline. Lemmy proves the wisdom of that philosophy. But again, it’s a failure of software design to create a fragile system with an expectation that human users will manually compensate for lack of availaiblity and integrity. I know you were inadvertenly attempting again to blame the user (and victim) for poor software design.

    It’s a shame that kids are now being tought to produce software has lost sight of good design principles. That it’s okay to write software that suffers from data loss because someone should have another copy anyway (without realising that that other copy is also subject to failures nonetheless).


  • Who cares?

    Anyone who values their own time and suffers from data loss cares about data loss, obviously.

    This is a serious question.

    Bizarre.

    Anything that is important to you should be backed up and/or archived. Relying on a third party social media app is folly.

    This is a bug report on faulty software. If you have a clever workaround to the bug, specifics would be welcome. A bug report is not the place for general life coaching or personal advice. If there is an emacs mode that stores posts locally and copies them into a lemmy or mbin community and keeps a synchronised history of the two versions, feel free to share the details. But note that even such a tool would still just be a workaround to the software defect at hand.



  • Wojciech Wiewiórowski was intent on calling mastodon a failure for political reasons. When pressed on the harms of public services using Twitter and Facebook, he defends them on the basis of content moderation. Of course what’s despicable about that stance is that a private sector surveillance advertiser is not who should be moderating who gets to say what to their representatives. Twitter, for example, denies access to people who do not disclose their mobile phone number to Twitter, which obviously also marginalises those who have no mobile phone subscription to begin with.

    Effectively, the government has outsourced the duty of governance to private corporations – without rules. Under capitalism.

    The lack of funding on the free world platforms was due to lack of engagement. When the public service does not get much engagement they react by shrinking the funding.

    We need the Facebook and Twitter users to stop engaging with gov agencies on those shitty platforms. Which obviously would not happen. Those pushover boot-licking addicts would never do that.

    tl;dr: is it a good idea to put Elon Musk in control of who gets to talk to their government?





  • the privacy policy for kbin.earth is just empty for me, on Ungoogled Chromium. I get the page title in large bold, but then an empty box below it despite enabling some foreign 3rd party JS (jwr.one).

    But I must say, something like Cloudflare should not be buried in a privacy policy. It should be something that no one misses especially if Tor is whitelisted. A lot of Tor users likely rely on CF’s “just one moment…” page to know it’s a CF page (a mitm we usually want to avoid).


  • Thanks for the insights. I was looking for a client not a server. So maybe this can’t help me. A server somewhat hints that it would be bandwidth heavy. I’m looking to escape the stock JS web client. At the same time, I am on a very limited uplink. To give an idea, I browse web with images disabled because they would suck my quota dry.



  • Photon is a strange beast. How do you install it?

    It seems to only come as a docker container. That’s weird. I don’t have docker installed but docker should really be a choice… not a sole means of installation. I see no deb file or tarball. It seems that it has taken a direction that makes it non-conducive to ever becoming part of the official Debian repos.

    Then it seems as well that their official site “phtn.app” is a Cloudflare site – which is a terrible sign. It shows that the devs are out of touch with digital rights, decentralisation, and privacy. That doesn’t in itself mean the app is bad but the tool is looking quite sketchy so far. Several red flags here.

    (edit) I found a tarball on the releases page.






  • I just need to work out exactly what the effect of the user-configured node block is. In principle, if an LW user replies to either my thread or one of my comments in someone else’s thread, I would still want to see their comments and I would still want a notification. But I would want all LW-hosted threads to be hidden in timelines and search results.

    On one occasion I commented in an LW-hosted thread without realising it. Then I later blocked the community that thread was in (forgetting about my past comment). Then at one point I discovered someone replied to me and I did not get the notification. That scenario should be quite rare but I wonder how it would pan out with the node-wide blocking option.



  • Ah, I see! Found it. Indeed that was not there last time I checked.

    I’m on both Lemmy and mbin. I have several Lemmy accounts.

    Now I need to understand the consequences of blocking lemmy.world. Is it just the same as blocking every lemmy.world community, or does it go further than that? E.g. If I post a thread and a LW user replies, I would not want to block their reply from appearing in my notifications. I just don’t want LW threads coming up in searches or appearing on timelines.



  • I don’t get why you want users to be able to apply cloudflare filters, though.

    Suppose an instance has these users:

    • Victor who uses a VPN
    • Cindy whose ISP uses a CGNAT (she may or may not be aware of the consequences of that)
    • Terry who uses a Tor
    • Norm who uses the normal clearnet
    • Esther who is ethical (doesn’t matter what she uses)

    And suppose the instance is a special interest instance focused on travel. The diverse group of the above people have one thing in common: they want to converge on the expat travel node and the admin wants to accommodate all of them. Norm, and many like him, are happy to subscribe to countless exclusive and centralised forums as they are pragmatic people with no thought about tech ethics. These subscriptions flood an otherwise free world node with exclusive content. Norm subscribes to !travelpics@exclusivenode.com. Then Victor, Terry and sometimes Cindy are all seeing broken pics in their view because they are excluded by Cloudflare Inc. Esther is annoyed from an ethical standpoint that this decentralised free world venue is being polluted by exclusive content from places like like Facebook Threads™ and LemmyWorld. Even though she can interact with it from her clearnet position, she morally objects to feeding content to oppressive services.

    The blunt choice of the admin to federate or not with LemmyWorld means the admin cannot satisfy everyone. It’s too blunt of an instrument. Per-community blocks per user give precision but it’s a non-stop tedious manual workload to keep up with the flood of LW communities. It would be useful for a user to block all of LemmyWorld in one action. I don’t want to see LW-hosted threads and I don’t want LW forums cluttering search results.


  • Cloudflare is an exclusive walled garden that excludes several demographics of people. I am in Cloudflare’s excluded group. This means:

    • when an LW user posts an image, I am blocked from seeing it. Images do not get mirrored onto the federated nodes.
    • when I encounter an LW community with very little content and I then need to visit the LW host to see what’s there before deciding whether to subscribe, I am blocked. I can only see content that got mirrored into the local timeline. There are various circumstances where visiting the source host is necessary but Cloudflare ruins that option.

    CF nodes like LW breaks the fedi in arbitrary ways that undermine the fedi design and philosophy. So the use case is to get rid of the pollution. To get broken pieces out of sight and unbury the content that is decentralised, inclusive, open and free. To reach conversations with people who have the same values and who oppose digital exclusion, oppose centralised corporate control, and who embrace privacy. It’s also necessary to de-pollute searches. If I search for “privacy”, the results are flooded with content from people and nodes that are antithetical to privacy. Blocking fixes that. If I take a couple min. to block oxymoron venues like lemmy.world/c/privacy and do the same for a dozen other cloudflared nodes, then search for “privacy” again, I get better results.

    When crossposting from Lemmy, there is a pulldown list of target communities which is another search tool. That is broken when there are more communities than what fits in the box. And it’s often ram-packed with Cloudflare venues – places that digital rights proponents will not feed. Blocking the junk CF-centralised communities makes it possible to select the target community I’m after.

    So it works. The federated timeline is also more interesting now because it’s decluttered of exclusive places. The problem is that it’s more tedious that it needs to be. I am blocking hundreds of LW communities right now. It probably required 500 clicks to get the config that I have right now and I probably have hundreds of more clicks to go. When in fact I should have simply been able to enter ~10 or nodes.


  • ciferecaNinjo@fedia.iotoFediverse@lemmy.mlLemmy vs. PieFed vs. Mbin
    link
    fedilink
    arrow-up
    9
    arrow-down
    10
    ·
    3 months ago

    tl;dr:

    • Lemmy ← shit show for years
    • (mk)bin ← shit show but understandable given its age
    • piefed ← never heard of it

    I’ve been using Lemmy for years, back when there were only 2 or 3 nodes and federation capability did not exist. It’s a shit show. Extremely buggy web clients and no useful proper desktop clients. I must say it’s sensible that the version numbers are still 0.x. It’s also getting worse. 0.19.3 was more usable than 0.19.5 which introduced serious bugs that make it unusable in some variants of Chromium browser.

    mBin has been plagued with serious bugs. But it’s also very young. It was not ready for prime-time when it got rolled out, but I think it (or kbin) was pushed out early because many Redditors were jumping ship and those refugees needed a place to go. IMO mbin will out-pace Lemmy and take the lead. Mbin is bad at searching. You can search for mags that are already federated but if a community does not appear in a search I’m not even sure if or how a user can create the federated relationship.

    The running goat fuck with Lemmy is in recent years with the shitty javascript web client. There’s only so much blame you can fairly put on those devs though because they need to focus on a working server. The shitty JavaScript web client should just be considered a proof-of-concept experimental test sandbox. JavaScript is unfit for this kind of purpose. It’s really on the FOSS community to produce a decent proper client. And what has happened is there has been focus on a dozen or so different phone apps (wtf?) and no real effort on a desktop app.

    Cloudflare filters lacking

    Both Lemmy and Mbin lack the ability to filter out or block Cloudflare nodes. They both only give a way to block specific forums. So you get imersed/swamped in LemmyWorld’s walled garden and to get LemmyWorld out of sight there is a big manual effort of blocking hundreds of communities. It’s a never ending game of whack-a-mole.


  • Yes indeed… “threads” in the generic sense of the word pre-dates the web. And threadiverse is a few years older than “FB Threads™”. That’s what’s so despicable about Facebook hi-jacking the name. It’s also why I will not refer to them by Meta (another hi-jacking of a generic term with useful meaning that their ego-centric marketers fucked up)