• 215 Posts
Joined 1Y ago
Cake day: Jan 17, 2022


is the databag protocol/design documented somewhere? does it claim to have forward secrecy?

from a quick glance I see here they’re generating an AES key from a passphrase and using it to encrypt an RSA private key, which is… not a good sign.

fwiw https://simplex.chat is another thing which seems to have similar goals and functionality but is better documented.

yeah, as others have already said, this isn’t how copyright law works: it’s how law in general works.


when you send an SMS, all of the metadata imaginable is retained by default… as is the content of the message, in many cases.

besides law enforcement and other government agencies, numerous telco employees also have access to this data, and, in many countries at least, some of it is also sold to data brokers.

you can’t get much less private than SMS.

firesky.tv - realtime Bluesky firehose
firesky.tv - realtime Bluesky firehose

ActivityPub has a over 20k different independent instances, mostly federating with one another. BlueSky has one, and if you try to set up an independent one, it won’t federate.

I’m guessing you still haven’t read this post I linked to? Here is the first paragraph:

Moderation is a necessary feature of social spaces. It’s how bad behavior gets constrained, norms get set, and disputes get resolved. We’ve kept the Bluesky app invite-only and are finishing moderation before the last pieces of open federation because we wanted to prioritize user safety from the start.

It’s a little surprising that the person you’re linking to managed to install and operate their own Personal Data Server without reading enough of the BlueSky website to see that federation isn’t turned on yet!

You are confusing content warnings (not exposing others to potentially triggering content you post) with moderation (making it hard to harass users). These are two very different things.

Why should they be different? If a user neglects to label their own post, shouldn’t other people be able to label it? (And shouldn’t the reader be able to decide who’s labels to give what importance to?)

Yes, and the current owners have no economic incentive to change that. It’s a project backed by financial investors, which means they’ll want to get back as much money as possible as soon as possible.

Their initial funding came from twitter, but twitter doesn’t own it. The BlueSky Public Benefit LLC is owned by the founding team, many of whom have been working on decentralized protocols (SecureScuttlebutt, IPFS, Hypercore, XMPP, among others) since before Mastodon was a thing. The entire purpose of their company is to build the protocol, not their instance of it. Running the first instance is just a way to bootstrap the protocol.

After reading atproto.com do you still think accounts that currently exist on bsky.app won’t soon be able to migrate to another (including a self-hosted) PDS?

Have you read their blog post titled Composable Moderation?

imo it is the ActivityPub world that is cosplaying decentralization.

AT Protocol (BlueSky) seems sort of like AP except if it were designed by people who knew about cryptography and content adressability and who saw that using those tools allows for building systems where where users don’t need to rely so heavily on the node operators.

Right now, if your AP server changes their policies in a way you don’t like, or simply disappears, your only recourse is to make a new account elsewhere. If your old server is able and willing to facilitate it, you can leave a pointer to your new identity, but you can’t take your history with you.

This gives the (mostly hobbyist sysadmin) server operators that most people rely on enormous power, not to mention responsibility.

Having cryptographic identities that are not permanently tied to whatever provider you selected is the solution to this problem, and that is the main reason why ATP exists.

BlueSky hasn’t actually turned on federation or public signups yet; it remains a centralized invite-only website right now. But I’m pretty confident that both of those things will be changing soon, because the point of the project is to build a resilient decentralized protocol.

It had 4K users a couple weeks ago, and 50K today.

They implemented the “block” feature yesterday. This is what it looks like:

(Like any system where you are publishing things that are public-by-default, the “they will be prevented from seeing yours” part can of course be easily circumvented, but, like twitter and mastodon etc they are adding a speedbump that will help in many circumstances.)

BlueSky also already has a system for flagging different categories of sensitive content, much like Mastodon’s CWs. This is what it looks like currently:

If your complaint is that “node operators will have no agency in the system”… lol, i guess that is kind of the entire point of it? Of course ATP server operators will have the agency to not host content or users that they don’t want to, and to provide their users with whatever moderated views of content anyone wants to build. But, they won’t have the agency to hold users hostage to the admins’ whims like they do today in AP.

With ATP, the idea is that users (most of which are not going to be node operators, in either system), instead of admins, have the agency to change their decision about who to rely on to keep their data available, and also the agency to define what they want to see and what they want to not see (without having to start over when someone else changes their policies).

But the user-and-or-server agency I think you are worried about BlueSky taking away is not related to the technical differences, but rather the social/cultural ones: it’s the false promise of agency that Mastodon promotes by pretending it’s possible to have the benefits of a public-by-default conversation without the negative effects of it being searchable/discoverable (aka public). One could actually build things with that philosophy on top of ATP as effectively as it has been done on AP, and perhaps someone will, but indeed the current developers seem unlikely to run an anti-search-ethos server themselves.

The screenshot showing the avatar of his alt account is real: https://twitter.com/elonmusk/status/1650607963084554288

… as reported here and elsewhere: https://www.vice.com/en/article/v7bew8/elon-musk-burner-account-ermnmusk

This is the account that Vice is talking about is this: https://twitter.com/ErmnMusk … but it could easily be an existing account that just changed its avatar to that photo. Note that Vice says the discovery of this account was originally made on 4chan.

And also by now there are other accounts using similar names and the same photo, like https://twitter.com/ErmMusk which is more clearly fake.

Use free/libre software, running on your own server, and don’t use any 3rd party services besides the payment processor(s).

The site you’re referring to appears to be built using WordPress with https://en.wikipedia.org/wiki/WooCommerce btw.

(the linked forecast page is also on the same server, and also not loading for me now…)

edit: it is loading for me again now, and says its battery is 80%, so i guess something else was wrong.

Discord says they aren’t selling user data, but from the job descriptions they’re currently hiring for you can see that they are clearly collecting and analyzing a lot of it:

indeed, they have a public firehose, as of this PR: https://github.com/bluesky-social/atproto/pull/205

and this site’s code which consumes it is very short and conveniently not minified: https://whenitrains.glitch.me/script.mjs

live view of posts from the bluesky closed beta
i guess these are posts from the closed beta at https://staging.bsky.app/ which has maybe ~10k users now (they said >4k a while ago, and then apparently they invited 5k from their waiting list yesterday). permalinks to posts there are currently not accessible without logging in, but i guess since this site exists there must be some API from which posts can be accessed without a login. ![](https://lemmy.ml/pictrs/image/8bc4fb2f-55ad-459e-8346-cdd015dd6ffb.png)

circa 2005 to 2008 (as you can see if you read the page this post links to…)

requesting /c/google
the current moderator of [!google@lemmy.ml](https://lemmy.ml/c/google) is a deleted account

fixed in Element Web v1.11.26; updated desktop Element “coming very soon” according to the announce room

it’s google… and not a real os

Under what definition of “OS” are Android and ChromeOS not Linux-based OSes?

Linux (via Android) is in fact the most popular OS used to browse the web today.

requesting /c/hoch
[History of Computer Hardware](https://lemmy.ml/c/hoch) is a community I've posted to a few times. I just noticed it is still moderated by a banned user who put some silly rules in the description which I would like to remove.

lemmy bug: hostnames in titles become http:// URLs
[Here](https://lemmy.ml/post/913218) is an example. I'm not so sure linkifying hostnames in titles is even a good idea (and I think it was only implemented recently) but if it's there it should make them into `https` URLs instead of `http`. also: the tooltip on the hostname link within the title shows the full URL which the rest of the title links to, instead of the hostname-only URL that the hostname part is linking to.

The Linux foundation is the founder

Do you consider The Linux Foundation to be the founder of all projects listed as “Hosted With Joint Development Foundation” or is there some other connection in this case?

all works are going to be published as open source

This doesn’t mean that something is not an effort by corporate interests to control and co-opt a movement; in fact, quite often it means the opposite.

In this case it sounds like would-be institutional contributors to OSM (which uses copyleft licenses for data, documentation, and source code) will be encouraged to instead contribute to Overture-managed permissively-licensed (meaning non-copyleft open source, allowing proprietary derivatives) datasets and software projects.

The only reasons I can see why these four companies are spending $3M/year each (plus 20 full time engineers each!) on a new project instead of contributing these resources to OSM is (1) they can’t have full control of OSM’s priorities (although they could have a lot, with the amount they’re spending here), and, probably more importantly, (2) a large amount of what OSM produces is copyleft licensed.

compare the Overture Foundation’s membership options:

… to the OSM Foundation’s:

(note that three of the four steering members of Overture are already amongst the many corporate members of OSMF.)

Was it founded by Linux Foundation? It looks like it was founded by and is mostly funded by the four steering members who are Amazon, Meta, Microsoft, and TomTom.

It is “hosted by” Linux Foundation’s “Joint Development Foundation” which says companies can

Use our legal agreements and our 501©6 corporate structure to start your specification and source code projects quickly and at no cost. The Joint Development Foundation provides you with a “consortium in a box.”

Linux Foundation itself does not appear to be otherwise involved.

Although the overture FAQ says they’re complementary to OSM, I am uneasy about what looks like an embrace/extend/extinguish play from four giant companies who are all primarily in the proprietary software business.

i’m sorry but i still don’t have a github account for this pseudonym so i haven’t opened an issue. (it would be cool if lemmy source code and issues were hosted a site that let you log in with a lemmy account… i would definitely open issues then!)

Lemmy continuously loads new (old) posts
I'm using lemmy.ml in Tor Browser. Sometimes a little while (seconds) after loading the front page it will start loading old posts, often from a single seemingly random community, and then keep doing that indefinitely. My fan turns on and the page becomes unresponsive as new (old) posts are continually inserted at the top of the timeline.

i figured maybe it was a meta-commentary about how things like cross-protocol bridging will always be fragile and provide lousy results :)

for one thing, a lot of “non-tech” people do manage to buy their own domain names somehow.

but, also: domains-as-handles doesn’t actually mean everyone needs to get their own domain. For instance, if/when feddit.de adopts ATP, you can be @sexy-peach.feddit.de on bluesky (and everywhere else that uses ATP).

I am looking forward to one day seeing Jason Scott address the anti-archival philosophy of the mastodon bdfl and his acolytes.

(perhaps activity pub allows me to notify him by using his mastodon name @textfiles@digipres.club here? probably not.)

it’s DIDs in DNS. you can read more here: https://atproto.com/guides/identity

so, your DID (which includes a pubkey) is actually your identity, and you can change your handle without changing your DID.

It doesn’t exactly say it on the page i linked, but iiuc their plan is also that while today handles are all names ending with ICANN TLDs in the future they could also be under alternative TLDs defined by ✨blockchains✨.

So, it is one domain per one account now?

No, from their examples it appears that there can be many accounts under a single domain, using subdomains.

I expect he can probably sue Musk for disclosing his medical information, among other things.


why would you post a screenshot and no link

Yes, maybe, but I don’t see a big problem

If I used Portmaster, I would want to chat with the developers and other users and get involved with its development. But, I don’t want to make a discord account, and they haven’t bridged their discord to matrix, so, I can’t. I see this is a big problem for the project.

include it`s fuctions in Discord itself, not possible in other social networks

You can easily have bots on Matrix (or XMPP, or IRC, …).

That Discord tracks the user like FB and others, isn’t really a problem with extensions and privacy tools

🤦 yeah, no, it is still a problem. discord is proprietary software as a service, concentrating millions of people’s unencrypted communications in one place. If you block all the servers doing surveillance, you would be blocking discord itself.

I refuse to give discord an email or phone number, or to agree to their terms of service, and so do many other people. By requiring the use of discord to participate in their community, the developers of portmaster are alienating the privacy-aware demographic of discerning technologists which might otherwise use and contribute to their software. They are communicating clearly that they don’t see discord as a problem, and that means that they are not people who I want to rely on to develop privacy tools for me.

somehow i can forgive using the other platforms they use more than discord.

i do understand the motivations for having one, but if they’re going to advertise themselves as a free software project they should at least be bridging their discord to matrix or something.

basically, yeah. but mastodon can’t subscribe to rss/atom feeds, so (butterfly meme) is this… progress? 🤷

IIUC, for now, it will just be that Mastodon users can follow a category on a Discord site, which means that they will see when new topics (threads) are created there (along with an excerpt of the initial post in each topic).

This looks pretty cool and I’m tempted to try it, but the fact that they have a discord makes me skeptical of the developers’ values.

LLMs are worse than useless. I posted some examples here and here.