this post was submitted on 12 Jun 2023
238 points (100.0% liked)

Technology

37742 readers
838 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

I run a few groups, like @[email protected], mostly on Friendica. It's okay, but Friendica resembles Facebook Groups more than Reddit. I also like the moderation options that Lemmy has.

Currently, I'm testing jerboa, which is an Android client for Lemmy. It's in alpha, has a few hiccups, but it's coming along nicely.

Personally, I hope the #RedditMigration spurs adoption of more Fediverse server software. And I hope Mastodon users continue to interact with Lemmy and Kbin.

All that said, as a mod of a Reddit community (r/Sizz) I somewhat regret giving Reddit all that content. They have nerve charging so much for API access!

Hopefully, we can build a better version of social media that focuses on protocols, not platforms.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 14 points 1 year ago* (last edited 1 year ago) (6 children)

Used Reddit for 13 years, tried out Kbin and Lemmy yesterday and settled on Lemmy.

Long story short, I’m going back to Reddit.

  • There needs to be ONE site, Lemmy.com, that people goto. This entire thing about having .whateveryouwant is VERY off putting. Most internet users have been trained to be extremely wary of odd or unusual things, so having anything besides .com/.net/.org will turn away a huge portion of users.

I initially setup an account on Lemmy.world, then realized that I couldn’t migrate it to another server and that when I deleted that account on that server all my comments were deleted.

Deciphering the distributed nature of it took me, a relatively tech-friendly person, almost the entire day and several ‘What the fuck?’ posts. I now understand it more. There are some very low-level guides that have been haphazardly put together, but there absolutely needs to be a MUCH smoother guide/explanation to this whole thing. That learning process will turn people away for sure.

  • BECAUSE I understand it more now, I’m left feeling VERY uncomfortable about my data security. If this is going to become a mainstream thing, as it reaches and before it gets to that critical mass of users, there’s going to be SO. MANY. SECURITY ISSUES. There’s no 2fa at all, hacking and user-account hacking is just going to run rampant, and I’m left wondering ‘Where is my username and password actually stored?’. The answer, sadly, is wherever the dude who’s running the instance/server is. In the ‘Fediverse’ your server instance might be hosted in a US or EU data center with proper digital and physical security, or it could be Joe Blows basement in Iowa running off a NAS. The easy-to-see future here is that Lemmy will fail to attract a critical mass of people because they’ll initially arrive, after a few months their instances will just cease to exist/get shut down/the hosts will decide its no longer a fun hobby to do.

With a large corporation, they have the staff and resources to secure and maintain the servers physically and digitally, and keep staff up-to-date on current infosec threats and get out in front of them. Beyond that, if there IS a breach, they have the ability to recognize it, understand the legalities and requirements of reporting it, and can be held accountable by regulatory bodies. Joe doesn’t have the resources to really maintain and keep a server running, nor the knowledge of his responsibilities for keeping the data safe digitally or physically.

On top of that, if Joe’s basement loses power/gets hacked/Joe decides he’s moving to San Fransisco and can’t bring his NAS with him and the server goes down, and that’s where my instance is hosted well there goes my entire account/comments/data.

  • Finding and subbing to communities is painfully difficult. It should be one-click, but somewhere I need to goto an external list, find what I want, and then copy/paste the URL into the search… and then 50% of the time, it doesn’t work. This is an understandable growing pain and can likely be fixed by UI/UX upgrades, but for now it’s a definite turn-off.

  • There simply is no content. I’m not a creator, I want content aggregated for me, and I’ve gotten used to having a single place to get it from that floods me with thousands of different articles/memes/posts/etc every minute. Until the user base arrives in one single place and starts generating content, there’s no reason for most people like me to be there as by far the larger number of users never create anything at all and only exist to consume the content generated.

[–] [email protected] 17 points 1 year ago (2 children)

Sorry, but a lot of your concerns you outline, I just don't agree with.

There needs to be ONE site, Lemmy.com, that people goto.

No... Reddit's singular biggest issue is the fact that everyone is beholden to Reddit's whim. Leaving any of this to any singular company/persons whims is a big problem. Moderator banned you from a subreddit cause they powertrip? What's your recourse? You have none.

This entire thing about having .whateveryouwant is VERY off putting.

And yet emails are not a problem. Why specifically is this off putting? You've never emailed anyone outside of gmail.com? or outlook.com?

Most internet users have been trained to be extremely wary of odd or unusual things, so having anything besides .com/.net/.org will turn away a huge portion of users.

Statistically this is very wrong. Quite the opposite in fact. Users are terrible at identifying ANYTHING malicious as actually being "Wrong".

I initially setup an account on Lemmy.world, then realized that I couldn’t migrate it to another server and that when I deleted that account on that server all my comments were deleted.

Just like setting up an email on Gmail doesn't mean you can just migrate to Outlook... and yes I would hope that deleting your account would delete all your comments. That's a GOOD thing.

BECAUSE I understand it more now, I’m left feeling VERY uncomfortable about my data security.

What security are you talking about? There's nothing "secure" here. You're posting things to a public forum for all intents and purposes. What security are you expecting?

There’s no 2fa at all

Slated for release with v0.18 which will probably drop within the next few weeks or so... But if your only concern for account security is 2fa... then you probably don't realize that long unique passwords are perfectly fine. I only really see this being an issue if you're a moderator or admin of an instance though. As both of those things... I actually don't currently see a problem. 2fa will be a welcomed addition though.

hacking and user-account hacking is just going to run rampant

Just like on every other service on the internet? It seems that most places do fine without this worry.

and I’m left wondering ‘Where is my username and password actually stored?’

On the instance you signed up for your account on. In your case that would appear to be lemmy.ca. That's the only instance that even really knows who you are. The rest of the instances just believe the origin instance of the data.

The answer, sadly, is wherever the dude who’s running the instance/server is.

Yup. But that's the case with ANY online service. Where's your facebook data? How about the massive amounts of data that google collect on you? Where's every bit of that? The hope and prayer is that it's safe in some datacenter that has armed guards and all that. The reality is that data leaks happen. Engineers go home with harddrives full of backups that have all your data on it. Hell your doctors office probably has this issue... https://www.classaction.org/pediatric-data-breach-connexin. I don't see you complaining about that. This service is not super sensitive... and if you believe it is... host your own instance.

With a large corporation, they have the staff and resources to secure and maintain the servers physically and digitally, and keep staff up-to-date on current infosec threats and get out in front of them.

And yet everyday you hear about some other company that got completely shafted... and more user information leaked out there like it belongs in the wild. But I once again have to ask... Aside from password (which is hopefully long and unique)... What content do you have on lemmy that actually matters? You realize that everything you post on a platform like this or Reddit is public... There's nothing you should ever assume to be "secure" or private on a platform like this, including Reddit. You bring this up so many times... What are you uploading that's sensitive that you think needs to be secure?

Finding and subbing to communities is painfully difficult. It should be one-click, but somewhere I need to goto an external list, find what I want, and then copy/paste the URL into the search… and then 50% of the time, it doesn’t work. This is an understandable growing pain and can likely be fixed by UI/UX upgrades, but for now it’s a definite turn-off.

Finally a legit concern. Yes, finding communities is actually a bit annoying. There's work being done to fix it. Remember this is version 0.17.4 that we're on right now. And the mass influx of people trying the platform out is putting a ton of stress on lots of undersized server instances. Things will happen... But same story with reddit... Reddit just had 3-4 hours of downtime because some subreddits went private. They're not perfect either... what's their excuse? It can't be because it's new and small...

There simply is no content. I’m not a creator, I want content aggregated for me

What? There's TONS of content already. You need to join more communities I think. Reddit was never there to generate content either though. It's an aggregator, not typically a source.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

I didn't have the energy to write all that and what I woud have written would have been 90% the same so thank you! The parent doesn't know how things actually are in corporations. Neither about hosting stability, nor data security, nor regulation, nor financial security, nor responsibility. Most of the concerns they had with the random dude are valid for any typical, in other words limited liability, corporation. And the big instances are not at all hosted by some random dude. You can't run a big instance without sysadmin knowledge at the very least. The three I have looked into, lemmy.ca, lemmy.world and lemmy.ml, are all run by either software developers or system/database admins. At least two of them are also well funded which we can tell due to the transparent funding and available track record. Small non-profit teams and organizations have made much bigger contributions to my life and society than many big corporations. From Wikipedia, through Mozilla to all the outfits behind most open source software that literally runs the world. Two random dudes write the crypto for the security that nearly every corporation uses (OpenSSL). Anyways. I'm not writing this to change minds. Just expressing my thoughts and reaction. 🥲

[–] [email protected] 5 points 1 year ago (1 children)

I tried not to bring up individual instances... but to your point there... I'm a CISO... My whole job is data security. My instance is 100% for sure safe... and honestly I probably have better tools in place than a good 80-90% of companies that you give all sorts of private information to.

I felt that point wasn't specifically relevant, but it's just odd that people treat companies as better than individuals in general... My uptime actually beats Amazon this year so far. And I'm hosting from hardware in my garage, which happens to be a cluster of proxmox boxes with a good dedicated 60 amps of power and 6+ hours of battery backup.

The datacenter my business is in contract with... I have better uptime than them... They've had 3 major outages in the past 9 months.

Businesses are not infallible... and honestly are likely worse to work with since no individual ever feels compelled to own up to the mistakes. It's always shareholders and money with businesses. I love working with vendors that are 1-3 man teams... They are ALWAYS vested and always do good work IMO... It's the large places that pass the buck everywhere they can and everything is always a shoe-string shitshow.

Just my additional 2 cents to continue the discussion.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Heavy agreement. Having seen how corporations host and treat data, it's a clown show. Everyone knows noone can be held accountable beyond being fired and execs and shareholders know they can't lose the money they already made. It's certainly better than that in some places but that's the baseline because those are the incentives. It's only better if there's lots of money on the line in case of a data breach. Real scenario from a known publicly traded corporation:

So should we update from Ubuntu 18.04 since it's running out of support? Weeeell.. we should but let's write this feature first. It won't be too bad if we run for a few months without security patches.

That's of course security patches by some random dudes, for the software written by the random dudes.

🤦‍♂️🤦‍♀️🤦

Anyway, what's your instance?

[–] [email protected] 3 points 1 year ago (1 children)

https://lemmy.saik0.com is my instance. I'm treating it as the original myspace idea... friends of friends can get in. Also makes the local communities much better IMO...

Running in an LXC container on a proxmox cluster, all the data stored on a ceph cluster. Backed up nightly to a large 400TB backup server. Proxied through cloudflare (yes I've gotten cloudflare working correctly enough... I should probably clean up the page rules a touch...). The only thing I'm missing in my "homelab" is offsite backup... Of which I'm looking for tape libraries or similar things I can put into my rack to swap out every week or so to an offsite location.

And your example of the Ubuntu thing is even worse the moment you bring up windows environments. I know so many companies still running Windows 2012... And their reasoning? "Well it's still supported until October right?"... Not realizing it probably takes months to a year to validate all the software they're going to have to migrate. Clown show is accurate.

[–] [email protected] 1 points 1 year ago

Great stuff.

Honestly, even if most folks from Reddit don't stay, the ones that know will most likely stay. I've been here for a week and I know I will. In the worst case scenario it'll turn out like Slashdot used to be. Frequented by knowledgable folks sharing News for nerds, stuff that matters. If that's all we get in the end, it won't be so bad. 👌

But I think a lot more will stay.

Anyway, good night!

[–] [email protected] 1 points 1 year ago

Yes thank you for explaining it so well. The OP is just spouting ignorance

[–] [email protected] 8 points 1 year ago (1 children)

What you're describing is just another Reddit. Where, eventually, a few select individuals with all the power make the wrong decisions and this entire disaster happens all over again.

Lemmy (and the fediverse) is a chance to change all that. It brings power back to the people, to the community.

[–] [email protected] 1 points 1 year ago

I think that's the exact opposite of what this is. ALL the power on Lemmy is limited to 1 person: The instance host. They set the rules, they decide they don't like you or the server, your entire account gets deleted because they shut it down. Another instance gets into a flame war or conflict with another, they block THE ENTIRE OTHER SERVER, essentially quarentining them out of existing.

[–] [email protected] 5 points 1 year ago

lmao ok bud, glhf

[–] [email protected] 2 points 1 year ago (1 children)

It’s funny; I know the usual advice is to stick to com/net/org, but I think there’s a certain crowd online that’s all about the wacky TLDs. I’ve definitely seen devs and artists with TLDs like .pizza and .rocks (not a portfolio, but https://stoneclub.rocks as example). I’ve seen enough of these sites that something like https://sh.itjust.works doesn’t make me blink and I trust I’d be able to tell a phishing site from folks playing with TLDs, but I can totally understand how that could be off-putting without that sort of background.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

If I see a URL like this, I, and.... polling my coworkers here..... All 52 coworkers on my group chat would say these are highly suspicious and would not click on them. I imagine this is the general consensus for internet-savvy people.

I'm happily reading a post on Reddit, and see a link like that: clearly dangerous. I'm happily reading a post on Lemmy, and see a link like that: probably dangerous, but possibly a Lemmy instance? Impossible to tell. I want to read Lemmy, not whatever "stoneclub" is.

It would be great if links to remote Lemmy instances had some kind of styling applied; a little icon, etc., that would make it clear this link is within the fediverse.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Again, I think there’s a certain crowd of internet users who are familiar with fun domain names and enjoy playing in that space. My example is particularly innocuous (a club of people who love stone megaliths in the UK). I also think the fun and playful names aren’t difficult to tell from phishing sites, but maybe I have a gut instinct developed from exposure to the folks who do use playful domains.

My point is that thinking these quirky links look dangerous is specific to a certain social or generational group, and it wouldn’t hurt for them to keep an open mind about URLs/TLDs.

(Adding an icon to remote fediverse instance links is a nice idea too.)

[–] [email protected] 2 points 1 year ago

BECAUSE I understand it more now, I’m left feeling VERY uncomfortable about my data security. If this is going to become a mainstream thing, as it reaches and before it gets to that critical mass of users, there’s going to be SO. MANY. SECURITY ISSUES. There’s no 2fa at all, hacking and user-account hacking is just going to run rampant, and I’m left wondering ‘Where is my username and password actually stored?’. The answer, sadly, is wherever the dude who’s running the instance/server is.

I wonder if IPFS would be better suited for the fediverse for this reason? You've brought up some solid points here and if history is anything to go by, it's likely already seeing some exploitation in the wild. I think there's likely to be a lot of work needed here. For example: Your cookies store JWTs in base85. Nice!

[–] [email protected] 1 points 1 year ago

Good points.

I'll be going back to Reddit too but I suspect everything will not be as it once was and much of it will be finding out where others have fled to.

There was ~1-5000 people on here over the last year or so which isn't huge in terms of subreddits, it seems to have jumped to 100,000+ in the past week or two. Teh current content seems reasonable for an ~100k subreddit.