this post was submitted on 12 Jun 2023
492 points (100.0% liked)

Technology

37747 readers
180 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

I run a few groups, like @fediversenews@venera.social, mostly on Friendica. It's okay, but Friendica resembles Facebook Groups more than Reddit. I also like the moderation options that Lemmy has.

Currently, I'm testing jerboa, which is an Android client for Lemmy. It's in alpha, has a few hiccups, but it's coming along nicely.

Personally, I hope the #RedditMigration sours adoption of more Fediverse server software. And I hope Mastodon users continue to interact with Lemmy and Kbin.

All that said, as a mod of a Reddit community (r/Sizz) I somewhat regret giving Reddit all that content. They have nerve charging so much for API access!

Hopefully, we can build a better version of social media that focuses on protocols, not platforms.

you are viewing a single comment's thread
view the rest of the comments
[–] Saik0Shinigami@lemmy.saik0.com 18 points 1 year ago (2 children)

Sorry, but a lot of your concerns you outline, I just don't agree with.

There needs to be ONE site, Lemmy.com, that people goto.

No... Reddit's singular biggest issue is the fact that everyone is beholden to Reddit's whim. Leaving any of this to any singular company/persons whims is a big problem. Moderator banned you from a subreddit cause they powertrip? What's your recourse? You have none.

This entire thing about having .whateveryouwant is VERY off putting.

And yet emails are not a problem. Why specifically is this off putting? You've never emailed anyone outside of gmail.com? or outlook.com?

Most internet users have been trained to be extremely wary of odd or unusual things, so having anything besides .com/.net/.org will turn away a huge portion of users.

Statistically this is very wrong. Quite the opposite in fact. Users are terrible at identifying ANYTHING malicious as actually being "Wrong".

I initially setup an account on Lemmy.world, then realized that I couldn’t migrate it to another server and that when I deleted that account on that server all my comments were deleted.

Just like setting up an email on Gmail doesn't mean you can just migrate to Outlook... and yes I would hope that deleting your account would delete all your comments. That's a GOOD thing.

BECAUSE I understand it more now, I’m left feeling VERY uncomfortable about my data security.

What security are you talking about? There's nothing "secure" here. You're posting things to a public forum for all intents and purposes. What security are you expecting?

There’s no 2fa at all

Slated for release with v0.18 which will probably drop within the next few weeks or so... But if your only concern for account security is 2fa... then you probably don't realize that long unique passwords are perfectly fine. I only really see this being an issue if you're a moderator or admin of an instance though. As both of those things... I actually don't currently see a problem. 2fa will be a welcomed addition though.

hacking and user-account hacking is just going to run rampant

Just like on every other service on the internet? It seems that most places do fine without this worry.

and I’m left wondering ‘Where is my username and password actually stored?’

On the instance you signed up for your account on. In your case that would appear to be lemmy.ca. That's the only instance that even really knows who you are. The rest of the instances just believe the origin instance of the data.

The answer, sadly, is wherever the dude who’s running the instance/server is.

Yup. But that's the case with ANY online service. Where's your facebook data? How about the massive amounts of data that google collect on you? Where's every bit of that? The hope and prayer is that it's safe in some datacenter that has armed guards and all that. The reality is that data leaks happen. Engineers go home with harddrives full of backups that have all your data on it. Hell your doctors office probably has this issue... https://www.classaction.org/pediatric-data-breach-connexin. I don't see you complaining about that. This service is not super sensitive... and if you believe it is... host your own instance.

With a large corporation, they have the staff and resources to secure and maintain the servers physically and digitally, and keep staff up-to-date on current infosec threats and get out in front of them.

And yet everyday you hear about some other company that got completely shafted... and more user information leaked out there like it belongs in the wild. But I once again have to ask... Aside from password (which is hopefully long and unique)... What content do you have on lemmy that actually matters? You realize that everything you post on a platform like this or Reddit is public... There's nothing you should ever assume to be "secure" or private on a platform like this, including Reddit. You bring this up so many times... What are you uploading that's sensitive that you think needs to be secure?

Finding and subbing to communities is painfully difficult. It should be one-click, but somewhere I need to goto an external list, find what I want, and then copy/paste the URL into the search… and then 50% of the time, it doesn’t work. This is an understandable growing pain and can likely be fixed by UI/UX upgrades, but for now it’s a definite turn-off.

Finally a legit concern. Yes, finding communities is actually a bit annoying. There's work being done to fix it. Remember this is version 0.17.4 that we're on right now. And the mass influx of people trying the platform out is putting a ton of stress on lots of undersized server instances. Things will happen... But same story with reddit... Reddit just had 3-4 hours of downtime because some subreddits went private. They're not perfect either... what's their excuse? It can't be because it's new and small...

There simply is no content. I’m not a creator, I want content aggregated for me

What? There's TONS of content already. You need to join more communities I think. Reddit was never there to generate content either though. It's an aggregator, not typically a source.

[–] lightrush@lemmy.ca 4 points 1 year ago* (last edited 1 year ago) (1 children)

I didn't have the energy to write all that and what I woud have written would have been 90% the same so thank you! The parent doesn't know how things actually are in corporations. Neither about hosting stability, nor data security, nor regulation, nor financial security, nor responsibility. Most of the concerns they had with the random dude are valid for any typical, in other words limited liability, corporation. And the big instances are not at all hosted by some random dude. You can't run a big instance without sysadmin knowledge at the very least. The three I have looked into, lemmy.ca, lemmy.world and lemmy.ml, are all run by either software developers or system/database admins. At least two of them are also well funded which we can tell due to the transparent funding and available track record. Small non-profit teams and organizations have made much bigger contributions to my life and society than many big corporations. From Wikipedia, through Mozilla to all the outfits behind most open source software that literally runs the world. Two random dudes write the crypto for the security that nearly every corporation uses (OpenSSL). Anyways. I'm not writing this to change minds. Just expressing my thoughts and reaction. 🥲

[–] Saik0Shinigami@lemmy.saik0.com 5 points 1 year ago (1 children)

I tried not to bring up individual instances... but to your point there... I'm a CISO... My whole job is data security. My instance is 100% for sure safe... and honestly I probably have better tools in place than a good 80-90% of companies that you give all sorts of private information to.

I felt that point wasn't specifically relevant, but it's just odd that people treat companies as better than individuals in general... My uptime actually beats Amazon this year so far. And I'm hosting from hardware in my garage, which happens to be a cluster of proxmox boxes with a good dedicated 60 amps of power and 6+ hours of battery backup.

The datacenter my business is in contract with... I have better uptime than them... They've had 3 major outages in the past 9 months.

Businesses are not infallible... and honestly are likely worse to work with since no individual ever feels compelled to own up to the mistakes. It's always shareholders and money with businesses. I love working with vendors that are 1-3 man teams... They are ALWAYS vested and always do good work IMO... It's the large places that pass the buck everywhere they can and everything is always a shoe-string shitshow.

Just my additional 2 cents to continue the discussion.

[–] lightrush@lemmy.ca 5 points 1 year ago* (last edited 1 year ago) (1 children)

Heavy agreement. Having seen how corporations host and treat data, it's a clown show. Everyone knows noone can be held accountable beyond being fired and execs and shareholders know they can't lose the money they already made. It's certainly better than that in some places but that's the baseline because those are the incentives. It's only better if there's lots of money on the line in case of a data breach. Real scenario from a corporation:

So should we update from Ubuntu 18.04 since it's running out of support? Weeeell.. we should but let's write this feature first. It won't be too bad if we run for a few months without security patches.

That's of course security patches by some random dudes, for the software written by the random dudes.

🤦‍♂️🤦‍♀️🤦

Anyway, what's your instance?

E: Found it.

E2: I'm falling asleep, I assumed it's a public instance. I'll probably be standing up my own at some point too.

https://lemmy.saik0.com is my instance. I'm treating it as the original myspace idea... friends of friends can get in. Also makes the local communities much better IMO...

Running in an LXC container on a proxmox cluster, all the data stored on a ceph cluster. Backed up nightly to a large 400TB backup server. Proxied through cloudflare (yes I've gotten cloudflare working correctly enough... I should probably clean up the page rules a touch...). The only thing I'm missing in my "homelab" is offsite backup... Of which I'm looking for tape libraries or similar things I can put into my rack to swap out every week or so to an offsite location.

And your example of the Ubuntu thing is even worse the moment you bring up windows environments. I know so many companies still running Windows 2012... And their reasoning? "Well it's still supported until October right?"... Not realizing it probably takes months to a year to validate all the software they're going to have to migrate. Clown show is accurate.

[–] Thedeadguy@discuss.tchncs.de 1 points 1 year ago

Yes thank you for explaining it so well. The OP is just spouting ignorance