this post was submitted on 12 Jun 2023
446 points (100.0% liked)
Technology
37804 readers
270 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Used Reddit for 13 years, tried out Kbin and Lemmy yesterday and settled on Lemmy.
Long story short, I’m going back to Reddit.
I initially setup an account on Lemmy.world, then realized that I couldn’t migrate it to another server and that when I deleted that account on that server all my comments were deleted.
Deciphering the distributed nature of it took me, a relatively tech-friendly person, almost the entire day and several ‘What the fuck?’ posts. I now understand it more. There are some very low-level guides that have been haphazardly put together, but there absolutely needs to be a MUCH smoother guide/explanation to this whole thing. That learning process will turn people away for sure.
With a large corporation, they have the staff and resources to secure and maintain the servers physically and digitally, and keep staff up-to-date on current infosec threats and get out in front of them. Beyond that, if there IS a breach, they have the ability to recognize it, understand the legalities and requirements of reporting it, and can be held accountable by regulatory bodies. Joe doesn’t have the resources to really maintain and keep a server running, nor the knowledge of his responsibilities for keeping the data safe digitally or physically.
On top of that, if Joe’s basement loses power/gets hacked/Joe decides he’s moving to San Fransisco and can’t bring his NAS with him and the server goes down, and that’s where my instance is hosted well there goes my entire account/comments/data.
Finding and subbing to communities is painfully difficult. It should be one-click, but somewhere I need to goto an external list, find what I want, and then copy/paste the URL into the search… and then 50% of the time, it doesn’t work. This is an understandable growing pain and can likely be fixed by UI/UX upgrades, but for now it’s a definite turn-off.
There simply is no content. I’m not a creator, I want content aggregated for me, and I’ve gotten used to having a single place to get it from that floods me with thousands of different articles/memes/posts/etc every minute. Until the user base arrives in one single place and starts generating content, there’s no reason for most people like me to be there as by far the larger number of users never create anything at all and only exist to consume the content generated.
Sorry, but a lot of your concerns you outline, I just don't agree with.
No... Reddit's singular biggest issue is the fact that everyone is beholden to Reddit's whim. Leaving any of this to any singular company/persons whims is a big problem. Moderator banned you from a subreddit cause they powertrip? What's your recourse? You have none.
And yet emails are not a problem. Why specifically is this off putting? You've never emailed anyone outside of gmail.com? or outlook.com?
Statistically this is very wrong. Quite the opposite in fact. Users are terrible at identifying ANYTHING malicious as actually being "Wrong".
Just like setting up an email on Gmail doesn't mean you can just migrate to Outlook... and yes I would hope that deleting your account would delete all your comments. That's a GOOD thing.
What security are you talking about? There's nothing "secure" here. You're posting things to a public forum for all intents and purposes. What security are you expecting?
Slated for release with v0.18 which will probably drop within the next few weeks or so... But if your only concern for account security is 2fa... then you probably don't realize that long unique passwords are perfectly fine. I only really see this being an issue if you're a moderator or admin of an instance though. As both of those things... I actually don't currently see a problem. 2fa will be a welcomed addition though.
Just like on every other service on the internet? It seems that most places do fine without this worry.
On the instance you signed up for your account on. In your case that would appear to be lemmy.ca. That's the only instance that even really knows who you are. The rest of the instances just believe the origin instance of the data.
Yup. But that's the case with ANY online service. Where's your facebook data? How about the massive amounts of data that google collect on you? Where's every bit of that? The hope and prayer is that it's safe in some datacenter that has armed guards and all that. The reality is that data leaks happen. Engineers go home with harddrives full of backups that have all your data on it. Hell your doctors office probably has this issue... https://www.classaction.org/pediatric-data-breach-connexin. I don't see you complaining about that. This service is not super sensitive... and if you believe it is... host your own instance.
And yet everyday you hear about some other company that got completely shafted... and more user information leaked out there like it belongs in the wild. But I once again have to ask... Aside from password (which is hopefully long and unique)... What content do you have on lemmy that actually matters? You realize that everything you post on a platform like this or Reddit is public... There's nothing you should ever assume to be "secure" or private on a platform like this, including Reddit. You bring this up so many times... What are you uploading that's sensitive that you think needs to be secure?
Finally a legit concern. Yes, finding communities is actually a bit annoying. There's work being done to fix it. Remember this is version 0.17.4 that we're on right now. And the mass influx of people trying the platform out is putting a ton of stress on lots of undersized server instances. Things will happen... But same story with reddit... Reddit just had 3-4 hours of downtime because some subreddits went private. They're not perfect either... what's their excuse? It can't be because it's new and small...
What? There's TONS of content already. You need to join more communities I think. Reddit was never there to generate content either though. It's an aggregator, not typically a source.
Yes thank you for explaining it so well. The OP is just spouting ignorance
I didn't have the energy to write all that and what I woud have written would have been 90% the same so thank you! The parent doesn't know how things actually are in corporations. Neither about hosting stability, nor data security, nor regulation, nor financial security, nor responsibility. Most of the concerns they had with the random dude are valid for any typical, in other words limited liability, corporation. And the big instances are not at all hosted by some random dude. You can't run a big instance without sysadmin knowledge at the very least. The three I have looked into, lemmy.ca, lemmy.world and lemmy.ml, are all run by either software developers or system/database admins. At least two of them are also well funded which we can tell due to the transparent funding and available track record. Small non-profit teams and organizations have made much bigger contributions to my life and society than many big corporations. From Wikipedia, through Mozilla to all the outfits behind most open source software that literally runs the world. Two random dudes write the crypto for the security that nearly every corporation uses (OpenSSL). Anyways. I'm not writing this to change minds. Just expressing my thoughts and reaction. 🥲
I tried not to bring up individual instances... but to your point there... I'm a CISO... My whole job is data security. My instance is 100% for sure safe... and honestly I probably have better tools in place than a good 80-90% of companies that you give all sorts of private information to.
I felt that point wasn't specifically relevant, but it's just odd that people treat companies as better than individuals in general... My uptime actually beats Amazon this year so far. And I'm hosting from hardware in my garage, which happens to be a cluster of proxmox boxes with a good dedicated 60 amps of power and 6+ hours of battery backup.
The datacenter my business is in contract with... I have better uptime than them... They've had 3 major outages in the past 9 months.
Businesses are not infallible... and honestly are likely worse to work with since no individual ever feels compelled to own up to the mistakes. It's always shareholders and money with businesses. I love working with vendors that are 1-3 man teams... They are ALWAYS vested and always do good work IMO... It's the large places that pass the buck everywhere they can and everything is always a shoe-string shitshow.
Just my additional 2 cents to continue the discussion.
Heavy agreement. Having seen how corporations host and treat data, it's a clown show. Everyone knows noone can be held accountable beyond being fired and execs and shareholders know they can't lose the money they already made. It's certainly better than that in some places but that's the baseline because those are the incentives. It's only better if there's lots of money on the line in case of a data breach. Real scenario from a corporation:
That's of course security patches by some random dudes, for the software written by the random dudes.
🤦♂️🤦♀️🤦
Anyway, what's your instance?
E: Found it.
E2: I'm falling asleep, I assumed it's a public instance. I'll probably be standing up my own at some point too.
https://lemmy.saik0.com is my instance. I'm treating it as the original myspace idea... friends of friends can get in. Also makes the local communities much better IMO...
Running in an LXC container on a proxmox cluster, all the data stored on a ceph cluster. Backed up nightly to a large 400TB backup server. Proxied through cloudflare (yes I've gotten cloudflare working correctly enough... I should probably clean up the page rules a touch...). The only thing I'm missing in my "homelab" is offsite backup... Of which I'm looking for tape libraries or similar things I can put into my rack to swap out every week or so to an offsite location.
And your example of the Ubuntu thing is even worse the moment you bring up windows environments. I know so many companies still running Windows 2012... And their reasoning? "Well it's still supported until October right?"... Not realizing it probably takes months to a year to validate all the software they're going to have to migrate. Clown show is accurate.
Great stuff.
Honestly, even if most folks from Reddit don't stay, the ones that know will most likely stay. I've been here for a week and I know I will. In the worst case scenario it'll turn out like Slashdot used to be. Frequented by knowledgable folks sharing News for nerds, stuff that matters. If that's all we get in the end, it won't be so bad. 👌
But I think a lot more will stay.
Anyway, good night!
What you're describing is just another Reddit. Where, eventually, a few select individuals with all the power make the wrong decisions and this entire disaster happens all over again.
Lemmy (and the fediverse) is a chance to change all that. It brings power back to the people, to the community.
I think that's the exact opposite of what this is. ALL the power on Lemmy is limited to 1 person: The instance host. They set the rules, they decide they don't like you or the server, your entire account gets deleted because they shut it down. Another instance gets into a flame war or conflict with another, they block THE ENTIRE OTHER SERVER, essentially quarentining them out of existing.
I wonder if IPFS would be better suited for the fediverse for this reason? You've brought up some solid points here and if history is anything to go by, it's likely already seeing some exploitation in the wild. I think there's likely to be a lot of work needed here. For example: Your cookies store JWTs in base85. Nice!
It’s funny; I know the usual advice is to stick to com/net/org, but I think there’s a certain crowd online that’s all about the wacky TLDs. I’ve definitely seen devs and artists with TLDs like .pizza and .rocks (not a portfolio, but https://stoneclub.rocks as example). I’ve seen enough of these sites that something like https://sh.itjust.works doesn’t make me blink and I trust I’d be able to tell a phishing site from folks playing with TLDs, but I can totally understand how that could be off-putting without that sort of background.
If I see a URL like this, I, and.... polling my coworkers here..... All 52 coworkers on my group chat would say these are highly suspicious and would not click on them. I imagine this is the general consensus for internet-savvy people.
It would be great if links to remote Lemmy instances had some kind of styling applied; a little icon, etc., that would make it clear this link is within the fediverse.
Again, I think there’s a certain crowd of internet users who are familiar with fun domain names and enjoy playing in that space. My example is particularly innocuous (a club of people who love stone megaliths in the UK). I also think the fun and playful names aren’t difficult to tell from phishing sites, but maybe I have a gut instinct developed from exposure to the folks who do use playful domains.
My point is that thinking these quirky links look dangerous is specific to a certain social or generational group, and it wouldn’t hurt for them to keep an open mind about URLs/TLDs.
(Adding an icon to remote fediverse instance links is a nice idea too.)