Sal

joined 2 years ago
MODERATOR OF
biology
science
physics
astronomy
science_memes
meshtastic
sports_science
sorted by: new top controversial old
How much control/access does my instance owner haver over my account? in c/asklemmy@lemmy.ml
[–] Sal@mander.xyz 3 points 1 year ago

There is definitely a probability to deal with a non reliable instance admin, but not less than with any other social media, and in principle they collect even less data

Yeah. You can see the cookies that are stored by a site by right-clicking on the site, going to "inspect", and the clicking "Storage". By default, the only cookie that Lemmy has is an jwt cookie used to authenticate your user.

You are not asked for a phone number to be here. Providing an e-mail is often optional and even discouraged by some instances. When you want to send a private message through the site you get a message discouraging from doing that and encouraging to try to use an encrypted chat application instead, such as matrix.

The original Lemmy instance (lemmy.ml) is a community for FOSS and Privacy enthusiasts. What is asks from a user and what it does with the data is what it needs to be functional. Lemmy lets you take any proactive step that you would like to take to protect your privacy - use a VPN or Tor, use safe passwords, use a unique identity, and don't provide any personal information. There are no built-in features to block you or discourage you from doing that. Lemmy never asks for your location, nor does it keep any logs of what content you visit, nor does it try to run any analytics on you. But even if that is not enough for you, the fediverse doesn't lock you out, you can set up an instance or even create a new program to interact and communicate only precisely what you want to communicate via activity pub.

How much control/access does my instance owner haver over my account? in c/asklemmy@lemmy.ml
[–] Sal@mander.xyz 1 points 1 year ago

The votes themselves are the federated action.

If you fetch an old post, your instance will not see the previous voters. After that, whenever a user votes the instance will get the message "User X@instance upvoted/downvoted post Y" and the vote will be added to the database with the voter's user ID and counted.

This has a practical function. If you don't keep a list specifying who voted for what, it would be much easier to fake votes from one instance to another by simply communicating the message "Downvote post Y". With the current method it is still possible to create a lot of fake accounts and mass-vote, but at least you can get a better insight when looking at the database if the votes are associated with accounts with no activity from a single instance.

There are some federated platforms that will show who likes / dislikes something. I know that friendica used to do this - I have not checked if it still does. So it is not only admins who can see this, this is is basically open information in the fediverse.

As badly described as possible, what is your favorite video game? in c/asklemmy@lemmy.ml
[–] Sal@mander.xyz 4 points 1 year ago (3 children)

You are a crawling microchip that possesses animals with cool abilities

How much control/access does my instance owner haver over my account? in c/asklemmy@lemmy.ml
[–] Sal@mander.xyz 38 points 1 year ago* (last edited 1 year ago) (16 children)

  • Password hashing occurs server-side. Even without removing the hashing step an admin can intercept the plaintext password during login. Use unique safe passwords.

  • An admin can intercept the jwt authentication cookie and use any account that lives in the instance.

  • Private messages are stored as plaintext in the database

  • Admins can see who upvotes/downvotes what

  • These are not things that are unique to Lemmy. This is common.

  • To avoid having to trust your admin, run an instance.

How to change default homepage from subscribes communities to local instance? in c/voyagerapp@lemmy.world
[–] Sal@mander.xyz -1 points 1 year ago* (last edited 1 year ago)

Ah, sorry. I did not notice that this was a community about an app.

But maybe if you change it via the browser the app will also respect your settings. I'm not sure though, I have not used "Voyager".

How to change default homepage from subscribes communities to local instance? in c/voyagerapp@lemmy.world
[–] Sal@mander.xyz 0 points 1 year ago (1 children)

In your settings, you should see "Type: Subscribed | Local | All"

Pixel Leaderboard in c/canvas@toast.ooo
[–] Sal@mander.xyz 3 points 1 year ago* (last edited 1 year ago)

Niiiice. Good job! Represent! 😜

We're the creators of Lemmy, Ask Us Anything. *Starts Monday, 7 Aug, 1500 CEST* in c/announcements@lemmy.ml
[–] Sal@mander.xyz 4 points 1 year ago* (last edited 1 year ago)

I have been running an instance without a slur filter for about a year and a half. It is not a big instance, but big enough to have some experience in the field.

In case you are curious, 100% of the many times that I have encountered the n-word in my instance it has been in the context of a very banable offense, and it often requires spending some effort investigating and purging images from the database. The slur filter would block many these federated posts and comments from reaching my instance without the troll/spammer getting any feedback about this.

The filter can be a useful practical tool. The reason I keep it off is because I'm stubborn about not policing the words that people can and can't say. But when I consider what I have experienced and reflect about this, I become more and more skeptical about my choice. The problem is still manageable for my small instance, so I can keep the slur filter off. But I can see that when dealing with this problem at a much larger scale one would want to use any tool at their disposal to make the job easier.

Favorite tiny details? in c/canvas@toast.ooo
[–] Sal@mander.xyz 2 points 1 year ago

My personal favorite:

Is it worth closing the lid on a toilet before flushing? in c/askscience@lemmy.world
[–] Sal@mander.xyz 2 points 1 year ago

Woah, cool video! I think this video deserves its own post. I just need to figure out which scientific community it is most relevant to .... Physics? Epidemiology? Hmmm 🤔

Maybe later... how about never, you fucks? in c/technology@lemmy.ml
[–] Sal@mander.xyz 5 points 1 year ago (1 children)

My girlfriend kept complaining about losing her hearts on Duolingo and I was very confused as I never had any "hearts" during regular lessons. Eventually I found out that since I had created a classroom while exploring the site, I was given access to a teacher version of Duolingo - which is basically a free premium version 😅

Finished a little Hollow Knight at [450,670] in c/canvas@toast.ooo
[–] Sal@mander.xyz 1 points 1 year ago (1 children)

Are you working on top of a template? I drop some pixels if you'd like!

1
Beauty and wonder of science boosts researchers’ well-being (www.nature.com)
2
[Question] VMWare vs vStack cloud server (mander.xyz)
 

I am currently running my instance using a VMWare cloud server with the following specs: 1 GB RAM / 1 Core / 30 GB SSD / 10 Mbps

This costs 13.94 €/month.

Using the same provider (serverspace.io), I can rent a vStack cloud server with: 1 GB RAM / 1 Core / 30 GB SSD / 50 Mbps

For 4.55 €/month.

I am using the more expensive option because this is my first self-hosted project and I did not realize the cheaper option was available when I originally set up the server.

As I currently understand it, renting a VMWare is renting a physical machine, and renting a vStack is renting one of many virtual machines installed within a physical machine. Is this correct? And, are there any practical reasons not to "downgrade" to a vStack? When should someone choose a VMWare over a vStack?

9
Quite the scholar (mander.xyz)
 
19
Firefox appears to be down (mander.xyz)
 

I am not able to load any websites with Firefox on my PC despite having an internet connection. I went on Reddit and found other people complaining of the exact same issue, so it appears to be a problem with firefox: https://www.reddit.com/r/firefox/comments/s2u7eg/is_firefox_down/

My phone's firefox browser works fine.

What can cause a browser to fail this way?

1
How to transform a regular lamp into a cordless lamp (www.youtube.com)
 

I liked method 3 a lot. I am going to transform a bedside lamp and a table lamp so that they use rechargeable batteries.

I also found method 1 interesting because I did not know that AC power banks were a thing.

2
Are there any flaws or problems with Nano? (mander.xyz)
submitted 2 years ago* (last edited 2 years ago) by Sal@mander.xyz to c/crypto@lemmy.ml
3 comments fedilink
 

I have been reading about cryptocurrencies, and I find Nano to be the most appealing on the basis that it appears to be a minimalist approach to digital cash - which is what I would like. I want to be able to pay online easily without needing a third party. I don't really need smart contracts or any other fancy crypto stuff to be tied directly to the digital currency.

The mechanism of decentralization via Open Representative Voting appears to be much less wasteful than the competitive PoW algorithm that bitcoin uses, so that is quite sensible.

I was concerned about the concept of the public ledger allowing others to look into your wallet and trace back transactions, but learning about trust-less mixing has dissipated those concerns.

I see people speaking wonders about Nano in nano-related forums (of course), but outside of those I get the feeling that people either pay little attention to it or generally dislike the currency... I have read many claims about spam attacks, but those appear to have been dealt with successfully looking at the recent updates and discussions on the official forum. So, are there any obvious negatives that I am missing?

5
Does brute-forcing SSH logins for random IPs have a reasonable chance of being profitable for the attackers? (mander.xyz)
submitted 2 years ago* (last edited 2 years ago) by Sal@mander.xyz to c/hacking@lemmy.ml
2 comments fedilink
 

I was looking at my /var/log/auth.log in my personal computer and VPS, and I can see thousands of failed SSH attempts over the past few days. Looking at the attempted logins, I suppose that someone is using a database and trying out common default username/password combinations to attack random IP addresses. I also see that they try this for many different ports.

This approach of attack appears to me to be very very very unlikely to return anything of value. They may as well just try generating bitcoin private keys randomly until they find a wallet with something in it.

Are these 'hackers' just playing the lottery and wasting their resources? Or is this a strategy that somehow works reasonably often?

3
How can I serve a static file in response to a Webfinger query? (mander.xyz)
 

I am trying to follow this ActivityPub tutorial.

I would like to get my server to respond with a static file when it gets a query for https://domain.com/.well_known/webfinger?resource=act:username@domain.com

Since it is not explained in the tutorial I suppose that this is a very basic thing to do, but I have never dealt with this type of query before. What is the simplest way achieve this? My server is using nginx to serve a basic static html at domain.com.

6
How to set up a Lemmy instance in a cloud server (www.youtube.com)
submitted 2 years ago* (last edited 2 years ago) by Sal@mander.xyz to c/selfhosted@lemmy.ml
8 comments fedilink
 

I have been learning a lot thanks to Lemmy and the people behind it, so I wanted to contribute a bit back by making some easy-to-follow video tutorials.

I have also made the same video in Spanish: https://www.youtube.com/watch?v=h50M6jYZ8YU

As a beginner myself, I do have a level of concern that I might teach something incorrectly, or that I might expose others to security risks and liabilities. I hope that these concerns are not well-founded, but I am open to criticism!

view more: ‹ prev next ›