tfm

joined 4 days ago
MODERATOR OF
 

cross-posted from: https://europe.pub/post/15513

Sponsored ad

[–] tfm@europe.pub 6 points 25 minutes ago

Pretty much an "enlightened centrist"

[–] tfm@europe.pub 1 points 44 minutes ago

Only if it's for Client specific Extensions not the core project. Basically freelance work. Paid bug fixes and feature requests to core are a big no-go.

[–] tfm@europe.pub 2 points 47 minutes ago (1 children)

It still makes one think: why he would do that and what is his agenda?

[–] tfm@europe.pub 2 points 59 minutes ago

That's the big question. But it looks intentional.

[–] tfm@europe.pub 9 points 1 hour ago

These are phishing bots. Never interact with them.

[–] tfm@europe.pub 4 points 1 hour ago

Don't think so. He is an opportunist like all the others.

 

cross-posted from: https://lemmy.world/post/24846782

Summary

Proton Mail, known for its privacy-first email services, faced backlash after CEO Andy Yen praised the Republican Party and its antitrust stance.

The company initially posted and deleted a statement supporting Yen’s comments, later claiming an “internal miscommunication” and reiterating its political neutrality.

Critics question Proton’s impartiality, particularly as it cooperates with Swiss authorities on legal data requests.

Privacy advocates warn that political alignments could undermine trust, especially for Proton’s users—journalists and activists wary of government surveillance under administrations like Trump’s.

 

cross-posted from: https://lemmy.today/post/25826615

For those not familiar, there are numerous messages containing images being repeatedly spammed to many Threadiverse users talking about a Polish girl named "Nicole". This has been ongoing for some time now.

Lemmy permits external inline image references to be embedded in messages. This means that if a unique image URL or set of image URLs are sent to each user, it's possible to log the IP addresses that fetch these images; by analyzing the log, one can determine the IP address that a user has.

In some earlier discussion, someone had claimed that local lemmy instances cache these on their local pict-rs instance and rewrite messages to reference the local image.

It does appear that there is a closed issue on the lemmy issue tracker referencing such a deanonymization attack:

https://github.com/LemmyNet/lemmy/issues/1036

I had not looked into these earlier, but it looks like such rewriting and caching intending to avoid this attack is not occurring, at least on my home instance. I hadn't looked until the most-recent message, but the image embedded here is indeed remote:

https://lemmy.doesnotexist.club/pictrs/image/323899d9-79dd-4670-8cf9-f6d008c37e79.png

I haven't stored and looked through a list of these, but as I recall, the user sending them is bouncing around different instances. They certainly are not using the same hostname for their lemmy instance as the pict-rs instance; this message was sent from nicole92 on lemmy.latinlok.com, though the image is hosted on lemmy.doesnotexist.club. I don't know whether they are moving around where the pict-rs instance is located from message to message. If not, it might be possible to block the pict-rs instance in your browser. That will only be a temporary fix, since I see no reason that they couldn't also be moving the hostname on the pict-rs instance.

Another mitigation would be to route one's client software or browser through a VPN.

I don't know if there are admins working on addressing the issue; I'd assume so, but I wanted to at least mention that there might be privacy implications to other users.

In any event, regardless of whether the "Nicole" spammer is aiming to deanonymize users, as things stand, it does appear that someone could do so.

My own take is that the best fix here on the lemmy-and-other-Threadiverse-software-side would be to disable inline images in messages. Someone who wants to reference an image can always link to an external image in a messages, and permit a user to click through. But if remote inline image references can be used, there's no great way to prevent a user's IP address from being exposed.

If anyone has other suggestions to mitigate this (maybe a Greasemonkey snippet to require a click to load inline images as a patch for the lemmy Web UI?), I'm all ears.

 
[–] tfm@europe.pub 1 points 2 hours ago

As far as I understand do they use Bluesky's infrastructure.

 

cross-posted from: https://europe.pub/post/14898

[–] tfm@europe.pub 6 points 2 hours ago

The problem isn't the PDS but the Relays. You need terabytes of storage and and some beefy hardware to run one of these. Also there are still quite some parts centralized.

 

cross-posted from: https://programming.dev/post/27143191

Why I recommend against Bluesky.

Have you ever heard of the term federation-washing?

[–] tfm@europe.pub 1 points 3 hours ago (1 children)

People left !moviesandtv@lemm.ee after the power tripping

Firstly, !moviesandtv@lemm.ee still has 2,500 subscribers, while !showsandmovies@lemm.ee only has 1,500 at this point. Additionally, the moderators are now directing users to !television@lemm.ee, which has even fewer subscribers (around 200), as mentioned in this post. Rather than a clean transition, this situation has resulted in a fractured community.

Secondly, in this case, the issue was malicious moderation. Users left because of bad mod behavior, but the real concern remains: admins have the final say. If an admin decides to power trip, the entire community—and potentially the whole instance—falls under their control.

This brings us back to the exact problem Reddit has. As long as the company aligned with community interests, it could hold rogue moderators accountable. But once Reddit had a financial or ideological agenda, entire communities were left powerless.

In contrast, a decentralized approach with similar communities on different instances offers a natural fail-safe. If one instance becomes problematic, users can easily regroup on other similar communities rather than having to start from scratch. This ensures continuity and resilience rather than the all-or-nothing risk of centralization.

If a question about European luggage is listed on three different communities, people are not going to copy-paste their answers in all of them, leading to discussion splintering.

If Lemmy’s feed algorithm can bundle similar posts, it can also bundle comments. This is a matter of software development, not an inherent flaw in decentralization. Whether or not this happens depends on developer support, but it’s absolutely possible and could even be implemented in frontend apps like Voyager or Thunder.

The question isn’t whether consolidation is the only way to improve discussion efficiency—it’s whether it’s the best way. And given the risks of power concentration, it seems clear that a better solution lies in improving the tools rather than weakening decentralization.

I stand by my position, but I’ll leave this discussion open for others to weigh in. Let’s see what the broader community thinks.

[–] tfm@europe.pub 13 points 4 hours ago (1 children)

Why not use a password manager?

 

Dear European enthusiasts,

We're excited to grow Europe Pub and need your help to make it thrive! We're looking for passionate individuals to join us as community builders and moderators.

What we need:

  1. Community builders to breathe life into our existing communities
  2. Moderators for country-specific communities who speak the native languages

Why native-speaking moderators are crucial: Europe's beauty lies in its linguistic diversity. We want to replicate this diversity in our country-specific communities. Our goal is to ensure that every European can participate in discussions using their native language. This approach will make Europe Pub truly inclusive and representative of our continent's rich tapestry of languages and cultures.

This is your chance to contribute to the fediverse movement and create a truly European social network. Let's break free from centralized American social media and build something that represents our diverse continent.

Whether you're passionate about European culture, politics, or simply want to connect with fellow Europeans, we'd love to have you on board. No technical expertise required – just enthusiasm, a love for Europe, and fluency in your native European language!

If you're interested in helping shape Europe Pub, please comment below or send me a message.

Let's work together to create a vibrant, inclusive space! 🇪🇺

 

cross-posted from: https://feddit.org/post/9394337

geteilt von: https://feddit.nl/post/30601987

Just here to shed some light on Bookwyrm.social, the Fediverse equivalent of Goodreads. I've been doing some more reading lately, and I like to keep track of what I read and also I like reading other's review, suggestions, etc. Now I boycot amazon and others big tech as much as possible, so for me Bookwyrm.social is the place to be. It's steadily growing I think, but I thought it deserved some more attention, therefor this post. Same goes for BookBrainz and to a lesser extend IA's Openlibrary. OpenLibrary is, among other things, a place where people catalogue book-metadata, and if a book is not on Bookwyrm.social yet, it can often be imported from OpenLibrary. Problem with OpenLibrary is that the data is often messy and there are a lot of duplicates. That's where BookBrainz comes in, the book-equivalent of MusicBrainz. They're not that big yet, but what they do very well is that they have got very clean data. I feel like BookBrainz has the potential to be the perfect source of data on books, for other apps to use as they please, similar to how MusicBrainz is already functioning. It just needs more contributors, but I'm sure it's steadily growing. I just started doing my part, adding the books I read on all three.

Would love to hear thoughts on these platforms, as well as other platform suggestion if you've got any.

 

cross-posted from: https://programming.dev/post/27088837

Nearly 100 orgs plead for homegrown lifeline amid geopolitical tensions

view more: next ›