• 1 Post
Joined 1Y ago
Cake day: Jan 21, 2021


Camping. There is nothing but outside.

open posts in new tab

Might be useful on mobile where anything but tapping is awkward. But personally I like that all links open in the same tab and I can middle click or ctrl-click to open in a new window. Makes everything consistent and gives the power to the user.

I must be blind. I opened a random community and couldn’t find anything that looked like a block button. I also searched for “block” and didn’t get any hits. I can only find the UX in my profile.

I used https://lemmy.ml/c/ckstechnologynews as an example.

Client-side hashing doesn’t really do much. It just makes your hashed password the effective password. The only advantage it provides is some defense against password reuse because the “source” password is hard to discover. However you shouldn’t be reusing passwords anyways so that shouldn’t matter.

An actual improvement would be using something a PAKE like SRP or OPAQUE. This way the server never learns enough information to authenticate as you.

A major downside of these systems is that because they aren’t natively supported by browsers they require javascript. But that probably isn’t a major issue because IIUC all interactivity on the webui requires JS anyways.

It would be nice if the RSS feeds were advertised. For example if I browse https://lemmy.ml/c/lemmy I wouldn’t know there was an RSS feed until I find and click the little RSS icon.

If a <link> to the RSS feed was provided my browser extension would light up and I can subscript just by putting the community URL into my reader instead of having to spot the RSS button on the page.

That link works perfectly on my reader. I follow a number of communities via RSS and have never seen any issues.

It would be nice if there was a button on the community profile to make this easier to discover and use.

A common pattern here is making part of the URL human-readable but non-normative. For example instead of https://lemmy.ml/post/112460/comment/110439 you have https://lemmy.ml/post/Lemmy-112460/comment/Lemmy-URLs-should-be-human-meaningful-110439.

There are a couple of minor downsides here:

  1. This can be used for phishing because the server ignores the text here. A malicious user can put something malicious.
  2. Can affect caching. I don’t think this is a major issue and can be resolve by redirecting all to the canonical URL. The redirect is cheep and the canonical URL can be cached.

This pattern is used on a number of sites such as Stack Overflow and Reddit and seems to work well.

I think it would make sense to keep cross-posts different threads. Different communities have different styles, norms and rules for the discussion.

However I think it would be amazing to have the option to:

  • View all comments about a URL on one page.
  • View all comments from my communities on one page.

Basically I think the underlying implementation should be kept as it currently is, but I think the UI could allow the user to visually merge these together when desired (maybe by default).

I think the main complication is that if you are viewing the merged view you need to decide which community to leave the comment on (or support cross-posting comments???) so it is a slight overhead for those who prefer to see things merged. But overall I think this would be a better solution.

You don’t need a bootloader if you never reboot 🤓☚

I like Kubernetes.

  • It encourages immutable infrastructure for apps by default. You update the pod to a new image rather than slowly mutating a VM with new versions.
  • It has a basic rollout system which will be sufficient for quite a while.
  • Its HTTP load balancing and routing is sufficient for most services, especially if you stick a CDN in front of it.
  • Its TCP+UDP load balancing is enough to get started with, and the APIs are there for bypassing it when you need to.
  • It makes it very easy to support failover between multiple VMs and cloud availability zones so that you don’t have (significant) downtime for machine failures or node updates.
  • Lots of tooling built around it.

I think my main tip is don’t get too caught up in the various tooling. If you are trying to be productive just pay GCP or another cloud and run with it. You can always migrate to another solution later when the costs are significant relative to the opportunity costs of your development time. The migration to things like self-hosted NGINX ingresses or self-hosted kubernetes are relatively small so focusing on your product at the beginning is the most important.

I agree with your sentiment, but I think it is important to acknowledge that this isn’t so much a “super-downvote” but a vote in another dimension. Downvotes don’t differentiate between “non-interesting” and “malicious”.

That being said I think downvote ratio + poster history is probably enough to infer the difference between boring and spam so I don’t think the added complexity of a “Junk” button is worth it.

The problem with KPM, Ledger’s researcher explains, is also what differentiated it from other password managers out there: in an attempt to create passwords that are as far away as possible from those generated by humans, the application became predictable.

What? That isn’t the problem at all. The problem is that the password was basically an obfuscated version of the generation time with second resolution.

This was also fixed a year ago, seems like a pretty shit article.

Their terms are https://www.fibrestream.ca/terms. They seem reasonable.

You may not use the Services for anything other than your own personal use.

Not super clear. Am I allowed to use this for work? Is hosting a server for me personal use?

FibreStream reserves the right to terminate your services immediately should you exceed reasonable usage limits, as determined by us.

They also mention “P2P” before that. Is a server P2P? 🤷

But overall it just seems like a cover-your-ass ToS. It doesn’t explicitly call out anything.

Still offered (depending on your building). I couldn’t convince myself it was justified though.

They also have ~1ms ping to a bunch of big sites such as Google and Cloudflare which is incredible. It is really a great connection. I am very satisfied.

I pay 50 CAD for 500Mbps both ways with no bandwidth limit. I am lucky though because I live in downtown Toronto in a fairly large building so the small ISPs have been able to set up shop.


Can you elaborate for trusted instances? I can’t find anything about those and I thought anyone could stand up their own Lemmy and connect to the fediverse. I didn’t realize that you had to be approved to follow a community.

I think you misunderstood the comment but it is answered here: https://lemmy.ml/post/69362/comment/61311

Apparently all votes are public. Maybe it would make sense to surface this in the UI then to make it obvious that this is the case.

Of course. The provider is a critical part of the decision. However if most providers were marked poorly that likely means that it is difficult or impossible to run Jitsi Meet in a way that satisfies their requirements. If there are many providers that rank well it means that Jitsi can be, and often is, run well. Which is a nice thing to see.

Is this information actually private in Lemmy? Since it is federated there will need to be some information exposed. If it is aggregated by server there may be some obfuscation but I don’t think it is impossible to keep this information completely private.