Disabling automatic browser extension updates as a security measure?
cstine @ cstine @lemmy.uncomfortable.business Posts 0Comments 165Joined 2 yr. ago
cstine @ cstine @lemmy.uncomfortable.business
Posts
0
Comments
165
Joined
2 yr. ago
Be the change you want to see? Lemmy is still a baby and someone's going to have to make those posts or ask those questions if that content is going to show up there.
No, you've (maybe) limited your singular solitary instance's growth: your instance is not "Lemmy" and admins should do whatever they find works for them, is something they can easily enforce, and resolves the problem.
If you want to geoip limit signups to Skokie, Illinois? Great! If it works for you and keeps your instance from being The Problem, then it's a valid solution.
(I don't disagree that email domain blocks are not a singular solution to any abuse problem, but I also think that whatever works for the individual admin is perfectly reasonable, and email blocks CAN be worthwhile.)
This is a fight between IBM and Oracle. There's been a lot of bad blood between them since Oracle did a s/Red Hat/Oracle/r for their own branded distribution.
IMO that's the main driver behind this change: don't feed your largest competitor free stuff and not something specific against Rocky/Alma/whoever else is using the code.
As with all things non-corporate, you determine if the instance you want to use is run by a reliable person by uh, vetting the person. This is absolutely impractical and absolutely not something you can ask an average person to do in order to post cat memes on the internet, so long-term the right call would probably be to move the "big instances" into a foundation/corporation model (think OSI or Apache or Gnome or....) to provide proper shared ownership of resources, continuity planning, and better handling and monitoring of donated funds as well as better opportunities for outside funding - it's actively easier to get funding or support for actual foundations/non-profits than some dude running a thing in his basement.
You then have a very public entity that's much simpler for any random person to decide if they're reasonable - the fact they exist AT ALL is a huge indicator of legitimacy because the work required to even get that far is not entirely trivial.
Monetization is.... problematic. It's probably going to HAVE to be donation-based because I don't think ads or data mining or segues to our sponsor are acceptable on federated platforms and won't result in you getting anything but tossed out.
I'd also say that there are fundraising options for larger instances that offer valuable communities: you can get a LOT of donations out of corporate America (this is US-centric, of course) if you're a registered non-profit they can donate a tax write-offable donation to, and something like a Lemmy instance is just a rounding error in donations, if you can get in the door.
I'm also not a lawyer, but have worked with lawyers on a GDPR compliant policy, and boy, is it an absolute mess. The larger instances are absolutely going to have to comply, and there absolutely has to be a way to export and delete your data, and federation is absolutely going to run into the data processor vs data controller dual-responsibility pile and it's absolutely going to be a mess.... maybe, at some point, or not. For the MOST part, it's a policy where as long as you're being reasonably compliant and nobody is complaining or suing you, it's not quite as horrifying as it is on paper.
The deletion stuff absolutely needs to be done sooner rather than later, and there needs to be a way to export all the data an instance has on a given user, but those two things will probably cover the worst risks any particular instance has.
Nah. If you enjoy it, and your kids like spending time with you gaming, then who cares?
Life is too short and kids grow up too fast to care what some grumpy old people who wouldn’t know fun if it hit them in the head will say about what you enjoy.
Funny, when Google started building fiber, ISPs threw a fit and tried to make it illegal in a lot of places for big tech to build broadband networks.
So uh, which is it guys?
I don't think it's the NDA itself, so much as the tone of the way people framed their announcement of it.
Since I haven't used a Star Wars analogy in a long time, I'll try one:
If your babysitter wrote you and told you that they've got a meeting with the Galactic Empire to take care of younglings on Coruscant, but they can't talk to you about it, you'd probably be a little concerned.
Like you know how that ended LAST time, and don't really have any reason to think that this is somehow different, so you're probably going to freak out about it.
As with most things in life, if you make announcements, make them super vague, and include things like 'I'm going to talk to Zuck about his new project, can't tell you anything' then you're leaving it up to the interpretation of the reader.
And so everyone is going to assume whatever based on their biases, and if there's a group of people who are MORE anti-Facebook biased than Fediverse users, I don't know who that would be.
I landed on Trello for managing my entire life. Personal projects, work projects, home projects, whatever: there's a board and 200 cards for things I'll never actually do :P
It's not self-hosted, but it's free for a limited number (5?) of boards and I mean, good enough.
It's standard, but I can also understand why someone would find it a little concerning. You're grabbing prominent developers and admins and such and they're telling everyone they're going to have a meeting with Meta they can't talk about and, honestly, given how Meta generally behaves, I can understand why the interpretation is 'they're up to some shit we're going to hate'.
Personally, I removed any addon that's not open-source and thus subject to inspection by outside individuals, and even then, basically have limited it to a password manager and ublock origin.
I know 'you should read the code!' is very nonsense as a security measure, but if it's public the odds of SOMEONE reading it and finding out it's doing shady shit is substantially higher, and if shady shit happens, you just fork the code pre-shady and carry on.
Also, the workflow reliance on all these add-ons has always struck me as maybe not the best choice: it's just adding software to your browser that has access to data that's of value for black hats, marketers, and other unsavory types. Even if the dev doesn't sell you out, there's no guarantee that some otherwise perfectly innocuous behavior can't later be exploited due to some security issue.
It's a combination of:
- people hate Facebook and don't want them anywhere near the fediverse and
- secret talks with NDAs never foretell good things.
Meta's reputation most certainly precedes them here, and they're not a company known for politely co-existing with others but rather for stomping in, and taking what they want and packaging it and selling it.
IMO people have a reasonable basis for reacting strongly (though it's 2023 and the 'hyperbolic over-reaction' is the required thing online it seems).
[[Vorinclex, Monstrous Raider]] and his friend [[Triumph of the Hordes]]
You can randomly come out of nowhere and kill everyone in a single combat and it's amazingly glorious (and salt-generating) when it goes off.
The Otherland books by Tad Williams should also be on that list, if we're talking actually good books about VR.
https://matrix.org/ is what you're after.
It reads like someone has just discovered that if you toss out public data on the public internet via federation it becomes public and out of your direct control.
That's how all federated services basically work: once it is relayed to someone else's server, there's essentially nothing you can do to force deletion.
Easy example: if you send me an email, but delete it from your sent messages, did you delete the message I got?
HA is pretty nice, but has a pretty big learning curve.
As for avoiding turning your internet into a IoT botnet, you need network gear that can segregate clients and prevent internet access, and to pick devices that have a local-only API which is not something everything has.
The real question - and this is coming from someone who spent way more time than I'd like to admit with HA automating things - is what you're expecting. I absolutely wouldn't bother doing a setup again because once the shiny wore off, all I use this for is setting a temperature and turning lights on and off: two things the hardware vendor apps does just fine.
It's great, unless for some reason it doesn't work, and that's kinda an unfortunate state of things for what is still pretty early software. Matter should help simplify things since it'll be less 100 vendors, 100 APIs you have to support which is kinda the state of being right now.
Also don't buy anything from Belkin, screw those guys.
I've been lucky to have no issues with them for over a year, but one thing I've noticed is everyone who has had issues has been running a VPN of some sort; were you maybe?
It'd be interesting to see if that's whatever keeps causing the ban triggers.
Dyamic pricing is risky: it's all sunshine and rainbows until suddenly something happens and it's $9,000/kwh.
The hardest part you'd have is convincing anyone to take the downside risks for... what, exactly?
There's no upside for the consumer here unless 'investing in more stuff for your solar panels' is in some way a useful thing.
Dumping electricity into a hole in the ground (your pool) is pretty much the LEAST green thing you can do with it.
This sounds like the consumer should spend their own money to fix the grid's inability to cope with changes and the oncoming future, rather than put the impetus on the billionaires that already own the infrastructure but aren't willing to update it.
It looks like the problem here is you can "sell" the published version along with the code, and the new developer gets access to your already installed userbase.
That uh, probably shouldn't happen. I'll even go so far as to say that's completely insane and there should be NO WAY a purchaser of anything should get access to publish a new version of something under the same name and have it push out updates without manual user intervention.
For example, Apple/iOS does it sanely where if a new person is going to publish even the exact same app, they consider it a completely separate and new piece of software and it won't auto-update the previous incarnation of itself, and it's checked for suspicious nonsense as if it was brand new and never seen before.