![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.world/pictrs/image/eb9cfeb5-4eb5-4b1b-a75c-8d9e04c3f856.png)
So… exactly what we already have except instead of c/linux@lemmy.world it is c/linux@lemmy.worldANDlemmy.zip?
So… exactly what we already have except instead of c/linux@lemmy.world it is c/linux@lemmy.worldANDlemmy.zip?
Again, how does that work if c/linux is “the same” on every instance?
Will comments and posts exist on the world view of c/linux but not the zip view? At which point… what are we actually getting over the status quo? Because you can bet that anyone who has hexbear unblocked would see two different versions of every single thread because nobody else would see the hexbear posted thread.
There have been a number of articles (pop and scholarly) about malicious code being social engineered into codebases over the past few years. And, in this case, the malice is “expected” from one of the long time developers to begin with.
Also: We got INCREDIBLY lucky that Andres Freund detected it when he did. Because that was hitting right around the time a lot of the major distros were preparing their major releases (Fedora basically escaped by the skin of their teeth).
Malicious manipulation of open source projects has always been a concern. And the vast majority of us do the equivalent of signing whatever form we are given because “oh it just looks like a standard contract”.
What you are describing is basically Mastodon (or, if you like porn and hatespeech, twitter… non-consensual porn because a lot of Mastodon instances are REALLY horny).
The moment you aggregate communities across instances you remove the ability to moderate them. Because maybe a hexbear mod wants to remove all mention of the Uyghur people, an ml mod wants to remove all mention of genocide against them, and a zip mod wants to remove all the comments about why genocide is good in a thread about god damned Bluey.
Do they all get to delete everything across every instance? Do you start having different views of the same community depending on your home instance?
All moderator elections would do is let chuds stack the ballot. Look up shit like the sad puppies debacle.
The answer is that a site needs to decide what its rules are and then moderators need to enforce those rules, regardless of how the community feels. Which, ironically, is what ml is doing (even if they don’t publicize those rules). And if the community dislikes the rules, you disassociate with them.
The issue with the fediverse is that you need to defederate or else you are tacitly approving of their bullshit.
You… should probably pay more attention to the news.
It is very possible for bad actors to inject malicious code into an open source project. And it is very probable for people to not notice because the vast majority of developers never read a single line of the open source code they claim to value so much.
“Any bad code will be detected by the armies of people who do rigorous code analysis of every single pull request” was always nonsense.
We have decades of proof of chuds brigading and building up hate speech hellfests in these “just let capitalism decide” laissez-faire models.
Moderation free environments just turn places into kiwi farms.
Not off the top of my head. It was one of the various “tech” youtubers who will do everything ranging from “here is how to set up proxmox” to “I tried five twitter alternatives for a week” videos.
World grew MASSIVELY around the time of the reddit mod strike.
In the time since? A lot of those communities are basically full of people who can’t stop talking about their ex while constantly re-posting everything they see there. And… the lemmy world admins made a few controversial decisions and their method of removing problem/“problem” users made a lot of us uncomfortable. Piss off an admin and your entire comment history is wiped in an instant and your ban reason is unverifiable.
Whereas ml already had communities that existed to talk about the topic of the community rather than what reddit was talking about.
The hexbears realized that EVERYONE blocks them. One particularly humorous youtube even did a “One of the great things about lemmy is that you can block particularly problematic communities. Let’s use hexbear as an example. Please follow along” gag to show how to block an entire instance at the user level.
Since ml was generally sympathetic to tankies, if not full of the idiots, the hexbears basically just joined that en masse.
But yeah. Caught a ban for racism/xenophobia because I questioned what positive benefit accelerationism would have for the Palestinian people. Reminded me way too much of attempting to interact with hexbear so I used that as an excuse to just start blocking any .ml community that I see in my feed. Not QUITE at the point of blocking the whole instance but… I expect to be there by the end of the month.
I guess I am not getting it.
If you can access your files, you can copy your files. If the concern is that you only know how to connect from a full PC, consider plugging a laptop into the switch (or even just set up a VM).
Hard to give much more help without knowing your actual setup. But one nasty solution is to ssh into the server then connect to the running container (or mount the same storage into a different one) if there are some shenanigans going on there.
But yeah. My general rule of thumb is that if something needs to outlive the life of a container then it is being stored on the local filesystem or a zfs/ceph pool.
Really depends on your current tool so RTFM on that.
But when you are activating it in your account? There is a QR code you are supposed to scan. And there is almost always a button like “Having trouble?” or “Show TOTP Key” or whatever. Click that and you get a long alphanumeric string instead. Paste that into the TOTP field for Bitwarden (or Keepass or whatever) and it will generate codes for you.
Once or twice I have had to actually use my phone camera to decode the QR code so that I can manually type in the TOTP code/seed, but I think the last time I did that was in like 2020?
There is.
2FA. No, not the fucking “we’ll send you an SMS” bullshit that is increasingly used to just highlight an active phone number for spam purposes. Proper TOTP with the code backed up to a proper service (bare minimum, Bitwarden)
Someone can steal your password and even your email account (unless you TOTP that too…). They still can’t get into your account unless you are an idiot who gets tricked into providing the 2FA key.
In a perfect world? Have your TOTP credentials in one encrypted database/Bitwarden account and your passwords in another. In reality? Just use a trusted service. I used to be a big fan of Keepass but protecting that with a yubikey (or similar) is a huge mess.
The recent push for passkeys (?) is a nice-ish middle ground. People don’t need to understand how to paste a TOTP code into Bitwarden but they still need to approve a login. That said, I hate it since so much of it is dependent on a single device that can generally be opened by just applying REDACTED to the screen and doing REDACTED to narrow down the lock code significantly.
I mean… It would be nice if they put a nicer message there. But I mostly agree with that.
Look up how people social engineer their way into apple accounts and so forth. The more you put the burden on a (perpetually) underpaid CSR the easier it is to steal an account, Spin a sob story and then harass the CSR until they just reset your password so you will go away. Except there is no guarantee that is YOUR password and now we have yet another stolen account.
The list of all the horrifically shitty things LMG has done over the past few years will fill up a thread on its own and I strongly encourage you to educate yourself before even thinking of defending them for… anything.
But some highlights:
They are rapidly circling the drain and I for one am waiting for the “Well, these aren’t tech so we don’t have a conflict of interest and you should buy some joe rogan branded supplements” within the next few months. Likely because more and more actual tech companies don’t even want to deal with them for the PR boost.
I mean… plenty of youtubers and channels are doing exactly that. Ian McCollum (Forgotten Weapons) and the “educational” gun youtubers have History of Weapons and War. A bunch of creators did Nebula. Corridor Digital have their channel. That comedy channel that came from college humor have their own site? Same with those two channels that pissed everyone off in the past few weeks? And Linus Media Group have been trying to add “we run a shitty version of youtube” to their grift for years now. And Rooster Teeth and Giant Bomb had their own video site for basically the entirety of their runs.
Let alone stuff like Utreon and the other one. And then there are the various successors to liveleak that are basically about spamming yu with an insane amount of spyware and ads in exchange for letting you upload faces of death.
And while I think it is a fundamentally flawed idea that mostly just does the legwork for those sites to run the software: Peertube is a thing and there are plenty of instances that exist.
So I am REALLY curious what evil organization you think is waiting to kill anything that is not made by Youtube. If you comply with DMCA requests and don’t host CSAM then it is just a function of whether you can afford it.
Which… is the real issue. There is just a ridiculous volume of storage and bandwidth required for even a “small” youtube. Which is why almost all of the successful “alternatives” only really host a very small subset of videos.
So… to punish them for “harvesting” your data you are going to… continue to give them your data.
“Time theft” is very questionable and more a topic for society as a whole but…
Okay? Then don’t watch youtube. Rather than allow them to engage in “time theft” but calling yourself smart because you don’t watch ads.
Also: As has been pointed out repeatedly in this thread, the scale of Youtube (and Twitch) is massive and truly hard to comprehend. The only companies that even have a snowball’s chance of running that are Google, Amazon, and MS because they ALSO have giant “cloud” services. And… it is pretty clear none of them really know how to run a site like that (hence why MS just gave up entirely).
In this case, they are a monopoly because they are the only company that even wants to try and make something as massive as youtube work.
But, regardless: It is fine to not “feel bad” about running an adblocker. Just don’t “feel bad” when youtube runs a you-blocker as a result.
Even ignoring the ideological reasons to not want facebook integration: There are only so many hours in the day and so many dollars in the donation bucket. If an open source project is dedicating a disproportionate percentage of that on a feature that a significant part of the community actively do not want: That is exactly WHY you fork a project.
And once we consider the ideological and safety related reasons to not want facebook and giant corporate interests involved?
I have a lot of issue with the people who decide the answer is harassment and hate. But if enough development and organizational energy want to fork this? Fuckin’ A.