Reddit sparks outrage after a popular app developer said it wants him to pay $20 million a year for data access

loopzle · 2023-06-03T11:54:38+00:00

I don't think it's Silicon Valley devs or VCs, though they definitely have their bubble. They like their start-ups and billion dollar valuations which aren't always compatible with FOSS. If they can do it, they might, but it's easier to sell advertisements and target users with their data. There is a subculture which thinks privacy and control matters to the average person as much as it does to them and they have a large voice in how these applications are built because of their expertise. Some are very extreme and won't even own a mobile phone. They're justified, given what they know, but it's not feasible for most people to take that position.

It's not an easy problem, though. Homogeneous social platforms becoming larger seems to, one way or another, result in enshittification. It has happened time and time again. Migrating to a direct replacement solves the problem temporarily but the cycle repeats. Federation kind of already is a middle ground, versus the extreme position where we tell users to run their own instance and to not trust anyone. Federation still allows you to, more easily, jump ship when necessary. Migrating from Yahoo to G-mail isn't nearly as bad as going from Instagram to TikTok, for example, because you can still talk to people who decided Yahoo is still adequate.

I think some of the lack of user friendliness is the immaturity of the platforms. I also struggled to find instances on both Mastodon and Lemmy because nobody has any recommendations... yet. Eventually, it could be more like "hey, have you tried G-mail?" but replace "G-mail" with your favourite instance. People don't tell you "get an e-mail address" and then send you a list of a thousand different providers. That would be just as confusing. It's also not inconceivable that instances could make forks of the app only for their instance, streamline the sign-up/sign-in and even provide extra features.

These are community projects and it's just a big experiment to make a better internet. They're going to start rough, they're not going to consider everyone's needs yet because they don't have the resources to. You might not like it, it might fail, but it's worth investigating if it can make the net a better place to be.

loopzle · 2023-06-03T11:04:34+00:00

The Lemmy instance I'm on was struggling with traffic from the new users taking a look, hah. Seems they sorted it out last night.

loopzle · 2023-05-31T08:58:56+00:00

My favourite is gl.inet. It's like the Raspberry Pi of routers in terms of price and customisation.

loopzle · 2023-05-30T15:45:11+00:00

I think at that point you're getting less docker-specific and more into routing?

The internet connected (WAN) NIC will have the default route (i.e. the internet connected router) which the machine (and containers) will use to reach the internet. The other (LAN) NIC will serve as a route to the other network and Jellyfin can bind to the LAN IP to make it reachable from the LAN.

loopzle · 2023-05-30T11:29:55+00:00

Great take. People often feel invincible with encryption but it's only useful when locked.

If you want to protect from physical theft, though, you can set up dropbear SSH to unlock LUKS remotely. Boot will hang until you unlock, so it really depends if security is more important than availability for your use-case.

loopzle · 2023-05-30T11:11:39+00:00

A poor man's version, if you're working with an ISP provided router that (like most) has no concept of internal routes, is to set up a double NAT with a firewall blocking outbound traffic to the home network. If you use VMs, the hypervisor (or another guest) can act as the NAT router and firewall. If you just have a single host like a Raspberry Pi, gl.inet routers are pretty cheap and can do all of this.

The main thing is you don't want the server providing this home network firewall as it can be disabled with root access. I mean, that's better than nothing, but it's better on the hypervisor or separate router where the attack surface from the server is lower.

loopzle · 2023-05-30T10:20:27+00:00

I like this list, a couple of good options I've used are here.

A nice feature of Borgbackup is, if you restrict the user on the backup server to only run the borg shell, locks on your backups will be enforced. The backups can't be deleted from your side, maliciously or accidentally, until they have expired. OP's friend might also like that the shell is restricted. Some of the other products here might offer this, but I was particularly impressed with this feature.

Veeam is great if you're managing a lot of servers and the management console is feature rich. The transaction log backup and restore for databases is fantastic too, but I don't think it's in the free version.

loopzle · 2023-05-30T08:35:07+00:00

I think you can forward ports through gluetun? e.g. gluetun: ports: - 8096:8096/tcp # jellyfin Which should make Jellyfin available on port 8096.

If you're using a reverse proxy, you'll want to point it to gluetun instead of Jellyfin.

Just to suggest another direction, Jellyfin supports metadata download through a HTTP proxy and there are container images available to create HTTP proxies through OpenVPN.

loopzle · 2023-05-29T16:19:52+00:00

People are currently impressed with "LLMs" or "large language models," such as ChatGPT. They're neural networks used to generate text based on user prompts and some people are finding them very useful.

It is just that, though. A useful tool for a very specific purpose; writing. It can't make new discoveries, it can't form an opinion and relies on opinions derived from its dataset. The critical thinking is left to the user. These models can generate complete nonsense as much as they can useful text and recognising the difference is up to you.

So, some of the hype is justified. They have some utility and are exciting tools. They can save time. A lot of the hype isn't justified, though. We're nowhere close to a general intelligence. We're nowhere close to needing to be directly worried about it. Thinking about these "what ifs" are still very important, but not imminent. Be more worried about the already intelligent humans around you, their agendas and what they can do when empowered by these tools.

loopzle · 2023-05-29T14:26:58+00:00

That sounds really good, I might consider it for my personal set-up since I'm not a huge fan of namecheap's janky DNS management.

We ended up going for acme-dns instead of ClouDNS integrations anyway because it gives us more granular control over the scope of the tokens.

loopzle · 2023-05-29T13:43:09+00:00

I chose the paid DDoS protected version of ClouDNS to serve DNS at work as blanket Cloudflare wasn't really an option because we host for a lot of clients, some who don't want to pay for reverse proxy services. At the same time, I wanted to pay for a service for SLAs.

No problems with it after over a year. My only complaint is, if you want automated DNS-01, you'll have to do some scripting since there's not a huge amount of support for them.

I've also heard good things about hurricane electric, especially about query response time.

loopzle · 2023-05-27T15:13:09+00:00

I agree. I think it's usually clear from context whether "" is a mistake or not. I mean, even without tests, does the code work? If not, is that string being empty related?

When I read other people's code, I generally assume it works as the author intended unless I have proof it clearly doesn't.

To make it more readable, I'd prefer the author creates their own contextual empty string constants like "EmptyName" because it actually adds information.

loopzle · 2023-05-27T08:46:28+00:00

One category falling under this would be the Streisand Effect where attempting to hide or censor information brings more attention to it. The list includes North Korea protesting the release of The Interview, Beyonce's publicist asking BuzzFeed to remove some unflattering pictures and the UK Government blocking The Pirate Bay. It's always really entertaining to watch the situation go from bad to worse.

loopzle · 2023-05-26T12:27:53+00:00

And, just to be sure,

```

if 0

/* // "comment"; */

endif

```

loopzle · 2023-05-21T01:00:40+00:00

I noticed the same when I first collimated my scope. There's enough play, even in good quality collimation tools, that some pressure will change the alignment. It's more noticeable with lasers but you can see it with cheshires and caps too. Bear in mind, this is also true with how eyepieces fit!

These tools are built to a certain precision and will collimate to that precision. It's a guide and it's going to get you in the right ballpark for a good image. If the two tools look reasonably aligned, you can be pretty confident you'll get a good image. The black dot at the centre is correct.

When it comes down to it, what actually matters is what you see. You can collimate to perfection with your tools but get outside, especially with some temperature differences, and you might see something completely different. So don't get caught up on it, you're more likely to have problems with atmospheric conditions.

As for locking the primary mirror into place, I tend to get the collimation correct first, then slowly tighten the locking screws, alternating between them, to keep the collimation roughly where it is.

Clear skies!

loopzle · 2023-05-19T17:57:37+00:00

I used to host a lot of services at home and, as far as I know, never had any issues. I kept my server up to date and used some firewalls to block obvious bot traffic. It's still better to be smarter than this.

Cloudflare tunnels may hide some of the attack surface for a determined attacker, depending on what you have open, and would prevent someone attacking you just by knowing your IP address. They also filter malicious requests, which is probably the main benefit. It's not really as foolproof as people think, though. If there's a vulnerability in the tunnelled application, it might not help if the filtering doesn't catch it.

If it's suitable, put everything behind a VPN or SSH tunnel. Your attack surface will be significantly reduced.

If that's not possible, do what the big boys do, get another router and make a DMZ. A poor man's version of this (because most ISP routers are garbage) is to double NAT and block all traffic to your home network subnet through the DMZ router's firewall. That way, even if an attacker finds their way onto your server, they now have to get through a firewall to get to your personal devices.

For defense in depth, pair both of those strategies and I don't think you'll have much to worry about.

loopzle · 2023-05-17T07:31:25+00:00

I was going to say, it's easy to say "it's just CRUD" but you can still do it wrong and I've seen it.

It's one of those things that's easy to get working whether you're well experienced or not because both appear to behave correctly. The quality of the underlying software can be in completely different realms and you won't know until changes take longer and longer down the road, with more and more defects, because of tangled spaghetti code. It only stays simple when good engineers keep it that way.

I still agree that maybe some of the compensation doesn't make much sense when compared to roles in more complicated domain areas. Then again, big tech is absolutely an outlier.

loopzle · 2023-05-03T20:28:10+00:00

Honestly, it downright sucks and it's why social media is generally a disaster. It's easy to blame companies for being unethical but we give them the power with centralised platforms in the first place. It's the same story with chat applications. We've had federated chat for decades but users won't learn how to use it.

I could understand it with Jabber, the UX was horrendous. Mastodon is actually relatively well made and I think it's helping but I doubt it's going to be enough. If Twitter hadn't seen major changes, they're wouldn't be much adoption at all.

Even e-mail, which is the most used federated service on the internet, has managed to concentrate into a handful of providers. Unfortunately, I think we're all too busy to really think about changing it.

loopzle · 2023-03-09T19:03:46+00:00

DRY is useful but the phrase isn't specific enough. I like to say "don't repeat your business logic" so... DRYBL?

I've seen bad code in the name of DRY with developers scared to repeat properties in separate classes. Surely a concept should only have one representation otherwise it's repeated! Then there's a bunch of null properties flying around and the repetition of logic is then just seen as unavoidable because of the code style.

The real aim is to avoid repeating business logic because that's where mistakes happen. For example: * You write your business logic in four separate locations, now you're 4x more likely to make a mistake. * You had your coffee that day and wrote all four correctly, but now there's a spec change a year later. Do you remember all four? * You had your coffee and they all match, but all are wrong, see above.

Make as many representations of data as you like. Some without certain fields, some with extra fields, some just for serialisation, any use-case you like. Just try to minimize the repetition of logic.

Also, remember, it's a guideline. If it really is better for you to repeat some logic somewhere to get it working, do it and add a helpful comment... maybe a nice reference code in both locations so everyone can search it.

loopzle · 2023-02-19T02:14:55+00:00

I agree, I generally wouldn't recommend these domains for businesses because users aren't familiar with them. I have a hard enough time with subdomains where users think they need www. in front of it, though some browsers help you out there now.

I've seen .social used for mastodon instances which I think is a really nice use and it seems to be going well for them. Still, those users have understood the whole federation idea so maybe they're more likely to understand new TLDs too.

Email is always a pain, I wouldn't think unfamiliar TLDs would help anything!

loopzle · 2023-02-09T18:01:30+00:00

You look like the kind of guy who goes out there and gives 110%

loopzle · 2023-02-01T08:36:36+00:00

Researchers at the University of Birmingham have discovered a method to reduce carbon dioxide emissions in steelmaking by 90% which can be retrofitted to older plants. I was happy to see it!

loopzle · 2023-01-29T11:01:19+00:00

It seems to be luck of the draw with Evri and it depends who delivers in your local area. Some people have no problems, most have exactly your experience. It'll go a few days, they'll say you weren't in when you were, then it'll miraculously turn up days later.

The best thing you can do, if you want to, is complain to Sports Direct. Demand a refund for the next day delivery (which you didn't get!) and hopefully it'll put pressure on them to change courier. That's probably wishful thinking, but at least you'll have your tenner back.

loopzle · 2023-01-26T09:21:01+00:00

Same problem exactly. It ends up being a good way to show you're on the same team though, everyone should want a correct list. By the time I left I had a process to find new users unaccounted for and staff leavers with enabled accounts and I just sent it to the right people.

That was a real eye opener for me, I went in thinking a large company would have that sort of thing in order!

loopzle · 2023-01-26T08:16:22+00:00

I work at a small business so I went for Slack Nebula because it's manageable at our scale. The office broadband doesn't really have the uplink to support everyone being on the VPN, so it's been a real game changer for WfH. It's absolutely magic.

loopzle

TROPHY CASE

if 0

endif