So... Has anyone on here actually talked with the people from the #SocialWebFoundation?
I can tell the #Mastodon Organization has, but #Threads is also listed there, while I don't see any other names that aren't some corporate entity. I'm all for groups that want to expand the #Fediverse, even for-profit ones, but it's a red flag when an organization that purports to be for a general movement doesn't have an open line of communication with rank-and-file server-runners and volunteers...
Edit:
I just realized that it was founded by @evan who is actually very active in mainstream Fedi, and one of the maintainers of the actual protocol. While that doesn't elaborate on actual intentions, it is good to know that at least it's someone who is directly involved, and not some random corporation. #EvanProdromou
Amber
in reply to Raccoon at TechHub • • •Raccoon at TechHub
in reply to Amber • • •Amber
in reply to Raccoon at TechHub • • •Sensitive content
WHY PRIVATE MESSAGING OMG. That's fucking awful. Nobody needs E2EE haphazardly slapped on the protocol for a false sense of security with private messaging. You want encrypted private messaging? Go to literally any other platform fedi is not the place for that. I am actually pissed, there's no way in hell that I would want to administrate something like that. I have seen countless examples of Matrix home servers going wrong within this community due to a lack of moderation tooling. We're not talking just a couple racists we're talking about child sex trafficking, csam distribution... Ugh. That pisses me the fuck off. Rich text posts are a nicety to have, I'd really like for things to adopt markdown and not mfm (fuck mfm imo it's okay but it's not a markdown and it's definitely not something that's viable long term. it's a gimmick). I guess I missed their "mission" page. Now I'm even more furious, because none of this is going to help the fediverse be widely adopted.
We are at a turning point. Running an instance is a lot of fucking work, we lack moderation tooling (yes, every software currently out there has some sort of flaw when it comes to mod tools. Akkoma has some bulk moderation tooling but is also lacking in other areas). The last fucking thing we need is encrypted dms to be used as a tool for harassment. We already suffer enough with how you can't disable replies in a post. It is awful that this is used as a vector for harassment in combination with setting visibility to restricted modes (such as follower only, so that only the original author can see the bigoted comment and the fanbase of the bigot can also jump in). What the fuck were they thinking? This is some actual shit. Fuck .
Amber
in reply to Amber • • •Sensitive content
this is horrid. I am so glad I defederated them. Fuck that. All of it. This is not the type of "help" administrators such as you and I need. What we need is the ability to have legal counsel, something like the EFF to represent us. There’s so much unknown legally about having a fediverse instance. Starting with things like the media proxy. If it’s on your domain but pointing elsewhere is that still you hosting the content? This is important in places like Germany in which federated media can contain hate symbols such as swastikas. How about things like the requirements for running adult oriented communities? Of course they’d never touch on that. Meta and Automattic just ban them outright because it’s too much work. How about things like working on the underlying server implementations?
I have drafted gitlab issues that touched on major problems within the fediverses' current implementation far more useful to read than whatever this shit is. activitypub.software/TransFem-… Right here. Right fucking here. How about instead of implementing E2EE we standardize rate limit headers for fediverse software so that instead of literally exploding instances with THOUSANDS OF REQUESTS at once we maximize throughput by using a leaky bucket abiding by the ratelimits given. That would do so much more than any of these other shitty proposals to the network. Talk about fixing some federation issues, and making it easier for smaller instances to federate media and other stuff without being overloaded to death forcing operators to move to hyper scale level hardware to run a small 100 user instance. Jfc. It is actually horrifying that I have given more advice to the fediverse that starts the ball rolling on conversations than the SWF such as talking with @hazelnoot@enby.life about server side modules and getting iceshrimp.NET to implement them. Fuckkk I hate this
Amber
in reply to Amber • • •Sensitive content
How about we brainstorm a way of doing signatures in a way that allows each instance to act as a relay. If I am on instance A, I write a post my instance has to send it out to B & C. If C is in fucking Europe, while B is on the coast a lot closer to Europe than me in Central US... why can we not just have my instance send a post to B, and B forwards it to C to minimize latency. I get that what you want for this to happen is an initial key exchange. ie instance A talks directly to instance C to exchange keys so C can verify the notes have not been modified or altered during transit... There's so many things about the fediverse that need to be addressed in order to reduce the large amounts of traffic between instances. I get that is a hard problem to solve, I have talked about this with other people but you're looking at MULTI BILLION DOLLAR INTERNATIONAL CORPORATIONS so if anyone has the money to shove towards an entire dedicated team of cryptographic researchers to accomplish this it would be them.
No, of course we're going to just get fancy markdown nobody asked for. I can display Wordpress blogs perfectly fine. I've seen the blogposts, they render in my client absolutely fine. Sure they're a bit long, but they don't just break my instance or my client. God forbid we look at things like shared inboxes (TO THIS DAY NOT EVERY INSTANCE SOFTWARE SUPPORTS IT!! THIS WAS SUPPOSED TO HELP REDUCE NETWORK TRAFFIC TO MORE MANAGEABLE SIZES). my god there's so many much low hanging fruit even prior to big alteration to how instances federate. you don't have to sit there hiring a team of cryptography experts to implement basic rate limiting on /inbox. content moderation tooling is something you can provide via a variety of ways. One of which... @hazelnoot@enby.life made a program that attaches to the database called "modshark" and it's used as our automod. I am writing a C# library for misskey api with the emphasis on client development & a bot framework (as additional optional dependencies you can install) to help make mod bots and other contraptions. this is awful.
mia
in reply to Amber • • •Sensitive content
Erin 💽✨
in reply to mia • • •Erin 💽✨
in reply to Erin 💽✨ • • •I'm not sure how much relays would help with anything, really - the only major issues I've seen with federation traffic overloading things are due to inefficient or overly heavyweight job queues (staring at Sidekiq in particular)
Oh, and the sheer size of media, but thats a traditional virality ddos
Amber
in reply to Erin 💽✨ • • •Sensitive content
Amber
in reply to Amber • • •Sensitive content
Amber
in reply to Amber • • •Sensitive content
kouhai, Breaker of Caches
in reply to Amber • • •Sensitive content
@puppygirlhornypost2 @erincandescent @mia @hazelnoot I don’t think that’s a particularly big issue?
cryptographic RNGs don’t just run out of entropy because they get reseeded periodically. this happens automatically [ref: docs.openssl.org/1.1.1/man3/RA…].
the cpu time for TLS/pk ops, sure, that’s a concern. but not that
honestly, wrt e2e, I’m more concerned that we’re going to get a design that’s objectively worse than soatok’s well thought out draft.
soatok.blog/2024/09/13/e2ee-fo…
kouhai, Breaker of Caches
in reply to kouhai, Breaker of Caches • • •Sensitive content
@puppygirlhornypost2 @erincandescent @mia @hazelnoot holy shit just give soatok $250,000 to spend a year doing this.
like. do we want matrix. I suspect we’re just going to get “Messages can't be decrypted by receiver (session key missing)” social whatever foundation edition, now with more Automattic Matt funding
Amber
in reply to kouhai, Breaker of Caches • • •Sensitive content
Erin 💽✨
in reply to Amber • • •entropy exhaustion is a stupid concept (you can't destroy entropy! This is basic thermodynamics!!) promulgated by the fact that the Linux RNG was badly designed for a long time and had stupid "entropy accounting"
The RNG no longer "depletes" entropy
Amber
in reply to Erin 💽✨ • • •Sensitive content
Seirdy
in reply to Amber • • •Amber
in reply to Seirdy • • •Sensitive content
Seirdy
in reply to Amber • • •Amber
in reply to Seirdy • • •Sensitive content
Seirdy
in reply to Amber • • •