1. 1

    This is great, I just switched my RSS reader feedly to NewsBlur.

    I also choose NewsBlur because I couldn’t find a self-hosted project to accomplish what I needed, which was to select specific stories and then republish to a new RSS feed. So, I really recommend trying NewsBlur if you’re looking for a nice RSS aggregator.

    1. 1

      I recently read the book The Idea Factory by Jon Gertner. I highly recommend that book if you haven’t read it. Claude Shannon is discussed in depth it’s cool to watch this video and visualize Claude Shannon and peasoup!

      1. 4

        My favorite peertube instances are: https://video.ploud.jp/ for good content moderation and relatively active userbase, as well as TILVids https://tilvids.com/ for good science/elearning videos

        1. 4

          I got fired from one of my jobs just before the pandemic hit. I had another job that I have been doing for the past 16 years but that might be drying up as well since it was a small department, and the digital team was just me and my boss, who had a stroke and even though, thankfully, he is alive, the is not expected to go back to work. My tasks there now have trickled to maintenance and small stuff. That adds a bit of anxiety and pressure. I’m trying to use this upheaval to point my life towards what I actually enjoy doing which is writing books, making videos, and creating small tools for people. I hope to release a couple books in the next few months, and just mentioned here in another thread my new project to keep in control of my book publishing process.

          I’ve been a remote worker for close to two decades, so the pandemic new workflows are easier for me than they are for many other people. I’m trying to cope with being locked up by learning how to make better coffee and catching up on fantasy and science fiction books I’ve been wanting to read for ages. I still go a bit depressed from time to time, but participating in cool communities like this one helps a lot.

          1. 1

            What good science fiction have you found? I have been enjoying Neal Stephenson. Fall; or Dodge in Hell, was a wonderful read. Stephenson turned me off at first and I refused to read his books. But Fall; introduced me to Snow Crash, which was also a great read.

            1. 1

              I love Neal Stephenson, I have all his books except for “Fall; or Dodge in Hell” which didn’t really attracted me by its description, but I’ll double check it again, good praise from you might just be the data point I needed to check it out. To be honest, I loved all his books, so I’m guessing I will like that one too. I have most his books in paper (some in hardcover even), that is how much I enjoy his work. But, as you read more of his stuff you’ll quickly notice that Stephenson has a particular way of making the endings of his books. The end of the book is not necessarily the end of the story, it is the end of the story he wanted to tell you, and in many occasions that that leaves you wondering what happened next. His books do not end in those “let’s wrap everything tidy” kind of practice that most books do, and that detracts many people from his works. It is up to you to deal with that, personally, I don’t mind at all, I understand how and why he does it, and I can still enjoy all the rest.

              If you enjoyed “Snowcrash”, then pick “The Diamond Age” that has a similar vibe but is placed a bit ahead in the future. Travelling all the way to the past with the Baroque Cycle trilogy is also a very good read, but be aware that those books are huge. The hardcover versions are so large that I often used them as furniture. Two of his books that I don’t see people talking often but that I really like are “REAMDE” and “Anathem”. I don’t know if the “Cryptonomicon” still has the impact it had when I first read it ~20 years ago, but it was fun.

              I don’t know what subgenre of science fiction you enjoy, buuuuut, if you’re game to trying new things, I’d recommend the Iain M Banks books from “The Culture” series, just be aware that the first two books are not as strong as the rest of the series. They are not really chronological, as in you can read them out of order but the author builds more and more into his universe as the books are written so picking a book from the middle or late Culture series will be a bit harder because he is assuming you already know a ton about the tech, ethos, and ways of things. I think that my favourites on that series are “Player of Games”, “Excession” and “Use of Weapons”.

              Two other authors that filled the void in my life after Iain M Banks passed away were Peter Hamilton and Alastair Reynolds. They have many books and some series. The Commonwealth Saga and Revelation Space series are quite dear to me and I expect other people to love them to.

              Oh man, I could go on forever but I have already typed a lot here. Feel free to reach out if you need more recs! :D

              1. 2

                I suspect you may be interested to know this, I am 266 pages deep into this book and I am enjoying it thoroughly. The confucian quotes add to the appreciation, but the storyline is on par with snowcrash. I will confess, the storyline to Fall; or Dodge in Hell is still my favorite of these 3 books from Stephenson that I have read. Thanks again for the great suggestions my friend.

                1. 1

                  I’m so happy that you’re enjoying it. I think that the Diamond Age is my favourite Stephenson book (I kinda like them all but The Diamond Age has a special place in my heart). As soon as I finish with the current two books I’m reading, both fantasy — Oathbringer and The Lies of Locke Lamora — I’ll pick Fall; or Dodge in Hell.

                  Also, if you’re here on Lobste.rs and you might appreciate his old essay In the Beginning was the Command Line. It is at the same time a bit dated and still relevant, IMHO.

                  1. 1

                    Hey Soapdog, I thoroughly enjoyed the Diamond age, however still recommend Fall; or Dodge in Hell, if you haven’t picked it up yet ;) I’ll be reading In the Beginning was the Command Line.

                    Are you a fan of Isaac Asimov? I really enjoy his work as well, but after re-reading your post from a few months ago, I realize there is a huge volume of good SciFi to choose from.

                    Short stories are great too, my favorite short story is The Last Question by Asimov.

                2. 1

                  Stephenson didn’t do endings - maybe he’s better now but he wasn’t then.

                  Other good British SF authors are Ian McDonald, Ken MacLeod and Paul McAuley. Despite all having Scottish surnames they’re based in Northern Ireland, Scotland and England.

                  1. 1

                    Hello my friend, thank you for the thoughtful response… timing is odd in life, this comment picked me up when I needed it so thanks mate. Awesome, I have started reading the Diamond Age, so far it’s pretty gripping and feels similar to snowcrash, dytopian technical society. For sure, I’ll check the other authors out as well Obrigado muito bom. Tudo bem?

                    Fall; is clearly written by the same author, but has a must more positive overtones than snowcrash, which was more gritty and gnarly. But Fall; is without a doubt a magical storyline, I do vouch for it being a great read.

              1. 2

                Does anyone I am new to RSS, and I am astounded at how unadulterated it is compared to modern websites. I usually browse solar/renewable energy feeds and, shamefully, been using feedly. So, I’ll look into Miniflux, thanks for sharing this.

                Does anyone know of an RSS reader that you can use to amalgamate articles and create a new RSS feed?

                1. 2

                  You might want to look into the notion of a planet.

                  1. 1

                    Ah, this may fit my needs quite well.

                    Argh.. the repo looks like it is no longer available on gnome.org, fortunately, it looks like there are a number repos on github. Thanks for sharing this with me.

                1. 43

                  To echo my thoughts: I think this change is welcome. As I see it, there’s no downside to changing this default.

                  1. 55

                    I consider the imposition of a distributed cost across the entire git-using ecosystem a downside. This is not a one-sided tradeoff.

                    1. 26

                      I know I’ve personally hard coded the word “master” in at least a few scripts. Fixing those scripts won’t just be a matter of changing “master” to “main” either; I’ll have to add a bunch of logic to figure out what the default branch name is for a particular repo. It’s also not clear what to do with old repos; do I keep the name “master” for old repos and adapt the word “main” for new repos? Or do I rename the master branch to “main” for all my old repos and possibly break things?

                      I’m not really opposed to the change. I’m usually happy to change language to move society into a less casually racist/sexist/whatever direction. But this change will make things quite a bit more difficult, on a technical level, for millions of users, so I sure do hope the benefit is worth it. (Which, to be clear, it might. I’m in no position to judge. In my native language, our word for “master” doesn’t have history it apparently has in the US.)

                      1. 25

                        change language to move society into a less casually racist/sexist/whatever direction

                        I agree, getting rid of casually racist/sexist/asshole terms is a good thing. But, this whole situation implies that the word ‘master’ is inherently racist, which it is not. To illustrate, let’s make the exact same argument about the word ‘blanket.’ I’m Native American, many of my ancestors suffered and died to the disease smallpox, sometimes believe to be intentionally spread using infected blankets now known as ‘smallpox blankets’ 0. Now, intentionally spreading disease with the intent on decimating a population is extremely racist, bordering on genocide. Whether it actually happened or not is beside the point, it’s ingrained in popular culture (in the US) as something that probably did happen to some extent. Now, for some, the word ‘blanket’ can bring up “memories” of their ancestors suffering (or even their own ongoing suffering), but does that make the word ‘blanket’ racist?

                        our word for “master” doesn’t have history it apparently has in the US

                        It doesn’t here either. The word has many uses, most of which range from neutral to positive (master copy, masters of science, etc.). Referring to someone as a master in certain contexts, such as when a student of martial arts, is a sign of respect.

                        Frankly, I have enough garbage to deal with, adding another headache on top of it just to satisfy some ‘woke’ assholes doesn’t appeal to me. Censoring language is a bad mechanism for suppressing racism, and is IMO more detrimental to society than the problems it’s seeking to solve.

                        1. 12

                          “Master” is often paired with “slave” in CS and IT (busses, DB replicas, etc.), which is why it’s on the list of exclusionary terms. Git doesn’t use “slave” in relation to its master, but given the prevalence of “master/slave” wording, why continue using a term that makes some people uncomfortable?

                          1. 14

                            why continue using a term that makes some people uncomfortable?

                            Because the shift imposes a distributed cost on the entire git-using ecosystem. Examples: every forge site needs to build out this feature instead of others, everyone needs to check their scripts, etc. Imposing distributed costs needs to be done very carefully, because even a couple of hours × a lot of people = a lot of person-hours spent.

                            This is an expensive move to make. For it to be worth doing, the benefit of the change needs to be worth the effort spent and I have seen no serious attempt to quantify this.

                            1. 20

                              Does it actually make people uncomfortable? That’s besides the point of my argument, which is that words have flexible meanings and are extremely context dependent. Censoring a word because when used in a specific context (in this case, specifically human slavery) it can have a negative meaning simultaneously erases innocuous uses of the word, and strengthens the negative connotations. By actively trying to suppress usage of a word, you make the word more powerful in it’s negative usage.

                              But really, all you need to do is actually read the last paragraph to know why I disagree with this. Changing 15 years of convention for something like this is needless headache.

                              1. 5

                                If it makes people uncomfortable, we could probably confirm that over in music performance and production, where “master” (master recording, remastered) is a frequently-used term and racial diversity is slightly less of an issue. My mediocre research skills haven’t found anything either way yet. Maybe we should just ask some Black artists.

                                1. 5

                                  No one is suppressing anything. You can still use whatever name you want for your branch. Don’t blame software developers for adapting to a more inclusive culture. Especially when you are not part of the people affected by it.

                                  1. 15

                                    Until you end up being publicly shamed by thousands of “inclusive” virtue-signalling bullies.

                                    1. 3

                                      If you wanna complain about Twitter bullies, do that. However, “this move from the git project is bad because other people may eventually be assholes” isn’t… the greatest argument I’ve heard.

                                      1. 1

                                        Shamed for what reason? I’ve seen many people arguing against initiatives like this one and no one cares. Someone even started a petition on change.org to not change it and no one cares.

                                        1. 14

                                          If this takes, I give it a couple of years at most until someone starts yelling about a project that did not switch or even worse - gasp - started with the master branch instead of main. How insensitive and unwelcoming!

                                          A venue enabled by buying into this virtue signalling crap and actually making it a thing.

                                          1. 1

                                            Right. So you went from a thousand people publicly shaming to someone yelling.

                                            1. 11

                                              From what I’ve seen, one person yelling leads to a tweet, leads to the eventual Twitter mob.

                                              1. 1

                                                Sure, but for saying what? @mordae is saying that would happen because someone decided to use “master” instead of “main”. Which seems farfetched.

                                              2. 4

                                                I remember Stallman.

                                                1. 2

                                                  I think that was a bit more complicated than just naming a git branch.

                                      2. 1

                                        Does it actually make people uncomfortable?

                                        Yes. Yes it does … there is no use of the word as it relates to version control that doesn’t derive from human slavery, specifically.

                                        1. 4
                                          1. 1

                                            Fine, edited for additional clarity, though all those meanings derive from the PIE meaning of “one who has greater power”.

                                  2. 8

                                    I’ll have to add a bunch of logic to figure out what the default branch name is for a particular repo.

                                    What is a default branch? When I create a new repo, Git gives me a default branch, sure, but the moment after that command completes there’s never been a guarantee that the master branch exists.

                                    I know I’ve personally hard coded the word “master” in at least a few scripts.

                                    Unfortunately this was never quite correct, technically. My personal workflow is to always remain in a detached HEAD state and to not have any sort of “main”/“default” branch locally, so these scripts don’t quite work for me. If they were only supposed to support your workflow, you can keep using the old config setting without issue.

                                    1. 9

                                      What is a default branch? When I create a new repo, Git gives me a default branch, sure, but the moment after that command completes there’s never been a guarantee that the master branch exists.

                                      Here’s a concrete example.

                                      At work, we use this build system called bitbake, together with the yocto project, to build an embedded Linux distribution. The idea is that you build recipes which describe where to fetch some source code (usually in the form of a git URL + a commit hash + an optional branch) and how to compile and install the source code, and bitbake handles the rest.

                                      I threw together a script to go through all of our recipes and figure out which recipes are outdated. To do this, it fetches the repo and checks if there are commits since the commit hash specified in the recipe. This is no problem if a branch is specified in the recipe, but what do I do if it isn’t? Instead of looking deep into the guts of bitbake and figuring out how exactly its logic for figuring out what the “default” branch is, I just defaulted to “master”.

                                      There are obviously ways to do it “correctly”, and hopefully tools like bitbake, which are actually seriously and actively developed as a kind of product, do it the right way. However, there are loads of scripts which do things the easy way instead of the 100% correct way; essentially scripts which automate the steps which the author would’ve gone through manually just to make life a bit easier. Most likely, the solution in the case of the aforementioned script is to just keep track of whether a branch is specified, and, if it’s not, just omit the branch argument. My point isn’t that fixing these scripts is hard, but that there are loads of these scripts which will have to be fixed.

                                      1. 4

                                        I’m not the OP, but I think it’s reasonable to have, for example, a script that deploys master to an environment and is SHA-agnostic.

                                      2. 1

                                        I’ll have to add a bunch of logic to figure out what the default branch name is for a particular repo

                                        I thought so too, but I got away with just using HEAD everywhere. It’s an alias for the actual main branch, whatever it’s called.

                                        1. 4

                                          HEAD is not an alias for a branch. If you do git checkout alt-branch, HEAD will point at the last commit of alt-branch. If you again do git checkout main-branch, HEAD will point at the last commit of main-branch. If you’re in the middle of an interactive rebase, HEAD will point at a commit that in general won’t be the last commit of any branch. You can do a git checkout commit_hash which will detach your HEAD from any branch and it will only point at this particular commit. Generally, HEAD points at the commit that you have checked out locally at the moment, the one that will be the parent of the next commit you make.

                                          1. 3

                                            Works well enough for remote HEAD.

                                            1. 1

                                              Right, so in practice (found this with a quick search):

                                              • If you clone a fresh repo in your script, HEAD should point to the default branch, until you switch branches. This might work for some scripts, depending on the situation.
                                              • If you want to know which branch is the default, it looks like git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@' does the trick.
                                              • If you want to know the default branch on a remote, you can do git remote show [your_remote] | grep "HEAD branch" | cut -d ":" -f 2.

                                              These all feel like somewhat of a hack. With git changing this default, I wish there would also be some new built in commands. For example they could provide the default branch locally and on a remote directly, without needed to use sed or cut. Personally I’ve never written a script that needs to know the default branch name, but it sounds like some people have.

                                              1. 4

                                                I think that the entire issue rests with misunderstanding of git. In git, “default branch” is a matter of policy, not mechanism. It’s entirely up to the user. There is something like an “initial branch”, but that’s all. Git doesn’t mandate that a branch named so-and-so should have any special significance. So scripts trying to detect a “default branch” get it all wrong, because there is no such thing for all uses of git. Your organization may use git in one particular way where some branches have special significance and in this case, the policy of your organization should be hardcoded into your scripts. But those scripts won’t work for others. There are things like push and pull targets that may have some overlap with what people are looking for really.

                                                1. 1

                                                  That makes sense, that’s a good description. I have never personally written a script that hard codes master, I just hear about other people doing it.

                                        2. 3

                                          OTOH I’ve seen developers notice they’ve been using hardcoded master where they should have been using HEAD, and fixed their code. master was always just a default, never a requirement, so code that assumed this particular name wasn’t robust.

                                          1. 0

                                            you can always use an alias in your shell

                                            1. 10

                                              This is literally an instance of the “imposing a distributed cost” that I was talking about.

                                              1. 2

                                                Okay I understand and I am sorry I was not clear with my statement. I believe this is a direct cost of time and effort to mitigate, which in my humble opinion is an arbitrary and unnecessary syntax change to established code. However, I only meant to point out that a shell alias could be used to make it a less of a hinderance.

                                                1. 2

                                                  I appreciate the apology, thank you.

                                        1. 1

                                          What I found interesting in particular was the part about DoH and implied problems we will have in the future.

                                          People who truly need privacy, like journalists in countries with a privacy compromising policy, cannot trust DoH! The IP address of the destination server cannot be hidden with DoH, even if everything about the traffic itself is encrypted. If someone truly needs to encrypt communication the person needs a completely different strategy than DoH.

                                          This makes me wonder who in the world thought that DoH was a good idea to begin with!? Did they not understand the basics behind communication with HTTPS, or has this agenda perhaps been pushed forward by a few private DNS service companies, such as Cloudflare, who gain profit by further collecting user data?

                                          Hopefully not!

                                          this will be a great project to build, thanks for sharing

                                          1. 2

                                            I really want to run Fedora but 25 years of dpkg & apt are hard to get over. Maybe I’ll try it again when I next get a new laptop. But I’m just so comfortable on Debian…

                                            1. 2

                                              I just switched this year, after a few years of debian. It’s probably not the same experience, but for basic things, dnf is practically equivalent to apt. My personal intuition is that it might not be worth it, unless you’re also interested in GNOME (strictly speaking, the Fedora spins aren’t real Fedora releases, and usually aren’t as polished).

                                              1. 3

                                                the Fedora spins aren’t real Fedora releases, and usually aren’t as polished

                                                I concur with this sentiment. I’m pretty steeped in the Red Hat universe for some time, so I really like Fedora on the systems I have to touch most. As an experiment, I tried the KDE spin for a year. It was OK, but had lots of paper cuts that the standard workstation edition just doesn’t have. They’re generally very minor, like needing to use the command line for firmware updates instead of getting alerted to them by the system tooling. Since I was mostly in KDE for kwin-tiling and a few other things that are much less integrated than that, I switched back to the standard workstation edition once Pop Shell shipped and got easy to integrate with the standard Fedora GNOME installation.

                                                1. 3

                                                  My personal intuition is that it might not be worth it, unless you’re also interested in GNOME

                                                  To me, the most interesting subproject of Fedora, even though it may not be ready for wide use yet, is Silverblue. Having an immutable base system with atomic upgrades/rollbacks is really nice. This really sets it apart from other Linux distributions (outside NixOS/Guix). Sure, Ubuntu is trying to offer something similar by doing ZFS snapshots on APT operations, but that looks like another hack piled upon other hacks, rather than a proper re-engineering.

                                                  1. 2

                                                    Then again, I haven’t head good things about trying to use Silverblue with XFCE or other WMs.

                                                  2. 2

                                                    I like Debian and I’ll run it on servers but for desktop use, I want things to Just Work out of the box. My experience with Debian on the desktop is that you have to know all the packages you need in order to get the same out-of-the-box experience as Ubuntu or Fedora. At least, that’s what it was like when I tried Debian with XFCE.

                                                    You might also be interested in PopOS and Linux Mint, both of which are based on Ubuntu but strip out most of the annoyances like snapd.

                                                  3. 1

                                                    A couple years ago I went through a distro jumping phase. Fedora worked fine but I didn’t find any particular advantages of running it over - say - running Ubuntu. The one thing setting it apart from other distros was Wayland as default.

                                                    I ended up on Manjaro, and it’s been a breath of fresh air: most software is a click away (thanks AUR!), things just work out of the box and in general their configuration of Plasma and Gnome feel snappier than Fedora and Ubuntu.

                                                    1. 2

                                                      The one thing setting it apart from other distros was Wayland as default.

                                                      The one thing setting Fedora apart from other distros is often getting bleeding edge stuff as default. Most of the times it works out super.

                                                      1. 2

                                                        You are not wrong. What I meant was on the ‘experience’ front. Most of the time - if I’m lucky and the hardware obliges - I don’t bother remembering what version of the kernel, Mesa, etc. I am using, so being on the bleeding edge doesn’t introduce a lot of advantages.

                                                        BTW, the last time I tried Fedora was when Intel introduced their Iris driver and I wanted to see if it’d improve the sluggish performance I was experiencing on Gnome.

                                                    2. 1

                                                      I’d like to add that rpm command is similar to dpkg

                                                      for example: dpkg -l > rpm -qa

                                                    1. 1

                                                      If it’s non-transferrable, why is it on a blockchain?

                                                      1. 1

                                                        After the token is initially minted, it cannot be transferred to other users. Having it on a blockchain allows one to take the digitized reputation with them, publicly display it to others, and prove ownership to other applications.

                                                        1. 1

                                                          After the token is initially minted, it cannot be transferred to other users.

                                                          Can someone else control my token if they have my passphrase?

                                                          Having it on a blockchain allows one to take the digitized reputation with them, publicly display it to others, and prove ownership to other applications.

                                                          AIUI that’s possible without a blockchain; this is a digital certificate.

                                                          What does your blockchain actually do here? AIUI a blockchain is a consensus method; what’s the consensus?

                                                          1. 1

                                                            If someone takes your ethereum private key, they can imitate you. However, if that happens and the user informs us they lost their account, we can issue an token marking the user as untrustworthy.

                                                            To answer your other question, this token is built upon the ethereum blockchain. We chose to build on ethereum for a number of reasons, for example compatibility with existing ethereum wallets, and of course building on eth was easier than creating and securing our own unique blockchain.

                                                            1. 1

                                                              But why use a blockchain? What feature requires a blockchain?

                                                              1. 1

                                                                Why us a blockchain?

                                                                A better question might be, why use the ethereum blockchain?

                                                                This project was for an ethereum hackathon. If we had to create and secure a completely isolated public blockchain, that would not be suitable. Furthermore, we don’t have to spin up and perpetually host a database for this small array, so piggybacking on ethereum’s secure and accessible public blockchain was a convenience.

                                                                What feature requires a blockchain?

                                                                The benefits of PKI that are inherently built into ethereum. specifically the ability to verify identity, as well as prove ownership of a token are good reason to use blockchain.

                                                                1. 2

                                                                  I get that if you’re going to use a blockchain, better to build atop an existing one.

                                                                  What I don’t understand is why use a blockchain if your token is non-transferable? How is the blockchain involved with identity verification and proving ownership?

                                                                  AIUI, IDV is one entity signing an attestation for a particular token. A certificate. A blockchain does nothing there.

                                                                  And, again AIUI, proving ownership is… signing a challenge. Again, a blockchain does nothing there.

                                                                  How is the blockchain actually used? Is there any documentation or code I can look at?

                                                      1. 2

                                                        I think this an attempt at solving not-quite-the-right-problem with social media monoliths. Ownable reputation tokens are a neat idea, but human beings are already pretty good at associating reputation with personal identities, whether those identities are real names or established pseudonyms. The thing that social media monoliths control isn’t the reputation of their users, but rather the distribution channels of those users’ content, regardless of their reputation.

                                                        To take a topical example, Facebook doesn’t affect Brett Weinstein’s reputation very much by banning him from their service. People who know about Brett Weinstein have already formed their opinions about him. If you think Brett Weinstein is broadly good, then Facebook banning him is just further proof that Facebook is run by malicious people who want to censor him. If you really like him, it won’t be any trouble at all to find other places he posts content and follow it there. If you think he’s broadly bad, then you won’t care if Facebook bans him, or might think that banning him makes Facebook better, or even think Facebook would be acting immorally if they didn’t ban him, depending on how evil you think his content is. If it turned out that Brett Weinstein owned some kind of digital reputation token that had nothing to do with Facebook, it wouldn’t change this state of affairs at all. People already have their own sense of what his reputation is, and that sense differs from person to person, no token required.

                                                        What Facebook’s ban does do is make it somewhat harder for people who don’t have an opinion about him yet to discover his content; if they ban sharing links to his content, then you just won’t be able to engage with his stuff on their platform, regardless of whether you like, dislike, or are indifferent to it. If you are a hardcore Brett Weinstein megafan, perhaps this will be the final straw that makes you leave Facebook forever, but most people don’t care enough about any one internet personality to break the network effects that bind them to some online platform.

                                                        1. 1

                                                          That’s a good example and I appreciate the macro perspective. You also bring to light another more important but related issue, the centralized control over a user’s distribution channels.

                                                          In Weinstein’s case, he may not be very adversely affected since he has other communication channels and notoriety. However, if he was not well known outside of facebook, and his account was banned, it would effectively kill his reputation ( and more importantly it would kill his distribution channel. )

                                                          In our project, we envision a situation where a user who does not have much notoriety outside of a single platform.

                                                          With an ownable reputation token, the user could prove trustworthiness by owning the reputation token ( assuming you can trust the organization that issued the token . . . ).

                                                          The theoretical points you brought up are good food for though, especially the ability to control distribution channels.

                                                          Edit: if you want to debate the game theory behind this more I created a thread on The Ether platform, https://theether.io/claim/nontransferable-reputation-works-better-on-blockch

                                                        1. 1

                                                          I co-wrote this article and I am submitting it to the community here for feedback and thoughts.

                                                          The project has zero interest in monetary incentives or profit in any form. This is about creating an open-source and decentralized reputation system, so that users can own and display their reputation across different platforms.

                                                          So far we have found no implementation of decentralized reputation projects, but there are some projects involving decentralized identity systems. See brightid https://www.brightid.org/ or iden3 https://iden3.io/

                                                          1. 3

                                                            Experimenting with getting a small fleet of RPis to see if I can get them to PXE boot, finishing up a 3D printer filament enclosure, and working on various PCB breakouts.

                                                            1. 1

                                                              How are you powering all of your RPis? The cost and bulk of powered USB hubs put me off buying one.

                                                              1. 2

                                                                For the time being, simply using a power strip and dedicated 5v wall adapters.

                                                                If/when I get to the point where it’s too much bulk/cost, I’ll look to making something a bit more custom. Will probably look at making/buying a distrubition block similar to this setup: https://old.reddit.com/r/homelab/comments/962bxh/new_addition_to_the_homelab/ with inline fuses. Finding a Micro USB right angle barrel adapter might be the main tricky part, but not impossible.

                                                                If I decide I want to get really fancy, I’ll likely look to spin my own thing with relays and power monitoring.

                                                                1. 1

                                                                  That sounds very cool. What software are you using as a PXE boot server? I have used FOG in the past https://fogproject.org/ and it worked decently well for production use

                                                                  1. 1

                                                                    Ooh, interesting. I feel like I’ve tried searching for something small and simple like FOG, but was ultimately unsuccessful.

                                                                    I’ve had my eye on Digital Rebar for a hot second and wanted to give it a try. Don’t have any feedback on it yet since this weekend turned otu to be wonderfully unproductive, but that’s alright.

                                                                    For reference: https://www.youtube.com/watch?v=hBbc_ahH7Mk

                                                                2. 2

                                                                  Not a cheap option, but it reduces cables by a ton.

                                                                  https://www.raspberrypi.org/products/poe-hat/

                                                                  That + an 8 port poe switch is good. Thats my solution.

                                                              1. 3

                                                                I would love to see a version of mastodon ( or diaspora! ) that implements a shared user database using a blockchain for storing user authentication info and profile data.

                                                                Does anyone know if Secure scuttlebutt has a function like this? I’ll have to read up on that project if it does.

                                                                1. 3

                                                                  Does anyone know if Secure scuttlebutt has a function like this?

                                                                  Well, not really. There is no central authority on Secure Scuttlebutt. And yet: Each user has access to to their own data plus the data belonging to all users within their “hops circle”. The number of hops is configurable: hops=1: my friends, hops=2: my friends and their friends, and so on.

                                                                  I have config.friends.hops=4 and the API call friends.createFriendStream() reports that I can see a total of 19674 feeds. For these almost 20k feeds I have theoretical access to their public key, profile data and all their posts and likes — even when I’m offline. But each of these ~20k users most probably have a different set of feeds within each their “hops circle” and so the total amount of data they have access to is also different.

                                                                  Secure Scuttlebutt is more like relations in real life: The total population may be quite big, and theoretically you have access to all the data about the entire population. In reality, though, you only have access to a limited amount of data based on how many friends and acquaintances your have and how outgoing you are.


                                                                  Convenience link for those who do not know Secure Scuttlebutt (“SSB”): https://scuttlebutt.nz/

                                                                  For those who want to try out what SSB has to offer, please remember: Because there are no central servers, you will only see your own posts on the public timeline until you connect with somebody else. You can connect with someone just by being on the same LAN, or your can join a pub or a room.

                                                                  I’m unsure how up-to-date the scuttlebutt.nz site is, but it should be able to get most people started.

                                                                  If you have trouble onboarding, which can be the biggest hurdle for many, feel free to contact me.

                                                                1. 18

                                                                  I applaud Apple’s approach to privacy, http://www.apple.com/privacy I was shocked to learn that coming from one of the largest corporations in the world, they are pushing the correct approach to privacy. Control of the private key.

                                                                  Zoom has been caught lying the past and has very fishy claims and ostensible practices. https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html So this is not a fair comparison in my opinion, but I do agree with the author’s principals and reasoning.

                                                                  1. 10

                                                                    The exact problem is that in this case Apple does not give ‘control of the private key’ to the consumer.

                                                                    (It’s not clear in this article, but I believe this is specifically limited to iCloud backups of iOS devices, and that it can be resolved by turning that feature off. This is an important issue to me and I’d appreciate more info if anyone has some.)

                                                                    1. 5

                                                                      I understand, iOS does not give control of the private key to the user, even more, the software used for messaging is highly proprietary and locked down. thanks for the correction, I was jaded by their slick marketing webpage.

                                                                      Does apple have the ability to decrypt user’s imessages? Up until now, I was going on the assumption that imessages were encrypted similar to signal.

                                                                      1. 7

                                                                        Apple has the ability to remotely install any software on your phone that they want, and therefore exfiltrate any data that they want.

                                                                        1. 2

                                                                          I don’t think that quite follows… Apple has the ability to install a new OS, and it has the ability to install apps, but both have limitations. I’ll deal with each.

                                                                          1. OS. If Apple is willing to build a custom version of the new OS and serve that to you when it serves a new OS to other people, then your custom OS can do exfiltrate anything. That’s a high bar though.

                                                                          2. Apps. Apple can install apps on your device at any time and perhaps silently, but those apps are subject to the security regime enforced by the OS version your phone already runs, which is one that countless researchers have checked as carefully as they can. The installled app won’t have the ability to exfiltrate any and all data belonging to the system or other apps.

                                                                          The past is immutable. Apple can write any code, but noone, not even Apple, can travel into the past.

                                                                          1. 2

                                                                            OS. If Apple is willing to build a custom version of the new OS and serve that to you when it serves a new OS to other people, then your custom OS can do exfiltrate anything. That’s a high bar though.

                                                                            Why would it have to be a custom version, and why would it have to be timed with the release of some other version?

                                                                            Apps. Apple can install apps on your device at any time and perhaps silently, but those apps are subject to the security regime enforced by the OS version your phone already runs, which is one that countless researchers have checked as carefully as they can.

                                                                            Which is not carefully at all because they can’t audit the code.

                                                                            1. 2

                                                                              Apps. Apple can install apps on your device at any time and perhaps silently, but those apps are subject to the security regime enforced by the OS version your phone already runs.

                                                                              Security engine works with rules, and those rules on apps are set by Apple. Safari is the only app that has JIT permissions, there is no reason why they couldn’t do that for a rogue app.

                                                                              1. 1

                                                                                Are you saying that iOS has a permission that permits apps to read other apps’ data? Or rather that some future version of the OS could hypothetically add such a permission that would, further in the future, enable silently installed apps to read other apps’ data?

                                                                                If the latter, then it’s a special form of the statement “product X is bad, because it could in the future be modified to do bad things”.

                                                                                1. 1

                                                                                  Cursory search says that it does exist. Though I’m not a iOS developer by any means.

                                                                                  1. 1

                                                                                    I’m not either. A friend who is says that capability doesn’t really exist any more. It once did and still has a name, but since deprecation the name is all it has.

                                                                                2. 1

                                                                                  And they have done this before. For example, the “Clips” app which is distributed through the AppStore has immediate camera access without prompting the user, I believe, because the app ships with a code sign entitlement that grants unprompted camera access. A regular iOS developer would never get Apple to sign such an entitlement, but as the Uber screen capture entitlement scandal proved, some developers are more equal than others.

                                                                            2. 1

                                                                              From Apple’s own iCloud security overview page:

                                                                              If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages.

                                                                              Apple has the key to your backups, so they can access the iMessage key, rendering the so-called E2EE useless. If you disable iCloud backups, your messages can still end up in other people’s backups.

                                                                            3. 4

                                                                              You’re correct. iCloud backups can be retrieved by Apple. Using iTunes for backups is still safe. iCloud Photo Library is not end-to-end encrypted either, but that provides major usability benefits (like being able to see your photos from iCloud.com just like the competitor, Google Photos).

                                                                              This is the one major flaw with Apple’s privacy strategy for “average Joe” users. I think that having iCloud Backup on by default is great (losing your phone isn’t such an issue anymore), but it would be great if there were at least an option to encrypt it. Is the idea that people who lost their phone and forgot their password (because they never use their password after setting up their phone) would want access to the backups? That’s my only guess.

                                                                              1. 3

                                                                                Why would they? An average customer does not understand what a private key is. If you give out private keys to end-users and they lose them you are going to end up with massive data loss. Apple does the right thing. This is not perfect but it works for most cases. The other end (no unauthorized access to private keys) of this should be guaranteed by the law like in the EU. It is unfortunate that the US has the Patriot Act but it does not mean that you could have a chance against the US gov agencies even in the case of privately stored private keys.

                                                                              2. 5

                                                                                I was shocked to learn that coming from one of the largest corporations in the world, they are pushing the correct approach to privacy. Control of the private key.

                                                                                I’m shocked that you trust one of the largest corporations in the world to live up to their promises on this - or any other - issue. That implies you ascribe morals to the corporation, an organisation without morality. In the end it implies you assume Apple corp. would rather go down in flames (i.e. be forced to pay fines even they could not shoulder, being forced to split the company, etc.) than allow a bunch of TLA’s to do some harvesting.

                                                                                It isn’t that single out Apple here, I don’t think you can trust any of these entities and should act accordingly with data you don’t want to get in the wrong hands. For most people this won’t matter but if, say, you’re a dissident writer in Hong Kong or you happen to have proof of what really happened to Epstein it would be foolish to simply trust those data to an iDevice in the assumption that they’re safe for any adversary.

                                                                                1. 3

                                                                                  I was shocked to learn that coming from one of the largest corporations in the world, they are pushing the correct approach to privacy. Control of the private key.

                                                                                  The reason gigacorps don’t care about privacy is because most of them rely on siphoning your information for profit. Apple don’t, since they sell premium hardware and fashion accessories. That’s why Apple can give users more privacy.

                                                                                  1. 1

                                                                                    They are still trying to maximize their profits, and data is “the new oil,” so giving users privacy is not a viable path even for Apple. Marketing the idea of privacy on the other hand is a viable strategy.

                                                                                    Am I missing some substantive difference between Apple’s privacy policy and that of other tech companies?

                                                                                  2. 4

                                                                                    This makes so little sense to me, I think I might be parsing it wrong.

                                                                                    1. 2

                                                                                      Who has control over the private key? Steve has always been a pioneer in taking control away from users. Even if they claim the key resides on the device, this is far from the user controlling the key. The actual correct approach to privacy would have to give real control to users, and Steve could not be farther from this.

                                                                                    1. 3

                                                                                      I am new to rss feeds, but recently I’ve been using feedly, it feels like I have discovered a new way to use the internet

                                                                                      1. 1

                                                                                        Same, I started using feedly about a year ago. It works and it’s free, but I don’t love it.

                                                                                      1. 6

                                                                                        I’ve been doing interviews for a large Nordic Bank the last couple of years. Many of the developers applying there are a bit older. That’s not negative in itself. It usually means more experience. But, one major concern for that large bank, when applicants are older, is that the developer is merely searching out this “stable” job to kind of breeze through, without too much effort, to retirement.

                                                                                        So, my two cents; if you are an older developer (like myself) try to be clear about why you are searching out that particular job.

                                                                                        Ps. By the way. In the Nordics we have strong unions, and labour laws, large companies can’t really fire people for not being productive enough. So this piece of advice might not be applicable in other places.

                                                                                        1. 5

                                                                                          It’s absolutely applicable in the United States.

                                                                                          The other piece is a concern that older people can’t be trained in the company’s local customs/culture, which can lead to massive communication and productivity problems even with the best of intentions.

                                                                                          1. 3

                                                                                            older people can’t be trained in the company’s local customs/culture

                                                                                            I’m sure you didn’t mean it this way, but to me, this sounds like when companies talk of ‘culture’ as an excuse for working stupidly long hours without a care for your life outside work, obligatory drinking and partying, and generally trying to pretend that a toxic workplace environment centred around a specific demographic is a positive thing. I can’t imagine what other sort of workplace culture an older person would have difficulty learning/fitting into.

                                                                                            I’d love it if you could expand a little on what you really mean.

                                                                                            1. 5

                                                                                              Every company builds its own culture. And yes, that matters.

                                                                                              • Some have strict chain of command. You do not go over your manager’s head to the top levels. Ever.
                                                                                              • Some have open access. Call the CEO whenever you have something you think he should hear.
                                                                                              • Some require all problems be presented with a possible, even if terrible, solution, at least as a starting point.
                                                                                              • Some companies have deep sharing cultures. If you can do something, you better be teaching other people how to do your job.
                                                                                              • Some allow people to attain mastery of their own space because it’s more efficient that way.
                                                                                              • Some companies actually do respect feedback.
                                                                                              • Some companies require people to only bring issues they know for certain are actually issues, to avoid distractions or rabbit-hole fixes.

                                                                                              An employee who has spent years working with that last bullet point is going to find it hard to work in a place where all issues are brought forward for at least brief discussion. That’s a cultural mismatch, and it’s not anything except an inability to utilize a person as trained.

                                                                                              1. 0

                                                                                                An employee who has spent years working with that last bullet point is going to find it hard to work in a place where all issues are brought forward for at least brief discussion.

                                                                                                People can just learn to do thing differently. Do people find it hard to work in different ways at different places? If not, why is this a reason to not hire somebody. Putting such a strong requirement on something that can be changed anyway seems like a good way to have to go through more people than you have to during recruitment.

                                                                                                1. 3

                                                                                                  Do people find it hard to work in different ways at different places?

                                                                                                  Yes.

                                                                                            2. 2

                                                                                              I work at a place with a strong union in the US.

                                                                                              1. 5

                                                                                                that seems to be increasingly rare, for programming jobs anyways. or are you doing something completely different than that?

                                                                                                1. 4

                                                                                                  What has that experience been like?

                                                                                                  1. 1

                                                                                                    I do, too. Worker protection is rare in US, though. Their comment is still mostly true.

                                                                                                  2. 1

                                                                                                    older people can’t be trained in the company’s local customs/culture

                                                                                                    I feel like some times when a company say someone isn’t a “culture fit”, they’re just using coded language to discriminate against a worker. Age discrimination is illegal in the US, but not hiring someone because of “culture fit” is totally fine. Similar with race, sex, etc.

                                                                                                    1. 3

                                                                                                      See my answer here: https://lobste.rs/s/qu40ze/how_prepare_for_losing_your_programming#c_omhxsj

                                                                                                      Companies know they have their own cultures. A person’s past experiences or levels of aggression (or lack thereof) may be incompatible with the way work is done at a company. It has nothing to do with being old, just with being trained.

                                                                                                  3. 2

                                                                                                    Then ask yourself, is your IT landscape one with recent commodity frameworks and infrastructure, or is there a lot of in-house software and infrastructure that might take someone half a year, maybe longer to understand and grow into?

                                                                                                    Is your employer the kind of place that needs (and retains) ambitious people who shake things up, or do you need people who are willing to maintain legacy software without complaining too much?

                                                                                                    If you’re willing to invoke the stereotype of the greybeard who wants to coast until retirement, then you should be fair and invoke the stereotype of the ambitious fresh graduate who rewrites everything in Ruby on Rails, then leaves after three years, leaving the organization with the pieces.

                                                                                                    Edit: I should’ve realized that you point out this stereotype to warn people of stereotypes that work against them, not that you’ve internalized this stereotype yourself

                                                                                                  1. 7

                                                                                                    I really would like to have a use case for ipfs, but I seem to never have one.

                                                                                                    What are you using it for?

                                                                                                    1. 3

                                                                                                      Personally, I am compiling an archive of old gold questions from askscience subreddit ( and other nice sources)

                                                                                                      When I’m done, I’m going to host those in IPFS, once I have some presentable content of course ;-)

                                                                                                      1. 2

                                                                                                        So basically as a static site?

                                                                                                      2. 2

                                                                                                        I’m in the same boat, I’d love to find a reason to use it since it seems so neato conceptually.

                                                                                                        1. 2

                                                                                                          I don’t use it personally, but I think a good use case is to host packages for language/distro package managers. Clearly, if you use a language at your job, there’s incentive for its ecosystem’s packages to be well duplicated and not be hostages to github’s outages. And the content addressing means packages can’t get maliciously corrupted.

                                                                                                          1. 1

                                                                                                            I‘m mostly keeping an eye on it, because it seems to be one of the contenders for a content addressable web.

                                                                                                            1. 1

                                                                                                              I think a good use would be hosting mirrors of open source software code archives.

                                                                                                              1. 2

                                                                                                                If I have to keep the node running, I can also just set up an nginx mirror. I do not see how ipfs helps here.

                                                                                                                1. 1

                                                                                                                  It is about the trustworthiness of mirrors. The current mirror system is pretty broken when many people don’t check shasums.

                                                                                                              2. 1

                                                                                                                It’s great any time you want to host a static website, basically. I use it all the time, for example for my podcast website

                                                                                                                1. 3

                                                                                                                  Okay, but why on ipfs and not on a good old vps box or even a cloud storage bucket? If you have to have your node running anyway, what’s the point of using ipfs here besides it being a cool technical concept?

                                                                                                                  1. 1

                                                                                                                    You should run your IPFS server on a “good old vps box” just like you do with your web server currently. The point is that everyone who visits your site now caches parts of your site locally, and can share that cache with others. This reduces your bandwidth usage (since other visitors will get some or all of their data from not-you) and also increases your resiliency (since some or all of your site can still be loaded even when your server is temporarily down).

                                                                                                              1. 1

                                                                                                                It’s interesting to see Google’s all-encompassing monolith slowly start to show cracks. I wonder what web players will do when Google is no longer the de-facto provider for fonts, captchas, analytics, online word processing, email, web browsers, etc. and instead the best services come from a variety of companies that don’t integrate as cleanly.

                                                                                                                1. 1

                                                                                                                  I personally like google fonts, but I find they load faster when I host them myself. I use font squirrel to convert regular font files to a webfont format, and then I self host that.

                                                                                                                  Thanks to arp242 https://lobste.rs/u/arp242 for creating a lovely 3rd party web analytics solution, I use goat analytics instead of google analytics, which was my main gripe with google’s monolith.

                                                                                                                  Google’s recaptcha is horrendously arduous though, doing recaptcha after recaptcha makes me so angry. The method that recaptcha uses to detect bots is asinine, any kind of minigame could be so much more fun for users.

                                                                                                                1. 2

                                                                                                                  This is a fantastic list, and I’ll go back from time to time to read it. Honeycrisp apples are sweet, but I like Empire Apples more. Empire Apple wikipedia: https://en.wikipedia.org/wiki/Empire_(apple)

                                                                                                                  1. 18

                                                                                                                    As an amateur astronomer, this is a ‘big deal’ for completely different reasons… tens of thousands of (effectively) mirrors in low Earth orbit is going to really fuck up amateur astrophotography.

                                                                                                                    1. 8

                                                                                                                      Tens of thousands more, I already have lost more than my share of frames to the wandering satellite or plane, shoving more shit up there is not something I’m looking forward to.

                                                                                                                      1. 7

                                                                                                                        They’re going to do a pretty bang up job of fucking up professional astronomy as well.

                                                                                                                        1. 1

                                                                                                                          Unfettered high-speed internet access provided by these LEO satellites would do a great service to democratizing highspeed internet access globally. However, if there is a constant reflection from thousands of satellites hurling across the night sky, that would be a huge negative.

                                                                                                                          However, it seems to me that spacex is genuinely concerned about the light pollution ( Or.. is it inverse light pollution? ) Here’s an article about that, https://spacenews.com/spacex-astronomers-working-to-address-brightness-of-starlink-satellites/

                                                                                                                          1. 1

                                                                                                                            How is it ‘democratizing’ if it’s 100% controlled by a private company that can be legally 100% controlled by the US?

                                                                                                                            1. 1

                                                                                                                              As a citizen of the US, I have hopes that the traffic sent through the starlink cluster will be less monitored than the current hegemony of ISP’s, particular because the logistics of tapping into the data being carried would be much more complex than say, a centralized point like room 641A https://en.wikipedia.org/wiki/Room_641A

                                                                                                                              1. 2

                                                                                                                                particular because the logistics of tapping into the data being carried would be much more complex than say, a centralized point like room 641A https://en.wikipedia.org/wiki/Room_641A

                                                                                                                                Is this going to be a completely separate network from the global internet? If not, then there will be at least 1 room 641A (the point(s) where packets from users are passed from satellite to a ground dish plugged into some ISP)

                                                                                                                                Sure, it’ll probably be a step up from the current situation but as a citizen of the US, I have severe doubts that this will turn out to be a utopia of freedom. I guess I don’t understand what you mean by ‘democratizing’ in this context.

                                                                                                                                1. 1

                                                                                                                                  Regarding my initial use of the word democratizing, I meant that this will offer faster service, as well as offer consumers an alternative choice to rural areas in the US and around the world. But to be honest, the main reason I’m excited about this is because it complicates blanket nation-state snooping and I suspect it may help catalyze unfiltered internet access in countries that impose internet restrictions, not legally of course, but technically.

                                                                                                                                  1. 1

                                                                                                                                    because it complicates blanket nation-state snooping

                                                                                                                                    Well, that was basically my whole point above. If you are in North Korea or China and using it illegally, then yes it will (as you pointed out). However if you aren’t, then you will definitely be subject to snooping by the US and other N-eyes nations with agreements with the US. So it really only ‘helps’[0] those who are in nations that don’t have snoop agreements with the US.

                                                                                                                                    1. and in those cases, it merely exchanges 1 snooper for another, granted the other is probably not in a position to immediately inflict damage on you