imsodin

@imsodin@infosec.pub
0 Post – 21 Comments
Joined 1 years ago

I am not the creator, funnily that is/was one of the Lemmy creators: Nutomic :)
I am a syncthing co-maintainer that kept the android app on life support since a while.

6 more...

Technically that wasn't the initial entrypoint, paraphrasing from https://mastodon.social/@AndresFreundTec/112180406142695845 :

It started with ssh using unreasonably much cpu which interfered with benchmarks. Then profiling showed that cpu time being spent in lzma, without being attributable to anything. And he remembered earlier valgrind issues. These valgrind issues only came up because he set some build flag he doesn't even remember anymore why it is set. On top he ran all of this on debian unstable to catch (unrelated) issues early. Any of these factors missing, he wouldn't have caught it. All of this is so nuts.

Oh don't worry to much, mine too: If there wasn't an alternative for syncthing on android, I might have kept it on lifesupport :)

10 more...

It's all in the open, you can go dig around for reasons. As usual there wasn't a single simple one. Neither was it some kind of complete fallout, we e.g. collaborated on translations and I have been in contact around various things with the one that forked.

As the statement says I wont - it will be fully discontinued. This statement applies to the official app only. It doesn't say anything about other apps or forks - any existing once can and hopefully will continue to exist. Also all the code is free.

1 more...

Outlook (no I don't want it) (still) (really not) (WTF I SAID NO)

Looks like a federated wiki, which is great. And not a Wikipedia alternative. What makes wikipedia wikipedia is not the tech. Social and knowledge problems can't be solved with tech ;)
As much as Wikipedia has issues, as the ibis announcement states, it also works in many places. And federating it won't help with the issues of bad moderation, quite the contrary. And as much as I like nutomic (thanks for syncthing-android ;) ), I don't hear many good things about the lemmy moderation story. So I have my doubts. Lets hope I am wrong. Plus anyway, federated wikis is a great thing to have, ignoring the whole Wikipedia aspect.

5 more...

This is an expected statistical artifact given the "last month" aggregation and a huge influx of new users of which many don't stick around. I am saying they don't stick around, because that's generally just what happens with a lot of new users (e.g. they checked it out, decided it's not for them) and also due to the federated nature they might have switched accounts and similar things. Then the bit about "last month" aggregation: Have a look at the "Active 6 months" graph - it's still trending upwards. Those are likely a trailing average aggregations, so a maximum is reached when that 1-month-window starts (roughly) at the beginning of the huge user influx. For the 6-month window that hasn't happened yet, so still going upwards. Assuming nothing changes (similar amount of new/leaving active users) the graphs gonna be interesting in the next few weeks: After the initial wave of influx the balance was most likely negative (more users from "the wave" dropping out again than added users afterwards), however I'd hope it's gotten positive since then. If that's the case the graph should start trending upwards 1 month after the balance became positive. It's unclear when that was the case, but some towards end of July might be a reasonable guess? The same graph with a smaller window could shed some light on that (or just expose useless noise ¯_(ツ)_/¯ ).

Another sign I'd consider good: The active user ratio is trending upwards.

Disclaimer: I don't know how the data is aggregated, nor how exactly "active" is defined - the gist of the above very likely applies though. I was too lazy to look it up in the code - if someone knew how these graphs are aggregated and were so kind to let me know, that'd be appreciated :)

What?! All that noise about Switzerland mandating usage of open sourced software in gov (there was a great step, but it's far from mandating anything) was already weird, now we are switching to linux? And caring about security and fiscal responsibility? There has to be another country called Switzerland than the one I live in.

Yeah that sounds good too, but it's not the same thing. I just want a client side filter for lists of communities. No need to involve AP or get consensus amongst many users/communities, just my preferences. If we want to get fancy, have some APIs to store these lists server side so or can with across clients - still strictly single user. It feels so simple I am tenors to get my hands dirty, but for one diving into a new project is usually quite since work and it hardly ever turns out to be as easy as it seems (then again the new python lemmylike thing already has it instance wide, so it at least is doable).

Oh dang, I got excited about a new update. Then I started getting deja-vus. And finally I checked the date: This is from early May. Still a good read, unless you already did read it before :P

Also from seemingly reasonable commenters there's so often arguments around security coming up. I don't get how one can jump to that idea? This obviously has nothing to do with security, it's about sanction compliance. And yes, likely a pretty pointless sanction compliance in this instance, as the sanctioned entities don't have a direct benefit from having an employee name mentioned in the kernel. However that's not how sanctions work, both just because, and also intuitively it makes sense: Sanctions wouldn't be enforcable at scale if every single case would have to be judged on merit - it's hard enough to enforce them as is.

And btw I so hope most of the comments on here are Russian trolls, but I fear many are people that fully drunk the Russian trolls' cool-aid and are now fully brainwashed...

1 more...

Looks like the client isn't, but they do offer a simple-way to self-host the backend (looks like it's "just" a matrix server and a bunch of bridges) and then you can use any open-source matrix client to connect to that. Seems like a pretty good balance of a way to make money and the guts being open enough that one could move if the client/company goes side-ways, while contributing a lot to the open-source community.

Yeah I was also thinking about multiple users for this, but that's a terrible hack on so many levels...

That's indeed confusing. The wording linked below suggests the eula is for packages distributed by owncloud. so to my understanding the source itself and any third party packages don't need to care about it.

https://github.com/owncloud/ocis?tab=readme-ov-file#end-user-license-agreement

Not Australian or American, but hey it's the internet so why not voice second hand knowledge: I heard Aussies pride themselves on being (relatively) egaliatarian, despising individuals elevating themselves above others. Seems to me about as antithetical to US mentalitity as it goes :)

2 more...

Yeah no exact opposite for me: Big server means lots of user data making abuse of it more appealing and impactful. While an admin of a small instance having some fun digging through user internals would really do no harm (I don't believe that's a particularly typical hobby of small instance admins though xD ).

Well yeah, that's how licenses and copyright work - licenses can change. And sure on an adversary take-over (or corporate overloads taking control), that's problematic. However the beauty is, it's still MIT code: It can be forked (see what's happening with redis). However a project copyright (and DCO) is not in place to enable just that, it's in place to enable any license change by the project. Say a license is updated and there are good reasons for the project to move to the updated license - I think it's pretty reasonable that the project would like to be able to do that and therefore retain copyright. Of course you are also free not to contribute such a project. However claiming it's a license violation or unheard of is pretty disingenuous (formerly ingenious, thanks :) ).

This has nothing to do with GPL or MIT: If you own copyright of a GPL licensed code-base, you can change that license at any time. Of course that only applies to new code. And that's the same for GPL or MIT or any other license.

1 more...

Honest question out of interest: Are you doing moderation on lemmy? I just remember reading about admins/mods complaining about the lack of tooling, sometimes plain functionality (removal of certain things) for effective moderation. I am not doing any myself so that's very 3rd-party-ish knowledge (if you even want to call it that).

Right. I was focusing on the point that what matters is the copyright notice. While your pointing out that you can relicense MIT code because MIT is so permissive, while you can relicense GPL to almost nothing, as it's not compatible with most other licenses. However that's kinda moot, you couldn't include GPL code into an MIT licensed project anyway due to the copyleft.

(Thanks for the "ingenuous" correction, I did indeed - to my non-natively speaking brain the "in" acted as a negation to the default "genuous", which yeah, just isn't a thing of course)

As far as I know xwayland in plasma/kde already does that. However as it's KDE, it is most likely configurable and might not be enabled by default :P