DevOps as a profession and software development for fun. Admin of lemmy.nrd.li and akkoma.nrd.li.

Filibuster vigilantly.

  • 0 Posts
  • 16 Comments
Joined 2 years ago
Cake day: June 10th, 2023
  • terribleplan@lemmy.nrd.litoLinux@lemmy.mlRed Hat’s commitment to open source: A response to the git.centos.org changesEnglish
    8·
    2 years ago

    There are a few completely fair points in there calling out what they are legally allowed to do (e.g. they are not directly violating GPL) and are doing (contributing changes back upstream, they claim “always”), that’s about the only “right” this reader found.

    Have some quotes that demonstrate the “wrong”:

    I feel that much of the anger from our recent decision around the downstream sources comes from either those who do not want to pay for the time, effort and resources going into RHEL or those who want to repackage it for their own profit. This demand for RHEL code is disingenuous.

    Ultimately, we do not find value in a RHEL rebuild and we are not under any obligation to make things easier for rebuilders; this is our call to make.

    Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere. This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity.

  • terribleplan@lemmy.nrd.litoGaming@beehaw.orgThe Story of Factorio, the Game that Only Increases in PriceEnglish
    16·
    2 years ago

    The game has gotten continuous updates increasing the scope, mod-ability, stability (to an absurd degree, even cross play between Switch and PC), target new platforms (it runs on Apple silicon natively now and they did a whole bunch of work to make it work well on steam deck), etc. of the game for those same 3 years. Yes, they did come out of early access, but their approach to the game hasn’t changed significantly and it continued to get better with time.

    They could have called this game done way earlier and released the work they’ve done since as DLC, but they didn’t. Instead they have massively increased the value in the game over nearly 7 years since initial early access release at $20 and have since raised the price a total of 75% to reflect this. They even gave advance notice of the both price increases.

    Wube is still working on the next release of the base game, and are also working on an expansion they say will be as big as the base game. Perhaps your argument against price increases holds sway as the expansion isn’t being added to the base game, instead it will be $30 (or maybe $35 given the base game increase).

    I have played this game far longer than any other, and keep coming back to it when it updates or for new modpacks which completely change the experience. I would gladly pay $35 for what is in the game right now. I can understand if the game isn’t for you or the price increase turns you off, you don’t have buy it. In fact, unless you can afford to not sleep for the next 3 days you shouldn’t, as the factory must grow and you are running low on iron.

  • terribleplan@lemmy.nrd.litoTechnology@beehaw.orgOverseer: A Fediverse Chain of TrustEnglish
    3·
    2 years ago

    Perhaps I am a unicorn, but I have self-hosted my email for years and don’t have deliverability problems. The only problems I have had:

    1. I think I had to sign up with some sort of Microsoft thing or submit a ticket to them or something because I had an issue with sending mail to o356. That was resolved quickly and I haven’t had a problem since.
    2. My server host (Linode, and Digital Ocean before them) is on the UCEPROTECT-L3 blacklist, because they (and whitelisted.org) are a bunch of scammers and block entire ASNs for almost any amount of spam, then extort individual mail server operators to get their IP specifically delisted.

    To me one of the big things that differentiates Lemmy (and the fediverse in general) from email is that most of it is public, so the things in email that would involve sharing someone’s private information (email addresses, IPs, email contents, etc) are public (at least the post/comment and username+instance), and can all be verified. I think there is a lot of potential because of this. Maybe I’m crazy, but I just really don’t like the idea of a whitelist-based system because it means I as a small instance operator may have to sign up to dozens of services like the one you are building. I want my instance to be able to federate pretty much as widely as possible, and to me such a burden is too much to ask within a system/protocol/fediverse that is designed to facilitate sharing and decentralization.

    Also, I think there is already room for a problem with “capture”. What motivation is there for .world .ml or beehaw to bother signing up for your thing? Even assuming you get 100 like minded admins to sign up for Overseer that is probably a pretty small fediverse island without them, some or all “mega” instances will probably just end up getting a pass anyways and at the end of the day no system is in place to help with the problem of bot/spamming users on trusted instances (whether in that WoT or just blindly trusted by the WoT).

    Most of the spam I get is from gmail addresses, I don’t see it going any differently here.

  • terribleplan@lemmy.nrd.litoTechnology@beehaw.orgOverseer: A Fediverse Chain of TrustEnglish
    4·
    2 years ago

    I agree that we need far stronger admin and moderation tools to fight spam and bots. I disagree with the idea of a whitelist approach, and think taking even more from email (probably the largest federated system ever) could go a long way.

    With email, there is no central authority granting “permission” for me to send stuff. There are technologies like SPF, DKIM, DMARC, and FcRDNS, which act as a minimum bar to reach before most servers trust you at all, then server-side spam filtering gets applied on top and happens at a user, domain, IP, and sometimes netblock level. When rejections occur, receiving servers provide rejection information, that let me figure out what is wrong and contact the admins of that particular server. (Establish a baseline of trust, punish if trust is violated)

    A gray-listing system for new users or domains could generate reports once there is a sufficient amount of activity to ease the information gathering an admin would have to do in order to trust a certain domain. Additionally, I think establishing a way for admins to share their blacklisting actions regarding spam or other malicious behavior (with verifiable proof) could achieve similar outcomes to whitelisting without forcing every instance operator to buy in to a centralized (or one of a few centralized) authority on this. This would basically be an RBL (which admins could choose to use) for Lemmy. This could be very customizable and allow for network effects (“I trust X admin, apply any server block they make to my instance too” sort of stuff).

    I think enhancements to Lemmy itself would also address help. Lemmy itself could provide a framework for filtering and report when an instance refuses a federated message with relevant information, allowing admins to make informed decisions (and see when there are potential problems on their instance). Also having ways to attach proof of bad behavior to federated bans at an instance level, and some way to federate bans (again with proof) from servers that aren’t a user’s home instance.

    Finally, as far as I can tell everything following a “Web of Trust” model (basically what you are proposing) has struggled to gain widespread adoption. I have never been to a key signing party. I once made a few proofs on keybase, but that platform never really went anywhere. This doesn’t mean your solution won’t work, it just concerns me a little.

    I expanded a bit more on some of how email tooling could be used within lemmy in this comment as well. My ideas aren’t fully baked yet, but I hope they at least make some sense.