Sal

Sal , 10 months ago to fediverse in App to schedule posts on Lemmy

Thank you for making this open source!

Sal , 10 months ago to asklemmy in How much control/access does my instance owner haver over my account?

I’m not sure about Web Hosting. Many of us use a dedicated virtual private server (VPS)

I use serverspace.io, I think Lemmy.ml is hosted with www.hetzner.com

These are servers that you access via SSH and can install the instance inside of it. I personally install using docker compose, but there are some other methods that are claimed to be easier. The cost starts at ~$5 / month. Currently I pay about $15 / month. You would then rent the domain name from a domain name registrar (I use namecheap.com) and ask them to point the domain name to your server’s IP address.

Sal , 10 months ago to asklemmy in How much control/access does my instance owner haver over my account?

No, there is no API to get the votes (join-lemmy.org/api/). If my understanding is correct, now that I upvoted your comment my instance will push that information. I’m not sure whether it pushes it to dandroid.app first or to all instances, saying basically "[email protected] upvoted dandroid.app/comment/441785", and so every instance that has that comment can save my user ID in the “upvote” list of that comment, and that upvote is counted.

If only the vote direction was federated, then it would be very easy for me to spam the message "Upvote dandroid.app/comment/441785". I would not even need to create an instance for that, I just need to speak ActivityPub. And it would be more difficult to detect that I am doing that, because the database would only hold the vote count.

I don’t think there is a way to ask an instance to reveal this list. You can only get it by directly querying the database if you have access to it. This is why if you fetch an older post or comment, it will arrive with a single or zero votes.

Sal , 10 months ago to asklemmy in How much control/access does my instance owner haver over my account?

There is definitely a probability to deal with a non reliable instance admin, but not less than with any other social media, and in principle they collect even less data

Yeah. You can see the cookies that are stored by a site by right-clicking on the site, going to “inspect”, and the clicking “Storage”. By default, the only cookie that Lemmy has is an jwt cookie used to authenticate your user.

You are not asked for a phone number to be here. Providing an e-mail is often optional and even discouraged by some instances. When you want to send a private message through the site you get a message discouraging from doing that and encouraging to try to use an encrypted chat application instead, such as matrix.

The original Lemmy instance (lemmy.ml) is a community for FOSS and Privacy enthusiasts. What is asks from a user and what it does with the data is what it needs to be functional. Lemmy lets you take any proactive step that you would like to take to protect your privacy - use a VPN or Tor, use safe passwords, use a unique identity, and don’t provide any personal information. There are no built-in features to block you or discourage you from doing that. Lemmy never asks for your location, nor does it keep any logs of what content you visit, nor does it try to run any analytics on you. But even if that is not enough for you, the fediverse doesn’t lock you out, you can set up an instance or even create a new program to interact and communicate only precisely what you want to communicate via activity pub.

Sal , 10 months ago to asklemmy in How much control/access does my instance owner haver over my account?

The votes themselves are the federated action.

If you fetch an old post, your instance will not see the previous voters. After that, whenever a user votes the instance will get the message “User X@instance upvoted/downvoted post Y” and the vote will be added to the database with the voter’s user ID and counted.

This has a practical function. If you don’t keep a list specifying who voted for what, it would be much easier to fake votes from one instance to another by simply communicating the message “Downvote post Y”. With the current method it is still possible to create a lot of fake accounts and mass-vote, but at least you can get a better insight when looking at the database if the votes are associated with accounts with no activity from a single instance.

There are some federated platforms that will show who likes / dislikes something. I know that friendica used to do this - I have not checked if it still does. So it is not only admins who can see this, this is is basically open information in the fediverse.

Sal , 10 months ago to asklemmy in As badly described as possible, what is your favorite video game?

You are a crawling microchip that possesses animals with cool abilities

Sal , 10 months ago (edited 10 months ago) to asklemmy in How much control/access does my instance owner haver over my account?

• Password hashing occurs server-side. Even without removing the hashing step an admin can intercept the plaintext password during login. Use unique safe passwords.
• An admin can intercept the jwt authentication cookie and use any account that lives in the instance.
• Private messages are stored as plaintext in the database
• Admins can see who upvotes/downvotes what
• These are not things that are unique to Lemmy. This is common.
• To avoid having to trust your admin, run an instance.

Sal , 10 months ago to askscience in Is it worth closing the lid on a toilet before flushing?

Woah, cool video! I think this video deserves its own post. I just need to figure out which scientific community it is most relevant to … Physics? Epidemiology? Hmmm 🤔

Sal , 10 months ago to technology in Maybe later... how about never, you fucks?

My girlfriend kept complaining about losing her hearts on Duolingo and I was very confused as I never had any “hearts” during regular lessons. Eventually I found out that since I had created a classroom while exploring the site, I was given access to a teacher version of Duolingo - which is basically a free premium version 😅

Sal , 10 months ago to asklemmy in Is there anything that only the rich can currently afford but that everyone will have in the future?

There is a theoretical future in which full-genome sequencing is performed exclusively by large companies, hospitals, and governments, and the data is stored by them and they can access it.

But the technologies are becoming quite accessible. Unless regulations are introduced to force people to give up their genetic data, which I don’t think is so likely, there will be ways for us to get our sequences without the sequences being stored by a third party. I also think that there will be FOSS tools for us to run our own analyses.

Sal , 10 months ago to asklemmy in Is there anything that only the rich can currently afford but that everyone will have in the future?

Full genome sequencing.

The price of sequencing continues to decrease as the technology evolves. I have already seen claims of under $1,000 for a full human genome. I haven’t looked carefully into those claims, but I think we are around there. In some years full genomes will be so cheap to sequence that it will be routine. I want to buy one of those small Oxford Nanopore MinION sequencers in the future. I’ll use it like a pokedex.

Sal , 11 months ago to technology in My Opinion: NewPipe, Piped, Invidious, etc's days are numbered.

Nooo, I just recently discovered NewPipe 😔

Sal OP , 11 months ago to selfhost in How have you optimized your Pi-hole?

Thank you - that makes sense!

I think I understand why this is done now. Most HTTP requests are hidden by the SSL encryption, and the keys to decrypt it are client-specific. So, if one wants to block ads at the network level without needing to get the SSL keys of every client that connects to the network, then this is the most specific amount of information that you can provide the PiHole with. The HTTP blocking needs to be set up in a client-specific manner, and that’s why they work well as browser extensions.

Sal OP , 11 months ago to selfhost in How have you optimized your Pi-hole?

Thanks!

Adblocking plugins aren’t limited by this and can filter the actual content and HTTP requests made by the browser.

Why is this the case? What rules do Adblock plugins use that allow them to determine that something that is being served is an ad? I understand from what you are saying that Adblock will block on the basis of the HTTP requests instead of filtering at the DNS level - do ads come with specific HTTP headers that are not processed by the pi-hole DNS server and thus can’t be used for filtering? I don’t fully understand yet the details of how the two ad-blocking mechanisms operate, so their differences are not obvious to me.

Sal , 11 months ago to science in Interesting facts about beans (INTERDISCIPLINARY MEGATHREAD)

Mexican jumping beans are seeds that are inhabited by the larvae of a small moth (Cydia saltitans). Another fact about them is that they are not actually beans, and so now I’m not sure if this fact belongs here!