Jayjader @ Jayjader @jlai.lu

Posts

5

Comments

168

Joined

2 yr. ago

You're right, I should have been more specific.

If you're already storing your password using pass, you aren't getting 3 factors with pass-otp unless you store the otp generation into a separate store.

For services like GitHub that mandate using an otp, it's convenient without being an effective loss of 2fa to store everything together.

I already use pass ("the unix password manager") and there's a pretty decent extension that lets it handle 2fa: https://github.com/tadfisher/pass-otp

Worth noting that this somewhat defeats the purpose of 2fa if you put your GitHub password in the same store as the one used for otp. Nevertheless, this let's me sign on to 2fa services from the command line without purchasing a USB dongle or needing a smartphone on-hand.

That's the proposal to GMO our companion animals like dogs and cats so that they can serve as Geiger-counter + canary-in-the-coal-mine for future humans, right? I don't remember ever hearing a rendition of it!

You may also interact with countless bots without ever knowing, because creating fake identities is free.

Maybe. Bots don't seem currently capable of holding a conversation beyond surface level remarks. I think I tend to engage with thought-provoking stuff.

On the off chance that I reply to a bot, it is as much for my reply to be read by other humans viewing the conversation. So I don't understand how interacting with countless bots is supposed to be such a big downside.

Plus, I don't see how public/private key pairs prevents endless "fake" identity creation/proliferation. It's not like you need a government-issued ID to generate them (which, to be clear, still wouldn't be great -just got other reasons).

Fair, some people value their identity.

To be clear, I'm talking about online identities. In which case, I would argue that if you value it so much you should not delegate it to some third party network. My IRL identity is incredibly valuable to me, which is why I don't tie it up with any online communications services, especially ones I have no control over.

For average people nothing changes, the app can hold their key for them and even offer email recovery.

...so then the app can post on my behalf without me knowing? And it'll be signed as if I had done it myself. I don't understand preferring this if you're not also self hosting.

That's something having signatures and a web of trust solves.

But as I wrote in my previous message regarding gpg signing circles (a web of trust), that doesn't "solve" things. It just introduces more layers and steps to try and compensate for an inherently impossible ideal. Unless I'm misunderstanding your point here?

Besides, you fail to see another problem: Whichever centralized, federated site you use can manipulate anything you read and publish.

I just take that for granted on the internet. It's true that key-signing messages should make that effectively impossible for all but the largest third parties (FAANG & nation-states). But you still need to verify keys/identities through some out-of-band mechanism, otherwise aren't you blindly trusting the decentralized network to be providing you with the "true" keys and post, as made by the human author?

Anyway, if you don't see a need for tools like nostr you don't need them.

Maybe I'm not expressing myself properly; I don't see how nostr (and tools like it) effectively address that/those needs.

Sort of like how there was (arguably still is) a need for cash that governments can't just annul or reverse transactions of, yet bitcoin and all cryptocurrencies I'm aware of fail on that front by effectively allowing state actors (who have state resources) to participate in the mining network and execute 51% attacks.

It weirds me out that most of the arguments for nostr I come across are around how "you can't loose your identity, it's just a private/public keypair!". Maybe I just don't get banned enough to understand the perspective, but to me the real problem is the content/discussions being lost, not usernames for some corner of the web.

I really don't care about loosing my identity on a social media website; I've found it healthier to view social media accounts on the same level as my customer account at my isp and power utility. When I change ISPs, the old account is closed down and I start up a new one at the other ISP. What's important to me is the service getting delivered, not that it remembers that I'm the same person from however many years ago. It's still the same me here in my body, interacting with the web. I know what I need from it, it doesn't always need to remember who I am (and sometimes I'd rather it forgot or never knew in the first place).

My final point is a bit of a troll, but also kinda serious: how decentralized is it when your identity is "centralized" in your key pair? Loose your keys or loose your password to the key, and your identity is similarly effectively gone. Even worse in this case, no-one can restore it for you. Which is why I don't tie my identity that much to any online service, especially ones I don't host. The only thing that truly preserves my identity is the flesh-and-blood body that I inhabit (and even that isn't fail-proof).

I've interacted with GPG signing circles before. So many people are losing access to their keys. So many more are considering some of their keys as compromised. In either case they're regularly generating wholly new keys, essentially rebooting their "identity" from scratch. When they do so, they always rely on flesh-and-blood interactions to have their new identity verified and trusted by others.

Maybe it's a question of which circles we're involved in; mine are already regularly hopping accounts, without being forced to by bans or server outages. I'm used to interpreting the tone & content to recognize "people", and ignoring usernames. On top of that so many people regularly change their display names on social media for vanity and expression purposes that I can't reliably use them anyways for recognizing accounts.

I really appreciate Linus trying to tone down the nastiness in his replies over the years, but I'd be willing to let almost anything slide if it means getting a proper, old-school Torvalds tear-down of Musk.

Maybe nowadays, with Elon's imbecility so publicly visible.

I've run Arch for close to 10 years, and was pretty jazzed by Musk in the early days of his presiding over Tesla and Space X. Then again, I was barely an adult at the time, and I hadn't yet come across the first reports of terrible working conditions and his overall shittyness as a manager/exec.

Right?

"Protecting vulnerable individuals" - they must mean Putin and Bibbi, not actual victims of political intimidation, sabotage, etc.

This seems right up my alley, as a fan of the Micromachines games and RTS in general.

I'll try to give it a go when I regain a decent internet landline.

I align with that article 's conclusion; in fact such a "fediverse browser" is exactly what I think the fediverse needs to fully replace closed/proprietary/traditional social media.

However, some of their arguments seem off. For example, for the client to be able to choose/implement it's own sorting algorithm, it seems to me that it would need to have access to all posts. At that point, your client is just another server, with all the problems that we're originally trying to avoid.

I have the same problem with your proposal / nostr's approach: you may obtain a portable identity but all the "content" tied to that identity still has to live somewhere - someone else's server or your own.

Interesting to note that this was originally posted a little over a year ago. I don't know if anything has changed since, as I don't self host masto and have been spending more and more of my "fedi-time" here in lemmy.

Not surprised that someone who "led AI and subscription products at Amazon for the past 8 years" ended up back on mastodon.social, but that's probably neither here nor there...

The description given for Pinker's The Blank Slate made me sceptical at best, so I went hunting for critiques and found this https://www.jstor.org/stable/27759451

Sadly it's pay-walled beyond a preview of the first page.

For a suggestion of my own, The Mother Tongue by Bill Bryson. It's a fun romp through the history of the English language with numerous tangents focusing on this or that quirk, written for those who have never formally studied English or linguistics.

As someone who was always more of a "STEM" person, this book completely upended my relationship to language. I used to think there was "one way" of expressing any given idea, and our job as humans, as it were, is to simply learn all the words and their meanings so as to be as precise as possible when expressing ideas. Nowadays I very much trend to see it the other way around: our use of language shapes the language itself, and our changing needs in terms of which ideas we want to express is what makes language evolve over time.

To put it succinctly, this book helped me view language as a tool that we should alter to suit our needs, not some pre-ordained scripture that we need to memorize and adjust ourselves to.

I would describe it less as "smiting god", and more as "indirectly rescuing god from the control of the church". Though even that is a bit simplistic.

The "she destroys magic to save humanity" bit does thematically feel very close to the ending of His Dark Materials.

Ooh, good point.

Same (except the Arab part), this post was highly confusing at first 😅

Still, I think the only way that would result in change is if the hack specifically went after someone powerful like the mayor or one of the richest business owners in town.

Art might not be about thinking while you are experiencing it, but it most definitely is about thinking about the experience afterwards, as much as experiencing it in the first place.

Not to mention that books are often art.

It's such a destructive mindset, and it seems to me like indie games are hopefully on the cusp of re-demonstrating to the rest of the industry why it is so.

Art/luxury products depend on catering to subjective tastes to turn a profit. You need to speak to someone's perspective or interests, and are competing for their disposable income against all other forms of entertainment. Thus the wider the targeted audience, the harder it is to outcompete the rest of the market on "consumer interest" (no idea if that's the proper use of the term but it sounds correct for the context), the harder it is to even turn a profit.

Simultaneously, these corporations want an ever-greater magnitude of profit (aka growth). So they decide to target the widest audience possible, while investing as much capital as they can.

That's already an unstable balance of priorities. As soon as you start conceiving yourself as competing with almost every single other market on the basis of shareholder speculation, in terms of ROI, it's doomed.

You're not just shooting yourself in the foot, you're trying to do a Paul Muad'hib Atreides except because this is reality, not sci-fi, instead of drinking the Water of Life you mixed 10 grams of ketamine, 5 tabs of acid, and a fistful of meth into a blue Gatorade and chugged it in one go. All you end up doing is vibrating in place so hard you begin to slough off flesh and erratically disintegrate, like some sort of sad eldritch horror.

God do I hate corpos sick with capitalism.

To continue the Dune analogy, they really could use some ecology-derived thinking: specialize and find your niche (or help it emerge), and give back to the rest of the ecosystem so that it continues to flourish with you. Monoculture has a negative correlation between scale and sustainability, let alone ROI.

Armchair geopolitics explanation: it's a culture/societal difference between a thousand year old monarchy and a federalist state that lost 2 world wars on their own land. Not to mention the federalist state had a "communist" power structure in control of about half of their lands for half a century while the other half birthed a regional free trade juggernaut. Meanwhile, the monarchy has a landed elite class/aristocracy that persists to this day.

What I'm getting at is that the wealth in the UK could be much more heavily tied up in individual fortunes and estates than the wealth in Germany. That kind of wealth seems easier to "protect" by offshoring (and/or the UK has evolved to prefer/rely on it).

In contrast, I expect the wealth in Germany to be more tied up in corporations, stocks, etc. This in turn would lend itself to corporate forms of tax evasion that can happen domestically.

Late to this thread, but this is disturbingly similar to the media-bashing a French-Palestinian politician has received recently.

She tweeted something along the lines of "time for an uprising" before attending a conference. The following week+ of interviews with her party colleagues were filled with "did you know uprising in Arabic is intifada?! Why is your colleague calling for violence?!?!?!"

Her name is Rima Hassan if you're interested.