sudneo @ sudneo @lemmy.world

Posts

0

Comments

311

Joined

2 yr. ago

What vendor lock-in are you talking about?

I can take my domain, customize DNS records and in a couple of minutes I am using a new provider. They also allow to export email content, which means I obviously don't lose anything.

With a free email account, you are anyway locked-in as with every provider, because you are using their domain. You can set automatic forwarding in that case.

Vendor lock exists when you invest substantial amount of work to build tools around a specific platform (say, AWS), or where you have no way to easily take the data from one platform out and use something else to do the same thing (say, Meta).

The fact that you can't use SMTP, which is a protocol that requires data on the server is not a vendor lock-in in any sense of the word. It's a decision that depends on having that content e2e encrypted, because the two things are simy incompatible.

Also the code for all Proton clients and the bridge is open source, and the bridge is essentially a client that emulates being a server so that you can use your preferred tools to access the emails. Even in this scenario, there is no vendor lock and all it takes is changing the configuration of your tool from the local bridge address to whatever SMTP server you want to use elsewhere.

Can you please describe in which way you are actually locked-in, to show that you have a clue about what the word means?

Many appliations do identity verification: financial platforms, crypto scams, roblox, car sharing platforms... It nowadays takes a couple of minutes and it's done once, associated with your account. I am not saying I agree with the idea of doing it here, but I think that many people wouldn't care to change platform. And if they do, some other platform will grow and eventually will have to do the same.

Yes, an exploitative thing that mostly consists of free labour for big orgs.

I am sure that for such small shops it's trivial to explain that resources are extremely limited, I don't see any data protection authority actually pursuing anyone based on the lack of privacy by design. The point is, nobody is forcing you to deploy the software as is, and technically anybody could write tools that bridge the gaps in the software. If the software does not offer data deletion, any instance admin could have identified this gap (a risk assessment for data collection is also needed technically) and wrote a script that would allow to satisfy data deletion requests or anything else that would have made them comply.

That said, I agree that these features are important. I do not agree that they are what the devs should work on right now, or that at least it takes some convincing to convey the fact that these are important features for instance admins to be compliant and for users (in general).

I also get the point about the "I am not taking your word for it" approach. Look how many people in this thread talk about GDPR without actually understanding who is the data controller/processor and who has to be compliant. I can only imagine the amount of uninformed people who open issues and waste time for already busy devs. We are seeing the couple of examples that the article picks, we are not seeing the rest of issues which justify this harsh approach.

The way I see it, having certain features implemented in the Lemmy software is one way to ease compliance for admins, and they should just upvote the issue and explain why it's important for them, possibly even adding a bounty to the feature. OP's approach doesn't seem this and it's much closer to demand stuff, as if the compliance responsibility was on the devs and the donation were some sort of reason to make them work on what other people want.

To be precise, it's not devs that need to worry about GDPR, it's instance admins. I don't disagree with you, but I think it's an important distinction to make.

As someone who is being pressured to move to macOS (M1) from Linux for work, I feel you. I was just having a conversation in another thread about trackpads and I feel that Apple really built the workflow around gestures, which leaves people who would rather use keybindings quite out of luck. I know there is rectangle, but it doesn't even go close to what a good WM gives.

Oh no, I work for a financial company and unfortunately we are extremely limited in what we can run. That's the reason why I am hanging to my Linux box for as long as I can, not even Yabai is allowed on Mac. I follow the project on Mastodon though, it's really cool.

I could check with my fitness tracker, it has a "stress level". Might not be super accurate though.

Hey, that's actually a very nice project, and to be honest, I can kinda imagine that the saving is minimal if there at all, in terms of time. Partially, I think this is also due to the fact that we are talking about super small amounts of time anyway! Moving files around I think it's totally fast with a mouse, and in general I still do it like that. For me speed is really a secondary thing, it's about ergonomics and limiting my movements. Chances are, I am already writing on the keyboard when I want to do something, so it might not be faster to switch to browser with mod+2 and back to terminal with mod+1, but it's less movement to find the mouse, rotate the shoulder (my split kb is open at shoulder width) etc. Also I think I would argue that requires less focus because it's inherently more mechanic as an action compared to find a button and click, or dragging and dropping something. Either way, it's for sure something interesting to look at!

Oh no, I get it, I do have a work-issued macbook pro which I am currently not using in favour of a Linux machine. The main reason for me is ergonomics. My laptopt is closed in a vertical stand, and I cannot imagine myself moving the hands so much do to stuff. I do basically everything what the trackpad does with i3 keybindings, which I find not only faster, but also allow me to reduce movement of my arms and ultimately limiting wrist/arms stress.

Obviously I completely agree that if one has or prefers to work with trackpads, apple ones are honestly great.

If there is already another reverse proxy, doing this IMHO is worse than just running a container and adding one more rule in the proxy (if needed, with traefik it's not for example). I also build all my servers with IaC and a repeatable setup, so installing stuff manually breaks the model (I want to be able to migrate server with minimal manual action, as I had to do it already twice...).

The job is simple either way, I would say it mostly depends on which ecosystem someone is buying into and what secondary requirements one has.

It's great to see how different people priorities are! For me this is one of the least interesting features ever, I have never used a laptop with a trackpad to do any (meaningful) work. That said, I am really glad if people with different priorities will get the chance to have their preferred flow in Linux!

That’s not the argument being made. What’s baffling is to pretty much only rely on the efforts of third party devs to fill in the missing gaps. It’s a profoundly bad strategy.

I literally quoted the article:

At this point, most of the solutions the ecosystem

I mean, there are some moderation features in Lemmy, for sure with gaps, but there are many gaps on other aspects as well, and if people can't run the instances due to other technical issues, there is also nothing to moderate, so obviously prioritization is complex when resources available (dev) are so limited.

That said, I really don't see the problem of third parties. We rely on third parties for one of the most fundamental features, which is community discovery (lemmyverse.net), for example. What's the problem with that? I think that's literally one of the benefits of making an open platform, where other people can build other tools in the ecosystem. We are not purchasing a service, we are not talking about an organization who has a substantial revenue and tons of people and can't deal with basic functionalities. We are talking about a project with a team that is smaller than the team that in Facebook deals with which colors to make buttons, and it's "paid" 1/20th of that. So I still don't understand, what is "baffling"? Because from where I stand, all things considered, it's totally normal that a project with these resources and that gained popularity less than a year ago has still tons of gaps and a long roadmap, and that tools in the ecosystem address some of these gaps.

It’s like with Bethesda releases a shitty half-finished game

No it's not. Bethesda is company that sells you a proprietary product while having a revenue in the order of hundreds of millions. The relationship between Bethesda customers and Lemmy users has absolutely nothing in common.

Here, Lemmy makes some money

Lemmy makes no money. Considered the opportunity cost, Lemmy loses money. A single dev with a full time job can easily double the amount that Lemmy devS earn. Not to talk about the fact that the money they make are donations, without a contract bounding them to anything and also not granting them anything (tomorrow everyone could cancel donations and the income would disappear).

They can’t do that if the tooling is too brittle, shitty, or threadbare to actually handle the deeply fucking intense problem of managing and maintaining a server and community on the open Internet, where literally anything and everything goes. Factor in a myriad of local jurisdictions and laws about data and content, and a lot of these things end up becoming severe liabilities.

Sure, but again, if those were the only problems and the devs would be sipping cocktails in Hawaii splurging on those 4k/month, I would agree with you. If they think priorities are elsewhere, or are also elsewhere, they might have their reasons. In fact, in the article there is a complaint about them answering in a "hostile" manner, but I also understand that the issue in question is probably the 100th issue in a week/month in which other people tell them what they should do. This is a regular problem in OSS (See https://mastodon.uno/@bagder@mastodon.social - the maintainer of curl - for plenty of examples). After they understood better what's the problem, their stance changed as well, which is also reasonable.

Look at it this way: with federation, a handful of volunteers themselves are doing labor for free, for the devs, by propping up their platform, client ecosystem, and reputation in the space. If this gets bad enough, people will literally say “fuck it” and walk away.

I don't look at it in this way at all. I think the devs made it extremely clear (even given the political stance of both) that despite the happiness of seeing their project flourish, they have no interest in growth as an end. In fact, I would say that nobody is doing work for the devs. But I see that we have a fundamentally different perception on the dynamics in Lemmy, so I see no reconciliation between our opinions.

Technical measures are impossible in this particular case. However, I would say that the complete lack of benefits or incentives makes it very unlikely. Doing so could be illegal and collecting data which is otherwise useless is only a liability and a waste of resources. Basically the admin own self-interest I would say is what's stopping them. That said, if someone is individually afraid due to a bad relationship with an admin, then personal motives could void the above, in which case, they should change instance probably or use a VPN at least.

The fact that Lemmy’s core team is taking a fairly laissez faire position on moderation, user safety, and tooling is problematic, and could be a serious blocker for communities currently hosted on Lemmy.

At this point, most of the solutions the ecosystem has relied on have been third-party tools, such as db0’s fantastic Fediseer and Fedi-Safety initiatives. While I’m sure many people are glad these tools exist, the fact that instances have to rely on third-party solutions is downright baffling.

Honestly, what? Why would be baffling to have third party tools in this ecosystem? It would be baffling if that was the case for Facebook. Also the devs did work on some moderation features, but they probably have tons of other stuff to work on, all for an amount of money which is a low salary for one developer.

I would consider the lack of a shell a benefit in this scenario. You really don't want the extra attack surface and tooling.

Considering you also manage the host, if you want to see what's going on inside the container (which for such a simple image can be done once while building it the first time more likely), you can use unshare to spawn a bash process in the container namespaces (e.g., unshare -m -p [...] -t PID bash, or something like this - I am going by memory).

It really depends, if your setup is docker based (as OP's seems to be), adding something outside is not a good solution. I am talking for example about traefik or caddy with docker plugin.

By versioning I meant that when you do a push to master, you can have a release which produces a new image. This makes it IMHO simpler than having just git and local files.

I really don't see the complexity added, I do gain isolation (sure, static sites have tiny attack surfaces), easy portability (if I want to move machine it's one command), neat organization (no local fs paths to manage essentially), and the overhead is a 3 lines Dockerfile and a couple of MB needed to duplicate a webserver binary. Of course it is a matter of preference, but I don't see the cons honestly.

Containers are a perfectly suitable use-case for serving static sites. You get isolation and versioning at the absolutely negligible cost of duplicating a binary (the webserver - which in case of the one I linked in my comment, it's 5MB of space). Also, you get autostart of the server if you use compose, which is equivalent to what you would do with a Systemd unit, I suppose.

You can then use a reverse-proxy to simply route to the different containers.

I personally package the files in a scratch or distroless image and use https://github.com/static-web-server/static-web-server, which is a rust server, quite tiny. This is very similar to nginx or httpd, but the static nature of the binary removes clutter, reduces attack surface (because you can use smaller images) and reduces the size of the image.

Yep, I know and it's very convenient. I discovered recently that bitwarden also has integration, but requires manually provisioning an API key. Not as convenient but quite nice as well.