Terrasque @ theterrasque @infosec.pub

Posts

0

Comments

299

Joined

2 yr. ago

Bingo. Or just bite the bullet and dive into Kubernetes

IIRC it asks if you want to enable backup, and when turning on backup it's an option to encrypt it with a key or password. So by default there's no backup at all.

Sir, this is a Lemmy's.

Posting "I have no social media" on lemmy. I guess lemmy is antisosial media

They never should have? Messenger saves the history on the servers, that's how that works. How do you think the fireworks would look if users logged in on a new phone or machine and had no chat history?

There are ways it could be stored encrypted, but if that's a wanted feature they provide WhatsApp

Edit: but this is also why e2ee is so important, and why security experts tell people to use e2ee if possible. At this point, at the top of my head, it's WhatsApp, signal, I think matrix, and sorta telegram that provides.

Well, they sort of have given the option, with WhatsApp. Which has had full e2ee since 2016, using the signal protocol.

Adding default e2ee on messenger is probably a bit trickier, due to the structure (web client, history saved on the server, and so on)

As a bonus, you can just join multiple machines to the cluster and have work spread out over them.

I've pointed it out a few times, but I think it still bears repeating.

Meta have done a lot of open source development, and in that way you're using "meta" products daily. They are the people behind React and GraphQL, for example.

React (and React native, also them) is one of the biggest JavaScript frameworks, and GraphQL is an alternative to REST api's that brings solutions to many problems around REST api's.

I can almost guarantee you that some of the pages you visit in a day use at least one of those.

They also have a lot of other things. You might have heard of pytorch, a major library for developing and running AI projects.

Just have a look at https://github.com/facebook and https://github.com/facebookresearch/

Edit: to clarify, my point is that maybe meta only thinks of itself, but technology wise they do it pretty altruistic and help the related technological communities a lot.

Got some examples? And please, something other than xmpp. That feel apart under it's own weight.

When it comes to open source and open standards, Facebook have done quite a lot. React, react native, llama, graphql, relay, pytorch, docosaurus, zstd, flipper, redux, infer, lexical, jsx and a lot more at https://GitHub.com/facebook

Facebook have already contributed a lot to open source and open standards. Why do you say they won't continue to do that?

Exactly. Linux ended up being a boon for Microsoft. But still people here insist that it must only be for monopoly legality. And that no big company can benefit from and contribute to open source.

So they shifted large parts of azure to Linux, use it internally for many systems, made WSL Linux layer for Windows, spent tons of resources to improve it and support it and made it a first rate development and server system for their solutions like .Net - just so they can say "we're not a monopoly"?

In truth their attempts at EEE failed miserably and hurt them, and Linux is actually a very good match for what they're doing in server space and development space.

Microsoft? Like how they destroyed Linux? Oh wait, they're now one of the biggest Linux kernel contributors and use it extensively internally.

Likewise, Facebook have now also a solid track record of open sourcing tech: https://github.com/facebook

XMPP was and still is a buggy mess, and the reason Google unlinked it was that while it had a fraction of the legit traffic, it was like 80% of trolling and spam and other crap.

And Google killed xmpp? No, xmpp killed xmpp, if you can kill something that's already dead.

People started using other networks because they got used to

1. Messages arriving
2. Messages being readable by the recipient
3. Media like images actually being shown properly.

With xmpp messages frequently got lost with no error, different clients having different encryption and encoding settings, different ways to encode and decode media... A complete mess.

People using that as an EEE example are clueless, or stupid.

Also, if meta starts federating, it will eventually stop it for the same reason Google stopped talking with other xmpp servers. Because it'll be the source of most of the crap, but very little legit content.

So you'd end up .. exactly where we are now?

yeah, I'm slowly starting to realize that. That a few misunderstood, I could see that. If you're new to things you've probably only heard in connection to cryptocurrencies. But everyone misunderstanding? It's really shocking. Especially since the context should have made it obvious.

As developer we have crypto libraries. Crypto systems. Crypto layers. Crypto functions.. And so on.

Crypto is cryptography. Cryptocurrencies are just a small thing, using cryptography. To have that "take over" the crypto word completely is as unnerving as waking up one day and mentioning to someone you washed your face this morning and they respond "What, like, the screen?" and then discover everyone only thinking of facebook, even with the context.

I'm sorry, I'm rambling. It's just so unbelievable to me to have this happen in a forum focusing on self hosting services. Where crypto should (hopefully) be daily bread and butter.

Who said anything about immutable ledger? I was talking about signing updates so it can be verified when relayed through untrusted third parties.

So if lemmy.world sends an update to lemmy.selfhosted.guy and then lemmy.anotherselfhosted.guy federates with lemmy.world, lemmy.world can then say "Hey, here's my public key, lemmy.selfhosted.guy have a copy of my data and is willing to be delegated to, you can get the data from him" and then lemmy.world doesn't have to distribute it's changes to everyone itself, but maybe just update 5-10 hosts. And the number of relays will scale with the network.

And thanks to the data being signed, you can trust the updates from lemmy.selfhosted.guy being from lemmy.world and not been tampered with, keeping lemmy.world as the authority of the data, even if you don't trust lemmy.selfhosted.guy.

Edit: This would also mean all the small self hosted instances will boost the network instead of threatening to overload it.

Or use crypto. Generate keypairs, sign updates. Add support for delegating updates to other instances.

Maybe add support for having instances getting data to indicate if they're willing to relay update data to others, and have main instance refer to them for a certain time period, say.. 6 hours maybe?

Relay willingness would depend on instance config and load, ideally.

Edit: any reason I'm getting down votes? If there is a problem with the approach, at least leave a comment.

Edit2: Crypto as in CRYPTOGRAPHY! Which has been shortened to crypto since long before bitcoin was invented. If this was some non-tech forum I could understand, but a community about self hosting and no one seems to be making the obvious connection? Wow. And you guys host stuff, that's just scary.

https://www.cryptoisnotcryptocurrency.com/

w32dasm

hiew

0x90 0x90 0x90 0x90

Good times

Disable virtualization? Hah right. Yeah, that's a no go.

Disclaimer: I've only looked a bit at the protocols and high levels descriptions of how it works, and this is just my understanding of it. But it seems to track.

let's take .. Selfhosted@lemmy.world for example. Right now lemmy.world is the Source of Truth on this, which means if you sign up for it on a different host, let's say myawersomeinstance.com, that first contacts lemmy.world, copies over posts, and then subscribes on new posts for that. Actually not 100% sure if lemmy.world contacts myawersomeinstance.com when there's a new post, or myawersomeinstance.com polls lemmy.world.. But anyway, point is, lemmy.world is authority on it. myawersomeinstance.com also have Selfhosted@lemmy.world data, but it's a copy of it. And lemmy.world is only authority. So if you post something, your server then sends it to lemmy.world and waits a reply. Then lemmy.world contacts all instances that has at least one user following this to tell about the new post. And that new post now exists on a few hundred databases.

The problem is the scaling is whack. Okay, you can have 5000 federated servers with users subscribing to Selfhosted@lemmy.world, but that means lemmy.world needs to update 5000 servers per post, and there'll be 5000x storage used for that post, and ALL 5000 servers contacts lemmy.world to get the new good stuff.

Frankly, it's a scaling nightmare. As for a different approach, you could have private / public keys and sign updates from lemmy.world and allow the other instances to fetch the new data from each other. That would also allow more relaxed caching, since it would be generally lower cost to re-fetch the data. Now you need aggressive caching because you don't want lemmy.world to keel over and die form every server on the planet wanting to hear the latest and greatest posts all the time.