• 2 Posts
  • 27 Comments
Joined duela 2 urte
cake
Cake day: urt. 20, 2021

help-circle
rss

You can take a look at the lemmymap: https://lemmymap.feddit.de/

Click on “instance 30d” or “growth” so that the size of the points is proportional to their users or growth.

Originally posted here: https://feddit.de/post/184




That’s very nice. Thank you for your hard work! I am curious about oauth. I did not know that 3 rd party clients needed to know the password, I will look into that!


This protects the database from a breach, but someone can set up an instance and collect the passwords from the logs:

As far as I can tell with my very limited experience, back-end encryption is the standard. One trusts the host not to steal their passwords from the logs, so protecting the data in the case of a breach is good enough. I think that it would make sense for the standard in the Fediverse to be different. Passwords should be encrypted by the client by default, and then re-hashed back-end.

It is also possible that what I am saying does not make sense in practical grounds - this is just something that surprised me while looking through the logs. I was under the wrong impression that plain text passwords were never accessible before looking into this topic.



I would be happy to see client-side password hashing implemented.

I understand that responsibility of using unique passwords falls on the user, and maybe a truly malicious instance would be able to remove the hashing (although I think that it would be possible to check if non-hashed passwords leave the client). However, the reality is that many people still re-use their password for many websites and do not use 2FA when not required. Password hashing would reduce the level of trust required of the instance makers.

On a similar vein, it would be nice to anonymize the ip addresses that are printed to the docker logs if possible, similar to the nginx logs. I think that this would be easier to undo for a malicious instance, but at least they would need to have a bit more technical knowledge to get to this information.




Thanks! I installed 0.10.2 successfully.

EDIT: /instances does not show up anymore. It seems to also not be working for lemmy.ml


Cool, thanks. I meant the file that is linked in the tutorial on how to update:

https://raw.githubusercontent.com/LemmyNet/lemmy/main/docker/prod/docker-compose.yml

I will wait a bit longer for 0.10.2 then.


Aha, thanks. This might explain the gateway errors I experienced when trying to build using the 10.0.0 image.

I also notice that the docker-compose file still points to the lemmy-ui 0.9.9 - should I build using that version, or should I upgrade my UI image to the 10.0.1?

Last thing - if I pull the released lemmy and lemmy-ui tags (10.1.1) from github now and build my images from those, should those work fine? Or are these untested development versions?



Interesting perspective!

For me the dislike is not so much about the socialization, but rather the demand for immediate attention that the call requests. I always happen to get calls during work hours in the middle of experiments. I just let it ring and text back later, but I always make sure to take a bit longer than if they had just texted, hehe.



New instance! (Mander)
Hello! I have decided self-host an instance as a little side project because I really like the concept of lemmy. I am a scientist by profession and a naturalist basically since birth, so I have decided nature and science to be the focus of my instance. The website is https://mander.xyz I have enabled open federation, so if anyone wants to federate, let's do it! The more the merrier :-) EDIT: I decided today to rent a small VM server to host the instance, rather than hosting it from my home computer. So it should remain stable.
fedilink

I am curious, what do you think that I mean when I call something an “agenda”?


When people try to call me instead of sending me a message 😠😠😠


A massive news aggregator that uses AI to be able to categorize news from all around the world in a way that allows one to filter through news articles with specific biases. This would make it easier to get a more balanced picture of world events, and would be an excellent research tool to study propaganda.


Do you know about Project Euler? https://projecteuler.net/

It contains a mixture of math and programming problems, and a similar name to the one you propose! :-)


That’s very cool! I am not familiar with Bluetooth Low Energy technologies. How does a message travel from the sender to the recipient without internet?


What actions do you think that the US should take with regards to the military coup in Myanmar?
These past weeks have been especially violent in Myanmar, with many protesters and non-protesters being tortured and murdered in the streets by the Junta.. In your opinion, how should the US government intervene, if at all?
fedilink