hEy, yOu lEaRnEd A bUzZwOrD aNd rEcEnTlY dIsCoVeReD tHe sHiFt KeY!!! cOnGrAtS!?!

hEy, yOu lEaRnEd A bUzZwOrD aNd rEcEnTlY dIsCoVeReD tHe sHiFt KeY!!! cOnGrAtS!?!

hEy, yOu lEaRnEd A bUzZwOrD aNd rEcEnTlY dIsCoVeReD tHe sHiFt KeY!!! cOnGrAtS!?!

But this issue wasn’t found because of code analysis per se, but because of microbenchmarking.

Oh, we play dumb ad-hominem without any basis in reality?

I can play this too: Was your last school homework hard?

If the vulnerability is in the wild, what other security mechanisms do you have until it’s patched?

The only real downside on the open source side is that the fix is also public, and thus the recipe how to exploit the backdoor.

If there’s a massive CVE on a closed source system, you get a super high-level description of the issue and that’s it.

If there’s one on an open source system, you get ready-made “proof of concepts” on github that any script kiddy can exploit.

And since not every software can be updated instantly, you are left with millions of vulnerable servers/PCs and a lot of happy script kiddies.

See, for example, Log4Shell.

Most people I helped getting Linux to work are actually not techy at all and they haven’t touched the CLI at all so far…

I guess it differs if you use Linux because you are interested in the technology or if you use it because Windows 11 doesn’t run on your PC.

Tbh, I don’t recommend beginners to try out multiple distros in the beginning. Realistically, if you don’t have in depth Linux knowledge already, all you’ll be able to differentiate is the look of the DE and the wallpaper.

I find, too much choice tends to confuse beginners more than it helps them.

So I’d rather recommend something simple like Ubuntu and let them try out the flavours with the different DEs.

Choice is better for later when people actually understand what they are looking for.

Sorry, no condescension intended.

Your post read like one written by someone with very minimal knowledge about the subject, which might have been a misunderstanding on my part. So I tried to cover the basics before talking about the rest.

There is really no shame in asking questions about something where you don’t have experience. There are far more topics I have no idea about than there are topics where I do have a deep understanding.

So to get on the same page, I’ll summarize what I understood, please correct me if you mean something different.

• You don’t like ActivityPub, you want a new protocol
• The system should make it easy to create new, small instances
• The instances should share sessions with the other instances (=single sign on) based on trusting them
• You prefer a centralized system?
• You want the system to not use a single protocol (ActivityPub), but use multiple protocols?
• ActivityPub based services have bad UX due to the complexity of the protocol

Is this correct?

We have a few contradictions here.

You cannot have a system where anyone can easily create servers and at the same time have shared sessions based on trust. These two requirements conflict with each other.

Either servers only work with servers they trust, and then you can’t just create a new small server and interact with the network.

Or anyone can easily create a new small server, but then you can’t do anything based on trust, since you never know if that server was created with malicious intent.

Regarding centralized/decentralized you have to differentiate between implementation and management.

All major social networks run distributed systems. If you want to serve billions of users, you need to run millions of servers. These servers are distributed around the globe to give fast access to users everywhere. Chances are pretty high that your ISP has a few racks of Facebook, Netflix, YouTube and Tiktok servers.

Their distributed system is orders of magnitude more complex than everything running ActivityPub combined.

But their system works, because they have tens of thousands of highly paid specialists to make them work.

ActivityPub based services on the other hand have almost no funding and manpower.

Mastodon is the best in this respect. They have 6 people who are actually working on the system.

Lemmy has two developers who earn close to minimum wages.

Kbin has a single guy developing it.

That’s the real reason why the UX is crap.

If anything, ActivityPub and the services running on them are extremely underengineered and underdeveloped.

Btw, there is something rather close to what you seem to want: online forums with Google single sign on.

The forums are not interacting at all with other forums. No federation or anything at all. There are enough commercial solutions that work really well. And with Google Single Sign On you also don’t have to register for each forum.

E-mail. E-mail does support small servers.

Btw, I think you are mixing up a few topics here, so let’s see what you actually want.

• Protocols are what computers use to communicate with each other. No protocols means no interaction between different computers/servers. Without protocols, none of the things you ask for can be possible.
• Federated services don’t have single sign on. On the contrary, single sign on is a centralized service not a distributed one. To clarify that: I cannot log into lemmy.world with my feddit.de accout, same as I cannot log into hotmail with my gmail account. In both cases I log into my instance/provider and this allows me to communicate with people on other instances/providers. Federation is the process of sharing content between instances. SSO on the other hand is a centralized service that then communicates with other services to let you log into these other services. For example, I can log into my Google account and then use this to login to other sites. This only works because people trust Google. This would not work as a decentralized service with untrusted servers.
• Duplication is used on federated services for a few reasons. First, it’s a kind of caching mechanism distributing the load. If someone posts something on one instance, it’s transferred only once to the other instances which then serve it to all their users. Without duplication, each individual view would have to be requested again from the original instance. The other advantage is that the admins of all the instances retain control over the content. If the other instance goes offline, users can still see “their” copy of the content. And if the other instance doesn’t moderate their content, the mods/admins of your instance can do that themselves.

So as you see, these concepts aren’t there just for fun, but for a purpose.

I said: Code changes are easy, all the other things in regards to supporting playing on Linux (anticheat, support requests, testing, …) is hard.

You said: But code changes are easy because steam has libraries to unify distribution.

Do you see the problem here?

What are you going to tell me next? That code changes are easy?

And the content of private messages.

It’s actually not wrong if you look at it in another way.

• Big tech will abuse your data, but it will do within legal constraints, and there is actuall (though weak) accountability of these companies due to the legal system.
• On federated services like Lemmy, instances are hosted by anonymous individuals. Most social media laws don’t apply to them, and their legal accountability is basically zero.
• Lemmy, for example, does not comply with GDPR. There is no legal notice, no privacy contact person, no banner asking whether you are ok with the fact that your data is sent to unknown servers in random nations, no nothing. Private messages aren’t even encrypted, so any admin can read them without issues.
• There is no way to actually delete your data, as the GDPR requires. Deleted posts are only marked as deleted and you can see their plain text content by just pressing the “reply” button in any of the apps. There isn’t any kind of guarantee, that your post will be deleted on other instances. If federation has problems, the post will remain on other instances and is now permanently undeletable by the user.
• There are no moderation standards. Some instances will delete nazi content, some basically require nazi content. And some instance admin might even edit your posts to say something completely different. It’s all possible and in the hands of random people on the internet.
• Hobbyist-run services are much worse when it comes to availability and reliability. If something happens while the admin is on holiday, nothing will get fixed. If the admin runs out of money, doesn’t care anymore or even dies, the instance with all it’s content and users is just gone.

So there are very real risks attached to a hobbyist-run service with no legal accountability and no transparency at all.

We all know the downsides of Big Tech though, so it’s everyone’s personal choice to figure out which disadvantages hurt them personally more.

Emails also go to other’s servers.

But you could just host an IRC server.

But as soon as you interact with literally anyone (or anyone interacts with you) your data is still replicated on other servers.

Yeah, that’s more due to need than due to technical difficulty.

Even in 2024 it’s still common that you have to print out documents to sign them or tickets for some event or something like that. All these (quite relevant) use cases just don’t work if you don’t have a 2D printer.

As much as I like my 3D printer, and as much as I recommend everyone to have one, is not nearly as necessary.

In regards to how difficult they are to make, consider the price.

2D printers have an advantage due to their much higher sales numbers (economy of scale) and they are subsidized by the manufacturer selling expensive ink. And still, a half-decent inkjet costs €100 or more, and a color laser easily costs €300 or more.

3D printers usually have much lower sales numbers and people usually buy 3rd party filament, so the printer needs to be expensive enough to generate money for the manufacturer. And still you can get a decent Ender 3 for as low as €150.

What’s different? Basically the whole thing.

A 3D printer (talking here about FDM because SLA really shares nothing at all with a 2D printer) is basically a tiny hot glue gun being moved on three axies by stepper motors. Of course, the temperature and extrusion controls are much more accurate than a hot glue gun, but that’s the basic principle. You got a single “printing point” that gets moved around and it only extrudes filament from that single point.

An inkjet printer has one stepper motor that moves the paper and another that moves the print head from left to right. So there too are axies moved on stepper motors. A very simple trait also shared by e.g. CD and disk drives, slot machines, camera lenses and many other things. All these things are as close to a 2D printer as a 3D printer.

The real magic of an inkjet printer is the print head. A print head doesn’t have a single nozzle but an array of many nozzles. This way, a printer cannot only print one dot at a time, but instead a few lines at a time. These nozzles are much tinier that the nozzles on a 3D printer, and they also are much more complicated to operate.

A 3D printer just uses a stepper motor to push filament into the printhead, where it melts and is then pushed out of a hole.

On an inkjet printer, you need to either rapidly boil the ink, so that a single vapor bubble appears that pushes just a tiny drop of ink on the paper, or you have a tiny piezoelectric transducer that creats a vibration that then pushes out ink.

This is orders of magnitude more difficult than a 3D printer, and much tinier. You won’t be DIYing a working 2D printer from scratch, while that isn’t all that hard for a 3D printer. With access to a decent toolshop, you can make all relevant parts of a 3D printer. The same is not true for 2D printers.

To rephrase your question: Why is it that so many people build DIY desktop PCs, but nobody is making a DIY flagship smartphone? What’s the difference?

Basically everything.

And the FOSS system seems to be collapsing right now for the same reason that anarcho-communism only works short-term until someone sees commercial value in it and abuses the system to the limit.

• Big corporations initially providing exceptional services based on FOSS and after a while use their market share to excert undue control about the system (see e.g. RedHat, Ubuntu, Chrome, Android, …)
• Big corporations taking FLOSS, rebranding it and hiding it below their frontend, so that nobody can interact with or directly use the FLOSS part (e.g. iOS, any car manufacturer, …)
• Big and small companies just using GPL (or similar) software and not sharing their modifications when asked (e.g. basically any embedded systems, many Android manufacturers, RedHat, …)
• Big corporations using infrastructure FOSS without giving anything back (e.g. OpenSSL, which before Heartbleed was developed and maintained by a single guy with barely enough funding to stay alive, while it was used by millions of projects with a combined user base of billions of users)

The old embrace-extend-extinguish playbook is everywhere.

And so it’s no surprise that many well-known FOSS developers are advocating for some kind of post-FOSS system that forces commercial users to pay for their usage of the software.

Considering how borderline impossible it is for some software developer to successfully sue a company to comply with GPL, I can’t really see such a post-FOSS system work well.

Python sure has changed since I last used it.