Forest @forestjohnson@pixie.town

@jwildeboer I was arguing that

because being able to directly accept a TCP connection is still step one for a lot of use cases,

All the work that went into making the network and devices faster doesn't help all that much; what good is a fast network if no one can connect to each other in the first place?

We can make great "local first" apps, but since everyone is still in "NAT jail", we still need servers. Having a server helps a ton, even if you're trying to build an app that's offline-only most of the time.

For apps that don't need to be able to accept connections; yes the unhosted idea works great. But I care about federation, publishing, etc, I think they are really important and worth designing for.

@jwildeboer what did we learn?

As far as I know, people still aren't likely to fully ditch email, the https/web stack is still the only game in town, IPv6 is still always 10 years away, etc... I don't think any of the fundamentals have changed since then.

@jwildeboer I suppose my password manager is an example of this type of web app though.

It's definitely really great for password managers. There's no publishing involved, there's no incoming connections from other users or anything.

@jwildeboer I also read the unhosted page that you linked back in 2010.

I really liked the idea, but after thinking about it for a while and doing some research about how the relevant protocols work, I'm convinced that it's just not worth it.

It would work if the apps and the protocols were designed for it but for example, if you want to do email or publishing, It starts to go off the rails fast.

I think we already have the software to solve this problem, simple things which already work with the rest of the world. They're compatible, using the same protocols.

I'm focused on:

* the usability of the software, both for Admins and users
* the economic/social organization around the operation of the software
* seizing the right moments (unrest) to pull entire groups of people out of platforms at once. Where they wouldn't normally be able to leave because all of thier friends are there

@dirtwizard666 could you please attach the video file (or a link to it) here? Tiktok won't play it without an account on mobile

@gwil I assumed that signing / verifying each chunk individually would be too computationally expensive.

@stillgreenmoss I've heard of one called wallabag

@gwil I came here to ask how this is different from just using a Merkle tree for the hashes of the chunks. Then I thought I'd better read further so that I can see if there's any details published that I can read about myself. And when I finally clicked through enough links to find it, I saw that it said that it uses a Merkele tree 😄

So say I wanted to "sign" a Bab stream while I hash it, say with ed25519. Would I just sign the top merkle tree nodes every few MB or so?

@dentangle@chaos.social https://github.com/OpenRC/openrc/pull/422

@dirtwizard666 I'll wait for the librarians to call it but I'm standing ready

@notplants @mayfirst @abekonge

In my limited experience, internal risk is way more relevant. Or at least I think people tend to severely underestimate it, and overestimate external risks.

I guess "oopsie" is one, but infighting and abandonment might be even more likely.

@notplants @mayfirst @abekonge

Well, this started out talking about security culture and practices. It kind of sounded to me like you were referring to internal risk, not external risk.

An example of an internal risk was when the person who operated kolektiva was raided by the cops and all the backups were seized.

DDOS is firmly in the external risk category. Besides the LLM scraper bullshit, I'm not convinced that DDOS is that big of a deal. It's very illegal. It's very expensive, and can't go on forever.

I have some ideas around how small servers can mitigate DDoS attacks, It's obviously an area of active development with Anubis, etc. And I think the development may continue with even more evasive solutions.

@notplants the primary risk is "oopsie", not malice or subterfuge IMO. Backups are the primary defense.

@notplants It's not a problem if you know the people in person.

@reese

@gabek Well, hey, I hear, uh, nolan lawson (read the tea leaves) has a good emoji picker. And I got some ”kinds these days" friendly image uploading code right here: https://git.sequentialread.com/forest/image-gallery

But no, jokes aside, totally understand the desire to avoid maintaining a matrix client.

@gabek To be fair I also have issues with matrix, I won't disembowel you or anyone else for choosing something else. I still have a password for that rocket chat in my password manager.