Forest @forestjohnson@pixie.town

@stillgreenmoss I've heard of one called wallabag

@gwil I came here to ask how this is different from just using a Merkle tree for the hashes of the chunks. Then I thought I'd better read further so that I can see if there's any details published that I can read about myself. And when I finally clicked through enough links to find it, I saw that it said that it uses a Merkele tree 😄

So say I wanted to "sign" a Bab stream while I hash it, say with ed25519. Would I just sign the top merkle tree nodes every few MB or so?

@dentangle@chaos.social https://github.com/OpenRC/openrc/pull/422

@dirtwizard666 I'll wait for the librarians to call it but I'm standing ready

@notplants @mayfirst @abekonge

In my limited experience, internal risk is way more relevant. Or at least I think people tend to severely underestimate it, and overestimate external risks.

I guess "oopsie" is one, but infighting and abandonment might be even more likely.

@notplants @mayfirst @abekonge

Well, this started out talking about security culture and practices. It kind of sounded to me like you were referring to internal risk, not external risk.

An example of an internal risk was when the person who operated kolektiva was raided by the cops and all the backups were seized.

DDOS is firmly in the external risk category. Besides the LLM scraper bullshit, I'm not convinced that DDOS is that big of a deal. It's very illegal. It's very expensive, and can't go on forever.

I have some ideas around how small servers can mitigate DDoS attacks, It's obviously an area of active development with Anubis, etc. And I think the development may continue with even more evasive solutions.

@notplants the primary risk is "oopsie", not malice or subterfuge IMO. Backups are the primary defense.

@notplants It's not a problem if you know the people in person.

@reese

@gabek Well, hey, I hear, uh, nolan lawson (read the tea leaves) has a good emoji picker. And I got some ”kinds these days" friendly image uploading code right here: https://git.sequentialread.com/forest/image-gallery

But no, jokes aside, totally understand the desire to avoid maintaining a matrix client.

@gabek To be fair I also have issues with matrix, I won't disembowel you or anyone else for choosing something else. I still have a password for that rocket chat in my password manager.

@gabek I wanted to integrate matrix with a easy to access low friction web app, similar to a support portal like you're talking about.

I was able to get it to work by creating a separate Matrix Synapse instance which had guest accounts enabled. Then I used f0x's custom matrix client which only ever joined one room and automatically created a guest account whenever you visited the web page.

It was very hacky but it did work and it allowed people to post links and things like that.

I don't have a demo of it up anymore. I turned off the feature because it wasn't needed anymore, but the code still exists.

https://git.sequentialread.com/forest/workspace-on-demand/src/branch/main/frontend_chat.go

https://git.sequentialread.com/forest/workspace-on-demand/src/branch/main/frontend/static/chat

f0x's original matrix-streamchat codebase:

https://git.pixie.town/f0x/matrix-streamchat

@skyfaller I made one that just had potassium and magnesium cuz I figured most ppl already get too much sodium anyway from american food. I used citrate salts from nutrition store. But also mine was not specifically for electrolyte, it was an energy drink

You can read nutrition facts labels to get good info on how much of what mineral is in stuff. Then match that up with how much "dose" you want in each liter of liquid

@skyfaller thelounge

@stillgreenmoss

> how do you deal with the wrong/asshole/bad-faith people without becoming an argumentative reply guy yourself?

By becoming the wrong/asshole/bad-faith person yourself :D

@stillgreenmoss I think real-time chat is better and voice chat is even better still.

I've always had a trouble with asynchronous Twitter style stuff.

@technomancy @aburka@hachyderm.io

Well, the idea behind proof of work was supposed to be that even if the bots start to do the work, that doesn't mean the system failed.

Anubis uses sha256 , i think because its the only one that's in web crypto, but sha256 is about the worst possible choice for this, its extremely easily parallelizable, tons of asics already exist, etc. So I would argue that sha256 is just a placeholder for whatever actual proof of work is used in the future.

That's why I started mine with scrypt, which is memory-hard, and I turned up the memory usage considerably. That way scrapers would actually feel the pain if they decided that they were gonna just solve it.

And I suppose with all these high-bandwidth-memory GPUs, maybe that pain wouldn't be so bad after a bespoke solution is developed. But in that case, I've already cost them way more time and effort than I had to put into defense.

And if I see bots solving the scrypt proof of work, I can just change it to Monero mining, lol. Maybe try to suss out access patterns and categorize human versus bot users that way, and then turn the thumb screws on the bots, make them really work for every byte. Or just send them into the iocaine Markov chain hell.

@dumpsterqueer

I don't know anything about JSON LD, but do the implementations throw an error when there is an extra field that they don't know about in the JSON object?

I've always done comments in JSON like this:

```
{
"id": 126884,
”comment1": "this is a very peculiar object",
"comment2": "smells like a shrimp boat",
....
}
```