logen
@logen@exploding-heads.com
- Comment on Before it all goeas away 1 year ago:
I feel like even for those of us going over there… It’s such a scattered ecosystem…
I’m trying, but it’s a struggle to follow conversations over there.
- Comment on I REGRET NOTHING!!!!! 1 year ago:
“to” or “too” ?
I feel like this is especially important in that statement…
- Comment on Why can't we have our own little party here? Why do we have to have lots of users? 1 year ago:
Yea, but what they want to avoid is someone else taking over and becoming an evil dictator. Also costs.
- Comment on Why can't we have our own little party here? Why do we have to have lots of users? 1 year ago:
Haven’t heard complaints about lemm.ee. And the stated goals and open financials seems pretty promising.
That said, I wouldn’t know it if people are routinely censored.
- Comment on I'm frustrated and sad 1 year ago:
nreal (xreal now, I guess) airs and friends. Tis the way to go. Doesn’t matter where I look. Tech is still young, but it’s basically what I’ve wanted since I looked in a sky mall magazine all those years ago and saw TV’s in this ugly head band goggle thing. Actually, I think they looked slightly like Apples atrocious headgear.
- Comment on If you guys are still going to use lemmy after EH goes down, what do you think of these ones? 1 year ago:
Just lemm.ee. I dislike having many accounts.
- Comment on I'm frustrated and sad 1 year ago:
“Try to do something different” This is strong advice, however, I’d change to it “Go do something”
Doesn’t matter what it is, doesn’t have to be new, you just need to do.
Have a thought? Go do it instead of convincing yourself not to do it.
Super simple, yet still hard to do when… well… life is what it is.
- Comment on I'm frustrated and sad 1 year ago:
Use a laptop? At least then it’s more comfortable.
- Comment on To all 3 of you moving to Nostr.... 1 year ago:
I’m using nostr but… Yea. I’d rather just stay here. Infact, I even decided to join lemm.ee. Seems nice enough over there.
- Comment on Are you guys ok ? 1 year ago:
Aye.
- Comment on If you guys are still going to use lemmy after EH goes down, what do you think of these ones? 1 year ago:
Hexbear: “A leftist social platform centered around community building through discussion, shitposting memes, and sharing content.”
Read through their rules, they seem reasonable enough. Though, they have no qlams about wielding a ban hammer.
Note: I’m used to leftists being very unreasonable, so maybe I’m giving them too much credit.
- Comment on If you guys are still going to use lemmy after EH goes down, what do you think of these ones? 1 year ago:
I like lemm.ee. They are in favor of users blocking as needed rather than power tripping and defederating.
hexbear.net seems like a nice place from what I’ve seen. Far far left, but in a lulzy way. Haven’t looked into their policies.
- Comment on More troll posting on Lemmy world 1 year ago:
They are constantly flipping out on their own.
I joined up with lemm.ee and accidently wander into their shit. It’s a not stop shit-show.
Though, when the hexbear folks drop in, it goes to another level.
Serously though, the hexbear folks I’ve seen so far, being extreme leftists, they sure are lulzies. Droping reason and atacking anyone who shows the slightest weakness.
Good to see there’s some leftards I can respect. Otoh, my sample has been pretty small so far.
- Comment on today is my first day of college! 1 year ago:
Colleges are dangerous places for self-expression these days.
But that just makes it more fun!
- Comment on Some interesting comments on the move 1 year ago:
Yea, but how do I know you control that anymore either? Back to trusting central authorities, but that’s certainly a way around the problem. Not a perfect way, but I can be reasonablly sure that Linus owns Linus Tech Tips, and if he says from there that his key leaked, it’s probably true. But then again, his site has been hacked before. Heck, even then he has to convince everyone to follow his new key. That’s no small task.
Keeping your shit secure is hard. I’m mostly using Android for this stuff at the moment and I have no trust that anything I do here is secure. Copying it to the clipboard, as these apps do, may be enough to have the key compromised.
And, maybe, I’d like to keep a copy of my key on my person via flash drive. Flash drives get lost sometimes. People get mugged. Even if my key is encrypted on the drive, I have to treat it as if it’s compromised.
Or perhaps I have a print out in my files. Files get stolen sometimes. And for big time content creators, all threats increase as the keys are more valuable than some rando’s.
So we have many software threat vectors and some physical ones. Mehbe my app gets compromised, they push an update, everyone’s keys start getting yanked. It happens. We need disaster recovery options. Until we do, everyone’s reputation on the system is at risk.
- Comment on Some interesting comments on the move 1 year ago:
My problem lies with the identity theft and recovery.
It’s the public followers I lose.
If Masterofballs says, “Hey, I lost my old key, this is my new one, everyone follow me!” How do I know you are you? How do I know that the identy was even lost? How do I trust you are who you say you are? Especially if someone else has your old key and is impersonating you? Or, mehbe this new account is the impersonator.
It’s a real problem for someone trying to maintain some sort of identity, which, to greater or lessor extents, we all are.
If you just want to be anon, this system works well enough, but if you want to maintain your reputation… there are challanges we need to overcome.
Or, since I really don’t know much about nostr, mehbe they are already working on this problem.
Trustless systems need to be robust.
- Comment on Some interesting comments on the move 1 year ago:
Like a nostr node, anyone can set one up and they can share information with each other.
If you use Linux, you may notice that the keys are updated from time to time, that’s your system contacting keyservers to get a copy of the public keys to verify package integrety.
But yea, they have a central authority, kinda, but really it’s just a place for people to store their public keys so people can use it to verify cryptographically signed content, or encrypt data meant only for the owner of the key pair that the public key is attached to.
To me, it looks like nostr nodes do this, there’s just nothing implemented yet to recover a hijacked key. Tom (if anyone remembers him) could get a following of 10k people, happen to lose control of his private key, and then we are back to the same problem of a central authority banning someone… Possibly even worse because, well, identity theft without a way to proove it.
At this point, at the very least, I’d like the owner of the private key (regular users) to be able to send a revocation certificate to a node which will flag this particular public key as compromised. Other nodes will see this and the flag will spread. Revocation certificats can only be made by someone with access to the private key. So we shouldn’t have any censorship issues here.
tl;dr of everything I’m going on about here so far
I’d like nostr to implement a way for users to print out revocation certs, just like how we can backup our private keys, so that users have the ability to report compromised accounts to the nodes.
I’d also like there to be a system where we can recover from the above situation without having to start over and rebuild trust under a new identity. Such as having a backup key that can veryify a new key belongs to the person who’s claiming it.
We already have a solution for all this, it’s just a mater of nostr nodes supporting it.
- Comment on Some interesting comments on the move 1 year ago:
Well, you do all this on the client side. It’s just that the nodes would manage your pubkeys. (Which the might already do?)
If your key gets hijacked by someone, it’s nice to be able to push a revocation certificate, if nothing else.
- Comment on Some interesting comments on the move 1 year ago:
As I recall back when I did gpg encrypted email.
You can create a master key. You use this master key to sign other keys.
Keep that master key super safe.
The subkey is what you use in general practice.
You upload your public keys to keyservers, which I believe is what happens with nostr nodes.
Your master key can revoke the subkeys at any time. This revocation is sent to keyservers and the public key is marked as invalid so other people don’t trust it.
You then make a new subkey signed by your master key to prove it is still you, but with a new key, and upload that public key.
Now that’s the key people use to encrypt data for you, as opposed to the old revoked one.
Now, I’m not sure exactly how it works either with the keyservers or nostr, but it seems like it should be doable. Have an air gaped master key that is only used to sign the keys you use day to day, and it’s that master key’s signature that is the verification of your identity.
Bonus points to this system, I can have five different nostr apps each create their own key. I could later verify all those keys with my master key to prove each of these different keys belong to the same identity. With that verification, if implemented of course, the noster nodes could link all the pub keys signed by the same master key to help people follow an identity across different types of content.
I know I’m somewhat confusing different points I was trying to make, but it should all be possible.
- Comment on Trump To Be Arrested On Thursday 1 year ago:
Yea… Having your main political opponent arrested is not a good look. The only way to get out of this shitstorm is if Biden decides to pardon Trump… Which would be its own shitstorm.
Well, either that or our society is completly fucked and we need to gtfo.
- Comment on Some interesting comments on the move 1 year ago:
I was thinking like how with gpg you can sign a subkey, use that, if it is comprimised you can send something out saying that the key is compromise and painlessly switch over to a new subkey since the master is only used to confirm subkeys.
Like Keyserver notes that this pubkey is bad, in this case nodes, the keyserver also notes that there is a valid new pubkey and transfers it over.
- Comment on So, Well, How's Everyone Feeling About The Switch? 1 year ago:
I take that back, nostrid is interesting too. It’s running like shit, but it’s interesting.
- Comment on So, Well, How's Everyone Feeling About The Switch? 1 year ago:
Went through most (all?) the android clients. They are all either pretty out of date (last commit months ago), very early dev, not released, or otherwise not so great. Amethys is the best so far, which is sad.
MeShell looks intersting, but was never released. The rest are varying bad implementations of twitter. I’ll have to check out the linux clients.
- Comment on So, Well, How's Everyone Feeling About The Switch? 1 year ago:
Nice list. Thanks!
- Comment on Some interesting comments on the move 1 year ago:
Yep, you’ve convinced me to give it another chance. I really should try out other clients, but android is what I usually use for reading, entertainment, etc… I have plenty of other computers though, I have no excuse.
I wonder if there is a way to change a private key. Say, mine gets compromised, without creating a new account.
- Comment on So, Well, How's Everyone Feeling About The Switch? 1 year ago:
I was just using amathist on android. I’ll have to try other apps.
- Comment on Some interesting comments on the move 1 year ago:
-
Oh, I’m in no way defending fediverse. It’s neat, technically, but it’s ripe for abuse from inside and out. As for DNS, I wonder if there’s a reasonable way to get around that for ActivityPub.
-
Okay, that’s neat. I should look into this indepth. I’m currious how data is copied around without overloading nodes. It seems like it may also have the problem of some people don’t see some comments on a specific post, which leads to confusing conversations, but I haven’t run into that yet as I have on Mastodon. But with Mastondon is was a matter of instances being blocked, this just seems like we may be missing parts of the conversation, kinda like on SSB if there are two groups of people who only have some of the data.
-
- Comment on Some interesting comments on the move 1 year ago:
True, but often times, when we do something a lot of people enjoy, it’s a chance happening. Unless we’re hyperfocused on the point of making money in the first place, like designer bands and the like.
- Comment on Some interesting comments on the move 1 year ago:
Well, the idea that I can create my own pleroma instance, create an identity, and then go check out noagenda or whoever else’s mastondon’s and the like.
Even peertube iirc. Possibly diaspora?
At that point, blocking me or the instance is the same thing since I’d be the only one on the instance. However, these instances are a bit of pain to setup for the average person, especially if the only point is to create an idenity since that thousands of other people are willing to do it for you.
But yea, that’s why I want to like nostr, mehbe someday a different client will work out for me, but with the way this stuff work out…It’s usually not what Iwant.
- Comment on Some interesting comments on the move 1 year ago:
Yea, it’s true that locals, rumble, and the one’s you mention support content creators.
I was thinking on a smaller scale. Like, if I send you cash for a pleasant discussion rather than I send someone cash who is trying to appeal to be a content creator specifically for income.