hendrik

Uhm, and how is that supposed to work?

I'd first like to see if Odysee can do it. From my experience, Youtube is CRACKING DOWN HARD on third parties. I can't even watch or download a single video from my VPS. Individous instances have been notoriously unreliable for a long time. It's a mess. Would make a nice feature, though. If it worked...

3

hendrik @palaver.p3x.de 1d ago

Sometimes I wish people would back up their factual claims with numbers and studies.

Also: FreeBSD phone, when??

hendrik @palaver.p3x.de 2d ago

PieFed has you covered. Just go to feddit.online with your browser?!?? 🤔🤔🤔

hendrik @palaver.p3x.de 2d ago

Thanks. Sadly I can't even get the latest version to work. It does find the other peer and loads the chat interface, but doesn't open a data channel, so it'll say "not connected" and do an error popup everytime I try to send a message. And I've spend enough time debugging it for now.

Just some general words of my wisdom: I think software projects are first and foremost about focus. I don't really know what you're trying to do here. If that's writing a cryptography library, I think focus is about right. You first need to lay down the design properly. Make sure you factor in advanced tech like formal proofs from the start. After that you need to write the actual code. And then also make sure it aligns with your testing. I mean it's fairly common to make mistakes while writing computer code, or have bugs... And any of those could render your more formal methods useless. For example like that one time when some Debian package always sent the same random number as a seed... That meant the algorithms were 100% correct. Just used in a wrong way so most of the encryption was futile. Things like that require an equal amount of focus. If not more, since we already know how Double ratchet works, the important part is to implement it correctly and use it correctly. That deserves a massive amount of focus (and effort). It's also the major part of a security audit of a software project as a whole.

We also have things like sidechannel-attacks, which aren't covered. But I think that's a minor thing with what we're looking at.

And if you're trying to develop a chat app, Your focus probably needs to be somewhere aimed to make it work, first. Make it connect reliably and across a multitude of devices. Cryptography is pretty much dispensable at that step. Then focus on the UX. Make sure it's not vulnerable to just bypass any subsequent encryption because for example you don't have script nonces and everyone in the chat can inject JavaScript and just bypass your entire encryption.Think about metadata and if your software product wants to address that. You could be doing encrypted messages but all kinds of third parties know who is talking to whom... Make sure you do what your users expect!

And I think that's also the reason for some of the downvotes here. You have a narrow focus on the formal proof of your encryption algorithm. While your audience probably expects a working Chat app. For all they care it could be entirely unencrypted in the alpha version, and encryption comes in a later version. We as users need something that works in the first place. We want to know what happens to our metadata. If there's security vulnerabilities in the software. And once all of that is in place, then we start to worry about the specifics of the end-to-end-encryption.

Probably also related to the AI-slop argument. I don't really know what shaped your focus. But it must look to your audience like you're deep in some singular rabbit hole, because you write about formal proofs a lot. But then there's this huge disparity with what your audience assumes you're doing, or what you have to show off. Just my opinion. But it's kinda like that for me. You write about how great AI assisted coding is, and where it led you. But then I try to use your software. And it doesn't even connect. And that really shapes my first impression of it all, in a very negative way. I mean... If we hadn't talked, I would have just assumed your cryptography is on the same level as your code to do the peer connections. And that wasn't a good first impression.

hendrik @palaver.p3x.de 2d ago

I don't think a multi billion parameter LLM counts as proper machine translation... That'd be something like Argos Translate or the models from Mozilla's Bergamot Project. Seems they're the ones used in the open source Android App linked by TheLeadenSea.

hendrik @palaver.p3x.de 2d ago

Uhm, maybe you have the wrong celebrities as role-models? I'm pretty sure I've heard some interesting opinion pieces and side projects of some actors in some lengthy Podcasts. All the gossip and random people turned turfs are rubbish, though.

Edit: Idk, I've watched entore movies about Weird Al, or Freddie Mercury... Jane Fonda randomly says some good things and she's 88yo...

4

hendrik @palaver.p3x.de 3d ago

What draconian measures? And what open-source?

The general issue was: German society frowns upon all the people using Elon Musk's Grok (and similar tools) to fabricate nudes of their ex girlfriend and abusive stuff like that. And there's a genuine loophole in German law. That's now being discussed both in society, and by the politicians.

(Edit: Also think discussing digital violence isn't exactly "Casual Coversation".)

hendrik @palaver.p3x.de 3d ago

Most users [...] would not expect their votes to be as public as they actually are [...]

That's correct. I hear that all the time.

From what I heard, admins of larger instances are quite busy, and they try to delegate as much as possible to mod teams, etc. And some want to stay neutral and let the specific people handle feuds. Or they just run the infrastructure, and managing the crowd is up to other people. But I've also seen admins step in several time. Some seem to pay attention, or there's some automod. Idk maybe we should ask some of the admins whether they're willing to handle that workload.

And another issue: We have some badly moderated instances in the network. Guess that'll be an issue as well as they don't really have active admins. It's a bit difficult to handle it for admins of other instances... Guess if there's only anonymous votes coming in, we'd need to ban entire instances from voting if we can't tell which of their users are problematic.

I think it's just hard from the tech/design perspective, as the Fediverse is designed to work entirely the other way around, and scatter metadata and actual data all across the network.

hendrik @palaver.p3x.de 3d ago

I think that depends a bit on what kind of internet browser or app you use. And on your PieFed settings. On my phone, I get both Peertube videos and Youtube videos embedded. There is a preview with a play button and I can click it and just play them straight from the feed.

2

hendrik @palaver.p3x.de 3d ago

Well, it'd make it impossible for (non-local) community moderators to detect vote abuse. And furthermore random users get their voting ability banned, if a remote person decides to ban one of these proxy accounts.

And using LLMs is a bit silly, IMO. It doesn't really detect the patterns, because it looks at some text. We'd need to do proper machine learning on the data for that. And it's wasteful. Why not use sentiment analysis? Or train a classificator? Or do old-school statistics on the user's behaviour reflected in the numbers in the database? That's both more powerful, and comes at a fraction of the computational cost. And probably has a lower error-rate as well.

Edit: But I bet whoever unleashes LLM / bot "moderators" on the Fediverse, is up to no good. That sounds like automatically pushing some political agenda, or some even more abusive dynamics than on Reddit, and not content moderation?!

hendrik @palaver.p3x.de 4d ago

Late nights just happen to me. But I'll read, or do something at the computer, or doom-scroll, or talk to internet-strangers from overseas. Not exactly high-dopamine activities... I certainly like the quiet. At night there's way less distractions. Most everyday tasks are done, no people around, and no notifications popping up.

Only downside, I might need to get up in the morning, and sleep is a thing as well. But other than that, I enjoy it.

hendrik @palaver.p3x.de 4d ago

Sorry, I just saw the recommendations. I'm using a Matrix server myself. And it's connected to the internet, since I use it 24/7 and on my phone, etc.

I guess technically, most protocols can be used in an internal network. But maybe you'll need to put in some extra effort, for example if a platform requires SSL certificates or something like that.

I mean you could try... If it asks for a hostname, just put a local hostname in. Or the IP address. Or set up a DNS entry on the router. And see if it works.

Or try something like RocketChat, or depending how your team's workflow is, maybe you don't want a messenger. But some (online) collaboration platform more focused on documents, like Nextcloud.

2

hendrik @palaver.p3x.de 4d ago

I think the added benefit of an OpenWRT router is, you get 3 more ports (for your TV, Playstation and PC), plus a Wifi network. And it's really hard to break it. But a MiniPC with OPNsense, of course will be more powerful. And some more advanced things have been notoriously difficult to set up in OpenWRT, maybe OPNsense does it a bit better.

6

hendrik @palaver.p3x.de 4d ago

I think some people here recommended Snikket. It's supposed to be easy to install and modern. I don't know what components it's made up of. It's a dockerized XMPP server + Apps.

hendrik @palaver.p3x.de 4d ago

To err is human?!

hendrik @palaver.p3x.de 5d ago

I do that as well. Like tell it I have fetish for shag piles and space ships. And it'll recommend the movie Barbarella to me 😅

And one time, after reading how people publish AI written books, I tried to write a few short stories with AI myself. And at some point, I'd often end with the feeling "wait a minute, I know that movie". And after querying it about "similar" movies and TV shows, it'd tell me what it just ripped off. And recommend some more. Nothing fancy, I could have googled that. But nevertheless, I learned about some nice TV shows that way.

But fact-check the output. It also hallucinated some. And recommended some unwatchable tearjerker movies to me.

And nothing beats human word of mouth. If you have friends who get to learn you didn't watch The Expanse, or The Orville... they'll proactively recommend that to you and it'll make your day. Or week. And no amount of AI can do that. Same goes for your next favorite niche Italian metal band and their music.