I agree with GP, and so, yes, I release everything I do — code and the hundreds of thousands of painstakingly researched, drafted, deeply thought through words of writing that I do — using a public domain equivalent license (to ensure it's as free as possible), the zero clause BSD.
Personal blog: https://neonvagabond.xyz/ (591,305 total words, written over 6 years; feel free to do whatever you want with it)
My personal github page: https://github.com/alexispurslane/ (I only recently switched to Zero-Clause BSD for my code, and haven't gotten around to re-licensing all my old stuff, but I give you permission to send a PR with a different license to any of them if you wanna use any of it)
The first three things are, in this order: collaborative editing, collaborative editing, collaborative editing. Seriously, this cannot be understated.
Then: The LaTeX distribution is always up-to-date; you can run it on limited resources; it has an endless supply of conference and journal templates (so you don't have to scavenge them yourself off a random conference/publisher website); Git backend means a) you can work offline and b) version control comes in for free. These just off the top of my head.
Did that require an entire new protocol though? I am 100% sure that if Twitter, Facebook and all the other platforms decided that they want to offer a way to move around accounts they could do it.
The protocol is much more than data portability, it essentially turns the global social media system into a giant distributed system anyone can participate in at any point. Imagine if FB also let you tap into the event stream or produce your own event stream other FB users could listen to in the official FB app. That would be a pretty awesome requirement for all social media apps, yea?
I am not debating that. But this same reasoning applies to @at or any other implementation. You have to be willing to implement the features and use the protocol. So I still don’t see why this is any different.
They are not harmless. These hallucinated references are ingested by Google Scholar, Scopus, etc., and with enough time they will poison those wells. It is also plain academic malpractice, no matter how "minor" the reference is.
> until there's a server that I can bring home and plug in with setup I can do using my TV's remote, you're not going to be able to move most people to "private" data storage
Quite some BSky users are publishing on their own PDS (Personal Data Server) right now. They have been for a while. There are already projects that automate moving or backign up your PDS data from BSky, like https://pdsmoover.com/
Microblogging is also the least interesting part of the ATProto ecosystem. I've switched all my git hosting over to https://tangled.org and am loving it, not least of which is that my git server (a 'knot' in Tangled parlance) is under my control as a PDS and has no storage limits!
yeah, tangled seems like a pretty well-designed piece of tech. I've never used it, myself, but I did an audit and found that it's not only analogous to github as far as UX, but it also includes features like CI/CD, which other public/social repo servers have struggled with.
only reason I backed away from it is that when the bsky team had a big "fuck the users" moment, the user purporting to be the tangled founder was happy to cheer them on. so between having to use AT proto, and assuming that the tangled dev doesn't really disagree with bsky's "fuck the users" sentiment, I moved on. but, obviously, whiny moral grandstanding is irrelevant to whether or not someone made a good product. if you've got a use for it, I'd certainly recommend giving it a try!
Tangled founder here; it's just as easy! For example, here's the entire Tangled codebase monorepo: https://tangled.org/tangled.org/core — you can clone this directly as you would a git repo anywhere else.
New user sign up is a bit wonky. It asked for an email, login and password, then it's asking for a bsky sign-in too? This seems a little weird.
(Minor nit: for some reason, Google didn't auto-suggest a strong password for the password field.)
Then I got to the screen where it asks for full read-write access to my PDS and stopped there. It's kind of a lot to ask! I believe this is Bluesky's fault, but I don't think I can really use third-party bluesky apps until they implement finer-grained permissions.
yeah, I was one of them. developers are not the endgame, though. true social media needs people who are not going to do anything more complicated than "go to website, sign up". there's no world where setting up your own pds is that simple without an organized piece of software to do that kind of thing.
personally, I could probably get behind recommending something like umbrel[0], if it included something like a "include a pds" option during config. but even that is asking for a lot of mind-share for a non-tech user. it would take a super smooth setup process for that to be realistic. point is, though, I'm not saying it can't be done; I'm saying no one is doing it and what people are doing is not getting the job done for wider adoption.
[0] https://umbrel.com/
*and, naturally, at this point, I'd prefer they include something that isn't based on AT proto for social publication. I wouldn't mind if they had both, but just an AT proto implementation wouldn't attract me.
and you expect these “go to website, sign up” people to take the extra step to select a provider for repoing data? these people can barely pick a mastodon instance, what sort of data ownership integration work do you expect? it’s a consideration that’s more niche than the current status quo. unless you’re fine with people defaulting to onedrive or similar.
no, I expect them to go to a store to buy the same product that their friend bought. then I expect them to use that product by scanning a QR code that comes up on their TV, and then registering an account using the site linked by that code (or, just using their tv's remote to sign up, with an on-screen keyboard, or whatever).
not "a server so simple, anyone could host it"; "a set top box that gives me a private social media storage, network data storage, secure external connections, and effortless integration with all of my other iot devices". note that the former requires you to know what hosting is, while the latter only requires that you know what you want to do, without having to understand the details of how its done.
not silly if they have confidence that they will live in the place long enough to get paid back (and more). shortsighted to think otherwise.
I've renovated kitchens in apartments Ive lived in with coordination with the landlord (when I had confidence that I was going to be there 3+ years, with likelihood of 5+) as the $10k or so it cost me when amortized over a 36 month period came out to a few hundred a year, and finding an equivalent place with such a kitchen would have cost me significantly more in the area.
While I can't say its universally true (many landlords are just as shortsighted as renters), good landlords will be happy to give certainty to good tenants who want to take care and improve their unit in manner that the landlord is happy with.
I had an apartment in NYC that over a 10+ year period my landlord never raised my rent, because I never complained, paid my rent on time and took care of the place in a manner that enabled him to rent it for even more than he could have otherwise after I moved out. Part of this is NYC rules (rent stabilization and other rent rules would have controlled how much he could have raised it anyways and also provided me certainty), but also partly that good tenants are worth their weight in gold.
As soon as you forget (or your adversary manages to delete) an \0 at the end of any string, you may induce buffer overflows, get the application to leak secrets, and so on. Several standard library functions related to strings are prone to timing attacks, or have weird semantics that may expose you to attack. If you roll your own security-related functions (typical example: a scrubber for strings that hold secrets), you need to make sure these do not get optimised away by the compiler.
There's an awful lot of pitfalls and footguns in there.
I thought you meant a hello world or similar program only handling strings would be fundamentally insecure but rather you mean that it is hard to write secure code with C strings.
There are indeed a lot of pitfalls and footguns in C in general but I would argue that has more to do with c's memory focused design. I always feel like C strings are a bit of an afterthought but it does confirm well with the C design. Perhaps it is more so a syntax issue where the memory handling of strings is quite abstracted and not very clear to the programmer.
> I thought you meant a hello world or similar program only handling strings would be fundamentally insecure but rather you mean that it is hard to write secure code with C strings.
Disclaimer: I am not the author of the comment, and honestly I am more than happy if OpenBSD broke %n in printf because it looks awful from a security standpoint.
> you mean that it is hard to write secure code with C strings.
Indeed I do :) It is possible to write a "secure" hello world program in C; the point is that both the language and the standard library make it exceedingly easy to slip in attack vectors when you deal with strings in any serious capacity.
And on most Lumias, if your phone got scratched, lost its shine, or you just got tired of the color, you could just walk to the store and get a new "shell".
