O(fuck)

I really hope that CS will come up with recipes and emails where the board specificly “strongly recommended” that they reduce operation costs or denied internal investments. It probably won’t happen, because such pressure from investors is usually pretty vague, i.e they don’t literally tell you to cut corners, but they strongly suggest that if you won’t somehow increase revenue, you (the management) will have problems. Of course, it’s up to you how you do it, but to meet their often unrealistic demands, just doing a better job while also investing into internal failsafes is often simply not possible. It’s a loss-loss situation for CS, but I really hope they won’t loose this legal battle.

I’m sure there’s a lot of CS employees that would disagree with that, unfortunately there’s probably not much they can do about it.

I was just a few days ago giving my two weeks notice exactly for that reason. I’m getting so fed up with capitalism and companies working for the vultures who give zero fucks about what you do or whether you do it well or not, prioritizing profits over actually doing your job well. I don’t care about money, I worked in cybersec out of principle, to help people with their security. I don’t really care about money, as long as there’s job to be done for someone, I don’t really care if the project I’m working on is super profitable for me, as long as it at least breaks even. But no, we had to cut corners, basically scam our customers by selling products we had no qualified people for who barely scraped by enough results for the customer to not notice it. Non-existent R&D or training, because several milions of anuall profit are not enough. Fuck all of them, if I’m ever going to work again in cybersec, it will be a non-profit.

This OP’s article infuriates me, the nerves they have to demand more money for what’s entirely their failure, which they also directly cause in every company they touch. I’m sure that the fact that the failure was so devastating for most companies is also by large margin fault of their investors, some of which are probably also part of this lawsuit, that blocked investment into disaster recovery plans or backups, because their millions of profit per year felt low.

I feel like I’m getting pretty radicalized recently, ugh.

While I’m all for holding CS accountable for what happened, thisis not the way how to do it and to whom they should be accountable. If there’s any lawsuit, it should come from the customers who have been affected by the outage, not some fucking investors and shareholders that probably kept pressuring CS for the last several years to reduce costs and increase revenue, that are now scrambling to avoid consequences of their endless greed ruining companies they don’t care about by forcing endless growth at all costs and doing as much as they can to prevent internal investments, because that’s not what makes the line go up.

Fuck them. I hope they loose and have to eat their losses + expensive lawsuit. If CS would be able to actually invest their revenue internally, instead of it feeding pockets of greedy investors who give literaly zero fucks about the product or the service, this may not have happened.

I saw that happen at the cybersecurity company I was working at, when we got acquired by investors. Several milion of profit after costs suddenly wasn’t enough, and we had to reduce already non-existent internal projects or investments, that we have already been lacking to be able to do our job properly.

I work part-time as a game developer, and part time as a pentester, so I do search for technical questions quite a lot.

Hmm, now I wonder whether I’m just used to it. I haven’t used any other search engine in more than a year. I’ll have to compare the results more, but as far as I remember every time I couldn’t find what I needed on DDG and resorted to !g, the Google results were even worse.

I’ve just switched to it literally yesterday, and while you will probably not avoid Play Services, being able to install it into a different profile that’s only limited to the few apps that need it is nice.

Also, just the fact that on Graphene Play Services do not have the special privileges as on any android phone, and are subjected to the same limitations as any other app (which are even stricter on Graphene) helps a lot. It also means that even if you end up just running the play services at all times, they can’t do as much as they can on other android phones, and the data they can access without your explicit permission is really limited. So, even that helps by a lot.

While I don’t believe you can degoogle that quickly, because some of their services take quite some time to properly switch, such as email, in the end it’s not too hard, but just takes time and some work.

Changing email is easy, if you don’t mind it being a slow process. Just forward your google email, and start slowly replacing any service you notice in the following months/years to your new address.

Google Drive is harder to replace, I went for just running a NAS with Nextcloud, which takes care of most of Google Drive/Docs/Calendar stuff. If self-hosting isn’t your cup of tea, Proton is slowly setting up usable google alternatives - they have Drive and Calendar IIRC.

Now for phone, that’s the hardest task. You wouldn’t help yourself by getting an IPhone. While it would de-google you, there’s basically no point in switching google for apple. Getting android to be usable for stuff like banking, MFA and other bullshit you need your phone for while being degoogled is hard, due to the bullshit Google Services. The only solution I found is to either just go with dumb phone with an obscure OS, or just get a Google Pixel and run GrapheneOS.

Maps are another issue, but thankfully we have a local https://mapy.cz/ , which is a pretty OK alternative to Google maps for our country, and I guess they even work worldwide. I don’t drive a car, so I don’t really need it that often.

The only remaining Google service I use is GCloud VPS, because I have some websites running there on the free instances that I’m too lazy to move. But I’m slowly migrating it to Amazon. Not that it would help much, anyway. And also Youtube, but I’m trying to go through the alternative front-ends as much as possible.

And for browser, I’m using https://mullvad.net/en/browser. Fuck chromium.

If you have a Pixel, why not go all in with https://grapheneos.org/?

I’ve switched to DDG almost a year ago, and I never had issues with my search results. Quite the contrary, every time I tried using !g because I simply wasn’t finding an answer, the Google was ad-ridden bullshit full of promoted pages without relevance to what I was looking for.

I guess I’m just used to DDG quality of results, but I never felt like it’s as bad as you say.

This is how I did it. Set up a Protonmail account with my own domain, and set all my Gmail emails to forward there. I set up a special folder for all forwarded mail, to remind myslef that I should change my email on that service, and every time I logged somwhere or received an email from an important service I use, I made sure to change my address there.

It has already been several years, but I think I’ve managed to replace it everywhere within a few months. I haven’t seen a forwarded email in months, so I think I’m finally done.

This is actually hilarious. It didn’t occur to me that rebranding should also concern stuff like “tweets”, mostly because I’ve never used twitter, but I’m really looking forward to what he will come up with for those terms.

Is it even possible to implement E2E in the context of ActivtyPub? I mean, as far as I know, the federation doesn’t specify what content you send, only activities, groups and object definitions. There’s nothing stopping you from making the actual data E2E encrypted, altough making it so would be a hard problem.

On the other hand… As I’ve mused about in the other comments, it should be possible to create a fediverse app that serves as a self-hosted front-end for interacting with different fediverse apps. All of your personal data would live on it, and you are in full control. Which would also allow for a safe implementation of E2E, because you just publish your public key, and know that since the app is under your control, noone can get to it. However, this would mean that the other users whould have to use the same standart.

I actually really like that idea. If we can separate users from servers with content, so Lemmy instances would only host posts and comments, but DMs would be handled by the private user instances, it would make Fediverse a lot more private.

The only question standing in the way is - who hosts the content of the posts I make? If my home is programming.dev, and I post to lemmy.ml, do I send the post data through ActivityPub to Lemmy to host, or do I host in on programming.dev, and Lemmy.ml just gets the ID of the post? If it’s first one, making the self-hosted user frontend will be easy, since all you need is a few API calls to make posts, and the only storage you need is for DMs and your account details (which may actually static, so a faked webpage returning your data may suffice). If it’s the latter, then it will be a lot more difficult to easily self-host.

EDIT: I though you are replying to the comment about just hosting single-user instances, and assumed that you meant that if everyone had their own single use private instances, it would be against the fediverse idea. Sorry about that.

I wouldn’t say that’s making the fediverse private - it’s only making my personal account and data about what I visit private. That’s what the ActivityPub protocol is for, and the more I think about it, the more I hope that some kind of app would show up - one that would be designed to just act as a personal front-end for the Fediverse, which would allow you to interact as a user from your instance with others, but also one that would keep all of your data, which are currently at mercy of your instance admins, at your personal instance.

Of course, you still need people to host instances that are actually made for communities and content, and that’s what Lemmy or Mastodon is designed for - but I’d like to see a Fediverse app that isn’t made for hosting content, but only for letting you interact with other instances. There’s no drawback - quite the contrary, instance admins don’t have to deal with and take care of my private data, because my instance is handling all of that, while I still will be providing content for their instance. I think that definitely fits into the idea of what Fediverse should be.

The only thing I’m not sure about yet is if it’s possible - if I create a Post on an instance that’s not my home, who is hosting the data? Do I only send ActivityPub Create Post with the data and the instance then saves it, or do I create the post on my own instance, send an ID, and if someone requests the Post data on the instance I posted to, it will be requested from mine? Because if it’s the first one, then such a client that only implements DMs, your own user account, and a frontend for showing posts on other instances would be doable. And definitely something important, because it solves the biggest privacy issues of Lemmy right now. I see no drawback in that - the only data I would not be in control of are the ones I post to other instances, but that’s ok. And even if you would be the one hosting it, all it means is that it would be a little bit harder do host it yourself.

Also, if I understand the ActivityPub right, if you’re ok with not getting notifications or DMs, your personal instance wouldn’t even need to be online at all times, since you only request data about communities and posts when you are browsing. But this would depend on whether the content and comments are hosted at your instance, or at the instance you are commenting or posting to.

I really like this idea. And from what I’ve seen of the ActivityPub protocol, it should even be that hard, aside from the UI.

Wouldn’t that make it actually a lot worse? As in, if I just make my own instance with one user total, I’ll just singlehandedly outvote every other server.

Hmm, that actually sounds like a great idea. Does it actually need to be reachable from the outside, if you don’t want to host any of your own communities on it? Or will it be enough for the instance to just pool data? Apart from no-one being able to contact you via DM, that is.

I’ll look into it, having my own home instance actually sounds pretty easy and it may work.

Actually - wouldn’t it even be possible to build a browser extension for that? One that just simulates ActivityPub calls, and you just browse on someone else’s instance without logging in while still allowing you to comment or vote on your behalf?

EDIT: I’ve posted some more thoughs about it to another comment, which I assumed was a reply to this one. The more I think about it, the more I really like the idea of a self-hosted front-end for Fediverse apps that doesn’t host communities, but only user interactions and allows you to interact with other apps and instances.

This is something that will be hard to solve. You can’t really effectively discern between a large instance with a lot of users, and instance with lot of fake users that’s making them look like real users. Any kind of protection I can think of, for example based on the activity of the users, can be simply faked by the bot server.

The only solution I see is to just publish the vote% or vote counts per instance, since that’s what the local server knows, and let us personally ban instances we don’t recognize or care about, so their votes won’t count in our feed.

I’m almost certain that if something like this happened to any fediverse instance - that a local police enforcement would contact the admin and asked for user’s data, which they are required by law to provide or they would go to jail/get a hefty fine and possibly a criminal record, they would do that too. That’s also why E2E is required, to prevent such problems for instance admins - but then again, there’s really nothing you can do against local law, and if it requires that you have to be able to cooperate, well… Then there’s not much the admin can do, without putting himself in a real risk of prosecution, because he is breaking the law by have E2E.

That’s also a good reason to be careful when selecting your home instance, and making sure that you choose one in a country that has all right laws in that regard.

Of course, that’s assuming the police makes contact. I don’t suppose that the admins would be searching through the DMs of people to snitch on them. And if Meta is doing that preemtively and is actively snitching on people - that’s downright evil.

That’s the only way. I don’t think there’s any other solution that would allow for you being able to be sure that the instance you are on doesn’t have a way to acess your data - any other e2e encryption integrated into Lemmy UI would not and cannot be reliable, because an admin can just rewrite the code as he sees fit.

Only solution to this is to just encrypt the message manually before it touches anything Lemmy UI.