• 1 Post
  • 149 Comments
Joined 1 year ago
Cake day: July 5th, 2023
  • shagie@programming.devtoProgramming@programming.devWhat do y'all think about mailing lists and IRC as sole communication channels?
    8·
    1 year ago

    IRC is fine for almost synchronous communication - but dealing with things that work on the timescale of days or weeks, IRC becomes difficult to maintain a discussion about a fix or feature over that timeframe that includes all the interested participants.

    Mailing lists often come with an archive and a sufficiently large project will have multiple lists for different aspects of the project. Consider gcc ( https://gcc.gnu.org/lists.html )and you’ll see that bugs and patches are their own lists. Going into there you can also see the archives for the project… and if the mailing list software has support for it, viable by thread https://gcc.gnu.org/pipermail/gcc-bugs/

    https://lkml.org/lkml/2013/11/25/519 is another fun read (that entire thread).

    git has support for (and was originally used via) email. git send-email (docs) and git am (docs) are part of its original functionality and that workflow can make use if it.

    I’m personally most comfortable with GitHub or GitLab, followed by email. An IRC or discord project lacks the ability to properly research the “why was this done that way back in 2016”… unless the project doesn’t aspire to be a long lived open source project.

    Managing email is something that should be considered as part of this. Setting up a separate email address for that project, or using the + addressing as part of the email to make it so that your email filters can operate on them better (Exchange, gmail). This may require deeper familiarity with email clients than is common today - smart mailboxes in Mac Mail, client side rules in Exchange, or old school procmail with a shell account.

  • shagie@programming.devtoFediverse@lemmy.world*Permanently Deleted*English
    21·
    1 year ago

    https://join-lemmy.org/news/2023-06-17_-_Update_from_Lemmy_after_the_Reddit_blackout

    For the past three years dessalines and I have been funded to work on Lemmy full-time by generous support from the NLnet foundation. These donations are paid out when we implement certain new features. But now we are busy answering questions, reviewing pull requests and urgently fixing problems. That means we are unable to work on the milestones agreed with NLnet, and won’t receive payments from them. We are increasingly reliant on user donations to pay our bills. These donations currently add up to 1500 Euros per month, which is not even enough to pay minimum wage for the two of us. Hopefully more users can consider donating, so that we can put our full attention to making Lemmy better for everyone, and possibly add more developers to our worker co-op in the future.

    https://lemmy.ml/comment/479066 (posted June 8th)

    When our open source grant from NLNet runs out at the end of this year, we will have to switch to full community funding, probably via yearly funding drives. Currently we only have two full-time devs, @nutomic@lemmy.ml and I, but could potentially add more to our little worker coop as we grow.

  • shagie@programming.devtoFediverse@lemmy.worldI just developed and deployed the first real-time protection for lemmy against CSAM!English
    164·
    1 year ago

    https://www.law.cornell.edu/uscode/text/18/2258A

    (a) Duty To Report.—
    (1) In general.—
    (A) Duty.—In order to reduce the proliferation of online child sexual exploitation and to prevent the online sexual exploitation of children, a provider—
    (i) shall, as soon as reasonably possible after obtaining actual knowledge of any facts or circumstances described in paragraph (2)(A), take the actions described in subparagraph (B); and
    (ii) may, after obtaining actual knowledge of any facts or circumstances described in paragraph (2)(B), take the actions described in subparagraph (B).
    (B) Actions described.—The actions described in this subparagraph are—
    (i) providing to the CyberTipline of NCMEC, or any successor to the CyberTipline operated by NCMEC, the mailing address, telephone number, facsimile number, electronic mailing address of, and individual point of contact for, such provider; and
    (ii) making a report of such facts or circumstances to the CyberTipline, or any successor to the CyberTipline operated by NCMEC.

    (e) Failure To Report.—A provider that knowingly and willfully fails to make a report required under subsection (a)(1) shall be fined—
    (1) in the case of an initial knowing and willful failure to make a report, not more than $150,000; and
    (2) in the case of any second or subsequent knowing and willful failure to make a report, not more than $300,000.

    Check with a lawyer if blocking an upload that your server has access to because of suspected CSAM constitutes “actual knowledge or any facts or circumstances”.

  • shagie@programming.devtoTechnology@beehaw.orgWe Are Retroactively Dropping the iPhone’s Repairability Score | iFixit News
    9·
    1 year ago

    2- positive supply-chain validation. Not important for the majority of people, but for those who require a little more security, they can be a little more sure that their device isn’t compromised from illegitimate parts. I imagine this to be a fringe benefit for executives and the like

    Anecdotally, many years ago I had a Mac laptop that was fairly new but I ran it as what amounted to a portable desktop. It was plugged in 99% of the time. A few months after I got it I had an issue with one of the fans. Instead of taking it to the Apple Store that was 90 miles away (I was living and working in a small town then), I took it to the local computer repair… and they fixed it it.

    Afterwards, while I didn’t use batteries much, it seemed off.

    Another two years and I had moved to a larger city and took my laptop into the local Apple Store for them to replace a fan that was not operating strongly enough. The repair tech commented that I had a sub par third party and while it should be replaced as its battery health was very low, it wouldn’t be covered under warranty because it clearly wasn’t an OEM Apple part.

    I strongly suspect that the repair shop had swapped my new battery out for an old one and hoped I wouldn’t notice because I didn’t use it in that capacity. I can’t prove anything and the shop had gone out of business.

    This is anecdotal and batteries for laptops don’t get pairing the same way phones do… but this sort of thing happens.

  • shagie@programming.devtoLemmy@lemmy.mlWhat is the plan to deal with CSAM?English
    8·
    1 year ago

    No.

    The nature of the checksums and perceptual hashing is kept in confidence between the National Center for Missing and Exploited Children (NCMEC) and the provider. If the “is this classified as CSAM?” service was available as an open source project those attempting to circumvent the tool would be able to test it until the modifications were sufficient to get a false negative.

    There are attempts to do “scan and delete” but this may add legal jeopardy to server admins even more than not scanning as server admins are required by law to report and preserve the images and log files associated with CSAM.

    I’d strongly suggest anyone hosting a Lemmy instance to read https://www.eff.org/deeplinks/2022/12/user-generated-content-and-fediverse-legal-primer

    The requirements for hosting providers are https://www.law.cornell.edu/uscode/text/18/2258A

    (a) Duty To Report.—
    (1) In general.—
    (A) Duty.—In order to reduce the proliferation of online child sexual exploitation and to prevent the online sexual exploitation of children, a provider—
    (i) shall, as soon as reasonably possible after obtaining actual knowledge of any facts or circumstances described in paragraph (2)(A), take the actions described in subparagraph (B); and
    (ii) may, after obtaining actual knowledge of any facts or circumstances described in paragraph (2)(B), take the actions described in subparagraph (B).
    (B) Actions described.—The actions described in this subparagraph are—
    (i) providing to the CyberTipline of NCMEC, or any successor to the CyberTipline operated by NCMEC, the mailing address, telephone number, facsimile number, electronic mailing address of, and individual point of contact for, such provider; and
    (ii) making a report of such facts or circumstances to the CyberTipline, or any successor to the CyberTipline operated by NCMEC.

    (e) Failure To Report.—A provider that knowingly and willfully fails to make a report required under subsection (a)(1) shall be fined—
    (1) in the case of an initial knowing and willful failure to make a report, not more than $150,000; and
    (2) in the case of any second or subsequent knowing and willful failure to make a report, not more than $300,000.

  • shagie@programming.devtoProgramming@programming.devStack Overflow must change its attitude towards users.
    1·
    1 year ago

    You can do at most 40 reviews per day (to avoid people going on autopilot) but you are no more rewarded for doing 40 reviews in a day than you are doing 1 review a day for 40 days. The only exception to the 40/day limit is for diamond (elected) moderators.

    Furthermore, you’ll note that the review that you recently did (first posts) you were rewarded for doing it for the firs time… and your review action (which is public) was “looks ok” rather than down voting it or flagging it (though the answer you review wasn’t upvoted… so its ok, but not ok enough to up vote?).

    The goal of the review queues is to get people to just check to make sure things are going ok.

    If/when you get to 3000 rep, you’ll be just as rewarded for casting a close vote in the close vote queue as you would for saying “leave open” - or going into the reopen queue and casting a reopen vote.

    The point is that the one sided statement of “SO rewards tagging and closing questions” doesn’t properly capture what you are doing. Additionally, the rewards for doing reviews (badges) is completely separate from the rewards that drive the rest of the site (reputation).

    Overall, the system of voting, curation, and moderation on Stack Overflow has broken down. There are not enough people doing these things on a regular basis and so the actions that are taken to keep Stack Overflow from becoming Yahoo Answers are predominately “close” rather than “cultivate and curate” because there isn’t enough time for people who are able to do those tasks to do so and make a meaningful impact.

    Your next badge would be to help out in the first posts review queue another 249 times.

    The badges are there to help guide new users to discovery of the site as they participate more on it. Voting everyone does and understands, but few people see the review queues unless guided there by badges and blame “the moderators” (which is everyone on the site with sufficient rep to do reviews) for actions.

    How do you get users who have participated enough to get 1000 rep to do a first posts review? Or 2000 rep to help out and check the suggested edits? Or 3000 rep and see if things should be opened or closed other than with the badges prompted prompted by reaching various reputation thresholds?

    Forums for helping others existed for decades before SO and even now a lot of stuff has moved to discord, Reddit, Zulip, and slack and they still have moderation and most people actually get answers to their questions.

    I’m sure that people still go to https://javaranch.com to view posts like https://coderanch.com/f/33/java for getting help and searching for answers.

    Zulip and Slack and discord are quite good for interactive help with someone on a problem now. They’re absolutely a non-starter for searching for past issues so that you don’t need to ask someone to get interactive help now.

    Reddit is ok as it’s indexed by google… until people go through and delete their old content. Sure, that’s fine and it’s their content, but it also means that you’re asking questions there. And you’ll also note the curation and formatting of in https://www.reddit.com/r/javahelp/ isn’t exactly up to Stack Overflow standards.

    The point is that these are different systems with different goals and are trying to do them in different ways.

    Reddit doesn’t care about the long term searchable value of a question or answer as much as Stack Overflow does because once it drops off the page it’s gone and no one is going to find it again. Stack Overflow had a different goal.

    https://blog.codinghorror.com/introducing-stackoverflow-com/

    Stackoverflow is sort of like the anti-experts-exchange (minus the nausea-inducing sleaze and quasi-legal search engine gaming) meets wikipedia meets programming reddit. It is by programmers, for programmers, with the ultimate intent of collectively increasing the sum total of good programming knowledge in the world. No matter what programming language you use, or what operating system you call home. Better programming is our goal.

    It’s fair to argue if its by programmers anymore - but that was its goal and its a very different goal than “help each person who asks a question.”