• 5 Posts
  • 433 Comments
Joined 2 years ago
cake
Cake day: August 4th, 2023

help-circle

  • Yup. Entirely possible. Blocking third party cookies might somewhat reduce sites’ ability to tell that you’re the same you on the same browser between VPN and direct connection, but even that isn’t any guarantee that Linkedin (and/or the ad providers Linkedin uses) and Spotify (and/or their ad providers) don’t know you’re the same user between VPN and direct. And if there’s some amount of collusion and/or purchase of user tracking info going on between those entities, even only first-party cookies are sufficient for them to be able to prove the link between your direct and VPN IP addresses. Even without any cookies, though, there are still browser fingerprinting techniques that are worth looking into if you want to know more about defeating that sort of tracking.


  • TootSweet@lemmy.worldtoMemes@lemmy.mlhey L.W mods/admins, how's it going?
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    1
    ·
    6 days ago

    Anyone want to place bets on how long it is before Elon uses this as an excuse to whisper in Trump’s ear that he needs to classify the Fediverse as a terrorist organization? It’d conveniently shut down competition with Xitter (and other billionaire-owned social media sites) if Mastodon (and Lemmy and PeerTube and Diaspora etc) was shut down for “RaDiCaLiZiNg fErTiLiTy ClInIc BoMbErS” or whatever BS.


  • Very probably if you can’t think how it would be beneficial for your use case, it won’t be beneficial to your use case.

    “Website” (as opposed to “web app”) sounds like something static with no server-side logic (save serving up static content) which further makes Docker not seem very useful for your use case. In your shoes, if I haven’t inferred too much, I’d probably first think of some CloudFront/S3-based solution.

    Typically, Docker is used in cloud infrastructure (AWS or the like) in situations where there’s a lot of server-side resource usage and you want to be able to scale up on very short notice. It can also be useful for on-prem sort of situations, or for if you want to run server-side software in a “contained” sort of way where you don’t have to install your software’s dependencies on the host machine. (Running a Java app on an EC2 node without installing a JRE on the instance, for instance.) Docker is also good (particularly relative to PaaS options) for minimizing vendor lockin (though, again, only really if you have server-side logic to contend with, and if you’re dealing with a static website, it’s hard to imagine vendor lockin being an issue.)

    I suppose you could shoehorn it in. Stick your static website on an EC2 node with a Dockerized Nginx to serve it, or even bundle your static website into a Docker image, but I’d imagine you’d pay more for such a solution than just using CloudFront with S3 or whatever.

    (And yes, I keep mentioning AWS, but there are lots of hosts out there. For the more focused LAMP-stack-providers rather than IaaS options, Docker would be of even less use.)

    Now, even if you do intend to have server-side logic, I’m not sure Docker really adds much to the conversation unless your server side logic is expected to use a fair bit of CPU and/or RAM, you’re expecting to get a good amount of request volume, and you want to be able to scale horizontally very quickly.



  • Like someone else in this thread mentioned, Elon. I hated him well before he started doing really assholeish stuff publicly. I had plenty of liberal friends who thought he was cool and edgy and bought not-a-flamethrowers and Tesla cars. When the soccer team got trapped in a cave in Thailand and Elon called the rescue team pedophiles, I was like “I knew that guy had to be a total asshole”. Of course, now I know that was not even the tip of the iceberg.

    I think I was ahead of the curve hating on “generative AI”.

    Bill Gates. I hated him for being a big part of the rise of proprietary software as an institution long before the right wing conspiracy theorists started making up bullshit about him. Which is annoying because now I have to tell people I hate Gates but not because I think he’s putting 5G microchips in vaccines or whatever bullshit.

    Facebook is probably a pretty good example. I quit Facebook in like 2008. Not that nobody was talking about how evil Facebook was at the time, but their evil wasn’t really as well known at the time, I don’t think.

    I’m realizing a lot of these are technology-related.



  • A few ideas:

    • If it’s a hard drive, listen to see if you keep getting hard drive noises after the freeze.
    • Try SSH’ing in to that box (or otherwise try making a network connection to it.) Just to make sure the system is actually freezing and it’s not just the graphics screwing up and not updating the display while continuing to boot.
    • Delete/uninstall your AMD firmware. Or if you don’t have it installed, install it.
    • If you’re currently booting in EFI mode, try BIOS mode. Or vice versa.
    • Try booting with an incorrect “root” kernel parameter. My thought is maybe if it’s loading a module that’s causing issues, if it can’t get the root FS, it can’t load modules. If it doesn’t have the same issue, that will tell you something. (And if it does, that’ll tell you something too.)
    • Try other distros’s live ISOs to see if you you can isolate anything that makes a difference.

  • I wonder if there’s a way to prevent people from even knowing that two different votes came from the same user.

    What I outlined above should prevent anyone from knowing two different votes came from the same user… without specifically trying that user’s id on each. That’s what the salt (the comment/post id) is for.



  • TootSweet@lemmy.worldtoOpen Source@lemmy.mlIntroducing Lemvotes
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    2
    ·
    edit-2
    1 month ago

    Votes should be anonymous.

    I tend to agree, but the fact is that they aren’t anonymous. This tool just exposes the already-existing fact that Lemmy expressly does not guarantee anonymity for votes. The solution isn’t to not for the poster to not publish this tool. Believe me, such tools already exist in private even if none other than this one are published. Publishing this one only democratizes access to that information. (And not entirely, I don’t think. From what I’m seeing on the page, it looks like it still requires an admin account on an instance. Update: Actually, I’m not sure if it requires an admin account or not. Either way, though.) The solution is (if it’s possible) to make Lemmy itself protect voters’ anonymity.

    The reason why instances know who has up/down voted things (rather than only keeping an anonymized “total” for each post/comment) is so it can prevent double-voting.

    Maybe instead of usernames, the instances could store/trade… salted hashes of the usernames where the salt is the title or unique identifier of the post/comment being voted on? It wouldn’t be perfect, but it would allow the instance to figure out whether the currently-viewing or currently-voting user has already voted while also making it harder for anyone else to get that information. About the only way a tool could tell you exhaustively who had voted if that were how things worked that I can think of off hand is to try every username on Lemmy one-by-one until all the votes were accounted for.

    (Of course, malicious instances could still keep track of usernames or unique user ids who up/downvoted, but only on the instance on which the vote was cast. Also, one downside of this approach would be increased CPU usage. How much? Not sure. It might be trivial. Or maybe not. Dunno.)

    And there may be much better ways to do this. I haven’t really thought about it much. I also haven’t checked whether there is an open ticket asking for improved anonymity for votes already.

    (Also, full disclosure, all of the above was written after only an extremely brief skim of the linked page.)

    (One more edit. Something IHawkMike said led me to realize that the scheme I described above would allow instances to manipulate votes by just inventing hashes. Like, grabbing 512 bits of data from /dev/urandom and giving it to other instances as if it was a hash of a username or user id when, in fact, it’s not a hash of anything. Other instances wouldn’t be able to easily tell that it wasn’t the hash of a valid user id. I haven’t thought how to go about solving that yet. Maybe if it occurs to me, I’ll update this post.)