I've long considered Signal to be almost toy security. It's good enough for government employees not wanting their boss knowing about their lesbian relationships, in my opinion it's not good enough for activists and journalists.
Between server centralization, single client app (so incompatible additions are not detected), the new non-foss server component ('for security'), complete absence of metadata protection, ... It's Slightly Worse XMPP.
@feonixrift @TheGibson what instead, then? XMPP is simply *not usable* for most people (and I say this as someone who had set up 4 separate XMPP servers back in the day), Briar is not yet there (no iOS app, no store-and-forward), Tox is old news, and then there's a bunch of crypto scams like (checks notes) Session.
This is not hypothetical, this is a tool that is needed. So, what is *viable* out there?
I am ignoring everything that is not FLOSS and decentralized, obviously. So Threema, Wire, *shudders* Telegram are all out.
What am I missing?
@mplammers @feonixrift @TheGibson no no, I already mentioned crypto scams.
For ample evidence that a metric crap-ton of stuff built on Ethereum and similar blockchains should be approached with utmost suspicion, might I suggest scrolling through this:
It's informative *and* hilarious.
@rysiek That was an interesting scroll indeed!
Nonetheless, I have not found enough information about how these scams (many of which involving social engineering and Discord) prove how Jami's implementation may be a scam.
Shouldn't we make the distinction here that actual scams that abuse some tech do not necessarily make that technology itself a scam?
Perhaps you mean that the smart contracts may allow an attacker to impersonate another Jami user name?
@mplammers @feonixrift @TheGibson I mean that blockchain tech space is filled to the brim with scams, and I will not spend time nor effort on considering any blockchain-using project as serious and not-scammy at this stage. Especially that I have not yet seen a single such project where blockchain was actually necessary to achieve its goals.
You are welcome to come to your own conclusions, of course. 👍
@feld @mplammers @feonixrift @thegibson @rysiek These are social problems that, ultimately, require social solutions, such as funding the government agencies that are *supposed* to be auditing the banks and stock exchanges, to a level where they can actually do their jobs.
Attempts to solve social problems with code *don’t work* and usually make the situation worse.
(recommended reading: “code and other laws of cyberspace”, “liars and outliers”)
Yeah my IPFS node is going offline, honestly it just doesn't work in any meaningful sense of the word. Or maybe it does, but isn't so useful to me, Idk.
Ethereum was /supposed/ to move to proof of stake vs proof of work, did that ever actually happen as planned/announced? I don't think it has.
I've been evaluating IPFS as a potential 'value added' hosting business, over at Digital Ocean. I ran it a few weeks on my residential network before DO.
What I find is, it is rough, it is slower than DNS to propagate changes, and anything but performant unless you have high demand content that will be 'communally shouldered' by it's consumers.
It's a pretty narrow application space, and a hard sell for me. I think I'm gonna pass.
@rysiek @dangoljames @mplammers @feonixrift @TheGibson I don't know if this is entirely accurate but I heard some whisperings that a lot of the purported robustness of IPFS is a result of Protocol Labs funding aggressive hosting on their ipfs.io infra out of pocket, indirectly to get people into their Filecoin ecosystem
@rysiek only the hashing distribution is decentralized; actual storage must be provided by the content provider, by way of an IPFS node. Either yours or someone else’s.
You /can/ find some pinning (read cohosting) services for free as in beer, but those are promo efforts and will eventually go away, as storage and bandwidth costs money, bottom line.
Expert configuration and proactive infrastructure management would be the value-add in such a business proposition.
@dangoljames yes, but in my particular case, hashing distribution is all that I need to be decentralized.
@rysiek as it is for me, and most potential IPFS users. That’s why it would underpin a good hosting business ; )
It’s the speed that kills it; I sometimes waited a full 24 hours before seeing updates; and it isn’t just slow - it throws ugliness into the browser until such time as all the resolutions in a given request succeed.
sorry for the edit, me culpa…
@dangoljames the merge is happening probably around april, there's a lot of moving parts but there's testnets happening
@dangoljames that being said it's fucking stupid jami needs to rely on that entire stack to make it work for ???some reason???
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!