This makes me sad, that we can’t engage in civil discussion about this. Why did you assume and not ask questions? Be curious, not judgmental.

To me it’s a question of laws. The laws of the U.S. at least somewhat constrain the people of my own country, and can prevent them from working against their own citizens. Like me.

Please be kind when replying.

As a US citizen, I prefer services that US consumer protections could apply to. (While we still have them, ahem.) I know that Chinese laws will not protect me from things a Chinese business does in China.

Scrooge McDuck is an employee of his companies too.

BBS software. Nerds always find a way. I guess if I have to be a sysop now…

They would enforce the rules of their payment card network. Once they’re aware of a violation they take action. If they become aware of a series of violations they take further action to ensure the merchant complies in the future.

I think I communicated part of this badly. My intent was to address “what is this speech?” classification, to make moderation scale better. I might have misunderstood you but I think you’re talking about a “who is speaking?” problem. That would be solved by something different.

I mentioned this in another comment, but we need to somehow move away from free form text. So here’s a super flawed makes-you-think idea to start the conversation:

Suppose you had an alternative kind of Lemmy instance where every post has to include both the post like normal and a “Simple English” summary of your own post. (Like, using only the “ten hundred most common words” Simple English) If your summary doesn’t match your text, that’s bannable. (It’s a hypothetical, just go with me on this.)

Now you have simple text you can search against, use automated moderation tools on, and run scripts against. If there’s a debate, code can follow the conversation and intervene if someone is being dishonest. If lots of users are saying the same thing, their statements can be merged to avoid duplicate effort. If someone is breaking the rules, rule enforcement can be automated.

Ok so obviously this idea as written can never work. (Though I love the idea of brand new users only being allowed to post in Simple English until they are allow-listed, to avoid spam, but that’s a different thing.) But the essence and meaning of a post can be represented in some way. Analyze things automatically with an LLM, make people diagram their sentences like English class, I don’t know.

My own “we need” list, from a dork who stood up a web server nearly 25 years ago to host weeb crap for friends on IRC:

We need a baseline security architecture recipe people can follow, to cover the huge gap in needs between “I’m running one thing for the general public and I hope it doesn’t get hacked” and “I’m running a hundred things in different VMs and containers and I don’t want to lose everything when just one of them gets hacked.”

(I’m slowly building something like this for mspencer.net but it’s difficult. I’ll happily share what I learn for others to copy, since I have no proprietary interest in it, but I kinda suck at this and someone else succeeding first is far more likely)

We need innovative ways to represent the various ideas, contributions, debates, informative replies, and everything else we share, beyond just free form text with an image. Private communities get drowned in spam and “brain resource exhaustion attacks” without it. Decompose the task of moderation into pieces that can be divided up and audited, where right now they’re all very top down.

Distributed identity management (original 90s PGP web of trust type stuff) can allow moderating users without mass-judging entire instances or network services. Users have keys and sign stuff, and those cryptographic signatures can be used to prove “you said you would honor rule X, but you broke that rule here, as attested to by these signing users.” So people or communities that care about rule X know to maybe not trust that user to follow that rule.

Apologies, I did the American thing. Checks, which get turned into X9.100 files, which are just digital versions of bags of bundles of checks, with check images that were TIFF images in CCITT T.6 encoding.

I don’t know if you’re being serious, but I can confirm from my time at as a developer at a banking software company, we didn’t use a hard RT OS even for like Mosler or Hitachi high speed check sorters. Just fast C++ code. (On Windows XP still, when I left in 2016)

(Work load is basically: batch of checks is loaded into an input hopper, along with check sized pieces of paper which are headers and footers, machine rapidly scans MICR lines and they go flying towards output pockets, and our code has something like 20 ms to receive the MICR data and pass back a sorting decision.)

Same. Went from radiks.net dial-up to US-West business DSL. Registered my domain at the same time, mspencer.net

I don’t know what people call this, but I’m curious if you also need future balance prediction, basically “here’s how much left over you’re going to have this payday, next payday, etc”. I might switch from my homegrown spreadsheet to one of these recommendations if they also support that.

(I’m talking about something where you input your known scheduled debits and credits, especially for people with biweekly paychecks but monthly debits, and then you match recent actual activity with what’s expected. So you get “current balance is $1800 but it’ll get as low as $300 before you get paid next” type info to keep you from over spending.)

I think image generators in general work by iteratively changing random noise and checking it with a classifier, until the resulting image has a stronger and stronger finding of “cat” or “best quality” or “realistic”.

If this classifier provides fine grained descriptive attributes, that’s a nightmare. If it just detects yes or no, that’s probably fine.

Not really, it’s been pretty effortless. Every couple months I have to make sure my renewed LetsEncrypt certs really got imported, but I don’t think I’ve had to intervene manually for anything in a long time.

I do, and I agree about their utility. My users and aliases are in OpenLDAP but it’s pretty easy to add new ones.

Separate accounts are preferable if you’re actually going to be responding to messages. I’ve had some embarrassing encounters where I’ve given an alias to a business that I didn’t realize was going to actually use it for real email conversations with a human. By default roundcube web mail lets you hit reply anyway and the reply goes out with your real address, which can lead to confusion.

I host my own for mspencer dot net, used this 15-ish step walkthrough from linuxbabe dot com. Only maybe three instances of spam in two years, gmail and outlook receive my messages just fine, etc. (Successful spammers were using legitimate services, and those services took action when notified. Greylist delays emails by a few minutes but it’s extremely effective against most spammers because they never come back to retry messages after a few minutes, while legitimate senders will.) I don’t know if I would accept blanket advice against self hosting.

Fundamentally if your mail server can see the addressee, it can see the content. SMTPS encrypts both in the same channel. So at the point where you accept messages and store them in a mailbox, the messages have to be readable.

Encrypting them at rest isn’t something I currently do, but if you’re going to later serve those messages to an email client that expects to receive clear text, your server needs both the keys and the messages. They can be stored in different places.

Most of your needs could be met with full disk encryption on the box hosting Dovecot. If you’re worried about being compelled to decrypt, there’s always the deck of cards trick: The pass phrase for full disk encryption consists of a memorized portion plus the letters and numbers of the top N cards in this deck of cards you keep by the server. If someone were to shuffle that deck of cards, and the server were powered down, the encrypted volume would be impossible to recover.

I’m eager to learn what other Dovecot tricks people can recommend to improve security.

Deceased users’ estates still haven’t agreed to the new terms, have they?

Mostly I’m scared I’ll write a firewall rule incorrectly and suddenly expose a bunch of internal infrastructure I thought wasn’t exposed.

In a general sense, you are discussing a way to control other people and organizations, and to make them stop talking about you. (Communicating and storing your information) This isn’t always possible or practical.

If you pay a merchant with your payment card, that merchant is allowed to know your payment card number. If you call a toll free number, the recipient of your call is allowed to know your phone number.

If they decide to share what they learn about you, and they do so legally, there’s not a whole lot you can do to stop them. I’m not saying this to antagonize or hurt you. I invite you to think differently about what you can control and what is worth worrying about.

s/celebs/weebs/

Fixed :-)