zottels Friendica-Server

zottel

•

5 days ago

zottel ist Building in Red beigetreten

zottel

•

3 weeks ago

zottel ist BitcoinOTC Forum beigetreten

zottel

•

4 weeks ago

Bob Mottram wrote the following post 4 Wochen her:

The Disconcerting Details: How Facebook Teams Up With Data Brokers to Show You Targeted Ads on Eff

Recently, we published a blog post that described how to opt out of seeing ads on Facebook targeted to you based on your offline activities. This post explained where these companies get their data, what information they share with Facebook, or what this means for your privacy.

4 comments show more

Emmanuel Revah

•

4 weeks ago

I learned 2 things today:

1. Facebook seems to be trying to go the right direction, or maybe just a bit or for show, but maybe more than Google.

2. Facebook relies on other sources of user data as if they don't make good use of the data they already have on their users. This seems odd as FB should know more about their users than anyone else considering their platform combined with trackers on almost every website out there.

zottel

•

4 weeks ago

Hm, Acxiom wrote me a letter stating they didn't know anything about me. X-)

This could even be right as we moved to this address only in December, and I'm not sure if I ordered anything to that address since. Should have requested with my wife's name, probably.

zottel

•

1 month ago

Friendica servers deliberately made slow using tag search?

@Lazy Admin

I was wondering why my Friendica server was often reacting so slow lately, so I watched the logs a little more closely.

I found that from various IPs (never twice the same), there were search requests sent to my Friendica server, always for the same search terms.

The terms are (shortly after each other) the tags "opensource" and "UEFI-Secure-Boot", or (much more seldomly) the tags "joindiaspora" and "creativeCommons". The log entry would look like this, e.g.: "GET /search?tag=opensource HTTP/1.1"

The two respective terms are sent within a few seconds from the same IP, and when that happens, my server becomes VERY slow.

There's one more suspicious search that show up less frequently (and not combined with a second search), but from the same networks: "GET /search&search=create&page=3 HTTP/1.1"

Nearly all of those queries are sent from various networks of a French hoster named OVH, the domain these queries come from is .kimsufi.com... show more

Deny from kimsufi.com
        Deny from 69.197.190.0/25
        Deny from 194.103.2.0/24
        Deny from 193.234.166.0/24
        Deny from 194.71.222.0/23

(If you want to use that, too, don't forget to set that in both VirtualHost configs, with and without SSL!)

@lazy admin

19 comments show more

Rasmus Fuhse

•

1 month ago from Diaspora

More interestingly, what does the unknown server want with that?

zottel

•

1 month ago

That's the point. If it was always the same IP, or not hoster but ISP addresses, I'd say someone wrote himself a script that "follows" these tags on my server (though he wouldn't find much).

But the way it is, coming always from different IPs in the same networks of hosters, this really looks suspicious. But why would anyone do that?

Fabio

•

1 month ago

looks like a bot following links...

zottel

•

1 month ago

Always the same links?

Michael MD

•

4 weeks ago

I hacked it here to use POST Ssearch engine bots were following links resulting in lots of searches and it was slowing things down

zottel

•

4 weeks ago

I just counted: During Apr 24th, I had

- 115 searches for the tag opensource
- 60 searches for the tag UEFI-Secure-Boot
- none for joindiaspora (not since Apr 21st) or creativeCommons, so these might have been coincidence

That's one search for opensource or UEFI-Secure-Boot every 8 minutes, and each makes my server very slow for about 30 s.

It's definitely clear that these are bots. They show diverse browsers as user agents, but they never access the images that are on the pages, or ping, as a normal borwser would.

With the Deny rules from above, I couldn't get them all, there were always new requests from networks I hadn't covered yet. Plus, probably not all servers from those networks have bots, of course.

So I now added this to the VirtualHost definitions of my Friendica server:

RewriteEngine On

        RewriteCond %{QUERY_STRING} tag=opensource [[OR]]
        RewriteCond %{QUERY_STRING} tag=UEFI-Secure-Boot
        RewriteRule /search - [F]

(The O... show more

RewriteEngine On

        RewriteCond %{QUERY_STRING} tag=opensource [[OR]]
        RewriteCond %{QUERY_STRING} tag=UEFI-Secure-Boot
        RewriteRule /search - [F]

(The OR has only single brackets, of course, but I couldn't get that right in bbcode otherwise.)

@Michael MD Since I disallowed /search for all search engines in robots.txt, I don't have problems there anymore. The searches shown here are nearly the only searches I have on my server at all.

@michael md

Michael MD

•

3 weeks ago

another idea might be to only show the search boxes to authenticated users
or maybe show them with javascript so that they are less easy for bots to find

I was changing it to use post but changed it back the next day after noticing there was other stuff in there looking at post requests that might break if i didn't also make other changes.

so for now I have it redirecting to external custom tag search pages, only does tag searches but its pretty fast and they can also find matches for some of the other stuff here (not in the friendica instance)
(users here would expect to find the events and are much more likely to be looking for events and forum posts than anything else (only, etc - so search kind of needs to be a custom thing here anyway)

Tupambae.Net Administracion

•

3 weeks ago

Definitely wan't that search machines out of y server!

The other day made a review of TAILS (I can't recomend it) and the preinstalled search machine, cant remember which, gave me a lot of hits that for some reason remembered me on this post.
Actually I added a norobot txt in the root directory, maybe it got lost in some moment as google popsup again also. We definitely should look for some more features in the ACP (I only have phpBB as reference) to block those guys ore even selected bots. Also it could be usefull to know which relatet site to us uses which policy. Not for the own server velocity but if you have someone who spreads info everywhere maybe you don't wan't to be on that screen.

zottel

•

3 weeks ago

@Michael MD Which custom tag search pages?

@michael md

Michael MD

•

3 weeks ago

pages like this: http://www.spraci.com/tags/electro

zottel

•

3 weeks ago

Ah, ok, I thought some third-party dedicated tag serach engines.

How did you realize these pages, especially the search engine part? Did you use something already existent or did you prgram it yourself?

Michael MD

•

3 weeks ago

The tag search index I'm using is just lots of small files which contain id's matching part of a small hash (those are generated from the terms/tags). Its fast because a search for a tag only needs to search one small file for the rest of the hash
(collisions are quite rare even with such tiny hashes and can be filtered later)
The start of each line in those files is the date so that results can be sorted on that before it looks at the data files.

The operating system itself also does a fantastic job caching stuff from recently read files in ram. The first time you search for something it might take a few seconds .. search for it again and its almost instant!

There is also a simple key/value store using files partitioned by id ranges (using offsets calculated from the ids to look up byte offsets data records
The data records are currently php serialize format strings compressed with deflate

Even though its php, its pretty fast, though the data store is more about dealing with data that has come from a few different... show more

David Benfell

•

3 weeks ago

I like the idea of only allowing authenticated users to search. That's how I have my Drupal set up, but there I have a lot of material that is not public.

I guess here, I don't know why anybody would want to search disunitedstates.com anyway. The results would be too random.

#039

Tupambae.Net likes this.

zottel

•

3 weeks ago

@Michael MD Sounds interesting.

@David Benfell The problem might be that tags you (or any users on your system) set on posts link back to a tag search on your server. This only works if it's open to all users, too.

BTW, as I had a yasni search for "m" although /search is forbidden to all search engines, and as searchers who are real people would never search for a single letter, I've now forbidden to search for a single letter on my server.

These are the lines to do that in Apache:

RewriteCond %{QUERY_STRING} search=.\& [[OR]]
RewriteCond %{QUERY_STRING} search=.$
RewriteRule /search - [F]

Again, the OR only needs single brackets.

This has to be in the <Directory> tag of the virtual server definition, and somewhere aobve that entry there must be a line that says

RewriteEngine On

@michael md @david benfell

David Benfell

•

3 weeks ago

Thanks @zottel .

I haven't looked to see if my server is under the attack described here, but I have implemented all this. I'm spending way too much money, especially by the time it gets converted from euros to dollars, on this server for it to be abused any more than absolutely necessary.

#039 @zottel

Charles Roth MPC

•

3 weeks ago

Alternately:

iptables -A INPUT -s 194.71.222.0/23 -j DROP

etc. in iptables/firewall

David Benfell

•

3 weeks ago

No way.

Any time I fuck with packet filtering, it breaks my Internet. And with my server in Munich, that would mean I'd lose all control over my server, at least until I got the Contabo folks to hook up whatever that doodad was they used to let me install Arch Linux.

I will NEVER mess with packet filtering again. It is a supremely bad idea to put something so incomprehensible in such a critical spot and it should be forcibly and painfully returned to the ass who came up with it.

#039

zottel

•

3 weeks ago

@Charles Roth MPC Yes, though my first attempt of filtering certain networks wasn't really successful. There were always new networks I hadn't blocked before, and, of course, servers from these networks will be used for other stuff than tis strange behaviour, of course.

So scratch the stuff from the first post.

The two rules from the comments work more reliably and don't block people that haven't done anything bad.

@charles roth mpc

Charles Roth MPC

•

3 weeks ago

I've had very good luck with a combination of UFW & iptables.

zottel

•

1 month ago

zottel ist Els Mussols beigetreten

Paul Taylor likes this.

zottel

•

1 month ago

zottel ist Bitcoin otc beigetreten

Tupambae.Net Administracion

•

1 month ago

Das Forum wird neu instaliert.
Bitte erneut anmelden, wenn keine Anfrage kommt.

zottel

•

1 month ago

zottel ist Bitcoin beigetreten

zottel

•

2 months ago

The horror!

@Lazy Admin

Oh. My. God.

What I experienced today (and still do) must be one of the most terrible experiences I ever had since I'm using computers.

It started out with the typical plain stupidity that is one of the best reasons to always keep backups: I wanted to delete an email alias to my account on my Zimbra server, and what I actually did was delete my account. Yay!

But what do we have backups for, right? So told my wife to read her emails of today, and that I would restore the backup of this morning afterwards.

So I stopped Zimbra, fired up duplicity and told it to restore the latest backup. It said it won't restore to an existing directory, so I deleted the whole /opt/zimbra tree with everything in it.

I'm not sure if there would have been a chance to restore my account before that point; after that it was obviously impossible without a backup.

Then I fired up duplicity again. It started working, and the hard disk became ever fu... show more

@lazy admin

7 comments show more

Arto

•

2 months ago

Wow, sorry to hear, sounds painful. But, seems like it is working. When my old laptop died a month ago, my duplicity backup was the only thing left between utter despair and 2 hours of inconvenience while all my files were restored.

I entered the restore command and hoped for the best, it worked as advertised.
But this Zimbra storage problem sounds super insane.
Are you sure you want to stay with Zimbra after this?

zottel

•

2 months ago

Well, it's actually more an OpenLDAP problem than a Zimbra problem. They could have been more vocal about the change, though.

But yes, I want to stay with Zimbra. There's simply nothing else like it that I know of.

Next step, btw: Now that the restore is complete and I wanted to test mdb_copy, I had to find out that the image I got is 32bit while the binary is 64bit. X-)

I'm glad that I can just use the image with the backup in another virtual machine. But I'll NOT do anything more today.

zottel

•

2 months ago

Sheesh, just remembered to disable the backup on the Zimbra server. It wouldn't have done too much harm since the backups I used now are still there, of course, and I do have a complete copy here now, but it might have complicated things further. X-)

zottel

•

2 months ago

BTW, now that the restore is complete, the LDAP db file actually has a size of 80GB, and it is also counted by du. I sincerely hope that this mdb_copy will be able to fulfill its task also if the file it works on isn't really a sparse file anymore.

zottel

•

2 months ago

Ok, the mdb_copy tool worked on my new 64bit Ubuntu VM. Reducing 80GB to 1MB.

Now I'm currently creating a new full and now reduced backup and uploading it to the FTP to then restore it on my server. The end of the odyssey seems to be near.

zottel

•

2 months ago

Ok, after uploading the new full backup for three and a half hours, I restored it on the server and everythung worked.

Of course, I also changed the size of the sparse file to a MUCH lower value now, so that restoring backups won't be a problem in the future.

Phew.

Emmanuel Revah

•

2 months ago

It takes something like this to make sure it doesn't happen again.

(ignore my private message, I see you've already tested the new Zimbra)
: ]

zottel

•

3 months ago

Zimbra and not much memory

@Lazy Admin

During the last months, I occasionally went on about Zimbra and how great it is, and how well it works with just the 1GB RAM I have on my Zimbra server.

I still think it's great, and I don't know anything only remotely similar available for free, and probably not even for money.

But the mail databases have grown since, and it isn't as snappy anymore as it was in the beginning. I did import all the emails from my former account, so I didn't think much would happen, but it did. Maybe it's the INBOX that has grown a lot since, maybe it's the Trash folder with its 30 days worth of about 1000 emails, maybe it's other stuff, but it has become slow sometimes.

Especially when there are currently mails coming in, and thus amavisd and spamassassin are doing their work, the web interface often has very noticable lags. When I restart fail2ban on one of my servers, it creates about ten or twelve emails in a row. Which is not at all much, of course. But when the Zimbra... show more

@lazy admin

22 comments show more

David Benfell

•

3 months ago

You're sure it is system capacity issues and not something else--like database stupidity?

#039

Patrick Georgi

•

3 months ago

If you're on an x86-64 system (or any other 32/64 mixed mode architecture, for that matter), try running the java parts on a 32bit JVM - worked wonders for me with my webapps.

So much of java runtime state is pointers, which double in size when moving to 64bit, and with 1GB of RAM you don't need the large pointers anyway. Only downside is that the code generator is less efficient (less registers to work with). Linux's x32 ABI could help there, but I don't think the JVM is adapted for that already.

zottel

•

3 months ago

@David Benfell They recommend at least 4 GB of RAM, and there are always considerable amounts of swap used, so RAM is an important factor, I think.

@Patrick Georgi Ah, good idea, thanks. I'll try that when I have time to,

@david benfell @patrick georgi

Emmanuel Revah

•

3 months ago

@zottel This is why I never even touched Zimbra. It is a RAM hog. I've discussed this and other such groupwareish solutions with friends. Every time Zimbra came on the table it was pushed back out for the same reason: Memory.

That and Java.

And I don't like that it's half Open Source, but that's just me.

If you only have 2 users you could try other things. I really like Roundcube as a Webmail UI, they've come a long way and there are millions of good plugins to extend it.

If you want to get into the groupware thing, you could try out Kolab, it's still young but looks promising (uses Rouncube and Postfix among other stuffs). Their calendar plugin is really nice and they even have a plugin to integrate Owncloud within RC.

But really for small deployments, if you don't need groupware, I'd just go with straight up Postfix/dovecot/etc + Roundcube (+ other webmails if you want). I've even written an admin interface for such a setup (and there... show more

@zottel

David Benfell

•

3 months ago

The half-open source part bugs me too.

But the other requirement I have for a webmail is that it support GnuPG. Horde does this in theory--if only I could get it to stop doing white screens of death--and I thought Zimbra would as well. Roundcube either doesn't or does so crudely (there's also squirrelmail and probably something else, with which I may be confusing roundcube).

#039

Michael MD

•

3 months ago

citadel is bad enough, constantly hogging 512 MB or so. so I shut that down. I can't afford to dedicate a whole vps to it

Michael MD

•

3 months ago

13 emails without a glitch and for 2 users would probably not need more than 256M

when you think that fifteen years ago servers at ISP's were reliably handling email for THOUSANDS of users with no more ram than that you might be able to see why ALL of this looks like extreme bloat to me.

zottel

•

3 months ago

@Emmanuel Revah I had a Roundcube+a lot other stuff setup before I chengd to Zimbra. It worked, but I wouldn't have thrown that at my wife (who used GMail at that point).

My main requirements are:
- Good webmail interface
- Good (!) integration of contacts and calendar, syncable to smartphones

The problem is that solutions that aren't groupware solution don't integrate the contacts & calendar stuff well. And for each and every little thingy you have to install a separate package, learn them all, and in the end it works more or less, but not very well.

I want email? Ok, here's exim.
I want spam protection? Install spamassassin.
I want IMAP access? Install dovecot.
I want web access? Install Roundcube.
Now I want to mark spam on the web and on the IMAP to have it learned by spamassasin? Uh, er, there's no standard solution for that, think about how you can do that yourself. And, BTW, bayes is off by default in spamassasin, don't forget to configure tha... show more

@emmanuel revah

zottel

•

3 months ago

Ok, now I'd like to see my exchange calendar from work on my web calendar?

To be honest, I should add that this wasn't straightforward with Zimbra, either, because I don't have the paid version, of course. Outlook can export the calendar to a WebDAV share. I used that function to export it to Zimbra WebDAV and then imported that calendar as an .ics feed in Zimbra.

Emmanuel Revah

•

3 months ago

I do see your points, and I know there are solutions for each one. And yes, each one might be some separate plugin or even just a config and so on.

(For example, in my Roundcube there's a "mark as spam" button that simply copies the spam to the spam folder, then a script goes through there to learn tokens).

So yes, it's not all in one. Also, strong point that probably has made life easier for me, I only access my email via webmail, I don't use mobile phones so I've not to worry about syncing and so on.
In that sense the built-in contact module works perfectly and is fast. The calendar is okay, though on this point I had some issues with the direction some of the plugins were heading for like MyRoundcube hostage plugins. I've used the Kolab for of the original calendar, it's much better (technically and ethically).

I almost did go the Zimbra route at some point, besides the half Open Source thing I also had some issue with system requirements, this seems to be the wall you are hitting.

For me, I have few users, very few, but using Zimbra would require me to allocate 4GB to a VM just for this task. Right now my Mail Server doesn't make a bump on the VM it sits on which does a bunch of other things.

I don't want to convince you to go back to what you already tried, you've been there done that, so you know. But I do want to be clear that while I agree that it can be some work to get everything tied together nicely, it's possible.

For this I did write a script to install a full basic server (Web + Mail mostly) with everything above (except Roundcube for now). So it's also possible to "do it right", then automate that. (if really interested: D.I.S.S, I need to update this thing though, but I still use it as a starting point on new machines).

In the end, I can understand why Zimbra, however, I can't help but suggest you look at Kolab as it seems to have many of the features you are looking for. As it runs of the usual Postfix/Courier and so on, you can easily add your own stuff like add SPF, greylisting, strict HELO and so on in Postifx's config. I don't know how you would do that in Zimbra.

Emmanuel Revah

•

3 months ago

Michael MD, me saying that my server can handle 13 emails was a joke.

zottel

•

3 months ago

@Emmanuel Revah Hm, Kolab might even be usable. I think I looked at it at one point (some time ago) and didn't try it, probably because of its use of ActiveSync as mobile synchronisation protocol.

At least some time ago, ActiveSync didn't support more than 4 email adresses and 4 phone numbers, and I think it didn't even support more than one postal address. Plus, the possible labels for phone numbers were very few and restricted to those defined by Microsoft, so using ActiveSync as the sync protocol crippled the possibilities of both the phone and the groupware server.

On some projects, data could even be lost (like have 5 phone numbers at a contact, sync it to the phone -> 4 phone numbers on the phone, change the contact on the phone, sync it back -> original contact record has lost one phone number).

I'm not sure if this is still the case, but I think it is.

There is a Kolab sync client for Android that uses Kolab's native storage format, but it seems it can on... show more

@emmanuel revah

zottel

•

3 months ago

Just looked, here's the ActiveSync contact record specification: http://msdn.microsoft.com/en-us/library/ee160254%28v=exchg.80%29.aspx

I can define up to 13 phone numbers in that protocol (some of which are unusable for "normal" contacts, though). The sensible ones are: Home1, Home2, Home Fax, Business1, Business2, Business Fax, and Mobile. Maybe for some people (not me) Car Phone, Assistant's Number, and Company Main Number might be useful. I don't know what I should do with MMS, Pager or Radio Phone Number (what's a radio phone, anyway?).

It's not possible to exactly define a business mobile number, though, e.g. and other similar stuff. It's not at all elegant, but I think in most cases, it should be usable.

There are three postal addresses labaled Home, Business and Other, which should be enough, Zimbra doesn't give me more, too. (More labels, that is, I could define four addresses all labeled "Home", though I never needed more than three post... show more

Emmanuel Revah

•

3 months ago

I had no idea what ActiveSync was, again I don't have a mobile phone, but also, I've been using webmail exclusively since 2000.

The reason for using only webmail was partially motivated by the fact that back in the day my contacts couldn't be synced between my computer and my webmail, same for filters (until I implemented sieve), and the same for calendars. So I thought I may as well only use the webmail as it's got everything and looks the same no matter where I connect from.

It seems nowadays things are finally getting a bit better, however, as I can feel from your experience, it's not always that easy when you need to work from multiple devices (and not always rely on webmail).

I've tried to install Kolab 3 but the Wheezy packages were still experimental at that time. They should be better by now, if I try again I'll let you know and give you an account and/or admin so you can see for yourself. (If I do this it'll be on a test server).

zottel likes this.

Emmanuel Revah

•

3 months ago

Not sure about the questions, but:

In Roundcube's core addressbook I can haz more than 4 emails per contact (I just tried with 8). I have "home", "work", "other" as categories for everything (email, phone, etc). I probably have few contacts, one reason being that it was only recently that RC had integrated a proper AddrBook.

As for filters, again I use just plain RC with my ISPmail-ish setup, I use the built-in Sieve filters plugin which makes use of the MDA's sieve capability (Dovecot in my case, Kolab uses Courier). Sieve (server side) is obviously great, and you can do quite a few things. I've not seen any limits there.

David Benfell

•

3 months ago

Yup. I don't know how many of each kind of contact entry gmail allows, but it allows you to change the labels to whatever you need. I'm learning to value that, because some contacts just are never going to fit in any predefined boxes.

#039

zottel

•

3 months ago

Yes, the problem is ActiveSync.

I can have as many email addresses as I want in Zimbra, but IIRC if I sync with ActiveSync, only three of them will get synced to the phone. In Zimbra (again IIRC), syncing back truncated records from the phone won't delete the additional data already present anymore (since one or two major versions), but it still can't sync more than three email addresses to the phone because that isn't possible with ActiveSync.

About filters: I never used sieve, but it seems to be quite good, yes.

Emmanuel Revah

•

3 months ago

Sieve: The day I first implemented this I was so happy, filters on the server's side made not only sense, but also life easier.

For example, I have a user that got one of those Google tracking devices (mobile/Android), apparently it's tied to some Google/Gmail account (don't ask me, I have no clue). Anyway, he doesn't want to be bothered by regular email all day, so he just set up a sieve filter, when me and a few other select recipients email him it get's forwarded to his gmail/phone.

You can do a lot of stuff like that, besides the usual "if mail contains/comes_from put in folder", you can "mark as", "forward", "reply", etc. As it's server side, you can set the filters with RC or Squirrelmail and then use Thunderbird or any other IMAP client, the emails will be filtered as per the Sieve filters.

zottel

•

3 months ago

I only saw something about sieve a long time ago when I was using Mulberry as my MUA. I wanted to use it then, but I didn't host my email myself at that time, so I couldn't. It seemed very complex to me, but also powerful.

Zimbra has an easy-to-use filter interface that any user who is advanced enough to need something like that can use.

It also has predefined filters like "is bulk mail" or "comes from a mailing list".

It can also forward, but it cannot auto-reply (apart from out-of-office replies that can be configured a little but, but not much, of course).

The main advantage is probably that the filters have access to the contacts, so filtering "is in one of my address books" is possible. The main disadvantage is that only wildcard filters are possible, not regex filters (which I guess is possible with sieve?).

zottel

•

3 months ago

@David Benfell Yes, I liked that, too. I did that a lot many years ago with my Palms and Psion devices. Unfortunately, this seems to have come out of fashion. ActiveSync doesn't support it, but CardDAV (using the vCard format) doesn't support it, too, at least not officially.

So Zimbra only has predefined labels, too. A pity.

@david benfell

Emmanuel Revah

•

3 months ago

@zottel Indeed Sieve can do all of that (expression, regular or not, fwd, transfer, reply, discard, flag, combinations, etc) but in my install I cannot use a rule "if in my contact book" which is a pretty neat feature actually.

@zottel

Emmanuel Revah

•

2 months ago

@zottel I installed Kolab on a test server, it doesn't have any OwnCloud stuff and can't find much about that, I think the project lacks much documentation at this point.

However if you want to try it out (before I wipe out this server) let me know. There's "ActiveSync" and stuff like that.

(pm me for codes)

@zottel

zottel

•

3 months ago

Hehe, yes, that's how the Google stores might be like. X-)

http://tapastic.com/episode/1976

zottel

•

3 months ago

Commander Zot wrote the following post 3 months ago:

In order to implement controllable privacy, one needs to start by having identity. This is an easy problem to solve in a centralised network. One service contains all the login information - and therefore knows who everybody is and can assign roles and access rights between them.

On the decentralised web (which is the way the web works incidentally), privacy is a lot harder because identity is a lot harder. Your machine might know who you are, but my machine doesn't. If I need to make a photo private so only you can see it, I need to know who you are.

How to solve this problem? Distributed authentication.If I need to know who you are, I'm going to ask your server to prove to me who yo

Commander Zot wrote the following post 3 months ago:

In order to implement controllable privacy, one needs to start by having identity. This is an easy problem to solve in a centralised network. One service contains all the login information - and therefore knows who everybody is and can assign roles and access rights between them.

On the decentralised web (which is the way the web works incidentally), privacy is a lot harder because identity is a lot harder. Your machine might know who you are, but my machine doesn't. If I need to make a photo private so only you can see it, I need to know who you are.

How to solve this problem? Distributed authentication.If I need to know who you are, I'm going to ask your server to prove to me who you are. Then I'll show you the private photo.

Friendica does this well.

Red takes this to another level entirely. As you browse decentralised services across the internet, you will casually notice that you are logged into some of them and they greet you by name. You didn't have to do anything to make this happen. You're just surfing the web, and you can see stuff which is only visible to you - because the site you are visiting is able to verify who you are. But you needn't worry about your privacy because we can't track you across the internet. All we know is that you are here. We don't know where you go from there. There is no central website or data harvesting ability. It's just a bunch of independent computers with independent content. And you can move - you aren't authenticated to a single server or DNS address, you're authenticated as you. No matter where you are.

And anywhere you go within the Red universe, we can make content visible to your eyes only.

What kind of content are you likely to find on Red?

Anything. We're building an open source content management system on top of a decentralised communications network - with internet iscale access control. We don't have any concept of "friends". That's sooo 1995. We just publish stuff privately and create channels of things we wish to share, and share these with whom we wish, because we know how to prove that those viewing the things we share are who they say they are. This could completely change how you look at the internet. It is how the internet should work. Blogs, forums, small business websites, dating sites, wikis, customer relations sites, social networks, photo sharing sites, issue tracking sites and more. Just about anything you can do on any other website, we'll be able to provide in Red. Except we can also communicate with other sites and control who can see stuff. If you use a CMS today, you're limited to providing communications and permissions with those that register on the site. Red is a matrix of independent CMS installations that can use communications and permission controls to become a part of something much larger than any one website. You control the content. There are no user agreements or terms of service - unless you use somebody else's server. If you do this and violate their terms of service, you can take a thumbdrive containing the essence of your identity, and find another site. All your permissions, all the channels you communicate with - are still there.

When somebody asks me if I'm on a "social network" I can only laugh. That's like asking me if I have a telegraph.

zottel

•

3 months ago

zottel has joined Sustainable Living

zottel

•

3 months ago

Email address based but privacy aware friend finder?

@Friendica Red Development

I just had an idea how uploading address books and finding friends based on their email addresses could work without the privacy problems that exist in other social networks and still be federated.

Create a field in the profile for email addresses. Multiple addresses can be specified with some UI to add more addresses, one per field.
Make it possible to decide whether this email address should also be shown to profile viewers or only be used for searches. Or never show it at all. (If the user doesn't want to be found by email address, he simply doesn't fill in any.)
Create a hash of each address and put it into the directory.
Give the user the possibility to upload an address book.
First step: Create hashes of all email addresses in the address book and look for them in the directory, find matches. Don't save anything.
Maybe later (not sure

Create a field in the profile for email addresses. Multiple addresses can be specified with some UI to add more addresses, one per field.
Make it possible to decide whether this email address should also be shown to profile viewers or only be used for searches. Or never show it at all. (If the user doesn't want to be found by email address, he simply doesn't fill in any.)
Create a hash of each address and put it into the directory.
Give the user the possibility to upload an address book.
First step: Create hashes of all email addresses in the address book and look for them in the directory, find matches. Don't save anything.
Maybe later (not sure if that desirable): Save the names from the address book and the corresponding email address hashes (but never the actual addresses!). Notify the user when someone from the address book joins Red.

That would make it much easier to find actual friends and aquaintances on the network, should they ever join, but still the email addresses of a lot of people unrelated to Red or from other servers will never be available to the server admin or a hacker.

Plus, it can only show people I have in my address book myself, not vice versa. Even if it is saved on my server, it will never be sent to other servers, so I won't be shown as "someone they might know" to people I have in my address book unless chosen by common contacts.

Possible problems:

Searching the directory for possible matches from a large address book might be quite some task. I, e.g., have an address book with about 600 members, many of them with more than one email address. And some people have thousands of email addresses in their address books. I'm not sure if and how such a search could be done efficiently.
Is it good to give users the possibility to upload such private data, easily abusable by evil Red server admins?
At least if the data is saved, it gives admins more possibilities to create relationship graphs even for people their users are not (yet) connected to.

What do you think?

@friendica red development

43 comments show more

Rasmus Fuhse

•

3 months ago from Diaspora

Is this feature really federated? I don't get how I can find someone with this, who is not on my server and noone on my server has this person in his/her contactlist.

Hashes for emails are secure, but also quite easy to generate and identify. Could an evil RED-server catch all the hashes, compare them to its known email-adresses (from a third database like amazon/google/facebook internal probably) and realize the friend-connections within the RED network?

zottel

•

3 months ago

@Rasmus Fuhse

If I understood that correctly, the user directory is currently federated to all Red servers (only channels (users) who want to be in the directory, though). I think there was some talk once about creating special directory nodes that federate to each other and are populated by the Red servers (just like the single directory server of Friendica currently is, just not only one). I don't know what the current plans are.

As far as I see it would not be possible, though, to gain knowledge about connections from that. The directory is just a user list, no additional information. Nothing about who is connected to whom. (This info can be available at the channel profiles, though, if the users chose to show it.)

If someone has a large database of email addresses, he could use it to find out the red channel addresses that are linked to the email addresses. Which is not too bad, though, because the people opted in to be found by their email addresses.

There's anoth... show more

@rasmus fuhse

Thomas Willingham

•

3 months ago from The Free Web

One sentence summary: POCO based federated directories with bootstraps from any one of multiple primary directories.

Rasmus Fuhse

•

3 months ago from Diaspora

Alright, I realize that I didn't understand the concept of those directories and how a server or a channel might be connected with this directory. And I am not quite sure, that I do now, but at least that is now a topic to me and I can examine this stuff.

I guess, your concern is a real issue. This is pretty much like my idea I mentioned before. Evil users/servers might get access to those directories and use the data they find there. Even in a hashed form, this data could be interesting, if the evil user/server already has a database that it can easily check against the directory-data. In fact this being able to easily check your own database against the directory data is the main idea of this user-search by email-adresses.

tony baldwin

•

3 months ago

But I don't have any friends in my e-mail address book.
Only clients.

David Benfell

•

3 months ago

I, on the other hand, have been accumulating contact information for over a decade. I've got friends, businesses, and people I've never actually met in my address book.

Mr. X

•

3 months ago

I consider email address based friend finding a slippery slope. It wasn't until Facebook's email friend finder had matured a little that we found out how scary it was. They sucked in our mailboxes under the guise of finding friends - and kept the darn things. Not just the INBOX - all of our saved folders. Our archives. Our private correspondence. Our drafts. Everything.

Michael MD

•

3 months ago

that scared me even the first time I saw it!

it rang too many spam-related alarm bells in my head!

zottel

•

3 months ago

@David Benfell Same here. It's a thing I'm really missing in Friendica compared to G+ (where at that time, my address book was at Google, anyway, so I didn't have to upöoad anything). It helps a lot finding people I know when they join the network.

I can imagine stuff that is spammer-proof, but it gets a little complicated then.

We could only put a part of the hash, like the first half, e.g., into the directory (would have to look how many bytes would make sense, the collision probability should be rather high for that to make sense).

So if there's a hit, it isn't clear if the email address I have here is really the one that was hashed or another one where the hash value is the same.

Now my server sends a message to the server where the possible friend is hosted that contains the full hash of the email address in question (my server still doesn't have the email address itself saved, only the hash). That other server checks if it matches.

If it doesn't, the message is simply discarded. If it does, my friend on that other server (not me! That's important.) is notified that he/she might know me and is pointed to my profile. Then they can decide whether they want to contact me or not.

I think that is a rather beautiful solution, because 1) it doesn't help spammers and 2) it's nice in terms of privacy that uploading email addresses of others does not give me the power to find them but them the power to find me. If they don't contact me, I'll never know they joined the network.

It's a bit complex, though, and while it actually is quite good in terms of privacy, it might be scary if someone first joins the network and directly gets 25 friend suggestions of people they actually do know. Such a thing can't be explained to the average user except through a lengthy text they won't read.

And, of course, an evil server admin might chose to add a single line to the code and save all the address book files that are uploaded. But then again, evil admins can do all kinds of nasty things in social networks, so I'm not sure if this should be a reason not to do it.

@david benfell

Mr. X

•

3 months ago

Just so we're clear - I'm not opposed to the concept, but we have a lot of negative publicity to overcome. Perhaps show people "this is what we uploaded" and "would you like us to delete it now?". Those little bits can make a world of difference in the world of mistrust that Facebook created.

2 people like this

Rasmus Fuhse

•

3 months ago from Diaspora

I think we shouldn't be afraid of evil admins. - This is a rough discussion I have seen a lot of times in Diaspora. It doesn't lead to anything. Evil admins can do much more evil stuff.

I think, your solution of parted hashes might work, but I have not the feeling that this is a very good way to go. Probably we are really missing a federated search that looks up (at least) real names (in fact it doesn't matter if they are really real, or fake, but I mean the names) on the servers of my friends. With a recursion depth of 1 or probably 2 such a search would give awesome results and help us to find our fiends in this network very easy. I am not sure if emails will be the solution in this case. For all my old friends in facebook I don't know their real email-adresses and this is what makes facebook so convenient. I can find people, that I didn't even know that they were still alive and I knew nothing of them unless their names.

zottel

•

3 months ago

@Rasmus Fuhse This already works in Friendica and Red because of the directories we are talking about. In Friendica, there is one central directory server; in Red there are several, and every server copies the directory locally.

@rasmus fuhse

Mr. X

•

3 months ago

The Red directory works with real names today (and has an advanced search mode for things like location, birthday, gender and hometown - if the profile provides them). This will eventually be mirrored to secondary and tertiary directory mirrors so we aren't concerned with the poor interactivity of distributed search or single points of failure. Adding an email hash search option to the directory wouldn't be difficult at all. It would probably take an hour.

David Benfell

•

3 months ago

Yes, and Google-Plus lets me know if someone in my address book joins. It's horribly evil, I know.

But I can't even get horde working (WSOD every time) on my server, so I don't really have the option of replicating Google's functionality myself.

To the larger point of your post, however, I think the evil server admin problem is likely to rear its head in a multitude of ways, some of which we are unlikely to anticipate. It may be appropriate to implement some kind of reputation based system for refusing to connect to servers with such admins because ultimately, you're going to need a human element, and reaction to a demonstration of evil intent is the best we're going to be able to do.

Thomas Willingham

•

3 months ago from The Free Web

I mentioned this in an earlier thread.

We have a reputation based system. Somebody (ideally, several people so nobody can tamper with the figures) just needs to make the site.

It can't be a server admin, or a core contributor that does this, for obvious reasons.

And somebody just needs to reverse the logic on the allowed domains to allow other servers to block rogue sites.

David Benfell

•

3 months ago

What exactly needs to be done?

David Benfell

•

3 months ago

And I guess I'm ineligible by virtue of the fact I run a Friendica site?

Thomas Willingham

•

3 months ago from The Free Web

It's way too early to be doing anything. It needs to wait until Red is at least at the public preview state. The backend is there (or will be), is all I'm getting at.

We've got reputations ranging from 0 (Not categorised), to 5(Reputable, has my trust). We'll make this discoverable. You'd use the same data, and list by, say, average score, ignoring the zeros (which are "unknown" rather than "evil"). Ideally, you'd also match to POCO, so you as well as seeing an overall average score, you'd also see who your friends trust.

This will probably need to be done by directories anyway, so all you'd have to do is present it nicely. It would probably work best as an additional feature for a primary directory, rather than as a standalone site, but either could work.

We don't have this problem in Friendica - even though we've got some huge sites, we have an average of 2 people per server. You don't have dodgy Friendica admins, you just have bad friends.

Mr. X

•

3 months ago

The reputation stuff has been in Friendica since day 1 for rating your friends. It wasn't a very good solution and was abandoned.

The original concept was that somebody could scrape a bunch of Facebook accounts and create free web profiles to lure friends of these folks into some scam. We wanted to be able to say "Phillippe and Artemus trust that Commander Zot isn't a scammer". If you're friends with both Phillippe and Artemus maybe this Commander Zot dude is OK.

Querying the data would take a distributed search. Distributed searches suck. They'll only fly for darknet file-sharing sites where your desire for the latest movie downloads outweighs your natural revulsion at perhaps having to wait a few minutes for the search to start producing results.

The real reason the idea flopped is that nobody ever assigned any trustworthiness on their friends. Approve the friendship, perhaps add them to a group - you're done. Why do I have to provide extra data that *I'm not going to use*?

(e.g. this is primarily for somebody else to us... show more

Mr. X

•

3 months ago

Hmmm. Right - we didn't have poco and social graphs when the reputation stuff first floated. That makes the search part of the problem no harder than "common friends". So we only have to figure out how to get people to make a selection and save it and we might be able to revive it. It needs to be as easy and fun to rate people as the old "hotornot".

David Benfell

•

3 months ago

I remember the Friendica system.

I guess the problem I had with it was that I really didn't have a basis for assigning trust on a Likert scale. I didn't know anybody on Friendica, didn't even know this MacGirvin fellow.

Maybe, just maybe, something like GnuPG's trust/ultimately trust/distrust (is there another level) would be better there.

Thomas Willingham

•

3 months ago from The Free Web

So we only have to figure out how to get people to make a selection and save it and we might be able to revive it.

Rate a contact, get a point towards unlocking additional features.

David Benfell

•

3 months ago

Anybody play with Waze lately? It's like Pacman. You're driving down the road going where you're going (it's a mapping app that's supposed to respond to traffic and redirect you accordingly), and there are prizes on the virtual roadway for you to gobble up--and thus win points--as you pass the corresponding point in real life.

For Waze, I think it's a bad idea (not that the point system there is a particularly good idea in the first place). For Red, I'd need to see a compelling application.

Mr. X

•

3 months ago

This sounds a bit corny at first - but here's a thought bubble...

You literally turn it into a game where every channel gets a rating and this is prominently displayed somewhere - maybe in the directory. One could drill down and find out who voted a particular way (if you bother voting you can't be anonymous). This could help to keep things polite and civil all the way around. Piss people off and your rating is going to plummet.

There would probably develop a counter-culture of bad apples that thrive on low or negative ratings, and this would actually be OK. For them a low rating is a badge of honour. Fine with me.

There could be a bit of drama if a couple split up and she marked him as untrustable. But this isn't bad either. It makes the network interesting, the same way as unfriending somebody on Facebook once did. Petty squabbles are entertaining. One person's rating isn't going to destroy your reputation, and ultimately one can see who is trying to destroy somebody else's rating and analyse their motives and their own trustability.

But... show more

zottel

•

3 months ago

Sounds interesting.

Should we ever get really big, this will be probably dominated by bots just like Facebook likes are today, but only on the corporate level.

Thomas Willingham

•

3 months ago from The Free Web

Again, we've got POCO and social graphs. It doesn't matter how fucked up the rest of the network gets, we can always use only data that comes from your contacts. We could even display votes alongside Friends In Common.

zottel likes this.

Carlos Solís

•

3 months ago from mustard.mod

@Commander Zot Can something similar be done with hashtags, a la Trending Topics but decentralized?

@commander zot

Thomas Willingham

•

3 months ago from The Free Web

Probably not. Distributed search takes ages. It can take days for friends in common to start working. It works because it's not time sensitive.

It's probably not desirable either, for all the same reasons it's not desirable in Friendica, plus the whole not-being-a-social-network thing.

Mr. X

•

3 months ago

Can something similar be done with hashtags

Dead snake. That said, folks if you want to create a canary bathing scheduler in red or a comet warning system or a social media player - it's OPEN SOURCE.

Sheesh.

I've mentioned the problems with decentralisation and hashtags on numerous occasions. You should be able to find a related post or two in the archives at friendica.com.

If you want to follow decentralised hashtags - solve the problems with decentralised hashtags and submit a pull request. It's a hard problem to solve without either a) encouraging centralisation, and/or b) overloading small sites with unwanted input/storage.

I've already solved the problem in several ways. If you don't like any of my solutions (community tags, groups/forums) then start floating your own ideas and code and show us what you've got. If your solution either doesn't scale or leads to mega-site centralisation/amalgamation, it's probably not going to go over very well.

That said, red would be a... show more

Kevin M

•

3 months ago

While I really like your idea of changing the semantics from listing contacts to introducing oneself to contacts I still see a problem there.

Imagine a spammer who opens a red server. While the discussion of a possible evil admin focuses on the possibly bad intentions of the admin of the server YOU are using, this spammer does not even need any users.
He just creates a bogus account for each of his possible Spam recipient addresses on his server and publishes them to the directory.

Every time somebody uploads an address book the spammer is informed if it contains any address the spammer already has.
Thus he may not be able to verify addresses of people publishing their email addresses, but instead can verify addresses of all people in the address books that are uploaded anywhere on fred servers (if he already knows the address).
These implications could be mitigated by having the user, who is uploading his address book, mark all interesting and seemingly legitimate ones from the found profiles. However, most email addresses contain either a name... show more

Mr. X

•

3 months ago

There are people here who want to actually find workable solutions. On a difficulty scale of 1 to 10, this is about a 4. It might need some tweaking as you've pointed out (and as I pointed out earlier), but I believe there are ways to make the general concept work. All we really require is for you to perform an email verification step before anybody can match your email. We require this anyway.

Have a wonderful weekend.

Mr. X

•

3 months ago

Right - a flaw there as well - since the spammer can merely mark the addresses verified. Still it's not an unsolvable problem - just requires thinking outside the box.

Michael Meer

•

3 months ago

To calculate the hashes needs computing time. Computing time costs money.
We should use a hash algo that needs some time.

You may compare this issues with password hashes.
We should ensure that we use every time a different salt when hashing addresses and passwords.

Now you can punish me once more, cause I have not verified if this is already implemented or not.

Emmanuel Revah

•

3 months ago

I'm not sure I followed everything, and I hope I got what you guys are talking about. So:

Do we need to search people by email in a global directory ? Isn't it a good thing that we can't do that ? If my friends want to connect with me via Friendica, shouldn't they search me by name/alias or just send me a real email ?

It should be up to the users to put searchable data in their public profile and allow others to use that to find them. If they put nothing, that should be considered a deliberate choice to be harder to find.

Maybe there could put an "email hint box" and users can optionally add part(s) of their email address(es) to be used for searching ? (Or even their complete email if they feel like it).

Personally, I add my profile URL to my "contact" page and/or email signatures (depending who I write to).

All this besides the fact that some/many may use various emails/aliases for various services they are subscribed to, which would make it impossible to use email-hashes to find certain people.

Kevin M

•

3 months ago

If I interpreted the original idea correctly, the email search stuff would be optional. Anyone can add his/her email address to be searched or not do so.
I don't see any reason why I should not be allowed to add most/all of my addresses to my profile, since they are protected by the hash function.

Opposing to your idea of sending an ordinary email, I'd like to ask you if you have yet send anyone in your personal address book an email stating: "I use friendica, a federated social web. And this is my profile $URL"
For anyone not already using it, this would be comparable to: "I just ate a sandwich. It was tasty".

I absolutely agree to your point of making it optional to provide addresses for search, but I think this feature would solve a crucial problem of friendica: finding friends you already have and which you do not contact on a regular basis by email.

Kevin M

•

3 months ago

This sounds like a great idea.
But then, the hash generation would have to be either performed in JavaScript on the box of the uploader. Or a public server would have to make very sure that addresses cannot be added in bulk.
However, I feel that it would severely impair usability if I had to enter some captcha for any address in my address book.

By using the "offer yourself" approach of zottel, this could be reduced to entering a captcha/performing some task for being able to add a search-able address.

Emmanuel Revah

•

3 months ago

For anyone not already using it, this would be comparable to: "I just ate a sandwich. It was tasty".

That depends how you would formulate such an email. I remember the days when I'd receive emails from social networks saying

X uses this service and would like to connect with you click here please thanks.

Like them or not, they were more relevant than "I just ate a sandwich.".

Other than that I have actually written to friends about this, it takes a few seconds and voila. I don't see what's wrong with the signature thing either. Many people have their website, gpg, irc, etc etc in their signatures. They don't need a centralised database to coordinate p2p relations.

I also do often write to everyone in my contact book describing in detail the taste of the most recently eaten sandwich. Most people are apparently interested and excited as they often write back in CAPS LOCK. I don't read their replies though and keep writing back as often as I eat sandwiches.

More seriously,... show more

Kevin M

•

3 months ago

Don't get me wrong. I love your idea to put the friendica profile URL in the Email signature (and I think I will do so). I just fear that by on the one hand talking to some people about your friendica profile and on the other hand adding it to the email signature (forum signature/$whatever profile) you miss all the people you know from your afk live and do not send many emails to.

The alternative would be to think of a individual reason write an email to anybody you know and hope that they read your signature ;)

Emmanuel Revah likes this.

Mr. X

•

3 months ago

Of all the people that I was once connected to via Facebook, I think I knew the email addy of maybe four of them. Everybody else was found by name. This is long before they added location and other searches. And I found many of them by going through thousands of people with an identical name and looking at locations and profiles until they showed up. *Or* I found them through the friend list of a mutual friend. *Or* a combination of the two. So an email search is interesting and useful if we can do it right, but let's not lose sight of the bigger picture - making an advanced search work well so you can find anybody with the name "Fred Flintstone" that currently lives in "Bedrock" and has a wife named "Wilma".

The framework is there (minus the wife, but that's easy to add). Adding email would be great - if we can do it without impinging on somebody's privacy or turn them into spam bait.

3 people like this

zottel

•

3 months ago from Friendica mobile web

Well, I myself have problem that my surname as well as my first name are quite common in Germany. Anybody who enters the pair in Facebook will probably receive a few thousand hits.

Plus, on my public profile, I do not want to show my real name, where I live, where I work and of course not when I was born. Many people I know know this nickname I'm using, but not all, especially many from my family don't. This makes me very hard to find if not by email address. Even if I would use my real name.

And then, I do like (or rather would like) to be connected to insane numbers of people I have known at one point or the other in my life. Most of those will never be addressed in non-public posts, but it would be nice to have a way to get in touch with them if required, and to have a way (via the social network) to get more general messages to them in a way that's not as intrusive as an email. I wouldn't even think of trying to find them by entering their names, nor would they the other way round.

But anyway, it has already been said that there are reasons to... show more

Mr. X

•

3 months ago

Is it wrong to search for an email address? No. Is it wrong to return results? Only if the owner of the address doesn't want us to return results - in which case they won't provide an email address for us to match.

You can try and protect people from bad guys - but there's nothing you can do to protect people from themselves.

Emmanuel Revah likes this.

Michael MD

•

3 months ago

exactly -
nothing wrong if the people want it to be found.

I remember years ago setting up contact forms for users (so they wanted people to be able to contact them their email address didn't have to be anywhere where spam crawlers could scrape it.
.. but some users continued to put their email address in anywhere else that would display it! - even in link titles,etc
those users clearly wanted their email address to be visible.

I can try to protect them from spam but at the end of the day its their decision.

David Benfell

•

3 months ago

A lot of my email addresses have been out there for years. I no longer expect others to protect me from spam; I have to do this myself. The result is far from perfect, but manageable.

I don't advocate just exposing email addresses (although I do my own), but it is worth remembering that they exist like names and addresses, so that a person can be found--and contacted.

I don't think it is reasonable to expect anything like perfection from a scheme to guard against spammers in Red. A certain amount of this war needs to be fought elsewhere: on the SMTP level, at the MUA level, and in aggressively tracking down and shutting down spammers.

zottel

•

3 months ago

Oh, wow, Opera is moving to WebKit, too ...

Rasmus Fuhse wrote the following post 3 Monate her:

First Annette Schavan, then the pope and now Opera Web Browser:

http://my.opera.com/ODIN/blog/300-million-users-and-move-to-webkit

A week of retreats.

7 comments show more

Rasmus Fuhse

•

3 months ago from Diaspora

I can understand the decision and as a webdev it is good news in a way. But it's also quite sad.

J. Randal Matheny

•

3 months ago

Please explain what this means to a non-techie.

Rasmus Fuhse

•

3 months ago from Diaspora

If you're a non-techie, it means nothing at all. Opera will still exist and still be the same kind of browser that is different to others. It just changes its (legendary) rendering engine under the hood.

J. Randal Matheny

•

3 months ago

So is that a good move? Lots of people in the comments at the link above don't seem to like it.

Seth

•

3 months ago

Seth tagged zottel's status with #opera

Rasmus Fuhse

•

3 months ago from Diaspora

Actually it's a reasonable and good move. It's pro open source, it is less expensive for Opera, because they don't need to develop their own rendering engine anymore. It's just a little sad, because Opera has always been a pioneer - especially with its rendering engine Presto.

J. Randal Matheny

•

3 months ago

Gotcha. Thanks for the background. I use Opera some, more now since they bought out the email service I use.

zottel

•

3 months ago

zottel has joined vim editor

Charles Roth doesn't like this.

3 comments show more

Charles Roth MPC

•

3 months ago from mustard.mod

Just a #troll

I don't use either.

#troll

Paul Taylor likes this.

zottel

•

3 months ago

I never understood how anybody could like emacs, but I don't really give a shit who uses which editor.

As I'm a regular vim user, I hope there will be some nice tips & tricks in this forum.

zottel

•

3 months ago

Great. Just great.

http://wtfevolution.tumblr.com/

4 people like this

5 comments show more

Thomas Willingham

•

3 months ago from The Free Web

The animals there are nothing. There's one really fucked up species with a hydraulic penis over half a foot long, you should see them.

zottel likes this.

David Benfell

•

3 months ago

And it is unusually large relative to body size among animals

zottel

•

3 months ago

zottel has joined Friendica Developers

zottel

•

3 months ago

Commander Zot wrote the following post 3 months ago:

So what is "Red" exactly?

As currently envisioned, it's a multi-user personal content management system with blogs, forums, pages, photo albums, event calendars, yadda yadda, attached to WebDAV'able personal cloud file storage and a decentralised infinitely extensible "social" communications network - with (mostly invisible) decentralised access control across the whole lot, guarding your files and privacy.

Each instance becomes a "channel" in a matrix or grid of other Red instances, which can feed information to and from each other.

And it's free and open source and runs on pretty much any moderately sized Linux box - along with a number of shared hosting providers.

What can you do with it? I think a better question is "What can't you do with it?" (Not that it matters much, because it's extensible.)

PS> We could use a bit more help building it. We're just a handful of hackers doing what we can in our spare time.

zottel

•

3 months ago

zottel has joined FriendicAdmin

zottel

•

4 months ago

@Friendica Red Development Wouldn't that be a great image viewer for Red?

Klaus Weidenbach wrote the following post 4 Monate her:

Photobox image gallery
I like this #CSS3 and jQuery image gallery.

Photobox - CSS3 image gallery modal viewer on Dropthebit

A lightweight CSS3 image gallery that is pretty to look and and easy to use

@friendica red development #css3

2 people like this

15 comments show more

Einer von Vielen

•

4 months ago

Supports: Firefox, Chrome and IE8+

Einer von Vielen doesn't like this.

Thomas Willingham

•

4 months ago from The Free Web

It's using 100% CPU, and not doing anything.

zottel

•

4 months ago

@Thomas Willingham What browser? Works here with FF 18.

@thomas willingham

Thomas Willingham

•

4 months ago from The Free Web

Kazehakase. It also fails in Firefox 10.

Olivier M.

•

4 months ago

It's actually rather cute, and doesn't work too bad in IE9+ - we just lose the 3D CSS anims as far as I can tell.

Thomas Willingham

•

4 months ago from The Free Web

I think we need more than an image viewer anyway.

Nobody does photo albums well. Not even the likes of Flickr who claim photos as a core strength. I've been saying this for a couple of months now, and only two people have managed to provide links to half decent services - and both of them were "better than you'd expect, given the low standards we've become accustomed to" rather than "good".

At a minimum, we need to do some image manipulation, not just some image viewing.

Einer von Vielen likes this.

tony baldwin

•

4 months ago

It's slow and buggy here.
Whatever gallery uses for a slide show works nicely (as can be seen at http://tonybaldwin.me/art )

zottel

•

4 months ago

This one is IMHO already better than nearly everything else available out there. Question is, can we require modern browsers?

@Tony Baldwin That's Piclens, and it's Flash. I'd like to stay away from Flash if possible. I'm using Gallery3 for my site and PicLens's successor Cooliris for the dia show, but that's Flash, too, of course.

EDIT: BTW, I tried to use PicLens with my Zenphoto Gallery on my Dreamhost shared host before I moved to Gallery3 on my new VPS. The problem is that it requires an RSS feed with the images included. Maybe that RSS stuff wasn't done very well in Zenphoto, maybe the shared host was just too slow, but I really had problems using the slideshow as soon as an album had more than 100 photos or so, maybe already with 50. It became completely unusable with larger albums when they had more than 200 photos or so.

I just tested Google's albums in G+ again to see how they are doing it today.

Frankly, it's so good that it made me want to return to G+ just for th... show more

@tony baldwin

zottel

•

4 months ago

Not 100% perfect, too, though:

In G+, there's still no possibility to create subalbums (though that wouldn't be as high a priority for me anymore as it was when I last decided where and how to host my photos).

And, a more blatant omission: I didn't find a possibility to move photos between albums. If there is it's well hidden. EDIT: Found it, you have to edit the album to move a photo from it to another album.

tony baldwin

•

4 months ago

I'm using Iceweasel 17.0.1.

Thomas Willingham

•

4 months ago from The Free Web

Question is, can we require modern browsers?

Older/Text browsers have to work. They don't need to be fully featured. As long as we provide a fall back for older browsers, I don't see a problem with requiring a modern browser.

We should be aiming for fully featured support in IE 9 and FF 10.

Olivier M.

•

4 months ago

I second that Thomas. We shouldn't refrain from using modern features, they just should degrade gracefully when unsupported.

tony baldwin

•

4 months ago

I'm using a modern browser, Iceweasel 17, and this is slow, choppy, clumsy.

Thomas Willingham

•

4 months ago from The Free Web

The problem is, of course, the edge cases.

When everyone else sniffs browsers they go "you've got flash, here's a page that takes 4GB RAM to render". That's a non-sequitur. That's far too stupid for us to do.

I suppose putting fancy stuff in the Additional Features section (or in their own module), with recommended system requirements as a note is the way to go.

I should also add, I'm thinking beyond the core code of Red. I'm not good enough to do any of these features from scratch. Like the in-progress chat room, I'm going to be starting with other projects, and integrating them with Red as modules.

Luis Fernando

•

3 months ago

@zottel I think this image gallery is spectacular. Thanks for finding out about this!

I second that motion to try to provide a fail safe way to still display images for low resource browsers. By the way, I'm using Firefox 18.0.1 (Archlinux build, without any proprietary drivers) and it is very smooth.

Something like this looks a lot better than Facebook or those crappy flash galleries.

zottel

•

4 months ago

Commander Zot wrote the following post 4 months ago:

You're right - nobody is going to take down the Facebook in its own terrain. It's the alligator. If you're in the water, you're in the alligator's domain - and you're going to get eaten. So if you're building a "social network" - good luck and all that, but you're stuffed. Facebook doesn't have a bright future, but contrary to what some "visionaries" predicted - the future social web does not currently belong to decentralisation. At least not today. It will when the sleeping giants (the telecoms) wake up and realise that they're pulling all the strings and that they're the ones who really own the web. Not Google, not Facebook, not Amazon or Microsoft or Apple. This is also why Google is trying to learn how to be a

Commander Zot wrote the following post 4 months ago:

You're right - nobody is going to take down the Facebook in its own terrain. It's the alligator. If you're in the water, you're in the alligator's domain - and you're going to get eaten. So if you're building a "social network" - good luck and all that, but you're stuffed. Facebook doesn't have a bright future, but contrary to what some "visionaries" predicted - the future social web does not currently belong to decentralisation. At least not today. It will when the sleeping giants (the telecoms) wake up and realise that they're pulling all the strings and that they're the ones who really own the web. Not Google, not Facebook, not Amazon or Microsoft or Apple. This is also why Google is trying to learn how to be a telecom, because in that terrain, Google isn't predator - but prey.

But that web revolution is probably 5-10 years out.

Friendica is basically a social network, but with some "free and open" concepts built in. So it's in the water. A very small minority will find its freedom and privacy useful. Most have already moved on. Even an alligator might let a viper go as long as it isn't too hungry and the snake isn't seen as a threat.

I still don't think you've been listening because you're still thinking of Red as being in the water. I'm not playing the Facebook/SocNet game any more. I'm playing a different game - and it's not in the water. Facebook this, Facebook that - yada yada... I'm not building Facebook. I'm not building a Facebook competitor. Red has nothing whatsoever to do with Facebook (or G+, or Diaspora, yada, yada).

Red isn't a social network. It's website software which has the ability to matrix into something larger than itself. That's pretty much it. That isn't sexy to the masses, and it certainly isn't sexy to any VC's or even the Robert Scobles of the world. It's just a server appliance which we'd be particularly good at building after the Friendica experience, and it puts together some things we happen to do well into a combination which doesn't currently exist. It also starts over on things which we didn't do well and does them better - and provides a framework for others to build on. Some people might find it useful, especially those running niche online forums and blogs which are stuck in their centralised little islands. We've mentioned dating sites and small businesses. We can also cater a bit to that small minority of people who found freedom and privacy useful and found Friendica to be a safe refuge from Facebook - but there aren't many of these.

But this isn't Red's focus or raison de etre, it's just one thing that Red can do. For better or worse Facebook shaped the communications landscape and altered people's expectations of online communications and what features it should provide. Most blog and forum software are "pre-Facebook" and provide somewhat primitive communications. Many people demand more. We can do better than that, again based on the Friendica experience.

Decentralised access control is our terrain. Some/most would not see this as a market or audience worthy of interest.

But they'd be wrong.

zottel

•

4 months ago

@Friendica Red Development

My Red test server is running.

Any other testers whom I didn't already connect to myself: Please add my channell zottel@red.zottel.net

@friendica red development

Haakon Meland Eriksen likes this.

8 comments show more

zottel

•

4 months ago

BTW, including getting a new cert from StartSSL, a complete restart from zero when I found that there were bugs in the default database.sql, forking the repo, fixing the bugs and creating a pull request, it took about 45 minutes to get it all done.

Granted, I already know Friendica and my server was already configured correctly for Friendica and thus would work out of the box with Red, but still, this is just wonderfully easy.

EDIT: Beware, this doesn't mean you should already install Red if you managed to install Wordpress or Friendica. There is too much still unfinished and in the flow for Red to already be useful as a daily tool for everybody.

Bob Mottram

•

4 months ago

I doubt that I'll be installing Red mainly due to the SSL requirement, which would mean that I'd need to buy a domain name. At the moment I doubt that such expenses could be justified.

However, I could maybe get an account on another server once it's in a usable condition.

zottel

•

4 months ago

Could someone post something in Red so I know that's working?

Since there's no polling, I don't get the old posts from other people. I know that connecting works because the second identity of Michael Meer connected to me, but I can't see any posts yet.

Michael Meer

•

4 months ago

just another senseless post I send to you.

zottel

•

4 months ago

Hm. I did get an indicator at the network icon that there was a new post, but it isn't displayed. Only the top bar, the left aside, the share box and below it an always spinning rotator

zottel

•

4 months ago

Works now. I don't know if it just took some time, but I also couldn't see my own first post before yours arrived.

But I didn't do anything apart from switching on logging.

Thomas Willingham

•

4 months ago from The Free Web

The live upated/endless scroll thing can be weird sometimes, displaying nothing at all, or starting at the wrong place. If you click commented order, it normally starts to work again.

I haven't found a way to reliably reproduce breaking it yet, but it happens to me about once a week.

zottel

•

4 months ago

Ah, ok. I'll have an eye on that, too.

zottel

•

4 months ago

♲ Commander Zot
Red - welcome to the network
The Friendica project is pleased to announce the Developer Preview release of "red" - a new concept in online communications.

Because somebody has to stand up for the people of the internet...

You may obtain a copy via git at https://github.com/friendica/red

The Developer Preview is intended for developers to have a look at the emerging project and possibly influence its direction. This is not intended as a preview to the general public. There are bugs. There are security and privacy issues. Things could crash spectacularly. If this doesn't sound like fun to you, please avoid this preview and wait for a public preview or release. Not all the described features are complete, but you might be surprised how much works today - for a pre-release project of this scope.

Red... show more

zottel

•

4 months ago

@Friendica Red Development

I'm thinking about setting up a Red test server, too. One question: Is a valid SSL cert required, valid as in signed by a widely accepted CA?

@friendica red development

39 comments show more

Mr. X

•

4 months ago

If it isn't recognised by the curl library, communications won't work.

We no longer give you the option of trusting self-signed certs, since nobody seems to care that it annoys all of their friends and leads to hundreds of "get me out of here" dialogues when they load their stream. And all your friends leave the network because according to their web browser we can't be trusted.

So yes, a valid cert is essential.

David Benfell likes this.

zottel

•

4 months ago

Yes, I remember that you said once that this would be a prerequisite, which is why I asked if this was still or maybe even not yet the case.

Ok. That might postpone my test for a while, but it's clear that I will have my own Red server at least in a few months.

Alex

•

4 months ago

will they accept cacert?

zottel

•

4 months ago

No. Most (all?) Linux flavors don't ship the CACert root certs (which is where the cert would have to be installed to be accepted by curl).

I'm thinking about buying a wildcard cert for my domain (and thus all dubdomains) to get rid of the hassle once and for all.

It seems a StartSSL wildcard cert is only $59,90 for two years? Any other cheap CAs anyone can recommend?

zottel

•

4 months ago

It's not used for authentication in Red, only for encryption.

Michael MD

•

4 months ago

If it isn't recognised by the curl library, communications won't work

I wonder if that might be somehow related to the "facebook patch for curl" I saw in the hiphop php install instructions?

Mr. X

•

4 months ago

I don't give a shit if your CA is trustable or why not. All I care about is that in a decentralised network your friends are going to get warnings telling them that some Friendica site cannot be trusted, hence Friendica cannot be trusted. When in fact it's the hub provider's cert that can't be trusted.

You explain this to your friends.

Michael MD

•

4 months ago

thats why i don't plan on using ssl util browsers are fixed to allow the users to be in control of the encryption rather than promoting some dodgy concept of buying and selling trust.

I hate those warnings too ..
but having the broswer light up a nice green just because someone paid more for a "premium" certificate
(as Chrome does) is even worse!

Oliver

•

4 months ago from ~Friendica

ok, that might be the reason for broken communication after fresh install with a new domain

... let's get a certificate (again)

zottel

•

4 months ago

@Michael Meer You're right for normal browser stuff. This is a different case here.

1) Authentication isn't done using SSL, it's done using other stuff in the DFRN (Friendica) and Zot (Red) protocols. Thus, a man in the middle attack is not possible. (At least not using false SSL certs.)

2) If I understood earlier posts correctly, other than with Friendica, there will not be additional encryption on top of SSL in Zot/Red in order to keep the server load lower, so SSL is required for encryption purposes.

3) In Friendica (and probably in Red?) some resources like user images of people you are not connected to yourself are loaded from the originating server. This may or may not be done using https, depending (among other stuff, I think) on admin settings of that originating server. If the originating server does not have a "valid" SSL cert, there will be a browser warning. The admin of the server the user is on can do nothing about that (except enabling the privacy im... show more

@michael meer

Thomas Willingham

•

4 months ago from The Free Web

ok, that might be the reason for broken communication after fresh install with a new domain
... let's get a certificate (again)

I don't have SSL at all and everything is working (for now anyway). I wasn't planning on getting one until it was a production server - SNI is a pain, and new IPs are less than free.

zottel

•

4 months ago

Michael Meer wrote:

the encryption is a piece of crap when you don't know who's your partner.

But you do know because that's not ensured by SSL but by Zot/DFRN in the protocol layer above. That's what I meant by "authentication isn't done using SSL".

Of course, it's debatable if encryption should be done outside SSL, so that working without https would be possible. I don't know much about that, but I think it's probably more efficient to use the operating system's SSL functions than to call some binary from PHP for every encryption or (worse) do it in plain PHP.

In that case, in order to make sure that no browser warnings can occur, it would be required that all loading of images from other servers (in the browser while viewing a page) must be done using http, not https, which is not really desirable, IMHO.

Friendica has shown that it simply doesn't work to give the admins the choice to say "I have a self-signed cert, please use http with my host!" Most of them don't know that this option exists or don't care.

zottel

•

4 months ago

Thomas Willingham wrote:

I don't have SSL at all and everything is working (for now anyway). I wasn't planning on getting one until it was a production server - SNI is a pain, and new IPs are less than free.

Ah. That's what I meant by "not yet".

@Commander Zot From your comment above I gather that this is not really intended. It probably means that all communication between servers won't be encrypted at all in that case?

@commander zot

Mr. X

•

4 months ago

I'm so tired of repeating this.

Yes, I know the SSL "system" is flawed and somewhat corrupt. I don't care. Friendica/Red will never gain critical mass if "it" produces browser warnings. People won't blame you. They blame me because my software generates a warning in their browser because you don't have a valid cert. Friendica allows self-signed certs. Red does not, because you haven't been listening to why it is so bloody important and you won't voluntarily provide a valid cert so I have to draw a line and tell you that without it, you can't communicate with Red. If you are religiously opposed to using valid certificates, I'm sympathetic to your cause, but that doesn't matter because you won't be communicating with Red. Period. If you sneak a patch into the tree to allow it, I'll take it back out and ban you from the tree. There is no negotiation or discussion. The matter is closed.

If you don't use SSL on a production site your account will probably be hacked, it's only a matter of time. I've got a test site... show more

Olaf Conradi

•

4 months ago

I'm running both Friendica and Red on the same host using different domains and different SSL certs. Haven't run into any problems with SNI.

Mr. X

•

4 months ago

If you create a site without https, you're best off sticking with it until the hub management part of the code is complete. Changing your URL in any way (even going from http to https) is likely to cause a few problems on the short term, although it will be supported before release.

Olaf Conradi

•

4 months ago

About the whole trust thing and private posting.

By not using SSL one has to be aware that your account password is send in the clear at the login screen.

Also, while Zot communications are encrypted at the application level and not dependent of ssl transport, if you do allow channel contacts using http you also know that your posts are send in the clear to their browsers.

And even if the SSL system did not have any flaws and you would only accept contacts that use https, you never know if their site is configured to allow both ssl and non-ssl browser sessions. So basically Red does not provide secure communication without trusting all of your contacts to configure their site correctly.

And if this is really a concern, you should be using different communication mechanisms anyway and use a proper way to verify the identity of your peers.

Bob Mottram

•

4 months ago

My 2p worth. HTTPS should probably not be an absolute requirement. Some regimes may block SSL from time to time. While it may be politically viable to block SSL its highly unlikely that it would be considered acceptable to block port 80, even temporarily during a "national emergency".

Also I don't think that SSL should be relied upon for maintaining privacy of data in transit. It is fairly clear that trusting certificate authorities is not always the wisest thing to do. The 29c3 talk provides sufficient elucidation on that - "you never know what the security practices at those companies are". So some form of encryption on top of SSL would be preferable so that you don't have to rely upon some CA company who may or may not have installed any security updates on their servers in the last two years. It could be GPG, or whatever is most suitable.

On the self-signed "OMG the sky is gonna fall down!" dialogs I agree that if you want to attract more users to Friendica then having "valid" certificates may be preferable, and I acknowledge that this may mean that I have to obtain one somehow.

Olaf Conradi

•

4 months ago

HTTPS is not an absolute requirement, you can run this software fine on HTTP.

And encryption using AES256 with public/private keys is used for maintaining privacy between Red servers. This is already used!

But the very nature of decentralized means that you also never know what your peers with who you are communicating are doing. They might have altered the software on their hub, they might use non-ssl browser sessions to read your post from their hub. You never know.

Olaf Conradi

•

4 months ago

You can get one free SSL certificate per domain on startssl.com but you do need to own the toplevel domain (so dyndns does not work, but freedns.afraid.org also provides a dynamic dns service for your own domains).

Mr. X

•

4 months ago

E2EE is on the horizon once the core software is stable. Too many things in the fire atm.

David Benfell

•

4 months ago

I can no longer recommend StartSSL. I'm starting to see problems with it around the edges, things like my mother's gmail suddenly being unable to access her email account on my server, web browsers not honoring the certificates, etc.

It's also a pain in the ass to set up. I don't know why it has to be chained the way they do, and why StartCom can't make it easier to match up the right certificates at each level, but even though I have some time to go before my current Class 2 certificates expire, I may be looking for new ones in the very near future.

David Benfell

•

4 months ago

Is SNI even playing well with the major distributions of Linux these days? Last I looked, most openssl implementations were built without SNI support and most web server implementations were built with SNI support (it's a compiler option in both cases that maintainers were not choosing).

Olaf Conradi

•

4 months ago

correction to the above: AES is symmetric so only one key for the receiving server and no public/private keys.

So public/private keys are used as a signature on the message to authenticate the sender.

@Commander Zot Out of curiosity: Is there no encryption against the public key of the receiving channel? Only against the server key? So once you get the server key you can decode messages? You need to be allowed on only one channel on that server (regardless who owns the channel) and you get the server key.

Or am I reading the code wrong?

@commander zot

Mr. X

•

4 months ago

Please let me know if there is a hole, but the premise is that you kind of have to trust the server, since it's going to be doing all the decryption on your behalf anyway. By encrypting all the inbound stuff for a single server with the same key we can batch messages together more easily and not have to load a bunch of personal keys.

Normal users shouldn't have any way of seeing the server private key. Anybody can see the public key.

And when we establish the first communication with a particular channel at a particular server, the channel signs the url of the server and we verify it. Thereafter a channel guid with a signature and a url with a signature all taken together serves to verify a location. After that the server at that url is allowed to do things on your channel's behalf.

Mr. X

•

4 months ago

I think I may see where you got the notion that it was insecure. Correct me if I'm wrong.

All of our AES encryption is done using a random string for the key (and also the IV). Then we encrypt this with an appropriate RSA key. So it's essentially RSA encryption of a huge blob (this is more or less how SSL works). The AES encryption key isn't relevant because it changes for every blob and is never stored or shared.

zottel

•

4 months ago

Ah, so there is extra encryption on top of SSL? I thought I remembered that there were other plans at the beginning, but I might be mistaken.

Mr. X

•

4 months ago

As mentioned earlier, not everything is encrypted, and it is somewhat configurable to what extent you want to encrypt stuff. By default, public posts and public profiles are not encrypted.

zottel

•

4 months ago

Ah, even configurable. Great.

I thought that you had said once that you didn't want to do any encryption between the servers apart from SSL, i.e. authenticate using Zot over https and then, when it's clear that the other end actually is the server it claims to be, rely on the encryption provided by SSL.

But that seems to have changed, or I misunderstood it from the beginning.

Mr. X

•

4 months ago

We weren't going to encrypt anything initially and just rely on SSL, but I also recognise that there are people who would rather use http or carrier pigeons than obtain a browser-valid cert; and it would be unwise to leave their privacy out in the cold.

zottel likes this.

Bob Mottram

•

4 months ago

If startssl is no good then a question arises as to whether it's possible to set up a certificate authority independently.

Olaf Conradi

•

4 months ago

Aah, yes, now I see. I interpreted the hubloc_sitekey as being the AES key.

So every hub has a public and private RSA key (the private key is in the config table). The random shared AES key is used to encrypt the data. To share this key with the other side it submitted as RSA encrypted against the public key.

Clever. Thanks for clarifying.

Olaf Conradi

•

4 months ago

@Bob_Mottram
Apart from not trusting the SSL system, there is nothing wrong with startssl.com as opposed to other ssl CAs. They provide free certificates against a root cert that is included in every major browser and OS.

Starting an independent CA is not a simple task and has been done by cacert.org. You need to put a lot of measures in place to protect the private keys on a public cert service. And you would expect that the cacert guys would be able to include their root cert in mozilla for example. You can read their story in bugzilla and why they haven't succeeded to pass an independent audit.

Frater Gray

•

4 months ago

Here's a couple of promising alternatives to traditional CAs that would allow Friendica servers to operate with self-signed certificates in a user-transparent manner:

Convergence

Monkeysphere

Of course they present some tradeoffs in lacking universal adoption, requiring native browser support and/or plugins, and not being as battle-tested.

zottel

•

4 months ago

Of course they present some tradeoffs in lacking universal adoption, requiring native browser support and/or plugins, and not being as battle-tested.

Which is why they can't be used in Red. Red's goal is that it can and hopefully will be used by the average internet user just like Facebook or Google+. "Install a browser plugin first." is an unfulfillable requirement among that group. Just like a browser issuing a warning about possible security problems is unacceptable.

It's not about thinking the SSL system is good or bad. It's about having to cope with it being here, because having people log in without encryption is even worse than using SSL.

And, just to repeat it once again, it's not only about the users at your own personal server (who might be taught how to accept the cert), it's about thousands of users on other servers who don't even know you, but read a post by someone you know and a comment you wrote to that post, or a post by you in a forum.

In that case, their own Red server (or Friendica server, for th... show more

David Benfell likes this.

Patrick Georgi

•

4 months ago

As long as communication with non-local users can happen via http, local users can still use https with whatever cert they want, no? I'm not quite up to date on current browser rules on fetching http resources from a https page, which might be an issue...

zottel

•

4 months ago

Well, it's not only profile images. Another case:

You don't have a browser-valid cert and post a photo in a post (not only upload it to an album, but also post it). You deliberately set the photo (and the post) to be only viewable by close friends, because it contains stuff you don't want to show to everyone.

Some of your friends are on other servers. When they view that post, the photo won't be fetched from their server, but from yours. Again, a security warning.

That kind of data is why I wrote above that switching to http for all data that comes from other servers isn't desirable, IMHO.

Mr. X

•

4 months ago

Too many people waste too much time on decisions that have already been made.

http://www.celebrazio.net/jimb/15.html

Olaf Conradi likes this.

David Benfell

•

4 months ago

Of course it's possible to set up an independent certificate authority. That's what CACert is trying to do. It's taking them years (I'm tempted to say decades) to jump through the hoops to be accepted by browser developers.

zottel

•

4 months ago

Hah, now fuck off, spammers!

My domain now (finally) has an SPF record, which was strongly required because spammers were abusing it a lot (and, using a catch-all address in order to be able to use different email addresses wherever I create a login, I got a lot of returned mails where spammers sent emails with random addresses from my domain).

And I also installed a DKIM key and made my Zimbra server use it.

To make that all possible, I had to make my Zimbra server the real MX, finally going away from Dreamhost in that regard. (Up to now, Dreamhost was the MX and forwarded to an email address on my Zimbra server.)

Now I only have to hope that I didn't forget too much stuff that might make sending some automated emails from my web stuff impossible.

@Lazy Admin

@lazy admin

3 comments show more

Patrick Georgi

•

4 months ago

You complained once that Zimbra is a full package that expects to run alone on a system. Any change there (eg. careful packaging), or did you just give up and do things the way they want them?
Also curious about the system's specs...

zottel

•

4 months ago from Friendica for Android

I installed it on a standalone server, yes, and I never regretted it. It's really great and does all the stuff I need. Just upgraded to the current 8.0.2, and it was as simple as running install.sh.

All problems I had came from the underlying Ubuntu. I'd really prefer Debian, but repackaging would have required a lot more time than what I wanted to invest, and I'm not sure if I would have succeeded at all.

The server is a 10€/month KVM VPS from greatnet.de with one CPU, 1 GB RAM, and 60 GB HD. It works without the slightest problems, but I have to say that I'm only hosting two people, too.

The admin interface (cli, too) can be quite slow at times, but normal operation is as fast as any commercial web mail product.

I added a swap file to be safe, but during normal operation (not directly after restart) I often have more than half of my RAM free, about 0.5 - 1 GB swap used.

512 MB will be tough for sure. As I already said in another thread, it might be worth a try, but I wouldn't try if the contract for the server can't be canceled quickly.

zottel

•

5 months ago

Sehr gut. Das musste mal gesagt werden.

♲ Oliver
Erklärung Oxlajuj Baq'tun - Baktun 13 – 2012
Für die Weltöffentlichkeit erklären wir:
In Anbetracht der hohen Erwartungen, welche die “7 Prophezeiungen der Maya” in den Medien erzeugt haben, welche auf die Urheberschaft des kolumbianischen Architekten Fernando Malkún zurückgehen, erklären wir, die Nachkommen der Mayazivilisation, gemeinsam mit Archäologen, Epigrafisten, Intellektuellen, Kulturverantwortlichen und Forschern, folgendes:
a) Besagte Prophezeiungen wurden nicht von den Maya geschrieben. Sie haben keine epigrafische, wissenschaftliche, historische oder mündliche Basis, sondern entstammen der Fantasie von Fernando Malkún oder irgendeiner anderen Person, die nichts mit der Mayakultur zu tun hat.
b) In keinem der tausenden von Hieroglyphentexten der Maya, auch... show more

zottel

•

6 months ago

@Deutschsprachige Nutzer

Hier einmal eine sinnvolle ePetition:

Bücher unterliegen in Deutschland dem reduzierten Umsatzsteuersatz von 7% statt 19%. Das ist auch gut so, um Kultur und das Lesen an sich zu fördern.

Blödsinnigerweise gilt das aber nicht für eBooks. Auf eBooks müssen 19% Umsatzsteuer abgeführt werden.

Ich bin selbst ausgebildeter Buchhändler, habe lange Jahre im Buchhandel gearbeitet (wenn auch heute nicht mehr). Ich habe in meiner Ausbildung die Verlagskalkulation kennengelernt, ich weiß wieviel vom Verkaufspreis die Produktions- und Vertriebskosten eines Buchs ausmachen, d.h. der Preis für Druck und Bindung und Versand/Lagerung/Werbung.

Anders als die meisten Leute denken macht die Produktion, der Druck, nur einen relativ geringen Teil der Kosten aus, zumindest bei Taschenbüchern.

Das führt dazu, dass im Taschenbuch-Bereich die Einsparungen, die ein Verlag beim eBook d... show more

@deutschsprachige nutzer

zottel

•

6 months ago

♲ Commander Zot
The Decentralised Communications Manifesto
Most communications technologists see a lack of cooperation in communications service federation as an issue which can be solved by new or better protocols. I disagree.

The reason there is little federation is because of differences in privacy policies, not because of technical limitations of protocols. In order to provide a service which other projects will want to federate with, a service needs to take a stand on the following policies:

1. Privacy in communications (cross platform messages cannot be seen by unintended parties)

2. Media privacy (not merely obscured and therefore fuskable URL's, but photos and media which cannot be seen by unintended or un-authenticated parties).

3. Deletion of content on request by the content owner from all federated nodes

4. Deletion of "accounts" (and all content) on request by the account holder from all federated nodes... show more

Bob Mottram likes this.

zottel

•

6 months ago

@Rasmus Fuhse If I'm not mistaken, Diaspora does not adhere to this manifesto, though, because if someone deletes his account, no action at all is taken at all the pods he had contacts on, which means that his content is still there (and even publicly accessible if it was a public post; if not public it's still accessible to all his contacts on other pods—forever).

Also, AFAIK photos are only "protected" by obscured links.

Note that I'm not sure if I remember that correctly, and even if I do I don't know if this was changed meanwhile. But IIRC this at least was the case.

#039 @rasmus fuhse

zottel

•

6 months ago

♲ Thomas Willingham
♲ friendica
Mobility between sites
Friendica just received a nice new feature - the ability to take your account elsewhere (e.g. to another server) and keep all your friends. You've always been able to export your content, but until now we haven't had a good import tool. It's a hard problem. We still have some issues with importing the old posts and content, but keeping one's friends is the most important thing that people said they wanted when they re-located to other servers.

There are some limitations - and this won't federate easily to your Diaspora and StatusNet friends - as the underlying communications protocols currently have no corresponding "move existing friend" mechanisms. But assuming both sites have the same set of connectors available, all your other friends should come across fine - including those on Facebook,... show more

Stef likes this.

zottel

•

6 months ago

zottel has joined Dreams

zottel

•

7 months ago

zottel has joined Friendica Red Development

zottel

•

7 months ago

zottel has joined Jabber/XMPP-Forum

zottel

•

7 months ago

Auto tagging and recipients inclusion

@Friendica Developers

@Klaus Weidenbach , @Commander Zot and I had a discussion a few days ago about how forum tagging and tagging in general could be made easier.

We didn't come to a final conclusion and wanted to start a discussion in public thread.

Problems:
1. It can easily happen that one tags someone in a post but forgets to add him to the recipients if the post is a private one.
2. Likewise, the other way round (with forums): A forum is among the recipients but isn't tagged, so the post doesn't appear on the forum.

My proposal (putting together discussion material from us three) on 1.:

If the original poster tags someone in his original post and the post is a private post, the tagged person is added to the list of recipients if he/she isn't already there.
This happens... show more

#039 @friendica developers @klaus weidenbach @commander zot

Thomas Willingham

•

7 months ago from The Free Web

Somebody is going to create a private post to bitch about somebody else, and say "isn't @Anyone Who Would Listen a moron" and now they'll see it.

Removing them after tagging them won't work because some people have an IQ of 11.

Fabio's suggestion of "Show a non intrusive message to a user when a message contains a mention to a user not in acl" might be all we need, and doesn't have potentially nasty side effects.

#039 @anyone who would listen

zottel

•

7 months ago

♲ Commander Zot
Pledgie - Donate To: "Beyond Social Networking" on Pledgie

We’ve been working on decentralised and federated social networking for over two years. Unlike other more visible projects, Friendica works well today as a decentralised implementation of a social network, containing a compatible set of features with the large corporate providers. It also connects relatively seamlessly with many networks and prov...

Link

zottel

•

7 months ago

zottel has joined Android

3 comments show more

zottel

•

7 months ago

Just saw that the group exists in your posts to it.

Olivier M.

•

7 months ago

That's what I thought. Sadly enough, that thing looks almost dead right now.

zottel

•

7 months ago

zottel has joined The Final Frontier

zottel

•

7 months ago

♲ Commander Zot
Red
I've been working on Red for three months (off and on, there are lots of demands on my time). Here is an update.

Most of us think of "online networking" and think only in terms of "social networking" because of all the influence that Facebook has had in that realm. It has become apparent that the abuse of privacy has only one solution - take the private information out of the hands of outsiders and keep it under the control of those who are communicating. This means that a future which involves "privacy" belongs to decentralised communications, not to centralised data silos. We knew that already and was the basis for Friendica.

But also we've come to accept that the "social" part of networking is the only thing that matters. That everything on the modern web is all about friends.

It's not.

Red is an attempt to look at all of this from a higher level and see where we've been and where we're going. The whole "social"... show more

2 people like this

25 comments show more

zottel

•

7 months ago

Ja, ich glaube, Fred wird richtig klasse. Ist aber auch noch einige Zeit hin.

Paul Stumpf likes this.

Mr. X

•

7 months ago

You'll need a client, but if your linode is down you should be able to post through a different one.

People may not be able to see your photo albums if your linode is down, but you can still communicate.

Whether or not there's an Android client (as there currently are for Friendica) is up to the developer community. It is my hope that there are, because we've increasingly moved everything to mobile.

But I can't do it all. Could always use a bit of help.

Thomas Willingham

•

7 months ago from The Free Web

That's why God invented post expiration.

The only people who ever look back through more than a few weeks of your posts are people looking for dirt.

Bob Mottram likes this.

Bruce Bane

•

7 months ago from The Free Web

The only people who ever look back through more than a few weeks of your posts are people looking for dirt.

That's BS. I occasionally run keyword searches looking for discussions about things I'm interested in. If I see people making well-informed posts/comments, that becomes a reasonable basis for sending out connection requests.

Discoverability isn't one of ~F's strong points. #justsayin

#039 #justsayin

Thomas Willingham

•

7 months ago from The Free Web

Friend Suggestions, Common Interests, People Search, forums, friends in common, infiniteimprobabilitydrive, New Here.

We've got more forms of discovery than any other network. You don't need to resort to rooting around knicker draws.

Only thing we're missing is search by email, but that was never more than a way to abuse your friends - they'll show up for their name just as well as their email...but you can just stick there email in and add them anyway.

Bruce Bane

•

7 months ago from The Free Web

Keyword searches = (Friend Suggestions + Common Interests + People Search + forums + friends in common)

Thomas Willingham

•

7 months ago from The Free Web

You can do a keyword search of the entire directory - just use @

Mr. X

•

7 months ago

He's right - content discovery for something that never made it to your hub is lacking. Red has some mechanisms to open up further what lands on your hub, but we can't search for stuff that ain't there.

Mr. X

•

7 months ago

You can do a keyword search of the entire directory - just use @

That's a clever little hack... I had intended # to search for text and @ to search for people but you're right, since we match keywords in the directory. Just a shame that we're using the wrong character to do it.

Bruce Bane

•

7 months ago from The Free Web

Keyword searches get me what I want quickly. No muss, no fuss. I find active/interesting profiles through relevant posts/comments.

I have no problem running searches on other people's servers either. Isn't that the point of shared tags anyway? I simply run them on the fly & quickly scan the results.

Thomas Willingham

•

7 months ago from The Free Web

I find active

If you're finding active profiles, then it doesn't matter if old posts are expired...

Bruce Bane

•

7 months ago from The Free Web

I don't understand the point of expiring posts TBH. But then again, I've become quite spoiled by G+ -- killer search capabilities on everything/anything that's ever been posted to the system. I swear, I still don't know how they do it. Instantaneously indexing everything all the time... is simply amazing.

Thomas Willingham

•

7 months ago from The Free Web

If you don't expire posts, eventually, everything will come crashing to a halt. The bigger the DB, the slower the queries are, and the more resources are required to perform them. Even if you had endless RAM and CPU, nobody has the storage capacity of a Facebook or a Google. I reckon we'll be pretty fucked by the time we get to a million items. Shared hosts can only dream of that.

But more importantly than that, protect yourself. Remember that time you said "winners don't do blondes" before you had a blonde girlfriend? Maybe not, but I promise you, she'll find it.

Remember that time you said "McDonalds sucks" before you got fired and couldn't find a job anywhere else? Maybe not, but your new boss will find it.

Remember that time you said "I voted for..." before they introduced the death penalty for voting against the Führer..?

Bruce Bane

•

7 months ago from The Free Web

Yeah, yeah. I know. Believe me, I'm not a total dumbass around these systems. But still, it's fun to see what they're capable of though. The speed & scope of these systems is truly remarkable.

My reaction to G+ (ever since it launched) is very much like my reaction to YT back in 2005/6. I distinctly remember being amazed by this website that was completely free to use & had a seemingly endless supply of video clips. YT still amazes me to this very day. The scope & scale of it simply boggles my mind. FB doesn't hold a candle to YT in my book. It never has & never will. G+ is on its way to becoming a force the world will have to wrestle with for a long time. FB... meh, not so much.

Mr. X

•

7 months ago

You also may not remember that time you answered Facebook's "What kind of hallucinogenic drug are you?" and all the incriminating comments which were made. And when you finally did, it took 6 weeks to scroll back through all the pages (this was before Timeline) and delete the comments one by one.

Remember that privacy bug of Facebook's recently that wasn't really a bug (or maybe it was)? It's because stuff surfaced on Timeline that people thought was private or that they thought they had nuked.

With expiration you don't have to worry about this old stuff. I don't use it myself here because there's technical information I want to keep, but when I was on Facebook I would've killed for an alternative to "Are you sure you want to delete this post?" Yes. "Are you sure you want to delete this comment?". Yes.

For hours on end.

Bruce Bane

•

7 months ago from The Free Web

The ability to delete anything/everything is one of the reasons I like ~F. Although I don't use it much, having it there's really great. Truth be told, it's one of the reasons I trust your work Mike.

And yeah, I can tell which ~F features were directly inspired by all the BS that goes on at FB.

lol

Bob Mottram

•

7 months ago

On the issue of expiring posts I agree with TW. This is partly a practical concern of not having databases get too large (I'm running on a flash disk), but also there is the "robots from the future" problem. If you have an increasingly growing back-catalog then it's increasingly easy to dig for dirt or hunt for isolated out of context phrases. I regard social networking stuff as ephemeral - the digital equivalent of chatting in a pub - so I don't have any great concern to keep old posts.

Mr. X

•

7 months ago

And yeah, I can tell which ~F features were directly inspired by all the BS that goes on at FB.

I was "Di-Methyl Tryptamine".