No worries. I know everyone is running around with their hair on fire right now across this space. Just want to keep it on the radar.

pinging new admins here @[email protected] @[email protected] @[email protected]

Know you’re probably really busy, and this whole space is taking off fast, but this is really, really important to maintain your and your users’s safety.

See: https://lemmy.ca/post/948217

I’ve done a lot of low rate or entirely volunteer work for small, often non-profit organizations in the past, and don’t fall into the trap. It can be thankless and it can be soul sucking.

However, obviously if you want to eat and if this is your only income right now you’ll have to stick it out a bit. So I hope we are talking like you are virtually working no hours for that rate, leaving you time to expand your resume on your own.

I have often been asked in the past by friends or acquaintances how you get a good career in programming, and the answer typically is either luck, or a lot of your own hard work.

I don’t know what the job market is like these days, but historically your papers mean very little to getting a job. A link to your Github goes a long way to demonstrate your abilities and provides a much higher degree of confidence you know what you are doing because they can actually look at your work, and if you are contributing to other projects, that you are a team player. As one speaker said at a Google Q&A I watched when asked if a PhD would increase their chance of getting hired: “well, we won’t hold having a PhD against you”.

There is also a lot of free course material out there to various degrees of difficulty.

Programming is becoming more and more competitive, and the ones that succeed have made it their passion, which does mean a lot of unpaid work. So either find projects you are happy to provide your time to to sharpen your skill, or start your own project that you can get satisfaction in building. Actually programming something is always the fastest way to improve your skill.

So, obviously an anti Lemmy bias there, and not entirely true, but there are some aspects of federation it can be dangerous to ignore.

There is a different primary privacy focus here, and it provides an extreme level of privacy but places an extreme level of responsibility on the user for their own privacy, more than most places.

There is a distinction to a potential scrape and a system designed to duplicate, often irreversibly at submit.

There are also other things people are often not aware of and the community is not doing a great job communicating. Admins are not doing a great job of protecting themselves either.

For instance many, still don’t know votes here are entirely public.

If you understand this all and are comfortable, great. Many do not prepare themselves and would engage differently if they had a better understanding.

For a take by someone who is pro-federation but not ignoring these concerns see: https://lemmy.ca/post/948217

is there a option to toss a coin to my Witcher(ie the person paying for back-up/server space

Isn’t very easy to find if you are using the app and took me a while to find myself, but on the main page there are these donation platforms listed:

https://liberapay.com/lemmy.ca/ https://opencollective.com/lemmy-ca

Thanks for taking the time to look it over! As I’ve expressed, this is really a Lemmy wide initiative, and as you’ve suggested, something that warrants a community fundraising effort to provide proper legal oversight.

Seems pretty long and I know this is a template so I imagine smorks will aim for much less given that he even makes an attempt to anonymise nginx logs. I think we might want to keep the template lower too just to nudge people in the right direction?

Meant to make this a admin supplied variable and have now updated. You’ve caught onto the spirit of what I am doing here though; it is not just intended as a document to inform users but to help admins navigate their responsibilities. That is why I have given the example of disclosure in what I see is a huge potential issue with the PostgreSQL SSL support. This will hopefully make a potential inexperienced admin take pause when their server is being tach’d out and the decide to host the DB outside of the local host without a proper mitigating strategy (and I have seen this happen before with very experienced admins in a commercial setting).

I think this is a key point but the “although” calls the security of ip/email into question and seems to potentially lump it in with the other stuff. Maybe split them out somehow?

Agreed. I kind of see how in one hand I’m saying that component is secure while also saying it isn’t without making the distinction between the user submitted public data and the traceable data that is being protected. I’ll figure out a better way to partition that.

Which does cause me to wonder: how is voting federated, do other instances see which users up/downvoted a comment from lemmy.ca or does lemmy.ca just provide vote totals for the instance?

This is my big concern here and why despite telling myself to stay out of it I got involved. A lot of people, very experienced people, and some admins, do not have a full picture of how this works yet. Your votes are entirely public, there is just the UI choice in Lemmy to not display them. On other interoperable platforms this data becomes public. When this comes up there is a chorus of people chiming in, “don’t post anything you don’t want public on the internet”. There is a difference between potential scraped or captured copies and a copy that is distributed by design. There are two different goals: a monolith platform has a measure of control in how your engagement is made public while being completely open to being tracked. A federated system, by design, has limited control over how public your engagement is (and remains) but a high level of tracking protection. This maybe started out as a group of largely technical users that understands this distinction, but as adoption grows so does the risk of this distinction not being well understood.

I found your draft a bit long and a bit, I dunno, overfamiliar?

Yeah, I am going to work on a “lite” version eventually. It is not a simple task to educate in this domain where you have two distinct ideologies on the same subject.

On second though, I wonder if this could be even more general and just a really polished version explaining the overall gist of the platform that instances can link to at joinlemmy.org. Like a section 1b “Why federated?” after https://join-lemmy.org/docs/index.html#introduction

I am pushing this hardcore platform wide. I have confidence in our local admin and would like to see it protected here, but the scope of my goal has gone platform-wide.

Thanks again for taking the time to provide input!

I agree. When you take a look you’ll see a lot of disclaimer on my part regarding use of the policy.

I offered it as a starting point to our local, but already suggested he waits for the wider input I hope to get Lemmy wide as I am pushing this as an issue hardcore.

@smorks has demonstrated a high level of compentcy and care in my books and personally I couldn’t care less if he published one or not as a result. But for his safety, and the wider Lemmy community, this has to be addressed. For instance, some admins are simply flat out blocking EU incoming connections to mitigate not having the required policies published.

Also cognisant how misunderstood federation is to the mass number of non-technical newcomers, and how terrifying the policy may seem on first read, I have drafted this policy primer an admin could potentially use to express a clear distinction on what their responsibilities are and in what ways it is the users responsibility. With proper education and care on behalf of the user, this could be a much safer platform than almost any other out there.

https://github.com/BanzooIO/federated_policies_and_tos/blob/main/optional-privacy-policy-intro.md

Not pushing, or even petitioning our local to adopt any of it, just putting it out there for reference.

@[email protected] it wasn’t letting me tag you in the last comment for some reason. As you expressed interest in helping, feel free to review and join the discussion linked above.

I couldn’t help myself.

I adapted the Mastodon privacy policy, which was adapted from Discourse.

https://github.com/BanzooIO/federated_policies_and_tos/blob/main/lemmy-privacy-policy.md

If anyone is interested in providing input or questions, I’ve started discussions here: https://lemmy.ca/post/821266 (hosted on lemmy.ml)

Ugh, yeah. I’ve been torn about ringing alarm bells to local admins about this as it is a thankless job for them and I’d hate to start scaring the core group facilitating adoption, but the other side is if this isn’t resolved soon Lemmy is going to find a lot of instances having a bad time and disappearing.

As mentioned in another comment, this really has to start as a policy framework adopted by the larger Lemmy community and modified to suit the conditions of the local. As you’ve highlighted, the whole federated / control of posts is not one that is easily grasped by the end user (or some admins elsewhere I’ve found). The argument that “everything you put on the internet is there forever” doesn’t address that there is a huge distinction between a capture and a federated, distributed and indexed copy.

I grew up in the wild-wild-west of the early internet and have made an informed decision on how to engage on this platform. It is very evident from the discussions I’ve seen across the Lemmy-verse that most are completely unaware.

Although I often consult on such things, I am not a lawyer and hesitate to get too involved myself. However I too am available to sound ideas.

Here are the current Lemmy issues I’ve found on the subject, if anyone has the capacity and desire to contribute to this issue, I’d start here. https://github.com/LemmyNet/lemmy/issues/721 https://github.com/LemmyNet/lemmy-ui/issues/1347

I’ve also found it useful to have multiple to compartmentalize the subjects I subscribe to on each and limit what I see when I am in different “modes”.

For the most part as highlighted above, yes only one account/instance and you can engage with anything that instance federates with.

However there are already cases where large instances have defederated from others, in which case you will not be able to engage if your local has been defederated from a community you want to access.

For this reason it is a good idea to have multiple, but use one as a primary.

I hear ya. The inferred beginner part was more what I was getting at.

Unless they are going for a distressed finished look, this is a horrible idea. Even with experience there is no way you’ll get a flat finish; without experience you’ll have deep pockets and very uneven, rounded corners. Maybe slightly faster than a belt sander, but it’d be negligible and definitely not after all the finish sanding that will be required after.