On Digg there's some drama because someone registered the community “/wallstreetbets,” and the admins took it from him and gave it to one mod of the subreddit “r/wallstreetbets.”

One day later I see this discussion about how Reddit registered trademarks for some high-profile subreddits.

This could be relevant for the Threadiverse.

you are viewing a single comment's thread
view the rest of the comments

[–] FauxLiving@lemmy.world 2 points 10 hours ago (1 children)

The goalposts didn't shift, you started talking to a different person.

This person says that this issue is small, the impact of exploiting this system would be minor (if it ever happened), and the hypothetical attack on this subsystem is also demonstrably not occurring.

Therefore, treating this issue as if it were some sort of red-line issue or, really, even worth discussing outside of the context of the project itself (where changes can actually be implemented) is misrepresenting reality.

As to your direct point, it wasn't my point but I do agree with it so I'm happy to directly address your argument.

The quote you seem to take issue with was :

Wait, Digg gave the community to a Reddit moderator so Reddit could control the communities with the same name on both platforms? That’s wild.

That’s also how the corporate side of Reddit works. Someone will register a subreddit, and then a bunch of related ones, so anybody who tries to use any of them has to follow the same set of rules — and if you piss off the wrong person in one, they can ban you from all of them. They can also use their “first” or “official” or even “user count” status to bully smaller subs into redirecting to them. Effectively centralising information.

The Fediverse doesn’t work like that.

Or, more plainly:

The Fediverse doesn't allow a single user to scoop up all of the similarly named/themed communities and use that power to dominate those topics of conversation.

Your reply:

Maybe Mastodon does not, but Lemmy, in particular lemmy.ml, works more like that than you realize. e.g. a change is soon going to give lemmy.ml veto power in what communities are allowed to be acknowledged as existing to new instances, which is baked right into the code and there is no way to change it. A third-party listing could have been used instead but… no, this is rather much more on-brand for the Lemmy developers to have chosen.

Your reply references code affecting the Lemmy server instance, that runs once on server instantiation, which uses lemmy.ml as the source to populate the list of communities that users of the new instance will see when they click the 'Communities' link at the top. This is true.

Your inference that lemmy.ml has the ability to veto what communities are allowed to be acknowledged as existing to new instances is a bit of hyperbole. Lemmy.ml is the source of the initial list, true.

But new instances acknowledge communities existing regardless of those community's status with lemmy.ml. The moment that a single user reads a single comment in a community that isn't on the initially seeded list, then it appears in the new instance's community list regardless of the status of that community on lemmy.ml.

If we were a security researcher and were analyzing the scope of this problem we would consider that

This only affects new instances, so the vast population of Lemmy as it stands now, is not affected by this code at all. Only a hypothetical future population.
The list on lemmy.ml is not treated as authoritative. Outside of the initial values, lemmy.ml is not checked for any other functions related to adding or displaying communities
Any attempts by lemmy.ml to game this system are both not happening and also easily detectable as the list is public and can be compared to other instances.

So, this veto power isn't being used. If lemmy.ml were attempting to leverage this power, it would be detectable. In the worst case, if were actively being exploited then it would affect very few people(none of the current Lemmy community), and the people that it did affect are impacted only until a user reads a comment or post from a 'vetoed' community.

Also, this is an open source project so saying things like:

and there is no way to change it.

Simply make no sense at all.

You can change it. Any admin who thinks it may be a problem can change it. I linked to the exact section of code where you can just change the URL and compile the .rs file again to use a different instance.

You could change it so that the URL is read from the options file that the administrator sets prior to launching the instance. You could also submit that as a PR so that future administrators could just apply your patch (independent of it being accepted by Lemmy) because that's how open source development works. That's what the quote that you provided means:

If you dont like it, fork it. Stop bothering us about it

Nutomic

It sounds dismissive, because it is. This isn't a product, you're not a consumer. You're going to people who donate their time and telling them to do work in a way that you want it done. They may agree, and you may be able to make good arguments to convince them but if they don't, then brigading social media or spamming their issue tracker with requests isn't going to get it done.

If you don't like it fork it and fix it. It is a fundamental concept in open source software that you can always fix problems that you see and other people can use your fixes regardless of what the project thinks. If you think the project is going in the wrong direction then you are perfectly within your rights to take a copy of the code and develop it in your own way and if you can find other people who believe like you do then they can use your changes as they see fit.

But going online and misrepresenting the risk of some code update that you disagree with by exaggerating the scope of the problem isn't how you get anything done except creating needless drama.

[–] OpenStars@piefed.social 1 points 6 hours ago

The original point here was that:

The Fediverse doesn’t work like that.

The sentence prior to that was:

Effectively centralising information.

And I pointed to an area in the (planned future release of the) sourcecode that did in fact centralize information. You even agreed:

Lemmy.ml is the source of the initial list, true.

I never said that this is the death knell or whatever of the entire project, just that it is a step towards, rather than away from, centralization. Which again, you agreed on.

And imho it is not a good step, i.e. the direction that it is aiming towards is not a good goal to have for the Fediverse. Feel free to prove us all wrong by fixing the code and then getting the devs to agree to use your fix rather than continue to use lemmy.ml as the singular source aka central authority. They might agree actually, though it still did not make the step that I am talking about now a "good" one. Any step towards centralization is a bad one imho, especially when that centralization is put right into the sourcecode (as opposed to e.g. an external, 3rd-party website run by people who could be trusted to be more unbiased, and by unbiased I mean that lemmy.ml is VERY biased towards certain viewpoints, so NOT that, or another alternative could be to gather community listings from all federated instances and then combine them together, rather than have one "master" list to rule them all).