[-] sinnerdotbin@lemmy.ca 9 points 1 year ago* (last edited 1 year ago)

I’ve done a lot of low rate or entirely volunteer work for small, often non-profit organizations in the past, and don’t fall into the trap. It can be thankless and it can be soul sucking.

However, obviously if you want to eat and if this is your only income right now you’ll have to stick it out a bit. So I hope we are talking like you are virtually working no hours for that rate, leaving you time to expand your resume on your own.

I have often been asked in the past by friends or acquaintances how you get a good career in programming, and the answer typically is either luck, or a lot of your own hard work.

I don’t know what the job market is like these days, but historically your papers mean very little to getting a job. A link to your Github goes a long way to demonstrate your abilities and provides a much higher degree of confidence you know what you are doing because they can actually look at your work, and if you are contributing to other projects, that you are a team player. As one speaker said at a Google Q&A I watched when asked if a PhD would increase their chance of getting hired: “well, we won’t hold having a PhD against you”.

There is also a lot of free course material out there to various degrees of difficulty.

Programming is becoming more and more competitive, and the ones that succeed have made it their passion, which does mean a lot of unpaid work. So either find projects you are happy to provide your time to to sharpen your skill, or start your own project that you can get satisfaction in building. Actually programming something is always the fastest way to improve your skill.

[-] sinnerdotbin@lemmy.ca 4 points 1 year ago* (last edited 1 year ago)

So, obviously an anti Lemmy bias there, and not entirely true, but there are some aspects of federation it can be dangerous to ignore.

There is a different primary privacy focus here, and it provides an extreme level of privacy but places an extreme level of responsibility on the user for their own privacy, more than most places.

There is a distinction to a potential scrape and a system designed to duplicate, often irreversibly at submit.

There are also other things people are often not aware of and the community is not doing a great job communicating. Admins are not doing a great job of protecting themselves either.

For instance many, still don't know votes here are entirely public.

If you understand this all and are comfortable, great. Many do not prepare themselves and would engage differently if they had a better understanding.

For a take by someone who is pro-federation but not ignoring these concerns see: https://lemmy.ca/post/948217

[-] sinnerdotbin@lemmy.ca 6 points 1 year ago* (last edited 1 year ago)

Unfortunately not that easy. There is discussion on solutions. There isn't any now. Platform currently isn't stable enough to respect mutually federated changes all the time.

Also I did put a disproportionate focus on this no take back component, but the scope is wider than that (see comment below about votes being public when almost everyone coming from a monolith assumes it is private)

[-] sinnerdotbin@lemmy.ca 4 points 1 year ago* (last edited 1 year ago)

Yeah. I can see a case made on either side.

This is the point I am trying to drive home. Even with zero comments, zero posts, you could doxx yourself accidentally with votes alone. You came here from another platform and had a certain expectation of how privacy works here. It does intuitively feel like it should be private.

You are trading some privacy for censorship resistance and community safety in this case, because the goals are different here.

If you trust your admin to keep your IP and email private, and you manage your comments and posts carefully, I encourage you to let your voice be heard and upvote every sinnerdotbin's pantless picture post of the week (just don't like the posts in a different, very small and niche category that can link to you publically as you are the chair of the board at never-nude.social, and there are only 5 members who always like the same posts) . If you are in a country where that support might end with you in a work camp, I'd maybe advise against it in case your local turns out to be a honeypot.

There is a privacy component to federation that the world really would benefit from, but it will be lost if people are not informed. Incredibly private if you are aware how to navigate it. Horrible if you aren't.

[-] sinnerdotbin@lemmy.ca 3 points 1 year ago* (last edited 1 year ago)

It's the same camp.

I'm not making the claim other platforms are better because you might be able to slip in a ninja edit before it is captured. I am making the claim that if you are not on high alert here, more than ever, it will bite you.

For better or worse, some people are coming here from other services expecting a measure of control of their data that you don't get here.

The experimental aspect of this space is the other thing I feel warrants more explicit warning about, and noted in my policy template.

[-] sinnerdotbin@lemmy.ca 12 points 1 year ago* (last edited 1 year ago)

Votes are entirely public, Lemmy just made a UI choice not to show them. They show up if someone views it from kbin and ultimately something that could be mined from a self hosted admin.

I think this information may make some of those who profess everything is saved on the internet and why care change their tune.

Saves I am not sure about yet. Think that may be locals only.

[-] sinnerdotbin@lemmy.ca 3 points 1 year ago

I don’t think the word “privacy” is a good word for the concept. I believe “user data control” or “right to be forgotten” is more appropriate for the “deletion issue”. However, there are few privacy issues such as instance admins having access to private messages and the potential for a hack to expose users e-mail addresses and usernames.

This has been debated, and is very dependent on the context. It is a very broad concept to try to address and the lines do get blurred on the definition of what is "private data". The hope here is to partition the responsibilities of the admin from the user.

[-] sinnerdotbin@lemmy.ca 3 points 1 year ago* (last edited 1 year ago)

Me too! The world is different now.

Existing social media never really gave you a real edit/delete button anyway either. It’s all anonymity theater. The reality is that your data was always being scrapped and archived, somewhere by someone. This is just a reality created by digitization and virtually free recording/copying. No specific digital medium was ever going to protect you from this.

I explain the distinction to federated in the post. It is very different than a scrape or archive.

In the early days of the internet, everyone knew to use pseudonyms and not share personal information. We seemed to have forgotten this lesson. Maybe it’s time to relearn this lesson. Life is full of lessons. Let this be just one more.

Exactly. I am bringing awareness back to this.

No one should fool themselves into thinking they can use a pseudonym and not eventually doxx themselves accidentally if they have any level of engagement. People have grown accustom to being able to somewhat reverse that mistake. Many are also not accustom to their interests, their votes, and their voice is all retained, in one, easily digested and public place.

[-] sinnerdotbin@lemmy.ca 3 points 1 year ago* (last edited 1 year ago)

I explain the distinction in the post. It is very different on a platform designed to distribute at instant of hitting submit.

Also...

I do expect my account to be secure, in that no one should be able to pretend to be me.

Surprise! They very easily can here.

[-] sinnerdotbin@lemmy.ca 9 points 1 year ago* (last edited 1 year ago)

When you shout in a town square, does everything else you've ever shouted, everything you've ever voiced your support for, everything you follow closely echo and remain in that square?

Again, this is a feature. But one people really have to understand before they engage here.

70
submitted 1 year ago* (last edited 1 year ago) by sinnerdotbin@lemmy.ca to c/technology@beehaw.org

Sensationalist title yes, but this is something that is partially true.

TLDR; I am not spreading FUD. This space can be more safe than many, for the privacy aspect it was actually designed to maintain, which is the complete opposite privacy principle to where most new people are coming from. A monolith platform provides a measure of control over how public your engagement is while leaving you open to being tracked; open federated protects you from being tracked with a cost of having less control over how public your engagement is (and will remain). Some people do not understand this and will change the way they engage if they understand.

There is a lot of misinformation I am seeing (or at least glossed over information) that will potentially lead less informed to peril. I am hoping to provide clarity and maybe shift the attitude of some of the more technical among the community. Not everyone is educated in the same domains, and not every one will grasp some of these concepts easily.

Every thread started along the lines of "Discovered X in Lemmy is not private” is followed up with a comment “Eh, not really an issue. And I reviewed the code myself, an account deletion removes everything from the db”. I push my glasses up: “Ackchyually, that isn’t really true in practice. If defederation happens, or otherwise disconnected, (which always will happen in some capacity) a copy will remain in Lemmiverse, forever". This is followed up with “well duh, that is how federation works, and everything you post on the internet is copied and there forever. It is no different than a scrape or a screenshot”.

There are nuanced but very important distinctions to a scrape or screenshot and a federated, distributed, indexed copy. Those distinctions will change the way many engage with the platform.

Most people are not having screenshots taken of every post they make, when they make them. Most don’t have to be concerned with wildly compromising material tanking their run for office. It takes a high degree of intent and effort for someone to go to external, and unauthorized sources of duplication. It may not be a complete profile history. Most archives are not going to be indexed and easily searchable on mainstream search engines. Unauthorized archives can get sued into oblivion or otherwise disappear.

Not everyone is able to grasp a platform that acts kind of like a single entity but is not a single entity, especially if they are a refugee from a monolith platform. Many just see it as a single entity initially and when they see “removed from the db” they will assume any such action means platform wide.

A federated copy is automatic and effectively instant by design. A federated copy will be a complete profile. A federated copy will show up in federated searches. A federated copy could end up readily showing up in external indexes. A federated copy may have engagement the user isn't notified of. A user on an instance where defederation has happened may easily come across an entire profile history in a frozen state. Attention can be brought to content that the user desires censored because it will say “edited” or "deleted by user X" and a SnoopyJerkison could just switch to an instance account that has a copy with two clicks in the official app.

I have made an informed decision on how I will engage by recognizing this. I’ve accepted the folks my local are always going to see my spelling as impecab.. impeccibahh… very good, while some other local may see me as the philistine that I am before an edit. I will inevitably doxx myself in some way but it might be nice to have a stalker. It’s just me and the damn dog on our private fiberglass island here and she isn’t much of a conversationalist. I am in a place in life where I’m pretty comfortable with myself and have no problem walking around here with no pants on. Not sure why I recently got onto using pant idioms at every opportunity, but I have accepted that if it follows me around with folks replying, “I know you, you're that guy with no pants!”, I won’t be able to go back and remove the sources of the reference platform wide.

I’ve made comments I cringe a little at. Entirely benign and nothing I’m losing sleep over, but in haste they were not expressed in my usual voice nor really contributed to the discussion. If I had hesitated longer I would not have responded. Point being: I’m the one ringing alarm bells about this and I am still having to remind myself of the nature of federation.

Some people may not be comfortable with this, or could become less comfortable later. They should not be led to believe that it is a simple matter of “the internet doesn’t forget, but you can delete it from the platform” and understand they need to be very cognizant and thoughtful in how they engage because federation is very unforgiving and really doesn’t forget. This is a feature, not a bug. At its core, federation is balancing many goals. From censorship resistance, community safety, to privacy. It can actually provide an extreme level of privacy. But people will make mistakes, that will remain here, right in their face, if they aren’t extra careful. It won’t be in some dark archive. It won’t be in a screenshot never taken and never posted. The reminder of an accidental slip up will be here to perpetually haunt them. They will leave (likely traumatized by it for years to come).

A federated copy will have the perception of being more legitimate, true or not. The common, non-technical, person won’t understand if they find something you post hosted on a site you are ideologically opposed to, which it will be. Imagine my embarrassment at the next Pantless-Meeting-Pantless event when I get stopped at the door and shown the posts they believe I have actively made on “never-nude.social”. “But… but.. federation!”. “Ok Captain Kirk. Here’s your pants. Now scram!”

Some want to have assurance they can remove content platform wide for other reasons. Revoking support for a platform is one that seems to be in vogue right now. I’ve seen posts like “that site we hate is restoring our retracted posts!”. But I’ve seen cases right here on Lemmy where a user has censored all their content, only to come across that same content on other widely used instances completely intact.

This loss of edit access happens fast. Every user at this local will be aware of the high profile cases of defederation. This is a feature by design, and one you can expect more of I suspect. There are also simply errors in federation at times. I’ve lost access to copies on a popular instance the second I posted them.

Maybe this will change. It will be a monumental challenge. And it isn’t the case now. Users have to fully understand this.

“So what, screw the normies. Let them find out the hard way. It’s getting too crowded here anyway. Like you pantless sinnerdotbin! Git outta here if you don’t like it here in the wwwild-wild-west”.

Yet another aspect some are failing to recognize: many of the instances exist in places where they do take privacy very seriously. There are laws about disclosing collection, use and retention of data. One day you may visit your trusty local and you may find a blank page with a single statement: “I keep having very expensive embodied suits appear on my doorstep holding crisp manilla envelopes. I may be breaking the law. I am shuttering immediately”. Hope I didn’t want a reputation of wearing buttless-chaps instead of no pants ‘cause I ain’t got access to modify any of it now.

I’ve seen admins advising others to block EU in their firewall because they are aware of this liability and the lack of a privacy policy. That is a big part of the world that will have limited contribution to this movement.

Policies go a long way to establish user trust. I have gained a high level of confidence in some admins. They are competent, capable, and thoughtful about their users. People have been investigating hardening beyond what I would expect from any admin. They could showcase this level of care and intent by explaining it in their policies.

Privacy policy frameworks can also help new admins navigate responsibilities that keep their users, and the wider platform, safe.

Don’t hand wave this aspect away with “don’t post anything you don’t want public on the internet”. This is a totally different beast. Educate those not as fortunate as you to understand how this actually works. It is designed for your actual traceable information to be kept safe by the gatekeepers, the admins. Users must be highly aware: everything else you do here is public in a way you may never have experienced before.

Don’t hand wave the concern about post/profile/vote/message privacy, explain how the privacy goal is different here and how one might mitigate the aspects they are not comfortable with.

I have started a project where I intend to provide basic policy frameworks that one might use as a point of reference and I would very much like further input on it.

https://github.com/BanzooIO/federated_policies_and_tos/

These policies are going to be terrifying for the uninitiated. I have drafted an optional privacy policy preface that may help admins express the clear distinctions between their responsibility, their users’ responsibility, and the actual real privacy goals in this emerging space.

https://github.com/BanzooIO/federated_policies_and_tos/blob/main/optional-privacy-policy-intro.md

  • End transmission, engage pantalon. Zip
5
Privacy Policy (lemmy.ca)
submitted 1 year ago* (last edited 1 year ago) by sinnerdotbin@lemmy.ca to c/privacy@lemmy.ml

So it seems that no instance has published a privacy policy, many users are asking about such a thing (as they should), and much confusion on how federation happens among users AND some admins. I feel this is pretty important to the survival of Lemmy to work out a privacy policy framework.

Yes, the argument that "everything on the internet stays forever" is true, but there is a big distinction between captured copies, and some of the unique data distribution / management issues that come up with a federated service. It is important to inform the user of this distinction. It is also important to inform them how early the development is.

It is going to scare the pants off some users. I'd argue an educated user on an totally public platform is far more safe than an uneducated one on a closed platform, but let the user decide that for themselves. I'd much rather scare the pants off them then have them coming for me once they get caught with their pants down and feel I didn't do enough to warn them. Can you imagine hundreds of thousands of pantless lemmings with pitchforks coming for you? Not a pretty image.

I AM NOT A LAWYER, but I have created a template based on the Mastodon privacy policy if anyone wants a basic framework to start from:

https://github.com/BanzooIO/federated_policies_and_tos/blob/main/lemmy-privacy-policy.md

I am not overly experienced with instance management yet, but I have done my best to cover all aspects of how data is federated. Please contribute in correcting any errors.

I also feel it is important for admins to disclose the current lack of SSL support in connecting to PostgreSQL and what the local admin has done to mitigate the risk.

Issues on open on the topic of privacy policies here: https://github.com/LemmyNet/lemmy/issues/721 and https://github.com/LemmyNet/lemmy-ui/issues/1347

[-] sinnerdotbin@lemmy.ca 4 points 1 year ago* (last edited 1 year ago)

This is assuming your local is still federated. If your local gets defederated you currently have no control over any previously federated copies of your posts / comments / votes.

[-] sinnerdotbin@lemmy.ca 3 points 1 year ago* (last edited 1 year ago)

Unless they are going for a distressed finished look, this is a horrible idea. Even with experience there is no way you'll get a flat finish; without experience you'll have deep pockets and very uneven, rounded corners. Maybe slightly faster than a belt sander, but it'd be negligible and definitely not after all the finish sanding that will be required after.

view more: next ›

sinnerdotbin

joined 1 year ago