Just some Internet guy

He/him/them 🏳️‍🌈

  • 0 Posts
  • 4 Comments
Joined 2 years ago
Cake day: June 25th, 2023
  • Max-P@lemmy.max-p.metoAsk Lemmy@lemmy.worldWhy is open source software assumed to be secure?
    4·
    6 days ago

    It helps hackers sure, but it also help the community in general also vet the overall quality of the software and tell the others to not use it. When it’s closed source you have no choice but to trust the company behind it.

    There’s several FOSS apps I’ve encountered, looked at the code and passed on it because it’s horrible. Someone will inevitably write a blog post about how bad the code is warning people to not use the project.

    That said, the code being public for everyone to see also inherently puts a bit of pressure to write good code because the community will roast you if it’s bad. And FOSS projects are usually either backed by a company or individuals with a passion: the former there’s the incentive of having a good image because no company wants to expose themselves cutting corners publicly, and the passion project is well, passion driven so usually also written reasonably well too.

    But the key point really is, as a user you have the option to look at it and make your own judgement, and take measures to protect yourself if you must run it.

    Most closed source projects are vulnerable because of pressure to deliver fast, and nobody will know until it gets exploited. This leads to really bad code that piles up over time. Try to sneak some bullshit into the Linux kernel and there will be dozens of news article and YouTube videos about Linus’ latest rant about the guilty. That doesn’t happen in private projects, you get a lgtm because the sprint is ending and sales already sold the feature to a customer next week.

  • Max-P@lemmy.max-p.metoSelfhosted@lemmy.worldIs my domain "burnt" when hosting my first Fediverse technology?English
    1·
    9 days ago

    The main issue is when your instance starts federating, accounts are created with a key pair that you will lose when changing software, and generally a whole bunch of URLs will no longer be valid. The actor ID of your user is https://feddit.org/u/buedi, not just buedi. Mastodon might make it https://feddit.org/@buedi instead. As per the spec, that is the canonical URL for the user/actor.

    Other instances will still try to push content to your instance assuming the software it was registered with. So you may continue to receive data for Lemmy communities which Mastodon has no clue what that is or what to do with it.

    You can host the API/frontend on a different domain no problem, but the actual ActivityPub service should be on a dedicated subdomain to avoid the issues.

    That said, I believe after a couple days/weeks, it should eventually sort itself out as your instance keeps erroring out and gets dropped and reregisters with the new software.

    https://seb.jambor.dev/posts/understanding-activitypub/