The code is open source. Nothing is obscured.

“Security-by-obscurity” is a phrase used for any measure that is useless once you know how it works. In this case it’s hoping that a troll doesn’t know about the specific hardcoded rules. None of the rules in PieFed actually work if you are at all aware of them.

Thanks for clarifying, I guess I misremembered the shadowbanning part. I think I was mixing together the fact that reputation isn’t really transparent (users’ reputation can change by even attempting to upload an image that gets flagged, and the vague error means they’ll probably try multiple times without realizing they’re being moderated) and the fact the communities can autoban any user whose global reputation is low enough.

I still think the security-by-obscurity approach to moderation is inherently flawed though, and I hate to imagine how the dev approaches actual account security if that’s their approach to moderation.

Honestly I would consider [user-obscured] hardcoded shadowbanning just as bad.

Just because I’m closer to agreeing with the PieFed dev’s opinions a little bit more doesn’t mean that I’d support shadowbanning someone because the trivially-evaded checks caught a false positive in the crossfire. Piefed’s auto moderation/social scoring is pretty much textbook definition security-by-obscurity. The second anyone knows how it works, it’s useless. It will pretty much exclusively catch people who just wanted to post a harmless meme or something.

At least (for now) Dessalines isn’t hardcoding his tankie beliefs into Lemmy’s source code.

Edit: Blaze is right, it isn’t shadowbanning, but the rest of my point still stands, added the [] part to clarify

There were a few, not exaustive since it’s been a few months since I looked through the source code, some of this might have changed and there’s also a few other checks that I’m forgetting:

• 4chan screenshots (specifically anything that OCR identified as having “Anonymous #(number)” in it) were banned. Honestly this one is fine as a toggle but I think for a while it was just on by default in the code
• any community that had specific words in it were blocked at instance level. I think “meme” was there, a few swear words, and a few carryover reddit meme community names (196, I think nottheonion was also there, anything with “shitpost” in the name, etc.)
• There’s a hidden karma/social credit score based on a user’s interactions and net total karma hidden from them that gets impacted by any moderation actions, including some of the automated hardcoded ones (e.g. even trying to upload an image that gets flagged by the hardcoded checks). In some cases the user is not informed of any of these changes (the image upload will appear as a generic image upload error)
• users with a low enough net score can be automoderated at both a community and instance level

Edit: the other thing is, a lot of this hardcoded moderation isn’t documented anywhere outside of the code, likely because a lot of the measures would be useless if people knew how they worked

Edit 2: updated based on Blaze’s reply from another comment, I misremembered the shadow banning, I was confusing it with the federation errors that occur when one user blocks another

Tbf Piefed also does have opinionated moderation literally hardcoded into the source code.

It’s pretty easy to modify since it’s python and not rust, but still not great

I misread it, seems like it’s just the Omarchy theming system it has integration with. My point mostly still stands though, going out of the way to support Omarchy’s system is still a red flag.

For those unfamiliar, the creator of omarchy is a pretty open white supremacist and transphobe among many other things. This blog post does a pretty good job of outlining everything:

https://davidcel.is/articles/rails-needs-new-governance (He also created Ruby on Rails, hence the article title, the focus of the article is mostly on that but it gives a detailed background on DHH as well)

GTK 4

Omarchy

Built-in AI integration

I think I’ll pass…

Kirigami is built on top of Qt by KDE

To be fair, Linux isn’t developed on GitHub (it’s developed on the Linux Kernel Mailing List and kernel.org) and most of the spammers knew that going into it. The PRs on that repo were mostly just people trolling any bystanders that took it seriously until the internet did what they do best and took the joke too far.

In this specific example they didn’t waste anyone’s time or resources because it was never being used or monitored in the first place.

Edit for more additional context: Linus (who created git in the first place) mentioned not liking centralized git servers so he’s specifically said for multiple years that he never considered actually moving development over to something like GitHub

That’s exactly my point. Giving away the exact town you live in to strangers on the Internet is not good advice to give people generically.

Maybe I could see country or even general region, but town?? Why would I want to publicly give away my location like that?

They forgot “CM” so this doesn’t work for any number that ends in 900s

Ubuntu 18.04 (2018) -> Manjaro (2019-2021)-> Arch (2021-2022) ->EndeavourOS (2022-present on my desktop) ->NixOS (2024-present on my laptop)

The Lemmy backend is also written in rust

The irony of this meme being posted from a platform written in rust is pretty great ngl

This works, thanks!

I don’t think it’s a process ID? I have 2 virtual pipewire devices (one called “chat-mic” and one called “chat-speaker”). Pipewire devices (nodes) also have ID numbers, but they are assigned when the device is initialized on startup and aren’t guaranteed to be the same between reboots

Doesn’t W3C already maintain the ActivityPub protocol?

Edit: nevermind I misunderstood this

Probably performance - the Java server takes up a lot of memory and CPU for what it does. The base implementation first started in 2011, so it wasn’t exactly designed to be multithreaded or parallelized because most games were still largely single-threaded at the time. Rewriting it from scratch in a different language probably helps with that

Signal is private in that other people can’t intercept your messages, including signal. The signal app is open-source so you can be relatively certain it’s not tracking your decrypted messages, unlike closed-source apps like WhatsApp or Facebook Messenger or any other private social media.

Signal is not anonymous from an account standpoint, because you need a phone number to sign up, even if you can choose not to display it in your account.