I understand the sentiment… But… This is a terribly reasoned and researched article. We only need to look at the NASA to see how this is flawed.

Blown Capacitors/Resistors, Solder failing over time and through various conditions, failing RAM/ROM/NAND chips. Just because the technology has less “moving parts” doesn’t mean its any less susceptible to environmental and age based degradation. And we only get around those challenges by necessity and really smart engineers.

The article uses an example of a 2014 Model S - but I don’t think it’s fair to conflate 2 Million Kilometers in the span of 10 years, vs the same distance in the span of the quoted 74 years. It’s just not the same. Time brings seasonal changes which happen regardless if you drive the vehicle or not. Further, in many cases, the car computers never completely turn off, meaning that these computers are running 24/7/365. Not to mention how Tesla’s in general have poor reliability as tracked by multiple third parties.

Perhaps if there was an easy-access panel that allowed replacement of 90% of the car’s electronics through standardized cards, that would go a long way to realizing a “Buy it for Life” vehicle. Assuming that we can just build 80 year, “all-condition” capacitors, resistors, and other components isn’t realistic or scalable.

Whats weird is that they seem to concede the repairability aspect at the end, without any thought whatsoever as to how that impacts reliability.

In Conclusion: A poor article, with a surface level view of reliability, using bad examples (One person’s Tesla) to prop up a narrative that EVs - as they exist - could last forever if companies wanted.

I normally would, but my wife has the same problem and she’s done that 3 times in the last 6 months. In fact, her problem became MUCH worse because the “clean slate” was far more impressionable. She’d search up beauty routines, only to find that Youtube thinks she now wants to see “popping” videos, even though she’s now searching for dinner recipes.

So yeah, I saw her experience and decided “no thanks”.

To be fair, MOST of YouTube I watched can be found on Nebula and Floatplane, both of which will likely not have this issue since it’s not a user-content platform. Not to mention, the creators likely make more from those platforms anyways.

YouTube is basically unavoidable though, so now I just view everything through a piped instance if I absolutely need something that can only be found there.

I used to subscribe to YouTube premium as of just a few days ago. Even without the ads. There was something very seriously wrong with the suggestion algorithm.

I was getting cartel violence videos, and dead animal videos. Never watched one before in my life. Yet. YouTube seems to think that I should want to watch this crock of shit. This started coming up about 6 months ago. Until now I’ve been reporting each video as they come up. But that doesn’t seem to help at all.

At this point I think YouTube is a danger to society - if it’s recommending cartel violence videos to me unsolicited, what are they suggesting to my nieces?

I have completely nuked it from my life. Almost all of the YouTubers I like are on Nebula or Floatplane so it doesn’t feel like I’m missing much.

With today’s announcement, I’m super happy you did this 4 days ago. Time to make a few clones myself.

As somebody with autism. I find this take lacking nuance. You see for me these tools represent a huge leap and accessibility for me. I can turn a wall of stream of consciousness text into something digestible and represents myself.

I find myself constantly exhausted with the societal expectation that I review, edit, and adjust my own speech constantly. And these tools go a long way to helping me actually communicate.

I mean, after all nothing changes for me. People thought of me as a robot before. And I guess they can continue to think I’m still a robot. I’ve stopped giving a crap about neurotypical expectations.

I mean I take a less extreme take. But I definitely resonate. As somebody with autism, it’s really nice to have an impartial chat assistant to turn my stream of consciousness wall of text into something far more digestible. Trying to do so myself often takes hours to construct a message a couple paragraphs long. Where I checked and double check and triple check for anything that might offend somebody or come across strange or not flow well. Etc etc etc.

A lot of these articles don’t really investigate the accessibility aspect of these tools. And I really wish they did. I know if one of my friends used chatgpt to help with their messages, I would be completely fine with it.

I dunno what this GM is doing but I find that ChatGPT (GPT4 particularly) does wonderfully as long as you clearly define what you are doing up front, and remember that context can “fall off” in longer threads.

Anyways, here’s a paraphrasing of my typical prompt template:

I am running a Table Top RPG game in the {{SYSTEM}} system, in the {{WORLD SETTING}} universe. Particularly set before|after|during {{WORLD SETTING DETAILED}}.

The players are a motley crew that include:

{{ LIST OF PLAYERS AND SHORT DESCRIPTIONS }}

The party is currently at {{ PLACE }} - {{ PLACE DETAILS }}

At present the party is/has {{ GAME CONTEXT / LAST GAMES SUMMARY }}

I need help with:

{{ DETAILED DESCRIPTION OF TASK FOR CHAT GPT }}

It can get pretty long, but it seems to do the trick for the first prompt - responses can be more conversational until it forgets details - which takes a while on GPT4.

Thank you for the measured take on this.

You are correct, I don’t intend to pressure or cause harm! But I certainly see the results, and it is indeed pressure. As another commenter pointed out, there are many instance admins who work a bit closer to the team on the Matrix chatrooms and that’s their preferred method of communication. Now that I know this, I’ll let things cool down and join myself. I definitely intend to contribute where I can in the codebase, and I wouldn’t dream of escalating to public pressure for smaller concerns.

However, I have a slight, and perhaps pedantic disagreement about making changes. In this case, the request was for not making a change. If it weren’t for the fact that the feature was already ripped out it would be as simple as not removing it (or in this case re-working it a bit). I understand that it isn’t the current reality, and that it required work to revert - and if not for a ton of spambots, I think It would’ve been easier to adapt.

Ultimately it will take time to discuss workarounds and help others implement them, and the deadline is ultimately the arrival of the version that drops the older captcha (or was, in this case - it’s getting merged back in as we speak - might even be done now). With that reality, I had a sense that this could be an existential problem for the early Threadiverse.

I definitely didn’t intend to suggest that the Devs were in any way at fault here. I read the github issues enough to come with the takeaway was that the feedback they were receiving seemed to be “Admins and devs alike are okay moving forward and opinions to the contrary are minimal, let’s move forward”. It was definitely intended to be a way to communicate using raw numbers (but not harassment). I’d like to think I’m fairly pragmatic in that if it IS working for folks, then that is a contrary opinion, and that it was missing.

Where I definitely failed was my overly emotional messaging. It’s certainly not an excuse, but my recent autism diagnosis does at least help explain why I have an extremely strong sense of justice and can sometimes react in ways that are less than productive in some ways.

As for the licensing, I agree! I’m talking to some good friends of mine because I want to take my instance WAY further than most others - goal is a non-profit that answers to Tucsonans and residents of larger Pima county rather than someone not in the community. There’s just a lot of features this concept would need that it might diverge so much from the Lemmy vision that it needs to be something new - and hopefully a template for hyper-local social networks that can take on Nextdoor.

Interesting, I definitely see mine. I’m wayyyyyy at the bottom of the popular section, (likely due to the 9 bots that added themselves before I banned the accounts.).

I wonder if one of the settings in your firewall is blocking that particular bot?

I don’t recall when I would’ve done the same, but I do recall not being on join-lemmy until - well - now actually.

Oh! I just remembered something. Isn’t there a site that recommends a lemmy instance? Might it make sense that multiple users found your website because they change the recommendation to distribute new users to smaller instances (hourly perhaps)? Does that sort of pattern hold in this case?

5 huh? That’s actually noteable. So far I haven’t seen a real human user take longer than a couple of hours to validate. Human registrations on my instance seem to have a 30% attrition. That is, of 10 real human users, I can reasonably expect that 3 won’t complete the flow. It seems like your case might be nearing 40-50% which isn’t unheard of but couple this with the quickness that these accounts were created - I think you are looking at bots.

The kicker is, though, if one of them IS a real user, it’s going to be almost impossible to find out.

This is indeed getting more sophisticated.

I wish I could see this time period on a cloudflare security dashboard, I’m sure there could be a few more indicators there.

Guess I best get over there then. Sounds like a place to voice my concerns without resorting to public appeals.

You just said you’re only interacting with a small group of independent admins, but now you’re making a conflated statement of “many Admins”.

I can be working with a small set of independent instance admins (brought together by a newer instance and discussions mostly through discord) and I’ve helped them test a few things and our little discord meta-community is already constructing new features, auto-posting bots of different types (RSS feeds, even posts, etc), and a few other things.

However, this is different from “Most Admins” where my interactions are largely based in the meta/support channels for other instances. This is a much more confusing population to me since many were exposed to the entire “Lemmy is for Authoritarian Communists” that was making the rounds on reddit. It’s resulted in a newer cohort of Admins that aren’t nearly as friendly to the development team.

The only reason you got what you wanted in the end was because someone else put in the work to make it happen

Nah, I would’ve made the change myself, but it wouldn’t do a darn thing because it depends on the inherent security of less technical admins. This project is as much impacted by individual decisions as they are collective ones.

And until the maintainers changed their mind, they likely wouldn’t have allowed a resurrection of the old Captcha anyways - so your point about another person “doing the work” only was really possible once the maintainers communicated that it was acceptable. Because, as stated in my previous point, an individual instance with this change (reverting captcha) doesn’t protect them from instances that don’t.

This all points back to my original point which revolves around new admins understanding the importance of engaging the maintainers and making themselves heard. The fact that people who already do this took offence to my post is a little bizarre because I’m clearly not talking about the people who have been communicating.

Sure, those who’ve been with the Fediverse for a bit are familiar with Matrix and how to use it to communicate back to the core developers. But the new influx of instances and their admins either A - don’t know where to go, B - don’t care, or C - are so ideologically opposed to the rumors they want nothing to do with them.

Huh, that is interesting, yeah, that pattern is very anomalous. If you have DB access you can try to run this query to return all un-verified users and see if you can identify if the email activations are being completed:

SELECT p.id, p.name, l.email FROM person AS p LEFT JOIN local_user AS l ON p.id=l.person_id WHERE p.local=true AND p.banned=false AND l.email_verified='f'

Not so sure on the LLM front, GPT4+Wolfram+Bing plugins seems to be a doozy of a combo. If anything there should be perhaps a couple interactable elements on the screen that need to be interacted with in a dynamic order that’s newly generated for each signup. Like perhaps “Select the bubble closest to the bottom of the page before clicking submit” on one signup and “Check the box that’s the furthest to the right before clicking submit”?

Just spitballin it there.

As for the category on email address - certainly not suggesting they remove supporting it, buuuuutttt if we’re all about making sure 1 user = 1 email address, then perhaps we should make the duplication check a bit more robust to account for these types of emails. After all someuser+lemmy@somedomain.com is the same as someuser@somedomain.com but the validation doesn’t see that. Maybe it should?

The language of your post was quite hostile and painted (and continues to paint) the developers as being out of touch with instance admins. The instance admins are already “loud, clear and coordinated”, and are working in full communication with the maintainers.

Right now the instance admins that I’m working with are largely independent with only a couple of outliers. The newer instances that have just joined the fediverse didn’t really echo back their concerns. So while you’re statement might be true (I dunno, I don’t see any coordination, and it’s not always clear what admin concerns are important.) the rapid growth has brought even more stakeholders and admins to the fediverse. Some far less technical than others. I’m going to need more proof of deeper coordination, because as it stands many Admins say “Devs are tankies” and refuse to federate with the maintainer’s instance, let alone contribute code or money.

The majority of PR’s coming into the project are coming from instance admins seeking to solve their personal pain points. Both the issue and the PR you’re referring to were created by ruud…

This is a new phenomenon, the total lines of code written by the primary devs are still much larger than any other combination of PRs. I don’t envy the position of having to sort through thousands upon thousands of PRs that may or may not coincide to the project’s vision or code quality standards. Rolling back to a known prior state is almost always lower effort than minting a fresh new implementation.

Also, ruud did not create the PR I’m referring to, that honor goes to TKillFree. Heck, why do you think I’m attacking the author here rather than trying to bring more weight to his Github issue? It’s because of ruud that I even know what’s going on - and the instance admins I know were pretty clueless about the pending change.

I’ll grant you that my tone and signalling needs work, but I do think that an attempt to rally more folks did indeed influence the solutions that the maintainers were willing to accept. From “New, better implementation only - remove the existing flawed one now” to “Okay we can keep the flawed method, but we need an enhanced version and soon”.

At this point its hard to tell because we don’t live in a universe where I didn’t make that post to compare. Maybe you’re right and this would’ve all shaken out eventually.

Hmmm, I’d check the following:

1. Do the emails follow a pattern? (randouser####@commondomain.com)
2. Did the emails actually validate, or do you just not see bouncebacks? There is a DB field for this that admins can query (i’ll dig it up after I make this high level post)
3. Did the surge come from the same IP? Multiple? Did it use something that doesn’t look like a browser?
4. Did the surge traffic hit /signup or did it hit /api/v3/register exclusively?

With those answers I should be able to tell if it’s the same or similar attacker getting more sophisticated.

Some patterns I noticed in the attacks I’ve received:

1. it’s exactly 9 attempts every 30 minutes from the user agent “python/requests”
2. The users that did not get an email bounceback were still not authenticated hours later (maybe the attacker lucked out with a real email that didn’t bounce back?). There was no effort to verify from what I could determine.

Some vulnerabilities I know that can be exploited and would expect to see next:

1. ChatGPT is human enough sounding for the registration forms. I’ve got no idea why folks think this is the end-all solution when it could be faked just as easily.
2. Duplicate Email conflicts can be bypassed by using a “+category” in your email. ie (someuser+lemmy@somedomain.com) This would allow someone to associate potentially hundreds of spam accounts with a single email.

I’m confused - that’s almost exactly what I said, albeit in a very condensed form.

Once you take a Discretionary bonus and then make it into an incentive (i.e. This year the Christmas bonus must be earned by doing X, Y, Z) and adding stipulations to the bonus that are tied to worker output turns it into a non-discretionary bonus.

Promissory Estoppel is the basis for why non-discretionary bonuses are a category. There is a perceived promise of a bonus that people work for, but then are denied which can cause knock-on effects for the people to whom that bonus is owed. A bonus is discretionary up until the point it’s used to get people to work longer or perform better.

Sure the general term is Promissory Estoppel, but that’s a much weaker regulatory framework than Pay and Labor laws around non-discretionary bonuses.

If there is something else I’m not understanding here please enlighten me further. If it’s not “accurate” I invite you to help me be more accurate.

Eh, this situation seems more like the “admins”/power users of the software saying “How can you not need us?” - and for them, that’s more of a point. These are the people who submit bug reports, code features or plugins on a weekend, and generally turn your one product into a rich ecosystem of interconnected experiences. One can argue that the project doesn’t technically require their participation, but they do enhance the project in many different ways.

open-source entitlement is a thing, but I’m not sure that this is the same thing. I for one would be happy to submit changes (and even have a couple brewing for my own use on my instance). Just don’t make the spam problem worse in the meantime by pushing out a version that’s missing a crucial (if imperfect) feature.

You won’t see me making call to action posts for undelivered features or other small-fry items. I’m a dev, I get it.

But there are always times were vulnerabilities come up and a dev might not otherwise know that it’s being exploited. It’s one thing to have a feature to fix that vulnerability and get to it as part of your own priority list. It’s another when that vulnerability is actively impacting the people using the software - that’s when getting vocal about an issue is appropriate to help me alter my priorities, IMO.

Looks like someone already opened a PR to roll back to a retrofitted solution (I had to wait until the weekend before I could find the time to work on this).

The devs are willing to accept a retro-fitted captcha (rather than just mCaptcha) in time for v0.18 and they communicated as such about 9 hours ago (for me). So for me, my push for visibility is complete unless they block the incoming PR for whatever reason. The devs have been made aware that this is contentious and the community could be impacted negatively and they see the need for it.

For me, that indicates that the Lemmy devs will listen to key, important issues, that impact the health of the larger fediverse as long as the community is clear about what the largest issues actually are.

A lot of folks here characterized me as someone wanting to “brigade”, but that’s not quite true. I just know that sometimes developers don’t know what’s going on with admins unless the admins are loud, clear, and coordinated. That doesn’t mean that I was asking folks to “force” the devs to do anything or be abusive, just that enough feedback might convince them to see things from a different perspective than a perfect technical solution.