How about using LDAP? It’s a bit complicated to learn but it’s easy to integrate it in a bunch of applications and it allows you to manage user accounts and permissions in one central place.

Maybe try LLDAP which is a modern implementation (haven’t used it myself) which is designed to be simplified and I assume more welcoming to newcomers.

Their search results constantly impress me and honestly it’s 10 bucks for unlimited searches, it’s worth it even if it’s not a business expense, plus since you’re paying for the service they’re less likely to track you. I wish their code was FOSS, but I’ll take it, still better than google, bing, and all the others I’ve tried.

Also they actively promote the small web and you can even personalize your search results by removing websites you don’t like from the searches (for example I have a lot of big tech websites blocked)

Actually other search engines do much better with Lemmy. Kagi’s search works wonders if you select the filter for Fediverse Forums. And you can assign that filter to a bang, such as !lemmy, so that when you search “!lemmy query here” it’ll search only on the fediverse A few examples:

And this ladies and gentlemen is another reason why we should try to escape big tech’s grasp.

In general I agree with you. I find that most FOSS software is more polished than proprietary software, and it is generally more powerful.

However, I think that one problem that people somehow overlook in my opinion is that the financial side of the issue is also extremely important. I want more people to work on quality FOSS software, and I want it to become socially acceptable to work on FOSS as your main job. For that one thing is needed in my opinion: we as users of FOSS software need to give developers the financial incentives to work on what they love the whole time. In fact I want it to reach the point where immoral, non FOSS companies struggle to find developers because they’re all working on FOSS.

I’ll use that in the future haha

As the person being accused of this, I’d like to know, too.

Didn’t know about mitra, thanks for sharing!

Regarding Linus’s quote, I completely agree with him and that’s mostly why I asked for feedback; I don’t have the time to work on this myself at the moment, and even if I did I want to hear conflicting opinions on the implementation before I did anything

That’s fair, I mostly came up with the idea because I saw a comment mentioning awards like in Reddit and I’m a huge proponent of paying for FOSS applications and for content online, so that’s why I opened this up for discussion

I really don’t want to turn this into a crypto discussion, if you think there are better alternatives I’m open to hearing about them; I’m mostly interested in rewarding people for their content and paying for instance admins and lemmy developers. You’d be surprised how much you and I probably agree on regarding crypto

I can see your point but don’t you think that monero adds friction? you want something quick and easy that users don’t have to think about

deleted by creator

deleted by creator

deleted by creator

if you program the firmware directly your program can be stored, but it requires you to also buy the firmware writing tool and the FPGA unlocked version of the product (FPGA can be locked after writing it naturally)

what FOSS library do you maintain?

Quick aside, there won’t be a USB D (unless the USB people change their mind yet again), it will be something different from USB. The idea was to have USB A be what you plug on your source and B on your destination and was designed as a way to avoid power surges in the original 1.0 spec because the A side was physically different from the B side you weren’t ever going to plug in something that sends power to something that receives power (basically it prevented users from breaking their devices on accident). USB C changed that with a chip on each cable that handles negotiation before agreeing on a power spec

The concept of competition among tech companies has done a complete 180 on its original meaning. It’s no longer predominantly about crafting superior products; rather, it’s become a race to secure the largest amount of investor funding.

In this transformed landscape, the product itself and revenue generation often take a backseat, or at best, hold a tertiary importance. The heart of customer-centric ethos, especially crucial elements like data security, are now distressingly overlooked. What matters is getting the next investment to become the next “unicorn” and be acquired for billions of dollars. Silicon Valley Companies want the easy way out, do only a fraction of the work for an exponential amount of the benefits.

Don’t get me wrong, there are reasons to seek investment, getting a good product built is actually complex and you actually need a lot of different people working on it. The alternative is losing years of your life on a sisyphean ordeal of soul-crushing, hundred-hour work weeks (and that’s real work, not “let me check twitter” work), making you question your life choices and whether you should just throw it all away, abandon technology, become a hermit and move to a shed in the mountains.

The problem is that the EXPECTATION today is that you’re gonna build a third of a product, care about 1% of the actual business behind it and then pivoting exclusively to the pursuit of investment, letting everything else rot

It was encrypted and only decrypted on the user’s machine. It’s called TLS.

How is TLS relevant in this discussion? In this specific case TLS only solves MiTM, that’s it.

Well of course I did - all you said was “use encryption” like that meant anything specific.

It was an offhand comment in a lemmy post, of course I’m not gonna go into details… but fair enough

[…] isn’t materially more secure than properly implementing WebAuthn or even requiring MFA.

This is a bit disingenuous, don’t you think? To be clear I like WebAuthn, I think it’s a great technology that I’ve been evangelizing about it to coworkers and friends for years, it’s definitely the future of authentication, but that’s only marginally relevant, in the case of sensitive data like this you want the data to be both encrypted at rest and during transmission, with a unique pre-generated key, otherwise a rogue employee or in general someone with access to the database can see everything, regardless of anything else.

Fair point!

To be clear I wasn’t arguing that DARE is enough, you are absolutely correct that depending on the situation it isn’t, but in my opinion in this specific case. if the data was DAREd, and sent to the user in its encrypted state and only decrypted on the user’s machine with the user’s key, that’s not stored in any server, it would have completely fixed this specific issue. Naturally, however, to your point, with encryption there is no one-size-fits-all argument!