• 0 Posts
  • 4 Comments
Joined 3 years ago
cake
Cake day: July 9th, 2023

help-circle
  • We’re going to have to start treating it like email with anti spam filtering and reputation. Things like rspamd are very advanced with a lot of signals that it uses.

    Right now, the best part of the Fediverse is its weakest point: federation. I can easy spin up my own instance, connect it to lemmy.world and start posting. I can create accounts to make it look legitimate and it takes admins on one or more instance to first start banning individual accounts, then realize the entire instance should be banned. I can then create more domains if I want to. Lemmy.world uses CloudFlare’s anti-bot (which has its privacy ramifications) but that can be trivially be bypassed with federation.

    I’ve been thinking Lemmy needs automated anti spam (content filtering) that then feeds into user and instance reputation to automatically flag domains, IPs, etc.

    Look at the recent posts about Reddit’s anti-spam practices, it has the advantage of a single system able to collect a lot of metrics. Unfortunately you kind of need it to fight advanced spammers.



  • Partially. I started with hosting my own llama3.2 + granite4 models using Ollama for my Home Assistant smart home and for general chat with OpenWebUI. I also run whisper for speech-to-text locally on my 1080 Ti GPU. I like the privacy and ownership of my self-hosted models, but I started to run into limitations with the small weights. So I built some tools that allow me to selectively route traffic to larger models hosted on DeepInfra depending on my need. For example, to GLM/Kimi models for code reviews or for my custom harnesses or harder problems.


  • It’s a question of security risk profiles.

    Security ultimately often times comes with a tradeoff for user experience or privacy.

    How does device integrity checks materially affect the security posture for theft when considering this system? Presumably the security checks for remotely unlocking a car is based around credentials and authN/authZ for the unlock service call?

    Enforcing client side security has entered the picture recently, but a lot of it comes from security checklists from people saying did you add this check? Sure adding a device integrity check may stop at least one malicious actor, but is it worth the cost? To most companies, they’re going to say they don’t understand or care about the impact.

    They could just go back to key fobs since those can’t run arbitrary code.