souperk

souperk , 2 days ago (edited 2 days ago)

Here is a list of note-taking apps:

https://github.com/tehtbl/awesome-note-taking

By the way, I am building my own Journaling system, it's still early stages and I am looking for ideas!

souperk , 3 days ago

Has anyone gone through the documents? Any interesting findings? Is it time to create a website?

souperk , 27 days ago

Jack Dorsey, good or bad?

(bonus points if you get the community reference)

souperk , 1 month ago

Stremio with the local files extension? Not exactly a video player, but if you want to watch movies and TV shows, it will get the job done.

souperk , 1 month ago

I have been thinking about this for quite some time, feel free to add me on matrix (link in bio) if you are interested to collaborate/discuss.

It's interesting to consider a few potential use-cases, as you can see below the technical requirements for each use-case can be vastly different.

Notice, I am assuming that accounts are connected, aka if someone creates a post, that post can reach users of other instances. See the "Connecting Instances" section below.

Use Case: Organizing an Event

Let's say Alice wants to organize a trivia night at the coffee shop she works at. After all the preparations, Alice needs to invite people, so she makes a post with the location, the date, and the announcement of the event.

People following Alice's (or the coffee shop's) account, will be notified of the event and choose to either attend or not. Some may even "boost" the event, so it's reaches more people.

Discovery is not optimal. It's possible, people that live nearby the coffee shop, and would have otherwise attended the event, weren't following the account, as a result weren't notified and missed the event.

Instead, if a location based feed was available, it would have allowed people to find Alice's post and attend the event. The UX for such a feed can be complex, but the backend requirements are pretty straightforward, we need to filter (and/or sort) using the location, date and tags of an event.

All in all, the volume of data is small (not a lot of events happen at the same time and the same area), and the application is not time-critical (if a post takes several of minutes to reach other users it's not an issue as the event is posted days in advance).

Use Case: Short-Term/Live Monitoring

Let's say a group wants to organize a protest march, they know that the police tends to get violent on such occasions, so they need to monitor the police's activity and alert the people accordingly.

So, they create a system where some people are responsible for monitoring the area and regularly upload posts with the exact location of the police. This allows the group to create a map that shows the locations of police blocks and adjust their route accordingly.

While the example is terrible, I believe the use-case is clear. A lot of people, need to monitor "something" that is happening "right now".

Again, probably most of the complexity lies on the UX design, but a few backend requirements are added:

1. There is a large volume of data, and everything is time-critical.
2. There is a need for control on who is able to posts, otherwise ill-willed users will be able to create noise and render the system useless.
3. There is a need for control on who is able to access the information.

Keep in mind that (2) and (3) do not mean that a decentralized platform would be better suited.

Use Case: Long Term Monitoring

Let's say, during the spring, a population of ducks passes through the city. Tourists and locals alike want to watch the ducks, so they start recording sightings.

This information not only allows users that are nearby to rush to watch the ducks when there is a sighting, but also can be used to create a heatmap of the most probable locations to find ducks for a given time of day.

Technical requirements:

1. Small volume of data, but information can be time-critical.
2. Need to generate notifications for users interested to respond to the sighting.

trigger warning

---

I had SA incidents in mind when writing the above example, but I choose a more light-hearted example to avoid needlessly triggering people.

The use-case is pretty much the same. The locations are places to avoid for safety reasons, and people rushing to the scene are either searching for the perp or helping/protecting the victim.

Use Case: Information Sharing

Let's say Bob learns an interesting trivia about the statue on the town square. He creates a post about the trivia and stamps it with the location of the statue.

Here, time is irrelevant to the post, people are going to be interested in Bob's trivia years down the line. However, people need to be able to discover Bob's trivia, and a map is probably the best tool for the job.

Technical requirements:

1. Volume of data depends on population of an area, city centers are going to have more posts that small towns.
2. Nothing is time-critical.

Connecting Instances

Utilising this, we could create a list of Habitat instances that are relevant to a user’s current location, and then query only those instances.

I don't think this would work, habbitat.world would still have users around the globe, as a result it would be queried every time someone refreshes their feed. You may make a case that there shouldn't be such an instance, but keep in mind (a) pretty much every Fediverse platform has a few huge instances, and (b) that would exclude users located in places without a local instance (or local instances with unethical admins/mods).

I believe the existing follow-based federation mechanisms would provide a better solution. Keep in mind that fedizens don't want to see "everything" within their feeds, but a curated list of posts/events based on their choices and/or the choices of people with similar background (same instance).

souperk , 1 month ago

why is signal not an option?

souperk , 2 months ago

IMO it's never about the tool, but who controls it. For example, nuclear energy is a neutral thing on its own, when used to generate power it's (arguably) a net positive, when used for bombing it's a net negative.

The same goes for algorithms, when they are used to save lives at hospitals it's a net positive, when used to harvest people's attention it becomes a net negative.

(For anyone interested, I have MAB algorithms in mind, they can be used to prioritize patients at hospitals, or make recommendations in social media. You can guess which application of the algorithm is more commonly used, well researched, and well funded.)

souperk , 2 months ago (edited 2 months ago)

Again, more complicated.

It doesn't have to be.

Are the algorithms mathematically sound, or just AI/machine learning magic fairy dust?

MAB algorithms lie in middle. They are a mathematically sound way to explore the unknown and make reasonable decisions given whatever context is available.

There have been a few hospital trials with success, but progress is slow and funding is low. There are a few really interesting papers if you are interested to read more.

Do the algorithms have implicit biases against poor people, or those with darker skin or who live in certain postcodes?

In a sense, it's not different than laws that discriminate against people of color or other marginalized communities. The fact that a bunch of super privileged lawmakers create laws that disproportionately harm us, does not mean that the concept of law is flawed.

You got to ask yourself why the algorithm was given that information in the first place, and more importantly who gave it?

What we call algorithm, is actually two things. A set of instructions (the actual algorithm) and a set of parameters. The instructions explain how to use those parameters in order to make a decision. The parameters may or may not be biased, it all depends on the process that is used to generate those parameters.

AI in particular uses a process called training, in which people make decisions, and another algorithm is used to adjust the parameters so those decisions can be genralized and repeated by the AI. When, biased people make biased decisions, they are going to train an AI to make biased decisions.

Unfortunately, that's our reality, biased people make biased decisions, as a result we have biased laws and biased algorithms.

By the way, this is what the author calls algorithm cleanse, and it's bureaucracy supercharged. Why hire someone to reject applicants of color when you can build an algorithm to do that? Making a legal case against that is much harder, and the legal system isn't ready to understand the nuisances of the case.

However, in contrast to the laws, we marginalized people can create our own "algorithms", thay are not biased to our best effort. The fediverse is living proof of this. Why fight the system when we can make our own?

souperk OP , 3 months ago

Great point, I always consider dependencies from a security perspective, but for management/setup sometimes I am like "the devops are going to figure it out"...

To clarify, would an example be supporting sqlite, so people won't have to deploy postgres unless they need to?

My plan is to offer a docker-compose configuration people can tinker with. I had the mindset that whatever happens in the container stays in the container, but your comment made me realize I should be mindful of other installation methods. Thanks 🙏

souperk OP , 3 months ago

twelve factor app

Great resource!

Write database migrations in both directions so people can downgrade on failures.

Good point. Personally, I take backups before upgrades and restore if anything goes wrong. But, I understand how downgrading sometimes is just easier.

I have trouble coming up with a migration procedure that makes sense to me. I have the following in mind:

1. Provide init scripts that produce a schema that matches beginning state of the current major.
2. Provide major to major migration scripts.
3. For every major, provide minor to minor migration scripts.
4. Schema changes require at least a minor release.

Make it possible to configure your system via ENV variables, ENV files and config files.

I am bit worried about this one, environment variables can be a security concern. Specifically, I am not sure if I should allow providing secrets (like db connection strings) through environment variables. I am inclined to let people do what they want to, but issue a warning.

Make it possible to disable authentication to add Authelia or LDAP through the webserver. Make clear that this is only to be used for external authentication.

I am considering adding support for oauth through keycloak. My assumption is that if you are going to host your own LDAP, you can probably configure keycloak too. Do you think that makes sense?

Make it possible to run multiple parallel instances of your software without affecting the database consistency, e.g. for high availability or horizontal scaling.

Ideally, an instance shouldn't be big enough to need it. I know, famous last words, but in my case I think it's a bad problem to have. I am going out of scope, but I am wondering where is the line between discouraging large scale deployments and designing something pre-destined to obscurity.

Telemetry

Not even on my radar, thanks for bringing it into my attention 🙏

souperk OP , 3 months ago

A good place to start is the owasp cheat sheet. They provide up-to-date, high value information about software security, I wish there was a resource like this when I started learning about security.

Even though, I have a decent background in software security, it's hard to decide on an encryption schema that's both safe and easy to use. My goal is to increase the number of components an attacker has to compromise in order to get access to the data.