litchralee

If I understand the Encryption Markdown page, it appears the public/private key are primarily to protect the data at-rest? But then both keys are stored on the server, although protected by the passphrase for the keys.

So if the protection boils down to the passphrase, what is the point of having the user upload their own keypair? Are the notes ever exported from the instance while still being encrypted by the user's keypair?

Also, why PGP? PGP may be readily available, but it's definitely not an example of user-friendliness, as exemplified by its lack of broad acceptance by non-tech users or non-government users.

And then, why RSA? Or are other key algorithms supported as well, like ed25519?

Directly answering the question: no, not every country has such a consolidated library that enumerates all the laws of that country. And for reasons, I suspect no such library could ever exist in any real-life country.

I do like this question, and it warrants further discussion about laws (and rules, and norms), how they're enacted and enforced, and how different jurisdictions apply the procedural machine that is their body of law.

To start, I will be writing from a California/USA perspective, with side-quests into general Anglo-American concepts. That said, the continental European system of civil law also provides good contrast for how similar yet different the "law" can be. Going further abroad will yield even more distinctions, but I only have so much space in a Lemmy comment.

The first question to examine is: what is the point of having laws? Some valid (and often overlapping) answers:

• Laws describe what is/isn't acceptable to a society, reflecting its moral ideals
• Laws incentivize or punish certain activities, in pursuit of public policy
• Laws set the terms for how individuals interact with each other, whether in trade or in personal life
• Laws establish a procedure machine, so that by turning the crank, the same answer will output consistently

From these various intentions, we might be inclined to think that "the law" should be some sort of all-encompassing tome that necessarily specifies all aspects of human life, not unlike an ISO standard. But that is only one possible way to meet the goals of "the law". If instead, we had a book of "principles" and those principles were the law, then applying those principles to scenarios would yield similar result. That said, exactly how a principle like "do no harm" is applied to "whether pineapple belongs on pizza" is not as clear-cut as one might want "the law" to be. Indeed, it is precisely the intersection of all these objectives for "the law" that makes it so complicated. And that's even before we look at unwritten laws.

The next question would be: are all laws written down? In the 21st Century, in most jurisdictions, the grand majority of new laws are recorded as written statutes. But just because it's written down doesn't mean it's very specific. This is the same issue from earlier with having "principles" as law: what exactly does the USA Constitution's First Amendment mean by "respecting an establishment of religion", to use an example. But by not micromanaging every single detail of daily life, a document that starts with principles and is then refined by statute law, that's going to be a lot more flexible over the centuries. For better/worse, the USA Constitution encodes mostly principles and some hard rules, but otherwise leaves a lot of details left for Congress to fill in.

Flexibility is sometimes a benefit for a system of law, although it also opens the door for abuse. For example, I recall a case from the UK many years ago, where crown prosecutors in London had a tough time finding which laws could be used to prosecute a cyclist that injured a pedestrian. As it turned out, because of the way that vehicular laws were passed in the 20th Century, all the laws on "road injuries" basically required the use of an automobile, and so that meant there was a hole in the law, when it came to charging bicyclists. They ended up charging the cyclist with the criminal offense of "furious driving", which dated back to an 1860s statute, which criminalized operating on the public road with "fury" (aka intense anger).

One could say that the law was abused, because such an old statute shouldn't be used to apply to modern-day circumstances. That said, the bicycle was invented in the 1820s or 1830s. But one could also say that having a catch-all law is important to make sure the law doesn't have any holes.

Returning to American law, it's important to note that when there is non-specific law, it is up to the legislative body to fill those gaps. But for the same flexibility reasons, Congress or the state or tribal legislatures might want to confer some flexibility on how certain laws are applied. They can imbue "discretion" upon an agency (eg USA Department of Commerce) or to a court (eg Superior Court of California). At other times, they write the law so that "good judgement" must be exercised.

As those terms are used, discretion more-or-less means having a free choice, where either is acceptable but try to keep within reasonable guidelines. Whereas "good judgement" means the guidelines are enforced and there's much less wiggle-room for arbitraryness. And confusingly so, sometimes there's both a component of discretion and judgment, which usually means Congress really didn't know what else to write.

Some examples: a District Attorney anywhere in California has discretion when it comes to filing criminal charges. They could outright choose to not prosecute person A for bank robbery, but proceed with prosecuting person B for bank robbery, even though they were working together on the same robbery. As an elected official, the DA is supposed to weigh the prospects of actually obtaining a guilty verdict, as well as whether such prosecution would be beneficial to the public or a good use of the DA office's limited time and budget. Is it a bad look when a DA prosecutes one person but not another? Yes. Are there any guardrails? Yes: a DA cannot abuse their discretion by considering disallowed factors, such as a person's race or other immutable characteristics. But otherwise, the DA has broad discretion, and ultimately it's the voters that hold the DA to account.

Another example: the USA Environmental Protection Agency's Administrator is authorized by the federal Clean Air Act to grant a waiver of the supremacy of federal automobile emissions laws, to the state of California. That is to say, federal law on automobile emissions is normally the law of the land and no US State is allowed to write their own laws on automobile emissions. However, because of the smog crisis in the 70/80s, the feds considered that California was a special basket-case and thus needed their own specific laws that were more stringent than federal emissions laws. Thus, California would need to seek a waiver from the EPA to write these more stringent laws, because the blanket rule was "no state can write such laws". The federal Clean Air Act explicitly says only California can have this waiver, and it must be renewed regularly by the EPA, and that California cannot dip below the federal standards. The final requirement is that the EPA Administrator shall issue the waiver if California requests it, and if they qualify for it.

This means the EPA Administrator does not have discretion, but rather is exercising good judgement: does California's waiver application satisfy the requirements outlined in the Clean Air Act? If so, the Administrator must issue the waiver. There is no allowance of an "i don't wanna" reason for non-issuance of the waiver. The Administrator could only refuse if they show that California is somehow trying to do an end-run around the EPA, such as by trying to reduce the standards.

The third question is: do laws encompass all aspects of everything?. No, laws are only what is legally enforced. There are also rules/by-laws and norms. A rule or by-law is often something enforced by something outside the legal system's purview. For example, the penalty for violating a by-law of the homeowner's association might be a revocation of access to the common spaces. For a DnD group, the ultimate penalty for violating a rule might be expulsion.

Meanwhile, there are norms which are things that people generally agree on, but felt were so commonplace that breaking the norm would make everything else nonfunctional. For example, there's a norm that one does not use all-caps lock when writing an online comment, except to represent emphasis or yelling. One could violate that norm with no real repercussions, but everyone else would dislike you for it, they might not want to engage further with you, they might not give you any benefit of the doubt, they may make adverse inferences about you IRL, or other things.

TL;DR: there are unwritten principles that form part of the law, and there's no way to record all the different non-law rules and social norms that might apply to any particular situation.

Please explain what you mean by "rotate". The thermostat is physically turning in-place, as though a wall clock?

For a single password, it is indeed illogical to distribute it to others, in order to prevent it from being stolen and misused.

That said, the concept of distributing authority amongst others is quite sound. Instead of each owner having the whole secret, they only have a portion of it, and a majority of owners need to agree in order to combine their parts and use the secret. Rather than passwords, it's typically used for cryptographically signing off on something's authenticity (eg software updates), where it's known as threshold signatures:

Imagine for a moment, instead of having 1 secret key, you have 7 secret keys, of which 4 are required to cooperate in the FROST protocol to produce a signature for a given message. You can replace these numbers with some integer t (instead of 4) out of n (instead of 7).

This signature is valid for a single public key.

If fewer than t participants are dishonest, the entire protocol is secure.

Related to moderation are the notions of procedural fairness, including 1) the idea that rules should be applied to all users equally, that 2) rules should not favor certain users or content, and 3) that there exists a process to seek redress, to list a few examples. These are laudable goals, but I posit that these can never be 100% realized on an online platform, not for small-scale Lemmy instances nor for the largest of social media platforms.

The first idea is demonstrably incompatible with the requisite avoidance of becoming a Nazi bar. Nazis and adjoining quislings cannot be accommodated, unless the desire is to become the next Gab. Rejecting Nazis necessarily treats them different than other users, but it keeps the platform alive and healthy.

The second idea isn't compatible with why most people set up instances or join a social media platform. Fediverse instances exist either as an extension of a single person (self-hosting for just themselves) or to promote some subset of communities (eg a Minnesota-specific instance). Meanwhile, large platforms like Meta exist to make money from ads. Naturally, they favor anything that gets more clicks (eg click bait) than adorable cat videos that make zero revenue.

The third idea would be feasible, except that it is a massive attack vector: unlike an in-person complaints desk, even the largest companies cannot staff -- if they even wanted to -- enough customer service personnel to deal with a 24/7 barrage of malicious, auto-generated campaigns that flood them with invalid complaints. Whereas such a denial-of-service attack against a real-life complaints desk would be relatively easy to manage.

So once again, social media platforms -- and each Fediverse instance is its own small platform -- have to make some choices based on practicalities, their values, and their objectives. Anyone who says it should be easy has not looked into it enough.

Reddit has global scope, and so their moderation decisions are necessarily geared towards trying to be legally and morally acceptable in as many places as possible. Here is Mike Masnick on exactly what challenges any new social media platform faces, and even some which Lemmy et al may have to face in due course: https://www.techdirt.com/2022/11/02/hey-elon-let-me-help-you-speed-run-the-content-moderation-learning-curve/ . Note: Masnick is on the board of BlueSky, since it was his paper on Protocols, Not Platforms that inspired BlueSky. But compared to the Fediverse, BlueSky has not achieved the same level of decentralization yet, having valued scale. Every social media network chooses their tradeoffs; it's part of the bargain.

The good news is that the Fediverse avoids any of the problems related to trying to please advertisers. The bad news is that users still do not voluntarily go to "the Nazi bar" if they have any other equivalent option. Masnick has also written about that when dealing at scale. All Fediverse instances must still work to avoid inadvertently becoming the Nazi bar.

But being small and avoiding scaling issues is not all roses for the Fediverse. Not scaling means fewer resources and fewer people to do moderation. Today, most instances range from individual passion projects to small collectives. The mods and admins are typically volunteers, not salaried staff. A few instances have companies backing them, but that doesn't mean they'd commit resources as though it were crucial to business success. Thus, the challenge is to deliver the best value to users on a slim budget.

Ideally, users will behave themselves on most days, but moderation is precisely required on the days they're not behaving.

Used for AI, I agree that a faraway, loud, energy-hungry data center comes with a huge host of negatives for the locals, to the point that I'm not sure why they keep getting building approval.

But my point is that in an eventual post-bubble puncture world where AI has its market correction, there will be at least some salvage value in a building that already has power and data connections. A loud, energy-hungry data center can be tamed to be quiet and energy-sipping based on what's hardware it's filled in. Remove the GPUs and add some plain servers and that's a run-of-the-mill data center, the likes of which have been neighbors to urbanites for decades.

I suppose I'd rehash my opinion as such: building new data centers can be wasteful, but I think changing out the workload can do a lot to reduce the impacts (aka harm reduction), making it less like reopening a landfill, and more like rededicating a warehouse. If the building is already standing, there's no point in tearing it down without cause. Worst case, it becomes climate-controlled paper document storage, which is the least impactful use-case I can imagine.

Racks/cabinets, fiber optic cables, PDUs, CAT6 (OOBM network), top-of-rack switches, aggregation switches, core switches, core routers, external multi-homed ISP/transit connectivity, megawatt three-phase power feeds from the electric utility, internal power distribution and step-down transformers, physical security and alarm systems, badge access, high-strength raised floor, plenum spaces for hot/cold aisles, massive chiller units.

Absolutely, yes. I didn't want to elongate my comment further, but one odd benefit of the Dot Com bubble collapsing was all of the dark fibre optic cable laid in the ground. Those would later be lit up, to provide additional bandwidth or private circuits, and some even became fibre to the home, since some municipalities ended up owning the fibre network.

In a strange twist, the company that produced a lot of this fibre optic cable and went bankrupt during the bubble pop -- Corning Glass -- would later become instrumental in another boom, because their glass expertise meant they knew how to produce durable smartphone screens. They are the maker of Gorilla Glass.

I'm not going to come running to the defense of private equity (PE) firms, but compared to so-called AI companies, the PE firms are at least building tangible things that have an ostensible alternative use. A physical data center building -- even one located far away from the typical metropolitan area that have better connectivity to the world's fibre networks -- will still be an asset with some utility, when/if the AI bubble pops.

In that scenario, the PE firm would certainly take a haircut on their investment, but they'd still get something because an already-built data center will sell for some non-zero price, with possible buyers being the conventional, non-AI companies that just happen to need some cheap rack space. Looking at the AI companies though, what assets do they have which carry some intrinsic value?

It is often said that during the California Gold Rush, the richest people were not those which staked out the best gold mining sites, but those who sold pickaxes to miners. At least until gold fever gave way to sober realization that it was overhyped. So too would PE firms pivot to whatever comes next, selling their remaining interest from the prior hype cycle and moving to the next.

I've opined before that because no one knows when the bubble will burst, it is simultaneously financially dangerous to: 1) invest into that market segment, but also 2) to exit from that market segment. And so if a PE firm has already bet most of the farm, then they might just have to follow through with it and pray for the best.

I presume we're talking about superconductors; I don't know what a supra (?) conductor would be.

There are two questions here: 1) how much superconducting materials are required for today's state-of-the-art quantum computers , and 2) how quantum computers would be commercialized. The first deals in material science and whether more-capable superconductors can be developed at scale, ideally for room-temperature and thus wouldn't require liquid helium. Even a plentiful superconductor that merely requires merely liquid nitrogen would he a bit improvement.

But the second question is probably the limiting factor, because although quantum computers are billed as the next iteration of computing, the fact of the matter is that "classical" computers will still be able to do most workloads faster than quantum computers, today and well into the future.

The reality is that quantum computers excel at only a specific subset of computational tasks, which classically might require mass parallelism. For example, breaking encryption algorithms is one such task, but even applying Shoe's Algorithm optimally, the speed-up is a square-root factor. That is to say, if a cryptographic algorithm would need 2^128 operations to brute-force on a classical computer, then an optimal quantum computer would only need 2^64 quantum operation. If quantum computers achieve the equivalent performance of today's classical computers, then 2^64 is achievable, so that cryptographic algorithm is broken.

If. And it's kinda easy to see how to avoid this problem: use "bigger" cryptographic algorithms. So what would quantum computers be commercialized for? Quite frankly, I have no idea: until such commonly-available quantum computers are available, and there is a workload which classical computers cannot reasonably do, then there won't be a market for quantum computers.

If I had to guess, I imagine that graph theorists will like quantum computers, because graphs can increase in complexity really fast on classical machines, but is more tame on quantum computers. But the only commercial applications from that would be for social media (eg Facebook hires a lot of graph theorists) and surveillance (finding correlations in masses of data). Uh, those are not wide markets, although they would have deep pockets to pay for experimental quantum computers.

So uh, not much that would benefit the average person.

Weather station, terrestrial/satellite TV DVR (TVHeadend), Git repository (Forgejo for a nice web UI, cgit for a classic UI), DNS resolver.