No Stupid Questions
No such thing. Ask away!
!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.
Credits
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!
view the rest of the comments
Note that because of the way federation works, the domain can be bought by someone else who can then use the connections and links to lemm.ee images and posts to peddle spam and other nonsense. It's not a problem as long as the domain name stays under control of the lemm.ee admins, but if they don't renew their registration then anyone can pretend to be the old lemm.ee server.
Best for lemm.ee users to delete images from their posts and comments now so whoever grabs the domain in a year or so can't use it to inject weird shit into your old posts as easily. Of course they still can create new accounts for all.the old account names and post in your name if they want, but the user private keys should prevent that for individual posts if the other server software is smart enough to validate them.
I didn't know that. That seems to be a very bad decision.
I would have thought there was some sort of private public key involved in instance authentication.
There is, but the protocol is designed that you can't buy a domain for a month, set up a server, and then let it expire, leaving it unable to use ActivityPub for decades after because you posted a few things to Mastodon with popular usernames.
There is public/private key authentication, but the server is queried for its current keys when verifying content. This allows lemmy.ml to forward lemmy.dbzer0.com content to any other server without knowing the private key, because the receiving server will call back to the original server (if they key is not already cached) and use the user's public key to verify the message.
Once the domain expires and a new person buys the domain, that new person is in charge of what keys a domain lists or not. That, combined with the fact blind key rollover is permitted, leaves it up to programmers of individual servers to decide if they accept the new keys or not (the spec says they should).
While they could put up weird images, they can't change posts without everyones private keys.
I don't see why not. Based on the spec, a server submits a request signed by a keyId which the receiving server caches or obtains, but the new server is also queried for the keys belonging to the actor. You cannot reuse the old key IDs (probably) because it'll stay in the cache, but you can just add new keys of your own.
Step 10 of the key verification algorithm explicitly instruct the server to ignore the old key and fetch a new one, in case the other server has done a blind key rotation.
In other words, the ActivityPub spec only verifies that an account was the source of a message at the time a server submitted or forwarded an event. It does not validate that an
Updatewith new text contents belongs to the same server that onceCreated the object.Of course, I expect ActivitiyPub software to (mis)implement this spec in different ways. Some software will be protected against domain hijacking, others will leave domains once registered completely useless in the future for common actor names in ActivityPub.
I was misremembering something here, mastodon always keeps old keys iirc, but lemmy caches them temporarily iirc.