JulianRota
1yr ago
That's true. None of the harassment against us has reached that level yet, but there's no way to tell what the future will bring here. It's definitely a good step to be technologically independent from Reddit. Hopefully no more will be needed, but if it is, we're as prepared as we can reasonably be to try.
JulianRota
1yr ago
So they must have known what kind of firepower prog twitter would be able to bring to the battle and must have factored that into their initial decision not to budge. What changed? What kind of pressure did they apply they didn't apply the last time around?
That's the interesting question here and what's still unclear. It seems likely that the real force is some combination of big customers, investors, and silicon valley insiders that they're afraid to defy.
JulianRota
1yr ago
Roughly the same for me. I was /u/MetroTrumper on Reddit. I like Trump, but I don't find it particularly interesting to participate in the "24/7 Trump rally" culture of those subs, posting low-effort comment memes constantly. So it became more of an account for posting about politics in ways that might be controversial. It felt somewhat less thrilled with the name, and might have switched over to a new Reddit account if we weren't switching to a whole new site.
JulianRota
1yr ago
Eh it's probably pretty safe. There's no actual version specified (lol python), so everything gets the latest version of all dependencies on every image build. Most open source packages are pretty safe, most of the ones that do have issues aren't remotely exploitable, and mostly actual remotely exploitable vulnerabilities that aren't widely known and immediately fixed are only known to a few well-financed organizations that have much bigger fish to fry than our little site.
Also it's a public forum, everyone's post history is already public. Even if it did get hacked, there's not much to get except IPs, emails, and password hashes. IPs aren't very easy to resolve to people, email address might be mildly embarrassing if you used your real name or something easily connected to you, so probably best not to do that (it's optional anyways), and passwords are hashed well, not much real risk unless you used a very easily guessed password connected to accounts on other sites with the same email.
I'm sure people have been trying to attack rdrama for a while too. The fact that they haven't been hacked yet is a good sign. Yeah some of the past coding practices aren't the best, but all of us who have participated in the dev work have looked over it and not seen any security issues.
JulianRota
1yr ago
FWIW, I tend to be a bit skeptical of certain types of things coming from the security community. They do have a tendency to overstate the severity and applicability of issues due to the benefits of publicity in that community.
Ex - the browser environment is riddled with RCEs because the attack surface is massively huge - they are expected to let any site on the net run arbitrary JS code with a ton of flexibility on their user's systems, and to use as much of the overall power of those systems as possible, but not let that code behave beyond certain limits. I sympathize with the people trying to keep that secure. But it doesn't have a lot in common with most other environments.
The web server environment has a much more limited attack surface. For the most part, apart from supply chain attacks, you can only really attack it by sending HTTP requests to it. That doesn't make them invulnerable, but it does mean that the great majority of vulnerabilities follow a few specific patterns that are straightforward to avoid. None of us who have worked with the code here have found any of those in the codebase yet.
I don't think I'd quite bet that there's no vulnerabilities at all. But it seems unlikely enough that there's anything serious that I'm not actively worrying about it. Especially combined with our relatively small size, general lack of going out of our way to piss people off, and lack of really juicy things to be gained from compromising the site.
JulianRota
1yr ago
Note that Reddit itself doesn't handle 2k+ comment posts all that well. Sure, it never stops loading the comments page at all or crashes the site. But it's often basically impossible to see more top-level comments once you load the first 200 it lets you. It usually lets you load more at the top level once, but I've never seen it work more than once. Other options like using depth=1 seemed to be broken 3/4 of the time, with no clue when it would work and when it wouldn't.
Another reason to be eager to get off Reddit was so that the behavior of large comment count threads is at least consistent and fixable instead of constantly broken in unpredictable ways.
JulianRota
1yr ago
Have you read any Tom Clancy? Cardinal of the Kremlin is a good one along those lines.
JulianRota
1yr ago
I'm reminded of the thing with the NYT hit piece on Scott. Our self-proclaimed Paper Of Record writing a lazy sloppy hit piece on a small-time blogger because he objected to their plan to doxx him strongly enough to sting just a little bit.
Okay I get the motivation, but man, if there has ever in the entire history of the world been a time to take the high road, this would be it.
JulianRota
1yr ago
In that case, The Americans is worth checking out. It's a multi-season series about deep cover KGB spies operating in 80s America. More accurate than most regarding missions and tactics, though a bit over the top on violence. It also depicts a mission substantially more elaborate and effective than any real KGB operation actually was. Good entertainment IMO though.
JulianRota
1yr ago
Already merged https://github.com/themotte/rDrama/pull/252
JulianRota
1yr ago
As I understand it, 50 Stalins is actually an argument that we don't live in as free of a country as we think. Analogy is, in Stalin's Soviet Union, you were free to state that we really need 50 Stalins, but not that Stalin was a big stupid jerk. Similarly, in many Western countries that supposedly have free speech, you are free to state any opinion that aligns with the Progressive movement, but any speech against it may have negative consequences.
JulianRota
1yr ago
One of the things that repeatedly bothers me along these lines is, what the heck is actually going to happen with Global Warming?
It's become a Blue Tribe value to declare that it's definitely happening, is entirely our fault, will be catastrophically bad, and the only way to fix it is things Blue Tribe likes (solar and wind power) which (IMO) probably won't work.
Meanwhile, the Red Tribe value becomes the opposite - it's definitely not happening and/or not our fault, if anything happens we can fix it with more tech, there's nothing to worry about, Blue Team just wants to crush and take over the economy for their own reasons.
If there actually is a problem, it's become basically impossible to solve due to the mentioned politicization of science and every possible solution falling along tribal lines. So I hope it's not really a big deal, because we're probably screwed if it is.
JulianRota
1yr ago
I don't really know, and that's my point. It's hard to know what information about what could happen to trust and how much. What I'm saying is that I have a feeling that we're basically screwed, and whatever is going to happen will just happen. I hope it isn't too bad.
JulianRota
1yr ago
Personally, I've pretty much always thought this, that most critics opinions about movies and other media bear little resemblance to how much I'll enjoy it. I don't think it's just me being contrarian because I don't really pay enough attention to reviews to even know what the "mainstream" thinks of it. I think that everybody has different interests for things they like to get out of a movie, so there isn't much value in a critic just saying this thing is good or bad. It's more useful when somebody says things like, this movie has a lot of cool fights and explosions with a weak plot, that one has a sweet love story, the other one has a complex and dramatic storyline, and the next one is filled with lowbrow humor.
I do wonder to what extent people who say they go along with critics are just going along to be agreeable and fit in with the "mainstream".
I also think there's a thing going on where there's some kind of cost disease thing going on in all media types, so mainstream studios for them tend to gravitate more highly towards things that they are very confident will be universally enjoyed around the world and be less willing to try something new or offbeat.
JulianRota
1yr ago
I broadly agree with Kulak's take here. Putin isn't great yeah, but the leadership of Ukraine isn't exactly Jeffersonian classical liberals either. It's a standard regional power struggle that America has no real interests in.
If the Ukrainian people desire independence enough to really fight for it, they're welcome to it. If not, whatever, not my problem. I'm fine with selling them a bunch of weapons, but giving them huge amounts of money or direct intervention ought to be off the table IMO.
JulianRota
1yr ago
I kind of agree with this, though I'd phrase it more as being moderately irritating to them rather than bleeding them dry. I did say I'd like to sell Ukraine lots of weapons - both because it makes them a bigger thorn in Russia's side and because it gives us information about how well our weapons actually perform against Russian weapon systems in the hands of the proper Russian army.
JulianRota
1yr ago
Universal conscription is pretty common in small countries with bigger and more powerful neighbors. Finland, Israel, South Korea for examples that would generally be considered free countries. Russia too as it happens, though they have apparently loosened up on their terms of conscription.
JulianRota
1yr ago
I don't see "clearly good versus evil" at all. From the other perspective, Ukraine is a rebellious breakaway province of Russia. In American history, the Confederacy dearly wanted to be independent at one time - was it unambiguously evil to fight a war to stop them? (granted the slavery thing muddies the waters considerably, but still). There have been lots of wars all around the world to subdue would-be breakaway provinces of greater powers. What business of mine is it whether Ukraine deserves independence or is an uppity breakaway province when I've never set foot within a thousand miles of the place?
A Russian would say they're on the side of good because they need the buffer space to defend against the next Western invasion, which has in fact happened twice in the last 250 years and been horrifical lethal to the Russian people both times. Do you expect them to believe us when we say we totally have no intention of ever doing that again, while NATO keeps gobbling up countries closer and closer to their border?
JulianRota
1yr ago
This probably deserves its own thread to explore properly, since it's a tricky question. Technically it's true that it could be seen as a form of slavery. But on the other hand, if you aspire to live in a country with any political freedoms, don't you basically have to take some level of responsibility for physically defending it from hostile aggressors who would crush that freedom? Feels pretty abstract in a country like America, but not so much in places like the above where powerful and far more numerous adversaries are only a short distance away, could invade at any moment and crush any illusion of liberty you might have had.
JulianRota
1yr ago
Part of the reason why I disagree with the "good vs evil" framing is that, once you have framed a conflict in that way, there is no way to end it except the total elimination of the side perceived as "evil". If you want to find peace, eventually you have to see the issue from the perspective of both sides and be able to come up with a solution that acknowledges the physical reality and the concerns of both sides. This is basically impossible if you see the other side as evil. One of the characteristics of most conflicts is that, presuming they didn't end with the total elimination of one side, they tend to end when both sides become weary enough of fighting that they're willing to let go of calling the other side evil and see things from their point of view enough to make some concessions.
I'm not sure if you're trying to make it a bad thing, but personally I see it as a good thing that I can independently come up with an argument similar to what a Russian Nationalist war-backer would use. Now, I certainly don't agree with this fellow when he makes the arguments that total destruction of Ukraine is desirable or that nuclear war is preferable to a perceived Russian loss. I don't agree that it means the "end of Russia as a state and nation", but he does have a little bit of a point in being concerned about how "Big Bad Russia" will be seen in the region after an effective loss to Ukraine and what their longer-term future will be after that.
Does it seem reasonable to be concerned about how effective the Russian nuclear arsenal would be after the poor performance of their more sophisticated forces in Ukraine? From a Western perspective, I definitely don't think we should see it as, well they probably won't work right so Russia is no real threat - far too dangerous to be even a little bit wrong. But from a Russian perspective, if you perceived an existential threat from the Western powers and saw your nuclear arms as the sole trump card guaranteeing your security, how safe would you feel?
JulianRota
1yr ago
Well yeah. But if we decide we're going with that solution, then we validate the allegedly paranoid fears of the Russian Nationalists, including the guy that @DaseindustriesLtd quoted above. If that's the plan, then it's their best move to seek to dominate Ukraine and any other neighbors who they view as uppity at any cost as a necessary defensive buffer against our upcoming attempts to totally eliminate them.
JulianRota
1yr ago
I liked it fine. It was pretty clear to me that this is a standard action movie - expect cool jets flying around, a few fights, some explosions, and maybe a half-assed romantic interest. Don't expect detailed character development or a realistic or intricate plot.
JulianRota
1yr ago
I'm meh on topics - the fun of the Culture War thread is that you never know what you'll come across next, could be any of the above! And you're free to bounce around topics on a thread if it makes sense.
Re migration plan, I think we're about as prepared as it's reasonable to be. DB has automatic backups (uhh right?) and hosting is a standard k8s cluster, as offered by many providers and build-able by hand on any host with a bit more work. Naturally any more details will be held close to the chest - if anyone was trying to attack us, a public plan would just give them their next target in advance of actually migrating.
It's probably a bigger help that we don't go out of our way to ridicule or attack people, unlike Drama or the Kiwis.
JulianRota
1yr ago
Too personal to be answered by a group. What I've done is - write a list of everything you think you'll need, pack that stuff, then keep that list somewhere. If you find you're missing something you want on the trip, add it to the list. After a couple of trips, you should have a good list. Then any future trips, go through the list, make sure you have everything on it packed, and you're ready to go, confident that you haven't missed anything.
Let's kick this CW thread off with a discussion of the KiwiFarms attacks. Broad strokes include:
CloudFlare posted just yesterday on how they were turning off KiwiFarms use of their DDOS protection. This was 4 days after their post attempting to explain their "abuse policies" and how they would respond to such things, a casual reading of which would suggest that they would not do this. Their claimed justification for this was "potential criminal acts and imminent threats to human life that were posted to the site". They did not detail exactly what acts and threats were posted and the nature of the site moderator's response.
KiwiFarms is back up at https://kiwifarms.ru/ (note that this is somewhat spotty, they are still actively under attack) (https://archive.ph/2tS7Y should work if their site is not responding at the moment). The site admin has created a post here in which he lists the user and post that he suspects was the trigger for this, the reasons why he thinks the post was suspicious, and the actions the admins took in response, which included banning the user in about half an hour.
To me this looks like a flop on CloudFlare's part. KiwiFarms may or may not be honest in their explanation post, but it's a lot more detail than anyone's posted on the "ban it" side on exactly what were the posts of concern.
More options
Context Copy link