• sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    rooms are decentralized

    Are they? Or are they federated? I was under the impression that it worked like the rest of Matrix, which operates on ActivityPub, which is a federated network.

    I know encryption is run locally, but do the posts also only exist among users’ devices? Or is storage centralized/federated?

    When I say decentralized, I mean something like BitTorrent, not Lemmy, Matrix, or Mastodon where there are admins managing instances where data is copied.

    As part of the community configuration you have a list of mods

    Sure, and what happens if one of those mods’ accounts gets hacked? Can these attackers add a bunch of other mods to “take over” the community? Can they remove existing mods?

    what if the instance admins suck?

    Then use another instance. The admin changing significantly isn’t all that likely since they have a financial stake in keeping the instance running to their satisfaction. It costs money to run an instance, it doesn’t cost money to mod a community.

    then people will leave and find alternatives

    Sure, and that exists with lemmy as well. But one nice feature lemmy has is namespacing, where you can have multiple similar communities with the same name on different instances, and they can serve as fallbacks to others. Names matter, and they matter a lot more than I think they should, but they do matter.

    If !rust@programming.dev sucks, I can move to !rust@lemmy.ml or !rust@lemmy.world or whatever. On Reddit, if /r/rust sucks, I’d move to /r/rust_programming, /r/rust_official, or /r/rust_dev or something (not sure if any of those exist), and it’s not exactly clear which I should pick, and new users will likely still flock to /r/rust and blame the Rust community for the online community with an official-sounding name sucking.

    There’s no easy solution here, but I think namespacing does help, as does having the option of appealing to an admin if a high level mod account is compromised or something.

    I think the solution has something to do with users voting and being able to override mod actions, but I’m not sure how to structure that in a way that’s unlikely to get manipulated. Perhaps requiring new mods to be approved by a majority of existing mods is an acceptable solution, which should reduce the risk of a hostile takeover. But I’m not a security expert, so I’m not sure what I may be missing.

    Regardless, I’m going to work on this decentralized lemmy idea as a hobby at least as long as it holds my interest. I sincerely hope someone beats me to it.

    • kevincox
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      the rest of Matrix, which operates on ActivityPub

      Matrix does not use ActivityPub, it has its own protocol.

      Sure, and what happens if one of those mods’ accounts gets hacked? Can these attackers add a bunch of other mods to “take over” the community?

      Yes. Or it depends on permissions. There have been some ideas for voting-based controls over things like adding and removing mods.

      The thing is that you can extend this to what if the instance admin account gets hacked? It seem better to have one point of failure (the mods) rather than two (mods + admins).

      what if the instance admins suck?

      Then use another instance.

      You can’t do this if the community is tied to one instance. This is my point, right now you need to trust the instance admins, and sort of the mods. I think it would be better to just have mods. This means that there is a clearly defined source of control over the room rather than two levels.

      Names matter, and they matter a lot more than I think they should, but they do matter.

      You can still have names like this. The way Matrix does it is actually pretty clever. There is an internal ID for a room which should be mostly invisible to the user. But there are also local aliases. So for example you can have #rust:matrix.org. But if the matrix.org admins decide that that room is not a good target they can update the alias to a different room. These names are controlled by the instances but the room itself is not. I think overall this is a good strategy, trying to have one centralized directory is a recipe for fighting, disagreement and bad results. Pushing the directory responsibilities away from the core protocol makes a lot of sense to me.

      I don’t think it is a perfect system but it works fairly well. Plus at the end of the day most users are going to come from whatever rust-lang.org points to. Or what they find in their search engine.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Matrix does not use ActivityPub, it has its own protocol.

        Ah, I was misinformed. I’ll have to read up more on it, because some less-than-authoritative sites claim that it is decentralized (as in, no main/client relationship like lemmy, but instead equal peers), but I’ll want to verify that. Matrix claims to be decentralized, but I’ve seen a lot of misunderstanding on what “decentralized” actually means.

        If you have any good, approachable resources, I’m interested.

        what if the instance admin account gets hacked?

        The admin would probably just reset the instance from a backup. Or access the DB directly to fix things.

        A mod doesn’t have that control, they only get the permissions granted to them.

        You can’t do this if the community is tied to one instance

        Right, which is why the Reddit model sucks. But with Lemmy, you can have multiple communities with the same name covering the same content. An enterprising user could even automatically cross-post everything between the communities with a bot, so it could very much operate as a “hot spare.” I personally don’t even know where most of the communities I engage with are hosted, nor do I particularly care because admins tend to only get involved when asked.

        So for example you can have #rust:matrix.org. But if the matrix.org admins decide that that room is not a good target they can update the alias to a different room

        I definitely need to read up more on Matrix then. It seems I made a lot of assumptions that just don’t hold.

        most users are going to come from whatever rust-lang.org points to. Or what they find in their search engine.

        Unfortunately, most projects don’t include all popular communities. Unless I missed it, rust-lang.org only mentions their own forums, Discord, and Zulip, yet /r/rust has a very significant number users engaging, and that’s where I primarily engage as well, so I wouldn’t be surprised if many users just assume /r/rust is an official channel (it’s not).

        So are most users using the Rust forums and those two chat systems? The Rust forums claim ~10k users, whereas /r/rust has ~250k subscribed users when I checked today.

        If I search “Rust lemmy,” I get !rust@lemmy.ml, and this instance doesn’t show up at all in the first 2 pages of DuckDuckGo or Google results. It might get there eventually, but it’s a problem any non-centralized platform is going to have, especially if there isn’t a common word used in domain names. So if something non-centralized is going to have a shot at all, it needs to be blessed by the project, and even that may not be enough.

        I’d like to see truly decentralized platforms work, but I’m just not confident that we’ve really ironed out enough of the issues to really be successful. But I’m going to try anyway.

        • kevincox
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          claim that it is decentralized

          Yeah, the truth is a bit more complicated.

          1. Some objects not not decentralized. For example users are only federated. (there are some ideas brewing to improve this but right now they are not).
          2. It is decentralized between “homeservers” (sort of like instances) not end users. But this is really just an optimization and good for privacy. They do have prototypes of running a homeserver on your phone along with the client. So most clients only talk to their homeserver. But your instance works with federated and decentralized objects (depending on the type of object).

          But I think the key thing here is that rooms are decentralized and can survive sever losses. If I create a room on matrix.org and matrix.org disappears it can still be fully used by other servers. (As long as at least one other server was participating when matrix.org went offline, much like you need 1 seeder to keep a torrent alive.) Of course if all admins were accounts on matrix.org then the room will no longer have any admins, so it may be crippled, but if there were admins on multiple servers then the room can effectively live forever and survive any number of homeserver losses.

          This is very different from federated protocols like ActivityPub as you can probably tell where the death of an instance will kill any communities on it.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            And that’s certainly something I’m worried about. If the admin of programming-dev gets tired of running the instance, it could just disappear.

            And I’m happy with using servers as an optimization, but IMO it should always allow users to host at least a portion of it themselves without a server. As in, everybody becomes a seeder. That way, if an instance gets hammered with a DDOS or something, the network can still survive by routing around it.