It’s actually quite awesome. They’re using one of the leaked password databases to see if you’re using one that has been used before. 1Password now anonymously checks passwords against this database. I hope more websites use this method.
Here’s a big list of leaked passwords: https://haveibeenpwned.com/Passwords
(FYI - they’re using a method that checks the hash of your password against the list’s hashes. That way your actual password is never sent to any third party and could never be reversed.)
> they’re using a method that checks the hash of your password against the list’s hashes.
It's even safer than that. You send the first 5 characters of the hashed password and the API responds with a list of hashes, then you check if the full hash is included in that list. This way the full hash is never sent to the API and there is barely any^^[1] chance of it being reversed. Though tildes actually uses a local list^^[2] therefore there is no chance of this.
[1]: if only one hash is returned, the owner of the API could reverse that hash.
[2]: https://www.reddit.com/r/tildes/comments/8m0yi2/but_why_password_rules/dzjwpfs/
The code on GitLab is identical to what's running in production, there's nothing hidden or different at all.
So yes, if you set it up, it would be invite-only, exactly as the site is. It should be pretty straightforward to disable that part of the code if you want to.
You'll probably need to do a bit of work to set it up on an actual server (and I honestly probably wouldn't recommend it unless you're pretty familiar with sysadmin-ish tasks), this info should help: https://tildes.net/~tildes/beq/hosting_my_own_tildes#comment-2u9k
Overall, it hasn't been set up very well for people to host their own versions yet, so there are probably quite a few things that are specific to Tildes that might be a little annoying to change (for example, there's no way to just change the site name in a single place or anything). Most of it's probably not bad though, you just might have to change some things if you notice it's still mentioning Tildes or referencing tildes.net.
3 characters is the minimum length it seems. Just trying to browse to a single letter username gives an error: https://tildes.net/user/a
Given that, assuming we want the exhaustive list, theres 26 letters in the alphabet, so 17,576 possible three letter usernames. Assuming we only care about dictionary words (I'm using the US english dictionary on my OS), I get 1276 real word usernames.
Highly doubt we're anywhere near either of those counts being used
You should really, really start using a password manager instead. That way you can have unique and very secure passwords for each page you register for, and just have to remember one. I prefer this one, because it works great, is easy to use, and is free/open source software: https://bitwarden.com/
To the first point, the current plan appears to have it be mainly automated, but still give administrators some control over it so it does not become a mess. Though nothing has been said about it, I would not be surprised if moderators/heavy users of ~music had influence over witch subgroups were created.
When something is posted to a group that should be posted to a subgroup, it will presumably be removed with a message saying go post it in ~music.rap.kanye.
As far as redundancy goes, ~s discourages crossposts for this reason. If it is a good enough post about kanye's music, it will bubble up naturally so crossposting is unnecessary.
I really liked the way slashdot mod and metamod points worked. Every day, some random users would be given a few points to mod up or down posts (which went from -1 to 5). Some other random users would be given metamod points to rate how well the modpoints users did. It worked pretty well before the mass exodus.
I’d love to see this in tildes.
https://slashdot.org/moderation.shtml https://slashdot.org/faq/karma.shtml
If ~ gets extremely active posters like reddit (i.e. gallowboob), it might be hard to find a jury that has not interacted with them or received a bias secondhand (though I rarely visit the defaults here on reddit, I still see people ranting about gallowboob occasionally, so for someone who doesn't visit the defaults, their only impression of them might be a bad one).
Plus, ~ is meant to foster discussions. Taking 10 minutes might only be enough to identify low-effort trolls. People who consistently argue in bad faith and write walls of text are much harder to identify.
Edit: slightly related, it seems the first ban for a troll has been handed out.
I think this is a big point in the difference of intent. In what I assume is the same thread, I announced myself a transphobe and asked a trans man, in full sincerity, to change my mind. We had a great discussion.
The obvious difference here is that I'm not an asshole.
> Classic Reddit code could be forked then right? Not saying it would be a better choice, just curious people's design and thought process. Now I really wonder if the original CL code is out there.
Yes, https://saidit.net is a fork of the old reddit code.
Hm, this is unfortunate. I mean I've got a fairly new account but that's because I'm trying to be more privacy-conscious which means, like you said, scrubbing & deleting accounts. I understand though, and actually appreciate it (it shows you care, I think?)
what kind of tools are you missing on site?
ot: i don't know if it's up to you, but have you considered making a mastodon account for ~? i see a twitter link but i think mastodon (or pleroma) has a way better alignment with ~'s values as far as i can tell. also i might just be pleading for that because i've got a mastodon account but not twitter. (lastly, if this is being considered, might i suggest the mastodon.technology instance; it has a few official accounts on there already & might make it easier to settle)
I believe that there are different threads for different purposes. There are threads for discussion, there are threads for support, there are threads for celebration, et cetera.
I think there will be plenty of other threads discussing Trump's politics, and there is no harm in allowing supporters to have one thread for celebration. I think about it kind of like this would you go into a thread celebrating the Astros winning the world series and say: "Thats great and all, but I really think the Dodgers should have won." There is a different place for that.
Hello!
I'd rather not associate my real life identity with this Reddit account, but I'm a pretty heavy HN and Lobste.rs user. If you want those usernames to prove I'm not a spammer, I'd be happy to send that to you in a PM :)
Thanks!
Here's the comment if anyone actually dares to tackle the bug. Note that this is in mobile and portrait mode only.
If you don't like the recurring topics and don't want to see them, you don't need to ignore all of them individually. You can just filter out the recurring topic tag in your topic filter if you don't want to see the recurring topics.
Someday. Right now that's very, very low on the priority list for many reasons. There are other more important things it needs first.
You can if I understand correctly. I would like to contribute to the project as a whole in operations, to help wider adoption, rather than my own personal journal without any of my friends or colleagues that don’t use scuttlebutt. Scuttlebutt seems like a great project and it needs help in adoption. I’ll try to setup my own journal this evening to see how it works out.