makeasnek

I would be interested in this as a user and as a dev for OSS projects. I currently donate to a few projects via OpenCollective, Github sponsors, etc. A few options:

• Users vote on how the money is spent, perhaps in proportion to how much they have donated over time. I think this is the simplest model that prevents self-dealing and accurately transmits user interest. You could use a quadratic funding model to better represent user interest instead of just giving the most vote weight to the users with the most money. On the other hand, assigning vote weight based on donations over time incentivizes users to donate more and keep donating (stopping a recurring donation could result in loss of vote weight and help redistribute vote weight as users become less active). You could also do a hybrid model: 50% is assigned according to vote weight based on total donations, 50% is assigned based on quadratic funding.
• Developers vote on how the money is spent. I don't know how to allocate vote weight here. Devs should also submit a list of downstream libraries which would receive donations. (or is it upstream?).
• User and developers both vote on how it is spent. Vote weight could be distributed however, for example, 50% to users 50% to devs.

This kind of a system would be very possible to implement as a DAO, there are templates out there for making an organization like this. You could use BTC or ETH, both support DAOs. The benefit there is that since no single entity holds the money, no single entity has to file taxes and claim that money as income. It also automates the voting process and solves the issue of users having to trust a single person or organization to hold and distribute the funds. Making a DAO on Bitcoin lightning could reduce tx fees to less than a penny per donation.

You could also incorporate it as a non-profit depending on your jurisdiction. Many organizations like the Linux foundation have pursued this route, look at what things they have tried and what has worked. Also just a link to leave here for your research, I'm not suggesting you use this, I'm just saying it's relevant interesting thinking in this area: https://blog.obyte.org/kivach-cascading-donations-for-github-repositories-2b175bdbff77

Other relevant links/research for you: https://github.com/Resolvr-io and https://nostrocket.org/About

Also research Gitcoin, they have used quadratic funding to fund a number of OSS web3 projects in a similar manner to what you're proposing. I have participated in a few of their funding rounds as a donor and a recipient. Their interface is a mess but the concept is cool.

If you are going to "be your own bank" you need some very basic computer security skills like:

• Research the reputation of the wallet you are going to use.
• Don't download wallets which aren't open source
• Download wallets from their official dev site, not some third party repo.
• Don't use Facebook search to find a wallet.
• If you are storing significant funds, use a multi-sig wallet.
• If you are not 100% confident in the security of a given wallet or system, send a smaller test transaction first before sending larger amounts

If you can't be trusted to do that, you need to pick a trusted custodian to manage access to your funds (you know, like banks), preferably somebody who can get an insurance company to under-write your no-opsec-having-ass. Unfortunately, in the crypto world, these trusted custodians few and far between and have a terrible track record with exchange collapses etc. It's getting better, but it's still a mess. Hopefully as time goes on and the industry gets better regulated and more mature, this will be an easier thing to do.

These are interesting questions, thank you for getting the discussion started on them.

Do you care how your public data and posted content is used? Why or why not?

Not really. If I did, I wouldn't post it somewhere public like lemmy. I guess if I were sharing source code or artwork I had made, I would feel differently about somebody taking those and breaking the license terms on that. But I don't care if they're used to train AI. Well-trained AI benefits all of humanity, and it's not like they're making copies, they're just learning piecemeal from millions of pieces of content like mine. Whether or conventional licensing applies to AI at all is still a question of open legal debate that will probably take years to resolve.

What do you think of choosing a content license for your Lemmy account? Does this contradict the FOSS model?

I think this is a great idea and gives users some degree of additional control and clarifies for people who might want to use the data how they can use it. This can also be an interesting marketing tool to be able to say that on Lemmy you choose who uses your data and how, even if the enforcement mechanism is on the legal side not the technical side. The default should be public domain or copyleft license as that benefits the commons the most, but users should be able to make their own choice.

Should Lemmy have features to protect user data/content in this way, or should that be left up to the user to figure out on their own?

Not really aside from letting users choose licenses for their content. I do think AP should integrate encrypted DMs/messages like nostr etc has, this is an important feature. But that's really outside of this particular discussion.

Edit: Additional thought on licensing fees. If users could post, for example, their Bitcoin lightning address in their profile, they could automatically "license" their content this way. They could set a flat license fee in their profile per post or per word or whatever, perhaps it could be modified on a given post if the user wanted to, and if some company wants to come along and use their content, they could automatically pay for the licensing for that content. This would be an interesting way for users to get paid for their content. Lemmy and/or the instance could even take a portion of those payments, say 10%, and put it towards development. Having this all done via lightning would make this process automatable. Companies scraping AP/Lemmy data could search, find content, and then buy the content that suits them best. They might be willing to pay more for rare content types, for example, content on niche communities. Companies get proof, via the lightning transaction, that payment was made.

As a user, I wouldn't mind getting a few bucks per year for my content and knowing that my money is also contributing to Lemmy development and the sustainability of this whole fediverse thing. Nostr has a similar functionality with tips/zaps and tip pools, though it's not based around licensing.

The fact that Linux lacks a decent system-level backup tool with a GUI is kind of a mind boggler for me. The best one I've found which gets close to this is timeshift. File-level backups can't restore your whole system state and users shouldn't be expected to remember or manually export their package lists and god knows what else. I have subsisted on file-only backups but it's really not great as a solution. Disks fail, and when they do, you inevitably have to reinstall the entire OS. It's a mess. RAID1 could theoretically prevent this, but no distro makes it easy to boot from a RAID1 setup.

Backing up the entire filesystem is not a technically complex thing, there are plenty of command-line tools to do this and some filesystems even support this concept via snapshots etc. But this has yet to be put into a useful practice for end users.

Nostr vs Mastodon on Privacy & Autonomy:

• Relay/instance admins can choose which content goes through their relay on either platform
• On nostr, your DMs are encrypted. In Mastodon, the admin of the sender and receiver can read them, as can anybody else who breaks into their server
• On nostr, a relay admin can control what goes through their relay, but they can't stop you from following/DMing/being followed by whoever you want since you are typically connected to multiple relays at once. As long as one relay allows it, signal flows. Nostr provides the best of both worlds: moderated "public squares" according to your moderation preferences, autonomy to follow/dm/be followed by anybody you want (assuming that individual user hasn't blocked you).
• On mastodon, your identity is tied to your instance. If your instance goes down, you lose your follow/followee list, DMs, etc. On Nostr, it's not, so this doesn't happen. Mastodon provides some functionality to migrate identity between instances but it's clunky and generally requires to have some form of advanced notice.
• Both have all the same functions as twitter: tweet, reply, re-tweet, DM, like, etc.

Why I think nostr will win https://lemmy.ml/post/11570081

It's just as scalable as fedi, I'd say it's even more scalable since relays don't need to communicate with each other, which reduces the cost to run a relay. The average user experience is basically identical. They download an app, it connects to a set of default relays (or they can choose some manually if they want), they tweet.

Hardware signing devices have lots of utility because they keep the key from ever being on the machine (which is more likely to be compomised). Think ledger or trezor for your Bitcoin. Hardware encryption devices are just really expensive and black-box ways to avoid Veracrypt.

If your encryption algorithm is secure, you have no use for automatic lock-out. If it's not, automatic lockout won't do much against an attacker with physical access to the device. Unless they are dumb enough to trigger the lockout AND the internal memory wipes itself sufficiently well AND/OR the attacker doesn't have the resources to reverse engineer the device.

Because you can choose which relays to connect to and you typically connect to multiple relays. This is all seamless. On Mastodon/fedi, an instance controls your entire view of the fediverse unless you make a separate account elsewhere and check it separately. You can't follow or be followed by users or instances they block even if you want to. They also control your identity, since it's tied to a relay/instance. If your relay shuts down or your account gets banned, you have to make a new account elsewhere, re-follow everybody, get everybody to re-follow you, etc. It's a mess.

On nostr, instance/relay admins only control that goes through their specific relay. Relay admins can, of course, share common blocklists if they want for anti-spam or anti-abuse purposes. If you want to follow somebody blocked by a relay, you are connected to other relays and the signal can flow through there. You don't need to check multiple relays separately. If your relay closes, you don't lose your account/identity.

A relay admin controls what goes through their relay. A user controls who they follow and who follows them. If you want, you can just auto-ignore all DMs directed to you by people who aren't in your follow list. Also remember that your DMs have to come through a relay, presumably you are connected to relays you trust the moderation policy of, so toxic users can't use those relays to DM you.

Read the first bullet point:

• Relay/instance admins can choose which content goes through their relay on either platform

Elections matter. Elections decide who gets to appoint judges (or you can directly elect judges depending on the court system). Being politically active in other ways matters too. Apathy doesn't work.