this post was submitted on 07 Jun 2023
523 points (98.0% liked)
Asklemmy
43945 readers
27 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm excited for the possibilities, but daunted by the realities.
It's going to be tough to get enough foot traffic to start populating smaller subs. It seems like the Reddit API drama is the big break needed to hit a critical mass of users, but how many will take the time to figure out something like Lemmy? And are the Lemmy instances ready? It's strange to root for Reddit to go through with the API changes after using Reddit for so long. But if there was ever a time to pay a bit extra for additional hosting resources, June 11th (or now!) should be it. If a large influx of new users crash Lemmy instances, and no one can sign up, a golden opportunity will be lost.
Signing up was not a flawless process. You are asked to make a choice about servers with little guidance on what it all means.
Requiring a 10 character password with additional character conditions is going to turn a lot of possible new users OFF. It should be 6 characters, with no conditions. Yes, it's not secure, but we need sign ups above everything else. Users can choose to get as complex as they want, but simplicity should also be an option. If people later grow to value their Lemmy accounts, they can secure them at a later time. But extremely easy sign up should be the default for now.
Asking people to write an extensive answer as to "why you want to join this particular server" should also be suspended temporarily. Again, it's about ease of signing up. We should try to get as many signups in as quickly as possible, and weed out the problem people later. After the possible Reddit migration boom ends, you can go back to application essays as a requirement for entry.
The web interface is buggy. The site will often "reset" as you are reading a thread, and the whole thread will act if "refreshed". If this causes users to lose a long post they are typing, they might quit Lemmy then and there.
The community structure needs to be more unified across instances. It's confusing that there are local groups as well as "multiverse" groups across federations, often with the exact same name. It's a bummer that the communities can be splintered, and will have people not realize what's really available.
I think we're might see some weaknesses of a distributed system like Lemmy in the next few weeks. It's hard to organize and get everyone rowing in the same direction with no "CEO" or clear leader. It does feel like little fiefdoms doing their own things, and that makes it even harder to hit critical mass.
In terms of content and userbase, so far so good. It obviously leans heavily towards the technically competent. Lemmy sort of screens for the technology inclined since it's only well known to those who are up to date with the latest in tech. So of course it's easy to feel like everyone is like minded and cool for now. But we need to attract casuals if we want vibrant, non-tech groups to exist and flourish too.
I've only been exploring for 2 days though, so I can be very wrong.
I just got approved here, but have been on Mastodon for a couple of months. Mastodon signup was a lot glitzier, and yet I still couldn't convert my friend, who was like "I don't understand, what do you mean it's like email? >_<". I don't have high hope for Lemmy atm...
I think Reddit will backpedal and renegotiate with users/devs down the line, once the initial backlash has died down, and they have lowered everyone's threshold of what they would consider a "victory". Things like Lemmy will act as a sword of Damocles/safe harbour for the next time they screw up, sure, and that's a good thing. But I doubt Lemmy will explode in popularity, even if some 3rd party Reddit clients are discussing adding Lemmy support to sort of rugpull Reddit, and that's for 3 reasons(imo):
I agree that the signing up process should be streamlined and bugs should be fixed. But I don't agree we should maximize the userbase even if we need to weed out a lot of nasty people and bots later. That would make the platform more unpleasant instead of better.
I think the critical mass has already been reached. Not to be an exact copy of Reddit with all its tiny subs, but to be a nice place in its own right.
To combat the splintering problem I think there should be an option to combine similar communities of different instances. You would still have to choose an instance when posting, but when reading you wouldn't.
I gather that is not your case and I see what you mean if I think about my parents for instance, but objectively I can only think that a 6 characters password with no restrictions (e.g. 123456) might have been "okeish" and yet still object of jokes 20 years ago, but now it shouldn't absolutely be passed as a norm anyway close to "adeguate", users need to be correctly educated on their own security awareness in general, but also especially here because the it is very likely that the instance where the user account is registered to will not have any paid customer service around to solve their users issues with account security breaches because of their weak passwords.
So regarding passwords for the casual as for the expert user once and for all the xkcd comics stripe on passwords:
https://xkcd.com/936/
and here is a couple of handy online and downloadable generators inspired from that comics stripe:
https://xkpasswd.ethanify.me/
https://xkpasswd.net/s/
But also learn to use password managers! Which also come often with their own handy password generators btw. The gist of it is that you need to remember only one password for the manger, and in turn it is going to remember and service for you your credentials for all your accounts. .
For instance for the average casual user Bitwarden should more than suffice, it is free, has a freely managed remote service, apps for mobile and extensions for the browsers, it is open source and has been audited: https://bitwarden.com/
I perfectly know that is a an uphill process, I can see that with my parents, but I also like to think that maybe if something I tell them about how to manage their passwords is able to stick in their mind then one day it might save them from being robbed online for always using the same few charters password everywhere for every effing website.
And when I use a passphrase that my password manager generated, the sign up form called it "weak".
A much shorter password (about half as many characters) that is arguably weaker and has less entropy was considered "strong". Just because it had punctuation.
Then respectfully it might be your fault, but I don't know the metrics for which Lemmy rate the passwords, you can also use this other estimator, download the local version of course:
https://github.com/dropbox/zxcvbn
I for instance used a simple setting:
and got:
;;75.cupcake.manly.argument.53%%
testing it on https://lowe.github.io/tryzxcvbn/
Lemmy although gives it a "medium" quality rating to the password, so I guess it must estimate it differently
I honestly can't agree to this. Current "save" standard is at least 12 char 3 complexity, to which already too few adhere.
But let's take it a bit further, say, you get more sign-ups due to easier passwords (which I kinda doubt matters that much compared yo other things, but let's roll with it). Imagine Lemmy would suddenly boom with those new users due to changes to make it easier + Reddit acting odd: Lemmy would still be in the initial growth if it suddenly becomes big. Lot of users + no big company/organization/etc to back it up with it's resources (as suddenly booming things can't scale resources instantly, it takes time to adapt) creates a seemingly easy target (no matter if true or not). In other words, it'll create motivation to try and hack it. And with a low password strength, that would mean easy to hack accounts. And what would a large amount of hacks do for the reputation? Especially on a nee service? Probably scare all those new people away as quick as they came...
I gotta say a lot of this makes sense.