Interested in the intersections between policy, law and technology. Programmer, lawyer, civil servant, orthodox Marxist. Blind.


Interesado en la intersección entre la política, el derecho y la tecnología. Programador, abogado, funcionario, marxista ortodoxo. Ciego.

  • 3 Posts
  • 22 Comments
Joined 1 year ago
cake
Cake day: June 5th, 2023

help-circle




  • Not sure I understand. What I’m trying to do is something like this:

    • Poll a stream which takes fedi events. Read player commands.
    • If an event comes from a known player, check which match they are into.
    • With that info, get their opponents/coplayers etc and perform the change of state in the game (send replies, next turn, etc).

    So what I have as a key is a player name (AP username) and from that I need to find which match they’re in.

    There’s nothing semantically useful about a match ID.


  • Thanks, the RC is a possible approach. It seems to violate DRY a bit but maybe there’s no way around it.

    The reason I had the players outside the match is that I need them there anyway, because when I get a player action I need to check in which match they are, who are their opponent(s) and so on. So even if they’re in, they’ll have to be out too as there are concurrent matches and the player actions come all through the same network stream.



  • modulus@lemmy.mltoLemmy@lemmy.mlRFC for Private Communities in Lemmy
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    9 months ago

    I can think of alternatives. For example, the server could keep the user’s private key, encrypted with a passphrase that the user must have. So key loss wouldn’t be an issue. (Yes, passphrase loss might, but there are lots of ways to keep those safely already, compared to key material which is difficult to handle.)





  • Apparently the problem is due to an incompatibility between the use of certain libraries (winapi and windows-sys) which use different versions of COM. At least so I deduce from the documentation I’ve read.

    There’s a workaaround:

    On Cargo.toml, use.

    [build-dependencies]
    embed-manifest = "1.3.1"
    

    And on the root of the project (not the src dir) create a build.rs file with the following content:

    use embed_manifest::{embed_manifest, new_manifest};
    
    fn main() {
        if std::env::var_os("CARGO_CFG_WINDOWS").is_some() {
            embed_manifest(new_manifest("Contoso.Sample")).expect("unable to embed manifest file");
        }
        println!("cargo:rerun-if-changed=build.rs");
    }
    

    This embeds a manifest together with the executable, solving the issue.




  • The way I look at this is I have a reasonable understanding of rust. I’m not an expert but I can more or less do whatever computation I need to do, use crates, and so on. But with async it’s like learning another language. Somewhat of an exaggeration, but it’s not just what code you need to write, but also being able to read the error messages from the compiler, understanding the patterns and so on. So yes, it’s probably fine, but it does take work.






  • The biggest issues for me are:

    1. No centralisation means there’s no canonical single source of truth.
    2. Account migration.
    3. Implementation compatibility.

    No single source of truth leads to the weird effect that if you check a post on your instance, it will have different replies from those on a different instance. Only the original instance where it got posted will have a complete reply set–and only if there are no suspensions involved. Some of this is fixable in principle, but there are technical obstacles.

    Account migration is possible, but migration of posts and follows is non-trivial, Also migration between different implementations is usually not possible. Would be nice if people could keep a distinction between their instance, and their identity, so that the identity could refer to their own domain, for example.

    Last, the issue with implementation compatibility. Ideally it should be possible to use the same account to access different services, and to some extent it works (mastodon can post replies to lemmy or upvote, but not downvote, for example).



  • Perhaps the manual reporting tool is enough? Then that content can be forwarded to the central ms service. I wonder if that API can report back to say whether it is positive.

    The problem with a lot of this tooling is you need some sort of accreditation to use it, because it somewhat relies on security through obscurity. As far as I know you can’t just hit MS’s servers and ask “is this CSAM?” If something like that were possible it might work.

    Can you elaborate on the hash problem?

    Sure. When you have an image, you can do lots of things to it that change it in some way: change the compression, the format, crop it, apply a filter… This all changes the file and so it changes the hash. The perceptual hash system works on the basis of some computer vision stuff and the idea is that it will try to generate the same hash for pictures that are substantially the same. But this tech is imperfect and probably will have changes. So if there’s a change in the way the hash gets calculated, it wouldn’t be enough with keeping hashes, you’d have to keep the original file to recalculate, which is storing CSAM, which is ordinarily not allowed and for good reason.

    For a hint on how bad these hashes can get, they are reversible, vulnerable to pre-image attacks, and so on.

    Some of this is probably inevitable in this type of systems. You don’t want to make it easy for someone to hit the servers with a large number of hashes, and then use IPFS or BitTorrent DHT to retrieve positives (you’d be helping people getting CSAM). The problem is hard.

    Personally I was thinking of generating a federated set based on user reporting. Perhaps enhanced by checking with the central service as mentioned above. This db can then be synced with trusted instances.

    Something like that could work, maybe obscuring some of the hash content (random parts of it) so that it doesn’t become a way to actually find the stuff.

    Whatever decisions are made have to be well thought through so as not to make the problem worse.


  • IMO the hardest part is the legal side, and in fact I’m not very clear how MS skirted that issue other than through US lax enforcement on corporations. In order to have a db like this one must store stuff that is, ordinarily, illegal to store. Because of the use of imperfect, so-called perceptual hashes, and in case of algorithm updates, I don’t think one can get away with simply storing the hash of the file. Some kind of computer vision/AI-ish solution might work out, but I wouldn’t want to be the person compiling that training set…