this post was submitted on 02 Jul 2023
626 points (96.0% liked)

Showerthoughts

29793 readers
813 users here now

A "Showerthought" is a simple term used to describe the thoughts that pop into your head while you're doing everyday things like taking a shower, driving, or just daydreaming. A showerthought should offer a unique perspective on an ordinary part of life.

Rules

  1. All posts must be showerthoughts
  2. The entire showerthought must be in the title
  3. Avoid politics
    • 3.1) NEW RULE as of 5 Nov 2024, trying it out
    • 3.2) Political posts often end up being circle jerks (not offering unique perspective) or enflaming (too much work for mods).
    • 3.3) Try c/politicaldiscussion, volunteer as a mod here, or start your own community.
  4. Posts must be original/unique
  5. Adhere to Lemmy's Code of Conduct

founded 1 year ago
MODERATORS
 

It's the same as with Linux, GIMP, LibreOffice or OnlyOffice. Some people are so used to their routines that they expect everything to work the same and get easily pissed when not.

top 50 comments
sorted by: hot top controversial new old
[–] fubo@lemmy.world 112 points 1 year ago* (last edited 1 year ago) (1 children)

This isn't just open-source software; it's also a collection of servers run by hobbyists.

There is no business here at all. You're not the product, but you're also not the customer — because there is no customer. What you're seeing here is a strictly nonprofit Internet service provided by people who just want to make one.

[–] mustbe3to20signs@feddit.de 46 points 1 year ago (7 children)

Which makes Karen behaviour even worse and incomprehensible but most people are humble and don't care to much about some minor problems and a little learning curve

[–] dice@lemmy.world 22 points 1 year ago (3 children)

the slight technical competency needed to navigate the fediverse might help keep low-quality users away and mitigate the “summer reddit” effect.

load more comments (3 replies)
load more comments (6 replies)
[–] ThaijsClan@lemmy.world 79 points 1 year ago (14 children)

This is why I have 4 different apps to surf Lemmy. When one app is acting up I just switch to another. For example I was just barely scrolling in Jerboa but getting a bunch of network errors so I switched to Connect which is where I'm posting this comment. I'm totally down with being patient with Lemmy for the time being. Anything to get away from R*****

[–] ludw@lemmy.world 31 points 1 year ago (18 children)

Have you tried Liftoff? I think it's the best one so far for Android.

load more comments (18 replies)
[–] MementoMori@lemmy.world 10 points 1 year ago

I'm doing the same thing. I have no allegiance like I did with RiF. If one isn't working, I'll just move. Give them some time to work out the kinks.

load more comments (12 replies)
[–] Rusticus@lemmy.world 66 points 1 year ago (6 children)

As someone who used Reddit when it was first released, Lemmy is 10x better than Reddit v0.1 and obviously better than current Reddit.

[–] UnfortunateDoorHinge@aussie.zone 13 points 1 year ago (1 children)

I guess as a user I didn't see the back-of-house tools for mods and admins, but so far Lemmy is at least competitive. There are risks with server security and threat of being hacked, along with the size of the team.

[–] riskable@programming.dev 30 points 1 year ago (4 children)

There are risks with server security and threat of being hacked

[Citation Needed]. I'm a security professional (my day job involves auditing code). I had a look through the Lemmy source (I'm also a Rust developer) and didn't see anything there that would indicate any security issues. They made good architecture decisions (from a security perspective).

NOTES ABOUT LEMMY SECURITY:

User passwords are hashed with bcrypt which isn't quite as good a choice as argon2 but it's plenty good enough (waaaaay better than most server side stuff where developers who don't know any better end up using completely inappropriate algorithms like SHA-256 or worse stuff like MD5). They hard-coded the use of DEFAULT_COST which I think is a mistake but it's not a big deal (maybe I'll open a ticket to get that changed to a configurable parameter after typing this).

I have some minor nitpicks with the variable naming which can lead to confusion when auditing the code (from a security perspective). For example: form_with_encrypted_password.password_encrypted = password_hash; A hashed password is not the same thing as an "encrypted password". An "encrypted password" can be reversed if you have the key used to encrypt it. A hashed password cannot be reversed without spending enormous amounts of computing resources (and possibly thousands of years in the case of bcrypt at DEFAULT_COST). A trivial variable name refactoring could do wonders here (maybe I should submit a PR).

From an OWASP common vulnerabilities standpoint Lemmy is protected via the frameworks it was built upon. For example, Lemmy uses Diesel for Object Relational Mapping (ORM, aka "the database framework") which necessitates the use of its own syntax instead of making raw SQL calls. This makes it so that Lemmy can (in theory) work with many different database back-ends (whatever Diesel supports) but it also completely negates SQL injection attacks.

Lemmy doesn't allow (executable) JavaScript in posts/comments (via various means not the least of which is passing everything through a Markdown compiler) so cross-site scripting vulnerabilities are taken care of as well as Cross Site Request Forgery (CSRF).

Cookie security is handled via the jsonwebtoken crate which uses a randomly-generated secret to sign all the fields in the cookie. So if you tried to change something in the cookie Lemmy would detect that and throw it out the whole cookie (you'd have to re-login after messing with it). This takes care of the most common session/authentication management vulnerabilities and plays a role in protecting against CSRF as well.

Lemmy's code also validates every single API request very robustly. It not only verifies that any given incoming request is in the absolute correct format it also validates the timestamp in the user's cookie (it's a JWT thing).

Finally, Lemmy is built using a programming language that was engineered from the ground up to be secure (well, free from bugs related to memory management, race conditions, and unchecked bounds): Rust. The likelihood that there's a memory-related vulnerability in the code is exceptionally low and Lemmy has tests built into its own code that validate most functions (clone the repo and run cargo test to verify). It even has a built-in test to validate that tampered cookies/credentials will fail to authenticate (which is fantastic--good job devs!).

REFERENCES:

[–] juicebox@aussie.zone 8 points 1 year ago

I have nothing to add, just wanted to give a kudos on the epic comment.

load more comments (3 replies)
load more comments (5 replies)
[–] 4L3moNemo@programming.dev 56 points 1 year ago (10 children)

Somewhat agree, but don't get me started on a Gimp. To think that gimp was build to be a tool analogous to Photoshop (PS) is naive. It was born to demonstrate GTK GUI widgets and to check boxes on feature list (of supposedly paint program analogous to PS) from programmers perspective at most. Ok, they did the thing, checked the boxes, used all widgets, demonstrated that it works and from that day on it had and still has totaly inneficient workflow compared to PS and nobody cares about that. Answer to sugestions is almost always half assed, apple soused - you are holding it wrong, we are not PS. :)

My 2 cents, you can learn Gimp, you can adjust yourself to it, but if you have ever worked on PS and were good at it (with all its workflow, shortcuts, up to the level where you work one hand on keyboard, having most toolboxes hiden out of your view, etc..) you'll still feel gimpy. It's like comparing of giving commands to the gnome with an axe versus to an elf with a whole bunch of efficient specialised tools, spells and workflows – both trying to create art. I don't use PS daily for how much, maybe >8 years and use Gimp weekly for about 12years – I say, it is still gimpy as f.. And I'm programmer not a designer, designers usualy just hate it. I on another hand understant it (and it's history) and take it as it is, as an inferior gimpy cousin of PS :)

[–] norawibb@sh.itjust.works 33 points 1 year ago (2 children)

why does no one ever mention krita

[–] patachu@lemmy.world 13 points 1 year ago

There's the answer I was looking for!

I watched a 3-hour Krita beginner's tutorial (can't remember the exact video but the narrator had a strong French accent) and he explained so many tricks and tips - hold down Ctrl to do this, hold down Shift to do another thing - that might not be intuitive from just poking around. But Krita really is the "built by artists, for artists" program once you have a keyboard & tablet config that fits one's personal workflow.

[–] barsoap@lemm.ee 8 points 1 year ago

I would have if you hadn't already.

Though TBH if you're a mouse user gimp might actually be better... but practically noone doing serious graphics work is using a mouse. And it's not like in Blender where you might switch back and forth: Krita is tablet zen, make sure to read at least a bit of the manual.

[–] T4V0@lemmy.pt 15 points 1 year ago (1 children)
load more comments (1 replies)
[–] Sir_Simon_Spamalot@lemmy.world 10 points 1 year ago

I second this. Not all tools are equal. Some are even better open source. Others are worse. OP overgeneralize.

[–] BloodyFable@lemmy.world 10 points 1 year ago (2 children)

My go-to PShop replacement is Paint.Net, much less clunky than GIMP.

load more comments (2 replies)
[–] Ddhuud@lemmy.world 9 points 1 year ago (1 children)

To think that gimp was build to be a tool analogous to Photoshop (PS) is naive. It was born to demonstrate GTK GUI widgets and to check boxes on feature list

GTK literally means "gimp tool-kit" GTK exists because of gimp and not the other way around. Also. Take a look at what Photoshop looked like in 1996 (around Gimp initial release), and tell me that's nothing like the gimp. They used to be pretty similar, but their evolutions diverged. Gimp just choosed to stick with the familiar interface, even in the light of PS' changes. Also PS had tens of millions invested in developing it. Had gimp got a tenth of those resources things would be pretty different for both projects.

load more comments (1 replies)
load more comments (5 replies)
[–] Yaks@lemmy.fmhy.ml 53 points 1 year ago

I am a reddit refugee and just down for fun ride on the bleeding edge. I am finding a lot of the same communities here and I am happy that Lemmy is here to fill the void.

[–] ExecutorAxon@vlemmy.net 51 points 1 year ago (1 children)

My biggest takeaway with open source projects is this:

Theres there's a HUGE jump from being power user friendly to being user friendly in general. Significantly bigger than the jump from dev/contributor users to power users.

UX is something huge companies spend a lot of time and money on to ensure the layman can use the software well, something open source developers do not have the luxury of caring about from the get go.

Power users do not recognize the inbuilt muscle memory they have acquired over time to get around some of the more nagging aspects of the software and get frustrated with new users for not doing the same, while these new users get frustrated at things not being straightforward, or similar to some other software they're used to.

IMO this push and pull is what is truly preventing a Linux desktop experience that is truly layman friendly. But when it works, and an open source project can slowly start putting more of their time into UX when the project is more mature, then it truly starts kicking ass.

Look at how far Blender has come since the 3.0 update. A lot of studios are straight up switching to it for a lot of work that was traditionally Max or Maya based. Obviously you still have some of the "old guard" who felt a little alienated with the sweeping changes from 2.7 to 3, but I feel blender is objectively better for most people since then.

TL;DR: OSS always deals with different competing needs for power users vs regular users, but given enough time things get smoothened out

load more comments (1 replies)
[–] ShustOne@lemmy.one 43 points 1 year ago* (last edited 1 year ago) (11 children)

I was with you until GIMP. If one more person lists it as an alternative to Photoshop I'm gonna lose it. It's UI is terrible, you have to watch a guide just to get started. Can't read PSDs in any viable way. I'm sure people use it just fine but to call it an alternative to Photoshop is just plain lying.

Edit: the other thing I dislike about it being suggested as a replacement is that it assumes you work alone. Anyone on a team with people in PS will not be able to even attempt to use GIMP to get work done.

[–] sparky678348@lemm.ee 20 points 1 year ago

You wretched Photoshop enthusiast. How dare you defile the sacred realm of pixelated beauty with your blasphemous tools of the Adobe empire! You, who bathe in the deceptive allure of layers and filters, know nothing of the humble struggle of a true purist.

While you revel in your so-called "advanced" software, I, a virtuous wielder of MS Paint, have embarked on an arduous journey. Armed only with a pixelated brush and limited color palette, I navigate the treacherous seas of artistry. Each stroke, deliberate and purposeful, carries the weight of my soul, for I am a master of simplicity.

Do you not understand the profound joy that arises from conquering the challenge of transforming mere pixels into a masterpiece? With each painstaking click, I breathe life into my creations, shaping reality with the precision of a pixel whisperer. Your Photoshop may grant you an abundance of tools, but it lacks the purity and authenticity that flows through the veins of my MS Paint.

Gimp, you say? Ah, a mere imitation of the great MS Paint, seeking validation in the realm of Photoshop. It too shall crumble beneath the weight of its pretentious ambitions. For true artistry lies not in the abundance of options, but in the mastery of limitations.

So, my misguided foe, before you spew your haughty words, remember the legacy of MS Paint. It has endured the test of time, witnessed the rise and fall of software giants, and remained steadfast in its simplistic grandeur. While your Photoshop may dazzle the masses with its flashy tricks, it is MS Paint that stands as the guardian of true artistic purity.

[–] loudWaterEnjoyer@lemmy.dbzer0.com 17 points 1 year ago (9 children)

You also need a guide to get going in PS, its just a different App but fulfills the same tasks

load more comments (9 replies)
[–] FiftyShadesOfMyCow@lemmy.world 14 points 1 year ago

Use Krita as an alternative! 💕

[–] paorzz@lemmy.world 13 points 1 year ago (2 children)

The better alternative to Photoshop/Illustrator/InDesign is Affinity. And yeah, while it’s not actually free, you only have to pay once and everything is yours.

Or for quick free edits, Photopea.

load more comments (2 replies)
[–] xaxl@lemmy.world 11 points 1 year ago

It's an alternative image manipulation software. It's not a great replacement for PS though.

[–] AdmiralShat@programming.dev 9 points 1 year ago

I 100% agree, I actually hate GIMP almost as much as I hate Photoshop.

Paint.net is a significantly better software for light to medium image manipulation, and Affinity is what I'd say is an actual replacement for Photoshop. Affinity isn't by any means FOSS but you can't win them all.

[–] HijaDelRey@mujico.org 8 points 1 year ago

Photopea on the other hand is amazing

load more comments (4 replies)
[–] oldLady80@lemmy.world 31 points 1 year ago (1 children)

I've been here since the blackout and everything is great, apart from a few times when the site seemed a bit slow. I don't even miss reddit anymore.

load more comments (1 replies)
[–] Strangian@lemm.ee 30 points 1 year ago (19 children)

I’m using wefwef right now, and its all running pretty smoothly. No complaints here

[–] Anoril@lemmy.world 8 points 1 year ago (6 children)

Maybe im used to Boost on reddit but damn, does it feel weird to vote/reply using 3 dots on the right lol.

[–] i_am_hiding@aussie.zone 20 points 1 year ago

You're upvoting wrong, my friend.

Try sliding the comment / post from left to right. Slide further to downvote.

load more comments (5 replies)
load more comments (18 replies)
[–] wiox@compuverse.uk 17 points 1 year ago

Well thats true for all software - being free/libre or not. It just takes time to get used to it.

For example, when I get a new phone - I spend the next months complaining over how much better the previous one was, until I dont.

[–] iorale@lemmy.fmhy.ml 17 points 1 year ago (2 children)

Yes and no, most of the free/open software has the problem of being very not-user-friendly (even if it's only for the first time set-up) and the documentation (even the youtube tutorials) are written in a "you should know all this already" way, which is cool if you do, but if this is the first time you are doing this or if it's the only time you are gonna use that knowledge then it's absurd to expected someone to learn it only for one time.

It is normal for someone to complain that the thing that steals all their data or needs a subscription is better because it's easier to use (install, pay/register and use, done), compared with how different and difficult usually it's to install and get to work a FOSS option (download this, install these, run command lines, configure all these, now get all these plugins, etc).

If we want bigger numbers, then it should be at least as easy as the thing we want them to stop using, otherwise we are barking at the wrong tree.

[–] Zeth0s@lemmy.world 8 points 1 year ago* (last edited 1 year ago) (4 children)

You are missing a point. Closed sourced solutions pay developers a lot... And they focus on the ux. Think about the most famous example, all apple OSes are just like a customized collection of open source stuff, similar to a linux distro, with a user friendly, closed sourced GUI.

Open source solutions that are not user friendly, is just because no one is paid, or there is not enough budget to pay for a high level UX design and implementation

UX in open source software is mostly fine for those who built it for them selves or people in the same environment.

As soon as stuff gets built for others with other requirements empathy declines, and I don’t mean this disrespectful. Good professional UX sources are needed, indeed to fill this gap. But will they be able to convince the open source devs who often were Initiator of the projects?

load more comments (3 replies)
load more comments (1 replies)
[–] at_an_angle@lemmy.one 16 points 1 year ago (3 children)

So here's something I learned about two years ago. GIMP sucks.

Hate on me all you like, but paint.net is the superior program.

Open office is fine. I got it to write up resumes and the few odd things. It did it's job fine.

Spreadsheets is a different thing because I only use Excel at work and haven't looked into it past that.

load more comments (3 replies)
[–] manitcor@lemmy.intai.tech 15 points 1 year ago (1 children)

same as it ever was, if they are so hung up on thier particular flow then they should likely just go back and check in later, the software will evolve.

freedom is work...shocker.

load more comments (1 replies)
[–] Blazingflames6073@lemmy.world 14 points 1 year ago

Hmmm, fuck those people honestly

[–] zzap129@lemmy.world 13 points 1 year ago (2 children)

Lemmy is absolutely easy to use. once you created an account. But a lot of people have problems with that.

load more comments (2 replies)
[–] BehelitOutlaw@lemmy.world 12 points 1 year ago (2 children)

The thing is if they want people to migrate they should do something about it

load more comments (2 replies)
[–] bstix@feddit.dk 9 points 1 year ago (1 children)

Complaints can be valuable user feedback. I'm sure the developers can see past the negativity and know that they can't make everyone happy. They can still use it to pick up ideas or prioritize what to do next etc. without taking it personally.

Yeah, they probably get a lot of requests and crazy mails, but that's part of the process even in professional development. At least in open source they're free to do what they want at any time, compared to professional work where they might be required to follow crazy ideas even if they don't want to.

load more comments (1 replies)
[–] nocturne213@lemmy.world 9 points 1 year ago

I have used LibreCalc for years, and I always grumble about how I wish it worked the same as excel. Then back in 2018 at my old job I had to purchase 3 licenses for MS Office and due to my boss’ inability to reply to my emails were purchased under my personal email address (I did not yet have a work email). When I lost that job in 2020 I decided to install excel on my personal laptop. After using it for a few hours I uninitiated Ava went back to libre, which is either better or I am just better at using than excel.

load more comments
view more: next ›