Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

For example, I'm running a $1000 CAD CPU and it's going to take me a full year to mine a single XMR, which is worth US$ 215 at the moment. That's not counting the RAM or the motherboard, etc. because I can still use the computer for other things while it's mining. 16 cores / 32 threads will do that for you. Still, counting power I won't get my investment back in 5 years' time.

I'm also mining Ethereum, and for that, CAD$2500 worth of hardware is grossing me US$ 320 per month, or CAD $ 480, minus power for a net of 361 a month. But back when this equipment was bought, I was grossing CAD $800 a month with it.

Completely different ball game. The supply of XMR is not constrained as per the coin, but the hardware requirements are the real constraint.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

That is true, however mining Monero is VERY difficult and truly is not profitable. That is a fairly tough cap on how much supply there can be.

I mean, if you do everything right, and your power is cheap, you can look at 2-5 years ROI on your equipment by mining Monero, while you are looking at 2-3 months mining Ethereum. At current valuations.

In other words, the only people mining monero are those who know how great the crypto is, and not people who are out to make a buck.

This makes the supply side of XMR (Monero) a vastly different proposition than that of BTC or ETH.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Saved and noted. Sounds good, but I also heard there was the problem that there is no maximum limit to the number of Monero coin that can be produced - thus creating problems I fully don't comprehend about scarcity etc..

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Or use only Monero, the data protection, privacy, anonymity, untraceability coin.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Oh. I thought it was more indie. Last Feb someone (maybe Panzer) posted an alt-oAuth that sounded terrific. I wish I could find that again.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Thanks for the info.
Seems like people should split their assets up to avoid the KYC thing.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Yes oAuth has many uses. Sign in with Google, Sign in with Facebook, etc, those are all oAuth.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]rubberbiscuit[S] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (0 children)

No, sorry I am really just a simple end user of crypto. I barely understand it. I like the exchange Coinex, would recommend it for people wanting to trade especially if they want to trade a little more privately. Supposedly, Coinex is based in China so I don't know that it would be good for what you are looking for. Although at this time it seems like donations could be made to an address held there relatively anonymously. So maybe it would work for the short term but once you hit a certain dollar volume they do require KYC. Plus I don't think you'd want China to be able to have ultimate control over what you are doing there. There's got to be others with more expertise on crypto that could give much better advice.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Ooof. On a Mac.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Many folks have covered this. I'm personally not very worried about security thought perhaps I should start to be. With security, the biggest problem is not knowing what I don't know.

Personally, my biggest issues with Brave are the lack of vertical tabs, tab management issues, and bloat. Plus, the bigger a FLOSS project gets, the more likely it will be infiltrated by Google, Microsoft, Facebook, etc. Firefox got cucked in this way.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

CoinEx | The Global Crypto Asset Exchange.
Register Now: https://www.coinex.com/register?refer_code=4tgwx

Is it comparable or better than CoinBase?

I haven't started looking into this yet, but we're going to need some crypto donate options for 1) me personally, and several projects like 2) Cassandra Team / Projex.Wiki, 3) Giraffe Ideas, my local production studio, 4) Windsor Freedom Rally, 5) FAWC and FAWCC, Freedom Alliance of and for Windsor (Communications) Cooperative, and soon other local Windsor groups (lending trust / food bank, alt-employment board, alt-educators, alt-legal, front line workers, auto workers, etc etc etc).

Plus, many of these will need to have accounting either fully open/transparent for the entire world to see, or just for those in groups, or just those in leadership teams of the groups.

Do you have any recommendations on how to manage all of this?

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 3 insightful - 4 fun3 insightful - 3 fun4 insightful - 4 fun -  (0 children)

No one wants to make saidit the center of their digital identity.

I resemble that accusation.

I take it oAuth is good or you wouldn't use it. Would it be of use to non-Android folks?

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Everything I've ever spooged on was built.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I agree. If there was a demand you'd likely see it.

Obviously not a top priority, but as a new utility supporting alt-media, previously unimagined, a decentralized creators' content aggregator, I suspect it might be an exceptionally powerful tool. If widely adopted, it could potentially become the preferred way to "google your alt-media".

It could be a terrific boost to the Lemmy platform's popularity. Not only would it be a practical alternative to content creators having to build their own website and community (ie. CorbettReport.com, Viva.Barnes.Locals.com, etc), but it might even lure some existing content creators and their communities into migrating their former community platforms to Lemmy where they might be exposed to more people and the Fediverse.

IMO, this open database could be a great way for people to participate and keep up with their favourite content creators - and not lose any of their content for whatever reasons. Plus we could eventually build bridges to other platforms for auto-generated lists, etc. rather than hand generating them.

And, I think it would be a good example of how folks could potentially utilize a Lemmy instance in new ways. Sure there's the Reddit-style post+comments in communities or on topics, but folks could also use the feeds for blogging, publishing chapters, or keeping track of content creators AND their mirrors.

Alt-media mirrors may have been the catalyzing idea, but it seems like content-creator content feeds only would be ideal for a purpose driven Lemmy forum, as opposed to personal, community, or topical subs. More specifically, IMO, limiting the feeds/posts to audio/video creators might be in order. There are a few folks who cross over, like Corbett who creates videos and articles. Articles or other expressions are too common, and easily scraped or backed up.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]raven9 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I meant if the copyright owner decided to sue. You would be on shakey ground in court if you tried to claim fair use if you profit from it.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]raven9 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

You could create a key pair and publish the public key so then when you make a post anywhere else you could make a SHA1 hash of it and encrypt that and post it along with your post. Anyone with your public key could decrypt the hash and verify it matches their own hash of your post. That proves you are the one who encrypted it hence proof of the same identity. That would also mean other people could encrypt messages to you with your public key.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]L_X_A 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

If you want to prevent the attack I described and still not have to store the passwords/salt-values in your server, you could go the authentication through encryption route.

Namely, you'd ditch the email and hash cookies for a single cookie containing the user's encrypted email address.

  • When the user registers with user_email, you send them an URL that will result in them receiving the cookie user-cookie = Encrypt(user_email, server_secret).
    I'd recommend a symmetric, strong (enough) cipher such as AES-256-GCM or ChaCha20Poly1305. You did choose MD5 as hashing algo earlier, and I'm assuming you did so for performance reasons. So it's up to you to judge which cipher would still accommodate your performance needs.

  • Don't forget to set the HttpOnly, Secure and SameSite flags.

  • On every request, the server would decrypt the ciphertext in the user-cookie's value using Decrypt(ciphertext, server_secret). If it matches the email of a user account, the authentication succeeded. Here's where you should watch out for your performance needs. This needs to be done on every request.

This solves the following problems:

  • You are no longer storing (plaintext) user information in the cookie, thus compliant with GDPR (see: https://www.gdpreu.org/the-regulation/key-concepts/personal-data/)

  • If someone steals the cookie, they won't be able to know what's in there.

  • If you chose a decent cypher, a plaintext collision attack as I described earlier becomes unfeasible.

This method still has the problem that every user's email is encrypted with the same key, though. So should someone be able to crack server_secret (very difficult depending on the cipher you choose, but still), they would be able to access every account they know the email of.

To circumvent this, you could extend this pattern with a Diffie-Hellman-based KDF functionality:

  • On your server, instead of the symmetric key as stated above, you generate and store a secret prime number which will be used in a "deferred" Diffie-Hellman key agreement. That is: server_secretPrime

  • When the user registers, you generate an ephemeral secret prime for the user, and calculate the user's public prime: user_publicPrime.
    You then store the following cookies:
    ** The encrypted email address: user-access = Encrypt(user_email, DH_KDF(user_publicPrime, server_secretPrime))
    ** The user-specific public prime used for the Diffie-Hellman key agreement: user-prime = user_publicPrime

  • When you receive a request from the user, you use the values stored on the cookie to authenticate them: Decrypt(user_email, DH_KDF(user_publicPrime, server_secretPrime))

This will ensure that a new key is used for every user, and it will not require you to store user-specific passwords in your DB.

It still leaves singular users vulnerable to someone stealing their cookie and getting access to their account in perpetuity (user-access + user-prime will always produce a valid ciphertext).

If you want to prevent this from happening, I see no other alternative than storing user_publicPrime in the DB and associating it with the user_email. Whereby you'd invalidate the cookie by generating a new value of user_publicPrime and storing it in the DB.

If you do this, you could of course forgo the DH_KDF pattern altogether by simply saving user-specific server_secrets. Then again, you'd be storing cryptographic material in a DB. Not exactly something you want to do. With the DH_KDF pattern, you can keep 1 server_secretPrime stored somewhere secure, while user_publicPrime can be stored in the DB without concern.

SaidIt team changes June 2021 by d3rr in SaidIt

[–]markmarkmarkymark 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

dead thread, but glad to see that horror show has left the building. how anyone could support them is beyond me.

SaidIt team changes June 2021 by d3rr in SaidIt

[–]markmarkmarkymark 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

i know its a dead thread, but happy to admin :d

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

This is a lie!

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I was being facetious. I was hinting at the fact that a lot of open source programming projects are on Github. And I agree, it is annoying. I figured they knew something I don't about these things.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

Using it, thanks!!!

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]raven9 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Yes that sounds good too, I didn't know a signature can be verified with just a hash of the public key.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]raven9 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I never suggested they don't know about coding. I said their login method is a nuisance.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]rubberbiscuit[S] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

Ahh, my first opportunity to do a referral code. I got mine on Coinex - opened an account solely to get LBC (its the only way I knew how to get it) and I really like the platform. Best thing is no KYC (no id) until you hit some super high monetary amount. So I recommend it for really almost all crypto trading. No problems so far though they do have some minimums you have to reach before you can send crypto to it.

CoinEx | The Global Crypto Asset Exchange. Register Now: https://www.coinex.com/register?refer_code=4tgwx

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I'm trying to get the odysee coins, and I can't seem to buy any. I am even ready to send BTC for it, but nope...

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Is there any interest in setting up a public/private key generating thing on SaidIt that could be used to log in on other platforms carrying our identities forward?

This is basically oAuth. It's already running here for the android app. No one cares about additional uses for it. No one wants to make saidit the center of their digital identity.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Sure, you could hack an alternate account/login system into anything open source.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Well right now someone could be manually making feeds/subs for particular creators. But I've never seen it done. I don't think there's any demand for something like this.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (0 children)

Hhahaha your bank is my new favorite bank.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

It ain't me your looking for, babe

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]fschmidt 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I spend my days (except shabbat) doing web development for normal users, so I need to use the browsers that they use, and that is Chrome and Safari. Safari is horrible, so I mostly use Chrome.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]fschmidt 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I thought more about this. What I will do is to generate a new password every time a user logs in. I will store that password in the database and include that password in the emailed URL. So no crypto or hash needed. And this completely eliminates the last problem that /u/L_X_A mentioned.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]WalkingIn2Madness 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Censorship and algorithms is a complete culsterfuck.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]AXXA 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I use Brave. What issues do you see with it?

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 2 insightful - 3 fun2 insightful - 2 fun3 insightful - 3 fun -  (0 children)

Perhaps even easier, tie that in with my AltMediaMirrors.com idea I had after this, shared in these comments.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 3 fun1 insightful - 2 fun2 insightful - 3 fun -  (0 children)

Build it and they will cum.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Is there any interest in setting up a public/private key generating thing on SaidIt that could be used to log in on other platforms carrying our identities forward? Not sure it would matter too much with anons other than to verify you're the same "d3rr" on other platforms as on here, without getting direct communicated validation in comments or chat.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

My offer still stands. I'd BAT for you.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Can you add a little extra salt to make it seem a little more randomized? ie. Multiply the password by the/a time/date stamp or some other changing variable (title of current top thread title of FreedIt)?

cc /u/L_X_A

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

> That's a cool concept.

/u/d3rr, is this something that can be done on other platforms? Projex, Federated PeerTube, Lemmy, etc?

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Why should I have a password manager when Chrome already remembers my passwords?

Why are you using Google Chrome? You might as well use the new Microsoft Edge or Facebook's Panoptikunt browsers.

I use Brave, Vivaldi, Waterfox, Palemoon, Falcon, (Opera, Firefox, when desperate) and currently Basilisk. They ALL have issues. Waiting for LibreWolf to rise.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]rubberbiscuit[S] 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (0 children)

Wow,that's an awesome idea about the browser addon I wonder if something like this already exists. Might need to do some searches on this.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]rubberbiscuit[S] 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (0 children)

I think bitchute has upgraded recently. It used to be roughly 50% of the time videos wouldn't play, they'd just spin, but now they work I'd say at least 90% of the time. Point taken, they need to do better, but for whatever reason there are tons of movies and shows posted to Bitchute, under the Entertainment tab. So if I ever want to watch something, instead of TV or streaming I use bitchute.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]rubberbiscuit[S] 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (0 children)

The thing is at minimum 50% of the time whatever is on Youtube can be found elsewhere generally odysee from my experience. So why not look? Take a few seconds and support alt sites rather than evil.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]rubberbiscuit[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Good one, I like Bastyon as they pay you for content, although Odysee sort of does too with the tipping. I mostly tip on Odysee for content I like trying to encourage people to use it. I've been trying to day trade LBC to bump up my holdings so I can donate for "free" but so far it hasn't been working all that great :/

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

IIRC, https://GVID.TV was built by /u/x0x7.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

Youtube's the best source, that's why

IFIFY
YouTube is the best quality and best serviced platform, that's why. They are poor with management and censorship. They are not a source, they are a conduit for the content creators who are the source.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

It would be bad ass if we could archive SaidIt links to a YT to a PeerTube and/or Invidious thing that auto-discovered the alt-mirror links on other platforms.

Or perhaps have a registration service of sorts. Get all the content creators who are mirror-decentralizing to register their stuff so we can scrape the various data without having to download the videos - then present the aggregated links to the many options.

I'd like to suggest your new improved SaidIt but all of these features are not needed. Further, it seems to me that this might be a perfect use for a limited-feature decentralized Lemmy instance with a singular purpose: each sub is a dedicated feed for each content creator's channel. These feeds of course can be shared over the Fediverse, and that Lemmy can become a practical utilitarian hub aggregating mirrors. And when other people mirror the content on PeerTube, IPFS, etc etc etc they can add theirs in the archived feed lists (in bulk may require scripts and permissions). And there are more developers on Lemmy.

AltMediaMirrors.com or MirrorAltMedia.com ? = Lemmy for sharing mirrors of media.

Plus, there could be an auto feed of SaidIt posts on Lemmy with scripts running there to log stuff in need of mirroring or sorting or auto-finding mirrors (ie matching URLs) in the Lemmy database, then a bot can autopost the mirrors on SaidIt.

Lots of work. But perhaps it's a good enough idea to recruit help from other communities too - and thus bring in others and/or cross pollinate social circles.

If you think it's a good idea I can polish a better draft for Projex.

Thoughts?

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Also, IIRC, Australia or New Zealand was having their BitChute censored.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]JasonCarswell 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (0 children)

Excellent point.

1) I'm lazy and their service is solid, unlike others.

2) I'm trying to cut down on social media, including not getting addicted to new platforms.

3) I'm going to be focusing on https://Projex.Wiki (and hopefully other indie platforms soon enough).

4) There's no good excuses.

It would be great if someone could develop a browser addon to discover mirrored content to co-include as options in the posts.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]AmericanMuskrat 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (0 children)

Ah the Uphold issues, I heard about those. So far no problems but reading about them wasn't real encouraging. My bank gives a fraud alert for transferring funds in.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Gravi 3 insightful - 4 fun3 insightful - 3 fun4 insightful - 4 fun -  (0 children)

Yea, due to my region shit is blocked, there was this one video about Jews and they said it was something about hate so they blocked the entire channel for me in my region.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Tiwaking 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

fschmidt 3 insightful - 1 fun - 10 hours ago What is gvid?

gvid.tv is a video hosting site. Its really good for hosting videos, but lacks comments and normal social media related content.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Tiwaking 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I agree: gvid is a good host

x0x7 6 insightful - 4 fun - 14 hours ago Can't profit from it.

That is untrue. Look at Family Guy's use of Mickey Mouse under fair use. Do you think they profited zero from that episode just to include that one clip?

I am going to self plug though. If you want above 720p video and no-monetization, gvid.tv has you covered.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Tiwaking 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Gravi 5 insightful - 3 fun - 18 hours ago Bitchute blocks some of the videos in my region, or channels to be exact and precise.

Bitchute is still blocking videos?? I didnt know that! I thought it was a bug

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Tiwaking 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Popper 3 insightful - 0 fun - 10 hours ago yt is run by google and they censor

This is true. But they cant censor everyone all the time, it takes time for them to crackdown on YouTubers and it is always big news when they do.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Tiwaking 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

BitChute has never worked properly. The others are alright, but as you can see CountDankula still uploads to YouTube as he knows that is where the majority of his audience view his videos from

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 4 insightful - 3 fun4 insightful - 2 fun5 insightful - 3 fun -  (0 children)

I'm just mad that their Uphold partner requires an ID upload. Maybe it's not a scam. But I'm under the impression that they don't need to know your identity until you make $10k, in compliance with those Know Your Customer laws. So Brave and/or Uphold* (I think it's an big and) is more strict than the law requires. I guess like here :(

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]AmericanMuskrat 4 insightful - 3 fun4 insightful - 2 fun5 insightful - 3 fun -  (0 children)

Uh oh, wasn't aware of that. I have had a pretty good experience with BAT, it's like getting paid $8 a month to use their browser. Not much, but it's handy for beer money.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 4 insightful - 3 fun4 insightful - 2 fun5 insightful - 3 fun -  (0 children)

I think I remember that, for their BAT doxing scam

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]AmericanMuskrat 3 insightful - 5 fun3 insightful - 4 fun4 insightful - 5 fun -  (0 children)

I was going to make a joke about what my password used to be but I realized I hadn't changed it.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]AmericanMuskrat 4 insightful - 3 fun4 insightful - 2 fun5 insightful - 3 fun -  (0 children)

That's how the Brave browser works too.

r/REALTAWKYALLREALTAWK by joe_khaJiit in SaidIt

[–]AXXA[M] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

/u/joe_khaJiit this post is removed due to being off-topic for the sub. Try /s/MeanwhileOnReddit or /s/whatever instead.

r/REALTAWKYALLREALTAWK by joe_khaJiit in SaidIt

[–]joe_khaJiit[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]1000wombats 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (0 children)

For real. We can do better than youtube folks, we're already on Saidit so we're all already using alt-tech. When we upload videos or post stuff from video hosting sites let's try and make it be from alternative sites too.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (0 children)

Freaking Github man, what do they even know about coding, right? XD

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Popper 5 insightful - 2 fun5 insightful - 1 fun6 insightful - 2 fun -  (0 children)

yt is run by google and they censor

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]fschmidt 4 insightful - 3 fun4 insightful - 2 fun5 insightful - 3 fun -  (0 children)

What is gvid?

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]fschmidt 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (0 children)

These are valid issues. The javascript and MiTM attack issues are the least serious since they only risk exposing individual users. I don't see any solution for this with any system. A nonce just limits the time of exposure, nothing more. My sysadmin configured SSL and I assume he did it right. I have thought about the last issue you mentioned. I don't care for now while the sites are small and no one will bother. Later I would generate user passwords and store them in the user record and use that instead of a global salt, which solves this issue. If these things are addressed, I can still use persistent cookies. But I will worry about these issues in proportion to the size of the sites (number of users). In general, I don't have any site where security is really critical like a banking site would be. I don't keep credit card numbers or anything like that.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (0 children)

Odysee hosts the videos on a distributed ledger or something like that. You don't pay "just" to upload video, but also for the uncensorability of said video. That's nothing to spit on.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 4 insightful - 4 fun4 insightful - 3 fun5 insightful - 4 fun -  (0 children)

Schmidts email approach has an advantage in that everyone already uses email and can understand it. I believe he's making a larger pitch that some casual accounts just don't need to be very secure.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]x0x7 3 insightful - 4 fun3 insightful - 3 fun4 insightful - 4 fun -  (0 children)

If doing asymmetric cryptography there is a much easier way. On sign up you give them your public key (or even a hash of your public key if using a elliptic curve system like bitcoin). Then when you sign in they just give you a small bit of text to sign (like a captcha), and you enter in the signature in the sign-in form.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]x0x7 6 insightful - 5 fun6 insightful - 4 fun7 insightful - 5 fun -  (0 children)

Actually, they kind of are. Crypto-signs really ought to be what we use for everything. Even a weak crypto-sign is infinitely better than passwords. We tend to not use them because the applications that require them also require absolute security so in practice they require much more effort than a password. But with passwords already getting complicated enough that people are using managers anyway, using a manager that helps you with crypto-signs would be just as easy and 1000x more secure.

So yes. Passwords are stupid. No web developers have moved away from passwords because confronting someone with an unusual signin right when they are first using your site is a great way to chase off 90% of the people who visit a site. So I guess we'll all just live with a society where phishing works, and grandmas get hacked easily.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]x0x7 3 insightful - 4 fun3 insightful - 3 fun4 insightful - 4 fun -  (0 children)

I probably shouldn't comment about gvid too much but, it lets you pick a password of any length you want. A single character if you really wanted.

It's front page uses different methods. The one you select from most recently ends up at the top so if you prefer random videos that's what you get. If you prefer recent videos, that will be at the top. If you want popular videos, videos tailored to you, or some combination of them, you click on a section, that's the algorithm you will see next time. Each section is sorted by the last time you selected a video from that algorithm.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]L_X_A 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (0 children)

The problem with perennial cookies are multiple. From the top of my head, the main ones relate to either someone stealing the cookie on the client (e.g. through javascript if you don't set the HTTPOnly flag), or the user logging in from a machine someone else has access to (e.g. library), or the user trying to connect to your site from a public network (hotel, Starbucks, etc.) and falling victim to an MiTM attack (no, HTTPS would not help you in this scenario. Unless your are using mTLS you wouldn't know whether you are talking to the MiTM or the legitimate user).

Also, depending on how you configured SSL, there are ways to downgrade it client-side so the attacker could sniff the communication even if they're not directly relaying information to and from the legitimate user.
Examples: https://access.redhat.com/articles/1232123 and https://freakattack.com/

But I think the perennial cookies are the least of our problems here.

I'm assuming that:

a) site_password is a static secret in your server which is used of all users. That is, user_1 gets MD5(concat(email_1, site_password)); user_2 gets MD5(concat(email_2, site_password)) and so on.

b) The cookies themselves are not encrypted.

If that's the case, with this simple attack I could impersonate all of your users:

  1. Register for your site with my email 1337.h4x0r@veryedgy.com
  2. receive MD5(concat(1337.h4x0r@veryedgy.com, site_password)) = myEmailDigest
  3. Run a parallelized MD5 crack, varying variable_salt on concat(1337.h4x0r@veryedgy.com, variable_salt)until I get myEmailDigest (with MD5 there are optimized ways of doing this).
  4. Now I know which variable_salt value will produce an MD5 hash which will be interpreted as legitimate by your server. Even worse, I potentially stumbled upon site_password itself. All I need now is a few more fake accounts and MD5(concat(fakeEmail, site_password)) results to be 99% sure.

From this point on, I have deduced site_password and thus have access to all of your users' accounts because all of them are authenticated through site_password.

I mean, it's good enough for a school/uni project. Or a site where it doesn't matter if one user can impersonate another (e.g. those "scrum poker" sites that don't require an account). But I wouldn't put it on anything which has persistent user data. Especially if it is used by people living in a country where GDPR applies.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]x0x7 7 insightful - 6 fun7 insightful - 5 fun8 insightful - 6 fun -  (0 children)

Can't profit from it.

That is untrue. Look at Family Guy's use of Mickey Mouse under fair use. Do you think they profited zero from that episode just to include that one clip?

I am going to self plug though. If you want above 720p video and no-monetization, gvid.tv has you covered.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]fschmidt 5 insightful - 4 fun5 insightful - 3 fun6 insightful - 4 fun -  (0 children)

My server generates a crypto hash (MD5 for now) of concat(email,secret_salt) and sends that in the URL to the user's email. That link then sets 2 persistent cookies, the user's email and the hash. So the server doesn't need to store anything and can verify the cookies. On a HTTPS site there is no way for this to be broken, so I see no problem with making the cookies persistent. What problem do you see? The only possible leak is the email itself, but that problem applies to all password systems anyway.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]jet199 3 insightful - 6 fun3 insightful - 5 fun4 insightful - 6 fun -  (0 children)

What have you got against yt?

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]L_X_A 5 insightful - 4 fun5 insightful - 3 fun6 insightful - 4 fun -  (0 children)

On my sites one just enters one's email and gets a link with a hash that sets a persistent cookie. No need for annoying passwords.

That's a cool concept.

If I understood you correctly:

  1. The user first enters his email address on your site to login/register.
  2. Your server then generates a nonce (say, 128-bit, Base64 encoded) and associates it with that email address.
  3. The nonce is then sent to the user's email as the parameter of a hyperlinked URL (e.g. fschmidt.cool.site/authn/ZnNjaG1pZHQncyBzaXRl)
  4. Your server checks the nonce for a) an associated email, and b) the time elapsed since generating the nonce and the endpoint call (say, less than 10mins)
  5. If all checks pass, you produce a long(er) lived cookie to be used as a bearer token by the user agent (browser, app, etc.)

Which means that the user's email service is the de-facto (albeit indirect) authentication provider.

Cookies should not be valid indeterminately. You'd just be spreading that attack vector wide open. With that in mind, how would you deal with a user who has been inactive past the cookie's expiration date? Do you just send them a new URL containing a new nonce? How do you prevent an attack where nonces are requested repeatedly? Heuristically through API management or do you simply cap-and-throttle?

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]fschmidt 4 insightful - 4 fun4 insightful - 3 fun5 insightful - 4 fun -  (0 children)

I think rubberbiscuit meant that Odysee now generates a password.

With my email system, the cookie is persistent so you just need to do this once.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]raven9 5 insightful - 4 fun5 insightful - 3 fun6 insightful - 4 fun -  (0 children)

Yeah Odysee does that. Github started doing it too. It is very much a nuisance having to sign in to email to get that link every time.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]raven9 6 insightful - 4 fun6 insightful - 3 fun7 insightful - 4 fun -  (0 children)

It's not really very awesome. It just means you have to sign into your email instead to receive the link... Steve Gibson invented a good solution but I have yet to see anyone implement it.

When you sign up, your app would generate an encryption key pair and send the public key to the host site. They store that key. In future, whenever you log in, you just enter your username. The site responds by using your public key to encrypt some random text which it sends to your app. Your app uses your private key to decrypt it and sends the plain text back to the site, encrypted with your private key. The host site decrypts it with the public key. If it matches the random text they encrypted and sent, you are logged in. No need to remember any passwords.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]raven9 6 insightful - 4 fun6 insightful - 3 fun7 insightful - 4 fun -  (0 children)

I am suspicious of sites like Odysee and Rumble that monetize uploads. The fair use of copyrighted material rules are very much about non profit use. If you use any copyrighted video in your upload and you profit from it you can't claim fair use.

On top of that Odysee demands your phone number before you can receive their crypto currency which you need because you also get charged a fee for each upload.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]AXXA 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (0 children)

possibly

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]fschmidt 4 insightful - 4 fun4 insightful - 3 fun5 insightful - 4 fun -  (0 children)

Where on the Pyramid of Debate is this?

OK. (laugh track)

I don't think I went down from there.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 3 insightful - 5 fun3 insightful - 4 fun4 insightful - 5 fun -  (0 children)

If it took you that long... Come on dude.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 4 insightful - 5 fun4 insightful - 4 fun5 insightful - 5 fun -  (0 children)

Maybe fschmidt refers to the 12-word seed for the crypto wallet???

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 6 insightful - 4 fun6 insightful - 3 fun7 insightful - 4 fun -  (0 children)

Odysee doesn't suck, period. But if a password is enough to deter you dude, I don't know what to say... :-(

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Horrux 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (0 children)

I know right? Odysee all the way!!! You're missing Vimeo on your list, too... ;-)

Then there is Bastyon that also hosts videos.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Popper 2 insightful - 3 fun2 insightful - 2 fun3 insightful - 3 fun -  (0 children)

always thought that was foolish. My password needs to be something only I know and I puty in each time. My internet provider will be able to see my info but I don't need to add a password manager company to that

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Gravi 6 insightful - 5 fun6 insightful - 4 fun7 insightful - 5 fun -  (0 children)

Bitchute blocks some of the videos in my region, or channels to be exact and precise.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]AXXA[M] 5 insightful - 4 fun5 insightful - 3 fun6 insightful - 4 fun -  (0 children)

/u/fschmidt please think of the Pyramid of Debate when you comment, and if you are going up or down it. Please don't drag discussion down on the Pyramid of Debate.

/s/SaidIt/comments/j1/the_saiditnet_terms_and_content_policy/

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]rubberbiscuit[S] 5 insightful - 4 fun5 insightful - 3 fun6 insightful - 4 fun -  (0 children)

I am almost positive this is what Odysee does, at least as of a month ago when I signed up there.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]Chipit 6 insightful - 7 fun6 insightful - 6 fun7 insightful - 7 fun -  (0 children)

Shit, I have the same password on my luggage!

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]L_X_A 8 insightful - 4 fun8 insightful - 3 fun9 insightful - 4 fun -  (0 children)

Odysee sucks because they require a password so complex to sign up that I couldn't produce one.

Weird, because I have a natural-language-based mnemonic password for Odysee. If you don't use "Pa$$word123" or "hun7er5" you should be fine.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]L_X_A 8 insightful - 8 fun8 insightful - 7 fun9 insightful - 8 fun -  (0 children)

* proceeds to post a link from imgur * /jk

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]d3rr 6 insightful - 5 fun6 insightful - 4 fun7 insightful - 5 fun -  (0 children)

Actually the whole idea of passwords is retarded. On my sites one just enters one's email and gets a link with a hash that sets a persistent cookie. No need for annoying passwords.

😮 sounds pretty awesome

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]fschmidt 4 insightful - 5 fun4 insightful - 4 fun5 insightful - 5 fun -  (0 children)

What a moron. Now I understand your previous comment.

Has no one here heard of bitchute, odysee, rumble, brighteon? Come on man! by rubberbiscuit in SaidIt

[–]MarkJefferson 12 insightful - 4 fun12 insightful - 3 fun13 insightful - 4 fun -  (0 children)

Odysee is a slick, modern looking video-hosting site, and I'll try to use it more often. But Bitchute video quality just blows and has for the longest time. It especially hurts when you upload gaming videos, which more require high resolution and sharpness in comparison to talking-head videos, where video quality isn't as important. Not to mention the site looks like it's from a decade ago. At least they have fixed their terrible search function. Used to be I couldn't even find videos even when searching the exact name of the video. I haven't used Rumble or Brighteon yet to say anything about them.

edit: Another good thing about Odysee is you can make multiple channels per account without a subscription. Channels are not just for the purpose of video uploading, but is used for commenting under a different alias as well. So you don't have to make another account with another email to shitpost or whatever.