devnull

devnull, 3 months ago (edited 3 months ago) to random

On multiple occasions I've listened to instance admins speak about high S3 costs. The sheer amount of data absolutely balloons the more activity your server sees, I get it.

What I don't get is whether there's some unknown fedi ethical reason everybody insists on setting up an S3 cache (followed immediately by complaining about it).

Y'all want to know what the rest of the web does? Hosts their own uploaded media, and links out to the rest...

#fediadmin #s3 #devops #sysadmin

devnull, 1 year ago (edited 1 year ago) to fediverse

As it turns out, a lot of #ActivityPub verbs and objects correspond quite nicely with #nodebb verbs and objects (e.g. a like would be an upvote, etc.)

However I'm not exactly sure how the "announce" verb would translate. In #Mastodon, "announce" is a "boost". The closest forum-land equivalent would be the "bump", whereby a topic is brought back to the top of the list (usually through a reply).

Only downside, bumps are reserved for admins. Non-admins "bump" a topic by replying to it.

🤔 🧵 (1/3)

devnull, 1 year ago (edited 1 year ago) to random

@trwnh you said earlier today — "having a topic is a useful feature or abstraction, and i'd like to see literally any support or thought given to it"

💯 will do. A post created in @nodebb will have a topic associated with it in its metadata as you've suggested. That just makes complete sense. It would continue to exist in the (sub-)category hierarchy already present in #nodebb

#nodebbActivityPub

devnull, 6 months ago to fediverse

Would I be a bad #ActivityPub implementor if I don't maintain a "feed"?

If a post is created, NodeBB would send the Create activity to all of the author's followers, and that post would be displayed on that app, usually in the form of a feed.

On the other hand, if other apps send Creates to me, I can save them, but there's no place to display them organically within the existing forum structure 🤔 — since they're not part of an existing topic/category/etc...

#nodebbActivityPub

devnull, 2 months ago to random

When @BeAware asks for help scaling out Mastodon because his SINGLE USER INSTANCE is falling over, and he reveals that he's paying for an 8 vCPU server with 16GB of memory, and all the comments are talking about tweaking postgres.

What the flying fuck.

devnull, 5 months ago to fediverse

Does there exist a brief write-up of how content is federated out? Do different #ActivityPub implementors federate content differently? (@stesnac suggests so!)

Here's my head-canon at present... when a note is created, the note is sent to all followers. If users are mentioned, the note is also sent to those users' inboxes.

If a note is addressed to the public collection, do it just get blasted to all known instances' inboxes?

https://snac.bsd.cafe/stesnac/p/1704724939.498114

#fedidev

devnull, 2 months ago (edited 2 months ago) to fediverse

Can an instance operator running a derivative of Misskey (Sharkey, firefish, or maybe even Misskey itself) get in touch with me? I can't seem to federate with that entire pie of the fediverse... 401 Unauthorized 😬

Alternateively, if you've run into this type of issue before, any tips? Heh.

✅ Resolved! — https://crag.social/@devnull/112135536070616187

#fediadmin #activitypub

devnull, 11 months ago to twitter

If I were to try to convince my local municipality to move off of #Twitter and onto #Mastodon, what instance should I recommend?

mstdn.ca seems like a good generic choice (administered by @chad @jace, and more?)

Anything else?

#TwitterMigration

devnull, 4 months ago to fediverse

Finally figured out why #nodebb posts weren't queryable via Mastodon, turns out it does Content-Type checking, and I was inadvertently breaking #ActivityPub spec by sending in application/json when I should've been sending in "application/activity+json" or 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'

Latter doesn't play nicely with express, so using the former and all's well!

Full credit to @bouncepaw who gave me key to figuring it out! 🏅

Re: https://crag.social/@devnull/111858296718131764

#fedidev

devnull, 11 months ago to mastodon

One #mastodon thing I can't shake — you navigate to someone's profile and it's empty, so you have to view it on the original instance... or you view a toot but there's no context, so you have to view it on the original instance... or you view a toot and you have no idea how many replies there are, so you...

Anyone? Anyone? Bueller?

View it on the original instance.

This seems like a solvable problem; actors have queryable outboxes, so the question is why...

devnull, 3 months ago to fediverse

Please correct me if I'm mistaken, but it seems trivial for a malicious service to send signed (against itself) activities to other inboxes to spoof content from other domains.

UNLESS the public key host matches the object identifier host, right? That'd be a sensible and low-effort way to ensure obj. integrity.

But that would preclude the use of a third-party http signature service, although I suppose that is only a potential implementation; nothing I've witnessed in the wild.

#ActivityPub

devnull, 4 months ago to fediverse

@J12t #ActivityPub test case:

Claim: An instance should reject an unsigned POST request to a user inbox

Expected: The Activity should not be appended to the user inbox.

Observed: The application promptly crashed because it did not anticipate the possibility of someone sending in an unsigned POST to the inbox... but also the activity was not added to the inbox.

Result: ✅

😆

/cc @helge

devnull, 11 months ago to threads

Yesterday: "#threads will be an unmitigated disaster for the #fediverse, defederation is paramount"

Today: "hi guys please like and subscribe to my threads account here 👉 .."

devnull, 4 months ago to fediverse

Something @crepels glosses over in Part 1 of his #ActivityPub fundamentals post is how a remote server knows how to dereference a follower collection and route activities to its users:

"The cc field contains https://activitypub.academy/users/alice/followers... Note that the techhub.social instance knows which of its users follow @alice, so it can deliver the message accordingly."

I suppose you cannot just assume everything passed in is either the public address or an actor uri...

https://seb.jambor.dev/posts/understanding-activitypub/

devnull, 5 months ago to fediverse

I'm guessing the "conversation" value in an #ActivityPub Note object is #Mastodon specific, and other implementors have adopted it as a pseudo-standard?

devnull, 3 months ago (edited 3 months ago) to random

It seems this happens occasionally on #fedi where malicious users decide to take advantage of instances with poor moderation to spam widely.

There are many solutions, but let me offer a simple change that stops spam dead in its tracks:

#nodebb has a post queue built in. If you have 0 reputation, you need your post to be manually approved. You can adjust this as needed, but even the default (allow regular posting after 1 upvote) is sufficient. Stops 👏spam 👏 cold 👏.

#fediblockmeta #mastoadmin

devnull, 2 months ago (edited 2 months ago) to fediverse

Federated NextDoor? @evan

ducks

#ActivityPub

Could be a neat use case for location based notes outside of the hashtag purview.

devnull, 1 year ago to random

I low-key hate that of the three #banking apps I use, every single one of them implement #2FA via in-app push notification. The fallback is SMS.

All three are janky and do not elicit trust. SMS 2FA has vulnerabilities.

Give me a #TOTP token and let me handle it myself.

Gah, I changed my mind, I high-key hate it.

devnull, 1 year ago to fediverse

I think I got it... the #ActivityPub spec mentions Actors, but doesn't specify how they're defined or served (as intended).

I was wondering how other apps figured out how to find that actor URI. It just seemed like apps can make their own URLs and other apps just know? Hah.

WebFinger. That's how they're discovered. It seems to be a common standard adopted by ActivityPub implementors to have a .well-known/webfinger endpoint.

Everything else stems from there.

#fedidev #fediverse

devnull, 9 months ago to Climbing

I recently got the opportunity to take a #Mammut Smart out #climbing at Rattlesnake Point, and jotted down some thoughts.

tl;dr — I consider its grabbiness is a feature; its design purposefully counters at least two failure modes with the GriGri; carabiner choice matters.

Love it. Exceeded all expectations and then some. Serious contender to #grigri

https://devnull.land/test-driving-mammut-smart-2

#belaydevices #leadclimbing #sportclimbing

devnull, 4 months ago to mastodon

On content deliverability and #Mastodon —

I think awhile back @thisismissem lamented the fact that you couldn't be notified of a reply chain unless a) you directly contributed to it (or were mentioned), and b) the replies kept mentioning you.

... and so we're in this weird situation where everybody on Mastodon just mention-spams so people don't get left out, which is... janky, let's not mince words.

🧵

devnull, 6 months ago to fediverse

I'm looking forward to talking more about #NodeBB and #ActivityPub integration on here again, been distracted lately with other technical debt items — and of course — work to put food on the table 😄

Not going to lie, one of the support services is "mentoring on community building". You'd think the co-founder of a COMMUNITY BULLETIN BOARD SOFTWARE would be aces at building community, but truthfully, I really suck at it.

The fact that "build it and they will come" worked at all is miraculous.

devnull, 3 months ago to random

Lots of excellent responses to my late-night diatribe re: S3 et al. One common rationale stated is the unintentional leakage of IP addresses.

Valid, but this is a solved problem without needing to maintain S3.

There is tor (as @hrefna opined), but this places responsibility to end user which is not ideal.

Implementors can set up a camo proxy. Super simple, super cost effective.

Original assertion is still that S3 is overkill.

https://github.com/atmos/camo

@django @FenTiger @essentialrandom @dt

devnull, 10 months ago to random

Wife's phone in for screen replacement, so I lent her mine. In the meantime, back to my trusty old #Nokia 6.1

This phone was released in 2018 (!!) and is still supported by the amazing maintainers working with @LineageOS

In fact, I have the option to sideload #LineageOS 20, which is Android 13 🤯

Admittedly the phone runs a tad slow.

devnull, 11 months ago to startrek

@startrek Did anyone else read Jammer's Reviews as a kid? Did you know this guy's still pumping out reviews?

I wonder if the producers ever took his feedback seriously, or if he's even on their radar.

https://www.jammersreviews.com/st-snw/s2/tomorrow.php