Full stack web developer currently working mostly with #PHP / #Laravel, Vanilla #Javascript and #SCSS. Love learning more about (almost) anything, but particularly #MySQL and #InfoSec. Currently learning Arabic. Husband, father of two boys, Christian.
This is VERY bad news for users of small instances like myself.
I do understand the reasoning behind it, and I'm not sure there is a good alternative. But it sure feels a bit like a deja vu from the self hosted email days ...
Just throwing this out there: For my free lancing I often need to share passwords or other secrets with clients. (Or they with me.)
I usually suggest Signal for that, but obviously most people don't have that.
Is there a a good (and not too pricey - I only do very few free lance projects, so only need it once every few months) password sharing option for this?
I tried 1Password shared vaults, but even that is just too complex for many of my clients.
Open to self hosted ideas, as I have a server I could install this on.
Ideally a very simple thing where both my clients can securely input passwords to share with me without having to create an account (secret link and OTP, or something like that) and I can share links with clients.
The reason I'm suggesting this, is because if you are a small/medium instance with open registrations, and spammers find and abuse your instance, I imagine that other instances will limit/suspend your instance without hesitation, given how willing some were to limit/suspend the much larger mastodon.social.
But do note this comment on the PR:
“To give some context to people seeing this: this is an emergency feature backport from Glitch SOC to help mitigating an ongoing spam wave, this feature may not make it in a next release, or with significative changes.”
Edited to add: multiple people have rightly commented on the accessibility concerns with hCaptcha: hCaptcha is really really really bad for blind and visually impaired people.
Please have a look at this excellent reply for more details:
“The fediverse is a privacy nightmare” - A lot of good thoughts by @Bloonface
Whilst the headline may be inflammatory, the thrust of the article stands: That as soon as you publish anything on the fediverse it'll get copied to 10’s of 1,000's of servers, and is then completely and irrevocably out of your control.
Some may argue that's a feature rather than a bug (and I'd be tempted to agree to a large extent), but I wonder what proportion of the fediverse is aware - let alone understand the implications - of it.
I'm super happy to announce the release of #FediFetcher v6.0.0.
The headline feature is that FediFetcher now supports pulling in context and missing posts from #Lemmy servers! Thank you so much, @teq for your hard work.
Over the last few days I'm getting a lot of errors in my Mastodon UI.
In my web server logs I get this error a lot:
ActiveRecord::ConnectionTimeoutError (could not obtain a connection from the pool within 5.000 seconds (waited 5.000 seconds); all pooled connections were in use)
I just checked, and it appears that only about 1% of all 300k Mastodon users that my instance knows about currently have opted into full text search 😢
Really hoping that number will increase!
Also, does anyone know how Mastodon indexes users from non-Mastodon fediverse servers? These presumably don't have the indexable flag set. I hope Mastodon still indexes those, given that pretty much all other Fediverse software indexes all users?!
(edit: been asked a few times how i got those numbers: Two simple SQL queries: select count(*) from accounts; followed by select count(*) from accounts where indexable = true;)
For #FediFetcher I'd like to use the ActivityPub API, rather than the Mastodon API to pull replies.
For example: At the moment I'm using the api/v1/timelines/home endpoint to get all statuses in my timeline. I then attempt to get replies from the remote servers.
But the uri that mastodon returns in that response is to the Mastodon API endpoint. This is annoying, because obviously Mastodon != Fediverse, and I'd love to just go to ActivityPub, rather than implement each software separately.
Is it possible to somehow get ActivityPub endpoints for those statuses?
Wondering if Mastodon GmbH filed a trademark complaint?
Also highlights one problem with Mastodon: you cannot change the domain name of an instance. If the problem (whatever it is) isn't resolved, the instance is gone forever.
I've noticed a lot of chatter about setting up Elasticsearch for Mastodon 4.2's new full text search over the last few days, including what hardware is required, how difficult is it, etc.
So I thought I’d write down my experience, including the hardware I'm running Elasticsearch on for my single user instance:
FediFetcher is a simple Python script that can help you pull missing responses from other #Fediverse instances into your own #Mastodon instance. It can also backfill profiles of new followers and followings.
It can be run as cron job, container, or even a GitHub action, meaning you don't need any infrastructure at all.
The more I’m trying to learn Arabic the more I’m becoming convinced that whoever came up with that script, did so with the express intention to mock learners.
How else can you explain that ج ح and خ all make very different sounds, whilst the sounds for ث and ط are essentially indistinguishable 🙄
Hm. So, if you where to have a #sql query that has 23 subqueries, and a total character count of 15,000 characters (excluding indentation) - you've gone mad, right?
ThreadResolverWorker ArgumentError: wrong number of arguments (given 3, expected 2)
My hunch is that this is a Mastodon, rather than FediFetcher issue, but before I close it, I wanted to ask users of FediFetcher if you've seen this yourself?
“The most important moral of this story is that FIDO2-compliant forms of MFA are the gold standard for account security. For those sticking with TOTPs, Google Authenticator is intended to provide a happy medium between usability and security. This balance may make the app useful for individuals who want some form of MFA but also don’t want to run the risk of being locked out of accounts in the event they lose a device. For enterprises like Retool, where security is paramount and admins can manage accounts, it’s woefully inadequate.”