- This is nothing to do with ActivityPub. It's to do with Mastodon's custom implementation of "private" posts.
- Making it extremely clear to everyone that random server software can expose Mastodon's "private" posts is absolutely the right way to handle disclosure here. Dan didn't even try to do that, he just fixed the bug, but if he had made a big post saying "hey this is not my fault Mastodon private posts are not private, here's full explanation about what's going on" I think that would have been completely fine. This is not a "vulnerability" in the traditional sense like a buffer overflow, it's just a design flaw in Mastodon which other softwares are by convention agreeing to cater to. I think the culture of security (and the level of clue in general) in the Fediverse has wandered into territory where "let's all pretend that these posts are secure and get mad at anyone who reveals that they are not" is widely accepted now, but that doesn't make it right.
Yeah, there's also this:
A more recent issue came about when Pixelfed’s creator, Daniel Supernault made the details of a vulnerability public before server operators had a chance to update, which would have left the fediverse vulnerable to bad actors, she says. (Supernault has already apologized publicly for his handling of the issue that had affected private accounts.)
In the case of the Pixelfed issue, for instance, the Hachyderm Mastodon server, which has over 9,500 members, decided it needed to defederate (or disconnect from) other Pixelfed servers that hadn’t been updated in order to protect their users.
It is weird to spend almost half the words in this, pretending that something in Pixelfed that wasn't a problem on Pixelfed's side was. This is the weirdest "vulnerability" in the world to pick if you want to pick one to hold up extensively as an example.
Also Lemmy: Here's a bunch of death threats and pictures of a pig taking a shit because you said democracy was a good idea
Yeah. That's one thing I think Piefed is really doing right. They're trying to make it so that normal people will have a fairly pleasant normal-person experience.
I think Lemmy's core developers including explicit acceptance for toxic online behavior, and some of the original core instances openly celebrating and modeling it, really may ruin the platform for the long term. And yes, you and dubvee are completely right as far as the lack of action in any respect by a lot of people who run the instances to do all that much of substance about the people who seem to want to ruin the experience on those instances.
“It’s inappropriate.”
"To pray?”
“There’s an appropriate time.”
“It is the appropriate time.”
“No, you have to listen to your authorities, which is your pastor.”
Jesus Christ.
What do communists hate more than anything? A decentralized system where the people consuming the product are the ones creating the product, and it’s all governed transparently by the people involved getting together and having councils about what’s going to happen.
What do communists love? Putin and the way he operates the Russian government, internally and geopolitically.
It’s just basic common sense, basically. Oh also they love calling people “bootlickers” if they don’t agree with any of the above. It’s all completely sensible.
That's why I say it is bullying.
He does post trainwreck statuses sometimes, or miss self-imposed deadlines, or something. That's very very different from "incompetent for implementing badly something easy or toxic for federating ignoring what the federation requires" but it gives people a grain of truth to fall back on when the total bullshit they're accusing him of gets called out.
Some for JordanLund, same for FlyingSquid. People are imperfect. It's okay. If your habit is to use people's imperfections as a reason to make wild accusations at them that have no basis in reality and double down on the legitimate criticisms and pick at them, and generally just be shitty to them, then there is a perfect word for that activity.
Hm... she uses some of the right words, but it's not accurate to how a pilot would speak. There's way too many words.
"Island approach, IG99 checking in VFR on top, over" would be "Island approach IG99 inbound"
"Island tower" would still be "Island approach," and "Island tower, this is IG99 requesting vectors to the initial, over" would be "Island approach, IG99 inbound, you there?" or something.
half of Wikipedia is garbage western liberal based narratives
Not what we were talking about, but okay. Are you sure you are not the one who's suffering from narratives?
The hacking scene in the Matrix sequel is actually pretty accurate.
“My Cousin Vinny” is almost entirely realistic as far as the courtroom scenes.
A mobster reported that Joe Pesci generally plays a very accurate gangster when he plays a gangster in movies. Most of the time, he’s this weirdly dark violent loose cannon outlier, because they can’t just make every character a psychopath and have people enjoy watching the movie, but he’s the one that is playing the role accurately.
When “King of the Hill” showed Bobby doing stage magic, it was all real magic tricks with his hands and props positioned so that he’d be able to really do the things he was showing.
The corpsman scene in “Captain Phillips” was very legit.
Everything else is a bunch of crap.
There’s also this stuff: https://youtube.com/@Insider
But there is a not insignificant portion of folks on here that are here because they were banned or warned on mainstream platforms because they couldn’t regulate themselves and still aren’t regulating themselves.
What?
Plenty of people on mainstream platforms are obnoxious. Twitter and Reddit in particular are hives of villainy that make anything available on Fedi platforms look childish. Why do you think people are here because they were ejected from mainstream platforms?
Dansup doesn’t exactly follow best practices in his development which I think causes a lot of strife
What?
Can you elaborate?
“Doesn’t scale because the containers are set up wrong” is different from “unmaintainable code” though. What of the code was bad? I’ve looked at a bunch of fedi projects and Pixelfed didn’t strike me as either particularly good or particularly bad.
As for the last, I don’t have any examples
?
I mean, that is sort of what I expected. Mastodon doesn’t publicize Wordpress. Lemmy doesn’t publicize mbin. They all, mostly, mention a little bit of the context that they can interoperate with other federated services, but it doesn’t strike me as weird or malicious that someone would write a project and then promote that project. That sounds normal.
Actually, both Mastodon and Lemmy chose to implement sort of their own versions of ActivityPub, and that actually does strike me as selfish behavior. It means that mostly they are their own independent platforms that run “on top of” ActivityPub instead of enabling full interoperation with the other stuff. Doing it that way was hard to avoid, because the design of ActivityPub to me isn’t great, but this situation is actually a perfect example of that: Mastodon implemented a new feature in a way that would break (in a really jarring privacy-violating-to-some-extent way) until everyone else copied their implementation exactly. I’m not aware of Pixelfed doing anything like that. Mastodon and Lemmy can both get away with presenting themselves as “the fediverse” and forcing everyone else into copying one implementation or the other if they want things to actually work, and they both show very little interest in making it easy. If you want to pick out sins of various fedi projects to start to point out that are disrespecting the other projects in the space, something like that is where I would start.