meta hasnt declared or made any intention of overtaking the fediverse, but that hasnt stopped a metric fuckton of people freakin the fuck out or generating fud blog post after fud blog post
its like claiming meta is going to overtake and own email because they stood up an email server.
Fa ebook is literally arguing to the US federal government that regulations about social media usage by children, and the data they sell from it, aren't their problem but are the responsibility of Google and Apple.
As I said, I agree with the literal facts. The implications in your phrasing I disagree with.
Instead of unfounded, I would call it unproven.
Instead of scaremongering I would say warning.
And generally I avoid using absolute terms like "all", since only it takes one counter example, to make such a statement factually wrong.
do you any actual information regarding meta controlling the AP protocol with their single instance and no seat at the protocol table, or is this all just a huge premature, knee-jerk reaction to a big scary corporation?
It is about power. If they have more than 50% of the users, then all other instances should comply with their changes and obey them. If they don’t, then they’ll be blocked by more than half of the users. No instance owner will take this risk.
I’m trying to explain you that you don’t really need to own something to own it. If you have enough power, you have it already.
This is a distinction with little difference, which is convenient for them, because they can say well ackchyually we’re not stopping you from self-hosting nerd when in practical terms they are.
It's not just convenient for them to do it; it's how they are able to evade anti-trust action (not that the U.S. is great at it anyway but still). I also run my own mail server. It's not impossible, and I wouldn't even say it's even hard. It's just time consuming to set up (if it's the first time), and there are a lot of hurdles to make it so impractical that it's virtually impossible to the average person. Only the most patient or those who have a real desire to run their own mail server will even attempt it. Anyone can set up their own mail server, but most won't because it's not worth it compared to using something that just works from Google.
Sort of, although Pom is at least a century older as Seppo was coined during world war 2. It comes from the rhyming slang Yank to Septic Tank to Seppo.
It came from the swagger of the US service men in Aus during the war and the implication that many of them are full of shit.
It’s a bit harsher than “Pom” and is rarely used in a positive way, unlike Pom which can be an insult or a term of endearment. I don’t think I’ve ever heard Seppo used in a positive way, now that I think of it.
Prismic is still early in development and not yet in a usable state. Most of the features described below are planned but not yet or only partially implemented.
So, not super sure what this is or how this works. Is the idea that you run the cgi, it sets up static files, and it responds to AP requests like follows, mentions, boosts and such? I realise lots of people don't like long docs but I didn't really understand the use case very well.
I think you're right. In CGI, web server spawns a process for each incoming request to the CGI app, so the author provide static files for visitors to reduce the overhead.
Edit: here is the repository: https://codeberg.org/seppo/seppo and written in OCaml, so the single file CGI app is a compiled binary.
I'm setting it up now, was close to give up when it continuously refused to work after setting up an account. Turns out the passwords randomly generated by Firefox is a bit too hardcore for it, I changed to something with fewer special characters and now all is good. :)
Edit: It worked for setting up the interface and my profile, but I still cannot sign in from within it. Seems like a promising project though.
Edit edit: Moved it from a subdomain to a normal folder, now I can sign in, but it still acts a little broken, and doesn't federate. Oh well, I'll see if I'll tinker more later.
Really exciting to see someone working on this. Though my immediate reaction is - not skepticism. Concern maybe? Similar projects in the past have hit walls in scope creep, lack of funding, and ocassionally lack of direction or differentiation. A truly well rounded social VR platform is far more complex than meets the eye. Even neosvr/resonite has run into large slowdowns and difficulties in stealing public adoption away from the totally centralized and closed behemoth that is vrchat. More recently I was sad to see Thirdroom (based on matrix) abandon development. Still, all the best to the project and I will definitely follow it closely.
Yeah. Though I'm more partial to the offshoot project https://overte.org/ Unfortunately though I think it's another example of how far these sorts of projects are from feature parity with more established closed platforms.
I think single account ActivityPub implementations are addressing a weakness of the Fediverse: one's identity (handle, username) is tied to an instance they have no control over. If that instance shuts down users lose everything. With a single account instance, you take that control back. And since it doesn't need to scale the architecture can be much simpler and can be deployed to much cheaper infrastructure.
The demo was not straightforward, though. And I didn't quite get how a user can follow Mastodon users, for example.
oh wow! congrats on prestiging the incremental gaming community!
i'm a big fan of Free/Libre/Open Source games and that includes a lot of incremental games (Trimps, Structure, AD, Fundamental, etc).
i don't have any accounts on corporate social media (like Reddit/Discord) so a more open incremental game community is a welcome change.
hopefully developers will add a "join Matrix room" button instead of asking you to sign up for Discord.
i started making a little incremental TIC-80 game a while back and maybe i'll actually finish it now that there's a community i can share it with.
This advisory will be edited with more details on 2024/02/15, when admins have been given some time to update, as we think any amount of detail would make it very easy to come up with an exploit.
But the commit to fix insufficient origin validation is already visible right there in the repo?
The lack of details in the advisory is only a minor impediment for a malicious person who wants to figure out how to implement their own exploit for this vulnerability. Anyone can read the patch that fixes it and figure it out.
TLDR: if you run your own instance, update it ASAP. If an instance you rely on hasn't updated yet, consider asking its admins to do so. And if they don't update it soon, you might want to reconsider your choice of instance.
And if they don't update it soon, you might want to reconsider your choice of instance.
The advisory went up about 4h ago. About 3h ago, my instance admin sent out an announcement that the patch had been applied. That was before I even heard about the issue.
This isn't possible with Ruby and Mastodon. The only way to distribute the patch is to reveal the changes to the source. FWIW, compiling the fix is still just an obfuscation method, one can still just diff the binaries and see what changed (see: reverse-engineering Windows vulnerabilities in updates).
At best, you can release it with a bunch of unrelated and obfuscating changes, but putting work into doing that is further delaying simply getting the fix released.
Fediverse
Active