[email protected], that one. Yep.

There is a convention of putting a FEDERATION.md file in the root of your project (there is a FEP about it but I can’t remember what it is, heh) which lists the FEPs your project implements.

e.g. https://codeberg.org/rimu/pyfedi/src/branch/main/FEDERATION.md

There is no standardised API endpoint for discovering this info so basically you just need to lurk in all the dev spaces you can and watch what they’re talking about, stalk each other’s codeberg/github issue queues and PRs and just cope with the jank.

Yes theoretically you could have any type in there but votes are the biggest inefficiency in the system so I’ve only implemented it for them.

There are some nodebb forums that federate with us, which are intended for AP dev discussions - [email protected] for example. Not very active. Also some Matrix channels, again not exactly humming. Everyone is pretty focused on their own projects, really.

There is a discussion but it’s an email chain between myself, Lemmy, Mbin, NodeBB so not really out in the open.

I’m thinking of using the normal OrderedCollection structure that AP has - https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection. An object of type ‘OrderedCollection’ with an array of ‘items’.

You’re right, to be more similar to the ActivityPub style of doing things the object should be a “type” of “Collection”, not just suddenly be an array instead of an object. I will migrate PieFed over to that instead.

That sounds pretty fun, I like your extremist take on things.

If you want to federate votes in an efficient way, consider doing them in batches, like this - https://codeberg.org/rimu/pyfedi/src/branch/main/docs/fep-4248.md. Sending batches means building up a queue, etc which is a pain in the ass so you might want to just receive batches and send individually.

You can do nested comments more efficiently by doing a single query for all the comments on a post and then constructing the comment tree in Go, rather than using multiple SQL queries. It’s a bit tricky to code but you can copy PieFed’s code - https://codeberg.org/rimu/pyfedi/src/commit/68d6799be5c321f9abf84d136cafef6de6e3aafb/app/post/util.py#L141

The thing about doing age verification at the OS level is the user could just install a crack that rewrites the necessary code. It’ll take some heavy DRM type stuff to block that. Possibly hardware support, like a specialised TPM.

No way can that be standardised and then rolled out quickly. If they rush it then it’ll be some proprietary power grab.

The alternative is each website and app does it separately which will be spotty and provide endless security breaches.

It’ll be a shitshow either way.

18% is nowhere near high enough to be throwing around accusations like that. Seems like the teachers don’t know how to interpret the results.

I recommend you set the Content-Security-Policy http header so that inline javascript (commonly used for XSS attacks) cannot be executed.

https://web.dev/articles/strict-csp

CSP being off is not exactly a security hole but it makes security holes much more likely. By using a strict CSP configuration you close off the possibility of a whole class of holes.

Also think about setting the Access-Control-Allow-Origin header and enable CORS on your REST endpoints.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Origin

Again, kind of a pain in the ass but gets rid of a bunch of potential problems before they start.

F-Droid has Drip, Bluemoon and Periodical.

Yeah there are other signs too. Look at those commit messages, all vague, all perfectly capitalized. All with a nice long description with bullet points.

No one does that in a project they’re building for themselves.

I was going to recommend this to someone I know but when I realised your readme.md is entirely AI-generated, I guess the whole project is probably vibe-coded. I can’t in good conscience recommend someone trust their health data to a vide-coded app because they tend to have security problems.

Also all ai-generated code is public domain so your AGPL license is kinda empty. Might as well use MIT.

Lemmy.world has removed their defed too 👍

Good news. The old fosstodon admins resigned and they have a new team and a good code of conduct.

I have added new functionality to PieFed so it’s now possible to override an automatically imported defederation and now piefed.social federates with fosstodon.org.

PieFed.social has not intentionally defederated from fosstodon - piefed.social automatically defederates from any instance that lemmy.world or mastodon.social defederates from. That way I don’t need to keep up with the latest fedi drama and just trust those admin teams to.

In this case, it’s lemmy.world.

I’ll ask around and see what the latest on fosstodon is and see if lemmy.world wants to federate with them again.

@[email protected] @[email protected]

That bug has been fixed.

If it looks like something that could happen again, rather than a one-off fluke, USA would have to change their whole naval doctrine. The strategic arms balance of all countries would need to be reassessed.

PieFed is fairly straightforward if you already know sysadmin basics or have Yunohost. - https://codeberg.org/rimu/pyfedi/src/branch/main/INSTALL-docker.md

But for blogging only, you’ll find Ghost or Wordpress with the ActivityPub plugin federate with Mastodon better, which is a bigger audience.

No, it’s legit. Elena has been tooting and peertubing about the fedi and her self hosting journey for over a year.

Ohhh, I get it now. Thanks for spelling it out.

Sorry for hurting your feelings. I didn’t mean to imply your bs detector is broken but I can see how it would come across that way.