@ozoned@social.ozoned.net Thanks for sharing! That was very useful to watch even if painful at times (mostly because I wanted to jump in with pointers but it was prerecorded :D). I took many notes of things to improve with the documentation and tooling.

Overall, the docs and tooling for deploying directly with docker (compared to those using @coopcloud@social.coop which is the recommended and simpler approach) are out of date and too complex mostly because they've been adapted from the dev ones, and we're thinking about how to offer an alternative method with only a compose file and a .env (though I'd welcome advice about how to do so in a simple way, as the just commands are mostly there to reduce the guide to a handful of steps/commands instead of having to copy paste a lot more, and they also set some variables used in the compose file to make it more flexible, but maybe that's not worth it, or there are some other ways to simplify?)

Here's some hints on the main blockers you encountered:

• you first entered MIX_ENV=ember when you wanted FLAVOUR=ember
• if you enter ctrl+c in iex it pauses the app so it wouldn't respond unless you unpause it (by pressing c for continue)
• we recently closed port 4000 which now not open outside of docker's internal network by default (for security since you usually want people to connect through the web proxy in prod) and need to update the docs
• we need to better document that it's also running a web proxy by default on ports 80/443, and point to where the caddy config is
• at one point you were looking at docker-compose.yml instead of the release one docker-compose.release.yml
• during of the following attempts where you tried to run dev you were still following the prod guide instead of the dev guide which uses different just commands and env vars

I'm not sure why you weren't able to connect on port 80 during the first attempt though, as the elixir app logs didn't show anything, and caddy's error log was pretty cryptic, I'd be curious what you'd see on port 4000 if you opened it in docker-compose.release.yml

@bonfire@indieweb.social

@ozoned@social.ozoned.net Thanks for sharing! That was very useful to watch even if painful at times (mostly because I wanted to jump in with pointers but it was prerecorded :D). I took many notes of things to improve with the documentation and tooling.

Overall, the docs and tooling for deploying directly with docker (compared to those using @coopcloud@social.coop which is the recommended and simpler approach) are out of date and too complex mostly because they've been adapted from the dev ones, and we're thinking about how to offer an alternative method with only a compose file and a .env (though I'd welcome advice about how to do so in a simple way, as the just commands are mostly there to reduce the guide to a handful of steps/commands instead of having to copy paste a lot more, and they also set some variables used in the compose file to make it more flexible, but maybe that's not worth it, or there are some other ways to simplify?)

Here's some hints on the main blockers you encountered:

• you first entered MIX_ENV=ember when you wanted FLAVOUR=ember
• if you enter ctrl+c in iex it pauses the app so it wouldn't respond unless you unpause it (by pressing c for continue)
• we recently closed port 4000 which now not open outside of docker's internal network by default (for security since you usually want people to connect through the web proxy in prod) and need to update the docs
• we need to better document that it's also running a web proxy by default on ports 80/443, and point to where the caddy config is
• at one point you were looking at docker-compose.yml instead of the release one docker-compose.release.yml
• during of the following attempts where you tried to run dev you were still following the prod guide instead of the dev guide which uses different just commands and env vars

I'm not sure why you weren't able to connect on port 80 during the first attempt though, as the elixir app logs didn't show anything, and caddy's error log was pretty cryptic, I'd be curious what you'd see on port 4000 if you opened it in docker-compose.release.yml

@bonfire@indieweb.social

Attempted to set up @bonfire a couple of times and didn't have success. But hopefully someone can find this valuable and/or tell me what I did wrong to help me learn as well.

https://video.firesidefedi.live/w/sXNGDdqurg59cE3syZ3svU

#peertube #vod #tech #bonfire #fedi #fediverse #it #install

Like, looking at what my hypothetical person 2 thought they were doing -- there is no need for them to assume that is a clean or perfect block, or that there is no way for it to get exposed. Most people who have used blocks in any sort of social platform know that with alt-accounts or friends, or just normal social dynamics, the person they block can find out. That capacity even with that limitation is nevertheless /enough/ for them to want it.

In this case, that still-CAN-be-revealed requires either active testing of each possible block, or very engaged social surveillance.
Which is often discussed, and which people seem to discuss and understand Bluesky's block issue as being qualitatively different than.

I have thoughts re:
"""
From your perspective, those replies disappear, and new ones won’t appear at all. Your instance silently enforces these boundaries by ignoring unwanted interactions, even if the sender’s server is unaware and still allows them to post.
"""

about the concepts of who "owns" (and can curate) the comments section of their post, from whose perspective. (It's never going to be a single person curating/moderating, but I.. think?.. people feel ownership feelings over it nevertheless.)

Like, if I send to "Hey does anybody have a place I can crash tonight?" to @group--attendees_of_this_hacker_gathering but invisible to @guy_I_dont_trust_to_be_alone_with_but_really_dont_want_to_get_into_a_public_confrontation_about_that_right_now,

is there a chance that @defender_of_that_guy_who_sees_fear_of_him_as_an_attack_on_his_character sees that block in the metadata of the post and starts flaming me about it?

This is a contrived example that I don't have specific experiences I'm translating it from,
and sometimes technical limitations or just "we don't have a better design for that yet" mean that you can't AVOID exposing that, so it's not necessarily "it Must Be Fixed if it reveals this",
just,
(a) finding what intuition might be, and checking the implemented teality against that
(b) exploring what attacks there might be, and knowing where they might be made less post-hoc surprising

e.g.:
https://old.reddit.com/r/BlueskySocial/comments/18ebrhx/blocks_being_public_is_already_leading_to/

@mayel (After a certain level of depth to this conversation I hit the wall of being a Fake Geek Girl™ who hasn't actually read @sarahjamielewis 's Queer Privacy or more than a chapter or two of @sarahjeong 's Internet Of Garbage or looked deeply into the work and critiques that @evacide has done over the years or ... .)

The actual specific thing with Bonfire set me off on this line of thinking was:

"""
E.g. you can share a post with several circles but only allow replies from a specific circle, or make a post public but invisible to specific people.
"""

"Make this invisible to X, Y, Z" strikes me as something that can requires very nuanced and situation specific careful stepping around disclosure/visibility and trust. (Ranging from "none", e.g. planning a birthday party, to much higher stakes.)

A bit of a longer post to hopefully come (but I AM bad at Task, and currently behind on many things) but I think there's a widespread antipattern in UI presentation of calling a functionality (especially safety functionality) what the user WANTS rather than what it DOES.

I think this is especially... not "dangerous" exactly, but more impactful -- in federated/distributed networks, where there isn't a Single Platform/Owner able to play god with the single database (and with a stronger ability to pretend to play god with every user's endpoint).

Iike, "Delete Message", e.g. I think should be called "REQUEST Delete" -- it relies fundamentally on a basic minimal level of politeness from instances (federated) or individual endpoints (E2E chat).
A lot of these are "request"s, but it gets more obviously complicated when you add it in explicitly.
Like, "block user" -> "request block user".
Who are we Requesting things of? That is, who are we trusting? And who hears of this request?

Indeed, we have FEPs that either directly address the UX issues mentioned in your post, or could be parts of final solutions:

The Sin of Overwhelming Complexity: Instance Selection Paralysis

- https://codeberg.org/fediverse/fep/src/branch/main/fep/61cf/fep-61cf.md
- https://codeberg.org/fediverse/fep/src/branch/main/fep/ae97/fep-ae97.md

The Sin of Remote Interaction Purgatory: Federation Gymnastics

- https://codeberg.org/fediverse/fep/src/branch/main/fep/07d7/fep-07d7.md (withdrawn; https://fedilinks.org is a similar proposal)
- https://codeberg.org/fediverse/fep/src/branch/main/fep/3b86/fep-3b86.md

The Sin of DM Disasters Waiting to Happen

Some FEPs talk about limited visibility posts and private groups:

- https://codeberg.org/fediverse/fep/src/branch/main/fep/171b/fep-171b.md
- https://codeberg.org/fediverse/fep/src/branch/main/fep/db0e/fep-db0e.md

The Sin of Ghost Conversations and Phantom Follower Counts

Synced conversations:

- https://codeberg.org/fediverse/fep/src/branch/main/fep/1b12/fep-1b12.md
- https://codeberg.org/fediverse/fep/src/branch/main/fep/171b/fep-171b.md
- https://codeberg.org/fediverse/fep/src/branch/main/fep/76ea/fep-76ea.md
- https://codeberg.org/fediverse/fep/src/branch/main/fep/f228/fep-f228.md

The Sin of Invisible Discovery: The Content Mirage
The Sin of User Discovery Hell

I think ActivityPub relays could be used to solve those problems:

- https://codeberg.org/fediverse/fep/src/branch/main/fep/ae0c/fep-ae0c.md

Has anybody built a UI for browsing longform writing over #ActivityPub?