“Nothing is yours. It is to use. It is to share. If you will not share it, you cannot use it.” ― Ursula K. Le Guin
Mayel
Tending to @bonfire@bonfire.cafe 🔥
Love this quote! mastodon.social/@mayel/11522...
“To learn which questions are unanswerable, and not to answer them: this skill is most needful in times of stress and darkness.” ― Ursula K. Le Guin
“Do nothing because it is righteous or praiseworthy or noble to do so; do nothing because it seems good to do so; do only that which you must do and which you cannot do in any other way.” ― Ursula K. LeGuin
“To learn which questions are unanswerable, and not to answer them: this skill is most needful in times of stress and darkness.” ― Ursula K. Le Guin
Don't the captcha people understand that by now we're not selecting motorbikes or fire hydrants but what we think the algorithm thinks other people think they are?
@ozoned@social.ozoned.net Thanks for sharing! That was very useful to watch even if painful at times (mostly because I wanted to jump in with pointers but it was prerecorded :D). I took many notes of things to improve with the documentation and tooling.
Overall, the docs and tooling for deploying directly with docker (compared to those using @coopcloud@social.coop which is the recommended and simpler approach) are out of date and too complex mostly because they've been adapted from the dev ones, and we're thinking about how to offer an alternative method with only a compose file and a .env (though I'd welcome advice about how to do so in a simple way, as the just commands are mostly there to reduce the guide to a handful of steps/commands instead of having to copy paste a lot more, and they also set some variables used in the compose file to make it more flexible, but maybe that's not worth it, or there are some other ways to simplify?)
Here's some hints on the main blockers you encountered:
- you first entered
MIX_ENV=emberwhen you wantedFLAVOUR=ember - if you enter
ctrl+c iniex it pauses the app so it wouldn't respond unless you unpause it (by pressing c for continue) - we recently closed port 4000 which now not open outside of docker's internal network by default (for security since you usually want people to connect through the web proxy in prod) and need to update the docs
- we need to better document that it's also running a web proxy by default on ports 80/443, and point to where the caddy config is
- at one point you were looking at
docker-compose.ymlinstead of the release onedocker-compose.release.yml - during of the following attempts where you tried to run dev you were still following the prod guide instead of the dev guide which uses different just commands and env vars
I'm not sure why you weren't able to connect on port 80 during the first attempt though, as the elixir app logs didn't show anything, and caddy's error log was pretty cryptic, I'd be curious what you'd see on port 4000 if you opened it in docker-compose.release.yml
ah thinking about it more, one of your viewers may have guessed the issue, saying you had to set up a domain and set the hostname. As port 80 redirects to port 443 and that one couldn't work without those.
Attempted to set up @bonfire a couple of times and didn't have success. But hopefully someone can find this valuable and/or tell me what I did wrong to help me learn as well.
https://video.firesidefedi.live/w/sXNGDdqurg59cE3syZ3svU
#peertube #vod #tech #bonfire #fedi #fediverse #it #install
@ozoned@social.ozoned.net Thanks for sharing! That was very useful to watch even if painful at times (mostly because I wanted to jump in with pointers but it was prerecorded :D). I took many notes of things to improve with the documentation and tooling.
Overall, the docs and tooling for deploying directly with docker (compared to those using @coopcloud@social.coop which is the recommended and simpler approach) are out of date and too complex mostly because they've been adapted from the dev ones, and we're thinking about how to offer an alternative method with only a compose file and a .env (though I'd welcome advice about how to do so in a simple way, as the just commands are mostly there to reduce the guide to a handful of steps/commands instead of having to copy paste a lot more, and they also set some variables used in the compose file to make it more flexible, but maybe that's not worth it, or there are some other ways to simplify?)
Here's some hints on the main blockers you encountered:
- you first entered
MIX_ENV=emberwhen you wantedFLAVOUR=ember - if you enter
ctrl+c iniex it pauses the app so it wouldn't respond unless you unpause it (by pressing c for continue) - we recently closed port 4000 which now not open outside of docker's internal network by default (for security since you usually want people to connect through the web proxy in prod) and need to update the docs
- we need to better document that it's also running a web proxy by default on ports 80/443, and point to where the caddy config is
- at one point you were looking at
docker-compose.ymlinstead of the release onedocker-compose.release.yml - during of the following attempts where you tried to run dev you were still following the prod guide instead of the dev guide which uses different just commands and env vars
I'm not sure why you weren't able to connect on port 80 during the first attempt though, as the elixir app logs didn't show anything, and caddy's error log was pretty cryptic, I'd be curious what you'd see on port 4000 if you opened it in docker-compose.release.yml
Mayel
boosted
Mayel
boosted
Are you still on #Spotify?
Spotify’s CEO Daniel Ek has raised €600M for his new startup, which is developing AI TECH FOR WAR. Ek still owns 9% of Spotify, but has 37% voting control. His net worth went from $2.5B to $10B in the last two years alone, on the back of paying musicians a pittance in royalties.
And don’t forget:
• Spotify spent $250M of your subscription dollars to invite Joe Rogan to spew his disinformation on their platform.
• They’re still trying to embrace and extinguish Podcasts.
• They’re developing in-house, AI-generated “music” so users will play them (royalty-free) instead of music created by humans (who demand royalty).
And now, he’s using his wealth, created by your subscriptions, to fund tech that will use AI to literally murder humans in war.
Stop funding him. Quit Spotify now.
#QuitSpotify #music #ai#militaryTech #techbro
“Spotify’s CEO invests $1 billion into an AI military start-up — and musicians are fuming”
Mayel
boosted
"Men who sell machines that mimic people want us to become people who mimic machines. They want techno feudal subjects who will believe and do what they’re told. We, as people, are being strategically simplified. This is a fascist process."
https://organizingmythoughts.org/some-thoughts-on-techno-fascism-from-socialism-2025/
Mayel
boosted
Well, it’s official: I have been released from my employer and I am now looking for new employment.
I am an Elixir and Ruby on Rails software engineer with a penchant for learning new languages and technologies quickly. I am a keen problem solver and an excellent communicator. I am passionate about building tools with open source software for the good of mankind. I also have a background in electronics and RF mesh networking.
I prefer remote, but would be open to a hybrid position in the Fort Worth, Texas area.
Mayel
boosted
Bonfire's progressive web app is getting cool 🤟
@mayel I also think I disagree your takeaways from it?
Like, looking at what my hypothetical person 2 thought they were doing -- there is no need for them to assume that is a clean or perfect block, or that there is no way for it to get exposed. Most people who have used blocks in any sort of social platform know that with alt-accounts or friends, or just normal social dynamics, the person they block can find out. That capacity even with that limitation is nevertheless /enough/ for them to want it.
In this case, that still-CAN-be-revealed requires either active testing of each possible block, or very engaged social surveillance.
Which is often discussed, and which people seem to discuss and understand Bluesky's block issue as being qualitatively different than.
@gaditb@icosahedron.website oh yeah they're definitely different! maybe enough that each (or something in between, like showing what boundaries you applied to people who you give permission to) may be desired in different situations or use cases?
@mayel As a side-point, that I don't think has any safety impact and also don't REALLY have fully-theorized to a necessarily-useful level of specifics, and also haven't really run it by people as like "are my thoughts here, like, coherent? and useful?",
I have thoughts re:
"""
From your perspective, those replies disappear, and new ones won’t appear at all. Your instance silently enforces these boundaries by ignoring unwanted interactions, even if the sender’s server is unaware and still allows them to post.
"""
about the concepts of who "owns" (and can curate) the comments section of their post, from whose perspective. (It's never going to be a single person curating/moderating, but I.. think?.. people feel ownership feelings over it nevertheless.)
@gaditb@icosahedron.website yeah that's an interesting line of thinking, I think the authors of these to FEPs have been exploring that: github.com/bonfire-networks/...
@mayel How visible is the exclusion itself, though?
Like, if I send to "Hey does anybody have a place I can crash tonight?" to @group--attendees_of_this_hacker_gathering but invisible to @guy_I_dont_trust_to_be_alone_with_but_really_dont_want_to_get_into_a_public_confrontation_about_that_right_now,
is there a chance that @defender_of_that_guy_who_sees_fear_of_him_as_an_attack_on_his_character sees that block in the metadata of the post and starts flaming me about it?
This is a contrived example that I don't have specific experiences I'm translating it from,
and sometimes technical limitations or just "we don't have a better design for that yet" mean that you can't AVOID exposing that, so it's not necessarily "it Must Be Fixed if it reveals this",
just,
(a) finding what intuition might be, and checking the implemented teality against that
(b) exploring what attacks there might be, and knowing where they might be made less post-hoc surprising
e.g.:
https://old.reddit.com/r/BlueskySocial/comments/18ebrhx/blocks_being_public_is_already_leading_to/
@gaditb@icosahedron.website
I think the Bluesky example you linked to is an unfortunate illustration of what happens when we expect technical tools to cleanly solve social problems. Making a blocklist public is obviously egregious, but even private exclusions can be exposed through old-fashioned social interactions. For example, someone casually referencing a post might unintentionally reveal to someone else that they weren't included.
In Bonfire, boundaries aren’t meant to control what others do on their own instance (apart from defining who an activity is addressed to, similarly to BCC with email). They’re more about controlling what reaches you on yours. Since ActivityPub doesn’t yet support strong security features like end-to-end encryption or object capabilities, boundaries are designed as a local-first mechanism. They help shape your experience and interactions rather than enforcing strict rules across the network.
So, in your example, if someone starts harassing you, you can block them, or just silence them or the thread in question. From your perspective, those replies disappear, and new ones won’t appear at all. Your instance silently enforces these boundaries by ignoring unwanted interactions, even if the sender’s server is unaware and still allows them to post.
It’s not perfect privacy or hard enforcement but harm reduction and local autonomy in a messy, federated world...
@mayel (You can tell me to, like, look into it myself rather than asking you to explain every detail and stuff. I'm not in a situation where me having that info is relevant to my safety or supporting anyone where it is relevant to theirs. I'm just asking hopefully-useful questions, so while I like learning about how this works from this angle and am enjoying it, if my repeatedly-asking-details is not particularly enjoyable/useful to you/the project, like.)
(I'm not getting thst impression from you, but just in case/to be explicit about my conversational position rather than try to rely on tonal nuances.)
(I'm not getting thst impression from you, but just in case/to be explicit about my conversational position rather than try to rely on tonal nuances.)
@gaditb@icosahedron.website Don't worry I'm enjoying it, keep em coming!
@mayel (After a certain level of depth to this conversation I hit the wall of being a Fake Geek Girl™ who hasn't actually read @sarahjamielewis 's Queer Privacy or more than a chapter or two of @sarahjeong 's Internet Of Garbage or looked deeply into the work and critiques that @evacide has done over the years or ... .)
@gaditb@icosahedron.website Thanks for the reading materials! 😊
@evacide@hachyderm.io @sarahjamielewis@mastodon.social @sarahjeong@mastodon.social
@mayel Oh wow! I didn't even look at the specifics yet (another reason this was dashed-off and non-specific), that's great that you've already been thinking along those same lines!
The actual specific thing with Bonfire set me off on this line of thinking was:
"""
E.g. you can share a post with several circles but only allow replies from a specific circle, or make a post public but invisible to specific people.
"""
"Make this invisible to X, Y, Z" strikes me as something that can requires very nuanced and situation specific careful stepping around disclosure/visibility and trust. (Ranging from "none", e.g. planning a birthday party, to much higher stakes.)
@gaditb@icosahedron.website Good catch! We usually try to explain things in a more comprehensive way than in that short blurb. Specifically in this case, if something it shared publicly there can be no gurantee that they won't see it. For non-public posts there's no guarantee either (because there's no end-to-end-encryption) but there's a better chance, since we distribute it only to the actors who were given permission (in a similar way as BCC in email).
A bit of a longer post to hopefully come (but I AM bad at Task, and currently behind on many things) but I think there's a widespread antipattern in UI presentation of calling a functionality (especially safety functionality) what the user WANTS rather than what it DOES.
I think this is especially... not "dangerous" exactly, but more impactful -- in federated/distributed networks, where there isn't a Single Platform/Owner able to play god with the single database (and with a stronger ability to pretend to play god with every user's endpoint).
Iike, "Delete Message", e.g. I think should be called "REQUEST Delete" -- it relies fundamentally on a basic minimal level of politeness from instances (federated) or individual endpoints (E2E chat).
A lot of these are "request"s, but it gets more obviously complicated when you add it in explicitly.
Like, "block user" -> "request block user".
Who are we Requesting things of? That is, who are we trusting? And who hears of this request?
@gaditb@icosahedron.website great point! This is what's currently shown when you delete a post in Bonfire, I guess we could make it clearer that this:
- deletes it on your local instance
- sends a deletion request to other instances (and to which ones?)
