@stefan@gardenstate.social edited, thanks! the link is opencollective.com/bonfire-n...
Man, this is so exciting! I've been thinking about building with Bonfire for a while now, this might be the push I need!
@sean@deadsuperhero.com great, let's conspire together 🔥
🔥 Bonfire Social 1.0 RC2
@ozoned@social.ozoned.net Thanks for sharing! That was very useful to watch even if painful at times (mostly because I wanted to jump in with pointers but it was prerecorded :D). I took many notes of things to improve with the documentation and tooling.
Overall, the docs and tooling for deploying directly with docker (compared to those using @coopcloud@social.coop which is the recommended and simpler approach) are out of date and too complex mostly because they've been adapted from the dev ones, and we're thinking about how to offer an alternative method with only a compose file and a .env (though I'd welcome advice about how to do so in a simple way, as the just commands are mostly there to reduce the guide to a handful of steps/commands instead of having to copy paste a lot more, and they also set some variables used in the compose file to make it more flexible, but maybe that's not worth it, or there are some other ways to simplify?)
Here's some hints on the main blockers you encountered:
- you first entered
MIX_ENV=emberwhen you wantedFLAVOUR=ember - if you enter
ctrl+c iniex it pauses the app so it wouldn't respond unless you unpause it (by pressing c for continue) - we recently closed port 4000 which now not open outside of docker's internal network by default (for security since you usually want people to connect through the web proxy in prod) and need to update the docs
- we need to better document that it's also running a web proxy by default on ports 80/443, and point to where the caddy config is
- at one point you were looking at
docker-compose.ymlinstead of the release onedocker-compose.release.yml - during of the following attempts where you tried to run dev you were still following the prod guide instead of the dev guide which uses different just commands and env vars
I'm not sure why you weren't able to connect on port 80 during the first attempt though, as the elixir app logs didn't show anything, and caddy's error log was pretty cryptic, I'd be curious what you'd see on port 4000 if you opened it in docker-compose.release.yml
ah thinking about it more, one of your viewers may have guessed the issue, saying you had to set up a domain and set the hostname. As port 80 redirects to port 443 and that one couldn't work without those.
Attempted to set up @bonfire a couple of times and didn't have success. But hopefully someone can find this valuable and/or tell me what I did wrong to help me learn as well.
https://video.firesidefedi.live/w/sXNGDdqurg59cE3syZ3svU
#peertube#vod#tech#bonfire#fedi#fediverse#it#install
@ozoned@social.ozoned.net Thanks for sharing! That was very useful to watch even if painful at times (mostly because I wanted to jump in with pointers but it was prerecorded :D). I took many notes of things to improve with the documentation and tooling.
Overall, the docs and tooling for deploying directly with docker (compared to those using @coopcloud@social.coop which is the recommended and simpler approach) are out of date and too complex mostly because they've been adapted from the dev ones, and we're thinking about how to offer an alternative method with only a compose file and a .env (though I'd welcome advice about how to do so in a simple way, as the just commands are mostly there to reduce the guide to a handful of steps/commands instead of having to copy paste a lot more, and they also set some variables used in the compose file to make it more flexible, but maybe that's not worth it, or there are some other ways to simplify?)
Here's some hints on the main blockers you encountered:
- you first entered
MIX_ENV=emberwhen you wantedFLAVOUR=ember - if you enter
ctrl+c iniex it pauses the app so it wouldn't respond unless you unpause it (by pressing c for continue) - we recently closed port 4000 which now not open outside of docker's internal network by default (for security since you usually want people to connect through the web proxy in prod) and need to update the docs
- we need to better document that it's also running a web proxy by default on ports 80/443, and point to where the caddy config is
- at one point you were looking at
docker-compose.ymlinstead of the release onedocker-compose.release.yml - during of the following attempts where you tried to run dev you were still following the prod guide instead of the dev guide which uses different just commands and env vars
I'm not sure why you weren't able to connect on port 80 during the first attempt though, as the elixir app logs didn't show anything, and caddy's error log was pretty cryptic, I'd be curious what you'd see on port 4000 if you opened it in docker-compose.release.yml
we have 3 years to create a common transnational infrastructure to defeat Elon Musk American party
@jaz also created this map-view of regional instances: https://jaz.co.uk/projects/startheresocial/shs-map/
@midzer@chaos.social @matt@oslo.town @jaz@toot.wales I am quite interested in hearing if there are features that could enhance a location-based fedi server experience...would love to build a #bonfire flavour for villages/bioregion 🏕️
@matt@oslo.town so cool to see more location-based communities in the fediverse ✊
Like, looking at what my hypothetical person 2 thought they were doing -- there is no need for them to assume that is a clean or perfect block, or that there is no way for it to get exposed. Most people who have used blocks in any sort of social platform know that with alt-accounts or friends, or just normal social dynamics, the person they block can find out. That capacity even with that limitation is nevertheless /enough/ for them to want it.
In this case, that still-CAN-be-revealed requires either active testing of each possible block, or very engaged social surveillance.
Which is often discussed, and which people seem to discuss and understand Bluesky's block issue as being qualitatively different than.
@gaditb@icosahedron.website oh yeah they're definitely different! maybe enough that each (or something in between, like showing what boundaries you applied to people who you give permission to) may be desired in different situations or use cases?
I have thoughts re:
"""
From your perspective, those replies disappear, and new ones won’t appear at all. Your instance silently enforces these boundaries by ignoring unwanted interactions, even if the sender’s server is unaware and still allows them to post.
"""
about the concepts of who "owns" (and can curate) the comments section of their post, from whose perspective. (It's never going to be a single person curating/moderating, but I.. think?.. people feel ownership feelings over it nevertheless.)
@gaditb@icosahedron.website yeah that's an interesting line of thinking, I think the authors of these to FEPs have been exploring that: github.com/bonfire-networks/...
Like, if I send to "Hey does anybody have a place I can crash tonight?" to @group--attendees_of_this_hacker_gathering but invisible to @guy_I_dont_trust_to_be_alone_with_but_really_dont_want_to_get_into_a_public_confrontation_about_that_right_now,
is there a chance that @defender_of_that_guy_who_sees_fear_of_him_as_an_attack_on_his_character sees that block in the metadata of the post and starts flaming me about it?
This is a contrived example that I don't have specific experiences I'm translating it from,
and sometimes technical limitations or just "we don't have a better design for that yet" mean that you can't AVOID exposing that, so it's not necessarily "it Must Be Fixed if it reveals this",
just,
(a) finding what intuition might be, and checking the implemented teality against that
(b) exploring what attacks there might be, and knowing where they might be made less post-hoc surprising
e.g.:
https://old.reddit.com/r/BlueskySocial/comments/18ebrhx/blocks_being_public_is_already_leading_to/
@gaditb@icosahedron.website
I think the Bluesky example you linked to is an unfortunate illustration of what happens when we expect technical tools to cleanly solve social problems. Making a blocklist public is obviously egregious, but even private exclusions can be exposed through old-fashioned social interactions. For example, someone casually referencing a post might unintentionally reveal to someone else that they weren't included.
In Bonfire, boundaries aren’t meant to control what others do on their own instance (apart from defining who an activity is addressed to, similarly to BCC with email). They’re more about controlling what reaches you on yours. Since ActivityPub doesn’t yet support strong security features like end-to-end encryption or object capabilities, boundaries are designed as a local-first mechanism. They help shape your experience and interactions rather than enforcing strict rules across the network.
So, in your example, if someone starts harassing you, you can block them, or just silence them or the thread in question. From your perspective, those replies disappear, and new ones won’t appear at all. Your instance silently enforces these boundaries by ignoring unwanted interactions, even if the sender’s server is unaware and still allows them to post.
It’s not perfect privacy or hard enforcement but harm reduction and local autonomy in a messy, federated world...
(I'm not getting thst impression from you, but just in case/to be explicit about my conversational position rather than try to rely on tonal nuances.)
@gaditb@icosahedron.website Don't worry I'm enjoying it, keep em coming!
@mayel (After a certain level of depth to this conversation I hit the wall of being a Fake Geek Girl™ who hasn't actually read @sarahjamielewis 's Queer Privacy or more than a chapter or two of @sarahjeong 's Internet Of Garbage or looked deeply into the work and critiques that @evacide has done over the years or ... .)
@gaditb@icosahedron.website Thanks for the reading materials! 😊
@evacide@hachyderm.io @sarahjamielewis@mastodon.social @sarahjeong@mastodon.social
The actual specific thing with Bonfire set me off on this line of thinking was:
"""
E.g. you can share a post with several circles but only allow replies from a specific circle, or make a post public but invisible to specific people.
"""
"Make this invisible to X, Y, Z" strikes me as something that can requires very nuanced and situation specific careful stepping around disclosure/visibility and trust. (Ranging from "none", e.g. planning a birthday party, to much higher stakes.)
@gaditb@icosahedron.website Good catch! We usually try to explain things in a more comprehensive way than in that short blurb. Specifically in this case, if something it shared publicly there can be no gurantee that they won't see it. For non-public posts there's no guarantee either (because there's no end-to-end-encryption) but there's a better chance, since we distribute it only to the actors who were given permission (in a similar way as BCC in email).
A bit of a longer post to hopefully come (but I AM bad at Task, and currently behind on many things) but I think there's a widespread antipattern in UI presentation of calling a functionality (especially safety functionality) what the user WANTS rather than what it DOES.
I think this is especially... not "dangerous" exactly, but more impactful -- in federated/distributed networks, where there isn't a Single Platform/Owner able to play god with the single database (and with a stronger ability to pretend to play god with every user's endpoint).
Iike, "Delete Message", e.g. I think should be called "REQUEST Delete" -- it relies fundamentally on a basic minimal level of politeness from instances (federated) or individual endpoints (E2E chat).
A lot of these are "request"s, but it gets more obviously complicated when you add it in explicitly.
Like, "block user" -> "request block user".
Who are we Requesting things of? That is, who are we trusting? And who hears of this request?
@gaditb@icosahedron.website great point! This is what's currently shown when you delete a post in Bonfire, I guess we could make it clearer that this:
- deletes it on your local instance
- sends a deletion request to other instances (and to which ones?)
Domani andiamo in campeggio vicino il lago di bolsena con la mia compagna e mia figlia treenne 🏕️ Da ieri leggo sarà una settimana di caldo infernale, con temperature che toccheranno i 38°..
Mi chiedo se sia ancora il caso di partire oppure no 😒
Ma quanto è bello l'Ex Asilo Filangieri a Napoli? Sono innamorato.
Alle 7 facciamo un talk e dopo cena festa (suono anch'io!).
@kenobit@livellosegreto.it l'exasilo è un posto magico, saluta cecè <3
Long-form content in Bonfire: Part 1
Am I the only one out of the loop on what @Bonfire is? Am I correct on that it's a collection of software (some of it in Elixir?) to do different federated things? Bonfire Social seems to be a Mastodon alternative? https://bonfirenetworks.org talks in very lofty terms about a network but a network of what? There seems to be a website builder (Mosaic) that also has some ActivityPub support?
You got that mostly right! We are indeed working trying to improve our website and how we describe the project...
Bonfire is entirely made up of extensions/plugins written in Elixir with Phoenix/LiveView/Surface.
Mosaic is more of a service offering to build digital spaces by using/extending/creating Bonfire extensions (all open source).
Hope that helps!