Notices by Sam :verified: (sam@urbanists.social)

V for Vendetta was amazing. Love a movie about murdering fascists. Depiction of a fictional fascist regime in Britain was terrifyingly accurate (everything from the nonsense lines being the flag, the propaganda, use of terror, etc.) and the end was just amazing. Just stunned by how good it was.

So like I'm sorry if I seem a bit aggressive towards Eugen, but what we are witnessing right now is the slow decay of a platform with millions of users and thousands of developers all because one man refuses to let anyone else except for three other people he trusts add features to the project.

Sorry, but Mastodon to me does not belong to Eugen. It belongs to the community. And I don't like that he's gatekeeping that.

There are exactly four people that have made more than ten commits in the past month to Mastodon. Eugen is not even in the top 3. There are more than 399 active pull requests open right now ready to be merged.

OOPS sorry there are almost FOUR HUNDRED open pull requests right now.

And you know what gets merged most often?

Not actual feature development. Not things that would make life easier for admins or users.

Just refactorings of specs or existing features.

For those of you that are like "Submit a pull request to Mastodon instead of complaining", what you don't understand is that pull requests to Mastodon do not get merged lol.

There are almost 400 pull requests open rn on GitHub. Some of them have been open for more than 5 years.

If Eugen does not immediately approve of a pull request and it wasn't a feature he was going to implement anyway, it does not get merged. It just stays open until you close it with no comment from him.

Added a domain limit button to Citadel! Now you can go through the list of suspended accounts and add a domain limit in one click!

Also the bug where Citadel didn't work should've been fixed!

Give it a shot: https://citadel.samw.dev/

#MastoAdmin #Admin #Spam #FediBlock #FediBlockMeta

Introducing Citadel! Citadel is a tool for Mastodon admins that makes it quick and easy to find + suspend spammers in one click!

Eventually Citadel will have more tools, but I wanted to get this out ASAP to help server admins.

It's a client-side app, no server. Everything's all in your browser.

Give it a shot: https://citadel.samw.dev

View source: https://github.com/samwightt/citadel

(also note that after you log in you will ned to reload the page)

#MastoAdmin #FediBlock #FediBlockMeta #Admin #Spam

@SuperMoosie @byjp @zatnosk @activitypubblueskybridge @fedidevs @fediversenews There are several commercial Fediverse networks that you have not opted into, but that your posts can be sent to (via boosts, replies, etc.). Please shut the fuck up and leave this developer alone. This is embarrassing.

@zatnosk @snarfed.org @activitypubblueskybridge @fedidevs @fediversenews Please shut the fuck up.

Mastodon sends your posts to thousands of other servers without your consent. That is how ActivityPub works. This is doing absolutely nothing different.

@SuperMoosie @lrhodes @snarfed.org @activitypubblueskybridge @fedidevs @fediversenews Mastodon works this way by default, it sends your posts to thousands of other servers without your permission. Please leave this developer alone.

@tillshadeisgone Okay!

Can we have a discussion about how it is genuinely incredibly weird and creepy behavior to archive other instance mods' posts, publicly support a user harassing those mods (regardless of what happened), and put that shit on #FediBlock, posting the wrong links that *do not show what they say they show*, forcing other instance admins to have to read hundreds of posts to figure out what the fuck is going on?

Really wish .Art would stop abusing this hashtag.

Also the slur fix one of the Bluesky devs merged uses unlicensed code from someone’s random 20 star repo, meaning it’s copyrighted. They are now claiming a single sentence telling folks to leave a comment in is a software license and I want to scream

And I went into this with an open mind. I was like "I'll just make a simple alternative to the BlueSky server in Elixir". But it CAN'T be a simple implementation like ActivityPub can be, because it is extraordinarily complex and requires you to make guarantees about your storage and how your application works.

It turns out using Git, which is almost always used with a centralized 'remote', to do federation, which needs to be weakly consistent, IS A BAD IDEA!!!!!

What this comes back to is... who cares about any of the crypto bullshit? Having a private key and signing everything with it proves nothing because that private key must have a reputation.

You can verify a domain on Mastodon. You can point a domain to a Mastodon server. You can do that with Pleroma. You can make your own alternative to Mastodon that works exactly like how Bluesky works with domains, but it would take a 4th of the time because ActivityPub is simple to implement!!!!

The ONE thing that this protocol brings to the table is the idea of strong consistency in federation. The only issue is, it makes that strong consistency so resource intensive and so hard to implement that it decreases community servers' ability and ease of federation!!!!

And also, NOBODY CARES ABOUT STRONG CONSISTENCY IN SOCIAL NETWORKS!!! Social networks are built on the idea that we all have a different view of things. We care about seeing stuff from our friends, not seeing EVERYTHING.

The 'account portability' piece is bullshit! The way 'account portability' works is by having two separate keys, one for signing and one as a 'recovery' key. You're supposed to be able to use the 'recovery' key to rewrite history if your account gets hacked or some shit.

WE HAVE THE ABILITY TO DO THAT AS SERVER ADMINS!!! MASTODON HAS THIS ALREADY!!

Additionally, if a Bluesky server goes down, their way of keeping access to your data is by STORING ALL OF IT ON YOUR DEVICE!!!!

Imagine if I had to store the 50k+ tweets I've made on Twitter on my device, and upload ALL of them to a new server whenever a community server went down. Imagine being a server admin having to deal with people uploading tons of JSON data and media a whole bunch at a time. And if you're implementing the protocol correctly, EACH JSON BLOB REQUIRES VERIFYING THE SIGNATURE!! So you'd have to do 50K SIGNATURE VERIFICATIONS! WHICH IS CPU INTENSIVE!!! AND SLOWS DOWN THE SERVER!!!

Additionally, the domain name is NOT your identifier. If you have a custom domain, that is NOT your identifier. Instead you have a 'DID:PLC', which is a kind of 'DID' (invented by, not a surprise, CRYPTO PEOPLE).

There is NOTHING FUNDAMENTALLY USEFUL ABOUT THIS IN FEDERATION. Because this DID is never made visible to a user, it is not human readable (it's a hash), and it doesn't do anything!!!