Notices by Renaud Chaput (renchap@oisaur.com), page 5

@filippo This will be changed in the next version.

@filippo We are also working on disabling open registrations if no admin/mod had any activity in the last week: https://github.com/mastodon/mastodon/pull/29318

@jerry It has always been their plan, according to my discussions with them. It may become opt out later, but for many reasons (including legal), it will start as opt-in

I saw some people asking: no, this spam wave on the Fediverse does not have any relation to the security fixes published last week.

@GossiTheDog or because they are overloaded with the spam + reports

@GossiTheDog here are my plans to tackle this, hopefully we will be able to start on it soon: https://renchap.com/blog/post/evolving_mastodon_trust_and_safety/

Once implemented, you can expect proper support in the API, web frontend, and the official mobile clients (that we develop), and we intend to publish the API details in advance so any other client can support them.
We will also be publishing FEPs to ensure that this becomes a standard that can be supported by every ActivityPub implementation.
It will (if all goes fine) support notifications when someone quotes you, as well as controlling who can quote your posts (everyone, nobody, mutuals…)

Here are a sample of the hard questions we need to have answers for:
- Can you quote a post when replying to someone
- Is pasting a link into a post quoting? What if there are multiple posts linked?
- How to handle implementations, instances or clients not supporting quote posts
- How does this interact with moderation? Blocking?
- How do we handle ActivityPub implementations with slightly different formats, like if they support quoting multiple posts in the same status?

To answer some common questions I get:

Yes, we want to have proper safety features for Quote Posts. We got enough feedback from Xitter to know how they can be used for harassment. Maybe this is not a concert to you, but it is for us.

Yes, it takes time, but we are a very small team, with only one full-time developer for the backend. At the moment, handling the day-to-day (reviews, bug fixes, security) is already more than what we can handle, so everything takes more time that we would like.

As always, you can help by contributing, either:
- with code, we are mostly looking for people able to contribute a "large” features after getting guidance from us
- with money, by donating to the project, which allows us to hire more people: https://joinmastodon.org/sponsors

I said it several times, but with Ivory's latest announcement, let me repeat it: we (the Mastodon team) are working on implementing Quote Posts. This is a much more complex feature than showing a preview for a link to a post, which is done at the moment by multiple clients.

It is a complex task and we have been working on defining the feature and the protocol-level details for some time. We are moving forward, and there are fewer hard questions to answers, but progress is there.

@silverpill It defines Object Links, which might be useful to represent Quote Posts, but are not Quote posts. Our proposal will probably be based on it (and suggest some changes to it due to possible issues).
We know Threads implemented support this way, we are in touch with Christopher. It is a temporary implementation on their side using what is currently done by some implementations.

@rolle @kevinjardine

@rolle @kevinjardine we are working on Quote Posts right now. First step is trying to figure out the exact behavior we want for them (this raises an interesting number of questions) and then how to represent them in ActivityPub (which nobody really did formally).
But remember that we have 1.5 developer on the Mastodon software, who need to also work on many other things, like bugfixes or security issues.
But we are making progress, slowly.

Advice to OSS projects that are exposing a public interface: implement an update checker with very visible admin notifications.

We did this for Mastodon 4.2, and it allowed our latest security release to reach 90% active user adoption in less than 48 hours, which took weeks previously.

Also, you should probably have a written guide on how to do your security releases, I hope I can share ours at some point.

You can check the update checker implemention here: https://github.com/mastodon/mastodon/pull/26582

@dansup yes! One more participant for the future ActivityPub room! @andypiper

@GossiTheDog this is my favorite 4.2 feature. First time we are using it, but the feedback is very positive so far.
An email notification should also have been sent to any admin btw.

@GossiTheDog We are working on fixing this (or at least trying to), not with push notifications but with emails.
We reworked the email layout entirely (available in `main`), the welcome email is being improved a lot (https://github.com/mastodon/mastodon/pull/28883) and will add weekly recap emails, + emails if you have not been active for X days/weeks (TBD)

@GossiTheDog We noticed a few instances with a lot of fake users, which have been ignored in the stats. Those numbers should probably not be trusted, better to focus on the network's activity IMO.

@evan Sure. This is on the 4.3 roadmap but I am not sure we will be able to deliver it, it has many implications, both in term of protocol and implementation, mostly because preview generation must be an async process.
I will try to write down our thoughts on this topic (we have been discussing this for many months), and share it to you

@Teri_Kanefield I am sorry for this, this is a known Mastodon issue. Basically, when you post a link, every Mastodon instance receiving your post will try to download the page to generate the link preview, and for popular accounts like yours this might be a few thousand of requests.
We have plans to improve this in the near future, in the meantime having some basic HTTP caching on your blog should help.