plus my passwords are partials (I salt them)
I’m curious how you make that work - do you just remember the salts, store them separately, or what? I have like 50-70 passwords in my store currently, there’s no way I’m remembering a (true random) salt for each one.
ASP.NET Core Identity is backed by an in-memory database (since 11.1.0); the only allowed login method is via Microsoft account, but DeviantArt and Reddit accounts can be added in user management (which will connect these accounts to Pandacap’s main database).
Does this literally mean I need a Microsoft account to run this on my own machine, or is that only for deploying on Azure?
I use pass for my passwords, and it has an otp extension that I’ve been using more and more. I used to use aegis but I have needed to switch phones one too many times without having access to the previous phone to be comfortable with phones for 2fa.
Of course, this isn’t as secure as a truly separate OTP solution, but it’s still better than no OTP/2FA. And I can easily enough back up and restore my 2fa access over the internet, even on a new computer (albeit I need to also backup a PGP key that can decrypt the password store to truly be portable).
Primeagen has interviewed DHH at least twice over the past 2 years, in hour+ videos posted to his YouTube channel. Including one where DHH goes unprompted into a pro-natalism rant.
Primeagen also just spent a week with some other creators working on a video game, sponsored by Cursor and on Framework desktops running Omarchy.
He is either sympathetic or apathetic to these issues - certainly doesn’t seem to care about being decent to those not of his tribe.
Kudos for developing this on your phone! I’ve played around with termux, even have a Bluetooth keyboard, but I’ve never had the courage to actually code through it.
I often see LogSeq, and to a lesser extent Silver Bullet, mentioned as self-hostable alternatives to Obsidian that people actually appreciate using.
At the risk of being callous and blunt, the international news has been covering the killing of tens of thousands of Gazans for over a year now (soon to be 2). They have also covered the Ukrainian civilians getting drone struck (striked?) for close to 3 years now. The flash floods in Pakistan a few years ago that literally turned half of the country blue as seen from satellite images because of how much water there was were also all over the news. The Hamas higher ranks getting killed by exploding pagers in civilian areas (with heavy collateral damage) was also all over the news in western countries, at the very least.
To be clear, I don’t know if the ladybird dev has said anything on any of these issues. I just want to assert that plenty of killings make international news. Charlie Kirk was not the first nor the exception, what was new with him was that he was named, a far-right agitator, and had an existing (para-)social following. All of which cast a poor light, for me, on this being what someone chooses to speak up on.
From my own experience querying public mastodon timelines via API (edit: removed incorrect /api/v1s in the AP_IDs):
https://<instance.domain.tld>/users/<username>https://<instance.domain.tld>/users/<post_author_username>/statuses/<post_id> (they also have a url property of https://<instance.domain.tld>/@<post_author_username>/<post_id> but that tends to serve the html view of the post)To see for yourself, pick an instance that allows viewing their public timeline without logging in (mastodon.social is perfect for this) and follow the “Playing with public data” section of the docs. That page ellides most of the info you’re looking for in the example payloads they give (as the JSON payloads themself are quite large and nested), but I can assure you that AP_IDs for user accounts and posts can be found pretty quickly from a single timeline query.
I don’t think Mastodon has any notion of community, nor does it distinguish between posts and comments (when following a lemmy community, both posts and comments show up in my masto feed as “top-level” statuses (ie posts)).
If we want to keep it silly, then "pie-munchers’ gets my nomination.
Op, I appreciate that you seem to be genuinely interested in these topics, and are not just farming engagement (which is kinda meaningless here on the Fedi, anyways…). If I may offer a suggestion, try to find a tone that doesn’t sound like a roadmap for some corporate brand strategy. Most of us that are here and would be interested in a “fediverse permaculture” are severely put off by the structure of your post, not to mention it lacks in depth for most suggestions to be directly actionable (for example, the merch you would sell to support the insurance still needs to be made somewhere, by someone, who either needs to be paid for their time or are already independently wealthy).
Have you taken a look around !permacomputing@slrpnk.net ? Permaculture is not just about principles of mutual support but also a long process of experimentation to see which combinations of which plants and practices works out “for the best”. You might foster more of the conversation you’re looking for if you can bring some more concrete examples or proposals to serve as topics instead of an all-encompassing manifesto post.
The next time I’m about to moan and complain about how nobody directly implements activitypub apis “the standard way”, I’ll remember this article and be mollified.
As @abeorch@friendica.ginestes.es states, diversity is a strength when it comes to resisting capture.
Not who you’re asking, but I assume you find either an instance that is slow to federate, or one that doesn’t honor deletion requests.
Damn, thanks for linking that report. I have appreciated devault’s work for almost a decade, this is a good reminder that just because someone’s public actions align with my values does not automatically mean they are infallible nor should they be canonized.
For instances that already have a user base, admins should not make any significant decisions without the consent of their users. This goes against our values, and we will not permit an instance to use Bridgy Fed in this manner. We’ve had conversations on how to handle a situation like this, and we would block instances [3] from doing so. We strongly expect admins to be loud about bridging, especially during signup. 3/10
This is very encouraging to read from a project that initially did not understand why many would be opposed to an opt-out bridge to ATProto.
Wanted to try it, signed up for the beta, still waiting on my invite code.
On the surface, bluesky integration makes sense if they’re trying to onboard people onto “the social web”. Still, I’m disappointed they seem to want to be a curated view on what they determine is a feed, and not some kind of plug’n’play feed viewer beyond RSS.
Ok but if it allows anubis to judge the soul of my bytes as being worthy of reaching a certain site I’m trying to access, then the program is not making any calculations that I don’t want it to.
Would the FSF prefer the challenge page wait for user interaction before starting that proof of work? Along with giving them user a “don’t ask again” checkbox for future challenges?
To my knowledge, there is 1 feature that forgejo has that gitea doesn’t: it can generate a new ssh key for you at the click of a button that can be used to push repo changes to another git forge.
I have several personal repos on my forgejo instance that are each setup so that they mirror themselves onto my Codeberg account at noon every day.
I also have a gitea instance on a raspi on my local network that itself will push out changes on certain repos to the (public-facing) forgejo instance.
I can push and/or pull to any of the three origins as needed, but usually I just push to the gitea when I’m at home and the forgejo when I’m not, and let the mirroring take care of propagating changes to Codeberg.
I see the tumblr culture is already present, congrats! Although I never personally used tumblr, my understanding is that more than features or functionality it was very much the culture that its users cultivated that made that site special.
If this turns out to be a measurable and reproducible effect for most humans, online gambling and video game loot boxes just became a while lot scarier in my mind.
I see, thanks for the explanation!
I’ve been working on a frontend/browser client for “exploring” activitypub instances in my spare time, and CORS basically requires me to have some sort of separate server process that can fetch and auth using my account(s). I’m unsure of how much sense it would make to try to bolt my client on top of your software, but at least now I know I can try without needing to involve a Microsoft account.