A point in the #fedipact discussion I at least haven't seen talked about yet: Blocking meta by default in code.
I'm in the process of completely rewriting my datajournalism webframework and have repeatedly thought about fedi/AP integration – and at least for this, as a tool where privacy and security are somewhere between very important and absolutely paramount, blocking access by surveillance capitalist platforms by default seems like a very prudent thing to do.
I for one can definitely pledge that if I end up writing AP integration, that integration will block reads by any fedi service I know to be run by Google, Meta, any of Peter Thiels companies and similar actors by default.
Which, I guess will surprise no one who knows me. ¯_(ツ)_/¯
I can see an argument being made that this is not, or at least less important for clients as they would only give a single users data to this kind of actor and the user has to actively input their instance.
And, personally, I would say that a client showing a warning and getting an extra opt-in from a user if they choose an instance run by Meta (or some other surveillance corp) is enough to fulfill the spirit of the pact.
What, I'm saying, I guess, is that I'd like to see something akin to #fedipact but for developers to pledge that their software is going to block actors like Meta in their fedi software by default.
I'm just not sure whether this should look exactly like fedipact.
Client and server software have different concerns here for example.
@greymatter Yeah. 127.0.0.1 / ::1 are bound to lo0.
I have a lo1 that contains a /24.
The host gets the first address on that (10.101.2.1 for example) and the jails on later addresses.
Also, I kinda suspect that "rootless" in podman context is similar to the shared basesystem thing I got – everything except /usr/local (where all user-installed stuff goes) only exists once and is mounted read-only into every container.
@greymatter Heard good things about podman, but since it's not on my platform, I haven't looked into it.
On my own infra, I run a custom thinjail setup where all jails share a base system and are on an extra loopback interface.
Access to internal services (and other resources like certs) is shared only for the jails that actually need them via unix sockets in readonly nullfs mounts.
Been periodically refining this setup over the last decade or so and it's getting pretty close to my ideal. :)
@greymatter
But with these projects where the entire setup doc is essentially "shut up and run this docker image" I have to assume that they don't follow good practices.
One problem here is that while containers are a good means of logical/administrative encapsulation, way too many people think they are security encapsulation on par with VMs – which they definitely aren't.
Finding it to be too little too late that people realize using billionaire platforms for convenience makes them complicit.
I mean hell, it's already foreseeable that virtually everybody bitching now will forget about this as soon as the next big thing comes around. And I'm not sure at all most of these people will leave platforms like Whatsapp even now.
Just saw a toot recommending people leave Twitter even for Bluesky and, like – do you have any clue who the fuck Jack Dorsey is? :thaenkin:
Oh no, some rich people died in the ocean. What a tragedy. 🥱
Can we now please redirect the ridiculously huge rescue effort for five rich bitches to the thousands of migrants drowning in the Mediterranean every fucking year? :thaenkin:
I got at least 26 mosquito bites within 15 minutes yesterday.
Of all the flying insects apparently the only one to survive in numbers are fucking mosquitoes.
Usually, I'm staunchly on the side of conservationism, but with these fuckers, I'm tempted to introduce some invasive species to make sure they go extinct… :F
@n3wjack Main "use" I'm aware of is being bat food. Maybe I should look/hang up whatever the hell the bat equivalent of bird houses are. Bat caves? :thinkhappy:
