@Wander@packmates.org avatar



:therian: Grey Wolf Therian, he/him, 30ish y.o.
Running packmates.org and yiffit.net fediverse instances.

:vlpn_happy_heart: Interests: Tech, therianthropy, furry/feral art, animal books, shamanism & animal-influenced spirituality, SFW & NSFW petplay

I sometimes post or boost NSFW content.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Wander, to mastodon
@Wander@packmates.org avatar

My "MastoRecommender" project! (as promised, an early proof of concept sneak peek)

A project where we turn the dreaded corporate spam-pushing algorithm concept on its head to create a curated recommendations feed that YOU control, runs 100% on your PC, is private and works with any fediverse instance that supports the Mastodon API.

Tired of missing out on awesome fedi content and discussions that people from around the world are posting while you're asleep? Well, no more :vlpn_happy_heart:

This will of course be fully open source. It also works via the existing API which is already used by clients such as Tusky. This means that:

a) users only get recommendations for content they have permissions to see.

b) it can be used by anyone with an account at any fediverse instance that supports the Mastodon API.

The Boost and Favorite buttons will allow you to boost or favorite content directly from the feed, while other options will allow you to give more or less weight to certain content.

All calculations necessary are done locally on your device and your content recommendation preferences never ever leave said device.

Finally, in regards to data safety, it'll act like a regular Mastodon client which holds a small ephemeral cache that is cleared regularly as new content is read. Content itself is ephemeral and will only be cached to give the user the chance to view their recommendations upon the next login with a certain maximum. Content below a certain threshold is thrown away immediately.

It will have a specific UserAgent in case any instance admins want to limit it, but I don't think there should be a problem since it's a regular client in all ways except for sorting posts not chronologically but by a score that is calculated locally.

Wander, to OpenAI
@Wander@packmates.org avatar

I might be completely mistaken but in corporate speak "not being consistently candid in his communications", imho, likely means that he overpromised in some way and was selling one reality to the board while knowing that X, Y or Z are not realistic.

If anyone has the real scoop behind Sam Altman being fired as CEO of OpenAI please let me know.

Wander, to github
@Wander@packmates.org avatar

Okay, at this pace I'm 100% getting banned.

While there's hundreds of uncensored models out there, it's only fun if you know you're not supposed to do it.

18+ Wander, to petplayyiff
@Wander@packmates.org avatar

Pup for sale (by skylardoodles)

I'm testing why cloudflare is rate limiting me so aggressively when trying to upload media. So have a free yiff image by Skylar doodles.

Artist: https://furaffinity.net/user/redfeatherstorm

cc: @petplayyiff

Neverfadingwood, to random
@Neverfadingwood@lingo.lol avatar
@Wander@packmates.org avatar

@Neverfadingwood I'm doing this right now!

Wander, to ai
@Wander@packmates.org avatar
Wander, to random
@Wander@packmates.org avatar

Hooray! We now have the whole suite of @volpeon emojis at packmates.

Thanks to @chirpbirb for sending me the source <3

@Wander@packmates.org avatar

@anthropy @volpeon @chirpbirb

inside the live folder just create import_emoji.rb with nano and copy the contents of the file in the repository.

Execute as instructed in the repository.

you can do this if you want:

bundle exec rails runner import_emoji.rb mastodon packmates.org  

This copies all of our emojis which you're more than welcome to do if you want.

You can go here to examine instances and their emojis:


Note, they're not categorized when you copy them. I had to go into the database to categorize them in an efficient manner.

Wander, to random
@Wander@packmates.org avatar

I need more horny talk on my timeline.

Especially those first or second person stories that have you imagine scenarios.

Wander, (edited ) to selfhosted
@Wander@packmates.org avatar

The future of selfhosted services is going to be... Android?

Wait, what?

Think about it. At some point everyone has had an old phone lying around. They are designed to be constantly connected, constantly on... and even have a battery and potentially still a SIM card to survive power outages.

We just need to make it easy to create APK packaged servers that can avoid battery-optimization kills and automatically configure an outbound tunnel like ngrok, zerotrust, etc...

The goal: hosting services like , , !? should be as easy as installing an APK and leaving an old phone connected to a spare charger / outlet.

It would be tempting to have an optimized ROM, but if self-hosting is meant to become more commonplace, installing an APK should be all that's needed. can do SSH, VPN and other tunnels without the need for root, so there should be no problem in using tunnels to publicly expose a phone/server in a secure manner.

In regards to the suitability of home-grade broadband, I believe that it should not be a huge problem at least in Europe where home connections are most often unmetered: "At the end of June 2021, 70.2% of EU homes were passed by either FTTP or cable DOCSIS
3.1 networks, i.e. those technologies currently capable of supporting gigabit speeds."

Source: https://digital-strategy.ec.europa.eu/en/library/broadband-coverage-europe-2021

PS. syncthing actually already has an APK and is easy to use. Although I had to sort out some battery optimization stuff, it's a good example of what should become much more commonplace.

cc: @selfhosted

@Wander@packmates.org avatar

@southsamurai Oh that's definitely a huge concern, but not just for self-hosting but for privacy in general.

But still, if the average joe wants to self-host something using an old phone is probably the easiest way to get them to try self-hosted alternatives and drop corporate / commercial services.

Maybe not the 'average average joe' such as my parents, but anyone who is minimally curious enough to do stuff such as registering a domain, setting up a game server for friends and maybe has opened the CMD windows console once or twice in the past following a tutorial. That kind of demographic (IDK if it has a name) might be much more inclined to self-host if it was as easy as installing an APK and letting your phone one somewhere at home.

Overall as long as Android doesn't become straight out malicious spyware itself, the benefit of dropping commercial alternatives might very well be a net positive. In a worst-case scenario, any tunnel / vpn configuration necessary to expose a service to the internet could also add an automated step to blackhole requests to google's tracking servers.

@Wander@packmates.org avatar

@ahoyboyhoy @selfhosted Nice. I remember trying it out once. Actually I might use that to follow my own advice and self-host at home once I retire my current phone.

True, I haven't had the need because I know how to run stuff on a server, but for personal files it's probably better to host things at home.

@Wander@packmates.org avatar

@AMS @selfhosted yes, hopefully we'll see an explosion in self-hostable alternatives that can be installed as easily as syncthing.

@Wander@packmates.org avatar

@ahoyboyhoy @selfhosted How old is the phone and what version of the OS are you using? I was under the impression that modern phones bypass the battery when connected to the charger and having full charge.

Regarding limiting the charge, I believe there's some software calibration you can do which would allow you to set it to 50%. I'm no expert in battery or repairs at all, so someone else might have a better idea.

@Wander@packmates.org avatar

@TCB13 I'm not an expert in the matter but I wonder how large the attack surface actually is for a web service that has a single port exposed via a tunnel which can even contribute to doing some security filtering.

The application / server component can actually be updated since it's just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.

Basically, while flashing a new ROM would be ideal, I think there's likely a way in which a sandboxed and possibly even updated environment with updated TLS cyphers, CA stores, etc... can be run in a secure manner on top of a stock Android ROM.

Furthermore, developers packaging their apps into APKs could run security checks and by the time it says "your OS is insecure" you're already on your third phone and can host stuff on your second. I mean... Android phones are in their prime for two/three years at most in my experience :P

@Wander@packmates.org avatar

@RegalPotoo Maybe I should have been more specific in the wording of my title.

No one planning on hosting public multi-user service that would see some serious traffic would probably benefit from hosting on a phone.

Someone who wants to simply run a single-user instance or their personal nextcloud? I think that's a real possibility.

Wander, (edited )
@Wander@packmates.org avatar

@selfhosted Update:

  1. Just to clarify, the the whole point is that Android makes it easy for less tech oriented people to host small single user / family services.

It does not need to be perfect, have massive throughput or allow for massive amounts of read/write cycles.

If people can host their own media server like Jellyfin or note taking apps like Joplin instead of using commercial services by simply installing an APK on an old phone they can leave connected at home, that's already a big win.

  1. Regarding device longevity, Android 13 apparently supports / will support full KVM emulation. Windows can be run if you have root while android based VMs are expected to be possible without the need for root. Since this type of virtualization allows VMs to run their own kernel, keeping the "server app" updated should allow the user to be protected even if the host OS is outdated as long as these server-app-VMs are trustworthy themselves.
@Wander@packmates.org avatar

@leggylav @selfhosted OMG, yes, thank you <3

I finally feel understood now :vlpn_cry:

@Wander@packmates.org avatar

@benjohn @selfhosted 6-8 GB of RAM with powerful CPU and GPU that was designed to run games and can in some cases run small AI models is nothing to scoff at imho.

@Wander@packmates.org avatar

@MigratingtoLemmy use a hammer to break the screen, control via adb :vlpn_happy_blep:

@Wander@packmates.org avatar

@Omniraptor ah yes! Probably that's why.
Actually the whole original post was sent via Mastodon.

I tend to write posts that I share to my Mastodon followers and then at the end I mention a Lemmy community if I believe the community would also find it interesting.

@Wander@packmates.org avatar

@Omniraptor in theory Mastodon will show a "read more" button for longer comments. Top level posts sent from Lemmy often require clicking the link to view them in full and content isn't ordered by votes because they don't exist.

So, it's a bit messy to read Lemmy from Mastodon, but posting something and then replying to comments on that thread is really easy.

Wander, to random
@Wander@packmates.org avatar

Oh, look at that.

I don't know who mentioned this the other day, but I'm happy to see this is actually a thing now.

When an admin tries to block another whole instance it gives a summary of how many connections will be severed, which is good because domain blocks are a nuclear option. In this case it was warranted though since that instance openly allowed harassment.

@Wander@packmates.org avatar

@philpem not sure, but I don't think so.

Tutanota, (edited ) to random
@Tutanota@mastodon.social avatar

It's !

Time to remind everyone that a backdoor "for the good guys only" is simply not possible.

By demanding encryption backdoors, politicians are not asking us to choose between security and privacy. They are asking us to choose no security. 👇


@Wander@packmates.org avatar

@Tutanota you simply can't but controlled selective access into math. It's as simple as that.

Wander, to mastodon
@Wander@packmates.org avatar

In a world run by corporations, using is a simple yet meaningful act of defiance.

If you're reading this, I'm proud of you for choosing to make a difference :vlpn_happy_heart:

(edit: technically all platforms apply. Please don't feel excluded firefish, akkoma, lemmy, pixelfed, etc. users)

@Wander@packmates.org avatar


@Wander@packmates.org avatar

@KayOhtie @Wander It wasn't working for the longest time. And I believe it still only works for SFW posts, not NSFW posts. But basically the reason I'm surprised is because either lemmy or mastodon weren't talking to each other before and now due to some change it works (albeit not always).

@Wander@packmates.org avatar

@AdellcomdoisL @Wander Actually that's my preferred option but then I was worried that by not having an option for andromorph or gynomorph characters it could also be some sort of erasure. I definitely need more feedback / opnions on the matter.

RiverSongFox, to random
@RiverSongFox@packmates.org avatar

How about you collar and chain this fox, so that its wet maw and warm tail hole are always there at your convenience? :blobfoxpleading:

@Wander@packmates.org avatar

@RiverSongFox people should install a small D-ring on the underside of their desks so that they can easily clip your leash to it and keep you busy beneath it.

@Wander@packmates.org avatar
@Wander@packmates.org avatar

@noxypaws @RiverSongFox @gray where's 14 werewolves when you need them?

Wander, (edited ) to meta
@Wander@packmates.org avatar

Announcing status.packmates.org and status.yiffit.net

Heya everyone!
I've been mostly silent for some time, but it's all with good reason (I promise!)

Over the last few days I've spent a lot of time on server maintenance. Many of these changes will be invisible to you as users (such as getting a /48 ipv6 range, setting up SLAAC/DHCPv6, reviewing security and firewall rules, etc...)

But today I set up something that I can share: status pages!

Head over to:

(they're the same page actually, but the different domain is to make it easier to remember if you're a user of one site and not the other).

There's a slight caveat in that the status page is hosted on the hypervisor itself, so if that goes down, everything goes down but you'll at least know by not being able to load the status page itself!

Ideally I would host this somewhere external but we're not there yet. One day I hope to even have a server cluster for redundancy, but we'd have to host many more services to be able to justify this.

cc: @meta

@Wander@packmates.org avatar

@LittleFox I am officially your fan now, then. Because I would like to do overkill stuff as a hobby as well.

Wander, to infosec
@Wander@packmates.org avatar

Quick question about DNS and DoH that I thought about after reading this post:


Wouldn't it make sense for Firefox or another third party to bundle and transparently forward all DoH requests to cloudflare so that:

A) Cloudflare doesn't know who made what request due to not knowing the origin

B) Firefox doesn't know who made what request due to TLS

CC: @privacyguides

Wander, to fediverse
@Wander@packmates.org avatar

In the wake of and controversy, I would like to highlight the existance of the approach.

Remember , ISPs being common carriers and them not meddling with the pages users want to see? This is similar.

Under a "remote neutral" approach each instance leaves the tight opinionated moderation policies to their own users users and the content their users generate or share with the aim of running a safe and welcoming instance for their members that's safe to federate with.

However, remote content is only moderated whenever there is a report and only blocked if it's straight out illegal to host / cache or constitute unsolicited spam/harassment. Otherwise objectionable remote content is limited at most and users can block it if they want.

I can't stress enough the benefits this has:

  1. It makes moderation feasible for small instances

  2. It does not fracture the fediverse unnecessarily

@Wander@packmates.org avatar

In practice if there's a new 'anti-lgbt' instance users at packmates.org could read their posts because we wouldn't block them... but in practice this never happens and our server doesn't know these instances exist since none of our users would follow these accounts anyways.

Essentially we need to remember that every remote account is technically 'blocked' by default, in the sense that its content won't even reach your server unless your users are interested in it.

Thus, I believe that my focus should be on moderating the content that our userbase publishes and shares while I couldn't give a flying fuck about the droves of objectionable content there's on remote instances. I don't have the energy nor do I need to care about it until it somehow reaches my instance in which case I'll block it if it's illegal or limit it if objectionable but not illegal.

@Wander@packmates.org avatar

By limiting remote content at most (unless illegal) I protect our users while also avoiding overzealous domain blocks which can be problematic as we've seen over and over again.

If the is split on whether project A is good or bad, has good intentions but bad execution or good execution but bad intentions... it doesn't matter too much. There is no need for us to position ourselves or try to learn about a new controversy that has recently popped up.

If it could impact the user experience by appearing in our federated timeline, we'll limit them but we avoid jumping the gun or causing irreversible damage by avoiding remote blocks whenever possible unless this remote content is evidently illegal to host / cache or constitutes spam / harassment.

I hope this exemplifies a little the concept of , while focusing moderation on local users and content.

Wander, to random
@Wander@packmates.org avatar

How I thought would impact me: "I have light asthma, so I better make sure I have my inhaler, do breathing exercises, monitor my O2 saturation. I know this will be hard on my lungs."

What it ended up being like:
"It's day four and the virus has already committed multi-generational genocide against my gut biome. Blood is running through the streets of gastrointestinal city, the nutrient absorption facilities have been shut down and everyone of its workers executed in cold blood. And I'm here sipping on glucose packets so I don't pass out during cramps and other traumatic happenings..." ( this was me yesterday )

I was even admitted to the hospital for half a day when I went for a consultation regarding possible complications and almost passed out.

I shudder thinking about the possibility of it having impacted my respiratory system in the same way.

Wander, to privacy
@Wander@packmates.org avatar

Federated wireguard network idea
Any feedback welcome.

Let's keep things stupidly simple and simply hash the domain name to get a unique IPv6 ULA prefix.

Then we would need a stupidly simple backend application to automatically fetch pubkeys and endpoints from DNS and make a request to add each others as peers.

Et voilà, you got a worldwide federated wireguard network resolving private ULA addresses. Sort of an internet on top of the internet .

The DNS entries with the public IPv4 / IPv6 addresses could even be delegated to other domains / endpoints which would act as reverse proxy (either routing or nesting tunnels) for further privacy.

Maybe my approach is too naïve and there are flaws I haven't considered, so don't be afraid to comment.

Exact use cases? Idk, but it sounds nifty.

cc: @fediverse

Wander, (edited )
@Wander@packmates.org avatar

@breadsmasher I have no idea how Tor works. In this case I would say most peers would have no problem disclosing a public IP, but it could have benefits in making resources in a private network accessible and as long as the endpoint can be reached those resources would be hosting provider agnostic.

I would say this is less about hiding user activity than it is about logical networks, abstracting away the hosting provider and allowing to knit together self hosted services, regardless of where they are hosted.

@Wander@packmates.org avatar

@nysepho @fediverse there would be routing without being peered directly by delegating your endpoint to another peer you trust (this can create an infinitely long routing chain depending on where you latch on so to speak, but you would be in control)

@Wander@packmates.org avatar

@fediverse I've read that this is called an overlay network. Unfortunately many of the ones I've seen documented focus on keeping things in their own private networks which is okay but not fun.

ULA addresses require no permission and were designed precisely to knit together private networks. We can just use domain names and convert them via checksum into a static ULA /48 prefix. DNS can be used to announce routes, or eventually something more BGP-like given that ownership of a domain can be verified and thus authorization to announce routes.

If domains ever become a bottleneck one could use private TLDs with some consensus mechanism and even create multi-layer networks this way where packmates.layer.1 and packmates.layer.2 are two different networks even though they might have the same address range.

Anyways, I'll go out and touch some grass now.

@Wander@packmates.org avatar

@despotic_machine thank you. This sounds interesting!

Wander, to meta
@Wander@packmates.org avatar

We now have hourly snapshots / backups!

I'm happy to inform both packmates.org and yiffit.net users that both sites now benefit from the ZFS filesystem that the new server has been set up with.

I have implemented automated hourly snapshots for 24 hours + daily snapshots for 31 days. In theory they will only grow in size if there's actual changes to the disk of both VMs and I should be able to have enough space.

Furthermore, local snapshots are complemented by the daily offsite backups which allow us to recover even if the full server were to suddenly explode. Full backups are first created on the server itself and then copied offsite so that for a full week we have two independent copies of each day.

Depending on space usage I'll make sure to replicate the offsite repository so that there's two offsite copies for the last 31 days + 7 local copies. That would be 69 individual full backup files + snapshots.

I hope I'll have enough space with deduplication.

cc: @meta

briankrebs, to random
@briankrebs@infosec.exchange avatar

We're big supporters of the EFF, but I can't get on board with the idea that somehow it's wrong or a slippery slope for Tier 1 ISPs to be blocking Kiwifarms.


@Wander@packmates.org avatar

@briankrebs As much as I hate KF I must agree with them on this though.

There is something fundamentally wrong to blocking content without prosecution or it being ordered by a judge. Otherwise you'll have ISPs acting like Facebook and banning stuff because it's not "advertiser friendly" or whatever.

The real problem with KF is that the owners are known and still not in prison.

Get a warrant, close the site with a judicial order and arrest the owners.

poe, to random
@poe@social.arcanelab.net avatar

I've tried following some tags but it looks like they only appear in my feed when someone i follow reposts something with that tag.

Is it possible to follow some tags from all instances my server is aware of or follow certain tags from specific instances?

@Wander@packmates.org avatar

@poe your server isn't aware of which accounts exist on those instances unless someone follows them... or you use relays.

Try these four relays to get access to the 'furryverse'.

You'll have to message their owner to be added since they're whitelist only. Remove /inbox from the URL to get to their homepage and owner contact details.

Wander, to proxmox
@Wander@packmates.org avatar

What I've been busy with lately

About three weeks ago I started renting a new dedicated server which is going to host both packmates and yiffit very soon.

Because the server isn't hosting anything yet, I've taken the opportunity to play around and try out different configurations, including ZFS, LXC containers for small services, VLANs for better isolation ( which I did manage to get working ), wireguard tunnels, improved firewall rules, security groups, iGPU passthrough, etc...

Tomorrow I'll wipe the disks, install from scratch and make it production ready.

Then it should be as easy as loading a full backup from both yiffit and packmates to complete the migration ( but I'll announce this last step in due time).

Am excited wags :dogcited:

cc: @chat

  • All
  • Subscribed
  • Moderated
  • Favorites
  • morbius
  • Kemonomimi
  • tacticalgear
  • everett
  • Youngstown
  • InstantRegret
  • rhentai
  • NeutralPolitics
  • tester
  • osvaldo12
  • DreamBathrooms
  • Egalitarianism
  • ethstaker
  • slotface
  • kopitiam
  • smallboobs
  • cisconetworking
  • Durango
  • oldschoolgamer
  • normalnudes
  • cubers
  • GTA5RPClips
  • TeamSpeak
  • OmnivoreApp
  • Leos
  • lostlight
  • modclub
  • relationshipadvice
  • All magazines