@TheGibson

Registry of instance to a peer to peer shared federated list of instances

and with the moderators and hosts of the

Theres so many already!

Facebook is going to be regulated soon anyway, is my tangible reality goal. They aren't going to be. At all. Go away entirely fb

@TheGibson

So I've been brainstorming since the last toot

Is there a mastodon specific security group or instance set up or on chat?

Or just people who are looking for a puzzle?

@thegibson @Food The other thing to look out for are large quantities of instances on related IP blocks. Major corporations often pay for large IP address spaces, in part to work around spam blacklists.

@vertigo

@TheGibson

I'm looking for a solution about how GitHub's parent company is now Microsoft

Something we can use as #foss and such that has nothing to do with that recent company grab

@waterbear @Food @thegibson It's one of the reasons why my projects are managed and even hosted using #Fossil.

It's definitely not for everyone though.

@waterbear @Food @vertigo @thegibson

github is not open. It's not very good either, as it requires running massive amounts of javascript to work at all, and still doesn't accept email for pull requests.

@waterbear @Food @vertigo @thegibson

*gitlab

@agris @waterbear @Food @thegibson I'm not familiar with using email based workflows with raw git. Is there an online workflow description that works through how it's done? Thanks!

@vertigo @agris @waterbear @Food

Gitlab is the current play.

@thegibson @vertigo @agris @waterbear @Food

no love for gitea?

@remotenemesis @vertigo @agris @waterbear @Food

Gitea is fine... I just don't see as many dev's moving to it as gitlab.

@thegibson @vertigo @agris @waterbear @Food

gotta fix that. gitlab is another github waiting to happen.

@remotenemesis @thegibson @vertigo @agris @waterbear @Food its just a matter of time really.

@gentoorebel @thegibson @vertigo @agris @waterbear @Food

I agree. If one just wants to give a company money to make a problem go away (valid), why even switch from github to gitlab?

If one cares about FOSS, maybe its time to take a stand.

@remotenemesis @vertigo @agris @waterbear @Food

Explain.. I am not aware of why... I thought it was not centralized.

@thegibson @remotenemesis @vertigo @waterbear @Food

the repo itself isn't centralized thanks to the very nature of git, but the ability to send pull requests and issue tracking is.

For contrast, look at how Linux handles their PRs and issue tracking https://lkml.org/lkml/2008/12/30/87

@thegibson @vertigo @agris @waterbear @Food

Google is an investor.

Not again.

gitea is supported by @cloud, although I haven't tried their containerized install yet.

I got mine and hope to share soon.

https://gitea.luckybytepalace.net

@remotenemesis @vertigo @agris @waterbear @Food

All I needed to do know... gitea it is.

@thegibson @remotenemesis @vertigo @waterbear @Food

Why is Gitea's source code managed on GitHub? Do they not trust their own software?

@agris @thegibson @vertigo @waterbear @Food why don't you ask them?

@thegibson @vertigo @agris @waterbear @Food

You have a good point tho, the exodus has been to gitlab, but I struggle to see how it is any different/better.

@remotenemesis @vertigo @agris @waterbear @Food

Probably why everyone headed there... it is the same.

@thegibson @vertigo @agris @waterbear @Food

Pepsi vs Coke.

@thegibson @remotenemesis @vertigo @waterbear @Food

Maybe it's because people would rather receive lots of hand holding rather than learn how to effectively use git. Rather than 'man git-remote' and 'man git-push' they use a centralized editor written in javascript on a centralized website that hides all the functionality and power of git.

@agris @thegibson @remotenemesis @waterbear @Food I somewhat embarrassed to admit that I find that I need the hand-holding until I'm ready to move beyond it, especially as I age.

For corporate applications (which, arguably, most projects on Github are), its interaction model is nearly ideal. It mimics closely enough the centralized VCS organization that it's easy for companies to adopt, but has just enough DVCS features that enables collaboration. I suspect that is why it took off so well.

@vertigo @agris @thegibson @waterbear @Food occasionally remote development vs always remote development.

@remotenemesis @agris @thegibson @waterbear @Food Thank you; that's a more succinct and poignant way of putting into words what I wanted to express.

@vertigo @agris @thegibson @waterbear @Food

also well worth considering that github URL's are baked into most of the third-party ecosystem for golang.

We've all become rather too comfortable with pulling arbitrary code from the internet into our compile chain.

@vertigo @waterbear @Food @thegibson

This is how Linux is developed, although though use a mailing list. Git over Email is effective because it is decentralized and does not require developers to create accounts or accept other system's policies to submit patches and bug reports.

Another, extremely simple model of using email for git is creating your own public repo at say, git.example.com/somerepo and sending an email to the maintainer of some software, "Hey, can you please merge my branch 'master-somenewfeature' located at https://git.example.com/somerepo ?"

check out http://alblue.bandlem.com/2011/12/git-tip-of-week-patches-by-email.html

There is a reason there's an email field to setup when running git config.

Take GitHub as a really an example of why walling off collaboration behind a sign-in is a bad idea. I've had to fork plenty of projects simply because I couldn't participate in their development without accepting Microsoft's/GitHub Privacy Policy and Terms of Service.

@Food @vertigo @thegibson

Just setup cgit on a NGINX server with fcgiwrapper

@vertigo

@TheGibson

How about this

Developers need to get paid enough for food, water, shelter, healthcare, so they can live their ethics and values, avoiding being compromised

Moderators who also need to get paid a bit or donated to can have an allotment of individual accounts number they're ideally responsible for personally verifying person as person and making sure they have the basics of security and data storage in check

@vertigo @TheGibson

Backups of data have to be places that are redundant, and owners hosting instances need to make sure they're on top of the management of the small bits of security that add up. Also would be good to pay them

@hugo setup comes to mind

@vertigo @TheGibson @hugo

Creating and refreshing an open redundant list of the fediverse and all attached instances and users and how many each instance has in overlap can help us identify weak links and see if there's any vulnerabilities in the awareness linkup

Sorta like finding broken packages, only we'd have a list of traits of nonreal cues to watch for and when finding a part, removing it somehow probably by alerting surrounding mods

@vertigo @TheGibson @hugo

Thinking of vulnerabilities of servers hosted on proprietary or at least insecure hosts, how to encourage hostings on places that are guaranteed to be as close to values and ethics in running server as possible

And having identified list of those server instance spots

@TheGibson @Food
For one, whitelisting needs to be more of the norm, and people are going to have to be selective about who they federate with anyways even among normal instances.

@lertsenem
Auto block with white listing could be one way.
@mirzaba @TheGibson @Food

@rick_777 @lertsenem @mirzaba @thegibson @Food How should a new instance establish itself if it can’t federate without first being on a whitelist?

@duck57 @rick_777 @lertsenem @mirzaba @Food

a problem...

After some thought... maybe the natural way an instance slowly federates is enough to make it un-economical to abuse.

but I feel like this could be scriptomatically overcome by selective high value follows...

@duck57 @rick_777 @lertsenem @TheGibson @Food
much like a user would look for an invite or apply to an instance, people in said up and coming instances would take it to themselves to make a case for federating with their instance. Or show their ToS or something to ensure they mean business with moderation

@mirzaba @rick_777 @lertsenem @thegibson @Food Maybe the default is muted by default: new instances can follower whomever they like (so long as the account they want to follow isn’t on a strict whitelist instance) but manual approval is necessary for posts and replies from the new instance to reach existing instances.

@TheGibson @Food
>Instance registry

>looks at eris.Berkeley.EDU
>looks at Q-line
>looks at EFNet

history likes to repeat itself, doesn't it? :P

@Wolf480pl

@TheGibson

Hence I'm proposing the owners and moderators get to know each other as people lol

Conferences for mastodon doubling as a user's convention

@Wolf480pl @Food

I am not necessarily suggesting it as the solution... but I don't know how we make ourselves resilient to abuse of the open system without some sort of whitelisting.

That said, yes... we tend to repeat ourselves.🤔

@TheGibson

@Wolf480pl

Its good to look through all the ideas for sure

What we have that the centralized dont is individuals who are people who are more than paid to care

@Wolf480pl @gilscottfitzgerald @thegibson @Food

#Hackers + #kids + #education: that's the solution.

@TheGibson @Food

IMO, to a certain extent, this is a question of what our goals are.

Is our goal to have a federated network which _everyone_ can join with their instance, then we should allow Facebook et al. join us, and we should work on ways to make sure that the joining of Facebook won't cause harm to people on other instances.

If our goal is to have an isolated safe space away from mainstream socnets, then whitelisting would be a good approach, but it wouldn't be "Fediverse" anymore.

@TheGibson @Food
Keep in mind that for many people a rule like "if you want your instance to join the Fediverse, you need to contact a *real person* who already has an instance and have them vet your application"
would be a showstopper.

@Wolf480pl

@TheGibson

I'm for whatever instances from whoever person or not, as long as they're able to enforce code of conduct and uphold really being mastodon socially

@Food @TheGibson
But there isn't a single code of conduct governing the whole Fediverse. Every instance has different rules, and most of them can still live peacefully together, despite the differences.

Also, it's not just Mastodon. It's also Pleroma, Pixelfed, Friendica, Hubzilla, Misskey, Peertube...

@Wolf480pl

@TheGibson

Heh this is where religious sects branch off and all

Calvin, church of england, reformists vs that-word-that-means-strictly-the-same

@Food @Wolf480pl

It wouldn't be the first fediverse schism.