It's a "typical" Rails application: large, convoluted, lot's of moving parts, and services, and generally slow as molasses (solved by throwing more hardware at it). As experienced Rails dev(ops), I managed to run and help run an instance, but it's not something done on a friday afternoon, let alone scale up.
What we really need in this landscape is dead simple services. I'm thinking about the difference between setting up a gitlab or a gitea. The first is Rails, needs ruby, gems, bundler, workers, database server, redis, mailserver and whatnot. And thats for manually installing on a server - no pipeline or anything to manage future changes. The second a single binary (pre compiled from a go codebase) everything statically linked (even sqlite is built in, with option to upgrade to postgres). Plop it on a server start it and go. For an intranet you might even skip putting a server/https in front, just run on exposed ports.
We can dockerize all the ruby-stuff, but that might make it easier, it doesn't make it simpler, it really makes it more complex. And the performance-issues aren't solved.
The fediverse needs this as well: just plop a binary on your VPS or homeserver and you're running. Such lean and simple servers are being worked on, but Mastodon itself is a huge, slow and hairy beast.
There are plenty of other choices. Pleroma[1] is probably the biggest competitor and is lightweight enough that you can deploy it on a raspberry pi. It's written in Elixir which takes a bit to set up, but the devs offer OTP releases that don't require you to have Elixir installed to use it and are the closest to "single file" deployment you get. Resourcewise it takes up only a fraction of what Mastodon demands in terms of memory & cpu usage.
DB backend is postgres. It's also by default far less cache heavy than Mastodon (which caches every external attachment, avatar and header locally, which causes a lot of issues since it's the main reason instances run out of disk space).
Featurewise it actually surpasses Mastodon on almost everything except for not offering a tweetdeck-like UI.
I'm aware of Pleroma, but didn't mention it because I find that allthough it's easier than mastodon, it hardly is simpler. And being easier, IMO, isn't enough. The focus of pleroma is very much on the "lightweight" part. Which is good, bc that also desparately needs a solution. But we really need something that is all of it: easy, simple and lightweight. Not just easier and lightweight.
Having used Mastodon for years now, my experience has been that when I receive an abusive/spam/troll message it's a safe bet that it was from a Pleroma instance. I know I'm lot alone in defaulting to distrusting users on Pleroma instances. Just something for new fediverse users to keep in mind.
I know this exists. As does NextCloud. But what solution or use-case does it serve? I honestly cannot see it. Neither for WP nor for NC.
ActivityPub is -aside from a protocol- something that is designed for social networking mostly. How does "adding a WP plugin" help? Why would I want to connect my blog or website to this fediverse? Is it just so people can get my blogposts in their timeline? Because that's the only use-case I can see, and that problem is easily solved with RSS (and a bot).
I don't know how Wordpress or NextCloud uses it, but for my own use I'm considering building a comment system for my sites around in, on the basis that having comments about my posts exposed to the fediverse seems like a good way of increasing reach.
(there's the challenge of length; there's no problem upping the post-length for comments etc., but many instances will reject them, so you do face the issue of having to replace the body of longer comments with a link to a page, which is sub-optimal but doable)
Wordpress have same problem of being slow POS that in addition needs to be constantly updated for security issues.
Hell, we even got one of our clients (we just provided hosting for some of their stuff) getting half-hacked while setting it up (they were not exactly the developer type). Half-hacked because we required app-to-internet traffic to be ran by proxy so the final payload didn't get downloaded on the server, hilariously enough.
I would advise against soapbox actually. The developer got kicked off the Pleroma project after badgering other maintainers[1] (which he admits to doing) for reverting a technical decision he forced through after it was deemed to be not very useful to the project and encouraged bad practices (the fediverse uses a protocol called WebFinger to find other users, the developer wanted to add a bunch of alternate endpoints to avoid having to use WebFinger for his personal frontend).
He also had a history of more bad technical decisions to make Pleroma's backend cause problems with with the rest of the fediverse if the rest of the fediverse doesn't use his custom frontend and insulting developers who pushed back on that decision[2].
Better maintenance seems like a really dubious claim when the lead maintainer is this unwilling to co-operate with the existence of other tooling and openly insults anyone disagreeing with his technical decisions. There's also a couple of PR reasons to not want to associate with him, but those are largely off-topic.
The rest of the Pleroma project by contrast is fairly stable and it's developer team has been nothing but polite when it comes to handling support issues.
> There's also a couple of PR reasons to not want to associate with him, but those are largely off-topic.
They're more than PR reasons if you're one of his "wrong sorts"; personally, I'm not confident trusting (for practical reasons) or comfortable using (for emotional reasons) a piece of software whose MDfL doesn't think I should exist.
It's probably off-topic for this discussion, but it's important to keep in mind if you're building a little community on the Fediverse: your choice of software ties your community's culture – at least partially – to the community of the developers. Your users will want to submit bug reports, and so on.
I do agree with you completely there, it's just that HN doesn't tend to take well to pointing out that particular stripe of awfulness and that makes it a non-starter as a reason.
He's definitely a case where I would broadly recommend marginalized groups to stay far away from his tooling if they are planning on interacting with the development team in any way. The man is an demagogue (and openly proud of it) and an understated element to his bad behavior in co-operating with others is that it's in part driven by that demagoguery (just reference the blogpost in the previous comment and how much of it is dedicated to crying about "cancel culture" where the reality is really just that he was an asshole to people and they showed him the door[1], very little about it had to do with his (IMO shitty) opinions.
As far as software choices go; Fully agreed, although I always recommend people to not just go by public reputation and to always investigate before making a decision (in the case of Soapbox, you'll notice I linked both the developers resignation post and the post that caused relations with him and other maintainers to seriously start souring, so that one can make their own assessment).
Pleroma for example got initially accused of being developed by neonazis due to an early instance modifying their source code to ignore incoming message privacy flags, everything was just set to be on the public timeline, all of the time. It's in reality completely wrong; in fact numerous developers to the software have been rather staunchly anti-fascist even since its very beginning, but that wasn't known by the public so the reputation of the project got tarred for years. Similarly, one admin blamed not removing hateful content on not having the tools, again, completely wrong, but then Pleroma got tarred with "not having basic moderation tools", even though it ironically has the must fine-grained moderation tools compared to anything else out there (you can literally write your own bit of code to automatically moderate and integrate it in the software itself if you wanted to).
Finally when it comes to users submitting bugs: with the fediverse that usually doesn't actually directly go to the developer but instead lands at the feet of the instance maintainer, who makes the decision on whether or not to report it to the developers community. There's a certain sense of connection, but it's usually not as deeply tied as one would think.
Is it vilifying when you provide sources of a person's negative behavior?
"I'd recommend against this open source project because it has a solo author who has a track record of not playing well with each others" strikes me as statement of fact, not vilifying.
About a month ago I had a mechanic call me pissed and tell me they didn't want to work with me anymore if I didn't trust them. I had been asking questions over text.
That this happened is a statement of fact.
I'm taking my old ford explorer over to him this weekend. Do you know why?
Because I asked him what was wrong and explained the intent of the questions. We've had a working relationship for over 2 years, he was obviously having a bad day. No harm, no foul, humans are humans.
And yet, his negative behavior is a statement of fact. Imagine if I then went around town telling everyone not to use this man because he "doesn't play well with others". I mean, it's only a statement of fact, right?
Point of fact, the engine light in the truck came on earlier this week, I called him up and then drove it over so he could check codes (O2 sensor needs replacing). Had a conversation with him, where he told me his wife is living in Arizona to be a live-in baby sitter for their kids new baby, and he drives over there every other weekend (I knew his wife was in Arizona, but didn't know why).
You're campaigning against a piece of software because you don't like the author. Not for technical reasons, but because the author "forced" (your words) stuff onto other people, then after these innocents reverted it back in defense of the whole of fediverse and he got mad and said mean stuff, so now we need to defend the reader (me, and everyone else) from his meanness.
I feel like this is personal for you somehow and I don't know why. I'm not "campaigning" against anything, I posted one comment on a message board. Let's try to avoid bringing hysteria into the conversation.
I'm glad you ended up having a working relationship with your mechanic but I don't think it's really relevant here. Your mechanic is not maintaining an open source project. He's fixing your car. Which is a great solo project.
I think you're confused about my perspective so let me be clear: I'm not concerned with "defending" the reader from "meanness". I'm suggesting that investing in any project run by a single person is risky: more than likely if that person quits then the project is dead. That's strike one. The fact that the single author has a history of being combative with open source collaborators suggests it might be harder for the project to ever move beyond being a solo project. That's strike two.
All of this is just common sense. I'm sorry if it rubs you the wrong way. If your mechanic decides to stop maintaining your car in the future there will be hundreds of other mechanics waiting to take the job (and, importantly, your money). A solo open source project depending on volunteers is a lot less likely to have that.
I'm starting to understand why you're personally invested in defending toxic online behaviour.
I replied to your post, responding to the issues you raised in your original post. Engage with it or don't engage with it, that's up to you, but don't fill the forum with nonsense. Absent any actual interaction with the points I raised this will be my last reply in the thread.
GP clearly and convincingly explained how there was nothing personal about their comments. You, OTOH, bring in your mechanic and his wife... And then get fucking hostile in response to a calmly reasoned explanation.
So no, it's definitely you who are bringing the personal drama here. To the extent that one can't help wondering, mr Random-string-of-letters-and-numbers, whether you are that hostile solo developer.
No, it's not about that. This developer created a fake website claiming to represent the whole Fediverse, à la https://joinmastodon.org/. His version recommends the following instances, in order, with the message "Browse a small sample of Fediverse servers that are welcoming to newcomers below.":
• Literal Neo-Nazi site. Defederated by nearly all of Fedi because they are literal, card-carrying Nazis.
• Transphobia-even-if-it-means-misogyny site run by his wife. Defederated by most of fedi, for harassment campaigns. Defederated from my instance for harassing a cis woman who worked at a feminist charity for, as I recall, having pronouns in her bio, which is apparently too much like solidarity for them. (There were a couple of good people on that instance, last time I checked. Well, one good person. I think she messaged me later, saying she left.)
• His personal instance that basically nobody uses. (It's too obscure to be blocked by most of Fedi, but it's blocked by most of the instances he tries to interact with; he inevitably breaks their rules.)
• shitposter.club: A kinda-okay, but not moderated to my taste, instance. Blocked by some of fedi; probably on the list because they still federate with his personal instance.
• freespeechextremist.com: A barely moderated instance that… well, I trust its sysadmin – sorry, its BOFH. And it is friendly. But it's a "free speech zone", with all that entails; there are some total arseholes there, and the only thing keeping them from causing major damage is the relentless bullying they get from the other users until they leave.
The bottom two are legitimately part of the Fediverse – albeit the shady alleyways of the Fediverse – but we've almost universally shunned the top three. This developer used SEO hacks to get his fake near the top of the search results. (Please don't link it here; we don't need to give it more SEO juice.)
He does not represent the people who make the protocols; he does not represent the people who curate the communities; he does not represent the communities; and yet he claims to, all the while decrying how mean the community is being to him.
We just want to live our lives, and use the 'net to talk to each other. If anyone's making this political, it's him.
Why is it fake just because you don't like the choice of recommended instances. Does it not make sense to recommend instances that are more open to federating with others?
made an account simply to say that when you say things like "The bottom two are legitimately part of the Fediverse – albeit the shady alleyways of the Fediverse" its really obvious how poorly you think of these other groups, such that even if they're still people using the same software for this, that because of their views they aren't "legitimate". i dont really get that, but i figure i'd say that when you lead off with They're Literal Neo Nazis, 1) people tend to not care (and if you or someone else does, dont join them, defed, mute. just let others live their own lives ffs) and 2) not all poast users are nazis even if many of them are, same with fse or spc or any other given. also as far as "no one uses his instance" idk i think 500 people is a pretty big amount to have a personal dev server.
if you want to just live your life, stop posting about how some guy who has no access to your life beyond you looking at his stuff or being shown it on fedi. just block the guy, mute instance, set up a reject, and fucking focus on something else. theres other shit to do that isnt giving a shit about some nerd on the internet that you dont like. theres so many other things in fact that i'd imagine you'd enjoy doing much more than thinking about Alex Gleason. have a good day yo.
> its really obvious how poorly you think of these other groups,
Nah, shady alleyways are great. I'm friendly acquaintances with quite a few people there, and it's legitimately the right place for them. They're just not places I'd send somebody new to the Fediverse to, for the same reason I wouldn't direct a tourist through the backstreets. Sorry if the analogy wasn't clear.
But the others? They aren't legitimate members of the community. They're not making the protocols; they're not interested in the ideals or in collaboration; and they want to hurt the people who are.
> when you lead off with They're Literal Neo Nazis
I don't know how else to describe them. What do you call somebody who puts Nazi armbands, pictures of Adolf Hitler, and the word 'Nazi' in their bio, and regularly talks about how much they want to commit genocide? People who are so aligned with Nazism that they even call themselves Nazis are not welcome. It's not just "views". They want to murder us. https://en.wikipedia.org/wiki/Nazism
> many of them are [Nazis], same with fse or spc or any other given.
Nope, couldn't find any Nazis on SPC. There are xenophobes and self-described fascists on FSE, but I haven't seen any card-carrying Nazis – and I've already said what I have to say about that instance, anyway. If somebody there starts causing problems for the rest of Fedi, they soon discover they can't take what they dish out.
There are disagreements about basically everything else, but the Fediverse does not tolerate actual Nazis.
> stop posting about how some guy who has no access to your life
To my knowledge, this is the second thing I've written about him that wasn't to him. (The first was my previous comment in this thread.) I don't have any particular reason to rant about him – but that doesn't mean I'm going to avoid discussing him when it's relevant.
He's not a stranger to me. While he was still tolerated in them, we ran in the same circles. I trusted him enough to approve his follow request.¹ The last conversation I remember us having – before I made some followers-only posts about myself that, apparently, put me on his 'undesirables' list – was me being excited to play his upcoming video game.²
It's not a case of him being kicked out of our spaces; he removed himself from them with his antagonistic and bullying behaviour. (He even tried to force people to use his protocols by deliberately breaking compatibility; that's not how the Fediverse works.) And now he's pretending he speaks for the whole Fediverse – something none of us do – when his software isn't even compatible with Diaspora*. And he's telling people that a group of Nazis is the Fediverse's idea of "welcoming to newcomers".
If he stopped being such a prick, I'd welcome him back. Because I liked him.
---
¹: He uses Pleroma, so everything short of DMs would've shown up on his Home timeline. Unlike Mastodon's Home timeline algorithm, this would've included unlisted replies to other people's unlisted threads, and my parts of 'followers-only' conversations even where he wasn't following the other participants. So, quite a lot of access to my life, actually.
²: The video game appears abandoned, now; it's unfinished, and hasn't been worked on for over two years. Must've dropped off his list of priorities.
As a complete outsider who thrives on drama, everyone sucks here.
Alex has shit opinions, 100%. But the back and forths in the Pleroma MRs linked are at the level of high school catty drama. And that applies to everyone in there, on both sides. I feel like every single MR listed would have gone completely differently if the people involved treated the others as humans and actually worked towards building better software. At the end of the day, the commits were simple enough and could have been worked on had the people there actually wanted to do that. But instead they all just turned into name-calling high school kids. In short, everyone there needs to grow up.
And while I agree that a one man shop in the form of Soapbox is likely not going to last, I wouldn’t put my support in for Pleroma based on what I read either.
That is what I noticed as well. The behavior of most of the people involved in these MRs were really toxic and unwelcoming whatever the reason might be.
> What we really need in this landscape is dead simple services.
I'm working on exactly that: a service that acts as an ActivityPub server (code[1], example[2], example application running on top of it[3]) for users in the form of a static binary. It supports multiple storage backends that can be selected individually or all together at build time and it can be extended to many more.
This is exactly what we need. The current landscape of Fediverse is too young: every application involves both functionality, identity and community. So you don't really join a network, but you join a specific community using a specific medium. You can't join multiple communities (ie follow multiple instances): you have to create multiple accounts, you can't follow a full instance but only individual instances. You can't have microblogging and forums from the same account, because they are different applications, so they are different accounts. You can't mix functionalities beyond the most basic, because they are not thought out together.
What we need is an AP store, and then applications build on top of it, like your project does. But at this point I question whether matrix wouldn't be a better platform
Some clients allow you to pin the public timeline of another instance. As for spreading beyond your home server, tags are key. With the right client, or the Mastodon web UI in advanced mode you can pin a series of tags as its own timeline, which updates in real time, so you can follow discussions of interests, grouped together, with results from across the Fediverse.
That sounds very nice and I must admit I haven't made a lot of research on this topic. But today the major servers are still sold as a building block for an "inside" community. You browse instance that are categorized by interests.
Basically, the domain has much more significance than it really needs
I feel like matrix solves a different problem, I believe that ActivityPub and Matrix can coexist. Honestly the very late game plan for the projects I'm working on is to be able gather under a single umbrella a suite of opensource applications to create a meta social network pod that can be easily launched in a similar way to Google apps on a custom domain (ActivityPub and Matrix for a starters). I think there could be enough money in that to gather venture interest, but sadly I'm very far from that moment.
I'm working on flockingbird.social, a "linkedin for the fediverse"[1].
Aside from a job-search bot, I haven't written many software, and it looks like what you are working on might actually be a very solid foundation. It's a pity my go isn't that established (rust and ruby here) but certainly will consider this going forward. Huddling around common base libraries is also certainly something the fediverse needs, rather than re-building AP again in "language X".
[1] The hardest part has proven to be the fact that "linkedin" is an entirely different product depending on who you ask. It solves entirely different solutions, depending on who you ask. And it has entirely different features, depending on who you ask. Turns out LinkedIn is quite hard to "copy", "port" or even define for the fediverse. Aside from that this makes it a giant task to do. Is it a place to find jobs? To recruit? To keep in touch with colleagues? To connect with other entrepeneurs? To spam lame motivational quotes? To pitch your book or a Rolodex-on-steroids? Its all of that and more.
If you're working in rust I would recommend to have a look at the go-ap/processing[1] package, which provides a close representation of what the ActivityPub spec details about how to handle each Activity type. It's not complete at the moment, but it should be readable (I think) even for non Go developers and, in my experience it's not the vocabulary that trips people up.
For your use case you probably need to define your own custom ActivityPub types and logic, but for the default ones, it's a good starting point (I hope). :)
The go-ap org on github has a mailing list you can reach if you have questions or feedback.
Contrary to the way matrix is developed and sold today, the protocol allows for way way more than chat.
There is talk at the moment about adding federation to got forges: let instances talk together, accounts cross post, etc. It's centered around instances and they have specific addons to interact. Matrix can make it work because it takes a radically orthogonal approach: rooms are front and center. Rooms can be joined by anyone anywhere. Rooms are replicated. The homeserver is a technical detail in service of the functional source of truth: the Room, an append-only log of arbitrary json. There is also a key-value store for arbitrary blobs to store binary stuff.
In the context of forges, a repo can be a room: events for issues/replies, events for merge requests, events for CI/CD blobs for actual code storage and releases, ... Anyone can join and push events, with the correct rights of course, so you have branches included. Everything is replicated. No one cares what instance you are from.
I seriously invite you to consider the semantically model of Matrix, it's pretty good.
I don't understand the question, it already supports comments. littr.me is basically a link aggregator and discussion platform that's very similar in UX to (old) reddit, hacker news and lobste.rs.
> The fediverse needs this as well: just plop a binary on your VPS or homeserver and you're running. Such lean and simple servers are being worked on, but Mastodon itself is a huge, slow and hairy beast.
Even if you get the tech stack solved to an easily deployable package: The problem is you still need to invest immense amounts of time on moderation. Some of that responsibility is enforced legally (e.g. CSAM, warez, US COPPA, EU GDPR, German NetzDG), some of it socially (e.g. kicking Nazis, conspiracy spreaders or other forms of hate speech out), some of it by the federation system (e.g. kicking spammers out) and some of it you need to do to keep your community healthy (e.g. kick general trolls and creeps out). If your instance allows adult material, gambling or games, you'll need to moderate your instance as well in some jurisdictions. And you'll need someone always available to support police, court and secret service requests.
Maintaining a service that hosts user-generated content is a thankless nightmare, and no matter what you do it is a huge liability. In the end, either you make your users pay for it in cash (subscription fees, patreon/gofundme/paypal donations), with their data (advertising) or you'll eventually burn out (such as the author of the blog entry).
Oh, and add on top of all of that the constant dealing with abuse: 4chan edgelords DDoS'ing your instance "for the lulz", random skiddies constantly running exploit scans against your server (which additionally means you have to have someone 24/7 to upgrade software in the case of a 0-day), people reporting your server / IP to blocklists to get you booted off the net... then you have to take care of hardware maintenance itself, making backups, testing backups. It's a full time job essentially, requiring an awful lot of time, money and connections (e.g. lawyers).
I run an instance and I really have none of these problems. Keeping open applications off solves a lot of them, you have to ask me for an invitation and I’m not going to give you one if I think you’re going to be a problem.
There’s a Patreon for it that pays the server bills despite it only being a few hundred users. My users even say thanks for running the place now and then. Running a small node of The People’s Glorious Social Network is a very different task than what you are outlining.
> you have to ask me for an invitation and I’m not going to give you one if I think you’re going to be a problem.
How do you vet applicants? Depending on the theme of the site, this seems like it might range from easy (gardening, cooking, ...) to excruciating (politics, medical).
A lot often is just a simple matter of "if I don't like you, I won't give you access, or retrospectively kick you off". And the other side is that if you, as user don't like that, there are thousands of other instances to choose from. And if none are good enough for you, you can run your own.
> Keeping open applications off solves a lot of them, you have to ask me for an invitation
But that simply doesn't scale to the level of services like Twitter. You might argue, and I would agree with you, that maybe we'd be better off without services that are too large to moderate in any meaningful way, but we are where we are. An invitation-only Mastodon network is not a viable alternative to Twitter.
Yeah, but what point does a social network have if most of the instances are closed off to "unknowns" due to the abuse potential? The few that have open registration still have to do the workload I described => most of the users will flock to these centralized sites that somehow have to deal with the effort required.
> I run an instance and I really have none of these problems. Keeping open applications off solves a lot of them, you have to ask me for an invitation and I’m not going to give you one if I think you’re going to be a problem.
You're not building social network then. Just a single isolated place. So obviously problems of running bigger social space won't apply as much
You are right: managing a server is hard work. Thankless moderation mostly.
But that is even more reason to take away the additional work of keeping a large and convoluted rails-codebase up-to-date, running and performing.
Also, part of why moderation is such a giant task, is that in the fediverse, servers (instances) tend to be big. Huge even. It's far easier to manage a server that hosts your ten friends, or the 30 members of your alumni-club, or the 42 members at the local hackerspace than a server with 2000+ random users.
Another reason why lowering the barrier to the technical part of managing a server must be lowered.
Not really. As I mentioned in my comment, it might make it easier, but not simpler.
For one, maintenance, probably becomes harder even. And it won't be "a docker image", but a docker-network (-compose, k8s or such) because running requires not just a single service, but a webserver (https), runners (async workers), redis, postgresql, elasticsearch, file-storage and so on. You'd need some 4 to 8 images all interconnected to run it.
And secondly, docker isn't omnipresent. I can't just copy a binary into /usr/bin , run it. I'll need docker, networking, docker-knowledge, logging, monitoring and so on.
More so: if a docker is a solution to the setup of complex piece of server-software, than certainly docker is a solution to the setup of a simple piece of server-software.
It's a "typical" Rails application: large, convoluted, lot's of moving parts, and services, and generally slow as molasses (solved by throwing more hardware at it). As experienced Rails dev(ops), I managed to run and help run an instance, but it's not something done on a friday afternoon, let alone scale up.
What we really need in this landscape is dead simple services. I'm thinking about the difference between setting up a gitlab or a gitea. The first is Rails, needs ruby, gems, bundler, workers, database server, redis, mailserver and whatnot. And thats for manually installing on a server - no pipeline or anything to manage future changes. The second a single binary (pre compiled from a go codebase) everything statically linked (even sqlite is built in, with option to upgrade to postgres). Plop it on a server start it and go. For an intranet you might even skip putting a server/https in front, just run on exposed ports.
We can dockerize all the ruby-stuff, but that might make it easier, it doesn't make it simpler, it really makes it more complex. And the performance-issues aren't solved.
The fediverse needs this as well: just plop a binary on your VPS or homeserver and you're running. Such lean and simple servers are being worked on, but Mastodon itself is a huge, slow and hairy beast.