The problem is that most data about books (ISBNs, DDC and LOC classification, cover images, synopsis, etc) are owned by either Amazon or Worldcat. So if you read anything even slightly off beat, you’ll be entering all of that data yourself. That also means recommendations aren’t really a thing. If you just want to track and share your reading, and don’t mind entering all the data yourself, bookwyrm is fine. But if you want to just search for a book and add it to your shelf, or get recommendations of new books, it’s nowhere near there.

Any way to sync with contacts on mobile? I’d love one source of truth.

If you want to get straight to the fun, I might recommend: https://cosmos-cloud.io/

It will handle all of the uninteresting stuff like docker, reverse proxies, ssl certificates, etc. You can get straight to adding apps either by pasting in a docker-compose, or getting them straight from the cosmos marketplace.

Also, it works with standard tools, so other than the reverse proxy, it’s easy to migrate away from if you want. I think the reverse proxy is just caddy, but I don’t know where the caddy config file goes or how to pull it out of the funky cosmos config format.

Or: maybe we can just keep paid influencer scams off the fediverse entirely? IMHO we don’t need or want paid content creators here. As soon as someone can make a buck from it, the entire network will be flooded with clickbait, AI generated posts, and worse.

Same. Although sometimes I set up a public instance, because I’m setting one up for myself anyway, right? And then I have regrets LOL

How is this different from cosmos-cloud.io? The feature list looks identical.

Sarcasm: Yup. The black people who were lynched should have just participated in local communities and confronted the KKK! That’ll fix everything!

Anyway, online isn’t the place to take up space and confront people. You do that in person. Online is where you come to get support, encouragement, and resources for the in-person fight. And that doesn’t work if your online profile is also local. For many people, there online participation cannot, and should not, be geographically local. Remember the “good old days” of the local BBS that you had to dial into? Isn’t it interesting that every single documentary full of sepia toned reminiscences about how wonderful those local communities were is entirely created by and featuring old middle-class white dudes? No women, no homosexuals or transsexuals, no people with disabilities, and no ethnic minorities? I wonder why!

Again, speaking from personal experience: blind people had NFBNet, but it wasn’t local. And the local BBS’s had so much ASCII art and other accessibility issues that we couldn’t participate.

And now, on local Reddits and Facebook groups, nobody uses alt text. I guess that’s my fault for not participating in a space that is completely inaccessible to me. I’m the problem with democracy!

If we look at how toxic and racist the local city groups are on Reddit or Facebook, I’m not sure this is a good model. If I’m a black trans woman living in a small town in Mississippi, my local instance might not even be a safe place, for me.

Similarly, I would encourage blind folks to join us at rblind.com rather than a local instance, because a local instance might not take our needs into account: many have captchas, some use inaccessible themes, etc. At rblind.com you can be sure that we won’t deploy an update or configuration change that will break accessibility, because the server admins and moderators are all blind ourselves. But the beauty of federation means that you can talk to everyone else on other instances, so being part of a particular identity group doesn’t limit you to just talking to other members of that group.

Because Spotify, YouTube, Apple Music, etc. are so cheap or free that it’s not worth the trouble of setting one up for the people who have the resources to do it. Sure, download what you want to keep. But for Discovery? The streaming services are fine. And the people who can’t access/afford them also don’t have the resources to set something like this up.

Perfect! Thanks for the info!

How do those of us who loathe the horrific and proven bad idea of quote posts, and also refuse to use Mastodon, opt out of this terrible misfeature? Will blocking anyone who quote posts me and defederating from their instance remove the quote?

This has been broken for us on the entire 0.9 series. It works with iceshrimp, go to social, etc. just not mastodon. I think it has something to do with authorized fetch and signatures. But I haven’t tried to track it down as the way lemmy formats posts from mastodon was super ugly anyway.

If you’re comfortable with using codeberg, yes, that’s the best place. Otherwise you can post in the comments of the original thread, complete the survey, or use github issues (if you must).

Sadly I don’t have an einc device. But if someone does, we’d be happy to accept feedback and include some images.

So most modern activitypub servers backfill threads and profiles. My single user instance processes 30000 notes a day. If I was actually trying, I’m sure it’d be easy to grab much more while appearing well behaved.

How does that help? My personal instance currently has a database of several million posts thanks to the various Mastodon relays. I don’t need to scrape your instance to sell your posts. I don’t, of course, but it’d be easy for some company to create friendlycutekittens.social and just start collecting posts. Do you really have time to audit every instance you federate with?

When watching a movie or tv show by ourselves, blind people can’t see the picture. So unless we are watching with a sighted friend, we would rather save on storage and bandwidth by only downloading the audio.

Audiovault.net is the website you want. Made by and for blind folks, it has thousands of AD tracks in mp3 format. You should be able to just sync them with the video. Though blind folks never bother; we only care about audio anyway.

From the article:

The TLS-SNI header is used by CDN servers to route requests based on the Server Name in the header. However, a typical front end server, or even a load balancer (LB), belongs to a single app or organization, and does not typically need to handle the SNI header. The easy and reasonable way to configure TLS certificates on such a server, is to either:
 Serve all requests with a single TLS certificate that has SANs (Subject Alternative Names) for all the domains that are used Have multiple certificates, chosen according to SNI, with one of them as the default. In both of these common cases, sending a HTTPS request directly to the IP of a front end server, without any SNI, will present us with a default server certificate. This certificate will reveal what domains are being served by this server.

So apparently the real issue is that people aren’t using SNI correctly.

The tech blog is much better: https://www.zafran.io/resources/breaking-waf-technical-analysis

It boils down to scanning all IPV4 space, and grabbing the SSL certificate returned by any webservers on port 443. If the server is incorrectly configured the fields in the SSL cert will tell you what domains it serves. And using Certificate Transparency logs to figure out what domains you want to target. I wouldn’t really call this a flaw that breaks anything. It’s just a byproduct of how SSL, IPV4, and WAFs work.