hachyderm / community Goto Github PK

Recently we've seen a number of accounts created solely for the purpose of sharing pictures or videos of a sexually explicit nature. I'd like to define a rule that goes something like this:

This is a community of professionals. While we recognize that people have sexual elements, we'd like to preserve the ability of our members to avoid that content if desired. Profiles containing sexually explicit language are prohibited, as are egregiously explicit text and media not behind a CW. This is not meant to ban artistic expression, but to provide a safe environment for our users. What is sexually explicit is at the sole discretion of our moderation team."

Consider adding a “How to report issues” section to https://hachyderm.io/about/more that includes a direct link to https://github.com/hachyderm/community/issues . The existence of this community issue tracker was a happy new discovery to me after today’s community announcement — and while I suspect I may be unusually thick-headed, I’m sure other people are similarly unaware this channel.

There is already a link to https://github.com/hachyderm/community on that page, it’s true, but I’m not sure it makes the issue tracker sufficiently discoverable: searching the about page for “issue” or “report” comes up blank, and it takes some careful reading to realize that “Community Docs” or “We manage our community” refers to reporting problems.

I tried to access the #Java tag earlier, and can reliably crash the Android app. Feels like there could be a server issue contributing so figured I'd report here too in addition to the app report:

Does this server in the fediverse want to let systems like https://birdsite.blazelight.dev/About

It would be nice to have an illumos emoji on hachyderm as a number of us from the community are interacting there.

Example from @jperkin on a different mastodon instance:
https://federate.me.uk/@jperkin/109354735824423426

Logo docs:
https://illumos.org/docs/about/logo/

Suitable size for an emoji:
https://illumos.org/docs/images/logo/Phoenix64x64-RGB.png

I was looking at the features of Mastodon Glitch (https://glitch-soc.github.io/docs/) which has a bunch of interesting addons.

One I thought would be pretty nice is the Local-only toots https://glitch-soc.github.io/docs/features/local-only-toots/#:~:text=glitch%2Dsoc%20adds%20a%20feature,server%20announcements%20and%20meta%2Ddiscussion.

https://github.com/hometown-fork/hometown/wiki/Local-only-posting

This is my best guess as where to start this conversation; LMK if something else is more appropriate :)

As a unicyclist, I'd enjoy having a unicycle emoji.

Someone with a self-hosted masto instance offered up theirs: https://velocipederider.com/@ruari/109355234519904508

I might take a stab at cleaning that up a bit (e.g. with a higher contrast outline) if you're amenable to adding one, but first, are you amenable to adding one?

If this is already discussed somewhere, please point me at it -- I looked around and couldn't find anything.

One of the server rules (13, currently) is "no hacking." Would it be possible to get a clarification of what this means?

I ask because, even if we restrict ourselves to the software-community sense of the term, there are several possible meanings of this rule. On a spectrum from "I hope it means this" to "this would be bad," I can think of:

1. Do not crack/DoS/attack the hachyderm infrastructure, or use this as a platform for doing so to other infrastructure.
2. No discussion or disclosure of vulnerabilities/exploits, demonstrations of reverse engineering or cracking things, etc.
3. Using the ESR-era definition of hacking, no creative problem solving.

I assumed the rule was intended in sense 1 when I signed up. If it's intended in sense 2, I'd like advance warning, since I poke holes in things professionally. I assume it isn't intended in sense 3; I included that to illustrate the ambiguity here.

Thanks in advance!

Hi! 👋 First of all, thank you for running hachyderm.io. It runs very smoothly compared to other instances!

To the point: I've noticed @krisnova posting some screenshots of Grafana dashboards. Maybe there could be a small collection of publicly-accessible dashboards that show critical metrics.

Pros:

• Allows crowd-source issue detection
  Cons:
• Might turn into a thing that people nag the admins/mods with? (example: "This dashboard is going up and to the right! That seems bad!", turns out it is fine)

Thanks again!

I've got a small instance for family and very close friends only (nobody I would allow in would violate the "don't be a dick" policy or any others at hachyderm) and was hoping to be allowed to relay from hachyderm, at least until my own instance can get enough momentum to fly on its own. The instance is social.taupehat.com - feel free to reply with any follow-up questions you might have, and thank you for your consideration.

First of all: thanks for running this! It's been fun to see it take off.

It would be nice to have ipv6 connectivity. For me, personally, my ISPs CGN is utter trash, and ipv4 can be an order-of-magnitude slower to initiate connections. And this is with a 1gbit cable modem about 30 meters from the CMTS.

Let me know there's any way I can help.

It seems journa.host hosts transphobic content and has taken an explicit stance to further allow that content while at the same time having "no transphobia" in their CoC.

See the #fediblock hashtag, as is visible on hachyderm.io today.

https://journa.host/@parker/109366337128882245
https://hachyderm.io/web/@[email protected]/109366337429914961

Also rapidblock appears to have blocked journa.host, for a different reason I don't understand: https://hachyderm.io/web/@[email protected]/109371315116740882
https://social.rapidblock.org/@rapidblock/109371315073267948

Regardless of how the journa.host situation evolves, it would be good to clarify which of your server rules apply to users on your instance and which criteria are used for defederating.

From what I understand https://status.hachyderm.io/ is served by https://uptimerobot.com/. Please correct me if I'm wrong. If I'm not it'd be great to replace that dashboard with one served from a self-hosted open source alternative.

Absolutely optional and only nice-to-have. https://fediverse.space is a neat illustration of the fediverse and how that (honestly impressive) network is spun.

https://fediverse.space/about explains how to get added:

How do I add my personal instance?
Click on the Administration link in the top right to opt-in.

https://fediverse.space/admin/login in turn states

You must be the instance admin to manage how fediverse.space (sic, missing end?)

Because our moderators do not speak all languages, we'd like to ask Hachyderm users to write their public content in one of our supported languages.

This is being driven by a number of bots and users posting in other languages that are tiresome to moderate. It is likely we are losing plenty of context that way. Due to the distributed nature of the Fediverse, I feel this is a reasonable expectation.

Rule Text: "Our current supported languages are: [English]. We ask that content posted here use one of our supported languages. "

Addition of moderators in other languages may allow us to expand the list of our supported languages in the future

I know it's never fun, but there are a bunch of instances out there that you'll likely have to ban at some point.

I suppose it's up to you whether you want to do it now or later, but thought if you did want to jump on it now some reference points could be useful:

https://github.com/chaossocial/about/blob/master/blocked_instances.md (chaos.social)
https://infosec.exchange/about/more#unavailable-content
https://octodon.social/about/more#unavailable-content

Not a huge priority, however, It may be worth considering adding an onion endpoint for TOR based traffic.

As discussed in this thread, and elsewhere, I and other users would be happy to see additional custom emojos for other popular programming languages. This will make the server more welcoming to a broader variety of programmers.

Based on searching lists of popular programming languages, I will suggest adding emojo for the following:
Python
Go
JavaScript
HTML/CSS
Scala
Ruby

Thank you for your time in maintaining Hachyderm.

Mastodon servers settings have an import page, where you can upload text to follow peeps
Affected url https://hachyderm.io/settings/import

Attached screenshots:

I would love to add the emacs emoji into my name :)

Taken from slackmojis

I'm running my own self-hosted instance @[email protected] aka https://fediverse.ghuntley.com/@ghuntley and would love to relay with hachyderm. It's only me. No other users. Ever.

Heyo!

I imagine a lot of the people involved are really busy keeping up with the sudden growth, so please take your time.

In good faith, should we give offending users a period of notice before deleting their accounts so they can export their data? And maybe 'quarantine' them in the notice period by limiting interaction with mods only.

Mastodon (or, more likely, the reverse proxy sitting in front of it) is returning not one, not two, but three HSTS headers.

This is non-compliant with RFC 6797 and may lead to undefined client behaviour.

% curl -I https://hachyderm.io/
HTTP/1.1 302 Found
Date: Fri, 18 Nov 2022 [snip]
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Server: Mastodon
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Permissions-Policy: interest-cohort=()
Location: https://hachyderm.io/about
Vary: Accept-Encoding
Cache-Control: no-cache
Content-Security-Policy: base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hachyderm.io; img-src 'self' https: data: blob: https://hachyderm.io; style-src 'self' https://hachyderm.io 'nonce-[snip]'; media-src 'self' https: data: https://hachyderm.io; frame-src 'self' https:; manifest-src 'self' https://hachyderm.io; connect-src 'self' data: blob: https://hachyderm.io https://hachyderm.io wss://hachyderm.io; script-src 'self' https://hachyderm.io; child-src 'self' blob: https://hachyderm.io; worker-src 'self' blob: https://hachyderm.io
Set-Cookie: _mastodon_session=[snip]; path=/; HttpOnly; SameSite=Lax; secure
X-Request-Id: [snip]
X-Runtime: [snip]
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Cached: MISS
Strict-Transport-Security: max-age=31536000
Strict-Transport-Security: max-age=31536000
X-Host: esme

This is not neccessarily an appeal, however i would like some clarification as to what "Violation" means in the context of a sudden instance suspension coming just minutes after i, as an admin, criticized certain policies of your instance. You are fully within your right to defederate from my instance, especially given i announced potential future defederation from you myself, however i feel like a clarification as to what actually lead to this moderation decision would help understanding your future interactions with other instances, as well as for what your users can except (since various users from your instance were following users on mine).

We need to add hachyderm.io to the list of well-known identities that can be verified with Keybase.

Can someone please read the docs on how to add an identity and help us set up hachyderm on keybase?

As many of you, I spend a lot of my time in the Web UI (the advanced one, you should try it). There is a beloved button named "Toot!" which has origins I won't go into (but you should research it as it's a fun story). We all love Tooting (and some of us Poop Tooting), and I will always call it tooting. I'm willing to explain the origins to my grandchildren.

In the v4 release of Mastodon, they've removed this awesome feature in favour of the word "Publish". (relevant PR here mastodon/mastodon#18583).

I wonder if we should add a patch on upgrade to revert it back to a Toot.

I'll caveat this with a) I don't know how to do it, I'm not a ruby dev, and b) I don't have the time to learn to help out I'm afraid. I just thought it was worth the discussion

We need to add hachyderm.io to the list of well-known identities that can be verified with Keybase.

Can someone please read the docs on how to add an identity and help us set up hachyderm on keybase?

I joined the "official Discord" when reading https://hachyderm.io/about/more. This Discord server appears to be abandoned and the replacement Discord server (Aurea runtime) doesn't seem related to Hachyderm. Should the link be removed?

https://www.copyright.gov/dmca-directory/ we should have a designated agent to receive DMCA reports.

I would cautiously recommend glitch-soc.github.io/docs/

Compare https://hachyderm.io/web/@[email protected]/109301007662017632 to https://social.treehouse.systems/@win8linux/109300985500664162

I'm trying to attach an image to a post, using the web client installed as a PWA in Chrome on Android, and it results in the "Uploading" progress bar getting stuck at 100%.

I can gather more debugging data in a couple hours.

Low-effort shilling of particular tokens seems like it's already covered under "Don't Be a Dick" or the proposed "No Spam" rule (#37).

I'm curious about the grey area: real people, who are just really into web3 stuff.

Because of the tokenomics incentive structure, I feel like these account are never quite acting in good faith - they've always got a profit motive of some kind. This makes me wonder whether such accounts should be held to a different standard, e.g. how Hachyderm is handling Corporate Accounts.

(My bias would be to encourage web3 enthusiasts to find a different server entirely, but I'm very much of the Web3 is Going Just Great school of thought)

Currently hachyderm.io has no CAA header, allowing any CA to issue a TLS certificate for it, enabling shenanigans such as these:

% dig CAA hachyderm.io.

; <<>> DiG 9.10.6 <<>> CAA hachyderm.io.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62998
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;hachyderm.io.			IN	CAA

;; AUTHORITY SECTION:
hachyderm.io.		900	IN	SOA	ns-1277.awsdns-31.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 205 msec
;; SERVER: [snip]
;; WHEN: Fri Nov 18 [snip] 2022
;; MSG SIZE  rcvd: 126

I recommend adding the following two records to the hachyderm.io. zone, locking issuance (including wildcard) to Let's Encrypt (the current provider) and emailing @krisnova in the event of issues:

hachyderm.io.		86400	IN	CAA	0 issue "letsencrypt.org"
hachyderm.io.		86400	IN	CAA	0 iodef "mailto:[email protected]"

More info here and here.

I didn't find any info on upgrading to v4.0 so I'm creating an issue to discuss upgrades in general. If there's a better place or if this has already been hashed out, feel free to close.

Questions on upgrades:
Is there a timeline for Mastodon upgrades?
Should there be a waiting period before taking a new release?
How should upgrades be communicated to the community?

Following this and verification is not working; GitHub profile is here and I've added @[email protected] to the Bio section of my profile.

GitHub:

Hackyderm:

I just migrated to hachyderm.io and really look forward to building a new community here. Thank you for providing this service and maintaining a safe space. 🙏

Would it be possible to activate GitHub sponsors in order to give some kudos to the ops team of hachyderm.io?

Currently getting a 502 from hachyderm.io but not too sure if it is just me or not.

What's the plan for updating to 3.5.5? I am aware that the discovered security issue is primarily a Glitch problem, but right now we're still on 3.5.3, and as far as I can tell there has been no communication about whether an update is planned, and if so, when? If it's not needed, then posting something about that would be great too, since it answers the question, can be referred to, etc.

Proactive communication about this would be much appreciated. Thanks!

Hello,

I am a new user on your server, and of mastodon in general.
As such I wanted to follow the same people on mastodon as I follow on twitter.

Unfortunately, it seems that you have suspended interactions with qoto.org - where Alistair Cockburn has made his new home.

In your suspended server list https://hachyderm.io/about/more#unavailable-content I can see the reason being hate speech.

But according to qoto.org/about/more - they do not allow that.
Could it be that they have improved their rules and moderation to such a degree that the suspension can be reconsidered?

Regards,
Morten

Can we please create an elastic search instance and begin creating searchable content for Hachyderm?

I am open to suggestions for this one, but ideally I'd like to have a rule against spam. But what defines spam?

Something like "Repetitive off topic content is prohibited" maybe. Thoughts?

It would be nice if this GitHub repo was linked on https://hachyderm.io/about/more. I was trying to learn more about Hachyderm and only learned about this as the preferred way to report issues by browsing Nóva's posts.

The more I work on the Hachyderm community documentation and ponder the possibilities of the fediverse the more I have to stop and ask myself, why not just form a 501(c)6 trade association and become another viable non-profit in the space?

We are very close to forming what resembles a social-media first governance policy? Why not take it to the next level and also include open source software (Maybe Aurae can be our flagship?) and community building in the same place?

Operating as a formal governing body with Hachyderm as our "sun" would flip the relationship with social media around and move to a de-centralized governing (and potentially funding) model for open source projects around the globe?

This is a huge topic but figured I would get it out there for folks to begin pondering.

I believe it would be nice to have bot accounts that serve a useful function hosted on hachyderm, while still allowing people to opt out of them. In addition, we should create an approval process for these bots. In the meantime, bots that are not approved are prohibited. Rule seems fairly straightforward:

"Bot accounts not approved by admins are prohibited"

Process for approval is up for discussion, I would imagine a public design document would need to be posted and a requirement that they identify themselves and follow our other rules.

📝 Context

There is a short (24) char limit to Display Names.

Mine for example: Kyle :QueerCat_Bisexual: :rust

🤔 Issue

I enjoy outing myself via emoji in my display name as being both Bi and a Rustacean :). But alas, QueerCat_Bisexual takes too many chars and I'm 1 short.

🎊 Proposed Solution

Emoji Alias: :queercat_bi: would do the trick. Perhaps others might recommend or find other useful shortened names so we may be revel in emoji display names 🎉.

Contrary to my former instance, the referenced profile in my bio is not clickable. Is this behaviour intended?

Hi!

It would likely be helpful to the fediverse community at large if a list of corporate accounts was published and kept up to date. This would be helpful for a few reasons:

1. It would enable the people who don't want brands in their community to exclude those accounts in an automated fashion.
2. It would enable people who love brands to have a nice list of brands they can follow (not my thing but you never know right?)
3. It would enable the people who want to curate their federated timelines to remove the brands from that timeline in automated fashion.
4. In the case of communities using software like Pleroma, it could be used to add additional identifiers to the accounts designating that they are brands, etc.

Doing so is likely to reduce the temperature regarding some of these conversations that have come about as a result of the corporate account policy as well, since it allows admins to feel like they have more control over how their communities engage with the brand accounts.

Thanks for considering this suggestion!

Opening this mostly because I'm curious what the plans are, and I didn't want to bug @krisnova directly in-app -- is there a plan/timeline to get hachyderm onto 4.0? I'm itching to follow me some hashtags.

I have been sending a friend in NL some links to posts on Hachyderm recently and they shared this feedback with me:

them: hachyderm.io server seems SO slow so often
me: Really? I'm using it all the time and I'm not noticing anything on the west coast, but I know they were doing something about an EU instance in the last few days
them: hmmm it takes me about 2 or 3 mins to load any URL on that domain
them: or to even connect
them: I can't see that message, e.g.