As it was recently discussed a lot of the data you generate while using the fediverse is public. If we're looking at the threadiverse even more of it is public including your votes.

I only know the specifics of Mastodon and mbin, so maybe @[email protected] @[email protected] @[email protected] and other devs can chime in here.

Voting on Mastodon is a lot more private than voting in the threadiverse. Only the author of a post (and their instance) knows everyone who voted on a post. Everybody else can retrieve the total numbers, but not the individual votes. Of course this comes with the downside that everyone else has to fetch this data and while the instance could send an Update activity - informing other instances that the numbers changed - Mastodon currently does not do that.
In the threadiverse on the other hand, every single vote gets send around the network, including all the details.

I would like the threadiverse software to get a bit better at privacy. Mastodon is often restrictive with activities for that exact reason and while I do not want to completely screw visibility by not sending anything to anyone, I think the visibility of votes can be improved a lot.

So my proposal would be: votes are only sent to the author of a post. The author then sends an Update activity to their followers and the magazine the post belongs to. The magazine then announces this Update activity to all its subscribers. The post object has to contain the relevant numbers of course and Mastodon and PeerTube use shares, likes and dislikes (PeerTube only). These properties then contain a Collection with a property called totalItems and not a list of the people who actually voted, that would defeat the purpose (looking at you PeerTube)

Because nobody wants to break federation with other software, it would be nice if this could be coordinated between all the threadiverse actors

The issue comes down to how the device interacts with your computer. Just like the original version, the new Steam Controller has no native Windows drivers. This means the hardware relies entirely on the Steam app to function properly. If you do not have the game running via Valve's storefront app, your shiny new gamepad turns into a useless piece of plastic.

Gamers Nexus also reported this and there are a lot of other news outlets also covering this. It is kinda the same as with the steam deck where I noticed that the inputs just don't work until steam is launched. I really don't like that I have to have Steam running for this controller to work. I don't know if it is a dealbreaker for me, yet, but it really put a damper on my enthusiasm about it

I currently use FluffyChat, but since it the notifications for my second account are not working I wanted to try out other clients as well.

I have no problem installing games via their GoG installer with the Heroic Games Launcher on my main Fedora PC. However on the Steam Deck when I click "Add Game" and then fill in the name and click on "Run Installer First" the installer launches and then tells me that it could no find the other .bin files. I tried moving the directory to other places, but it seems like wine cannot find the files. I checked the directory permissions and all users have read access to those directories, yet they do not show up in the mounted filesystem in wine... (the GoG installer lets you choose another location of the files if it cannot find them)

I think it looks very interesting, but not for me. It is quite combat heavy and you have to play with minis (I am a theatre of mind kinda guy). Alsp I am not the biggest fan of startong as local legend on level 1, the power level is to high for me.

That being said I love the class design and the team focus. (I only watched videos)

What are your opinions? Did you already play it?

Mbin has multiple options to deal with problematic users:

1. Ban the user -> federated to other instances, user cannot login anymore
2. Suspend the user -> not federated, user can still login, but not create any content
3. Delete the user -> federated, the user and their content is deleted

What should happen with the content of a banned user? Lemmy still shows it, but puts a "Banned" badge next to the username.

Crossposted from https://gehirneimer.de/m/mbinReleases/t/912046

This is our v1.9.1 stable release of Mbin. This release includes bug fixes, performance improvements, ActivityPub compatibility improvements, thread and microblog locking, usability improvements and more...

Summary for Users

• Improve the RSS feeds: they should be faster, you can also get a combined feed of threads and microblogs now

• The search should be a lot faster now and you can also search for magazines and users by their URL again (previously you could only search for their handle)

• Likes, dislikes and boosts of Mastodon posts can now be extracted, however Mastodon does not sent us updates if these values change

• We added a discoverability setting for users and magazines. This setting is activated by default. If disabled you and your content cannot be found by searching and do not appear on /all

• Fix comments from Mastodon posts not appearing

• Threads and microblogs can now be locked

• The combined view should look more coherent. We adjusted the way microblog posts are displayed in this view

• The notification switches now have a tooltip

• We added an indexable setting for users and magazines. This setting is also activated by default. If disabled, search engines are advised to not index the corresponding threads and microblogs. Because you can only set this on a page to page basis and your comments appear on the page of threads or microblogs, the indexability of comments is dependent on the thread or microblog you're commenting on

• The random magazine is now pre-selected when creating a microblog

• Each magazine has a Tags page in which moderators of the magazine can set the hashtags by which microblogs are put in this magazine. Previously we used the name as a tag as well, without telling the user and without a way to disable it. We now add the name of each magazine to its tags page to make this behavior clear and to provide a way to disable it. When creating a magazine, we added a checkbox to add the name as a hashtag

• Infinite scroll is now working on the search page and the profile pages

• The magazine rules field is now officially deprecated. If a magazine currently has this field populated, it will still be editable, otherwise this field is removed. It will be removed in the future, as there is not a good way to federate this field to other servers. At the moment we just append it to the description with a ### Rules in front of it

---

Summary for Server Admins

• Signup notifications should be created correctly again. We previously introduced a bug preventing these notifications from being sent

• Add some problematic paths to the robots.txt, which should result in fewer hits by crawlers (like, dislike, boost, search, ...)

• We removed some indexes from the DB which should result in some size savings

• We also added some missing indexes, which resulted in some performance hits. If you run in any conflicts, we created a command to fix errors for duplicate users or magazines (see documentation)

• We reduced the amount of requests to other instances in the background jobs -> should run faster

---

Summary for developers

Mbin:

• Improve CI by just doing nothing in some actions if there are no relevant files changes -> the required actions still run, they just don't do anything

App:

• The subject of the magazine log API is now correctly set in case of a pinned, unpinned, banned, unbanned, moderator add and moderator removed "events". The documentation should reflect that now. See #1951

• When supplying a rules value in the MagazineUpdateApi, but the magazine did not already have rules defined, the API will throw an error, because this field is now deprecated

• There are new endpoints to lock a thread and a microblog post

• There also are new OAuth scopes for locking and we added a missing one for pinning microblog posts

Fediverse:

• Having a single URL instead of an array of URLs in the to and cc field are now supported. JSON-LD allows this for array fields

• Like Activities use the magazine id instead of followers collection in the to field

• We no longer include the activity streams namespace twice (once in the @context and once in the /context.json)

This is our v1.9.1 stable release of Mbin. This release includes bug fixes, performance improvements, ActivityPub compatibility improvements, thread and microblog locking, usability improvements and more...

Summary for Users

• Improve the RSS feeds: they should be faster, you can also get a combined feed of threads and microblogs now
• The search should be a lot faster now and you can also search for magazines and users by their URL again (previously you could only search for their handle)
• Likes, dislikes and boosts of Mastodon posts can now be extracted, however Mastodon does not sent us updates if these values change
• We added a discoverability setting for users and magazines. This setting is activated by default. If disabled you and your content cannot be found by searching and do not appear on /all
• Fix comments from Mastodon posts not appearing
• Threads and microblogs can now be locked
• The combined view should look more coherent. We adjusted the way microblog posts are displayed in this view
• The notification switches now have a tooltip
• We added an indexable setting for users and magazines. This setting is also activated by default. If disabled, search engines are advised to not index the corresponding threads and microblogs. Because you can only set this on a page to page basis and your comments appear on the page of threads or microblogs, the indexability of comments is dependent on the thread or microblog you're commenting on
• The random magazine is now pre-selected when creating a microblog
• Each magazine has a Tags page in which moderators of the magazine can set the hashtags by which microblogs are put in this magazine. Previously we used the name as a tag as well, without telling the user and without a way to disable it. We now add the name of each magazine to its tags page to make this behavior clear and to provide a way to disable it. When creating a magazine, we added a checkbox to add the name as a hashtag
• Infinite scroll is now working on the search page and the profile pages
• The magazine rules field is now officially deprecated. If a magazine currently has this field populated, it will still be editable, otherwise this field is removed. It will be removed in the future, as there is not a good way to federate this field to other servers. At the moment we just append it to the description with a ### Rules in front of it

Summary for Server Admins

• Signup notifications should be created correctly again. We previously introduced a bug preventing these notifications from being sent
• Add some problematic paths to the robots.txt, which should result in fewer hits by crawlers (like, dislike, boost, search, ...)
• We removed some indexes from the DB which should result in some size savings
• We also added some missing indexes, which resulted in some performance hits. If you run in any conflicts, we created a command to fix errors for duplicate users or magazines (see documentation)
• We reduced the amount of requests to other instances in the background jobs -> should run faster

Summary for developers

Mbin:

• Improve CI by just doing nothing in some actions if there are no relevant files changes -> the required actions still run, they just don't do anything

App:

• The subject of the magazine log API is now correctly set in case of a pinned, unpinned, banned, unbanned, moderator add and moderator removed "events". The documentation should reflect that now. See #1951
• When supplying a rules value in the MagazineUpdateApi, but the magazine did not already have rules defined, the API will throw an error, because this field is now deprecated
• There are new endpoints to lock a thread and a microblog post
• There also are new OAuth scopes for locking and we added a missing one for pinning microblog posts

Fediverse:

• Having a single URL instead of an array of URLs in the to and cc field are now supported. JSON-LD allows this for array fields
• Like Activities use the magazine id instead of followers collection in the to field
• We no longer include the activity streams namespace twice (once in the @context and once in the /context.json)

Siehe Titel. Wir haben grad die Diskussion und mich würde interessieren was ihr so drauf macht :)

So I recently got a Blue Brixx set and needed to download the manual as it is not included in the box... Now that requires an account, which is just stupid... At least I can supply absolut garbage information, which is a plus. However I wanted to delete the account directly after downloading what I needed... Now that requires you to fill out a contact form (like that is legal in the EU...) and now it tells me that the throw away email I could use before is not a valid email (likely because it has numbers in them)... WTF IS THIS GARBAGE

I am sorry for all the people having problems, but my Prusa mjni is finally just workjng and happily printing all the stuff I throw at it. Its been having issues here and there forever. I just figured out that the hotend has not been assembled correctly (heatbreaker to nozzle seal was weak) which became a greater issue when switching to a 0.25mm nozzle. Now after I fixed it, it is just awesome :)

Hi everyone, I do not yet own an EV, but I am going to. I normally use Co Maps or Osmand and neither of them have route planning features for EVs. Osmand lets me configure a profile with an electric engine and configure the capacity, but as far as I can tell it is only for calculating the CO² emissions... (and CoMaps just does not have it) I found EVMap, but that is only for finding chargers, not planning routes...

Hi everyone, I am planning to install linux on my friends laptop and I am not sure which distro to install for them.

The options I am considering:

• Fedora: I have it on my PC and since I will be the first person to be asked, I thought it would be best if I know the distro well
• Mint: is a default suggestion, but I am not sure if it is different enough from the Windows look that one does not expect it to behave the same as Windows
• Ubuntu: most widely available in forums, etc. And a good starting point in my opinion

What do you guys think?

EDIT: Thanks for all the suggestions, I think I'll stick with Fedora and let them try Gnome, KDE and Cinnamon :)

I am sure this article has been shared before, however I wanted to have a look at this topic.
The articles short summary is this:

All 25 car brands we researched earned our *Privacy Not Included warning label – making cars the worst category of products that we have ever reviewed

I am currently driving a 2014 Ford Fiesta which just has a radio with a CD player and Bluetooth. I do not need more than that in a car.

The reason I am looking at all is that that the Fiesta does not belong to me and the friend owning it will be moving out in a bit, so I kinda need another one.

There seems to be one brand that is not as bad as the other ones (but still bad): Renault; mozilla's review...
Maybe I will have a look at their cars.

What do you guys think? Stick to older used cars and not use an EV or look at which of the manufacturers have the least bad privacy policy?

As most of the servers listed on the fediverse.observer and fedidb are not at v1.8.3 anymore, we need to talk about the security patch we released as part of v1.8.4. We have tried to get in touch with the remaining instance admins and gave them a week to update their instances.

In v1.8.3 a bug was introduced that caused a significant information leak on the user outbox endpoint, reachable through https://mbin.instance/u/username/outbox. This endpoint contains all public activities of a user. On servers running v1.8.3. this endpoint did not return JSON in an ActivityPub compatible format, but just serialized data. This serialized data contained nearly every bit of data Mbin has about a user: the IP, the email address, the private key to sign activities from this user, securely hashed passwords, 2FA secret and backup codes, etc. We think it is unlikely that someone made use of this, as this endpoint is not commonly used. Other ActivityPub software of course uses this endpoint to fetch data, but if that data is not in a compatible format it just ignores it.

We are very sorry about this and honestly very frustrated that it slipped by.

What can users do

The only thing you can really do is to change your password and two factor authentication (disable and re-enable it).

What can admins do

You could check your access logs for any requests on this endpoint not coming from a known fediverse software to research your instance specific instance.

What did we do / What are we going to do

To prevent this from happening again we introduced automated tests on that endpoint and will do so on similar new endpoints (like a magazine outbox) in the future.

We will also add a new command next release to generate new private keys for all users to prevent impersonation. However that might cause rejected activities for up to 24 hours. Every software we checked updates remote users at least every 24 hours including re-fetching the private key.

::: spoiler Technical explanation for those interested With v1.8.3 we refactored a lot of the ActivityPub code. The reason we did that was simply because we did not safe any outgoing activities, as in: we did not record what we sent out to other servers. Since v1.8.3 other servers can actually query the URLs we sent them.
Behind the scenes that means that we are now saving something to the database that we previously didn't do. In the process of this all *Factory and *Wrapper classes now return an Activity object instead of an associative array. Because the user outbox endpoint was forgotten, that just returned an array of these Activity objects that were then serialized, instead of the correct way introduced with v1.8.3, which is to call ActivityJsonBuilder::buildActivityJson. :::

Welcome to the era of only Spotify Plays matter - let's take a look at the underbelly of streaming scams affecting independent artists.

Hi everyone, what are you guys using for storing your filaments? I wanted to put all my spules in one air-tight container, but I could not find any that fit my requirements... Basically just as high and deep as a spule and really wide...

What are you guys using?

I recently switched to an AMD GPU and VA-API is the only option for hardware acceleration on linux that is viable. But Handbrake does not support it and it doesn't seem like it will in the foreseeable future, so I am looking for an alternative. Ideally it is just an ffmpeg GUI, but I did not find any that are:

• actually compatible with linux
• updated in the last 5 years
• have an option vor h264_vaapi or hevc_vaapi video codecs

Another workflow I thought about that is not working is transcoding the video, but copy all audio and subtitles and let handbrake handle that, however Handbrake has no option to just copy the video stream...

So far I have tried:

• ffmpeg_batch: wouldn't use my local version of ffmpeg, because of some path error, only works through wine
• qwinff: got it building, but no VA-API codec, and no mkv output support (over 10 years old)
• Shutter Encoder: only works through wine, font problems, no va-api support
• Avidemux: takes forever to open a video clip, more of a video editor, no va-api support
• Hybrid: know it from my windows days, clunky UI, no va-api support, but best candidate for me right now as I could use it to just copy video and handle audio and subtitles in here
• StaxRip: the .7z file could not be extracted, I just got an error

Any ideas or suggestions?

I have reservations of the effect of the scanner cyber gear from the sci fi compendium:

Scanner: This implant senses the composition of known matter or energy up to 50 yards distant. The target does not have to be visible, though certain types of matter or energy may interfere (GM’s call)

If I as a GM rule that it is tied to the notice skill it is not really that powerful and it would have been noted in the ability if that was the intention, but if I take it for what it says, it will be very very strong for "just" 1000$

What do you guys think? How would you interpret the text and do you think it is too powerful?