I came to the fediverse in 2017, so nothing to do with reddit or meta or twitter.
The fact is here, we have a choice. So you do you.
On mastodon I have an account on an instance that blocked meta and is using authorised fetch (so the proper way to block a domain) : great, my content won't go there or on any other blocked domains : it's my choice.
I have another account on another instance that didn't blocked meta : great, my content will be shared with threads users and I will be able to browse threads.
Is there a way to set it up so [email protected] can be a lemmy account and also a mastadon account? I seen people using subdomains like [email protected] and [email protected] is this nessasary? Could u also set up a matrix account with the same [email protected]? If not what woukd be requured to change to make this...
No, not in the example that you’ve set up. The username is always @user. This is like asking if you can have the same email address on Gmail and Hotmail or whatever. You can have the same user part, but not the domain.
This is the second thread I’ve seen like this recently. Proton made a properly labeled throwaway github user to open issues on every repo with anti-abuse lists that contained their domains a few weeks ago. Now different throwaway users are opening new issues for the repos that declined to remove them and then posting to social media trying to rile up an outrage mob to flood the issues. Seems super sketch. Yet another reason to stay away from everything proton.
Meta just announced that they are trying to integrate Threads with ActivityPub (Mastodon, Lemmy, etc.). We need to defederate them if we want to avoid them pushing their crap into fediverse....
By all means, fuck Meta to the moon and back, but for goodness' sake, users on federated servers can choose to block the domain with the same result, not to mention that admins can simply restrict it (see social.coop/). It just isn't so black and white as people are making it seem.
Federation with a bigger platform is realistically the only way for Fedi to become mainstream, and at the moment Meta seems at least to be trying to be communicative. And with their quite unvaluable userbase they really don't have enough leverage against the privacy-concious Fediverse to turn AP into MetaPub. For now.
Mastodon, Kbin, the new Lemmy 0.19 release allow on a per user basis to block entire domains, so I don’t see how this is a “you can’t do anything about it” situation. Just let users decide.
If they use a Mastodon intermediary, there’s a 30-day cool down. If they use their own, they’d have to expose the IP to do it so it would be discovered. I don’t see how it would benefit them to do that. If they did, that’s some sketchy, bad faith shit and they’d be universally fediblocked pretty quick.
I also don’t think they can monetize non-threads users because they can’t send them ads. It would be difficult to connect you to a Meta account to serve ads to because they only have your user name, profile pic, server IP, and server domain name. In most cases it’d be impossible. You’re pretty well protected because Mastodon servers treat all remote servers as untrustworthy and don’t give them any info.
I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.
I think it’s fair to prevent users from causing mail sent to your internal systems. It probably won’t cause any issues getting mail to the machine inbox for (no domain name), but it reasonably makes security uneasy.
No, dots are NOT necessary. Actually you do not even need to supply a domain or a top level domain because mails then default to the default system which is usually localhost.
But even for routed mail there doesn’t need to be a dot.
There is still valid Bang-Adressing for UUCP routed emails:
!bigsite!foovax!barbox!me
This is a valid email which basically means “send my email to bigsite, from there to foovax, then to barbox, to the user me.”
And if you are in a playful mood - mix FQDN and BANG addressing…
A couple of years ago I made Hotmail crash by sending a mail to googlemail.de!hotmail.com!googlemail.com!hotmail.de!googlemail.ca!hotmail.ca!googlemail.fr!hotmail.fr!.. [repeated it for 32kByte] …!myuseraccount - their server literally crashed completely all over the world for like 15 minutes. I am so proud of myself but then it was their fault for not complying to RfC822.
You’re correct about first-party cookies being from the domain in the address bar, like a.com in your example. When a page from a.com includes a resource from b.com, and b.com sets cookies, those are considered third-party cookies.
In a scenario where you navigate to c.com, which includes a resource (e.g., tracking pixel) from b.com, without third-party cookie protection, b.com would indeed have access to the cookies it set previously while you were on a.com. However, with 3rd party cookie protection measures, the browser restricts this access. This can impact user tracking and privacy.
In the JavaScript world, this is often managed through mechanisms like the SameSite attribute for cookies and technologies like ITP (Intelligent Tracking Prevention) in browsers. Developers need to adapt their code to these privacy measures to ensure compliance and user privacy.
Mastodon users can already block entire domains. Unless it’s legally required, there’s hardly a reason why the admins would need to take the decision away from the users.
Default instance blocks should largely replace defederation
Since what content users might want to see is quite unlikely to match which servers the admins tolerate, choosing instance on the Fediverse can be quite complicated, which is inconvenient and off-putting for new users.
For this reason, and simply that the Fediverse is stronger united, I believe defederation should ideally be reserved for illegal content and extreme cases. If Fediverse platforms would allow instances to simply block the rest for users by default, the user experience would be the same, unless they decide otherwise.
Clarification, because people keep misunderstanding my point: What I'm advocating for is replacing most defederation with some sort of "soft defederation" in which instance admins can select domains which are blocked by default for the users, but which they can unblock afterwards if they want to.
They're astonishingly poor at data ownership. When they started Dropbox Paper, a note taking web app, they sent the inline images to a different web domain. The image, doing so, became publicly visible to anyone knowing the URL! They did this without explaining anything to the user.
They also did not clarify who owns the copyright of these images sent to an apparent third party company.
Seriously, Dropbox's user privacy and copyright management is incompetent and untrustworthy.
I’m going to start off but saying I know that self-hosting email can be a bad idea. That being said, I’m trying to de-googlfy my life and would like to experiment....
I also have a small domain that is relatively low traffic. A lot of the “all in one” software on the list you linked looks pretty cool, I can’t deny.
What I found is that I make very few changes. I used to add mailbox aliases fairly often, but the fact is there are only two users and enabling the “+” syntax in addresses put a stop to me needing to make new aliases when I wanted a new address.
I just don’t feel like I need a management interface. Because of this I’ve just sort of frankensteined my own setup together and I love it. It operates how I expect it to, and enforces the standards I care about to the extent that I desire (e.g. which SPF result codes am I ok accepting?).
Postfix as SMTP/Submission server. I chose to go w/PAM based for outbound SMTP auth.
There are always other instances. Threads is one of the only two domains that my instance blocks. Even the second largest instance, lemm.ee, and the original instance, lemmy.ml, have blocked Threads.
Also, considering how little even Mastodon users interact with Lemmy, you guys will see close to nothing of them.
<p>Excessive smartphone use is associated with diminished strength in key brain networks responsible for cognitive control and executive function, according to new research published in <em><a href="https://doi.org/10.1016/j.pscychresns.2023.111593">Psychiatry Research: Neuroimaging</a>.</em> This reduction in neural activity could have important implications for our understanding of digital device addiction.</p>
<p>The motivation behind this extensive study stemmed from a growing concern about the impact of smartphones on our mental health and daily lives. In recent years, the topic of smartphone overuse has garnered significant attention, with several studies highlighting its negative effects on physical, mental, and social well-being. The researchers sought to explore this further by examining the relationship between excessive smartphone and brain activity, particularly in cognitive domains like attention, decision-making, and memory.</p>
<p>For their study, the researchers carefully selected 39 participants based on specific criteria such as age, language skills, and absence of neurological or mental illnesses. The participants were split into two groups: excessive smartphone users and controls, based on their scores on the Smartphone Addiction Scale, a widely recognized tool for measuring smartphone addiction. Each participant underwent a series of assessments, including the Smartphone Addiction Inventory and other psychological scales, to gauge different aspects of smartphone addiction and mental health.</p>
<p>The heart of the study involved using magnetic resonance imaging (MRI) to capture detailed images of the participants’ brain activity while they engaged in various tasks designed to test cognitive functions such as attention (Flanker task), memory (n-back task), and response to cues (CR task). This approach allowed the researchers to identify specific neural patterns associated with excessive smartphone use.</p>
<p>The excessive smartphone use group showed significantly lower strength in a network of brain regions known as the frontoparietal network. This network is crucial for top-down attentional control – essentially, how well we can focus our attention and control our impulses. The study also found that this decrease in network strength was correlated with higher scores on the Smartphone Addiction Inventory, particularly in aspects like the time spent on smartphones and the craving to use them.</p>
<p>Interestingly, these neural patterns were similar to those observed in other forms of addictive behavior, pointing to a potential common neural basis for addiction, whether it’s to a substance or a smartphone.</p>
<p>However, the study is not without its limitations. One key concern is the relatively small sample size and the specific demographic (young adults) of the participants, which might limit the generalizability of the findings.</p>
<p>Additionally, the study’s design does not allow for conclusions about whether excessive smartphone use causes these neural patterns or vice versa. Future research is needed to explore this relationship further and to determine whether these neural changes are permanent or reversible.</p>
<p>“The present study provides further evidence for common neural mechanisms of behavioral addiction in individuals with [excessive smartphone use],” the researchers concluded. “This study clearly needs replication as much as extension in larger cohorts, including longitudinal assessments… Yet, at the same time, this study provides important new findings, suggesting domain-independent top-down modulation by a frontoparietal executive control network in individuals with addictive smartphone use.”</p>
<p>“Given that deficient cognitive control has been observed across several substance-use disorders and behavioral addictions, the neural signature identified in this study cannot be seen as specific for [excessive smartphone use]. In this regard, future studies will need to parse out distinct contributions of this network to both risk and resilience factors that may foster or prevent addictive behavior.”</p><div class="addrop-wrap" data-id="64749"><p style="text-align: center;">
<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9585941727679583" crossorigin="anonymous"></script>
<!-- In-Article Ad 1 -->
<ins class="adsbygoogle" style="display: inline-block; width: 300px; height: 250px;" data-ad-client="ca-pub-9585941727679583" data-ad-slot="5494213682"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script></p></div>
<p>The study, “<a href="https://www.sciencedirect.com/science/article/abs/pii/S0925492723000033" target="_blank" rel="noopener">Cognitive domain-independent aberrant frontoparietal network strength in individuals with excessive smartphone use</a>“, was authored by Gudrun M. Henemann, Mike M. Schmitgen, Nadine D. Wolf, Dusan Hirjak, Katharina M. Kubera, Fabio Sambataro, Patrick Bach, Julian Koenig, and Robert Christian Wolf.</p>
<div class="addrop-wrap" data-id="163146"><script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9585941727679583"
crossorigin="anonymous"></script></div></p>
.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open Mastodon instance for all mental health workers: https://mastodon.clinicians-exchange.org
.
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
.
Since 1991 The National Psychologist has focused on keeping practicing psychologists current with news, information and items of interest. Check them out for more free articles, resources, and subscription information: https://www.nationalpsychologist.com
.
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE: http://subscribe-article-digests.clinicians-exchange.org
.
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
It's primitive... but it works... mostly...
. #psychology#counseling#socialwork#psychotherapy@psychotherapist@psychotherapists@psychology@socialpsych@socialwork@psychiatry#mentalhealth#psychiatry#healthcare#depression#psychotherapist
I’m a retired Unix admin. It was my job from the early '90s until the mid '10s. I’ve kept somewhat current ever since by running various machines at home. So far I’ve managed to avoid using Docker at home even though I have a decent understanding of how it works - I stopped being a sysadmin in the mid '10s, I still worked...
It’s a great tool to have in the toolbox. Might take some time to wrap your head around, but coming from vm’s you already have most of the base understanding.
From a VM user’s perspective, some translations:
Dockerfile = script to set up a VM from a base distro, and create a checkpoint that is used as a base image for starting up vm’s
A container is roughly similar to a running VM. It runs inside the host os, jailed, which account for it’s low overhead.
When a container is killed, every file system change gets thrown out. Certain paths and files can be mapped to host folders / storage to keep data between restarts.
Containers run on their own internal network. You can specify ports to nat in from host interface to containers.
Most service setup is done by specifying environment variables for the container, or mapping in a config file or folder.
Since the base image is static, and config is per container, one image can be used to run multiple containers. So if you have a postgres image, you can run many containers on that image. And specify different config for each instance.
Docker compose is used for multiple containers, and their relationship. For example a web service with a DB, static file server, and redis cache. Docker compose also handles things like setting up a unique network for the containers, storage volumes, logs, internal name resolution, unique names for the containers and so on.
A small tip: you can “exec” into a running container, which will run a command inside that container. Combined with interactive (-i) and terminal (-t) flags, it’s a good way to get a shell into a running container and have a look around or poke things. Sort of like getting a shell on a VM.
One thing that’s often confusing for new people are image tags. Partially because it can mean two things. For example “postgres” is a tag. That is attached to an image. The actual “name” of an image is it’s Sha sum. An image can have multiple tags attached. So far so good, right?
Now, let’s get complicated. The actual tag, the full tag for “postgres” is actually “docker.io/postgres:latest”. You see, every tag is a URL, and if it doesn’t have a domain name, docker uses it’s own. And then we get to the “: latest” part. Which is called a tag. Yup. All tags have a tag. If one isn’t given, it’s automatically set to “latest”. This is used for versioning and different builds.
For example postgres have tags like “16.1” which points to latest 16.1.x version image, built on postgres maintainers’ preferred distro. “16.1-alpine” that point to latest Alpine based 16.1.x version. “16” for latest 16.x.x version, “alpine” for latest alpine based version, be it 16 or 17 or 18… and so on. You can find more details here.
The images on docker hub are made by … well, other people. Often the developers of that software themselves, sometimes by docker, sometimes by random people. You can make your own account there, it’s free. If you do, make an image and pushes it, it will be available as shdwdrgn/name - if it doesn’t have a user component it’s maintained / sanctioned by docker.
You can also run your own image repository service, as long as it has https with valid cert. Then it will be yourdomain.tld/something
So that was a brief introduction to the strange World of docker. Docker is a for profit company, btw. But the image format is standardized, and there’s fully open source ways to make and run images too. At the top of my head, podman and Kubernetes.
JavaScript is a language that runs on a user’s computer, when they visit a web page. It is often used for dynamic functionality, ie when you click “like” on a comment… JavaScript running in your web browser will make a request to the server letting it know that you liked the post, then the server will respond with a total number of people who liked it or something.
But, the server needs to know how to authenticate which user liked the comment (so you can’t like it twice etc). There are various authentication mechanisms to do this, with their own trade-offs. Over all, there’s secret information that the browser and the server have to share with each other, and we don’t want that information being accessed by the wrong people.
There’s also a common problem with web apps called “cross site scripting”. Basically somebody might craft a cleverly formatted comment that exploits a bug in the web page and causes the attacker’s code to run. One trivial example might be if every time a person read a comment thread, the attackers code caused that person to “like” a request. A more serious exploit would be one that finds out that secret authentication information I mentioned and shares it with the attacker. They can then pose as the victim user and do anything they want as that person. This would be bad.
So, on to the different approaches and their tradeoffs.
HttpOnly cookies. Basically when you log in, the server gives your browser a cookie vouching for who you are. Each subsequent request to the server will include this cookie automatically. The browser handles attaching it to the request, and the browser hides it from any JavaScript running on the page. One trade off is that it requires some authentication to happen between the user and the service (ie enter your username and password), to generate the cookie in the first place. This is likely what OP’s customers want to avoid.
bearer tokens: basically, when JavaScript code makes a request to the server, it can optionally add some tokens in the request headers and use those to authenticate the user. I’m assuming OP’s scenario involves his company providing a service that is used by another company’s web site. They want to log in the user on their system, then forward some info along to OP’s system describing that user. They can’t just set an HttpOnly cookie for his domain, since it would be private to him; so instead they store a magic token in the browser’s local storage or somewhere and send that on every request. The down side is that JavaScript has to be able to read that token, so it enables that malicious user we talked about to steal it if they exploit some other bug.
Anyhow, one common solution here is to set very short expiration dates on those bearer tokens. That way if somebody steals it, they can’t use it for long.
Another strategy is to limit what each token can do. OP needs to make it so you can like a comment using one of those bearer tokens, but more dangerous actions like purchasing things, deleting content, etc, should be guarded by a more secure mechanism. Then the damage is mitigated if the bearer token leaks.
41% of fediverse instances have blocked threads so far!!! (tech.lgbt)
Can you use the same domain/username for different fediverse services?
Is there a way to set it up so [email protected] can be a lemmy account and also a mastadon account? I seen people using subdomains like [email protected] and [email protected] is this nessasary? Could u also set up a matrix account with the same [email protected]? If not what woukd be requured to change to make this...
ProtonMail domains listed as disposable. Help needed to delist (github.com)
For now pm.me, proton.me, protonmail.com, protonmail.ch, slmail.me got blocked!
Dear server admins, please defederate threads.net. Dear users, ask your server admin to defederate threads.net. (mstdn.social)
Meta just announced that they are trying to integrate Threads with ActivityPub (Mastodon, Lemmy, etc.). We need to defederate them if we want to avoid them pushing their crap into fediverse....
Adam Mosseri spells out Threads’ plans for the fediverse | The head of Instagram says a full integration with the fediverse could take ‘the better part of a year’ (www.theverge.com)
I'm locked out of my 6 year old Chipotle account because they now say my email address is invalid when I login. Here is me asking for their help: (lemmy.world)
I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.
Lemmy v0.19.0 Release - Instance blocking, Scaled sort, and Federation Queue (join-lemmy.org)
cross-posted from: lemmy.ml/post/9347983...
Lemmy v0.19.0 Release - Instance blocking, Scaled sort, and Federation Queue (join-lemmy.org)
cross-posted from: lemmy.ml/post/9347983...
Threads Has Begun Federating Via ActivityPub (daringfireball.net)
Adam Mosseri:...
Four years after Apple, Google will finally kill third-party cookies in 2024 (arstechnica.com)
Mastodon founder touts Threads' federation, saying it makes his X rival 'a far more attractive option' (techcrunch.com)
YouTube will have fewer ad breaks on TV — but the ads are getting longer (www.theverge.com)
Dropbox spooks users with new AI features that send data to OpenAI when used (arstechnica.com)
Self-Hosting Email - Software Recommendations?
I’m going to start off but saying I know that self-hosting email can be a bad idea. That being said, I’m trying to de-googlfy my life and would like to experiment....
Threads is making moves for Mastodon integration (www.threads.net)
I have my problems with Meta, but I’m hoping this will help Mastodon grow
Threads is officially starting to test ActivityPub integration (www.theverge.com)
Should I move to Docker?
I’m a retired Unix admin. It was my job from the early '90s until the mid '10s. I’ve kept somewhat current ever since by running various machines at home. So far I’ve managed to avoid using Docker at home even though I have a decent understanding of how it works - I stopped being a sysadmin in the mid '10s, I still worked...
Waiting (lemmy.world)
SPAs were a mistake (lemmy.world)