Hi, I am a building a platform with the goal of supporting apps like this, and I would be interested to develop a plugin for your use-case as an experiment (no fee).

I am working alone on this and this is not my first priority, so I cannot make any guarantees about the timeline, or the scope of the plugin. But, if you are interested we can have a chat on matrix.

The project is not open source yet, but I am planning on doing so once (a) I figure out how to properly apply licensing, and (b) remove any potentially critical information (credentials) from the repository.

I have been using for the past month. I am not a power user, I mostly use it when I need to access libgen. Previously, I was using nordvpn. I feel proton is faster both when connecting to a server but also the connection is faster/more reliable. For example, if I forget to turn it off, I can watch a yt video without any issues.

For context, I am the top donor at my instance, I recognize that there is a need for funds. BUT, I believe it’s important for the fediverse to be accessible to everyone regardless if they have the funds for that.

Dopamine received, initiating hyperfocus protocol!

As a rule of thumb, we’ve observed that a team of 5 trained moderators appears to provide ample coverage and redundancy for servers of about 1,000 active users

That’s a fascinating bit of information. I would expect 5 moderators to provide coverage for more users. I am wondering how they came up with that statistic (will update the comment if I find an answer).

Remember that offliine/IRL community management experience can be just as important as online experience

Interesting idea, wondering what’s the IRL presence of the fediverse…

If you’re building toward participatory or democratic governance, consider establishing a proposal and voting system (some teams we spoke with use Loomio, but multiple options exist) for major policy decisions.

That’s soooo important, I love when communities create polls to decide on policy changes.

Avoid promoting brand-new members unless you already have a pre-existing relationship with them

I have followed some discussion on multi-level hierarchies on the fediverse, wondering if there are any instance implementing that…

Consider charging for accounts or offering paid memberships.

Hell no!

We hope there will be more resources available in the future, particularly tooling around legal compliance. This is one of the big infrastructural gaps we point out in our main report

That’s a big issue, I would be interested in hosting an instance available to other people, but I don’t want to end up in jail and I lack the resources to make sure that won’t happen…

That was an interesting read, it seems there is an in-depth analysis of the report here.

Can someone ELI5 so I can get enough dopamine to go read the whole thing?

Not sure if you are being sarcastic or not but I found this review.

https://www.mdpi.com/2073-8994/14/5/858

I had done some research about a year ago, but I don’t have the papers saved.

If you are worried about duplicates, aka a single bot spamming multiple votes, then that’s feasible to mitigate.

If you are worried about multiple bots spamming one vote each, that’s harder to mitigate and it comes down to how the instances handles bot accounts in general. IMO it’s best to ignore the bot problem and instead focus on designing a vote weighting system that favors similar instances.

For anyone interested, there are a few papers on cryptographically secure voting, where both voter anonymity and election integrity are preserved.

Most designs consider three separate entities, where if you accumulate the information between those entities you would be able to identify a voter and his vote, but each entity on itself does not hold enough information.

Follow people from other instances, if you find them interesting, chances are they will find you interesting and follow back.

Use tags, especially popular ones.

Probably a lot less, keep in mind that whenever it answers a question the whole model is traversed multiple times, going through multiple GBs is not possible in the matter of seconds the model answers.

Here is a list of note-taking apps:

https://github.com/tehtbl/awesome-note-taking

By the way, I am building my own Journaling system, it’s still early stages and I am looking for ideas!

Me neither buddy, me neither…

Falsehoods About Time: … Time always moves forwards.

I had to learn this the hard way… I was working at a platform that pulled measurements from sensors. The sensors did not declare the timezone for the timestamps of the measurement and the platform broke down twice after daylight saving. The first time there were duplicated records which caused conflicts and the second one we weren’t handling impossible timestamps.

I have serious sleep issues so I heavily really on my alarm app, I need features like:

1. wake-up captcha
2. wake-up time randomising
3. the ability to load a playlist, or play a podcast episode
4. sleep tracking

It may sound boring, but I would appreciate a good open source alarm app for android.

A good place to start is the owasp cheat sheet. They provide up-to-date, high value information about software security, I wish there was a resource like this when I started learning about security.

Even though, I have a decent background in software security, it’s hard to decide on an encryption schema that’s both safe and easy to use. My goal is to increase the number of components an attacker has to compromise in order to get access to the data.

twelve factor app

Great resource!

Write database migrations in both directions so people can downgrade on failures.

Good point. Personally, I take backups before upgrades and restore if anything goes wrong. But, I understand how downgrading sometimes is just easier.

I have trouble coming up with a migration procedure that makes sense to me. I have the following in mind:

1. Provide init scripts that produce a schema that matches beginning state of the current major.
2. Provide major to major migration scripts.
3. For every major, provide minor to minor migration scripts.
4. Schema changes require at least a minor release.

Make it possible to configure your system via ENV variables, ENV files and config files.

I am bit worried about this one, environment variables can be a security concern. Specifically, I am not sure if I should allow providing secrets (like db connection strings) through environment variables. I am inclined to let people do what they want to, but issue a warning.

Make it possible to disable authentication to add Authelia or LDAP through the webserver. Make clear that this is only to be used for external authentication.

I am considering adding support for oauth through keycloak. My assumption is that if you are going to host your own LDAP, you can probably configure keycloak too. Do you think that makes sense?

Make it possible to run multiple parallel instances of your software without affecting the database consistency, e.g. for high availability or horizontal scaling.

Ideally, an instance shouldn’t be big enough to need it. I know, famous last words, but in my case I think it’s a bad problem to have. I am going out of scope, but I am wondering where is the line between discouraging large scale deployments and designing something pre-destined to obscurity.

Telemetry

Not even on my radar, thanks for bringing it into my attention 🙏

Great point, I always consider dependencies from a security perspective, but for management/setup sometimes I am like “the devops are going to figure it out”…

To clarify, would an example be supporting sqlite, so people won’t have to deploy postgres unless they need to?

My plan is to offer a docker-compose configuration people can tinker with. I had the mindset that whatever happens in the container stays in the container, but your comment made me realize I should be mindful of other installation methods. Thanks 🙏

Hey, I am sure I have it, I rephrased the comment, thanks for bringing that up.

Myth: You are lazy.

Truth: It’s highly probable you are neurodivergent.

While, accurate numbers are not available, I have seen people estimating that 20% of people working in FAANG are neurodivergent. If coding comes naturally to you but the laundry is your mortal enemy, it’s worth learning about ADHD/ASD and other common disorders. Being a coder can be a sign, the immediate feedback helps a bunch of us, or as Russel Barkely says “when you solve a problem on a paper, NOTHING HAPPENS”.

Edit: Rephrase.

Totally agree, I had the fortune to read Domain Driven Deign by Eric Evans early in my career. While, the book may be outdated, it helped me understand that my job is to turn the unknown or ambiguous into code. I find that much more exciting than being a coder.