!Selfhosted @Vincent Cloutier - I'm fairly new to running services on my vms but does anyone have any experience running DotMakeup ? I'd like to host an instance to share some Twitter and instagram accounts in a controlled way to my family on my #friendica instance.
I'm kinda of at that point where I can sort of use #DockerCompose but umm.. honestly not really sure where I would start from git.sr.ht/~cloutier/dotmakeup
!Selfhosted - I'm new to #Authentik - I've just spun up a test instance and tried to connect my first application (#Postiz) but I'm kind of stuck.
I've installed both Postiz and Authentik using Docker Compose - as provided by the relevant apps.
As far as #Authentik goes it looks like its approving authentication requests (its showing successes in the GUI) but the application just returns to the login screen without progressing.
One thing that I found was that within the configuration of the Application and Provider one URL provided by Authentik is the /application/o/postiz/.well-known/openid-configuration which lists several URLs used by the application - one is /application/o/authorize/ but unlike all the others this returns a 404 error when I try to load it via the browser.
I am struggling to work out if - this URL should 404 should occur and also how to diagnose what the problem is.
I've popped messages in their relevant Discord forums but any ideas or input would be greatly appreciated - I'm figuring getting Authentik is going to be key to getting other applications going.
like this
Selfhosted reshared this.
I have self hosted for years using Authentik and have 50 + services. Postiz has been one of the most challenging to spin up and maintain. The documentation is not up to date, the software is constantly changing and I had to tweak lots to get it to work. Even now, it seems to crash after a few days and haven't had the chance to investigate. All these posts I set up didn't go through and now if I turn it back on, it'll release them all in one go before I can get in to stop it, or have to revert to a fresh install...
The vast majority of services and not like this so don't get disheartened! Try some other ones first them come back to this when more experienced. I recommend Bento PDF, ConvertX, outline wiki, vikunja and immich (if you have the storage space).
At first, try to stick to software on Authentik's guides (integrations.goauthentik.io/). Once you do a few OIDC and forward proxy services you'll get the hang of it.
When I get a chance I'll share my docker compose SSO settings and authentik redirect uri that worked for me with the caveat that the software crashes for some reason.
like this
Oh cheers. Yeah I think I need to test setting up another app to confirm whether its Authentik or Postiz. The other app I am looking at is an open source core banking system so I think I'll leave that one for a while and as you suggest try something more straight forward.
I'm keen to get Postiz working because I belong to a sailing club and its a time vacuum posting updates all over the place.
I'm interested do you you anything for social listening - I'd like to pull together a few social feeds from Twitter, Instal, Facebook and provide them to the few of us that are working on keeping the club's profile up.
sFencer09 likes this.
Selfhosted reshared this.
Selfhosted reshared this.
Selfhosted reshared this.
So an update. It turns out that all the issues were actually to do with Postiz rather than Authentic. - I tried installing a few other apps and linking them to Authentik but I ran into a few issues. Then I took Postiz and tried turning off the Atuthentik authentication and then just getting it to work with native user accounts. This initially didn't work - it turned out that there were a few issues.
1. The startup procedure for Poztiz actually left the backend API service not running properly. I had to run the docker compose, get all the other services running and then stop the postiz container specifically wait a bit more and then restart just that container. That got the API service running.
2. Because I was just running it internally I didn't have SSL certificates configured and was just using http - consequently I had to introduce NOT_SECURED: "true" into the environment section of the Postiz service in the compose file and then repeat the process above. This resolved a silent error in my browser where cookies used to manage the authenticated browser session were discarded because I wasn't using SSL.
So success at least getting Postiz running. I am now going to step back, reconfigure it for Authentic retry.
I am going to guess that these issues might be relevant if you are running Postiz behind a reverse proxy (I'm not sure if this is being done with the docker compose set-up). I possibly also need to look at how much memory and CPU I have on my test VM.
I've posted similar details in Postiz Discord. If anyone else is using #Postiz and would like to exchange notes - please do drop me a mention. Always good to have other people to talk to about these things and share notes.
Selfhosted reshared this.
!Friendica Admins - I have realised that when I set up my private server I never really considered terms of service text -
What have you included in your Terms of Service page and why? Are you based in the EU and have you included specific Privacy statements and do you have references to GDPR? - I would really like to work on appropriate text to include for both public and private (closed registration for groups or friends & family ) servers.
While the Friendia.ca text provides a starting point. I'm not sure that I should be blindly copying and amending that text.
reshared this
I have a ToC like this:
friendica.hubup.pro/tos
It includes a Privacy section; I tried to make it as accessible as possible. It also aims to manage expectations, helping users with what to expect.
Friendica Admins reshared this.
Yes, there is a minimum age requirement, but it's not verified. The terms make clear that this server is not intended for younger users that may need closer supervision; our moderators are not able to constantly monitor all public posts.
The server is situated in Asia-Pacific, where most of our users are based. The choice of Irish law is for pragmatic reasons, as some of the operators have connections to that country. The terms aim to set out a framework we intend to follow as a minimum standard. This does of course offer limited protection to the service provider if their assets and interests are elsewhere. It's still probably better than opting for a jurisdiction with draconian laws. Indeed, there are places in the world where people have served prison sentences merely for clicking "Like" on Facebook posts that were deemed illegal in that place.
On a more cheerful note, the terms are written to be accessible, intended to set clear expectations, so everyone can get the most out of and enjoy the service.
Yeah I mean its a helpful to have something. I wasn't sure about whether your choice of jurisdiction is something that you can elect but I can understand the thinking. You might want to check how enforcible that nomination is.
I can see that not too far from now I might be running into issues with New Zealand and Australian social media laws and it sounds like the UK is going that way as well.
Friendica Admins reshared this.
Disfruta de los vídeos y la música que te gustan, sube material original y comparte el contenido con tus amigos, tu familia y el resto del mundo en YouTube.ABC News (Australia) (YouTube)
abeorch reshared this.
and I'd just like to say that Clarke is a New Zealander that had to move across the ditch because NZ is just too small to contain such talent
Look up Fred Dagg:
youtube.com/watch?v=AYvMeT2GC1…
youtube.com/watch?v=AeUzrsjwF4…
Disfruta de los vídeos y la música que te gustan, sube material original y comparte el contenido con tus amigos, tu familia y el resto del mundo en YouTube.Gavin Storey (YouTube)
Casting a large net here but does anywhere in my circles do #accessibility consulting for the web?
Edit: thank you everyone for helping me out! I have some solid leads I’ll track down on Monday.
reshared this
Takahē is an ActivityPub server designed for efficient use on small- to medium-size installations, and which allows you to host multiple domains on the same infrastructure.jointakahe.org
like this
like this
Fediverse reshared this.
I think the video is a well done explainer.
While reading the kinda angry book, my Computational Thinker's brain would translate to words like CAP-Theorem, heuristics, implied-in-fact contracts and Law of Leaky Abstractions. I'm living in a computer scientist simulation.
Do you think "Simulation" is an elegant word for describing what's going on? Also who is setting up all the simulacra?
like this
reshared this
Application to contemporary politics
In Europe, where do most votes go to the green? In cities! Nobody living in cities still knows nature, absolutely nobody. All they know is the botany they see when leaving their appartments. Maybe they lived in houses with gardens in the suburbs before and left closer to the center. But the majority never lived close to nature. So space is left for symbolism of "true" nature. All the parks are simulacrons of nature, their preservation is way more important to cities than to farmers who live a completely different simulation of nature. Protection/conservatism have completely different meanings to both cohorts. Can we undo such simulacra differentiation?
like this
By definition, the ideal of nature stopped existing when humans participated and shrank even more later on.
Thanks, I'll look into the other books once I finished all three the Wachowskis asked Reeves to read.
edit: Having used the word "ideal" here... Platonic ideals are used to describe real objects as copies of which the original does not exist, therefore real objects are simulacra of platonic ideals. So reality has been a simulation, at least since Plato.
potatoguy likes this.
potatoguy likes this.
Disfruta de los vídeos y la música que te gustan, sube material original y comparte el contenido con tus amigos, tu familia y el resto del mundo en YouTube.Magdalen Rose (YouTube)
I am a business analyst that runs my own friendica instance focused around my friends and family..
Amoung them are some younger members who ae getting to the age where they will most likely start exploring social media.
For this reason I would really value the ability to create child accounts on friendica where their parents and/or I could retain a degree of control over what content they see.
Specifically I would like their parents as non admins to be able to:
See all the content they have access to.
Have the option of controlling which accounts they can follow and can follow them
Can limit their ability to post publically.
Limit their ability to create groups, pages etc.
Have notifications set for any follow requests they get
Control whether they can login or not (temporarily)
Have the ability to turn these controls on/off as they get older so they can retain the account as an adult.
I understand that these are a significant set of features.
I am wondering whether others have an interest in this kind of functionality amd would be interested in talkking more about it.
What would be the best way of supporting those with friendica coding skills who might like to implenent these kind of feature? How best could I contribute?
Friendica Developers reshared this.
I personally like the idea as such — and as the admin of a Friendica instance, too. But as Michael already hinted, there are a number of legal pitfalls involved. First off: the assessment below is based on the legal framework that applies in Germany and the EU (in particular the GDPR, the German Basic Law (Grundgesetz), and the German Civil Code (BGB)) — it may look different in other countries, and it isn't binding legal advice in any case.
How big those pitfalls are depends crucially on whether the instance is public or a purely family instance — that makes a huge legal difference, so I'll go through both points for each case.
The fundamental difference up front
On a public instance, I process the personal data of other people and am therefore fully a "controller" within the meaning of the GDPR. On a purely family instance, by contrast, the household exemption applies (GDPR Art. 2(2)(c) — "purely personal or household activities"), and a large part of the obligations simply falls away. However — and this is the most common misconception — that exemption only holds as long as the traffic actually stays within the closed circle. Friendica federates outward via ActivityPub by default; as soon as the child's content reaches other instances, it becomes accessible "to an indefinite number of people," and under the case law of the European Court of Justice (Lindqvist, Ryneš) the household exemption tips over at exactly this point. So "private," in legal terms, means: a closed circle and federation restricted accordingly.
1.) Access for minors (GDPR Art. 8)
Public instance: I may not simply grant a minor under 16 access without further ado — what's required is the verifiable consent of the parents (GDPR Art. 8 is fairly clear on this). As the admin, I have to be able to demonstrate
The consequence is that I have to retain these proofs — i.e. process additional and in part highly personal data — and for that I again need a legal basis, data minimization, and documentation.
The verification of (b) in particular is hard to accomplish in any serious way on a public instance, and it is at the same time a child-protection problem: if any arbitrary person can register as the "parent" of a child account, then I am handing out full visibility into and control over the child — reading their messages, controlling whom they may follow and who may write to them, when they may log in — possibly to a stranger rather than to the genuine legal guardian. The very functions that are intended as protection for the child become a tool in the wrong hands: a person with bad intentions would thereby gain seamless surveillance, isolation from trusted contacts, and access to a child's private communication — that is, precisely the means by which grooming and abuse operate. So without reliable verification of the parent-child relationship, I'm not just building a protective function but potentially an instrument of abuse. That's why verification here is not a formality but the very heart of the matter.
Family instance: Here this critical point eases almost entirely. I know the families, the parent-child relationship is verified offline — a stranger registering as a "parent" is simply not possible within the closed circle, and the core child-protection problem falls away. The formal retention and documentation burden for the highly personal data also largely disappears, since there is no GDPR controllership.
2.) "See all the content they have access to."
Insofar as this refers to the child's / adolescent's public posts, it is unproblematic in legal terms in both cases. With private messages, however, the paths diverge again:
Public instance: I may not make the private messages accessible to the parents without first informing the affected third party who is corresponding with the child — and without having a legal basis for it. After all, the third party has not consented, and parental responsibility covers the child, not their communication partners. The viable legal basis for this is the third party's general right of personality (Art. 2(1) in conjunction with Art. 1(1) of the Basic Law — informational self-determination and the confidentiality of communication) together with the GDPR (I am the controller and need a legal basis + transparency under Art. 5, 6, 13/14). Thematically related, but in the individual case rather doubtful or not applicable, are the secrecy of telecommunications (Art. 10 of the Basic Law, Sec. 3 TDDDG) as well as Secs. 206, 201, 202a of the Criminal Code (StGB) — these mostly don't apply directly to a private, non-commercial instance.
In practical terms this means: either private messages are excluded from the parental view, or it would have to be marked — ideally visibly across the entire Fediverse — that this is a restricted account whose messages can be read along.
Family instance: A parent privately reading their own child's messages is acting within the scope of parental responsibility, not as a data-protection controller — so that is not a problem. With one caveat: as soon as the child is messaging someone on a foreign instance, that external third party still has their personality rights and knows nothing about the reading-along. So this part remains in play as soon as the communication leaves the family circle — one more reason to restrict federation for the child accounts.
What stays the same in both cases
Independently of the GDPR and the type of instance, the privacy of the growing child remains an issue. Sec. 1626(2) BGB obliges parents to take into account the child's growing need to act independently and on their own responsibility, and the child is themselves a holder of the right of personality. Seamless reading-along is care in the case of an 8-year-old, but a disproportionate intrusion in the case of a 16-year-old — and that applies in the living room just as it does on the family instance. This is precisely why the age-graduated, "growing-with-them" idea (winding the controls back as the child gets older) is spot-on from the very start.
Conclusion
Technically, the feature would be great. For a public instance, the parent verification is the critical sticking point above all — and that is exactly why, when it comes to minors, the gated approach (manually approved accounts with an offline-verified parent-child relationship) is not just cleaner but the only responsible option. For a purely closed family instance without open federation, by contrast, the legal pitfalls shrink down to a matter of family-law good judgment: staying proportionate and winding the controls back with age. But as soon as a family instance still federates publicly, you're partly back in the GDPR and affected-third-party territory when it comes to contacts outside the family. All of this refers to the legal situation in Germany / the EU — for a solid assessment of the specific individual case, professional legal advice would be advisable.
I wrote the text in German and had it translated using Deepl.
Sorry for the slow reply. There is a bit to break down there. My response is somewhat unstructured. I apologise - might need to sort out my thinking a but more.
My thinking is primarily within what I think you would say were Private instances
1. Public vs. Private instances - One option would to be to restrict federation for child accounts - this would avoid many of these challenges as you say as it would effectively turn the account into something that is controlled by the 'parent' account
2. Supervised / supervisor account compared to Parent and Child Accounts - The functional capabilities are actually independent of the idea of whether the people concerned are younger or older than 18 - i.e the functionality could be implemented with no reference to age.
3. Current processes for Public instances - Are all public instances currently collect identity documents to confirm their age of users as above 18 or is it based on attestation - i.e. people signing up just say they are above the age of 18? - If this is the case could attestation that the person creating the 'child' account is the parent/guardian of the 'child' etc. t
4. Third party communication - My understanding is that following has / can have an approval acceptance process (follow requests) - I can't see why this could not resolve the issue of advising third parties that their content might be ready by the 'parent'
This actually promoted me to think - What are standard terms of service for Friendica instances? - My instance is private and well I've never really worried about that.
It still seems to me these challenges are not insurmountable.
Friendica Developers reshared this.
Do minors (under 16 ) or people who agree to use a service legally gain the right for the messages to be private from their parents/guardians or from people they have agreed to have them shared with?
I
Friendica Developers reshared this.
Friendica Developers reshared this.
I looked at ico.org.uk/for-organisations/u…
Quoting
It’s usually appropriate to let a person exercise a child’s rights on their behalf if:you’re satisfied that the child is not competent; and
the person who has approached you holds parental responsibility for the child.The exception is if you have evidence to suggest that this isn’t in the child’s best interests.
If you’re confident that the child can understand their rights, you should respond directly to the child. However, you could allow the person with parental responsibility to exercise the child’s rights on their behalf if the child authorises this, or if it’s clearly in the child’s best interests.
The way i read this you have a "best interests of the child" override but I am interested in other jusidictions - regardless the functionality can be used or not used depending on an individual sever admin's view.
Perhaps if you are in Germany and concerned it might breach their rights you could turn off the functionality.
Maybe I should add two user stories.
As a instance admin i can turn on , off or.require my approval for each child account creation
As an admin I can release a child account from any of the restrictions imposed by a parent
Also thinking about it also need a process for admins ans parents to add and remove other parents
Friendica Developers reshared this.
The problem is that the other side must also agree. So even if your child had consented to be monitored, all other people that your child has in their contacts also have to agree to this.
The problem here really lies within the boundaries of the specific countries.
Friendica Developers reshared this.
Friendica Developers reshared this.
Friendica Developers reshared this.
Friendica Developers reshared this.
@abeorch @Michael 🇺🇦 There isn’t a single simple definition… in this case, it involves several laws, ranging from the GDPR to the Telemedia Act, the Constitution and the Criminal Code. And those are just the laws that spring to mind right now, without me being a lawyer.
Your suggestion to flag children’s accounts for other users would be a solution, but it must be ensured that all other users in the Fediverse can see and understand that if they message such an account, their data may be viewed by third parties – and that they must be aware of this before messaging such an account. In my opinion, this would mean that all apps in the Fediverse would have to initiate an extra query for this purpose and display a warning.
Friendica Developers reshared this.
Coming to #CiviBRM in Birmingham UK tomorrow?
Win at my ethical-issues-of-AI-bingo game and take home #KarenHao's Empire of #AI!
Wanna swat up to have more chance of grabbing the book? You can gen up here:
artfulrobot.uk/blog/ethics-asi…
#CiviCRM #openSource #CRM
Notes for a audience-participatory chat about AI with third sector organisations in the UK.Artful Robot
reshared this
I don't have access to my Starlink router at the moment (I'm traveling) and its going to be a while before I'll be back - but one of the things I need to look at is whether I can allow incoming connections for specific ipV6 addresses (and/or ports) to allow me to run an ipV6 VPN end point from an Openwrt router running behind the Starlink connection.
My objective is to securely run a ipV6 endpoint to allow me access to devices sitting behind a Openwrt router that is using a Starlink router as its WAN connection without using bypass mode so I don't disrupt others already using the Starlink Wifi.
I know that practically putting the Starlink router in bypass mode then emulating its SSID and wifi device ID to seemlessly migrate users over to more configurable OpenWRT router would be a better option - but that's possibly going to cause some disruptions (lets say its not politically acceptable ) but perhaps opening up a ipV6 address might be.
I've had a quick look around for guides / instructions but without immediate success. I don't know whether that's because it can't do it or I'm just not finding the appropriate documentation.
The Dutch branch of German discount supermarket Lidl is bringing forward its goal of achieving 100% electric transport by 2030 to 2027. From next year, all stores will receive deliveries exclusively by battery-electric trucks.
Disfruta de los vídeos y la música que te gustan, sube material original y comparte el contenido con tus amigos, tu familia y el resto del mundo en YouTube.Lidl Nederland (YouTube)
reshared this
reshared this
Dear Sir or Madam,
I offer loans for everyone who needs them. Real estate and car loans are also available. If you are starting a business or planning projects such as construction or financing, this is your opportunity. I offer loans from €10,000 to €900,000,000 at an interest rate of 5% and am always transparent and honest.
piqueseverinne@gmail.com
Sincerely,
Dear Sir or Madam,
I offer loans for everyone who needs them. Real estate and car loans are also available. If you are starting a business or planning projects such as construction or financing, this is your opportunity. I offer loans from €10,000 to €900,000,000 at an interest rate of 5% and am always transparent and honest.
piqueseverinne@gmail.com
Sincerely,
Llega el calor, llegan los amigos que pasaron de ti en inviernoEl boletín de EMT
abeorch reshared this.
frongt
in reply to abeorch • • •SpaceNoodle doesn't like this.
abeorch
in reply to frongt • •Selfhosted reshared this.
frongt
in reply to abeorch • • •SpaceNoodle doesn't like this.
BruisedMoose
in reply to frongt • • •frongt
in reply to BruisedMoose • • •SpaceNoodle doesn't like this.
BruisedMoose
in reply to frongt • • •frongt
in reply to BruisedMoose • • •BruisedMoose
in reply to frongt • • •That still doesn't help me understand why you would clone the entire repo just to install the docker image. You create the compose file (and the variables file if that's how you roll) and docker handles the rest. For someone who is already admitting their unfamiliarity with things, the whole idea of getting comfortable with git just seems unnecessary and unhelpful in this context.
It's fine, you don't need to reply again. Just different outlooks, I guess.
frongt
in reply to BruisedMoose • • •abeorch likes this.
SpaceNoodle doesn't like this.
BruisedMoose
in reply to frongt • • •Thank you for the more detailed response. Like I said, I'm no pro at any of this. I just want to learn when I can.
And for the record, I don't know who downvoted your comments, but it was not me!
abeorch
in reply to abeorch • •Selfhosted reshared this.