it’s not unrealistic to keep trust at the server level. following your rationale, you can’t trust my reply, or any, because any server could modify the content in transit. or hide posts. or make up posts from actors to make them look bad.

if you assume the network is badly behaved, fedi breaks down. it makes no sense to me that everything is taken for granted, except privacy.

servers will deliver, not modify, not make up stuff, not dos stuff, not spam you, but apparently obviously will leak your content?

fedi models trust at the server level, not user. i dont need to trust you, i need to trust just your server admin, and if i dont i defederate

linking barely relevant threads is a bit annoying

your complaints on “unlisted vs public” are completely unrelated to the issue at hand

your analysis that relates to this pixelfed flaw is just:

Privacy Enforcement:

• No explicit requirements for how receiving servers should restrict visibility based on audience fields
• No requirements that servers must hide content from non-addressed users

these aren’t good analyses: content should be private by default, nowhere is stated otherwise. if you feel like this common sense practice is somewhat arbitrary, it’s actually mandated by GDPR and more data protection laws.

if you want to rule lawyer that “acktually spec doesnt EXPLICITLY say that you cant show stuff meant for alice to bob if bob asks” and ignore this web good practice (probably implied by the many privacy remarks in the spec but let’s ignore those) which is actually mandated by governments, feel free to still ignore the incompetence displayed by dansup in implementing something that every other fedi software managed, go for it

even if you were right, even if the spec was really that vague, even if it wasn’t a good practice and requirement, in a federation parties cooperate. pixelfed breaking a common agreement is defederation worthy, and dansup remains either incompetent for implementing badly something easy or toxic for federating ignoring what the federation requires

you’re still not addressing the point, just linking other posts back and forth and moving the goalpost

audience targeting is NOT a new abstraction by mastodon, it’s part of ActivitySTREAMS, not even ActivityPUB

rtfm and do NOT give a rest to bad behaving software

variety of made up reasons

you are not engaging with the argument, just stating ideals

fedi developers should get paid? yes, look at gts and mastodon

fedi devs should also be held accountable of their fumbles

dansup showed quite some incompetence in handling security, delivering features, communicating clearly and honestly and treating properly third party devs

it’s fair for one person to not be able to handle a big software with big instance and big usercount. mastodon has a legal entity and a team, gts has no flagship instance, is aggressively open source and gathered a lot of contributors, dansup is winging it alone and failing

let’s just make a big fixed point of failure of dansup, what could go wrong … ?

check out mitra too, could probably use some funding because it’s transparent and delivers rather than promising the moon and delivering CVEs (but with a grant AND a kickstarter, maybe pay some other devs???)

like there are thousands of fedi projects, give 10 bucks to the little dev doing it for fun in their bedroom, more money will not make dansup more competent

periodic reminder to not touch dansup software and to move away from pixelfed and loops

dansup is not competent and quite problematic and it’s not even over

developers with less funding (even 0) contributed way more to fedi, they’re just less vocal

dansup is all bark no bite, stop falling for it

receiving posts is trivial but you need to convince others to send it to you. i can’t just set up a malicious instance and get your private posts, i need to convince you to send them to me, and once convinced i can use any normal software to access it, no malicious custom thing needed. literally just follow me from a mastodon.social throwaway and you get my followers-only posts. content addressing is great on fedi and your instance sends your private posts exactly to who you want and noone else. pixelfed receives a private posts and shows it to third parties, its not the system’s fault.

fedi is not great for sexting because your pics just sit in clear on your server admin’s machine and all dms are easily searchable on db, it’s a whole other issue

email works the same way. it’s impossible to implement private emails? if you cc your email to [email protected] and it leaks, would it be fair to complain about the whole email system?

e: should have read deeper first its already been said

this is wrong, you’re assuming incorrectly. private posts get sent to only intended recipients. pixelfed allows other recipients on the same server to read that. it’s not your instance software, it’s pixelfed, please dont spread misinformation based on uninformed assumptions

if you deliver a letter to your cousin, and they leak it to all their friends, is it the post system’s fault? instances federate by default, but private posts require actual intention. if i make a private post, explicitly mark it as private, deliver it to your instance and then your instance leaks it, i’d blame the instance, not the system. even signal can leak if you send your stuff to unintended parties.

someone can create a rogue instance

you shouldn’t send private stuff to unreliable parties. big software and big instances have a reputation, and it’s constantly up to you whether sending them something or not. when @[email protected] follows you, check where they’re from. if you just accept follows left and right, are your followers-only posts really private? and if you direct message someone on some sketchy instance, you still need to trust them to respect your privacy. it’s the same on signal, e2ee doesn’t make a difference

this is why i completely blame pixelfed here: it breaks trust in transit and that’s unacceptable because it makes the system untrustworthy. you can get followed by sketchy people on mastodon.social and they will only see what you send them. in this case, other people can see what you post, regardless of you sending it to them or not, and regardless of the target leaking it or not

gender is nothing more than “today i feel”

congrats on your strawman, you’re really driving your point home

numbers can be proven mathematically

congrats on proving math with math

there is scientific proof that gender ideology is not “today i feel”, that sex and gender are distinct. you brought up multiple chromosomal conditions which are part of the scientific proof of such claim, but are too sold on high school biology to entertain complex concepts

if you want to bring “science” in this discussion, maybe read it first? it’s ok to be uninformed, you can be wrong on the internet

so we agree that

1: one 2: two

and then there are just some numbers in between, 0.1, 0.2…

this is just a fact, you coming in these comments wielding words you don’t understand and concepts you barely grasps doesn’t make you smart or correct

you’re just a bigot regardless

“what is the third gender” your deliberate misunderstanding and simplification of the issue is just bad faith debate. you’re proving us that fractions are “syndromes” by using only integers. this is just a display of ignorance and bigotry, it doesn’t really paint you as smart as you’re trying to appear

thee are only 2 atoms in the universe: hydrogen (74%) and helium (24%). so you’re either a Hydrogen, a Helium or have a syndrome

honestly yes you’re probably not going to use them a lot, if at all, especially in python

ok fair i’m only considering short-ish commutes, never 5+ miles

not really, for daily commutes any piece of junk that brakes and rolls will do. rode only ~50 bucks bikes for the last five-ish years, old city bikes are indestructible

“us/them” mentality doesn’t help much. this is surely a great fuss for a 3 year old pr but you’re misrepresenting the situation:

• serenityOS (and consequently ladybird) has rather strict rules about wording documentation: they enforce language style and even date formats
• that wasn’t a report, but a PR: rather than pressing ~50 keys on your keyboard and then a “lock” button he could have just pressed the “merge” button and integrated those ~10 total characters changes
• github issues are routinely used to fix wording: documentation often lives on git and it’s useful to have it version controlled, even plain documents without attached source are kept on git so that their edit history is accessible and manageable

folks are making a big fuss but Andreas really set himself up: just say sorry and change 4 words, such a weird horse to die on

there are plenty of articles about regrets and resources about detransition, those who get shouted down usually try to use ridiculously low regret rates as reasoning to limit access to healthcare. marriage has a 43% regret rate, why isn’t your energy spent there instead?

then use “they”, do you speak exclusively with yourself? your linguistic choices affect others, just like others’ linguistic choices affect you (as you were noticing and complaining about)

you don’t understand the language and thus everyone should comply with you? i’d rather read correct english than what you find more understandable