@Gargron I am ambivalent on quote posts, but I quite like how you handled post editing in a way that eliminates most of the concerns raised on it. A similar approach of listening to the concerns and building with them in mind would make it feasible to not be a destructive feature.

@dansup Stunning how quickly you are getting this out there, really appreciate the rapid improvement. I'd love to see another social networking activity start the transition to federation.

@dansup @pixelfed This is important and should become a standard across fedi. We shoujld be able to set policies that prevent potentially compromised instances from communicating with ours until updated to a safe version.

This also solves the problem of absent admins, their instance will fade to irrelevance if they ignore it too long.

@dansup You just need to code up some better admins and federate them!

@dansup 😭

@dansup I was going to ask this. It would be nice to finally have one messaging app to rule them all. I seem to remember you saying it was going to work with existing fedi id's...

In other news, I miss Trillian.

@dansup This is almost what I was hoping for. I'd suggest though making the auth hub it's own identity/service so that it could more easily be stood up by site builders who are looking for SSO to multiple services on the same domain, ie: I'd like to sso pixelfed.domain.tld/firefish.domain.tld/friendica.domain.tld and have something like passport.domain.tld

Ideally the account itself should be portable to another auth instance as well, say someone is going offline.

@dansup @pixelfed If this works as I assume it works it should open the door for a stripped down ActivityPub account service, which other AP services could link to as an alternative to local account creation (or in addition to). This would let people building personal stacks of multiple services have a Single Sign On experience across them.

@dansup @pixelfed Oh yes! This is what I've been saying, we need Oauth in the fediverse. Not a bunch of logins for each and every service. This is awesome and please get the other services to support it!

@darius This is great news!

@dansup @pixelfed Yes, edited my first photo posted to add the info I put up on current ones plus hashtags. Worked great!

@darius I think the answer to this really depends on who you are and what you are concerned about protecting. For a regular person, Google/gmail is likely the better choice. For myself? I'll take the platform I run or that another I trust runs. Mostly because I understand the risks and will use the platform in light of those risks.

Not dissing the project though, I think it's a fantastic idea.

@darius While I get your point I think the concern would be that there are two main avenues of compromise: in transit and at the endpoints. I think the belief of most is that their email, likely gmail, outlook, exchange, etc is likely managed by a large organization that will keep it secured and up to date while a random mastodon stack has a higher risk of one side or the other falling behind on maintenance and thus exposing a private conversation.

@darius This is not a bad idea so long as e2e could be done in an open way. I'd like to see oauth2 client support in ActivityPub apps too, I shouldn't have to create an account for every server. An AP compat identity server that others could auth against would be ideal.