@wxcafe Holy crap, this is a huge deal. What amazes me is that this has been going on for a year and nobody caught it.

Has there been any discussion about how this happened and what changes need to be made to QA to avoid this kind of thing from happening again?


long, a bit technical 

@sandrockcstm @wxcafe there has been no discussion about that yet

what i did as soon as i understood what was going on was to add tests. in retrospect i probably shouldn't have accepted the original PR without tests to cover the new behaviors

fundamentally, delivery of followers-only toots relies on both instances knowing who follows whom, but this may get out of sync for various reasons (bugs, like here, someone unfollowing or force-unfollowing someone else during a prolonged downtime, an instance rolling back a backup, etc.) and we currently have no way of synchronizing followers info. that's something that's completely lacking from the protocol and which i'm now trying to push, but it will take a while, as, well, such mechanisms really aren't in the spirit of the protocol

finally, a safer way to handle followers-only is to send those toots explicitly to a list of people, but while we could do that, this wouldn't be fully compatible with current and older Mastodon versions (random followers-only posts would show up as DMs), and it has complex performance implications, in addition to changing the exact meanings of followers-only (new followers wouldn't have access to old toots, for instance, which may be a good thing or a bad thing depending on who you ask, but would be an unexpected change in behavior either way)

re: long, a bit technical 

@Thib @sandrockcstm @wxcafe and over on the user/sysadmin side, there's been a lot of talk, but solutions get smacked down by Eugen & co so we've given up on change happening.

Security people like myself have been yelling, politely, about how friggin bad the backend implementation is for years, along with specific suggestions on how to incrementally move towards safety for the participants in this platform.

And we get mocked for our caring and voice-raising.

Saying "there has been no discussion" erases the effort that users have done to raise these issues, and borders on gaslighting.

If people submit bugs, feedback, and patches, and constantly get shut down by an individual and the systemic toxicity they cultivated in their areas of influence (specifically in the bug reporting and remediation process), that's vastly different than "nobody has talked".

We talk, just not to people who constantly shut down the concerns.

This is only being seen now because the outcry hit some critical mass where it cannot be ignored by the techbro power structure.

cc @woozle

a bit technical, a bit personal 

@eryn @sandrockcstm @wxcafe @woozle ok, “there has been no discussion” on the project's side, which i assume was the discussion

now, to be perfectly honest, the only case i remember you being involved was when people (pretty aggressively) requested “misleading” links in toots being highlighted. i got a lot of shit when i said i didn't think that useful or when i explained why it was much harder than people thought, but i had absolutely zero feedback when i discussed how to implement it and actually did it (while my first design went upstream, it was flawed, and reverted, my second design—which is in glitch-soc—doesn't have these issues but wasn't accepted upstream at that time. maybe i could submit it again, but i had absolutely zero feedback on what i did for glitch-soc, so, eh)

as for “This is only being seen now because the outcry hit some critical mass where it cannot be ignored by the techbro power structure”, well, one (1) user reported the issue to me, i looked into that and fixed it right away

again, i am sorry i let this issue slip in (i was the one to accept the PR which introduced it), and i am sorry it took so long for me to notice it, but i did fix it as soon as i knew of it

re: a bit technical, a bit personal 

@Thib @eryn @sandrockcstm @wxcafe


new followers wouldn't have access to old toots, for instance

This has always been the behavior I have observed.

On the larger issue of discussion -- I've never even been clear where these discussions were taking place, except maybe in issue-tickets on Github... and which kind of doesn't map well to discussions of functional philosophy (what should things mean, what goals do we want the software to serve, etc.)

Unfortunately, as far as I can tell, there isn't really anything better (yet), so this shortcoming is kind of understandable. ...as is the existence of barriers between developer and users, especially as far as information flow from users to devs.

(This leads into an old hobby-horse-and-project of mine, which is that we need better software for collective decisionmaking... so I'll just reference that and leave it there.)

re: a bit technical, a bit personal 

@woozle @eryn @sandrockcstm @wxcafe

new followers wouldn't have access to old toots, for instance

This has always been the behavior I have observed.

well, new followers have access to old toots their instances knew about, so, if they're the first follower on that instance, that's none indeed. that being said, people can currently boost their own private toots, if we change how private toots are handled, this becomes a lot messier to do

hm, discussions mostly take place publicly on github… but not only. unfortunately, it's also taking place on a semi-open discord “server” (it's still unclear to me how people get access to that—i've been invited years ago by someone who was there, and at least at some point, paying Gargron $1 or more on his patreon granted you access there), and sometimes privately between core distributors (this is mostly about discussing unannounced security issues)

for now, Mastodon is still, sadly, to some extent, Gargron's pet project: he does accept external contributions and critics, but he's the one to have the last word and he favors his own views, sometimes without even discussing them

re: a bit technical, a bit personal 

@Thib @eryn @sandrockcstm @wxcafe

That's pretty much the core of the problem -- the decisions made at the source of the upstream are ultimately unaccountable.

...and that remains the case because Gargron is at least as good at self-promotion (towards people with money to contribute, anyway) as he is at coding....

...which in itself illustrates the problem with having a deeply profit-driven (not public-service-oriented) software ecosystem.

I have ideas for fixing that, but there's a lot of work to be done.

Sign in to participate in the conversation
Mastodon (instance perso)

This is a small personal instance running on a couple small ARM servers at home.