Mastodon 3.0 Patch Analysis
A transcript of the video recoding "Mastodon 3.0 Patch Analysis - New Features"
Kurtis: Hi there, Fediverse! My name is Kurtis, this is Gargron, this is the patch analysis.
Gargron: Patch analysis of Mastodon 3.0, in particular.
Kurtis: Yeah, you'll see the ups and downs and all the fixes.
Gargron: Year, and Kurtis will ask me about any details that might be unclear while I am reading out what has changed. And so let's begin with things that are added.
Gargron: It's quite a mouth full.
Kurtis: So this is basically is missing or cannot be obtained.
Gargron: If the attachment is missing for whatever reason for example a networking issue while the toot was being loaded onto your server, or if your server has decided to not load the attachments from the specific the server, instead of seeing the broken image frame you'll now see a specific message that says "not available".
Kurtis: Ah, OK. Alright, it sounds fantastic. It's a lot of better seeing as a user, non-tech user.
- Add profile directory opt-in federation
- Add profile directory REST API
Gargron: As you can see there are two sub-items because it's a big feature.
Gargron: On one hand, so what was a profile directory before. It was a local-only feature it means only listed users who are on your server who have opted into be listed on the profile directory. There was a problem with that because there was no way to transmit that information about whether you're opted in or not via federation. But now we have a way to do that. So the profile directory will include users from both your server and from other servers and they will be listed there.
Gargron: And additionally to that, the profile directory is now available through the REST API which means that now apps can show it. Because the web UI is an app, the web UI now has an interface for showing the profile directory.
Kurtis: So let me ask a question. So let's say if I'm running my own instance as you do, and I have decided to perceive active directory staff from another instance, does their profile show on my directory?
Gargron: Pretty much if they have opted in. Yeah, let's dig into difference because some people might mistakingly believe that this feature might somehow lists everyone on the feature. But it works under the same principle as everything else on Mastodon. Discovery of content goes naturally as users interact with each other rather than having some sort of global state that compensates everything.
Kurtis: I see. Does this also in tern give people ability to build out some sort of a mega directory?
Gargron: Well, I think it was technically already been possible to do something like that but without user consent. Now you can do that with user consent.
Kurtis: Wow. I like to hear that.
Gargron: So what are throttle requests? We're talking about rate limiting in the API to prevent abuse of system resources. There are certain rate limits. You can't do a certain action or ask for certain information more often than that limit. Previously you would see a kind of cryptic messages like 429 throttled whenever you hit that limit. Now you're going to see a more human-friendly message that says you are rate limited and it will also tell you when the limit is going to be lifted.
Kurtis: Huh, so this is for the UI.
Gargron: That's quite self-explanatory in small details. No accidental log outs.
Kurtis: Thank you, ThibG!
Gargron: Yes, thank you.
Gargron: Mastodon has supported audio uploads since version 2.0, OK, actually I don't know, 2.7 probably possibly maybe later. Basically, it has done that for a couple of releases before. However, we were displaying the audio files as videos so basically video player but without the picture.
Kurtis: That explains so much!
Gargron: That explains. So many posts with videos that have just the black frame, right?
Kurtis: OK, yeah, so now it's like a proper element.
Gargron: Now it is a proper audio player that has like a pretty waveform that loads in like and start playing the file so just overall just a more polished approach to the feature.
Gargron: Autosuggestions are when you type in a message and you hit a special character, like for example, the at sign for mentions and it starts suggesting to you what you might be wanting to type. So if you type a username it might suggest what users are under that username and stuff like that.
Kurtis: I see!
Gargron: So previously we had that for users, for custom emojis or emojis in general, but now we're adding the same functionality for hashtags. The suggestions also show how much that particular hashtag has been used in the past week or what's its weekly usages so you can better decide like which one you want to use.
Kurtis: What ground does that cover in terms of usage? Is it the local instances hashtags or ...
Gargron: Hashtag usage are tracked like a separate sort of, like, it's kind of like it tracks it for basically from the federated timeline. You might put it that way.
Gargron: Everyone from the federated timeline we have been tracking hash tag usage in the software for a long time for like a year, but the information has not been displayed in the very obvious way. For example if you were searching for hashtags, you would see that graph next to the hash tag that that's from that information but now it's displayed here as well.
Kurtis: Right! Does it prioritize instance hash tags, Fediverse, or is it all just ranked by usage?
Gargron: It's all ranked by usage. There's no differentiation.
Gargron: So this is this is a quite a big one. So how was the situation previously. You upload a picture to Mastodon and you got this little thumbnail below the text area. And, you had this inline text input underneath there where you could type in the description for the image for accessibility reasons or to add extra context or whatever. And separately to that you also had a button that said "Change Preview", I believe.
Kurtis: Yeah, yeah.
Gargron: The button opened another modal window where you could change the focal points of the pictures so you could choose a point on the picture where all thumbnail should be focused where that point should always be in view, right?
Gargron: But those two functions were separate and kind of hard to use and they look kind of bad. And so this new media editing model unites those two functions. You click on the edit button on that thumbnail that appears under the text post and you get a big modal window where you have on one side the preview of the image, where you can select which part of the image should be the focal point, and on the other side you get a text input field where you can put in the description. It's a lot more comfortable to do that because there's more space and you can see clearly what you're describing and stuff like that.
Kurtis: Kinda like when you're uploading an avatar to some website, right?
Gargron: Yeah, but even more than that, because usually that's just the cropping field. In this case it's like cropping field plus texts input.
Kurtis: That's fantastic, pretty in addition.
Gargron: Yes. And on top of that the OCR tool. So, OCR, I'm not actually sure what it stands for. I don't remember it's something with character recognition. But essentially it is a way to get to recognize text on a picture and convert it back to text. So you get an extra button you can click it and we will try to analyze the picture and get whatever texts on it into the description field.
Kurtis: OK, what, does it do that client-side or is it coming from...
Gargron: Yes, it's on the client side.
Kurtis: I didn't realize you could do those days.
Gargron: You can do anything client side nowadays.
Kurtis: Fair enough!
Kurtis: OK, so we've got basically a better way to not just present the media you're putting on Mastodon but also to make it more accessible.
Gargron: Yeah, it's a way to make it easier to add descriptions basically, like, if you're sharing screenshots or like excerpts from a book or whatever. You know retyping all that by hand's annoying so now you can just press a button and it will do its best to do that job for you. It's perfect because you know it's artificial intelligence basically like it's machine trained data it's not always accurate.
Kurtis: I see, OK.
Gargron: It currently only works for ASCII texts are like for Latin characters. It doesn't do Japanese characters or Cyrillic and stuff like that. Because to load the data for all those languages is a lot so for now we only include the Latin data because it covers the most bases.
Kurtis: Actually, I see what's next.
Gargron: So this was requested by people, basically a way to like keep in mind when you should be checking the tab. So you don't forget like you get your notification and you're in another tab now you see you've got two new notifications right in the window title.
Kurtis: You mean, so, I'm allowed to shift away from Mastodon? I don't think that's true, nah. Doesn't seem right. This is actually really good. I've always been a fan of making tabs a lot more helpful. When I started this todays, I have, you know, 20 or 30. This is a good improvement.
Gargron: Yeah. Initially, the person who requested that feature wanted it to increment the counter every time anything arrived, like on the home feed. I tried that for a while and it was not good.
Kurtis: DDoS your tab?
Gargron: It didn't, no. Because we max it out at some point where like say 99 plus. We don't keep updating it forever because it just doesn't make sense. But it was just very annoying from a psychological perspective because it always told you to look at this, look at this, look at this, and like I don't care you know?
Kurtis: Yeah, that's very thoughtful towards people of a neuro-diverse. You know, intention is a lot more finite resource. I appreciate that. Special shout out to Gargron and Gargron, both of those developers working on that feature.
Gargron: Yeah, oh yeah. Just a short note so like people might look at this change. They're gonna see like there's three times, four times Gargron mentioned and then Thib and stuff like that. Why is it like that? So the way this Change Log is generated, it links to separate pull requests on GitHub and then we automatically determine the author of those pull requests and then we like combine all those pull requests are what made this feature what it is.
Gargron: This is self explanatory. Simple quality of life improvement. Now you know what you voted for.
Kurtis: So what is the indicator.
Gargron: It's just a check mark.
Kurtis: Oh great, OK, keep it simple.
Gargron: This is going to be very useful. We added the pagination to the Search API a couple of releases ago. So apps could already do that sort of thing but because the web UI is one of the most used apps and it didn't have access to that API, it was kind of like, you know, not finished. So, you search for something, it shows you like five results per types, like five hashtags, five accounts, and five toots if it's found any. And now, you can click on any section to expand that particular section, say, show me like more accounts and more and more and more, etc. So if you haven't found something in the first results, you can out dig deeper.
Kurtis: That is a really powerful improvement to make search very powerful.
Gargron: Next on slow mode. So, essentially this is how Web Twitter works. So instead of like having a feed that constantly updates with new stuff, just sort of shows a message says 15 new items, you clicking it loads everything at once. And that's what slow mode is for Mastodon.
Gargron: So BlurHash is that algorithm developed by Dag Ågren, developer of the Toot!.app, which is basically like sort of a super blurry gradient based preview of a picture. We're using that because it's quite a pretty effect and it lets you show like sort of what the picture is about without showing the picture, while it's loading from the network and also in cases like hidden, when it's sensitive not-safe-for-work. Some people prefer to just have a black screen instead of that, so this is an option for those people.
Gargron: Now, OK, that's extremely technical thing. It's just a performance improvement for like Firefox.
Kurtis: They came out with something too recently didn't they.
Gargron: I think so, I'm not sure. But essentially, when you click on the column header, like if you click on the home text, it scrolls you back to top, right? And it doesn't in a smooth manner. That's what the smooth scrolling is. Previously we're like animating it by hand but some browsers now have native support for that sort of function then it's faster so that's what we're using.
Kurtis: But actually I have CSS properties to help with this as well, specifically for chats.
Gargron: Yeah, I don't know about that well you can tell me about that later.
Gargron: This is worded kind of cryptically, I understand. So essentially if you're using the multi column UI and you have lots of columns so your window has like this horizontal scrollbar, and you look at the hot key to focus the search bar which I think is
S possibly, don't quote me on that. If you somehow focus the search bar, it starts scrolling the page to this search bar now.
Gargron: So, this is this is a very small specific thing, but, you know you can click on numbers on a toot, you can click on the number of favorites, or the number of reblogs, and you can see who people are, right? And that kind of didn't update by itself, so, now you get a button to refresh it in case you care about that sort of thing.
Kurtis: Yeah, I gotta find out who's the fist liking my posts.
Gargron: Pretty much.
Kurtis: Kind of all cats.
Kurtis: That's incredible. That's really good. Now one thing I've seen in other places is with the user facing stack traces also formatting it in markdown so they can just throw it into a GitHub issue.
Gargron: Oh yeah, yeah. That's would have been an easy to make but I felt like it was probably over engineering.
Kurtis: Before we move on, gotta ask. Is the sad Mastodon still there?
Gargron: I'm sorry, it's not. It's kind of, I'm not, I don't have a plan to kill them, the mascot. It's just that that particular graphic is very oddly shaped and its center does not look like its center and so when you have to position it next text it's incredibly awkward. And I've tried all sorts of ways of positioning it next to text and they just felt like it was not looking right. So, instead, it's just text. That elephant is gone, but, you know, we have other elephants and probably gonna have more elephants and maybe maybe I'll commission to the artist to draw us those to like create a special graphic for the error page. Or maybe that's a waste of time because like nobody is supposed to see that so I don't know.
Gargron: So, the hashtag admin UI has been revamped and this is sort of described in the different changelog entry. But, on top of that, mayaeh has added more functions to sort of like search for hashtags in the admin UI. OK, I don't know what more you can say about that, sorry.
Gargron: So Mastodon has a preference for every user whether you want your profile and your public post pages to be indexed by search engines or not. This is a very voluntary sort of agreement between us and search engines, because, technically, you can't really tell them what to do, but, they tend to respect that sort of preference. And now some people wanted to be able to control that setting for everyone on their server, like to set the default of what it is. Everyone can still control for themselves whether they want to be indexed by search engines or not, but, now the admin can change what the default value is, before they do that. I think it's useful to some people but probably know most. Because in my experience most people do actually expect their profile to be findable through Google, you know. If I want to search for for an artist or for a public person or for like a developer and I go on Google and I search for a name, I sort of am used to seeing their Twitter and GitHub and stuff like that. It would be sort of unexpended if your Mastodon account did not show up there but some people have different needs and that's fine.
Kurtis: OK that'll be very helpful.
Gargron: So they don't account bios now showed in the admin UI. It is quite simple. So if you're looking at account details you see the bio right there, so you know who it is or what they wrote about themselves without an extra click.
Gargron: Now I feel like this is a biggie. So let's say, on Twitter, you get suspended, you usually get an email that says you've been suspended and below it says for this particular tweet, right?
Gargron: We did not have that. We had the warning email system where admins could send either an arbitrary warning with just some text whatever you have wanted to input if they were disabling the account or freezing the account. They also sent a notification along with some arbitrary text, let's say, your account is frozen because blah blah blah. But those emails did not really contain what the toots were that led to this. And now, admins have an option to include those. So if you're coming to the admin screen from the report screen you now have a checkbox on whether to include the toots, that where the report came from, into the email. This would hopefully just overall improve understanding in the whole system, because in my experience, often gotten responses to those warnings that said I do not understand which of my posts was against the rules.
Gargron: And now it's right there.
Kurtis: That'll be a lot of good visibility to, especially, as a sensitive situation, you know.
Gargron: Yeah. This is also useful as some paper trail, you know. If somebody's gonna post a screenshot of a message that they've been banned and it doesn't show what they've been banned for, and somebody can like spin it, right? They can say I would have been unfairly banned. But, if in the same email shows that they've posted something incredibly offensive, they can't stand that anymore, you know.
Gargron: It's quite simple. It's just another number on the dashboard, full of numbers for convenience, keeping track of all that stuff.
Kurtis: I'm really loving these new UI changes. You know, it's hard managing a large community, or a small community, really, and these sort of things really, just, they just cut the pain points out
Gargron: Yeah, yeah. Oh my god, the next one. Next one is huge. Oh my god.
Gargron: Oh my god, where do I start with this.
Kurtis: I saw the closed issue in my email, yes.
Gargron: It's like issue number 176. I'm pretty sure I got that right because I have that in my memory.
Gargron: It's one of the oldest issues on our GitHub and it's a request to be able to move your account from one server to another. Now, that's such a methodological concept like you can interpret that in a variety of different ways. Like what does an account even mean, what this moving an account mean, so when dealing with that issue it took a lot of decisions like decisions; here's what I decide this is going to mean right just deciding on what's on one interpretation. So for the longest time, the only way to help account migrations was just this rhetoric notice like this account has moved to blah blah blah, but, or maybe I'm starting this from the wrong food.
Gargron: So, so, what do people generally talk about when they talk about migrating an account. So in one hand is the data like posts like profile data.
Gargron: Yes. Mutes and stuff like that. On the other hand it is followers and who they're following, right? You could have already for a longest time export and import who you're following, who you're blocking, who you're muting, and all of that data. What you couldn't do and still can't do is to transfer the contents. All of the toots that you have. This is more of a resource limitation honestly, because some accounts have 40,000, 90,000, or 200,000 thousand posts and if you wanted to export that, and then upload it somewhere, and then have it the other server process that amount of data, instantly.
Gargron: It was just like you can't really do that, because most Mastodon servers are run by individual people with their own small servers with not many spare resources. So they can't handle something like that.
Kurtis: Yeah, yeah, exactly
Gargron: Yeah. There's more points to that because Mastodon is a micro blog platform so most posts are actually kind of ephemeral in nature. They lose relevance really quickly. There's very few cases where old posts really do matter. For an example again, artists, photographers, people who upload creative works.
Gargron: In those cases it would be very good to transfer old posts over so that that those works are not lost. But in most cases, you can start to let it go, start in you a new account. But what is really important and what I think and what I interpret as the most important part of moving an account is the followers, because that's your audience, that's what that's who you are talking to. And so, in 3.0 you can finally transfer followers over from one account to another.
Kurtis: Fantastic, fantastic! I feel like the way this was solved was also keeps keeps in mind the way the web works in general. Just it really really seemed to work out well. Shout out to everybody involved in this.
Gargron: Thanks. Yes, thanks. So a few more notes on that. So it is a kind of a two-step process. You have your old account and your new account. On your new account, first you go into preferences or profile settings, you click on moving from a different account, and then you add your own accounts handle.
Gargron: Sorry I need a drink.
Kurtis: That's all right. Yeah this is a hard feature. It's a grain of sand to aspect of a mountain to solve.
Gargron: I need to be a little bit quieter because I am definitely literally losing my voice.
Gargron: So once you've added the old account to the new account, you go to the old account and to basically the same area in the interface. You click on moving to a new account and then you enter the new accounts handle then you click. That's when your followers are transferred over
Kurtis: That's great.
Gargron: OK. Finally done with that one.
Gargron: The about page, which is the publicly accessible page, where people put roles and information about the staff and that sort of thing, now has an automatically generated table of contents next to it. So just the simplicity of navigation.
Kurtis: Oh, this is fantastic.
Gargron: OK. Though this warranted to feel awkward because it feels like you're adding password challenge to email notifications. That's not what it says. Now, if you enable two-factor authentication or disable two-factor authentication you get an email about that. This change is mostly about tightening the security around certain vectors of attack against an account. So, for example, if you're logged in on a public computer or if you're logged in on your laptop and you leave and it's now accessible to strangers, before that, somebody could sit down open the two-factor authentication settings. If they were not enabled before, just enable them connecting them to the their own phone and then you know your account would be kind of screwed because you can't log in anymore. Now, before you can enable two-factor authentication you need to enter your password.
Gargron: This is the transparency feature. Transparency and accountability. So many people have already been publishing the list of domains they're blocking manually like just just entering the table HTML into the about page, or sharing documents or whatever. Now it is a core feature but this is an optional feature so you don't have to use it if you don't want to. I'm talking to admins by the way. This is not an end-user feature. It is user feature in terms of seeing it but not controlling it.
Kurtis: I can't remember our people block account. Do those have comments as well?
Gargron: Blocks treated by admins. So if you say I do not want my server to receive or send any data to example.com, that's block. You can now show those and explain why and so people now have a chance to see the list and understand what the server policies are and who they're not going to be able to talk to.
Kurtis: I'm assuming the comments are sharing in the public place as well.
Gargron: Yes, but it also it also is controllable by admin settings so if you don't want to show comments you don't have to.
Kurtis: Oh, that's great.
Gargron: It doesn't always make sense to use this feature but sometimes it does and that's what it's for.
Gargron: Features RSS tags now have an RSS feed. I'm not sure if I need to explain what featured tags are, but, you can define featured hashtags on your own profile and they're displayed as links on the sidebar of your public profile. When somebody clicks on them, they see all of your posts with that hashtag. And now they have an RSS feed connected to them as well, so, for example, this would be useful for podcasts. Now together with audio players and this, for example, you have an account for a podcast and you publish all podcasts using the hashtag podcast or listen now or whatever, we make that the featured hashtag. Somebody can click on that and then subscribe to the RSS feed and, you know, just see all the posts with a podcast episodes or whatever.
Gargron: For some reason I have trouble saying "RSS." I don't know.
Kurtis: It's so you know it's a tough one right there.
Gargron: Explanations the featured hashtags UI have been added.
Gargron: Sorry that there's a police siren.
Gargron: So yeah, because I had to explain featured hashtags before for the same reason, we're adding some explanations to the user interface so now it should be more obvious what they are and that you can use them that way. There's not not much more to say about that.
Gargron, Gargron, Gargron, Gargron, Gargron, mayaeh, Gargron, Gargron, Gargron, Gargron, Gargron, Gargron, ThibG, Sasha-Sorokin, Gargron, Gargron)Add hashtag trends with admin and user settings (
- Add hashtag usage breakdown to admin UI
- Add batch actions for hashtags to admin UI
- Add trends to web UI
- Add trends to public pages
- Add user preference to hide trends
- Add admin setting to disable trends
Gargron: Big one.
Kurtis: This is a bunch of things.
Gargron: I wanted to add trends for a long time and they were requested by a lot of people for a long time, but there was some opposition to that feature as well. Historically there was some controversy around that feature. But now, I've come back to it and I think I have figured out a good way, good compromise to make them in a safe manner. So, first of all, it's a feature that admins can disable so if your server does not want to use trends you don't have to.
Gargron: Users can disable them as well so if you feel like I don't want to want to see what's trending. You can say that and you won't see any trends. Now, hashtag trends, what are they. So I mean it's kind of simple. If a hashtag is being used today more than it was just yesterday then it's on the rise, it's being used more. It's an unusual spike in usage. It is trending that's what it is. So we use that and we have added a system for admins and moderators to review hashtags, because, yes, there is some potential for abuse in terms of spam or harassment or just TV show spoilers in terms of how hashtags are used so before a hash that can trend, ...
Gargron: I'm literally losing my voice now, sorry.
Kurtis: Yeah. You're not making this. Do this, man.
Kurtis: I'm glad we got this out here because I mean I know there's some point.
Gargron: Do you want to continue talking about this one for a while?
Kurtis: Yeah, so I'll pick this up here. So I mean, OK, what this packet entails is your vision of the trends that works within what the community has talked about. Right? You know, being able to turn things on and off, able to see them in both the web UI and in the public pages.
Kurtis: Are you happy that this is out now?
Gargron: Yeah, yeah, and I'm really happy with that feature because it's really fun to see like what's happening on the Fediverse.
Kurtis: Yeah, absolutely, absolutely.
Gargron: I think it really helps new people discover where the actual content is.
Kurtis: Yes. I've also used it a lot to sort of in bring myself in the community, especially amongst the Fediverse.
Gargron: It is also a kind of a way to bring the community closer together because it highlights events that are going on and then everyone can sort of join in. For example follow Fridays or Caturday or, you know, I don't know what else. There is like Fridays for the future, find fun Friday, there's a lot of Fridays.
Kurtis: The great day. All right well it's good to have it up.
- Add custom emoji categories to emoji picker in web UI
categoryto custom emojis in REST API
- Add batch actions for custom emojis in admin UI
Kurtis: Let's move on. So it looks like what this is going to bring to us is the ability just to make categories for these emojis and see those on the web UI, yeah?
Gargron: Yep, just a way to categorize them so that they're not all in one clump that says custom, but instead, you now can separate them by, you know, memes or thinking faces.
Kurtis: It looks like though you've also got this batch actions bit so if you have whole bunch of, you know, ...
Gargron: Well no. This is in the admin UI. The admin UI for custom emojis has been revamped so the interface supports batch actions now. So you have this table and you can select multiple rows on the table and you can say do this thing with them and it does it with all of them. So it's like an easy way to manage things.
Kurtis: Right. So if you want upload a whole bunch from, say, your other services, that's be with you, yeah?
Gargron: Well, it's not batch upload. Now that I think about it that would have been good but no it's not. It's batch delete, batch list, batch add to category, batch copy, that sort of things.
Kurtis: OK, actually cool, all right.
Gargron: I think we're only going to do the add edit category because ...
Kurtis: Yeah, I know. I agree.
Kurtis: If you want we can also just skip those bullet points as well.
Gargron: Yes, we can kind of skip those. They're like self-explanatory.
Kurtis: OK, yeah I mean, look, don't get me wrong, these are a lot of quality of life improvements that are going.
Kurtis: But you know, there's some of them have, you know, greater impact than others. They're all very very fantastic.
Kurtis: Now, this is if you will have to add any special search service like Elasticsearch. We're still using those.
Gargron: Right, you do.
Gargron: You have to do that for a while. I mean it's an optional feature. If you want your server to have toot search, you need Elasticsearch. And this search syntax is just like a layer on top of that. If you want to search for a specific phrase exactly, you can put it in double quotes. You're going to exclude certain keywords, you can prepend them with a minus. Now, if you want to make an and statement you can prepend with a plus. That sort of thing.
Kurtis: For those technical among us, is this the Lucene syntax?
Gargron: No. It's not because Lucene syntax is very extensive and it's kind of more for the developers themselves coding rather than for exposing it to end users. Because there is a whole bunch of shenanigans somebody could accomplish with that settings. So no, this is a simplified layer on top of that. I had to define my own custom syntax, For that using Parslet, so that was fun.
Kurtis: Yeah, it's real good library. OK, cool.
Kurtis: More hash tag stuff.
Gargron: Yes. So it just means that apps can now let you manage what your featured hashtags are.
Gargron: The next one is more interesting.
Kurtis: Oh OK. All right. Explain this to me. What does this mean?
Gargron: Well, so, there used to be a third-party service for Twitter called tweet marker and it's a way to synchronize your position on time lines between different apps. This is native support for that kind of feature.
Kurtis: So like a shared scroll?
Gargron: Kind of yes. So, you just you can just save in Mastodon what your last position in the home or notifications timeline was, and then, the different ones that you open can read that and scroll to the right position so you can continue where you left off.
Kurtis: Is this used in the web UI yet?
Gargron: It is halfway use the web UI saves its position but does not read it. If an app wants to add a way to scroll to the right position they can try to do that and the web UI cooperates with that. But the web UI itself does not really support scrolling into old position. It would be more complicated to have that sort of thing.
Kurtis: Right, well that'll be very powerful with the newly introduced slow mode. You know, it means that I'll have a lot more toots I can't excuse when I go over.
Gargron: Yeah, yeah.
exclude_unreviewed param to
GET /api/v2/search REST API (Gargron)
reason param to
POST /api/v1/accounts REST API (Gargron)
Kurtis: This has been talking about live, remembering sir.
OK Gargron: I don't know. It just keeps me talking about it. You can't really replace me later.
Gargron: Public resources are, well, public so they're accessible through simple unauthenticated HTTP requests. What this means is that, given a URL, that is you know public you publicly find and publicly accessible of users and servers, that you may not want to do anything with, can still fetch the data under that URL. You know, in practical terms, you block a server but people on that server can still search for public posts and sort of download them into their own server. Now, just a note, if you block a server, nobody from that server can subscribe to your server. So, in no circumstance, receive live updates right.
Gargron: So this is just about fetching given specific URLs and this has a bit more impact given boosts. Like if a third party boosts something and then their subscriber then fetches that content, then, you didn't want them to do that and stuff like that. So anyway that's the situation. Now what is Activity Pug secure mode. It is a mode that mandates authentication on all public endpoints. That means you can't access even public resources without providing an HTTP signature that leads to an Activity Pug account. So now, which server or which account from a server, well, not specifically which account because for most fetches a server wide account is used for anonymity purposes,
Gargron: But basically, you know which server acts is it and if that server is blocked now it's easy to say nope, not returning any data there. The second layer to this is the REST API. The REST API contains many endpoints that are publicly accessible, means you don't have to register an app, or get an access token, or authenticate with a user from that server to read data from that API.
Kurtis: Well, OK.
Gargron: What this means is that you can build crawlers and collect data sort of and, we use the streaming API is what we're saying for, data collection of public data.
Kurtis: Right. If the administrators of the instance allowed.
Gargron: Yeah. With secure mode you can't do that. So no unauthenticated access to the REST API is either. All access tokens have to be connected to a user on that server.
Kurtis: Let me ask you this. Are other ActivityPub projects using secure mode, I guess?
Gargron: No, no. And there are some compatibility issues with older Mastodon versions. Now all the ActivityPub projects use HTTP signatures. It's just they don't use them on all GET requests, right. They don't use them for fetching. They get they use them for delivering.
Gargron: However even older Mastodon versions use them for fetching of certain things, for example. I mean is it's incredibly specific and I don't think that example is going to help anyone. Let's say, but, for the most part that mode is compatible with older Mastodon versions but there are some functions to stop working which is why the secure mode is not on by default. It is a new option for people who want to tighten the security.
Kurtis: I see, OK. Well, this is this is I'm sure a welcome change of any people.
Gargron: It's also the building block for the next thing we're going to discuss.
Kurtis: OK. Whitelist. But I have some questions about this because the line is that, you know, there could be a lot of things that this could mean so what does this mean?
Gargron: So, it was not easy to name this feature because I was at one point considering a Mastodon academic edition or educational edition. But it seemed like it was more straightforward to name it after its most defining feature. This locks federation down in Mastodon. By default, it's blacklist based. Right? So any random server you can federate with except for the ones you block. This is the inversion of that. You cannot federate with anything unless it is white listed.
Gargron: On top of that, all of the features of secure mode are on when this mode is enabled. So no public API access, no public federation, no stuff like that. And on top of that, all public pages, basically there are no public pages. Everything is behind your login screen. So essentially this is the perfect mode for schools, universities, private enterprise, and enterprise anywhere where you want to just have a completely private social network where you don't really care about federation at all or if you have a few specific actors that you wanna interact with, like you know, a school network or whatever.
Kurtis: Right, so both of these features seem to be under the guides of that are collectively about insuring your instances. The only stuff going out is what you want to go out. Does this suggest that we will see future features like encrypted ActivityPub mode?
Gargron: It's not completely out of the question that in the future that might be something like that but that is not really connected to this.
Kurtis: I see, OK. OK, well, it's really nice to know that you can, if you want to, you can set up an instance of Mastodon that is very supervised by, you know. That's probably very useful for a lot of people, I'm sure
Gargron: It was a tough call to include this feature because for the longest time I opposed it. Because what it does is if everybody starts using it then nobody can self host, because, if you want to start your own server you would have to contact every other node and ask them to whitelist you. That's just not workable.
Gargron: That is kind of a situation we have with email where there is a couple of big servers like Gmail, Outlook, and stuff like that. For the most part for spam fighting purposes, they do not accept email from unknown domains, unknown IPs IPs, and stuff like that. So if you want to start your an email server, you have to deal with a lot of trouble.
Gargron: So I wouldn't want that to happen to Mastodon. I want it to be an open network and I think its advantages lie in being an open network at large. But I think that this mode is useful for specific niche use cases like education or like enterprise so there we go. As long as you OK so you make the call.
Kurtis: OK, fantastic. So we've got a quite a chunk of non bold features in the changelogs but for the sake of your voice let's go ahead and move.
SMTP_REPLY_TO environment variable (hugogameiro)
tootctl preview_cards remove command (mayaeh)
Gargron: I think we should mention these two toot control, that's how you pronounce it, toot control commands.
Kurtis: Not to cuddle?
Gargron: No, no.
Kurtis: Nice. Someone pronounce CLI is cly. That was very weird. I don't talk about anymore. All right so there are, it looks like, three new in additions to the toot "ctl", toot control, command line tool.
Gargron: So this command removes preview cards. I mean, OK, yeah.
Kurtis: OK, so this is about cleaning up.
Gargron: Yes, this is about cleaning up disk space used by the various thumbnails displayed under posts that contain links like, you know, you post a link to YouTube video, it shows, embeds, and it shows a preview of the picture of the video. So that's stored as a preview card and if you want to save your disk space you can now remove them. You can decide, you know, remove everything older than 15 days or whatever. We now have that option.
tootctl media refresh command (Gargron)
Gargron: Next command, it's kind of the opposite of toot control media remove, in the sense that sometimes you have situations where you've lost data for particular media attachments or, for example, you had a domain block that rejected media files and then you say that you made the wrong decision and you want to restore the media attachments and stuff like that. This command is for you.
Kurtis: I see.
Gargron: It works on domains, it works on specific accounts, and it works on specific statuses, as well. So you can be like I lost the data for this particular status over the redownload the media attachments in there, you can do that.
tootctl cache recount command (Gargron)
Gargron: This is more of a maintenance command. It's just a way to do a recount of all the counters that are on Mastodon. You know, counters like followers, following, how many statuses you've got. They're all hard cached that means instead of like doing a count of everything in the database and then storing that count whenever you read something, instead, we update the cache every time something is added or removed. Sometimes that can get out of sync. This release contains some fixes for that so it should not happen any longer, but still, this command lets you fix the problem if there is a problem.
Kurtis: So is there any danger to running these, not danger, but is there anything you should be warned about if you have a particularly large instance of Mastodon, when running these?
Gargron: It should be fine to run these. You could obviously stop them at anytime. It's fine. It shows that ChangeLog, I don't know where. It's described in the chagnes. We're not gonna get to that. Maybe in a future episode. We're gonna have to like episode two of this.
Kurtis: Version 3 part two. Yeah, OK. So let's move on to ...
Add option to exclude suspended domains from
tootctl domains crawl (dariusk)
Add parallelization to
tootctl search deploy (noellabo)
Gargron: I'm proud of this.
Kurtis: If you're a developer like myself this is something you would probably dealt with in your own projects. Let's talk about this.
Gargron: Business to scale. In most projects you have one server, like the API you're working with, and you maybe sometimes have to do multiple requests to that server from the same process or whatever, so you use a request pool. Or rather than using your request pool, we mostly just use a persistent connection and then you just start to keep posting to it. Now this is different because it really is a request pool because it has to work across threads and because it not only has to work across threads but across different servers as well so it has to manage connections to different servers. Now what does this do in practice. If I remember my calculations correctly this like doubles the performance of federation to other servers. When you post something, you have to deliver that post to all the service where you have followers. In practice that means that your server is posting to a lot of the same servers all the time, and every time, it has to make a new HTTP connection. It goes through this cycle where it looks up the DNS, establishes an encrypted connection with SSL, and then, you know, finally it performs the actual request. Now what this does is keep connections to servers open so that the DNS and the TLS steps are skipped. Keeps that connection open and then it reuses that connection when there's new stuff to be delivered. If it's not used for a while it closes the connection again and then, you know, it frees up space for another one.
Kurtis: Gotcha, OK. So for someone who's not technical, they might see faster conversations, not faster conversations but rather faster back and forth?
Gargron: So one thing that I think many sysadmins used to see is their sidekick, you would get full for various reasons and then there would be a backlog it has to work through. Oftentimes, it's like those delivery workers, right? What this does is make that sort of backlog disappeared 2 times faster.
Kurtis: That's fantastic. So definitely, you should even see perhaps on some instances, a need for less resources for Sidekiq.
Gargron: Yes, yes, hopefully.
Gargron: This is connected to Elasticsearch, so essentially it is a progressive enhancement of the search. If your instance is configured to use Elasticsearch, we can now make use of Elasticsearch features that allow more accurate search.OK, I've just said Elasticsearch so many times.
Kurtis: Yeah. If you search, that just better results.
Gargron: Yeah. It's just Elasticsearch has better algorithms for indexing data and for combing through that data. So, like you enter the same thing into Postgres and into Elasticsearch and you get more accurate results. Beyond that, it's not just those algorithms, it's also, I believe, we rank results not only based on how accurate they are compared to what these are typed but also how used they are. So again, that you know hashtag usage so that a hashtag that is used very often would appear higher then something that was only ever used once and it's a typo, you know. It's just a way reduce garbage results.
Kurtis: Result will be faster as well, right?
Gargron: Yeah. Elasticsearch is faster than Postgres.
Kurtis: Fantastic, OK.
Gargron: It's basically the same thing with account search. Instead of ranking by usage, it's an effect of, I believe, three things: how recently the account was active sort of something. So, if the if an account is dead, it sort of falls off the search results after a very long time so you don't get, like, dead counts as as high results.
Kurtis: I see.
Gargron: I actually do not remember if, this was so long ago I don't remember, but I think the follower count does have some effect on the ranking. An account that has higher followers would appear higher for the same search query than an account that has lower followers. I know some people are allergic to follower counts and stuff and I understand that. But in this particular case, it's a way to reduce spam accounts, you know. Like somebody signing up on your username that's similar to another users, and you know they have no followers or whatever, but these take up the space and the results. You know, real accounts do tend to have higher follower counts so that's what it is.
Kurtis: That's true, OK.
Kurtis: All right, the last to be added, well, not totally lastly added but the last one we really want to hit on is the spam check.
Kurtis: So hit me up with the spam check.
Gargron: So we have been playing a prey by essentially, I think, one person who's really concerned about not marrying American wives because American wives steal their house or something like it.
Kurtis: What are you talking about?
Gargron: So one person on the Fediverse making multiple accounts on multiple servers, for months, linking to their blog where they talk about nonsense like that. And what they would do was to spam everyone who was active on the platform like the federated timeline with the same message, you know, that message like don't marry American women, there was something like that, you know.
Kurtis: Oh, OK.
Gargron: So that's the kind of spam that the spam check is meant to catch.
Gargron: I was running that patch on mastodon.social for a long time, and, I can confirm that it successfully did catch accounts by that spammer. So it does its job.
Gargron: Essentially it tracks repetitive messages using some similarity algorithms to account for minor changes so that wouldn't be so easy to circumvent, and, then if an account keeps posting a very similar message while addressing different people. So if you just spam without mentioning anyone, that's fine. That's not really like a problem because like nobody sees it, mostly nobody sees it. The problem with that spammer was that spammer was mentioning people so that would appear in people's notifications. So the strategic rants, oh sorry not rants, wrong word, runs when you mentioned someone who is not following you so we avoid a lot of checks for things that are like legitimate.
Gargron: Friends chatting with each other, we don't need to intervene and do spam checks or whatever. If everybody follows each other, that's fine. If you mention somebody who is not following you and you repeat the same message over and over again it triggers, it creates, an automatic rapport that notifies the admin so that they can intervene as fast as possible.
Kurtis: I see. That's a fantastic improvement. I hope this is sort of gains a lot of support for having Mastodon. Maybe even more sort of the in-depth analysis?
Gargron: Yes. Why? Because it is a complicated problem area, very complicated. There's a lot of stuff you can do and there's a lot of stuff that's probably hard to do on Mastodon's architecture because, you know, you're dealing with a lot of separate servers running on small machines. They don't share central database and they cannot ideologically connect to some central service like Akismet, the spam checks. You don't have that sort of luxury and you also can not overburden sysadmins by asking them to install extra dependencies, like lots of people complain about the Elasticsearch optional dependency. Like imagine, if they had to install and configure SpamAssassin as well and stuff. You can't do that so we're limited what we can do. But there's a lot that can be done given technical expertise.
Kurtis: Just everything seems like a really good move in the right direction and I'm glad to not have to ever know what that person was tooting at me.
Gargron: Yeah, I'm surprised you never knew about that. This was a big thing and everybody like made jokes about it, like, because it's kind of like a Mastodon meme. But now I'm glad that it doesn't come up up because it's kind of weird, isn't it.
Kurtis: I like Mastodon cat also. Yeah, OK.
Gargron: This isn't even close to over but my voice is like past being over so we're gonna ...
- Spanish (Argentina)
- New Norwegian
Kurtis: Well, look, before we let our listeners go, 3.0, should people be upgrading?
Kurtis: All right, fantastic.
Gargron: Also today, there is 3.0.1, a hot fix release. So technically to that one, but yes, 3.0.
Kurtis: OK, fantastic. Yeah we've already seen people talk about upgrading or even starting on 3.0 and they've said such positive things about it, which is always good to hear. But I just wanted to get it on record. Yes, it's a good record. I mean what you must do is the last one hour?
Gargron: How long these are streaming, I don't know.
Kurtis: Well, these are good changes.
Gargron: An hour and 15 minutes.
Kurtis: OK all right. Well, look, drink some water, get some sleep. It was fun talking to all the Fediverse via audio and video.
Gargron: Yes. Thank you for joining me and thank you for taking over after, yeah, all right. Thanks everyone.
This transcript is compiled by zunda. Please let him know if you find anything that needs an edit or that deserves an improvement. Section titles are from CHANGELOG.md. Some lines are based upon auto-generated transcript on YouTube.