Mastodawn

Donncha Ó Caoimh Nov 8, 2022

@gcluley and for more advanced users, put your blog on Mastodon! I don't mean share your content through your account. Actually make your blog it's own instance!

I wrote a blog post which I'm not going to link to, but you can find it at @[email protected] to see how it looks in Mastodon. :)

@donncha @[email protected] Thanks, I'd heard about this - but haven't explored it yet. Sounds interesting. :)

@gcluley @donncha @[email protected]

Phil Rees Nov 10, 2022

There's also Write Freely, a lightweight blog application written in Go that has an ActivityPub feed. Very minimal interface with a focus on linear writing, so well suited to appearing within Mastodon.

https://writefreely.org

WriteFreely

Minimalist, federated, self-hosted blogging platform.

WriteFreely

Frank Bennett 🇯🇵Nov 9, 2022

@donncha @gcluley @[email protected] Nice! I am reviving/updating a software project that could very much use better community outreach and feedback. I wonder if there is an ActivityPub integration plugin for Ghost as well.

Adroittellurian Nov 8, 2022

@gcluley
Great information and I agree with it wholeheartedly. Especially the security aspect. I haven't known my passwords for a couple years now because of exactly what is mentioned here. I use Yubikey to generate passwords and I couldn't tell you what one of them is.
Great article!

Tom Eston

Nov 8, 2022

@gcluley the DM situation is going to be a change for most birdapp refugees. It’s really meant for directing a toot towards one person via toot permissions and there should be no expectation of privacy.

@agent0x0 Yes, I can see a lot of people accidentally goofing up with this on Mastodon. :(

2Fa with passkey Fido is a bit missing

Thy for the good read

@eingfoan I do mention hardware-based authentication keys in passing - but maybe i should expand that.

EINGFOAN

Nov 8, 2022

@gcluley I would not call it hardware so much since passkey is also syncing in software right? Or do I misunderstand sth

@eingfoan I apologise, I misread your response.

I was talking about YubiKeys and their ilk.

Incredibish Nov 8, 2022

@gcluley Thanks for the advice and gosh, a long time since I read you on #BOFH. I've got 2FA set up but I think I'm having trouble following the advice wrt verification?

Jeroen Nov 8, 2022

@gcluley

"If you're interested in having your Twitter Verified account verified for use in the fediverse ("Fedified"), please follow the instructions on this very short form"
https://mastodon.social/@DataDrivenMD@mstdn.social/109309292356520602

Michael Leuty Nov 8, 2022

@gcluley Please may I ask: does the 'verification' link have to be on the home page of the website or can it be on the Links page?

0ddj0bb Nov 8, 2022

@gcluley the "mastodon admin can read your dms" is pretty much feature parity with twitter tho

Stephen Shankland Nov 8, 2022

@gcluley Good intro — thanks. Particularly appreciated the more nuanced discussion of DM risks.

@stshank yes, I worry a lot of folks may get caught out by that

sheislaurence Nov 8, 2022

@gcluley i didn’t know about the #greentick #Mastodon #verification of websites (pointing at Mastodon profile & vice-versa), that’s neat, thanks!

Tom Watson Nov 8, 2022

@gcluley @neil Do only some Mastodon servers support 2FA? I can't seem to find the option on glasgow.social

Huzzam Nov 8, 2022

@gcluley why on earth aren't mastodon dms end to end encrypted? Seems like a serious design failure...

Rock0head132 Nov 8, 2022

@gcluley new here

Dr Shaun Nov 9, 2022

Really important to remember direct messages are in plain text. Probably a few Twitter refugees need to be reminded of that.

George Musser Nov 9, 2022

@gcluley URL verification isn't working for me - any advice?

Susanbee Nov 9, 2022

@gcluley I may or may not know someone who did this his first day on the platform:

“It’s perfectly possible – if you’re nerdy enough and fancy the job of maintaining a web server – to create your own Mastodon ‘instance’ (the name Mastodon users commonly use for a server) and be able to talk to anyone else on Mastodon.”

@gcluley this is a wonderful guide - thanks Graham :)

Mia Mikic Nov 9, 2022

@gcluley

Mike Nov 9, 2022

@gcluley very helpful thankyou

Functional Security Nov 9, 2022

@gcluley Good info on the verification checks. I'll set that up the next time I update my website.

lila Nov 9, 2022

@gcluley regarding verified accounts, one approach I saw is where a server is made for members of an org this making all members verified by having access to an account on the server. This was done by a European agency of some sort and a news site followed suit, maybe a good approach for orgs.

Sarah W Nov 9, 2022

@gcluley thanks. Useful and relevant advice.

petrel Nov 9, 2022

@gcluley thanks for the advice just signed up and willing to try Mastodon

Alex White Nov 9, 2022

@gcluley Really helpful summary, thanks.

Gareth Evans Nov 9, 2022

@gcluley excellent. Thank you. Off to verify myself now.

One Dude. Opinions. All Mine.Nov 9, 2022

@gcluley #BeVigilant #Privacy #InfoSec

shauny

Nov 9, 2022

@gcluley you mention that DMs are not encrypted, and say this is different to Twitter, but they’re not encrypted there either.

BeatsInternash Nov 9, 2022

@gcluley this is really helpful. Thanks.

Anne @annevelink_ad Nov 9, 2022

@gcluley Done

Citizen Paul Templeman Nov 9, 2022

@gcluley Useful to know. Thanks Graham

T1Danna Nov 9, 2022

@gcluley thank you for this, it’s really helpful for we newbies.

CarolineCherry Nov 9, 2022

@gcluley Thankyou . This is really helpful.

Steve Hunt 🇪🇺🔶 #RejoinEU #FBPE Nov 9, 2022

@gcluley speaking of security, I wonder whether there is much #pentesting being done on Mastodon - with so many instances all individually administered and hosted on diverse infrastructure it would seem like a hard thing to address...

ex or current IDF unwelcome Nov 9, 2022

@gcluley Thankyou. Nice to find a simple guide. 2F now on

Marktech Nov 9, 2022

@gcluley Many thanks for this, interesting and useful.

Ian Nov 9, 2022

@gcluley FYI @matthewwitt

Steve Fuller Nov 9, 2022

@gcluley very helpful article.

Donkeys Years 🇪🇺 🇪🇸 💚Nov 9, 2022

@gcluley Thank you, that's useful. I am quite disoriented on Mastodon! Lost everyone I knew on Bird Place and even the emojis don't seem to work.

Speyquine (Lucy)Nov 9, 2022

@gcluley thanks for that. V helpful.

SueD Nov 9, 2022

@gcluley
Thank you very useful

Lord Graham Kirk 💙Nov 10, 2022

@gcluley

Hi Graham, (cool name that 😏 ) !

I read the security advice & would want to use 2FA authentification but I'm old school, 62 years old, have never had a mobile phone & use a laptop, which I can take apart, update, repair install loads of good free ad free software, ad blockers, anti tracking, VPN etc.

BUT I can't even switch on my OH's mobile phone!

How can I 2FA authenticate?

Grateful for advice.

Cheers & goodnight, Graham.

https://authy.com/download/

@GrahamKirk If you want to enable 2FA on your online accounts but DON'T have a smartphone, then you could use a an authenticator on your laptop's desktop OS.

Authy, for instance, produce one:

Download - Authy

Authy

Lord Graham Kirk 💙Nov 10, 2022

@gcluley
I downloaded from Authy and went through set up process. It even gave me the option of voice call to my landline which worked.
However, when I went to Mastodon, started to set up 2FA it asked me to scan a QR code. Can't but it gave me the long code to enter into the authenticator. I did this that but then asked for account ID and a drop down of programs inc twitter etc but no Mastodon.

BloodyMargot Nov 10, 2022

@gcluley the DM thing… seriously?! #Ringo

Ooh I’m tempted not to boost this just to see the fallout 😈 😂

@BloodyMargot Poor old Ringo. His ears must be burning...

BloodyMargot Nov 10, 2022

@gcluley I know right!! 😬😂

Franke James Nov 10, 2022

@gcluley Thanks for your article! My site is verified now with a green tick mark and I have 2FA on now.

@frankejames That's great to hear. Stay safe.

Mátyás Nov 10, 2022

@gcluley Thanks, that was enlightening! The difference in DM processing is a doozy.

@vadkakukk Yes, I think it could take many folks by surprise (and not in a good way)

It may not have mattered much when Mastodon was used by a niche community who may have understood its nuances, but now it has become more popular with the masses...

Mátyás Nov 10, 2022

@gcluley Yes, I guess end to end encryption might be a bit of a longer term goal, but popping up a warning that third party mentions will send them a copy of your message should be possible.

On the other hand, it does feel like half a million people have suddenly arrived at someone's house and started complaining about the curtains.