Login

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.ar.al is one of the many independent Mastodon servers you can use to participate in the fediverse.
This is my personal fediverse server.

Administered by:

Server stats:

1
active users

mastodon.ar.al: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

Aral Balkan

I needed a pick-me-up so I took a break from the back-end stuff to make a logo for Domain¹ :)

(The main page for public instances will have a very different design before launch – one based on the prototype we created while working with the City of Ghent a few years ago.)

¹ codeberg.org/domain/app

Screenshot of an instance of Domain running at dev.ar.al and configured to set up Small Web places at small-web.org. Domain logo (a kitten sleeping by her little house while holding onto a green ball of yarn with its paws). Heading: small-web.org A form in large letters: I want my own Place at.small-web.org for €10/month. (Your new place will be ready in under a minute.) A button that reads “Get started!” Need help? Email Laura and Aral at hello@small-tech.org.
Screenshot of Domain’s Settings screen with the Applications page under the Setup section active. (Other sections in the navigation under the Setup section are Organisation, Public Suffix List (PSL), Domain Name Service (DNS), Virtual Private Server (VPS), and Payment – in the screenshot all have checkmarks next to them. The other section in the navigation is titled Places and has View and Create links.) The main section of the page has a large heading (“Applications”): “List of applications people can install from this instance.” A table follows with columns for Name, Source, and Actions. It has one entry: Place, https://codeberg.org/small-web/place.git, Edit and Delete. Unde that is an Add application form with two text boxes – Name and Source (git repository https link) and an Add button.
#SmallWeb#Domain#Kitten
Aug 01, 2023, 10:45 AM·Public·Web
5boosts·27favorites
Public
Fahrstuhl

@aral For some reason this reminded me to check whether your #SmallWeb work supports #EndToEndEncryption. Turns out it does! https://codeberg.org/kitten/app#end-to-end-encrypted-kitten-chat

Doing the encryption on a client app instead of inside the browser client served by the server could be more secure, right? Like a WebExtension client or a dedicated app. Only for content encryption though, your hoster always knows the metadata of your posts, right?

pleroma.what.repleroma.what.re
Public
Aral Balkan

@fahrstuhl Yep, that could be something that’s layered on but Small Web places are not for folks with threat models that include state-level actors.

A malicious server host or one that is compromised (likely by a state-level actor) can serve a modified client to phish your secret, etc.

Instead of a browser extension that handles the encryption, if you’re going to use an extension, you could use it to verify the source matches what you expect via a hash.

Public *
Aral Balkan

@fahrstuhl But again, if your (or someone else’s) life is going to be at risk, this is not going to be for you. Use Signal or some other end-to-end encrypted messenger (and hope that whatever app store you downloaded the client from hasn’t been similarly compromised and you’re getting the binary you thought you were. Again, it all depends on your threat model.)

Public *
Fahrstuhl

@aral The hash-verification extension makes a lot of sense.

And yeah, fair, Signal is probably the best bet but I keep thinking about the case where Facebook handed a mother’s and daughter’s private messages about an abortion over to law enforcement. Which are kinda state-level adversaries but I hope with less power to force your hoster to manipulate your server software. That hope is probably wrong…

ExploreLive feeds
About