#XMPP or why all of us should move to use #standards for instant messaging instead of being locked in proprietary networks, centralized servers and/or proprietary protocols/software. Dreaming of a world without WhatsApp, Messenger, Telegram, and other beasts.
Hi there, the moment has come to do the first instance upgrade cycle in the life of this instalation to bring this server to the actual stable version 2024.12-1 in the comming days.
Are there any specific recomandations or details to have in mind besides the information expected to be found in every update release instruction?
This is basically a single user instance with round about 14 forum pages with few followers each and a total of 18 profiles with contacts in the activityPub and diaspora community and some RSS subscriptions. No other specific conectors are enabled.
DB backups amount to ~180MiB and the image file storage folder on ftp around ~400MiB.
Friendica stable | 'Giant Rhubarb' 2023.05 - 1518 PHP Version 8.1.2-1ubuntu2.14 VPS server | Ubuntu 22.04 LTS 4 Core CPU, 8 GB Ram with 300GB NVME Disk - unlimited traffic hosted by @ raroun 👍
Notes: This instances right now seems to work well. Sometimes this profile here has some strange hickups like when following up the link of a post from this server in a stream view a message "Not Found |The requested item doesn't exist or has been deleted." Also right now profiles from contacts, for example @ hoergen or @ feb don't show up in the contact list but they are displayed as followed in the profile contact page.
Thx @Tobias 👍, added the respective links to the publication. I guess there is nothing to add with respect to the difference between 2024.12 and 12-1, it's just installing 2024.12-1 instead of 2024.12 (?).
@TupambAdmin [2023.05] ah, yes that is the same code in Friendica, but the CI needed a fix and reacts only on a release tag - sorry I forgot about that x)
Learning/comprehension question @Tobias: What does "in Friendica" mean? The stable version 2024.12, in other words the github pull of 2024.12 even when the date says "1 month" like it if werent as upt o date than 12-1?
@TupambAdmin [2023.05] no, the files are part of the git repository and are transferred by a git pull. But the files are part of the files that Friendica uses while running on the server.
Question: Release notes and news forum announcement do not mention setting the site into maintenance mode by "going offline" stopping cron job:
1. If you had set up a worker cron job like this */10 * * * * cd /var/www/friendica; /usr/bin/php bin/worker.php run crontab -e and comment out this line.
and the following command:
2. Put your server into maintenance mode: bin/console maintenance 1 "We are currently upgrading our system and will be back soon."
Trying to pull the update from 2023.05 to 2023.12 I get the message that the branch I'm trying to pull doesn't exist: www-data@myservername:~/html$ git pull https://github.com/friendica/friendica/tree/2023.12 fatal: repository 'https://github.com/friendica/friendica/tree/2023.12/' not found
@TupambAdmin [2023.05] @Tobias @…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup Please verify the ownership of these folders. You might have ran Composer as root, which would have made the folders in /vendor unable to modify by the web server user.
vendor ownershipdrwxr-xr-x 40 www-data www-data 4096 Feb 20 21:22 vendor drwxr-xr-x 3 www-data www-data 4096 Feb 20 21:20 ezyang drwxr-xr-x 3 root root 4096 Feb 20 21:20 htmlpurifier
-rw-r--r-- 1 root root 341 Nov 17 2023 CREDITS
-rw-r--r-- 1 root root 26456 Nov 17 2023 LICENSE
-rw-r--r-- 1 root root 1271 Nov 17 2023 README.md
-rw-r--r-- 1 root root 6 Nov 17 2023 VERSION
-rw-r--r-- 1 root root 1415 Nov 17 2023 composer.json
drwxr-xr-x 3 root root 4096 Feb 20 21:20 library
drwxr-xr-x 21 root root 4096 Feb 20 21:20 HTMLPurifier
-rw-r--r-- 1 root root 274 Nov 17 2023 HTMLPurifier.auto.php
-rw-r--r-- 1 root root 213 Nov 17 2023 HTMLPurifier.autoload-legacy.php
-rw-r--r-- 1 root root 910 Nov 17 2023 HTMLPurifier.autoload.php
-rw-r--r-- 1 root root 101 Nov 17 2023 HTMLPurifier.composer.php
-rw-r--r-- 1 root root 576 Nov 17 2023 HTMLPurifier.func.php
-rw-r--r-- 1 root root 10573 Nov 17 2023 HTMLPurifier.includes.php
-rw-r--r-- 1 root root 923 Nov 17 2023 HTMLPurifier.kses.php
-rw-r--r-- 1 root root 235 Nov 17 2023 HTMLPurifier.path.php
-rw-r--r-- 1 root root 10187 Nov 17 2023 HTMLPurifier.php
-rw-r--r-- 1 root root 13579 Nov 17 2023 HTMLPurifier.safe-includes.php
There has been problems before with nearly all folders becoming owned by root. In this upgrade I made the mistake to initialize bin/composer.phar install --no-dev as root but aborted that intent, changed to www-data and applied bin/composer.phar install --no-dev again.
Command applied now to asure that all folders will be owned by www-data. chown -R www-data:www-data /var/www/
What is the www-data user? askubuntu.com/questions/873839… The web server has to be run under a specific user. That user must exist.
If it were run under root, then all the files would have to be accessible by root and the user would need to be root to access the files. With root being the owner, a compromised web server would have access to your entire system. By specifying a specific ID a compromised web server would only have full access to its files and not the entire server.
I guess this observation goes both ways, a compromised friendica instalation get's access to all the friendica folders if I choose to first create/activate the www-data user, than create the friendica installation folder structure, than git clone friendica, than create the smarty3 folder and ultimately do the git clone of the addon folder as described here: tupambae.org/display/0ac89072-… The order in which the creation of www-data related folders in the above case is described makes all folders and files in the friendica directory belong to www-data. In the friendica help description first comes the git-clone, than the the smarty3 folder part than the addon git-clone. Actually I guess that last part would make the addon folder belong to www-data too if I run one command after another. Is that intended?
I wonder if this could have some kind of security implications. I guess www-data is somehow the friendica site and has permissions to do "what ever it wants" (-> "writable by the webserver user") with all the folders in the friendica directories if it's the owner of them.
Somehow this looks all good. We should consider updating to 2024.08.
[spoiler] Friendica Core Updates to the translations AR, CS, DE, ES, FR, GD, HU, IS, IT, JA, NL, PL, RU, SV Updates to the documentation Updates to the themes (frio) General code cleanup Improved the redirection for contact actions Improved the performance while fetching of replies Improved the performance when visiting remote profiles Improved OWA Improved the procession of worker tasks Improved performance in the probing process Improved INBOX performance Improved perfomance when expireing postings Improved mirroring settings for RSS contacts Improved supported image formats Improved handling of CC for comments Improved handling of "sensitive" flags for postings Improved display of log levels Improved handling of permissions for attachments Improved addon handling Improved API for channels and circles Improved performance while displaying local postings Improved federation with pixelfed, threads Improved integration with Bluesky Improved automatic cleanup of the database Fixed access to restricted timeline via API Fixed problem fetching from INBOXes Fixed display of contacts from unavailable networks Fixed profile display Fixed a problem with local un-/follows Fixed the uimport POST endpoint Fixed problem with 0Auth logins Fixed problem with @mentions in comments Fixed XSS in profile fields Fixed bug in deleting unused cached avatar pictures Fixed paging bug on the media tab of remote profiles Fixed display of attached links Fixed a bug in circle only contacts Fixed display of moderation reports Fixed delivery problems to group postings Added monitoring service endpoint Added admin option display_link_length to set the length of displayed links Added the possibility to upload media files via API Added console command to clear avatar cache Added platform data to the API Added parsing support for Nodeinfo 2.1 and 2.2 Added node description to Nodeinfo Added owner information of relay accounts Added option for users about how to transmit postings with titles Added for non HTML content of feeds Added reshares for postings from Bluesky and tumbl Added public forums with manual request approval Added "next try" information for deferred worker jobs listing Added support of FEP-e232 Added automatic closure of registration if admin becomes inactive Added channel only option for contacts
Friendica Addons Updates to the translations AR, CS, DE, FR, IT, PL, SV Blockbot Added Relatica to good client list Improved agent identifier list Bluesky Added monitoring statistics Added support of sensitive postings Improved API handling Improved fetching of user DID Fixed conversion BS/Friendica handles jsuploader Improved detection of supported file types mailstream Improved image handling tumblr Added monitoring statistics Improved quoted postings [/quote]
ACB Community Call: Vispero - Tips for Reading eBooks with Refreshable Braille; Thursday, January 30, 3:00 PM Eastern Time groups.io/g/tech-vi/message/85…
Is your child a keen musician, but you are finding the learning process difficult as they aren't able to access the sheet music? Does your child currently learn music by ear, but you want to find out more about how they can accessible formats? A new …
What’s This About? World Braille Day, celebrated globally and annually on 4th January; A French boy who changed everything for blind people including the author of this Blog when he set the stage 200 years ago and a UK first World Braille Day Confere…
Unions and attorneys who represent federal employees are telling workers not to take the offer from the Trump administration to resign from their jobs by Feb. 6 and still be paid through September.
Why is everything panicking about DeepSeek? Shouldn't they instead look at the code, learn from it, and build something better? After all, it's a lot more open than what most of big tech has produced so far. #AI forbes.com/sites/dereksaul/202…
Nvidia shares' 9% recovery Tuesday was the second-best day in terms of market cap added for any company ever—but the company faced another selloff Wednesday.
New Kokoro TTS model just released. This was trained on much more data than the previous version and really sounds good. If you want to try yourself, just do pip install kokoro. I haven't gotten a chance to test the model yet, but here is a demo from the guy who trained it. Here's a demo. A female voice reading the following text: "Kokoro is an open-weight TTS model with 82 million parameters. Despite its lightweight architecture, it delivers comparable quality to larger models while being significantly faster and more cost efficient. With Apache licensed weights, Kokoro can be deployed anywhere from production environments to personal projects."
@cordova5029 This just came out so they don't yet have an online demo you can check out, but it seems like it's pretty easy to install and get up and running if you know a little python. Unfortunately seems like Huggingface is down at the moment so you can't download the model, but should be up soon.
@cordova5029 Lol I'm in the same boat, I know just enough Python to get stuff set up, but that's about it. Ask me to write any sort of complicated program and I'm not gonna do a good job.
your'e ahead of me. i"m not a python person. I know enough about it to know what looks good, and what doesn't, IV"e never written a stich of it myself though. Seen plenty of it, because I have friends who regularly ding at it.
@cordova5029 The model itself is extremely lightweight and will run happily on a laptop with limited RAM, this is not like an LLM where you need like 32 GB to get something decent.
Any idea how it runs on low-end stuff, like arm cortex, compared to Piper? Also, did they get their training data from some other pre-existing model again?
@BorrisInABox AFAIK the model should run happily on limited hardware, but I'm by no means an expert in this field and have no experience with running this locally as of yet. Most of the data is from commercial TTS providers, primarily Eleven Labs and Open AI. They've also got some Google TTS in there as well. I'm not entirely sure how I feel about the approach, I think licensing is an issue and I would hesitate to use this in any sort of commercial application, but this is one of the highest quality open source TTS models currently available as far as I'm aware.
@BorrisInABox I'm wondering what will happen long term, this model has skyrocketed in popularity over the last month and I'm sure Eleven and other companies will start to take notice eventually. I also don't entirely understand their reasoning for using existing TTS data either. They say they don't want to base this on human recordings because of licensing issues, but I'm not really sure what makes them think they have a license to use commercial TTS voices in this way. If they end up getting sued, I certainly couldn't see that argument holding up in court.
You've probably heard that "we are stardust," but this graphic breaks it down further & tells you what kind of stars your dust came from--and which elements didn't come from stars at all.
This periodic table depicts the primary source on Earth for each element. In cases where two sources contribute fairly equally, both appear. || PeriodicTableOrigins2_print.jpg (1024x682) [251.7 KB] || PeriodicTableOrigins2_Large.
@Seirdy@pleroma.envs.net we're going to ignore the obvious implication here because i 100% unironically believe that you would be the type of person to just gnaw on some carrots in the shower.
Dear lovely #PHP community, what do you think about Mago? I've recently read about it in PHP Annotated by Roman from JetBrains. Seems a potentially good replacement for PHPCS and maybe PHP-CS-Fixer. Is it time or not yet? mago.carthage.software/
Mago - A comprehensive suite of PHP tooling inspired by Rust’s approach, providing parsing, linting, formatting, and more through a unified CLI and library interface.
@menelion It’s an AI assistent, you just talk to it and ask it stuff and it answers back. You can set it up to use Gemini or GPT4O, or you can roll your own. right now I have it set to Gemini 1.5 flash which is Google’s newest low latency thing. But since it is Eleven Labs that means I can use the professional voice I already have with them. If I wanted to I could train it to be more specific, like, if I was a famous author I could give it my books and then people could ask it about them, that kind of thing.
@menelion It is a new feature so right now they are paying for the calls, but I suspect that will change as they work out the details.
I am not sure what language it is in. The thing that makes it so cool is you literally just hit “create,” it asks you what parameters you want to set for it like the voice you want, how createive it can get, the model you want, additional data sources, etc. and it just creates it for you. I haven’t written a line of code in my life and I got it working in five minutes.
@menelion Oh wow, if you have a twillio number you can link it and have a phone number people can use to call the agent! That’s so cool. Never going to use it, but that’s amazing. You could spin up a whole customer service agent with your own voice in like fifteen minutes. Crazy!
Hi Drew! It's me again, again a request about WhatsApp and this time a feature request. It would be extremely nice if there was a setting that would hide phone numbers and show/announce only names. Especially in larger groups, where there are lots of people I'll never add to contacts, it's so annoying to hear something like: "~John doe +353 123456789, replying to ~Jane Roe +44 999 1234567". thanks!
@menelion Hey thanks for the feedback! BTW, my rant about accessibility testers acting like ADA inspectors was completely unrelated to this, totally different thing.
The phone numbers are necessary in order to verify the person you are talking to, since anyone can set whatever name they want in their profile. Bad actors could use this to impersonate people you know.
I agree that it’s annoying though from the screenreader perspective, and we’ve gotten a fair bit of feedback to filter them out. We’ve been able to balance the concerns on mobile by including the number in the custom action hint when you swipe down from the bubble (E.G. “view contact info for +1 (202) 555-1111”) It’s more complicated for desktop though.
As a best practice, you are supposed to convey any information that is relevant to the screenreader for it/the user to decide how to handle it. I think this is an area where it makes more sense for a screenreader add-on or script perform this function so it is under the user’s control.
All that to say, it’s tricky, but I think there is a path forward here that will give the users what they want without security compromises.
Guys check out this new project, it's a cross platform app that lets you experiment and train open source LLMs without any code. It's based on Electron and open source, but I haven't yet looked at accessibility. github.com/transformerlab/tran…
Open Source Application for Advanced LLM Engineering: interact, train, fine-tune, and evaluate large language models on your own computer. - transformerlab/transformerlab-app
The irony: OpenAI—which faces multiple lawsuits for using content without permission—accuses China's DeepSeek of basically copying from ChatGPT to train its AI models. pcmag.com/news/openai-deepseek…
OpenAI—which faces multiple lawsuits for using content without permission—accuses DeepSeek of 'distillation,' a technique that use larger models' outputs to improve smaller ones.
“Nobody asked for NFTs or the fucking Metaverse. Nobody asked for lying chatbots instead of getting to reach an actual support person that could solve your problems.”
And:“…people are challenging the notion that we all have to do AI now. Because we don’t. It’s a choice. A choice that mostly benefits monopolists.”
I am quoted at length in a new article on Ars Technica (a website I have been reading for years and years) on an in-depth article on tarpits for AI crawlers.
Nvidia RTX 5080 Reviews Fail to Impress Gamers "That’s due to the RTX 5080 failing to surpass the RTX 4090 and only offering slight improvements over the RTX 4080 and RTX 4080 Super." (Still no talk of whether it runs less hot than the prior generation, so far none of these gaming sites covered that one) tipranks.com/news/nvidia-rtx-5…
Ignore the title, but look inside. I think it's an interesting point of view. Trump inauguration: The real reason Elon Musk, Mark Zuckerberg, and Jeff Bezos support Trump | Vox vox.com/future-perfect/395646/…
For billionaires inspired by science fiction, it’s about using crypto and network states to undermine democracy — not just lower taxes and friendly regulations.
Francesco P Lovergine
in reply to XSF: XMPP Standards Foundation • • •