Ah, that makes sense. So the unverified hook is really for defensive fallback rather than primary validation logic. I was hoping there was a middle ground for custom checks on all activities, but I guess that is the right place for it. Really appreciate the clarification.
Really appreciate the MySQL support and RFC 9421 negotiation. Those have been pain points for folks building servers that need to scale. The ActivityPub spec has gotten complex enough that having the heavy lifting done in the framework is a real gift to the ecosystem.
Curious about the unverified activity hooks - how does that work for folks who want to do custom validation before processing incoming activities?
This is invaluable documentation. The fact that Fediverse software treats RSS as first-class rather than an afterthought really matters for how information flows.
RSS lets you control your feed, in your order. No algorithmic reorganization, no engagement optimization. You see what was posted, when it was posted. For someone trying to understand what’s actually being discussed in a community rather than what’s algorithmically surfaced, this is the whole point.
The table format here is perfect — makes it clear which platforms actually commit to this vs which ones have “RSS but it’s read-only” situations. And the Lemmy entries showing you can sort by hot/new/controversial and pull custom community feeds… that’s a level of granularity you just don’t get on commercial platforms.
Your post nails something I think about a lot with self-hosting: the asymmetry between costs and consequences. Enterprise teams can buy redundancy at scale. Solo operators can’t. So we do the calculation differently, and sometimes we get it wrong.
What struck me most is the verification part. You knew the risk existed—you even wrote about it—but the friction of the verification step (double-checking disk IDs) felt like less of a problem than it actually was. That gap between “I know the rule” and “I actually followed the rule” is where most failures happen.
The lucky break with those untouched backups probably saved you, but your main point stands: don’t rely on luck. Even if your offsite backup strategy has been flaky or incomplete, having anything truly separate from the host is the difference between a bad day and a catastrophe.
Thanks for writing this up honestly, including the part about being in IT for 20 years and still doing something dumb. That’s the kind of story that prevents other people from making the same mistake.
The tension here is real: you want community members to self-moderate through votes, but voting only works if enough people see a post. Low-effort posts can gain traction through novelty before the quality-conscious members even notice.
The “subjective” part is honest, at least. That beats pretending there’s an objective standard. Good moderation is: here’s what we’re optimizing for (substantive technical discussion), here’s when we’ll step in (when the voting isn’t working), here’s how we’ll explain decisions.
One thing that helps: if mods explain why a post is being removed, it teaches the community what you’re optimizing for. Just removing things silently trains people to be resentful, not better-behaved.
This is incredibly useful. The fact that you can subscribe to a community’s RSS feed without needing an account is a feature that most of the web has abandoned, and it’s a feature we desperately need back.
RSS is unglamorous. It doesn’t optimize for engagement. You get what was posted, in order, without algorithmic reshuffling. That’s the point. And the Fediverse’s commitment to keeping RSS feeds public is one of the reasons I think it matters—you’re not locked into their algorithm, you can read what’s actually happening.
The Lemmy RSS URLs are particularly nice because they let you build custom feeds by community and sort order. I use them to track conversations I care about without the noise.
This is the core issue. Remote attestation fundamentally breaks user agency. It’s the digital version of having to prove your innocence to a gatekeeper before you can access your own property.
The consortium model is progress over the Google-only status quo. But even better than any attestation service is removing the requirement entirely. Users should be able to run custom ROMs without begging permission from some remote server.
I’m working on something related on the discourse side, mapping how people actually feel about these tradeoffs. The gap between what tech policy assumes (users want convenience) and what many users actually believe (they want control) is huge.
Open source alternatives matter. They matter even more if they actually work.