Hello guys, I'd like to know, what should I do to login the user from my own SSO with admin rights? Do I need to give the role: admin at /userinfo endpoint or how it is done?
-
SSO, admin role
-
Backfilling Conversations: Two Major Approaches
In February 2025, I presented a topic at FOSDEM in Brussels entitled The Fediverse is Quiet β Let's Fix That! In it, I outlined several "hard problems" endemic to the fediverse, focusing on one particular complaint that is often voiced by newcomers and oldtimers alike; that the fediverse is quiet because you don't ever see the full conversation due to some design considerations made at the protocol level.
Since then there have been a number of approaches toward solving this problem, and it is worth spending the time to review the two main approaches and their pros and cons.
N.B. I have a conflict of interest in this subject as I am a proponent of one of the approaches (FEP 7888/f228) outlined below. This article should be considered an opinion piece.
Crawling of the reply tree
First discussed 15 April 2024 and merged into Mastodon core on 12 Mar 2025, [email protected] pioneered this approach to "fetch all replies" by crawling the entirety of the reply tree. When presented with an object, the Mastodon service would make a call to the
context
endpoint, and if supported(?) would start to crawl the reply tree via thereplies
collection, generating a list of statuses to ingest.This approach is advantageous for a number of reasons, most notably that
inReplyTo
andreplies
are properties that are ubiquitous among nearly all implementations and their usage tends not to differ markedly from one another.N.B. I am not certain whether the service would crawl up the
inReplyTo
chain first, before expanding downwards, or whethercontext
is set in intermediate and leaf nodes that point to the root-level object.One disadvantage is this approach's susceptibility to network fragility. If a single node in the reply tree is temporarily or permanently inaccessible, then every branch of the reply tree emanating from that node is inaccessible as well.
Another disadvantage is the reliance on intermediate nodes for indexing the reply tree. The amount of work (CPU time, network requests, etc.) scales linearly with the size of the reply tree, and more importantly discoverability of new branches of the reply tree necessitate a re-crawl of the entire reply tree. For fast-growing trees, this may not net you a complete tree depending on when you begin crawling.
Lastly, in the ideal case, a full tree crawl would net you a complete tree with all branches and leaves. Great!
Mastodon is the sole implementor of this approach, although it is not proprietary or special to Mastodon by any means.
FEP 7888/f228, or FEP 171b/f228
Summarized by [email protected] in FEP f228 (as an extension of FEPs 7888 by [email protected] and 171b by [email protected]), this conversational backfill approach defines the concept of a "context owner" as referenced by compatible nodes in the tree. This context owner returns an
OrderedCollection
containing all members of the context.A major advantage of this approach centers around the pseudo-centralization provided by the context owner. This "single source of truth" maintains the index of objects (or activities) and supplies their IDs (or signed full activities) on request. Individual implementations then retrieve the objects (or activities). It is important to note that should the context owner become inaccessible, then backfill is no longer possible to achieve. On the other hand, a dead or unresponsive intermediate node will not affect the ability of the downstream nodes to be processed.
The context owner is only able to respond with a list of objects/activities that it knows about. This does mean that downstream branches that do not propagate upwards back to the root will not be known to the context owner.
Additionally, consumers are also able to query the context owner for an index without needing to crawl the entire reply tree. The ability to de-duplicate objects at this level reduces the overall number of network requests (and CPU time from parsing retrieved objects) required, making this approach relatively more efficient.
Additional synchronization methods (via id hashsums) could be leveraged to reduce the number of network calls further.
A number of implementors follow this approach to backfill, including NodeBB, Discourse, WordPress, Frequency, Mitra, and Streams. Additional implementors like Lemmy and Piefed have expressed interest.
One technical hurdle with this approach is technical buy-in from implementors themselves. Unlike crawling a reply tree, this approach only works when the context owner supports it, and thus should be combined with various other backfill strategies as part of an overall conversational backfill solution.
Conclusion
2025 is shaping up to be an exciting year for resolving some of the harder technical and social problems endemic to the open social web/fediverse. It is this author's opinion that we may be able to make good headway towards resolving the "quiet fedi" problem with these two approaches.
It is important to note that neither approach conflicts with the other. Implementations are free to utilise multiple approaches to backfill a conversation. Both methods presented here have pros and cons, and a combination of both (or more) could be key.
Feel free to use this as a starting point for discussions regarding either approach. Does one speak to you more than the other? Are the cons of either approach significant enough for you to disregard it? What other approaches or changes could you recommend?
-
ForumWG canceled this month (June)
Due to a conflict with FediForum (running 5th to 7th June), the ForumWG will not be meeting. Additionally I am away for most of June so cannot reschedule the meeting for later this month.
I will be at FediForum to re-introduce the ForumWG and highlight what we've accomplished this past year, as well as to hopefully draw in some new interested parties.
-
Fun with Federation: Lemmy edition
It all started with a report about federation breaking between Lemmy and NodeBB. I was subconsciously aware that something was going on, but had chalked it up to network issues.
Observed behaviour showed that some remote categories would be receiving content in spurts, with long gaps in between.
I spent the next 3-4 days looking into it, but came up empty. Whatever was happening wasn't throwing any obvious errors, and along the way, I found what I thought was related (it was), but I wasn't sure why: against some Lemmy servers, the "follow"/"unfollow" mechanic would simply stop working, and this would often coincide with gaps in content. In some egregious cases, the flow of content stopped completely!
Unable to make headway, I had to reach out to the folks at Lemmy to figure out what the issue was. NodeBB occasionally sends non-200 level responses depending on the activity. Specifically, the following scenarios:
- A remote user upvoting more than 20 posts in a single day (a spam prevention tactic) causing NodeBB to throw an error, which was caught and returned an
HTTP 500 Internal Server Error
. - A
Dislike
activity, which is not currently handled by NodeBB. In these cases, NodeBB would send anHTTP 501 Not Implemented
When encountering either of these responses, Lemmy would return the activity back to the queue for later delivery and mark a delivery failure. If enough of these (~40) happened within 24 hours, Lemmy would give the instance a time-out and pause delivery completely.
That was it β a quick pair of code updates later, and we started working through Lemmy's backlog of 4.1M activities.
As of 4am this morning,
community.nodebb.org
is no longer behindlemmy.world
.Fun week. Let's not do that again LOL.
v4.4.2 of NodeBB contains the updated logic for smoother Lemmy federation.
- A remote user upvoting more than 20 posts in a single day (a spam prevention tactic) causing NodeBB to throw an error, which was caught and returned an
-
No Space between widgets
For some reason my nodebb deployment (Docker) has no space between the widgets
This is happening on both sidebar widgets and bottom of page widgets.
i am on nodebb v4.4.1 latest docker image
(A fresh install of docker does not have this problem, although it's been only a couple of weeks since this install)
(An earlier version of the docker backup of the same site does not have this issue)
-
Upgrade failed - site offline :-(
Hi. Trying to upgrade NodeBB to latest version, and get
npm ERR! code ERESOLVE npm ERR! ERESOLVE could not resolve npm ERR! npm ERR! While resolving: [email protected] npm ERR! Found: [email protected] npm ERR! node_modules/eslint npm ERR! peer eslint@"^6.0.0 || ^7.0.0 || >=8.0.0" from @eslint-community/[email protected] npm ERR! node_modules/@eslint-community/eslint-utils npm ERR! @eslint-community/eslint-utils@"^4.2.0" from [email protected] npm ERR! @eslint-community/eslint-utils@"^4.2.0" from [email protected] npm ERR! node_modules/nodebb-plugin-sso-oauth2-multiple/node_modules/eslint npm ERR! eslint@"9.x" from [email protected] npm ERR! node_modules/nodebb-plugin-sso-oauth2-multiple npm ERR! nodebb-plugin-sso-oauth2-multiple@"^1.4.2" from the root project npm ERR! peer eslint@"^7.32.0 || ^8.2.0" from [email protected] npm ERR! node_modules/eslint-config-airbnb-base npm ERR! eslint-config-airbnb-base@"15.0.0" from [email protected] npm ERR! node_modules/eslint-config-nodebb npm ERR! dev eslint-config-nodebb@"1.1.4" from the root project npm ERR! 1 more (nodebb-plugin-gravatar) npm ERR! 4 more (eslint-config-nodebb, eslint-plugin-import, ...) npm ERR! npm ERR! Could not resolve dependency: npm ERR! dev @stylistic/eslint-plugin-js@"4.2.0" from the root project npm ERR! npm ERR! Conflicting peer dependency: [email protected] npm ERR! node_modules/eslint npm ERR! peer eslint@">=9.0.0" from @stylistic/[email protected] npm ERR! node_modules/@stylistic/eslint-plugin-js npm ERR! dev @stylistic/eslint-plugin-js@"4.2.0" from the root project npm ERR! npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. npm ERR!
Looks like it relates to
nodebb-plugin-sso-oauth2-multiple
Any ideas?
Thanks
-
SSO plugin choice
Hello everyone, right now I am working on adding SSO authentication to my nodebb forum. I have chosen plugin from fusion auth for that, however, during the development I've faced a lot of issues and undefined behaviour. Maybe, it is my fault, but I still want to ask more experienced guys for an advice.
- What plugin is being used right now for SSO in case if I build my own identity provider?
- I want to implement auth cookies share between subdomains, I've tested it with playground apps, however, I am not sure, will be it working with the nodebb?
-
Welcome to your NodeBB!
Welcome to your brand new NodeBB forum!
This is what a topic and post looks like. As an administrator, you can edit the post's title and content.
To customise your forum, go to the Administrator Control Panel. You can modify all aspects of your forum there, including installation of third-party plugins.Additional Resources
-
Did 4.4.1 break federation with Lemmy groups?
After updating from 4.3 to 4.4.1, I noticed that my remote groups stopped updating. I double checked them here, and they're even further behind the group hosts, with the last received topics dating back to 16 May.
These are all Lemmy-hosted groups, so I'm not sure if it's a Lemmy-specific thing, or group actors more generally.
-
Fedora & GNOME remove X org, Microsoft open sources WSL_ Linux & Open Source News
Try TuxCare's AlmaLinux Security Hardening: https://tuxcare.com/security-hardening-for-almalinux/?utm_campaign=The Linux Experiment&utm_source=youtube&utm_medium=social
Grab a brand new laptop or desktop running Linux: https://www.tuxedocomputers.com/en# https://www.youtube.com/watch?v=3d65Mnr8onE
SUPPORT THE CHANNEL:
Get access to:- a Daily Linux News show
- a weekly patroncast for more thoughts
- your name in the credits
YouTube: https://www.youtube.com/@thelinuxexp/join
Patreon: https://www.patreon.com/thelinuxexperimentOr, you can donate whatever you want:
https://paypal.me/thelinuxexp
Liberapay: https://liberapay.com/TheLinuxExperiment/GET TLE MERCH
Support the channel AND get cool new gear: https://the-linux-experiment.creator-spring.com/Timestamps
00:00 Intro
00:44 Sponsor: TuxCare
02:18 Fedora approves the removal of X11 for Fedora GNOME 43
04:27 GNOME disables X11 in GDM
06:05 Microsoft open sources WSL
08:37 Mozilla closes Pocket and Fakespot
10:58 RHEL 10 is out
12:42 Nvidia updates Wayland roadmap
14:53 Microsoft fixes dual boot breaking bug after 9 months
17:04 SteamOS 3.7 is now stable, with big updates
19:01 Steam Deck hits 19000 playable games
21:25 Sponsor: Tuxedo ComputersLinks:
Fedora approves the removal of X11 for Fedora GNOME 43
https://pagure.io/fesco/issue/3408GNOME disables X11 in GDM
https://www.phoronix.com/news/GNOME-GDM-Disable-X11-DefaultMicrosoft open sources WSL
https://blogs.windows.com/windowsdeveloper/2025/05/19/the-windows-subsystem-for-linux-is-now-open-source/Mozilla closes Pocket and Fakespot
https://blog.mozilla.org/en/mozilla/building-whats-next/RHEL 10 is out
https://www.redhat.com/en/about/press-releases/red-hat-introduces-rhel-10?sc_cid=RHCTG0240000427545
https://linuxiac.com/red-hat-enterprise-linux-10-released/Nvidia updates Wayland roadmap
https://forums.developer.nvidia.com/t/wayland-support-for-the-575-release-series/333827Microsoft fixes dual boot breaking bug after 9 months
https://www.neowin.net/news/linux-windows-11-dual-boot-to-finally-play-well-as-microsoft-fixes-nine-month-old-bug/Steam Deck hits 19000 playable games
https://www.gamingonlinux.com/2025/05/steam-deck-steamos-hits-19000-games-rated-verified-and-playable/SteamOS 3.7 is now stable, with big updates
https://store.steampowered.com/news/app/1675200/view/820329049655084700
-
Google Search sucks, AI is everywhere: what should you use?
Check out TuxCare's support for AlmaLinux, now with FIPS compliance: https://tuxcare.com/fips-for-almalinux/?utm_campaign=The Linux Experiment&utm_source=youtube&utm_medium=social
Grab a brand new laptop or desktop running Linux: https://www.tuxedocomputers.com/en# https://www.youtube.com/watch?v=3d65Mnr8onE
SUPPORT THE CHANNEL:
Get access to:- a Daily Linux News show
- a weekly patroncast for more thoughts
- your name in the credits
YouTube: https://www.youtube.com/@thelinuxexp/join
Patreon: https://www.patreon.com/thelinuxexperimentOr, you can donate whatever you want:
https://paypal.me/thelinuxexp
Liberapay: https://liberapay.com/TheLinuxExperiment/GET TLE MERCH
Support the channel AND get cool new gear: https://the-linux-experiment.creator-spring.com/Timestamps:
00:00 Intro
01:11 Sponsor: TuxCare
02:29 Google is getting really bad
04:31 Improve Google
05:54 Duck Duck Go
07:34 Ecosia
08:20 SearXNG
10:05 Brave Search
11:23 Kagi
12:27 Mojeek
13:16 Others I don't trust personally
14:41 Search has become complicated
17:20 Sponsor: Tuxedo ComputersSo, I don't think I'm teaching you anything when I say that Google Search has been getting worse and worse. What Google Search is losing, is accuracy. The pre-made snippets that they display? often don't refer to what you're looking for, they're generally related to, but not exact when searching for specific things. The AI summaries that they want to add? Well, we all know AI isn't exactly reliable, and that you have to fact check literally everything it says, so it doesn't quite save time compared to a regular search.
There's also the fact that consumer reviews are now pretty much garbage, generated by review farms. The fact that SEO "hacking" has made trying to appear in top results a game and an industry, and much like regular hacking, Google can only play catch up, and never really beat the manipulations website engage in.
it's all a mess, and this results in having to type "reddit" at the end of your query to get some actual answers written by some actual people, however dabatable these answers can be, depending on the topic.
So, if you want to fight the AI onslaught that is ruining most searches, there's something you CAN do.
Google started adding AI results to the top of your searches, which pre-digest answers that loosely match your query, often adding some nice little hallucinations and misinformation in there.So, if you still want to use Google Search because everything else is, in your use case, not as good, you can at lest create a shortcut that removes a bunch of the crap Google adds.
To do so, you need to add a custom search engine, most browsers let you do that. In Firefox and its forks, you can go to sttings, then search, then at the bottom, you can add a search shortcut that uses this URL: http://google.com/search?udm=14&q=%s
You can also add that to Chromium based browsers by entering another string in the search sttings as well, as a new search engine.
{google:baseURL}/search?udm=14&q=%sYou can make that new engine the default in your settings, and when using that, it will remove all AI results, and default to the "web" tab instead of the "all" tab of Google search, so you only get webpages and not all the extra crap.
The engine I currently use is Duck Duck Go, it's the search engine that at least, in French and english, tends to give me the best results.
It also has a slew of options that let you disable a LOT of stuff you don't want.
DDG has AI built-in, but you can remove that. Ads? You can disable them in the settings.
Don't like the stylesheet and look? You can change that easily enough as well.
You can even disable the "instant answers" that provides pre digested snippets, even if these aren't AI generated.Another one I used extensively in the past is Ecosia, it also uses Bing quite a lot for their results, but the engine is nice, gives accurate results, and if you have ads turned on, they'll plant trees with the money they get, although how efficient this is depends on who they contract that out to, so not sure if it's a big benefit or not.
If you like the concept of the Fediverse, mastodon, Peertube and the like, you might also like SearXNG. It's a federated metasearch engine, meaning it's decentralized, and hosted by several instances, either private, for your own use and no one else's, or public, where you can access the engine, but you'll need to ensure they don't log stuff, so you kind of have to trust the person or org hosting it.
If you use the Brave browser, you might also know about their search engine, which is an interesting one, because it's a very rare occurrence of an engine with its own Index: they don't depend on Google or Bing for results, they use their own index entirely, including for images and videos.
They do have the AI crap baked in, so that's a drawback, but you can disable that in the engine settings if you don't want it.
-
βUnreadβ notification error with publication schedule.
If I create a post with a schedule for the next day.
I click publish, then all users will have the post in the βunreadβ section all the time until the original schedule time.In the βunreadβ section, it is impossible to uncheck that this post has been read - it looks like a bug.
-
Plasma 6.4 beta, BIG Web Search changes, AI isn't fair use? Linux & Open Source news
Head to https://squarespace.com/thelinuxexperiment to save 10% off your first purchase of a website or domain using code thelinuxexperiment
Grab a brand new laptop or desktop running Linux: https://www.tuxedocomputers.com/en# https://www.youtube.com/watch?v=3d65Mnr8onE
SUPPORT THE CHANNEL:
Get access to:- a Daily Linux News show
- a weekly patroncast for more thoughts
- your name in the credits
YouTube: https://www.youtube.com/@thelinuxexp/join
Patreon: https://www.patreon.com/thelinuxexperimentOr, you can donate whatever you want:
https://paypal.me/thelinuxexp
Liberapay: https://liberapay.com/TheLinuxExperiment/GET TLE MERCH
Support the channel AND get cool new gear: https://the-linux-experiment.creator-spring.com/Timestamps:
00:00 Intro
00:45 Sponsor: SquareSpace
02:04 Plasma 6.4 has a beta
04:48 Microsoft closes down Bing Search API
07:07 Open Web Index offers an alternative for search engines
09:28 End of 10 campaign helps Windows users move to Linux
11:30 Ubuntu 25.10 has some nice things in store
13:34 US copyright office thinks AI isn't fair use
15:59 New Orion browser will use GTK4 and libadwaita
18:04 SteamOS compatibility ratings appear
20:12 Sponsor: Tuxedo ComputersLinks:
Plasma 6.4 has a beta
https://www.phoronix.com/news/KDE-Plasma-6.4-BetaMicrosoft closes down Bing Search API
https://www.wired.com/story/bing-microsoft-api-support-ending/Open Web Index offers an alternative for search engines
https://openwebsearch.eu/june-event-announcement-the-open-web-index-goes-public/End of 10 campaign helps Windows users move to Linux
https://endof10.org/Ubuntu 25.10 has some nice things in store
https://discourse.ubuntu.com/t/ubuntu-desktop-25-10-the-questing-quokka-roadmap/61159US copyright office thinks AI isn't fair use
https://www.businessinsider.com/ai-training-copyright-laws-big-tech-fair-use-openai-meta-2025-5New Orion browser will use GTK4 and libadwaita
https://www.omgubuntu.co.uk/2025/05/kagi-orion-browser-linux-port-uses-gtk4-libadwaitaSteamOS compatibility ratings appear
https://steamcommunity.com/groups/steamworks/announcements/detail/532097310616717411
-
GNOME really LOST a lot of features... A look at GNOME 1 and what it offered
Use a secure, encrypted, and fast VPN with Proton VPN: https://protonvpn.com/TheLinuxEXP
Grab a brand new laptop or desktop running Linux: https://www.tuxedocomputers.com/en# https://www.youtube.com/watch?v=3d65Mnr8onE
SUPPORT THE CHANNEL:
Get access to:- a Daily Linux News show
- a weekly patroncast for more thoughts
- your name in the credits
YouTube: https://www.youtube.com/@thelinuxexp/join
Patreon: https://www.patreon.com/thelinuxexperimentOr, you can donate whatever you want:
https://paypal.me/thelinuxexp
Liberapay: https://liberapay.com/TheLinuxExperiment/GET TLE MERCH
Support the channel AND get cool new gear: https://the-linux-experiment.creator-spring.com/Timestamps:
00:00 Intro
00:29 Sponsor: Proton VPN
02:15 The GNOME 1 Shell
07:36 File Manager
10:33 Window Manager
12:44 Applications
15:45 Settings
17:41 GNOME really regressed
19:08 Sponsor: Tuxedo Computers#linuxdesktop #gnome #linux
-
Automatic category/community assignment on received object
I'm wondering how content on threadiverse is automatically assigned its community when received by the software (e.g. PieFed, Lemmy, Mbin).
The answer I am expecting is "if the community is addressed (
to
,cc
,audience
), then it is slotted into that community".However that causes issues for compatibility with microblogs... for example, [email protected] recently authored a post that mentioned
[[email protected]](https://community.nodebb.org/category/[email protected])
and it got slotted into that community on NodeBB, which isn't correct since that group is private.Better practice would be to only trust the addressed community if it is
Announce
'd by the community directly, but would fall short if my instance does not receive theAnnounce
(say, if nobody follows the community), in which case we'd fall back to "uncategorized", which is where all microblog posts currently go. Then it's neither correct nor incorrect, I suppose.I think this might be an issue where NodeBB tries to be too many things at once (microblog and threadiverse compatible).
-
New Direction for GNOME, Mint accepts Libadwaita, OpenSUSE ditches Deepin_ Linux & Open Source News
Try out Proton Mail, the secure email that protects your privacy: https://proton.me/mail/TheLinuxEXP
Grab a brand new laptop or desktop running Linux: https://www.tuxedocomputers.com/en# https://www.youtube.com/watch?v=3d65Mnr8onE
SUPPORT THE CHANNEL:
Get access to:- a Daily Linux News show
- a weekly patroncast for more thoughts
- your name in the credits
YouTube: https://www.youtube.com/@thelinuxexp/join
Patreon: https://www.patreon.com/thelinuxexperimentOr, you can donate whatever you want:
https://paypal.me/thelinuxexp
Liberapay: https://liberapay.com/TheLinuxExperiment/GET TLE MERCH
Support the channel AND get cool new gear: https://the-linux-experiment.creator-spring.com/Timestamps:
00:00 Intro
00:32 Sponsor: Proton Mail
01:27 GNOME Foundation has a new Director
03:37 Mint 22.2 stops forking GNOME apps
06:16 OpenSUSE removes deepin packages
08:22 New Linux distro comes from a Microsoft Employee
10:11 Peertube mobile app is here
11:48 elementaryOS has some good stuff coming
14:08 Mozilla afraid of Google search monopoly ruling
16:31 Open Letter against EU's attacks on encryption
19:05 Sponsor: Tuxedo Computers
20:01 Support the channelLinks:
GNOME Foundation has a new Director
https://blogs.gnome.org/steven/2025/05/06/introducing-myself/Mint 22.2 stops forking GNOME apps
https://blog.linuxmint.com/?p=4840OpenSUSE removes deepin packages
https://linuxiac.com/opensuse-removes-deepin-desktop-over-security-policy-violations/New Linux distro comes from a Microsoft Employee
https://news.anduinos.com/post/2025/5/6/story-behind-anduinos-a-letter-from-anduinPeertube mobile app is here
https://joinpeertube.org/news/app-v1elementaryOS has some good stuff coming
https://blog.elementary.io/updates-for-may-2025/Mozilla afraid of Google search monopoly ruling
https://www.theverge.com/news/660548/firefox-google-search-revenue-share-doj-antitrust-remediesUS DOJ asks for Google ad business breakup
https://www.nytimes.com/2025/05/02/technology/google-advertising-technology-hearing.htmlOpen Letter against EU's attacks on encryption
https://tuta.com/blog/open-letter-against-protecteu#linuxdesktop #linux #linuxcommandline
-
FEP-b2b8: Long-form Text
Hello!
This is a discussion thread for the proposed FEP-b2b8: Long-form Text.Please use this thread to discuss the proposed FEP and any potential problemsor improvements that can be addressed.
SummaryMulti-paragraph text is an important content type on the Social Web. This FEP defines best practices for representing and using properties of a long-form text object in Activity Streams 2.0.
cc @eprodrom