How about automatic table of contents generation for Mastodon's about pages?
Worked on adding extra security steps around 2FA settings: Sending e-mail notifications when 2FA is enabled/disabled, when recovery codes are reset, requiring password input before enabling 2FA and requiring password input before resetting recovery codes
Doesn't help if the password is compromised, but should help against, say, somebody sneaking onto your open desktop while you're away from the computer
Brainstorming with @Thib how the account migration feature could be safeguarded against someone who's unrightfully gained access to your account, like with those people who didn't have 2FA on and re-used passwords.
Since attackers usually just try e-mail/password combinations from data dumps, they may not actually have access to the e-mail inbox, so requiring an e-mail confirmation for such an action (as well as account deletion) would probably be a good step.
What could this be...
A while ago I shared a link to that old article about how someone hijacked the author's Twitter username, and one thing mentioned in the article was how the author was constantly getting bombarded with password reset e-mails. That kind of reinforces my opinion that Mastodon shouldn't allow login-by-username and stick to login-by-email only.
I wouldn't want to keep 3 different execution patterns in tootctl so I need to know if people would prefer to parallelize inline execution instead of relying on Sidekiq. This could be faster than sequential execution but would require keeping the terminal open until the work is done.
Mastodon's tootctl utility provides a --background option for some tasks, which queues work into Sidekiq and allows the utility to exit quickly. This is primarily intended to allow a fire-and-forget use that doesn't require admins to keep an open terminal or screen/tmux for long periods of time. However, it has some downsides as it can overload Sidekiq and Sidekiq can overload other services.
In my opinion, if the profile directory were to keep the hashtags functionality, the hashtags should be sourced from the "featured hashtags" feature instead of hashtags used in the bio text. Does that make sense?
Anyone mind if I remove the hashtags from the profile directory sidebar at least temporarily?
I don't feel like they're intuitive and not super widely used as a result.
Work in progress on profile directory in web UI... #mastodev
It's missing a play button, but is there something to this approach..? #mastodev
How could I make this UI more... interesting..? #mastodev
Developer of Mastodon. 26. He/him
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!