Okay let's do this: Mastodon/Fediverse Megathread LET'S GO!
Herein, find everything you need to get started on a healthier, more community-oriented social platform.
(1/22) ⬇️
Did you know Mastodon is only one of many platforms in the Fediverse? Built on the ActivityPub protocol, these platforms interconnect to create a rich tapestry of communities. You can find out more about each at fediverse.party and fediverse.space.
(2/22)
But let's focus on Mastodon for now, as it's the closest to Twitter in appearance. But it is _not_ meant to be the same, as we'll see later.
First thing to do is pick a Mastodon instance to join. A what now?!
Lemme explain.
(3/22)
Federation is a new concept for some, so let's break it down. Many _instances_ of these platforms exist and can communicate with one another. The servers are run by volunteers who are dedicated to creating a space for different communities.
Find one that matches your interests, and sign up!
(5/22)
But just because you sign up on one doesn't mean you can't sign up on others! In fact, it can be useful to have a couple of accounts on different instances, even if you don't use them right away.
We'll see why later.
(6/22)
Once you're signed up, things will probably be pretty quiet. If you're using the web client, I strongly recommend the Advanced View, which is kind of like TweetDeck.
What do all these mean?
(7/22)
"Home" is the timeline of your follows. Exactly what they post, in chronological order.
"Local" is your local instance's timeline.
"Federated" is every public toot from every instance your server can connect to. That one is the firehose.
(8/22)
The advanced view also allows you to set up pinned columns based on hashtags. Pick ones that matter to you, because on Mastodon, hashtags are very important!
By design, there is no full-text search, so hashtags are how you discover content.
(9/22)
So you have your view (and profile?) set up and you're ready to toot. I recommend starting with an #introduction post to let folks know what you're about.
I even have an #introduction column pinned to see the amazing diversity of new users!
(10/22)
Follow as many people as you can to fill your timeline. You can always unfollow later, but because no content is getting pushed on you, you will only see what you have chosen to see.
(11/22)
Don't know whom to follow? Check out these amazing resources:
The last one is especially cool because it will seek your Twitter follows for Mastodon handles.
(12/22)
There are some differences in engagement. "Favorites" are not exactly "likes" on Twitter. They tell the poster you liked their post, but a favorite has no impact on who sees the toot! To amplify a toot you appreciate, you gotta boost it!
(13/22)
Boosts are sorta like retweets, but there is a very important difference: there is no quote-boost. This is to disincentivize toxic dunking/ratioing of Twitter. If you want to add context to a conversation and share that, reply to a post and boost your reply.
(14/22)
Mastodon posts have a feature known as a "Content Warning." This hides the main body of the post with a summary telling people what it's about. This will also mark any images as sensitive.
It is Masto etiquette to use CWs liberally.
(15/22)
As I said, hashtags are important, so use them in your posts. That's how people will find your content! Well, that and boosts.
(16/22)
How does a toot show up on your timeline? This diagram is the best explanation I can offer.
(17/22)
You may notice that you can't see fave/boost numbers in your feed. That, again, is by design. Judge a post by its content, not its stats. Clicking into a post shows the numbers, but consider the benefits of posts no longer being popularity contests.
(18/22)
A note on privacy. Mastodon has different visibility options for public, unlisted, followers-only, and mentioned people only. The last one is what a DM amounts to in Mastodon.
DMs are readable by admins. Do not use Mastodon for sensitive comms. Use Signal for that.
(19/22)
As you continue your Fediverse journey, you may decide another instance is right for you. That's fine! With an account on both servers, you can easily migrate your account from one to the other, and your followers will be updated to point to your new account!
(20/22)
Finally, a note on tone. Because these instances are about community, please treat others with respect. You will not gain clout by acting like a jerk or trying to dunk on people on Mastodon. There is no engagement-driving algorithm that rewards such behavior.
(21/22)
This is an opportunity for a better internet, so let's realize that vision.
I'm sure I missed some things, so please feel free to add on/ask questions!
(22/22)
I forgot mobile! Here are some apps I like:
Android: Tusky
iOS: Toot!
Also, there's Twidere which combines Twitter/Masto in a single client, if you need it.
(23/22)
Don't know how, but I forgot the invaluable fedi.tips
(24/22)
A common question is: do I need an account on an instance to follow someone from that instance?
No! Think of it like email. Create an account wherever, and you can interact with anyone else who has an account.
(25/22)
Here is an amazing article explaining a bit more about federation and why it's cool, and some of the unexpected consequences: wordsmith.social/elilla/a-futur…
(26/22)
Yes I'm gonna keep this updated as I discover new cool things.
Every Mastodon account is its own RSS feed. Just add .rss to the end of an account, like so: fosstodon.org/@mttaggart.rss
(27/22)
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Alright fam, let's talk about network segmentation gotchas. This 🧵comes from years as a network engineer/designer, making every kind of mistake possible! 1/16
First, let's describe the most secure segmented environment: airgapped. That's not usable, and neither is the next most secure, which would be every host sinkholed and only able to connect outbound. We don't do this because computers have to be networked. 2/16
Remember that your job in designing a network AND security architecture is to enable people to work safely. If they can't work at all, you failed. So yes, there has to be some intercommunication. Managing it is the trick. 3/16
Reading through the whole incident report of the Irish NHS Conti attack, and this thing needs to be taught in every defense course. 🧵 1/8
Look at this dwell time! Also, note the lag between malicious detections on a DC and any action taken. 2/8
But wait, it gets worse: after foothold, the initial payloads/privesc techniques were detected and NOT BLOCKED. You can imagine a hundred "good reasons" why these were in monitor mode. 3/8