Pinafore - Alternative web client for Mastodon
-
@girish thanks again for the tip.
I have changed my repo to that approach.
https://git.cloudron.io/timconsidine/pinafore-for-cloudron.git
If you have a moment, do let me know if it now follows best practice.
Builds and deploys ok (for me).@timconsidine nice!
It looks like this is just a static app. Do you know if the upstream already provides a built "bundle" ? If so, I wonder if it's worth publishing this as an app or should we try to ask people to just download the bundle and upload it to surfer ?
Thoughts?
-
@timconsidine nice!
It looks like this is just a static app. Do you know if the upstream already provides a built "bundle" ? If so, I wonder if it's worth publishing this as an app or should we try to ask people to just download the bundle and upload it to surfer ?
Thoughts?
-
@timconsidine nice!
It looks like this is just a static app. Do you know if the upstream already provides a built "bundle" ? If so, I wonder if it's worth publishing this as an app or should we try to ask people to just download the bundle and upload it to surfer ?
Thoughts?
-
@girish that won't help with updates and app store availability.
Do you plan to keep a running list of apps one can install manually into surfer/lamp/wp etc?
@robi said in Pinafore - Alternative web client for Mastodon:
@girish that won't help with updates and app store availability.
yes, that's true.
Also, it seems there is no way to lock down this app - https://github.com/nolanlawson/pinafore/issues/35 . This essentially makes it available for public use. We should probably wait till that is fixed.
-
@robi said in Pinafore - Alternative web client for Mastodon:
@girish that won't help with updates and app store availability.
yes, that's true.
Also, it seems there is no way to lock down this app - https://github.com/nolanlawson/pinafore/issues/35 . This essentially makes it available for public use. We should probably wait till that is fixed.
@girish it seems that won't happen without a PR to get this going.
There are many ways to "lock it down" if necessary..
We can always set up basic/realm auth via the webserver it runs on, or use a small ldap front end to gate access.
Not sure this is a big concern though as most apps we have run on subdomains (CNAMEs) and those don't get a lot of traffic from bots/scanners etc.
Besides, you still have to log into the social network, the client is just the app UI. Hence minimal risk.
-
@girish it seems that won't happen without a PR to get this going.
There are many ways to "lock it down" if necessary..
We can always set up basic/realm auth via the webserver it runs on, or use a small ldap front end to gate access.
Not sure this is a big concern though as most apps we have run on subdomains (CNAMEs) and those don't get a lot of traffic from bots/scanners etc.
Besides, you still have to log into the social network, the client is just the app UI. Hence minimal risk.
@robi said in Pinafore - Alternative web client for Mastodon:
Besides, you still have to log into the social network, the client is just the app UI. Hence minimal risk.
yeah, you actially login to a masto instance, can't do anything on pinafore without doing that, so nothing really to lock down
-
@robi said in Pinafore - Alternative web client for Mastodon:
@girish that won't help with updates and app store availability.
yes, that's true.
Also, it seems there is no way to lock down this app - https://github.com/nolanlawson/pinafore/issues/35 . This essentially makes it available for public use. We should probably wait till that is fixed.
@girish said in Pinafore - Alternative web client for Mastodon:
it seems there is no way to lock down this app
I was bit concerned too at first.
But as you have to log into a Mastodon instance, I concluded that there is not much security risk about someone else reading my feed.
As it's federated content, I think the only real issue is the privacy aspect of who I am following (maybe who is following me). And we're relying on Mastodon security to manage these aspects.There is however a risk of a personal Pinafore instance being used by anyone for their feed, effectively increasing the traffic and resources needed by the instance. Is this a concern? I'm not sure.
Security by obscurity (nobody finding the instance) is usually a poor approach. But often it's sufficient
Is it enough to add some basic HTTP auth to the instance as improvement on relying on obscurity ?
-
@girish thanks again for the tip.
I have changed my repo to that approach.
https://git.cloudron.io/timconsidine/pinafore-for-cloudron.git
If you have a moment, do let me know if it now follows best practice.
Builds and deploys ok (for me).@timconsidine seems like my custom package is copying unnecessary files into the deployment. Just FYI to anyone bothered. I will look at fixing this.
-
@Staff It'd be great to the package @timconsidine put together polished up and in the app store 
-
Haven't looked at in a while and I'm sure there are improvements to be made.
Was done a long time a go.
But would be a good addition to the official App Store .... IMHO
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login