Notices by Cy (cy@fedicy.us.to)
-
Cy (cy@fedicy.us.to)'s status on Monday, 18-Nov-2024 07:10:06 JST 
Cy
Yeah actually... it's just a needless risk to group identity's together into individual persons. (Plus who's to say you're just one person?) Better strategy would be to keep profiles unrelated, and possibly make a grouping table, for grouping profiles, to crosspost to them, or aggregate their messages together or whatnot. -
Cy (cy@fedicy.us.to)'s status on Monday, 18-Nov-2024 07:10:06 JST
Cy
Yeah, there's just no other way to go about it. People can't follow each other, because they could have multiple profiles. If they did, then I wouldn't be able to tell which of their profiles to send posts to. I follow my friend "Susie" for instance, then I post a message; do I send it to susie@instance1, susie@instance2, susie@instance3? It depends on which of those profiles followed me, whether or not I know they're all alt accounts for the same person. If susie@instance1 profile followed me, then it'd be refused if it got sent to susie@instance3.
Troublesome though, because what if this Susie followed me on all her profiles? Then I'd be sending my posts to her three times over. I guess that's fine, it just seems wasteful, and hard to display. And what if Susie reposted a message to all three accounts that I followed? She'd have to change the post author because the Fediverse requires you stay locked in the walled garden of one instance or another (thanks Gargron), so I'd get three identical messages from three Susies, differing only in which profile was the author.
My client could in theory dedup it, if I did somehow know that they were all alt accounts for Susie. Heck if I know how any of us would learn whose accounts are what person though. I really think having alt accounts is important, in case something happens to your instance, but since we don't use public key trust anchors, it's just really messy to deal with more than one account.
#Programming #Fediverse #rant -
Cy (cy@fedicy.us.to)'s status on Monday, 18-Nov-2024 07:10:03 JST
Cy
Nomadic identity is also broken. Never share your private key. It's the most important, fundamental rule of public key cryptography.
That being said, it'd be neat if we could get our Fediverse clients to keep a secret private key that you never share, and sign posts before sending them to the instance. Google/Mozilla have been fighting to lock people out from doing that for decades, but it is possible I guess.
I did see some proposals on that once, let's see...
https://w3c.github.io/vc-data-integrity/
Good luck writing a client (likely in a browser) capable of doing that, but that would enable nomadic identities. Or maybe you already did, and I'm just woefully uninformed?
CC: @Mike Macgirvin@fediversity.site @silverpill@mitra.social -
Cy (cy@fedicy.us.to)'s status on Sunday, 14-Jul-2024 06:44:03 JST
Cy
Er... no more risks than if he joins the men's gymnastics team. The only requirement for gymnastics is that you're small, not so much genital anatomy. It is reportedly easier for females to do the splits, because childbirth.
CC: @LavenderPawprints@fwoof.space @the_spc@fwoof.space -
Cy (cy@fedicy.us.to)'s status on Sunday, 11-Feb-2024 04:57:27 JST
Cy
Yes sorry, I didn't mean to say it wasn't possible. A securely signed key namespace is great and would totally work. I'm mostly complaining about HTTP signatures, and saying that hypothetically if your proposal is out of the question, then the absolute, minimal, most half-assed and barely functional way to enable smooth account migration is to just... stop signing HTTP headers. Signing HTTP headers along with the body, rather than just the body, is the only thing absolutely stopping us from migrating to a new account after the old instance dies. It serves no purpose other than making things difficult.
That complaint has nothing to do with your way, which is great and should be adopted, and I applaud you for pursuing it.
https://codeberg.org/fediverse/fep/src/branch/main/fep/c390/fep-c390.md
"proofPurpose": "assertionMethod",
...this is why I hate JSON. Still it would work. -
Cy (cy@fedicy.us.to)'s status on Saturday, 10-Feb-2024 23:29:03 JST
Cy
Trying to figure what I even want my program to do. Log on to multiple Fediverse instances, keep up with some timelines. How do I time it so it starts polling for updates, only after the oauth negotiation is done? How do I deal with sites randomly expiring tokens, so I'd have to negotate oauth again? You get a token and... start waiting for the next instance to be ready for polling, except that token is for a different instance, but does that matter, but... -
Cy (cy@fedicy.us.to)'s status on Saturday, 10-Feb-2024 23:29:01 JST
Cy
Hadn't heard, but I'm trying to make basically a fancy reaggregating client, so I can get posts from pdx.social and pnw.social and equestria.social and whatever else, as well as posts to fedicy.us.to. Ideally it'd let me direct everyone toward my main account, instead of posting as alt accounts and having to keep up with those too. But downloading notifications and private messages from alt accounts is also a thing I'd like to have. Most Fediverse clients throw away the info they download, so the servers can have more control over what you see, but that means downloading the timeline again every time you refresh the page.
And uh, also a little server I guess, just a single user instance. Is that sort of what @silverpill@mitra.social is doing? -
Cy (cy@fedicy.us.to)'s status on Saturday, 10-Feb-2024 23:28:59 JST
Cy
...with paid subscriptions, donation buttons, and cryptocurrency, in #rust OK
@silverpill@mitra.social
Account migrations (from one server to another). Identity can be detached from the server.
I don't think this is possible, because of how HTTP signatures include the Host: header. Because HTTP signatures are the worst. But if you take a look at Friendica's support for moving instances, you can learn how not not not not not not not not to do it. tl;dr using the private signing key your instance created, not creating your own, downloading that private key, then sending it to other instances is a bad bad bad bad inhales bad bad bad idea.
All 076萌SNS content and data are available under the