@Gargron @bruno Interesting! It's always fun to see what happens to early posts. I've got some on Twitter which have been badly mangled over the years.
Notices by Terence Eden (edent@mastodon.social)
-
Terence Eden (edent@mastodon.social)'s status on Wednesday, 25-Sep-2024 16:41:12 JST Terence Eden -
Terence Eden (edent@mastodon.social)'s status on Sunday, 23-Jun-2024 18:25:15 JST Terence Eden Is there a good way to convert embedded Tweets into static content?
I've got loads of Twitter content embedded on my WordPress blog. For obvious reasons, I'd like to reduce my reliance on Twitter's API.
Does anyone have a tool that I can feed a URl and it will give me an image of a Tweet + alt text?
(Looking for personal experience. I know how to use a search engine.)
-
Terence Eden (edent@mastodon.social)'s status on Saturday, 08-Jun-2024 16:40:07 JST Terence Eden Here's a list of everyone standing for election who has a Mastodon account:
Only 11 candidates so far.
If you know of any others, please add it to their candidate page.
If you know of anyone standing, please encourage them to join the Fediverse.
-
Terence Eden (edent@mastodon.social)'s status on Friday, 03-May-2024 18:53:14 JST Terence Eden It *is* a genuine notification. But it isn't confirming the bank is calling you.
Should the bank word that differently?
In a rush, would you read it thoroughly?
Most likely, in a panic about the fraud, you'd confirm it was a genuine notification (it is!) and accept it.
3/3
-
Terence Eden (edent@mastodon.social)'s status on Friday, 03-May-2024 18:53:12 JST Terence Eden The scammer is on the phone to you.
Their accomplice is on the phone to your bank, pretending to be you.
Your bank send you the notification.
You accept, and scammers proceed to drain your account.Someone has just lost £18,000 because of this.
https://www.reddit.com/r/UKPersonalFinance/comments/1cih3kd/been_scammed_over_18000_through_my_chase_account/2/3
-
Terence Eden (edent@mastodon.social)'s status on Friday, 03-May-2024 18:52:50 JST Terence Eden You receive a call on your phone.
The caller says they're from your bank and they're calling about a suspected fraud."Oh yeah," you think. Obvious scam, right?
The caller says "I'll send you an in-app notification to prove I'm calling from your bank."
Your phone buzzes. You tap the notification This is what you see.
Still think it is a scam?
1/3 -
Terence Eden (edent@mastodon.social)'s status on Tuesday, 26-Mar-2024 23:31:08 JST Terence Eden Wondering what the world would look like if we implemented "Universal Basic Website".
Entitle everyone to their own domain, a few GB of space, the ability to run simple apps / blogs / etc.
What does the world look like if people aren't beholden to Flickr / Facebook / Google Photos to share their family albums?
-
Terence Eden (edent@mastodon.social)'s status on Friday, 08-Mar-2024 01:32:08 JST Terence Eden @erincandescent @evan @Gargron
I'm sorry if I'm being thick (and feel free to tell me) - but...
I get a signature with a keyID of `evil.com/evil#sig`
I get the public key from evil.com
I verify the time, digest, and signature all match.
The body of the message says actor example.com/edent Creates...
When / how do I then check that edent's public key is the same as the one in the keyID?
-
Terence Eden (edent@mastodon.social)'s status on Friday, 08-Mar-2024 01:19:09 JST Terence Eden @Gargron @evan
I see. So both need to be verified?Or, to put it another way, the location of the key should be taken from the actor, not the signature header?
-
Terence Eden (edent@mastodon.social)'s status on Friday, 08-Mar-2024 01:15:35 JST Terence Eden Another #ActivityPub question about verifying signatures.
A header contains:
`keyID="example.com/user/1#main-key`But the body of the message might have:
"actor": "example.com/user/2"How do I check that that message has been signed by the actor in the body?
The URls might not be in the same format. So I guess back to webfinger to request the key from the actor - ignoring the one provided in the header?
-
Terence Eden (edent@mastodon.social)'s status on Friday, 08-Mar-2024 01:15:35 JST Terence Eden 🆕 blog! “A simple(ish) guide to verifying HTTP Message Signatures in PHP”
Mastodon makes heavy use of HTTP Message Signatures. They're a newish almost-standard which allows a server to verify that a request made to it came from the person who sent it. This is a quick example to show how to verify these signatures using P…
👀 Read more: https://shkspr.mobi/blog/2024/02/a-simpleish-guide-to-verifying-http-message-signatures-in-php/
⸻
#ActivityPub #cryptography #http #mastodon #security -
Terence Eden (edent@mastodon.social)'s status on Friday, 08-Mar-2024 01:15:32 JST Terence Eden @evan but how do I test that?
If the keyID is "example.com/keys/123456" that might lead to a fake page which claims to be from the user in the body.
(Feel free to tell me I've overthinking this.)
In conversation from mastodon.social permalink -
Terence Eden (edent@mastodon.social)'s status on Wednesday, 06-Mar-2024 21:23:07 JST Terence Eden @Gargron Yet another thing for me to try and fix if I ever get any spare time!
In conversation from mastodon.social permalink -
Terence Eden (edent@mastodon.social)'s status on Wednesday, 06-Mar-2024 21:04:55 JST Terence Eden Nerdy #ActivityPub and #oEmbed question.
Why can't I send an "Accept: application/json+oembed" request to a URl to receive the oEmbed version?
Instead, I have to request the full page, look for the <link>, parse that, then request the oEmbed.
Seems inefficient - but am I missing something?
In conversation from mastodon.social permalink -
Terence Eden (edent@mastodon.social)'s status on Tuesday, 27-Feb-2024 04:01:11 JST Terence Eden @Gargron oh yeah. And every time they say sorry and pay it a few days later.
I don't need the hassle, so will drop them as a client. Life's too short to work with people who aren't professional.In conversation from mastodon.social permalink -
Terence Eden (edent@mastodon.social)'s status on Tuesday, 27-Feb-2024 03:56:58 JST Terence Eden @Gargron once is a mistake, twice is a coincidence, three times is <del>enemy action</del> incompetence.
In conversation from mastodon.social permalink -
Terence Eden (edent@mastodon.social)'s status on Tuesday, 27-Feb-2024 03:54:33 JST Terence Eden @Gargron Printed very plainly on the invoice. And on the emails. And the contract!
In conversation from mastodon.social permalink -
Terence Eden (edent@mastodon.social)'s status on Tuesday, 27-Feb-2024 03:53:52 JST Terence Eden 🥰 I have a client who pays me on time *every* month.
😡 And every single month I have to remind them to pay the VAT.
I suspect I will not keep them as a client for much longer.
In conversation from mastodon.social permalink -
Terence Eden (edent@mastodon.social)'s status on Sunday, 04-Feb-2024 19:24:29 JST Terence Eden Has anyone here used a #Matter smart plug to detect when an electrical appliance has *finished* doing something?
For example, I want to plug in my rice cooker and get an alert on my phone when its electrical use drops to zero.
Ideally using something like #HomeAssistant - but I'm not fussed.
(Looking for people with direct & personal experience; I know how to use Google. Also, not looking for your criticisms of #IoT.)
In conversation from mastodon.social permalink -
Terence Eden (edent@mastodon.social)'s status on Friday, 02-Feb-2024 06:33:02 JST Terence Eden @silverpill thanks - I think I've fixed that now.
In conversation from mastodon.social permalink