Did you know: when you verify the signature on a digest, you should probably verify that the presented content (that the digest is supposedly of) actually hashes to the same value as the signed digest?
I’m just increasingly disgusted that it seems like the majority of developers are just collectively drugged, high, intoxicated, or some combination thereof, because I don’t understand how I keep stumbling into these things when I’m not even trying to pentest anything. Worse is that this is in a library that people are just blindly importing and trusting.
Why do we have both context (not to be confused with @context) and conversation? Is that another Mastodonism or Pleromaism? context is defined in the ActivityStreams vocabulary specification, while conversation is not. In production implementations, they seem to just reference the same value.
It would have been nice to just have either of those resolve to a Collection of some sort, such as containing all the objects within that context, and instead of needing another property (replies) to be a little less redundant.
There is an alternate proposal I have where you just wrap a DID-based variant inside of a standard AP object, using the parent object as an envelope, thus being able to support both as a transitory thing. It just makes it a bit more bloated/jank in appearance.
Either way, I think there needs to be more people involved in the discussion, especially if there’s better ideas.
I’ll throw a little fuel to the fire here: half this conversation is just invisible entirely to a reasonable portion of my followers, or even a significant amount of the fedi in general, because of fediblock antics.
I recently even uncovered a very critical vulnerability in Mastodon a couple days ago, tried reporting it via email, didn’t have any response at least for at least 2 days, and would like to ping the respective developers on mastodon.social, but I can’t: because mastodon.social just abruptly blocked my server entirely some many months ago, without any report or warning, and I legitimately don’t know what it was over. (Sidenote: the report did finally get acknowledged and a patch is scheduled)
And this is ironic because I’m not a very outspoken in-your-face debater, and rarely do I ever bring up partisan subjects. Because of fediblock, most people on this instance just dropped fedi entirely, or jumped to another server (and some even continue to keep server-hopping, just to inch around it). There’s one follower I believe that has jumped 5 servers now.
The only post of mine that’s any semblance of controversial, despite trying to carefully address the subject with kid gloves and not leave room for any allusions is: https://were.social/notice/ATLhhFil4BF8VHsHNg
The emphasis of the post is more on the subject of mental health, and the nature of information when dealing with someone in-person versus as a spectator online, and just by nature of it being about a trans person of something depicted in anything less than stellar, that it’s deemed “transphobic”. If that’s the thing to get a whole server banned (including by mastodon.social), then I don’t even know what degree of discourse can even be had. I don’t know what level of debate is even remotely possible anymore at this point, if people can’t handle sensitive subjects as these.
It’s so grating how the lesson of #fediblock and such still hasn’t been learned/intuited by a majority of furry fandom yet. Everyone’s so quick to jump on the soapbox and complain about ineffectiveness of applying broad-sweeping blocklists when they’re negatively impacted by it, and try to speak in a noble manner of morals and principles. Yet, typically in barely a few posts/days later, are still defending much of it as a necessity to ‘solve the Nazi problem’, when it does absolutely nothing of the sort. Blocking “Nazis” (whereas that term is used in such a broad spectrum from: actual non-sockpuppet neo-Nazis, to ‘people I disagree with’, that it makes it meaningless) does not make them disappear, it’s no more than the logic of a child hiding under their bedsheets hoping for the imagined monster to go away.
If you look back into history of the fediverse, even back before ActivityPub became a thing (back in OStatus days): it’s a pattern where a lot of the heavily blocked instances ended up continuing to live on, while the over-moderated instances killed themselves off by crippling their user’s ability to intercommunicate per overprotective moderation. In fact, in the present day it’s where a lot of the ‘most active’ fediverse instances are the most blocked, and yet fediblock puts very little of any dent in it. You know what happens when you list an instance in a fediblock list? You irrevocably start to put them in the “banned” side of the fediverse, the space where people don’t have to walk on eggshells nor try to soften their words to appease the sensitivities of the more overmoderated instances.
On the “banned” side, there’s no point to try to cater to the fediblock crowd anymore, because that’s already been irrevocably severed. If you’re listed once, it’s just blindly recirculated to other lists, and never resolvable. So instead of “keeping the Nazis out”, whereas the practices of fediblock–you’re actually pushing more people to ‘that side’ of the internet, and causing the opposite of whatever ‘social justice’ endeavor you’re on. I’ve actually made far more genuine and authentic friends from fedi than I have from Discord and Telegram by far, majority of friends which are on the ‘banned’ side, versus being around the people that’ll ditch out from you at the moment of getting any ‘cancel culture’ labeling.
I almost feel bad for these people that wrap themselves so deep into such fleeting, fickle online associations (usually also chasing after parasocial relationships too). Always so quick to startle, offend, or whatever. The ever-moving ‘chase’ of jumping from Twitter, to fedi, to Bluesky just to ‘not literally be in a Nazi bar’, like some neverending Scooby-Doo monster chase scene. What is so staggering and harmful in witnessing word choices you disagree with? You can just shrug it off, ignore, and move about your day. It’s no surprise that anxiety disorders are so profoundly ubiquitous in the present, if people can’t de-condition themselves from going panic mode in stumbling across something they weren’t expecting. But yet people believe it’s a responsibility to hide any level of provoking content, as if it’s “protecting” them, instead of realizing it grows their phobias.
A fediverse server is not a private Discord guild, it is not a Telegram group, it’s to be handled as internet infrastructure like an email server, a backbone router, etc–you don’t interfere with legitimate traffic just because you disagree with differing viewpoints or lexicon, otherwise you greatly reduce the effectiveness of the network and just push people back to centralized services. If you want a moderated community then start a centralized forum, a chat server, or any other variety of closed-space communities.
If you routinely have problems being a center of negative attention, then: stop virtue signaling, stop acting as ‘internet tough guy’, stop doing ‘callout’ posts to provoke drama, stop openly virtuing every block you make, stop trying to make anything mundane to be political, and you will start to be virtually invisible to these people. This isn’t even just exclusive to posting online, some of it applies to in-person interaction as well. Generally only the miserable prefer to be around the miserable, and usually it’s the most miserable people that exhibit most of the aforementioned behaviors. Stop trying to act as some different personality online, and instead talk how you genuinely would in-person.
Self-reflect. Sometimes you may have character flaws that you can improve on; don’t fall into the bait of “feel good” content, or the narcissistic “you’re absolutely perfect the way you are, don’t change a thing”, else you stunt yourself from self-improvement.
further, just because of not blocking servers at the request of people that aren’t even users of this instance, and for engaging in discussions on “problematic” servers, that I tally up 80 publicly published server rejects: https://fba.ryona.agency/?domain=were.social
I have no account on KF, I never use KF, but just because I’ve replied to stuff on kiwifarms.cc (their fedi instance, which doesn’t even exist anymore; and not the forum that everyone keeps trying to shut down), that anyone on this server is now just globally a ‘bad person’ and ‘usual scum’ and written off entirely.
Note that this list is only the public ones even. I’ve had connections to friends severed, where I can’t follow them anymore, because of their admin copy/pasting blocklists or just assuming I’m some insidious person just because of how broad of the types of people I’ll engage in conversation with.
Hell, there’s also blocks just for the software used, because people have a brick up their butt over @alex, and many people cannot separate software from it’s developer, regardless of a software not being used to shove some political belief/ideology.
There’s other instances that popped up, that I wanted to connect with more, but again: just because they used something that’s not Mastodon, such as: Misskey, Pleroma/Rebased (and/or Soapbox as a frontend) they started to face the absurdity of fediblock and just gave up. One of them was packetloss.social and that just disappeared entirely.
And then just legitimately register any freaking iOS device of any rando on your developer account (don’t even need your account on the device at all), and that’s all Apple cares about. You don’t even need to actually test the app on any iOS device first, just have a device listed on the account. There’s so much that’s so patently ridiculous of policy/procedure of publishing anything to any Apple platform.
Nonetheless, this is +7 year old advice, as I don’t know how much it’s changed since then (other than not requiring $100/year anymore for the ‘privilege’ of developing for iOS).
“Enshittification” aka “I’m a moron that took the ‘always free’ bait of a VC startup, and act surprised every time when a service has to stop being a firepit of money, after startup funding runs out, and tries to squeeze money out of users that were expecting a perpetually free service; and instead of learning anything, I use a word to characterize platforms as being on an agenda of wanting to cripple/alienate users, and deflect responsibility for falling for the bait every time”
The most probable ‘worst case’ scenario is mainly: it turning into the same situation as mailservers. As the big brand instances enter the fediverse, the advertisement industry is going to go “hey, it’s all free real estate [for telemarketing]!”
We’ll end up with a fedi SORBS service that instances will periodically check reputation against for any ingressing federated activity. But we’re in a doomed time for anything like that to start anew, because I doubt most people can’t resist injecting their political beliefs in who’s considered a spammer or not, thus lacking neutrality.
In a semi-related example: even over in WordPress (but nothing design-specific to WordPress), people intentionally abuse the pingback functionality to promote their bullshit service/website/whatever, just as a means of “marketing!” Pingbacks were merely to be a social mechanism of “hey, someone mentioned your post on this website over here!”, but as with anything, just abused for marketing!
If there’s little-to-no cost to spam, then sociopaths are only going to spam to the extreme.
The only thing that would dissuade brands from touching it is: troves of completely uncontrolled illicit, deranged content that they don’t want to be in proximity of. YouTube content used to be a wild west, but then much heavier content moderation happened, then Content ID happened, then the brands and media outlets felt “comfortable enough” to move onto YouTube as their new home in place of cable media.
Alternatively, the only exit strategy is just burrowing deeper into the internet. I doubt telemarketers are going to follow people onto Tor and I2P.
There’s like hardly ever any hobbyist advancement of high-bandwidth data communication in the field of amateur radio equipment. A lot of it’s Disgustingly Proprietary(TM) protocols/software arbitrarily made up by each manufacturer usually going in their own opposite direction, and I think the most I’ve heard of (outside of people modding consumer equipment to operate in ham bands, such as with WRT54GLs long ago) is probably no more than 9600 baud for 2m/440 bands.
D-STAR is marketed as up to 128kbps, but that seems exclusive to just 1.2GHz (‘DD mode’?) band and likely point-to-point with yagis, while 3480 baud is the marketed D-STAR max data bitrate for a Kenwood TH-D74A (~$600, and no longer for sale?).
For perspective of transfer speed, I have an attached JPG of the mentioned radio (29,188 bytes, or 233,504 bits), as well as a smaller AVIF encode at 50% quality (13,560 bytes, or 108,480 bits).
At 3480 baud (bits/sec), that’s half a minute to send the AVIF image (108480/3480=31.17 seconds), or over a minute (233504/3480=67 seconds) for the original JPG.
Digital in amateur radio is pretty much just “buy this Kenwood product, buy this Icom product, buy this Motorola product”. I don’t think I’ve ever heard of folks actually building their own hardware in the past decade to do any high-bandwidth data, it’s all just lazy consumerism.
The sole utility it’s ever going to have is strictly text communication, but at least 3480 baud is a great luxury over acoustic coupling with fldigi (where we’re talking rates like 20 baud for MT63).
Yes, not saying that broad data warehousing “can’t” be done, but the question of the relevance of it. Individualized minutes watched, at a specific time, [general] location, device screen orientation, etc and so on isn’t going to make that much of a difference to warehouse perpetually (or perhaps later summarize, but not the case in this situation) of something over 4 months ago when payouts have already been tabulated.
I can understand the scope for some degree of application telemetry for feedback, but the resolution of it and expansive timeframe of it feels like nothing more than apparatus to collect and sell data in a surveillance state.
And all of it bloats the operational expenses of a platform, unless it solely is propped up for the intent of data wholesale or ‘information sharing programs’, or just typical absurd VC startup spending.
Yes, although I'd assume some of that to be summarized data, rather than a separate record for each individual minute, and for context, the columns of just this one dataset are:
I just do it for amusement, I did it when I closed my Facebook account like 6+ years ago, whereas it included things like: anything deleted, any like/dislike, friend/unfriend, any RSVP action on any event and any check-in, facial recognition data, etc.
Just recently deleted my Twitch account, while doing an export beforehand and: Twitch is pretty much an advertising company marketed as a streaming site. Pretty much every action is recorded, and with a [datetime, IP address, GeoIP, ASN] tuple on nearly single action, even logging things like EACH INDIVIDUAL MINUTE WATCHED of a VOD or stream, etc. Every pageview, and referrer URL, down to looking between the profile page, schedule page, and such of an account, etc.
I’d point more to it relying on MDB2 for all the database interactions, whereas MDB2 doesn’t work in recent versions of PHP which broke some things of reverse-compatibility (supposedly in the sake of better performance?), and that library hasn’t been updated for beyond a decade: https://pear.php.net/package/MDB2
It’s that it may entail reworking anything DB-related to move off of MDB2, which could be the whole project, or else fixing MDB2 to run in ‘modern’ PHP. I assume everyone would rather just write something entirely new, but pretty much any of the efforts miss the point, such as not doing: easy moddability via plugins, being able to run on constrained hosting environments, being able to just extract an archive and use a web installer versus expecting everyone to be a Linux neckbeard to use build tools, etc.
Only if the switch is configured to accept tagged packets of that VLAN ID on that specific port, otherwise it gets dropped.
Nonetheless, I'm really really curious if there's anyone in recent years bothering to pentest network switch firmware, because I wouldn't be surprised if it was a total blindspot, as many things are.
There’s the promise that Bluesky will federate eventually, and there hasn’t been much indication of anything beyond whitelist-only federation that I’ve come across yet. Also they were boasting about having an ‘open protocol’ but yet there were significant disparities between their specification and what they had in production (even in a variety of light variations or typos of attribute names, etc).
Are you sure you’re not mistaking the DNS aliases as federation? Because that’s like no different than someone thinking they “run a server” because they created a Discord guild (per the Discord’s misleading marketing).
There’s also plenty of excuses and possibly ‘misinfo’ in their side as well regarding ActivityPub, of just making an excuse for making a whole separate protocol, where they initially hold federation exclusively to themselves for a period, so that they’ll always have a stronghold grasp on ‘their’ ATProto network (by user count and site age), and where development and direction on that network will be entirely dependent on whether the flagship instance bothers to ever support any third-party extensions to the protocol. It’s just as “decentralized” as the LBRY network of Odysee.
Also, when you devise a protocol, you don’t just have one group make it, then it’s on everyone else to adopt it; you have two or more separate groups make their own implementations of it, to test if the standard is even sane, rather than just figure out and test interoperability later. It’s generally a prerequisite to most standards bodies for a reason.
In regards of their remarks on ActivityPub: it’s operationally a meritocratic living standard; it’s not about what’s solely enshrined by the W3C nor how only one software (Mastodon) implements it, as their FAQ seems to imply their outlook on it. Also, majority of implementations just end up implementing it as plain JSON rather than full true JSON-LD support. There’s also no standard nor FEP that mandates double-at representation, that’s primarily a Mastodonism (more on the aspect of mandatory WebFinger resolution).
Also the remark that identity and data portability as not being retrofittable to ActivityPub, yet there’s discussions and efforts with proposed FEPs to establish exactly that. I reasonably believe we’ll have ID/data portability in some ActivityPub implementations before the day that Bluesky is full open federation, built on much more matured codebases. Much of the complaints of ActivityPub are being resolved as a larger meritocratic group effort (by proving it with code and implementation), but users evidently want to throw out entirely everything, just to gravitate to the newest shiny Venture Capital funded start-up, learning absolutely nothing from ditching out from Twitter.
That reads a lot like the “Crypto/Web3 is going great” channels that are always circlejerking on sometimes incorrect information, just to have something to mock and reaffirm biases.
Software can’t fix people, software can’t fix emotionally unstable admins, trying to consolidate everyone on one service (not implying that Bluesky is ‘forever a silo’ or anything) isn’t a solution either. The social problems that inhibit federated protocols and networks aren’t the problem, it’s the decay of moral standards and decorum that is the greater issue, because without that addressed you can’t have reliable federated networks. Even the internet itself is increasingly fracturing and becoming unreliable over social/political antics in recent years, like people pulling stunts on the continental internet backbone level, because they don’t like people being able to access content on a particular website. If you have protocol-level suggestions, I’d be glad to hear of ideas.
You can’t have a mega-platform while also doing simultaneously doing gatekeeping to keep only “our guys” on it, just as especially of people ditching out from fedi just to escape “the Nazis”, when they’re only going to keep platform hopping on the next trigger they find.
There’s been a handful of dissertations I’ve seen from others attesting to being some authority figure on the subject (regarding ActivityPub), that I strongly disagree with on the technical remarks of, that I want to get around to writing a response to at some point on a personal website.
As for things that are being actively worked on and developed:
Seeing all the responses to a post, versus the present ‘split-brain’ post discoverability: there’s an architectural reason that even if you have the server of the parent post track all the responses, that you couldn’t just have a remote server pull all the responses. Because even if the parent server lists all the known responses to a post (local and remote), that there’s no proof of authenticity for remote posts, thus every single remote reply would have to be re-queried. Think of hellthreads, and a sudden flood of +500 queries from just one server querying a thread, that’s obviously a bad idea.
Thus, the solution to that is establishing a framework of ActivityPub object signing, of portable inline object signatures. Whereas: as long as the querying server has a cached copy of the actors in the thread, it can verify the authenticity of their posts mentioned in a ‘replies’ list on a discussion on another server, without having to directly query every single reply post from it’s respective originating server, as long as the whole object is in the ‘replies’ collection (not just the object IDs). There’s already extensions being experimented upon for object signing: https://codeberg.org/fediverse/fep/src/branch/main/fep/8b32/fep-8b32.md
Then with object signing, as well as further extensions to cryptographically sign actors, and authenticating a key to represent an identity (e.g. FEP-c390), you can start to build an framework for portable objects and identities, such as recent proposed experiments of: https://codeberg.org/silverpill/feps/src/branch/main/ef61/fep-ef61.md
It’s a patient process of formulating ideas and solutions to make something that works, rather than just dumping it all of it as a lost cause, and swapping over to some replacement that most people don’t even know the deep implementation technicals of yet (opposite of the notion “better the devil you know, than the devil you don’t”, or perhaps instead directly “the grass is always greener on the other side”). Some of it takes work and effort, but it’s absurd to just drop everything once the shortcomings are apparent: if there are shortcomings, you FIX them, you don’t just shrug it off and shuffle over to the next marketed gimmick.