Notices by silverpill (silverpill@mitra.social), page 57

@importantimport Good. I'll add Hatsu to the list of implementations in FEP-67ff

@japananon @alex Oh yes it was added in 2.8.0 after Alex announced ⚡

https://gleasonator.com/objects/adbad909-9c64-4448-bb28-1361cf9ab9c0

@iwojima It removes all data associated with the user. Posts, likes, follows - everything. If the user is local, it should also send a Delete activity to his followers and follows

@rafael_xmr @monero Support for portable objects can be added to existing Fediverse applications, the idea is relatively simple. However, implementing it might still require significant effort because of the fundamental shift from "one account -> one server" to "one account -> multiple servers". I've started to work on this in Mitra, but we're still several months away (at the very least) from anything usable.

Once this idea is proven to work, I expect rational developers to adopt it, because the benefits of data portability seem to vastly outweigh its downsides.

@alex

>sending a lightning emoji through ActivityPub

How this would look like in practice? EmojiReact activity?

@mikedev

>So we provide the entire activity as the object of the Add activity, signed with identity proofs, just as we used to do with LD-signatures

Do you mean integrity proofs (as in FEP-8b32)? Identity proofs (as in FEP-c390) serve a different purpose, and while they can be added to activities too, I don't understand how the recipient can use them to verify the object of Add activity.

@mikedev How FEP-c390 is used?

@rimu

>"updated": "Fri, 02 Feb 2024 04:54:00 GMT"

Shouldn't this date be in a different format?

https://www.w3.org/TR/activitystreams-vocabulary/#dfn-updated

@dave I stumbled upon another federation issue between Mitra and Podcast Index bridge.

There was a parsing error when I tried to load https://ap.podcastindex.org/episodes?id=6562175&statusid=f904fa9b-99d2-4b86-bee6-e0b29f1a734b&resource=post
After some digging I discovered that published field has wrong format: February 01, 2024 9:49pm. The correct format seems to be RFC 3339:

https://www.w3.org/TR/activitystreams-vocabulary/#dfn-published
https://www.w3.org/TR/xmlschema11-2/#dateTime

@frogzone @nimda @aura
Ethereum wallet login doesn't require a blockchain node, only a browser extension. But I'm not a fan of it either anymore, and in Mitra versions 2.0 and newer it is disabled by default. Ethereum payment processor is not used by anyone (and also disabled by default).

You can see the list of instances here: https://mitra.fediverse.observer/list
I haven't seen any canadian ones, but IIRC @parker once said that he might be interested in trying Mitra

@Edent The collection looks correct. But the actor object still doesn't have an outbox property: https://location.edent.tel/edent_location

@suwako ^^

https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

>Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account.

A similar vulnerability was discovered and closed in Mitra. As far as I know, takeover is not possible here, only impersonation, but still it can be quite bad. Update to v2.8.0 if you haven't already

Other Fediverse software might also be affected

@iwojima I'm not really sure if this reasoning applies to ActivityPub world where peers are discovered automatically.

When Mitra encounters a new actor, its home server is added to the "instance" database table. If you don't want that, you can switch to allowlist federation.

Client API endpoints that require authorization are protected with OAuth

@arcanicanis @wjmaggos @amerika @EmoIsDeadAndSoAmI

>I’ve had connections to friends severed, where I can’t follow them anymore, because of their admin copy/pasting blocklists

If you have a spare domain name you may try https://codeberg.org/silverpill/activity-connect

..as a temporary workaround

@Edent @mikedev The orderedItems array of this collection contains Note objects, but it should contain activities (Create-Note activities perhaps?).

See here: https://www.w3.org/TR/activitypub/#outbox

>The outbox stream contains activities the user has published, subject to the ability of the requestor to retrieve the activity ...

The endpoint could actually return 404, or an empty collection. As far as I know it is not mandatory, only outbox actor property is.

@Edent This actor doesn't have the outbox property, which is required by ActivityPub standard

https://www.w3.org/TR/activitypub/#actor-objects

@monero @rafael_xmr I know how Nostr works, I just don't think it is better. However, if it still be around in a year or two, I might consider using Nostr relays for storing AP data. Why not, if this infrastructure already exists

@rafael_xmr @monero With AP you can have multiple admins too. Server-bound accounts is not an inherent limitation of a protocol, it just happened that popular servers like Mastodon and Lemmy are designed this way.

If you're interested in technical details, here's what I'm working on: https://codeberg.org/fediverse/fep/src/branch/main/fep/ef61/fep-ef61.md

#Mitra v2.8.0

https://codeberg.org/silverpill/mitra/releases/tag/v2.8.0
https://codeberg.org/silverpill/mitra-web/releases/tag/v2.8.0

Various bugfixes and minor improvements.