As a first step towards adding Object Integrity Proofs (FEP-8b32) to #Fedify, I've made it support #Ed25519 keys. I've also enabled multiple keys to be associated with an actor. For example, if you look at the actor from the Fedify Example Blog (https://fedify-blog.deno.dev/users/fedify-example), you'll see that it has two public keys, one for RSA and one for Ed25519.
You can try it out in version 0.10.0-dev.190+4dffb89a.
Actors now have the #assertionMethods property, and the #Multikey class has been added. For example, if you look at the the actor from the Fedify Example Blog (https://fedify-blog.deno.dev/users/fedify-example), you can see that it has the assertionMethods property in addition to the publicKey property.
You can try it out in version 0.10.0-dev.196+55cc34d1.
Thanks to @silverpill, #Fedify is finally FEP-8b32 compliant! Though it's not ready for general release yet, it's passing tests in the latest main branch. I'll test it with Mitra and other FEP-8b32-compliant implementations, and if it works well, it'll be included in 0.10.0.
You can try it out in version 0.10.0-dev.205+0cbca257.
Funny how this lovely article by @johnallsopp is practically like I asked an actually competent GenAI ‘please write a “state of the web” article from the POV of the Weird project’.
Will definitely refer to this in our future writings! 🫶
Windows Recall doesn't just screenshot things, it OCR's the shots, and then stores the OCR as plaintext in a local SQLlite database.
I mean what the FUCK??!
I've said it before and I'll say, again, & again, & again, that jamming "AI" into everything without considering the privacy and security implications is a) going to cause a major breach of at least two US laws, and b) just a really silly and terrible idea which is going to put a lot of people in danger, and this "recall" shit is among the worst of it i've seen.
Windows 11 has just become a complete capture system disguised as an OS. Every keystroke, work session, video call, and downtime window, logged, correlated, and extrapolated. And they're trying to sell it to you as being a SERVICE.
So let me be as clear as possible about this: Fuck That, Forever.
I'm confused about a particular aspect of Inbox Forwarding as detailed in the ActivityPub spec:
... the server needs to forward these to recipients that the origin was unable to deliver them to. To do this, the server MUST target and deliver to the values of to, cc, and/or audience...
... The server MUST only target the values of to, cc, and/or audienceon the original object being forwarded, and not pick up any new addressees whilst recursing through the linked objects (in case these addressees were purposefully amended by or via the client).
Emphasis mine.
My reading suggests that only the values of to, cc, and audience on the referenced object should be used, and not those values on the activity itself.
But doing so would preclude the use of Inbox Forwarding in scenarios where the Activity wrapper contains additional addressees that the underlying object does not have.
e.g. A Note by A contains a single addressee: as:Public. It is then Announced by B and C. Later, A updates the Note, and their server sends out Update(Note) with the following addressees: as:Public, B, B/followers, C, C/followers, but the object referenced still contains a single addressee: as:Public.
In that case, when received by B and C, should they forward the activity to their followers?
julian: If the activity is the thing being forwarded, then an additional complication could arise in that I cannot simply re-sign the activity, as my instance key does not belong to the originating actor. this is indeed an issue that arises due to the following: ActivityPub does not specify any authentication/verification mechanism HTTP Signatures, which the current fediverse uses, are not replayable or relayable. If you're concluding that this makes inbox forwarding impossible with HTTP Signatures, then congratulations, you understand why LD Signatures ended up being used for this (and why FEP-8b32 proposes using Data Integrity Proofs at the LD level as well). It's either that, or find a way to replay entire HTTP messages (so that the HTTP Signature can be validated against the original HTTP interaction). Or otherwise rethink the fundamentals of the fediverse's entire security model.
@julian @trwnh
Mbin handles inbox forwarding like this: if the signature does not match, but the url in the id field is from the same domain as a receiver in the to , cc or audience field, we consider it a forwarded message and fetch the original activity from the url in the id field
Currently working on an important first update to Tusks that will address many of the early pain points/limitations. Should be submitted for App Store review no later than tomorrow night.
Trying something new by creating '#gameassets' for content creators on video platforms. These will all be animated, 4K and CC0 (public domain) licensed. Will come in a variety of themes including gamedev, programming, pixel art and game engine specific ones!
@Radgryd Still working on them! This pack is a bit more difficult for me as I have to do research on what's industry standard, in an industry I don't particularly work in hah
@kenney Ooh, I'm so excited for them because I LOVE your style! I just thought I'd missed them or they were on your Patreon or something. Please shout when they're ready because I'm gonna pick them up wherever they are! :pika_sunglasses:
Kitsune Tails is coming August 1st, 2024 to Steam and itch!
If you wanna be notified when Kitsune Tails (think gay furry weeb mario with fox girls) comes out, boost this post! I'll edit it when the game releases, and you should receive a notification!
Alexandria Ocasio-Cortez (D-NY) continues to be the member of Congress who best demonstrates the qualities of leadership so badly needed by her party. She will not succeed in impeaching these Supreme Court justices, but she will shine a light on their corruption and lay down a marker for voters.
> Yet the whole thing was simply painful to watch, mostly because it was useless on any practical level. This much ballyhooed confrontation between two political foes for the most important office in the world turned out to be featherlight on substance, policy, interest, intellect, imagination, vision, energy, ideas, humor and hope. It was heavy on one thing (besides cringe), though: ego.