mikoto, to random
@mikoto@akko.wtf avatar

“Your API Shouldn’t Redirect HTTP to HTTPS” https://jviide.iki.fi/http-redirects

Don’t think there’s many fedi clients that connect over plain http and follow redirects, but it might be worth looking at fixing at the reverse proxy (e.g. nginx) level

lanodan,
@lanodan@queer.hacktivis.me avatar

@mikoto @tk Reminds me that even WebFinger is restricted to HTTPS ( https://tools.ietf.org/html/rfc7033#section-9.1 ) and ActivityPub makes it a "should" ( https://www.w3.org/TR/activitypub/#obj-id ) so production fediverse servers ought to work with only https.

sinensetin, to random German
@sinensetin@openbiblio.social avatar

Und es geht doch!

E13 unbefristet mit Bachelor oder gleichwertigen Fähigkeiten (jeweils mit 3 Jahren Erfahrung).

Softwarearchitekt*in für Bibliotheksmanagementsysteme

In der schönsten Stadt der Welt: https://blog.sub.uni-hamburg.de/?p=37800

naturzukunft, to fediverse German
@naturzukunft@mastodon.social avatar

I've been racking my brains for weeks or even months about object versioning in .

https://www.w3.org/TR/activitypub/#obj-id:

  • MUST have unique global identifiers

Every object has an object identifier and I assume that the majority of developers assume that an update to an object returns the same object identifier as the location and that the properties of this object have changed as a result of the update.

However, the update changes an object and it should also receive a new id!

devnull, to fediverse
@devnull@crag.social avatar

I'm noticing that Activities contain an id, but I am not certain whether it is a requirement. The AS spec notes that all objects MUST have an id provided, but I'm not 100% sure about activities...

mariusor,
@mariusor@metalhead.club avatar

@devnull there can be "transient" objects according to the specification[1], but personally I don't see why short lived objects/activities wouldn't benefit from having IDs.

I think activities could be imagined as transient but they would leave no traces in anyone's outboxes/inboxes. The only sign they were effected would be their side-effects ? But I have no mental model for this at the moment. :D

[1] https://www.w3.org/TR/activitypub/#obj-id

naturzukunft, to fediverse
@naturzukunft@mastodon.social avatar

@evan i'm getting crazy with that blank node stuff ;-)
if you have an actor like that:
{
"@context": ["https://www.w3.org/ns/activitystreams"],
"type": "Person",
"id": "https://example.com/1",
"inbox": "https://example.com/1/inbox.json",
"outbox": "https://example.com/1/feed.json",
"endpoints": {
"oauthAuthorizationEndpoint": "https://example.com/oauth/auth",
"oauthTokenEndpoint": "https://example.com/oauth/token"
},
"name": "John"
}

naturzukunft,
@naturzukunft@mastodon.social avatar

@evan @context
aaaahr, I let myself get confused.
If an object has properties in an object without an id, then these are transient according to the specification:

...unless they are intentionally transient.

In the case of the actor, this would mean that oauthAuthorizationEndpoint is transient. which is wrong

In the end, however, this means that https://www.w3.org/ns/activitystreams#endpoints must have an ID and must not be behind a blank node.

https://www.w3.org/TR/activitypub/#obj-id

dougbinks, to godot
@dougbinks@mastodon.gamedev.place avatar

Avoyd 0.19.0 Full and Demo are out.

https://www.enkisoftware.com/products

New in the Voxel Editor:

  • Export to Mesh with Blender-compatible OBJ PBR materials in textures
  • Export to Godot and Unreal 5 via Blender
  • Improved import material palettes from images and heightmaps and export palette to .vox
  • Import and repair some MagicaVoxel .vox files
  • Fixed .vox import offset in flipped models, and in rare cases missing or extra voxels

jupiter_rowland, to random

Maybe someone can send @Ryan Barrett some data on #Zot to add that to the comparison.

https://fed.brid.gy/r/https://snarfed.org/Ryan Barrett wrote the following post Tue, 05 Sep 2023 10:28:02 +0200

Threw together a comparison of the four decentralized social protocols I know best: IndieWeb, ActivityPub, ATProto, Nostr. Obviously oversimplified, hopefully still useful! Preview below, click through for full table with links.

I tried to focus on how these protocols are currently deployed and used in the real world. For example, identity in ActivityPub is technically URL-based, but in practice the fediverse uses WebFinger https://datatracker.ietf.org/doc/html/rfc7565#section-4 more or less universally, so the table reflects that.

Feedback is welcome!
https://fed.brid.gy/docs#compare

lispi314, to fediverse
@lispi314@mastodon.top avatar

Reading some of @aral's articles, this one in particular is quite interesting to me as it brings back an issue I've ranted about a few times: https://ar.al/2022/11/09/is-the-fediverse-about-to-get-fryed-or-why-every-toot-is-also-a-potential-denial-of-service-attack/

I've semi-frequently mentioned that admin piss fights are a problem because is instance-centric, not , and doesn't propagate messages via (https://en.wikipedia.org/wiki/Gossip_protocol).

As it turns out, this is a second issue that gossip message spreading would greatly mitigate if not solve.

silverpill,
@silverpill@mitra.social avatar

@lispi314 ActivityPub is not strictly-instance centric. Only the present-day Fediverse is.

Here's what the spec says about object IDs:

>Publicly dereferencable URIs, such as HTTPS URIs, with their authority belonging to that of their originating server. (Publicly facing content SHOULD use HTTPS URIs).

-- SHOULD use HTTPS URIs, but not MUST

This means one could design a protocol where IDs are not location-based and it might still be technically called ActivityPub. Some Fediverse servers may even support this protocol with little effort.

density, to kbinMeta in universal IDs for threadiverse items (re kbin-core #635)
density avatar

It's true! I actually took a wee peek into the ActivityPub standard earlier and saw that the ID thing is already there like you say. Which I guess is the URLs as posted above?

So that part is done & dusted I guess. :) The part that would remain now would be to make a convention to transform markdown. Markdown is already being transformed.

Does the threadiverse need to maintain perfect compatibility with the rest of the activity pub fediverse? For me, just kbin and lemmy being roughly on the same page would be great. But maybe my viewpoint is too narrow and self centred.

mauve, to mastodon
@mauve@mastodon.mauve.moe avatar

Dang, looks like doesn't handle relative URIs when parsing / data.

For example I can't set the id of a post to be a relative URL since it loads it as raw JSON.

https://github.com/mastodon/mastodon/blob/main/app/services/activitypub/fetch_remote_status_service.rb#L37

This makes it harder to publish static data to

silverpill,
@silverpill@mitra.social avatar

@mauve Object IDs can't be relative. The spec requires them to be globally unique identifiers / publicly dereferencable URIs:

https://www.w3.org/TR/activitypub/#obj-id

I would use url property to provide a secondary ID which can be relative. See this FEP for examples: https://codeberg.org/fediverse/fep/src/branch/main/fep/fffd/fep-fffd.md

tebicat, to fediverse

per the activitypub spec on what to do when receiving objects:
> it should dereference the id both to ensure that it exists and is a valid object, and that it is not misrepresenting the object. (In this example, Mallory could be spoofing an object allegedly posted by Alice).

this kinda defeats the purpose of sending the whole object and not just the id, doesn't it?

source: https://www.w3.org/TR/activitypub/#obj

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • thenastyranch
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • ngwrru68w68
  • provamag3
  • magazineikmin
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • anitta
  • Leos
  • tester
  • JUstTest
  • All magazines
    •