blake

blake, 1 month ago to random

After seeing how the XZ maintainer's burnout and mental health decline was exploited to the potential detriment of the whole world, we're totally going to be supporting our developers more, right guys? We're totally going to fund critical OSS and pay maintainers enough to hire on other maintainers to take the burden off of them and reduce burnout, right? Right?

blake, 1 month ago to random

Oh hey #xmpp people, if you know of a bot I can debug my ad-hoc commands and data forms implementations against, let me know... I'm going to need one.

blake, 18 days ago to random

decided to look into #solid (the Tim Berners-Lee related one) and, why the hell isn't it in everything by now, or at least able to be?!

Like, why can't I have my files on a Solid pod show up in Nautilus yet?!

In particular, I think it might be really great for a "metaverse passport," a common ID that would include a display name and avatars, and you could potentially use Solid's existent profile and friends stuff too.

blake, 4 months ago to forum

A #forum that takes on #Discord would have to:

• Have some kind of real-time interface. The chat-like style Spectrum.chat used was great for this (apart from Spectrum (source linked) being slow as hell).
• Provide plenty of single sign-on. IndieAuth on by default could be a big help.
• Have a cheap/free (at least sponsor open-source projects to be free), dead-simple way to host your own

Other nice-to-haves:

• Fediverse support of some kind.
• Integration with Discord (hell, using Discord's forums, and bi-directional! It's possible with Discord's API, last I checked).

blake, 1 month ago to random

Has anyone tried checking #liblzma #xz against known symbols to see what mismatches? Any differences in these differences between 5.6.0 and 5.4.5 (I expect there should be)?

I would do this but I don't know how.

blake, 3 months ago to random

Recently I've noticed a lot of moderative issues that have (potential) solutions and mitigations.
The spam issue, as @devnull pointed out, could be reduced with some kind of reputation system (although doing that in a federated environment could prove difficult).
I've said numerous times we could really use some kind of approval-based federation (I propose both "newly discovered instances must be approved" and "newly discovered users from specific instances must be approved"). This is something between block-by-default and allow-by-default. Maybe you could let lookups from a logged-in local user bypass these, too.
It was either @hrefna or someone else, I forget, who said treating the "replies" collection as the definitive collection of replies would enable moderating or restricting replies to a post.
I think the available time and attention is probably being well spent but these things probably deserve more time and attention than something like quote posts.

blake, 3 months ago to random

The finishing blow to firefish.social has been made: it now simply gives up and returns 503. Sure there's more decay past this point, like at some point it won't hit anything and at some point the DNS will stop resolving and at some point the IP will stop resolving but there's no Firefish left on firefish.social.

🫡

blake, 3 months ago to random

Not all things need to be federated. Wikis probably shouldn't be openly federated (although closed federation a la IRC and pushing to mirrors isn't a terrible idea). Forums can get away with not being federated. Both should probably support something like IndieAuth to make it far simpler to participate, though.

blake, 5 months ago to random

Hey, I found some Interesting Signals on my SDR at ~851 MHz! I think it's mobile data, probably an old kind. It looks like the band is or could be also used by police. I'm not sure.

Characteristics:

• It's frequent, but not constant
• It hops frequencies
• Sounds like a probably-digital signal
• Multiple signals of this kind can be transmitted at once, on different frequencies
• Most of the time, the signal is short, but sometimes there's a long, occasionally-dropped signal
• It broadcasts from near and far, since I can see faint versions of the same signals on the waterfall too
• Bandwidth is about 12.5 kHz
• Haven't seen one past about 859.492 MHz

blake, 7 months ago to fediverse

It appears the prevailing mechanism for DMs over #ActivityPub is just direct Notes. Misskey/Firefish mark it as a DM with a non-standard field. Pixelfed either doesn't have any DM distinguisher, or it uses a different non-standard field. Pleroma uses a non-standard type ChatMessage and appears to apply certain special logistics to it (i.e. only one person, and it must be a single Actor, may be specified, and only in the to field).

Maybe the mechanism for Babilejo will aim for maximum compatibility with "type": ["Note", "ChatMessage", "https://joinbabilejo.org/ns/type#ChatMessage"], the Misskey special field, and treating the Babilejo ChatMessage type (and the Pleroma ChatMessage type) as a descendant of Note. That way, I don't have to have any special compatibility mode (as long as all the popular projects are spec-compliant, accepting multiple types...)

blake, 6 months ago to random

I need a #XMPP #Jabber server to test Spades with so I'm about to set up the server for blakes.dev (and blakeslabs.com). I'd like to use Metronome but I'm not sure if or how well it works with Docker¹. Prosody doesn't support MIX (a must for me) and it's also old, crusty, and you know, replaced by Metronome. So now I'm looking at Ejabberd² which doesn't seem to have a community modules system so I don't think I can (easily) extend features onto it, like MIX-MUC, the way Prosody (and Metronome) could. I believe there's also Openfire which I've seen is also behind on features (it doesn't support XEP-0050 Blocking Command?).

I'm probably going to set up Ejabberd but some advice would be appreciated.

¹ I'm using Docker to manage all my shit, like how most of us nerds use Kubernetes. Isn't K8s used for multiple-server servers? I'm only running one VPS, so it's not that useful for me.
² They said they were adding Matrix support some time back. That would be very useful to me. I don't see any mention of it in the docs or even the source code though.

khalidabuhakmeh, 6 days ago to rust

This is pretty big news for #rustlang developers. You can use RustRover for FREE for non-commercial scenarios, including hobby projects and open-source.

https://blog.jetbrains.com/rust/2024/05/21/rustrover-is-released-and-includes-a-free-non-commercial-option/

blake, 3 months ago to random

I feel so bad for this guy who's spent months and months working on this cool new thing he's so proud of and agonizing over how to make the least amount of people mad as possible and his entire audience save a few cis white men hate him and block him and his cool toy for it.

blake, 7 months ago to random

This is starting to sound familiar

I think if an XMPP server (in the relevant space) had implemented an API inspired by, say, Discord, the whole ecosystem would be seeing a lot more traction right now. The underlying tech is impossibly confusing and incredibly inconsistent, much like the ActivityPub situation (although AP is still way easier to work with than XMPP). Unlike AP, that inconsistency has made using it in most situations difficult enough that Matrix -- Matrix! -- is a better option (you can start by looking at encryption mechanisms! Ad-hoc commands support!). The saving grace for AP was probably Mastodon, which had real traction even before Twitter imploded, because it worked, it worked well, and it was easy to use from every angle. That's why there are so many good Mastodon clients and bots out there and like one "good" XMPP client that's only available on one platform.

RE: https://infosec.town/notes/9kcv8qx2dq34kdo7

blake, 9 months ago to random

New instance, new #introduction (as I'm bombarded with "X followed you!" notifications from migrating)!

My name is Blake Leonard, I write software for fun and hope I can do the one thing I'm good at for a living. For now I make money to support my hobbies and family's Christmas presents at a grocery store, which isn't bad work but it doesn't pay much (so I haven't moved out yet 😔) and it's not well suited for me.

Like many others, I migrated away from #Fosstodon today. It's not the first migration I've done; last time, I came amicably from indieweb.social to a community (and timeline) that suited me better. Today's migration away from Fosstodon comes in response to a few things, in rough order of weight on my decision:

• Firefish's feature set is so much richer than Mastodon's. Quoting, longer posts, and markup are among the things I've missed most when on my main account.
• I found out this morning that some years ago one of the admins said some problematic things -- generally problematic with an ignorant use of the word "snowflake," followed by remarks about how pronouns in profiles are annoying. I'm not going to tolerate that from someone I trust as a custodian of my identity. This would have ranked higher if it weren't years ago and long resolved.
• I'm sure it wasn't meant to come across this way but I received some condescending responses from one admin to genuine questions about moderation decisions. It wasn't a one time incident. It's happened multiple times. That doesn't exactly make me feel welcome there.
• The biggest thing causing the rounds of drama right now is the English-only rule, which as a cis white American man who only (in any usable capacity) speaks English, I fully understand the long-established decision to keep the instance English-only for moderation reasons. At that scale though, they probably should have more than two moderators, and at least one of them should probably speak some other language. The policy, when brought to light that they seemed to be more strictly enforcing it (which they denied, of course, but I'm sure there's a reason why people are only now upset about it when it's been around forever), felt like it would further hinder my ability to reply to comments in German than my A1 level knowledge of the language does, despite them denying it.

Due primarily to the transphobia/right-of-center issue, I did cancel my Patreon membership at Fosstodon, because while I have enough reason to trust that they're not just pocketing the money, I don't trust them to handle it anymore (plus, I'm not on their server now).

I ended up picking this server at Kainoa's suggestion, which I agreed with because of Infosec Exchange's reputation, which is pretty good as far as Fedi servers go.

I'll probably spend the next couple hours switching my website to pull posts from a "clip" on this account instead of all public posts from my old account. If you have any questions about me, or my decision to migrate here; ask away!

blake, 4 months ago to random

Something New on The Mystery Signal on 155.52 MHz: it came on, kept repeating two patterns (we'll call them "data", the random-looking one, and "pause", the one that comes out like a bunch of straight or wavy lines on the waterfall), occasionally cut off and started the preamble tones again and kept going, until it broke the pattern, sent something with longer data and shorter pauses, and then cut off.

Usually, the "pause" is quite short, but during this transmission, it was almost the same length as the "data" portions.

Also, in SSB or DSB modes, the outro tone sounds like a DTMF tone. The intro tones don't, I think, although the first of the three intro tones is the same as the outro tone.

I should have recorded that long burst to see if the restarts were a specific time apart or something.

blake, 4 months ago to random

Friendly reminder that the US is actually on the metric system, it's just that there's just a handful of official cases that haven't converted (highway signs and meteorology), and a shitton of old people who can't be arsed to learn shit.

The highway signs would cost a shit ton of money and time to replace, and then you have to do education too. I assume there's a similar excuse for the National Weather Service to still be using Fahrenheit and (nautical) miles in its official material, but I haven't heard it.

blake, 3 months ago to rust

Maybe something I can try for the purpose of learning #Rust is setting up a real-time communication channel in #NodeBB (i.e. a socket that the web UI could use to show real-time information, typing indicators, etc). Maybe it's too easy or too hard... I also have an audio processing project I intend on doing in Rust but I haven't managed to get myself to do that yet.

Also, I still want #PikaPods to have NodeBB. It might become affordable for a lot more communities that way! There's a request lodged for it in their feedback thing but there's currently no indication they plan on adding it.

blake, 1 day ago to random

#TiddlyWiki seems nice in concept, apart from it running in the browser and its community spread to the fucking wind. How on earth am I supposed to find cool themes or plugins (which are completely necessary to reasonably use it, particularly for SAVING)?

I found a plugin that supposedly let me save over S3 but it seems to only work with S3, so I can't save to Backblaze. There's also an official plugin for saving to browser internal storage, but that doesn't help me access it from my phone, if I wanted to.

What's the point if I have to host a server or connect it to Google to use it anyway? Why not spin up, say, MediaWiki? Or a Google doc or site?

Or a local notebook app like Paper, Obsidian, or Logseq.

blake, 3 months ago to random

I went outside and thought up a system of "Federation protection levels." When applied "globally," it applies to all undiscovered/unapproved instances and controls whether they can be added. Approval of an instance involves setting its protection level. When applied at the "(remote) instance" level, it applies to a specific instance, similar to the existing "suspend" and "silenced/limited" actions, which should remain as they also do different things. The most specific level always applies; so if a level is applied to an instance, that instance is unaffected by the "global" level. Note that this system is designed for Mastodon's simplicity principles and more advanced software should adopt more granular controls.

Maybe I'll turn this into a blog post later with more details.

Platinum - Maximum protection

• (When set at the "global" level:) Incoming activities from newly discovered instances are completely ignored and must be added manually (allow-list federation).
• (When set at the "global" level:) Authorized Fetch (HTTP signatures) are enforced. Unknown signatures are not checked and are automatically denied/dropped (as if interacting from a suspended instance).
• Newly discovered actors are completely ignored, along with their posts, and also must be added manually by administrators or moderators
• Media from unknown remote instances is completely blocked
• (When set at the "global" level:) Boosts of posts by unknown users or users from unknown instances are ignored.
• (When set at the "instance" level:) Boosts of posts by unknown users from this instance are ignored.
• Follow requests are forced ON for follows from the remote instance.
• A severe rate limit is applied to all affected remote instances.

Gold - Elevated protection

• (When set at the "global" level:) Newly discovered instances are flagged for approval.
• (When set at the "global" level:) Authorized Fetch (HTTP signatures) are enforced.
• Newly discovered actors are flagged for approval. They are allowed to publish and subscribe, under the limitations from the protection level.
• A strict rate-limit is applied.
• Incoming notes from users/accounts from this instance who are not followed by a local user/account are dropped.
• (When set at the "global" level:) Boosts of posts by unknown actors or users from unknown instances are only federated if the booster is followed locally.
• (When set at the "instance" level:) Boosts of posts by unknown actors from this instance are only federated if the booster is followed locally.
• Media is cached/proxied only when directly posted by locally followed actors.
• Direct messages from an actor A to an actor B which does not follow actor A are dropped (or maybe hidden away somewhere).
• Follow requests are forced ON for follows from the remote instance.

Silver - Medium protection

• (When set at the "global" level:) Newly discovered instances are flagged for approval. They are allowed to publish and subscribe, under the limitations from the protection level.
• (When set at the "global" level:) Authorized Fetch (HTTP signatures) are enforced.
• Newly discovered users/accounts are flagged for approval. They are allowed to publish and subscribe, under the limitations from the protection level.
• Direct messages from an actor A to an actor B which does not follow actor A are dropped (or maybe hidden away somewhere).

Bronze - Minimal protection
This is the only protection level available today.

• (When set at the "global" level:) Authorized Fetch (HTTP signatures) are not enforced; that is, you are able to look up any public post simply by not including the relevant headers.

blake, 3 months ago to random

this is almost certainly calling out Firefish (and maybe Iceshrimp)...

RE: shonk.social/notes/9ptz6p70vgt4002z

blake, 2 months ago to random

Cloudflare's captcha hasn't been working for me. Which means I'm now locked out of my bank account on my computer. What the hell

blake, 4 months ago to fediverse

I think either I or someone else had this idea before, maybe someone with more spoons than me can build it: a federated Thing directory, powered by #ActivityPub.

Some aspects of such an app:

• No "content" would be hosted there. Instead it would point to where it should be, which could include federated platforms like Peertube, in which case it would "boost" instead of "link."
• It wouldn't be built directly compatible with Mastodon (i.e. it wouldn't use Notes for published links). It might just be coincidental.
• It probably wouldn't use WebFinger because there's not much of a point. (I guess it could use it to refer to users, but that sounds out of scope, and potentially confusing as link collections would probably exist too)
• Each directory (instance) would search itself by default, and it could probably use a minified index to determine when it should try searching another directory, which would be done on that directory.
• Metadata included, but not passed around.
• Directories (and/or collections?) would have their own set of key-words which other directories would use to know when to search that directory. There would be a hard cap for how many are stored for each directory, although maybe it could be adjustable.
• The intent is to make things like Fediverse instances and media streams discoverable in a decentralized way. It's not built for things like article sharing (like Lemmy) or bookmarks (like Postmarks), and that use should be discouraged.
• Each entry would include a key or a hash to verify or decrypt the content with. Hashes aren't needed if the entry points to something content-addressable, i.e. DIDs or IPFS. Also they'd probably be "highly recommended," maybe penalized if it's not included or something, instead of outright required, since media streams likely won't be signed nor will they be hashable by its nature as perpetually changing.

blake, 1 month ago to random

I'm considering starting a new project (yes, I know), an #XMPP External Component that is a full MIX implementation -- particularly including MIX-MUC, crucial for backwards compatibility.

At this point I'd only do it with a sponsorship or grant or some such. I don't want to take on the responsibility and sacrifice my free time for it just for it to blow up in my face, I'd much rather have some support structure in place.

blake, 1 month ago to random

I kinda wish #iceshrimp and/or #sharkey had a tumblr-style queue, I have a ton of unrelated Thoughts but don't want to spam the timeline with them.

It could work if there was a Iceshrimp/Sharkey compatible external client and if they had support for the post scheduling APIs (or just ran in the cloud).