GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Alex Gleason (alex@gleasonator.com)'s status on Friday, 14-Jul-2023 12:19:31 JST Alex Gleason Alex Gleason
    how to do RSA keys on the Fediverse the good way

    DONT: generate an rsa keypair for every user on signup and then store the entire thing in the database. that's called BLOAT, Mastodon

    DO: combine the user's id with a secret key as a seed for the RSA PRNG, create the RSA key and then cache it in a LRU cache with a max of like 1000 or so. do all this in realtime so inactive keys get evicted but can be quickly regenerated at any time.
    In conversation Friday, 14-Jul-2023 12:19:31 JST from gleasonator.com permalink
    • Doughnut Lollipop 【記録係】:blobfoxgooglymlem: likes this.
    • GNU Too repeated this.
    • Embed this notice
      Alex Gleason (alex@gleasonator.com)'s status on Friday, 14-Jul-2023 12:20:45 JST Alex Gleason Alex Gleason
      in reply to
      bonus: you can easily support multiple different types of keypairs for all users without database bloat, by seeding each algorithm with a secret key and data unique to that user. then cache it for speed.
      In conversation Friday, 14-Jul-2023 12:20:45 JST permalink
    • Embed this notice
      anime graf mays ?️? (graf@poa.st)'s status on Friday, 14-Jul-2023 12:21:30 JST anime graf mays ?️? anime graf mays ?️?
      in reply to
      @alex good to see you almost immediately instead of 10, 15 minutes later like yesterday. sort everything out? in the event that happens again you can always call me any time
      In conversation Friday, 14-Jul-2023 12:21:30 JST permalink
      Alex Gleason likes this.
    • Embed this notice
      Alex Gleason (alex@gleasonator.com)'s status on Friday, 14-Jul-2023 12:21:50 JST Alex Gleason Alex Gleason
      in reply to
      • anime graf mays ?️?
      @graf Thanks brother. Still running repack, but shutting down some other VMs seems to have freed up enough RAM for now.
      In conversation Friday, 14-Jul-2023 12:21:50 JST permalink
    • Embed this notice
      Alex Gleason (alex@gleasonator.com)'s status on Friday, 14-Jul-2023 12:27:23 JST Alex Gleason Alex Gleason
      in reply to
      • Stacks
      @c060b31fe2bbb0be4d393bc7c40a80848a25b8f0e0f382cb5b49c37bf7476cb4 Pragmatic answer: private messages, mainly

      Actual answer: HTTP Signaturs, which have a variety of benefits and consequences.
      In conversation Friday, 14-Jul-2023 12:27:23 JST permalink
    • Embed this notice
      Stacks (c060b31fe2bbb0be4d393bc7c40a80848a25b8f0e0f382cb5b49c37bf7476cb4@mostr.pub)'s status on Friday, 14-Jul-2023 12:27:24 JST Stacks Stacks
      in reply to
      What are RSA keys in the Fediverse used for? 🧐
      In conversation Friday, 14-Jul-2023 12:27:24 JST permalink
    • Embed this notice
      InceptionState (inceptionstate@poa.st)'s status on Friday, 14-Jul-2023 12:39:43 JST InceptionState InceptionState
      in reply to
      @alex Kinda weird that they chose RSA instead of ECDSA. Eg. with Curve25519 the keys would be 32 bytes each which would be much more reasonable to store in the database. Also it's a lot quicker to compute the signatures.

      cryptobook.nakov.com/digital-signatures/eddsa-and-ed25519
      In conversation Friday, 14-Jul-2023 12:39:43 JST permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: app.gitbook.com
        EdDSA and Ed25519
    • Embed this notice
      Alex Gleason (alex@gleasonator.com)'s status on Friday, 14-Jul-2023 12:39:43 JST Alex Gleason Alex Gleason
      in reply to
      • InceptionState
      @InceptionState Before Mastodon, there was GNU Social. Originally Mastodon federated with GNU Social over OStatus, then later Mastodon switched to ActivityPub. Not sure when RSA came in, but point is there's a long and stupid history (baggage).
      In conversation Friday, 14-Jul-2023 12:39:43 JST permalink
    • Embed this notice
      anime graf mays ?️? (graf@poa.st)'s status on Friday, 14-Jul-2023 12:52:45 JST anime graf mays ?️? anime graf mays ?️?
      in reply to
      @alex running on the gitlab runner server?
      In conversation Friday, 14-Jul-2023 12:52:45 JST permalink
    • Embed this notice
      Alex Gleason (alex@gleasonator.com)'s status on Friday, 14-Jul-2023 12:52:45 JST Alex Gleason Alex Gleason
      in reply to
      • anime graf mays ?️?
      @graf Different one. It has nearly limitless storage space (12TB I think?) but it's all spinning disk.
      In conversation Friday, 14-Jul-2023 12:52:45 JST permalink
    • Embed this notice
      InceptionState (inceptionstate@poa.st)'s status on Friday, 14-Jul-2023 12:52:53 JST InceptionState InceptionState
      in reply to
      @alex Classic. Also apparently the ActivityPub spec doesn't even specify an authentication mechanism.

      > Unfortunately at the time of standardization, there are no strongly agreed upon mechanisms for authentication.

      w3.org/TR/activitypub/#security-considerations
      In conversation Friday, 14-Jul-2023 12:52:53 JST permalink

      Attachments

      1. ActivityPub
        The ActivityPub protocol is a decentralized social networking protocol based upon the [ActivityStreams] 2.0 data format. It provides a client to server API for creating, updating and deleting content, as well as a federated server to server API for delivering notifications and content.
      Alex Gleason likes this.
    • Embed this notice
      GNU Too (gnu2@gnusocial.jp)'s status on Friday, 14-Jul-2023 12:56:38 JST GNU Too GNU Too
      in reply to
      @alex why does anyone use Mastodon?
      In conversation Friday, 14-Jul-2023 12:56:38 JST permalink
      Alex Gleason likes this.
    • Embed this notice
      Alex Gleason (alex@gleasonator.com)'s status on Friday, 14-Jul-2023 12:58:56 JST Alex Gleason Alex Gleason
      in reply to
      • GNU Too
      @gnu2 Because it's mostly not full of security vulnerabilities and Eugen is great at marketing.
      In conversation Friday, 14-Jul-2023 12:58:56 JST permalink
      Marcin Mikołajczak and s4if like this.
    • Embed this notice
      GNU Too (gnu2@gnusocial.jp)'s status on Friday, 14-Jul-2023 12:59:57 JST GNU Too GNU Too
      in reply to
      @alex " Eugen is great at marketing" is that supposed to be a joke?
      In conversation Friday, 14-Jul-2023 12:59:57 JST permalink
    • Embed this notice
      anime graf mays ?️? (graf@poa.st)'s status on Friday, 14-Jul-2023 13:01:41 JST anime graf mays ?️? anime graf mays ?️?
      in reply to
      • GNU Too
      @alex @gnu2 im amazing at marketing and you look like eugen. we can capitalize on this you know
      In conversation Friday, 14-Jul-2023 13:01:41 JST permalink
      𝕾𝖎𝖗 𝕽𝖞𝖆𝖓 𝕿𝖍𝖔𝖒𝖆𝖘 likes this.
    • Embed this notice
      Kirino Kousaka (kirino@seal.cafe)'s status on Friday, 14-Jul-2023 13:07:17 JST Kirino Kousaka Kirino Kousaka
      in reply to
      • GNU Too
      • anime graf mays ?️?
      no
      In conversation Friday, 14-Jul-2023 13:07:17 JST permalink
    • Embed this notice
      Fikrān Mutasā'il (fikran@thebag.social)'s status on Friday, 14-Jul-2023 13:28:58 JST Fikrān Mutasā'il Fikrān Mutasā'il
      in reply to
      • GNU Too
      @alex
      @gnu2 that, and Pleroma doesn't seem to chase features the same way as Mastodon does (sorta)
      In conversation Friday, 14-Jul-2023 13:28:58 JST permalink
    • Embed this notice
      GNU Too (gnu2@gnusocial.jp)'s status on Saturday, 15-Jul-2023 03:56:47 JST GNU Too GNU Too
      in reply to
      • Fikrān Mutasā'il
      I don't know mate. From an end user perspective Pleroma seems to have more useful features than Mastodon does.
      In conversation Saturday, 15-Jul-2023 03:56:47 JST permalink
    • Embed this notice
      GNU Too (gnu2@gnusocial.jp)'s status on Saturday, 15-Jul-2023 03:58:31 JST GNU Too GNU Too
      in reply to
      "not full of security vulnerabilities" is that your way of saying GS is?
      In conversation Saturday, 15-Jul-2023 03:58:31 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.