Conversation
Notices
-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 05:39:21 JST 
Alex Gleason
I nuked all the RSA actor keys on mostr.pub and made them all use a shared pem key: https://gitlab.com/soapbox-pub/mostr/-/merge_requests/103
There may be intermittent federation issues while servers fetch the updated actor for these users.
But guess what, the performance is 10x-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 05:43:13 JST
Alex Gleason
I spent an entire week on this shit initially, and created this slow and terrible library that probably isn't secure: https://gitlab.com/soapbox-pub/seeded-rsa
Doing it the easy way instead takes 1 hour and you don't have to deal with any of this shit. I wish I had thought of it before. -
Embed this notice
Matt Hamilton (eriner@noauthority.social)'s status on Saturday, 09-Mar-2024 05:43:25 JST 
Matt Hamilton
@alex ya separate user keys would have made sense if AP C2S was a thing, but using a single key per server is just as effective in the current S2S-only paradigm.
Nice!
Alex Gleason likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 05:43:45 JST
Alex Gleason
@eriner Yep I was thinking about C2S as well. It's the only way it makes sense. -
Embed this notice
Matt Hamilton (eriner@noauthority.social)'s status on Saturday, 09-Mar-2024 05:45:39 JST
Matt Hamilton
@alex ya. It would be great if clients could have their own keys and be responsible for their own identity, but alas the easy(ier) route was taken.
From a security perspective, that's a big boon that Nostr has over AP (as implemented in practice).
Alex Gleason likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 05:46:09 JST
Alex Gleason
@eriner Indeed. It's weird to think about how C2S may have enabled something more like Nostr, but Mastodon didn't do it so it's like it wasn't even an option. -
Embed this notice
Tassoman (tassoman@orwell.fun)'s status on Saturday, 09-Mar-2024 05:55:52 JST 
Tassoman
As far I can understand C2S is limited to Oauth2 domain, looks like stratified piles of shings during the ages https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization#Client_to_Server
Alex Gleason likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 05:56:05 JST
Alex Gleason
@tassoman @eriner CS2 sucks, that's why nobody uses it. But it would have been good if only it were good. -
Embed this notice
Tassoman (tassoman@orwell.fun)'s status on Saturday, 09-Mar-2024 05:59:39 JST
Tassoman
I guess C2S cryptography was never implemented to still be able lurking ya homemade porn posts by huge mastodonts Alex Gleason likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 06:06:44 JST
Alex Gleason
There are two ways to scale, 1) throw money at the problem, 2) change the code until it's faster.
This solution avoided having to upgrade to a more powerful server, saving money and resources. The best way to scale.
Mastodon is literally destroying the planet. -
Embed this notice
Växẍ Säbbäth (vaxxsabbath@poa.st)'s status on Saturday, 09-Mar-2024 07:31:05 JST 
Växẍ Säbbäth
@alex 3rd way:
"Redefine the problem entirely, so that it is susceptible to simpler and more efficient solutions"
-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Mar-2024 13:44:55 JST
Alex Gleason
@40dba08627a2f2c69c3031666149b567168f049894aa5c42203a3920a3de8483 To which fedi server? -
Embed this notice
H3rman (40dba08627a2f2c69c3031666149b567168f049894aa5c42203a3920a3de8483@mostr.pub)'s status on Saturday, 09-Mar-2024 13:44:57 JST 
H3rman
Reposts still aren't working across the bridge from nostr to fedi after the change.
-
Embed this notice
All GNU social JP content and data are available under the