New post: Can we have a more “social” media?
https://profpatsch.de/essays/a-more-social-media
On advertising, the Fediverse, and what a more human social web could look like.
Special mentions: @smallcircles, @phnt, @happy-programming
Conversation
Notices
-
Embed this notice
Beady Belle Fanchannel (profpatsch@mastodon.xyz)'s status on Thursday, 26-Mar-2026 04:40:50 JST 
Beady Belle Fanchannel
-
Embed this notice
wakest likes your bugs ⁂ (liaizon@social.wake.st)'s status on Thursday, 26-Mar-2026 04:40:48 JST 
wakest likes your bugs ⁂
@Profpatsch oh cool what did you build @happy-programming with?
-
Embed this notice
silverpill (silverpill@mitra.social)'s status on Thursday, 26-Mar-2026 07:39:06 JST 
silverpill
@Profpatsch @smallcircles @phnt
What hasn’t been considered is the ability of multiple people to speak with “one voice” yet.
Imageboards?
There was one that federated using ActivityPub: https://github.com/FChannel0/FChannel-Server
-
Embed this notice
silverpill (silverpill@mitra.social)'s status on Friday, 27-Mar-2026 05:25:00 JST
silverpill
@Profpatsch @liaizon The guide recommends limiting the response size, to prevent DoS.
I also found this in your SECURITY.md:
-
Embed this notice
Beady Belle Fanchannel (profpatsch@mastodon.xyz)'s status on Friday, 27-Mar-2026 05:25:02 JST
Beady Belle Fanchannel
@silverpill @liaizon Another issue I noticed: “set a max request/response size” means that we are essentially forced to implement paging of outboxes both on client and server
-
Embed this notice
silverpill (silverpill@mitra.social)'s status on Friday, 27-Mar-2026 05:25:03 JST
silverpill
2. Activity-Level Origin Checks
Same-origin is checked rather than exact equality so that servers with multiple actors can sign on behalf of any of their actors — a common legitimate pattern.For incoming activities, consider checking exact equality. See FEP-fe34, section "Signatures":
In order to minimize damage in the event of a key compromise or insufficient validation, consumers MUST verify that the signing key has the same owner as the signed object. Consumers MUST also confirm the ownership of the key by verifying a reciprocal claim.
This is not strictly necessary, but would help if the origin server does poor job at validating user input.
3. Embedded Object Origin Checks
Owner origin: the object's owner (actor for Activity subtypes, attributedTo for Notes/Objects) must be same-origin as the signing actor. Anonymous objects (no owner field) are accepted.In this case I also recommend checking owner ID equality, as a rule of thumb. Because origin servers implementing C2S API may fail to validate all embedded objects (which can be deeply nested).
Response body size limits
You may also need to limit the number of redirects and set a timeout. Some HTTP libraries have bad defaults.
By the way, I collect such recommendations in this guide: https://codeberg.org/ap-next/ap-next/src/branch/main/guide.md#network. Contributions are welcome!
-
Embed this notice
Beady Belle Fanchannel (profpatsch@mastodon.xyz)'s status on Friday, 27-Mar-2026 05:25:04 JST
Beady Belle Fanchannel
@liaizon @silverpill I want to write a blog post on this at one point, but I don’t know if I missed anything or misunderstand things.
-
Embed this notice
Beady Belle Fanchannel (profpatsch@mastodon.xyz)'s status on Friday, 27-Mar-2026 05:25:05 JST
Beady Belle Fanchannel
@liaizon fwiw I made & deployed some security improvements, the current security mechanisms are documented in https://codeberg.org/Profpatsch/Profpatsch/src/commit/249aa389a2023814b328af8fc795750fd28d995d/users/Profpatsch/activitypub-go/security.md
maybe @silverpill wants to take a look at whether this all sounds sensible?
-
Embed this notice
Beady Belle Fanchannel (profpatsch@mastodon.xyz)'s status on Friday, 27-Mar-2026 05:25:06 JST
Beady Belle Fanchannel
@liaizon Haha, that might be true. I did link it in the post, right now it lives at https://codeberg.org/Profpatsch/Profpatsch/src/branch/canon/users/Profpatsch/booster-bot and https://codeberg.org/Profpatsch/Profpatsch/src/branch/canon/users/Profpatsch/activitypub-go
-
Embed this notice
wakest likes your bugs ⁂ (liaizon@social.wake.st)'s status on Friday, 27-Mar-2026 05:25:08 JST
wakest likes your bugs ⁂
@Profpatsch honestly seeing it running live and followable I would say you are better off then half the things listed on these lists
-
Embed this notice
Beady Belle Fanchannel (profpatsch@mastodon.xyz)'s status on Friday, 27-Mar-2026 05:25:09 JST
Beady Belle Fanchannel
@liaizon yeah, it’s published, but currently I’d not feel comfortable being listed anywhere, the code is really rough and I haven’t really made sure it’s free of security issues
-
Embed this notice
wakest likes your bugs ⁂ (liaizon@social.wake.st)'s status on Friday, 27-Mar-2026 05:25:10 JST
wakest likes your bugs ⁂
@Profpatsch ah very cool its custom! have you published the code? I would add it to a list of implementations I help manage at https://delightful.club
-
Embed this notice
Beady Belle Fanchannel (profpatsch@mastodon.xyz)'s status on Friday, 27-Mar-2026 05:25:11 JST
Beady Belle Fanchannel
@liaizon Right now it’s two golang files that do a half-assed job at implementing activitypub
-
Embed this notice
silverpill (silverpill@mitra.social)'s status on Friday, 27-Mar-2026 14:40:01 JST
silverpill
@Profpatsch You need to create a new signature because the request target is changing. It is a part of a signature base, so the initial signature becomes invalid when the client follows a redirect.
-
Embed this notice
Beady Belle Fanchannel (profpatsch@mastodon.xyz)'s status on Friday, 27-Mar-2026 14:40:03 JST
Beady Belle Fanchannel
@silverpill @liaizon What does this mean? “Follow redirects, but set a limit. Request must be re-signed after every redirect.”
do you mean I have to check the new http signature on every 30x response? I don’t believe that can work??
-
Embed this notice
All GNU social JP content and data are available under the