Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://makai.chaotic.ninja/notes/9rveasyvfe">:mima_rule: Mima-sama (mima@makai.chaotic.ninja)'s status on Tuesday, 09-Apr-2024 14:21:14 JST</a><a href="https://makai.chaotic.ninja/@mima" title="mima@makai.chaotic.ninja"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt=":mima_rule: Mima-sama" style="position: absolute; left: 0; top: 0;">:mima_rule: Mima-sama</a><div><ul><li><li><a href="https://gnusocial.jp/user/142396" title="beaware@social.beaware.live">BeAware :fediverse:</a></li></ul></div></section><article><p><a href="https://social.beaware.live/@BeAware">@BeAware@social.beaware.live</a> <a href="https://makai.chaotic.ninja/tags/AuthorizedFetch" rel="tag">#AuthorizedFetch</a> is definitely a proprietary extension to <a href="https://makai.chaotic.ninja/tags/ActivityPub" rel="tag">#ActivityPub</a> by <a href="https://makai.chaotic.ninja/tags/Mastodon" rel="tag">#Mastodon</a>. First added in 2019: <a href="https://github.com/mastodon/mastodon/pull/11269">https://github.com/mastodon/mastodon/pull/11269</a><br><br>The main reason other AP implementations have added it (or in the case of <a href="https://makai.chaotic.ninja/tags/Misskey" rel="tag">#Misskey</a>, made signing objects enabled by default which was a reluctant decision) as well despite Authorized Fetch / <a href="https://makai.chaotic.ninja/tags/SecureMode" rel="tag">#SecureMode</a> not being documented in the spec is that plenty of big <a href="https://makai.chaotic.ninja/tags/MastoAdmins" rel="tag">#MastoAdmins</a> have enabled it for their instances thinking it will prevent harassment from instances they've blocked (despite the fact that AF is purely <a href="https://makai.chaotic.ninja/tags/securitytheater" rel="tag">#securitytheater</a>), forcing the rest of the <a href="https://makai.chaotic.ninja/tags/fediverse" rel="tag">#fediverse</a> to adopt it to remain compatible. Even at the cost of performance (no more caching).<br><br>This is plain ol' <a href="https://makai.chaotic.ninja/tags/EmbraceExtendExtinguish" rel="tag">#EmbraceExtendExtinguish</a> or <a href="https://makai.chaotic.ninja/tags/EEE" rel="tag">#EEE</a> for short against AP and the fedi by the Mastodon monopoly, and nobody wants to talk about it because it undermines the narrative a lot of Mastodon admins are putting out to justify their fediblocking of <a href="https://makai.chaotic.ninja/tags/Threads" rel="tag">#Threads</a>. Would've been fine if they focused on the (real) harms <a href="https://makai.chaotic.ninja/tags/Facebook" rel="tag">#Facebook</a> did to Burma for example, that's a totally fine reason to block FB. But screaming EEE just makes me roll my eyes on their <a href="https://makai.chaotic.ninja/tags/hypocrisy" rel="tag">#hypocrisy</a>. :seija_coffee:<br><br><a href="https://corteximplant.com/@marta">@marta@corteximplant.com</a><br><br><a href="https://makai.chaotic.ninja/tags/fediversemeta" rel="tag">#fediversemeta</a> <a href="https://makai.chaotic.ninja/tags/fediblockmeta" rel="tag">#fediblockmeta</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2913894#notice-5797931">In conversation</a><time datetime="2024-04-09T14:21:14+09:00" title="Tuesday, 09-Apr-2024 14:21:14 JST">about 10 months ago</time> <span>from <span><a href="https://makai.chaotic.ninja/notes/9rveasyvfe" rel="external" title="Sent from makai.chaotic.ninja via ActivityPub">makai.chaotic.ninja</a></span></span><a href="https://makai.chaotic.ninja/notes/9rveasyvfe">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/mastodon/mastodon/pull/11269">Add ActivityPub secure mode by Gargron · Pull Request #11269 · mastodon/mastodon</a></h5><div></div></header><div>Controlled by SECURE_MODE=true
Requires incoming GET requests to ActivityPub resources to be signed
Actors can still be fetched without signature, but return only technical attributes
Bug fix: Hand...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
:mima_rule: Mima-sama (mima@makai.chaotic.ninja)'s status on Tuesday, 09-Apr-2024 14:21:14 JST:mima_rule: Mima-sama
- Kitty Wife Milkshake
- BeAware :fediverse:
@BeAware@social.beaware.live #AuthorizedFetch is definitely a proprietary extension to #ActivityPub by #Mastodon. First added in 2019: https://github.com/mastodon/mastodon/pull/11269

The main reason other AP implementations have added it (or in the case of #Misskey, made signing objects enabled by default which was a reluctant decision) as well despite Authorized Fetch / #SecureMode not being documented in the spec is that plenty of big #MastoAdmins have enabled it for their instances thinking it will prevent harassment from instances they've blocked (despite the fact that AF is purely #securitytheater), forcing the rest of the #fediverse to adopt it to remain compatible. Even at the cost of performance (no more caching).

This is plain ol' #EmbraceExtendExtinguish or #EEE for short against AP and the fedi by the Mastodon monopoly, and nobody wants to talk about it because it undermines the narrative a lot of Mastodon admins are putting out to justify their fediblocking of #Threads. Would've been fine if they focused on the (real) harms #Facebook did to Burma for example, that's a totally fine reason to block FB. But screaming EEE just makes me roll my eyes on their #hypocrisy. :seija_coffee:

@marta@corteximplant.com

#fediversemeta #fediblockmeta
In conversationabout 10 months ago from makai.chaotic.ninjapermalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  Add ActivityPub secure mode by Gargron · Pull Request #11269 · mastodon/mastodon
  Controlled by SECURE_MODE=true Requires incoming GET requests to ActivityPub resources to be signed Actors can still be fetched without signature, but return only technical attributes Bug fix: Hand...

Public

Embed Notice

HTML Code

Corresponding Notice