GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by arcanicanis (arcanicanis@were.social)

  1. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Sunday, 04-May-2025 11:17:57 JST arcanicanis arcanicanis
    in reply to
    • iced depresso

    The "insult to injury" in all this, is that I just want to write a plugin for Cockpit that's visually consistent with the Cockpit itself.

    But I also can't use the Cockpit's copy of PatternFly, because they keep switching between versions, and evidently it's just 'too hard' to simply ship separate major versions as separate files; ergo you can't use Cockpit's copy, you have to ship your own. Originally on v3, then v4, v5, and now it's moving on v6.

    They even complain about breakage within a major version, but yet this is all entirely within the same company (RedHat): https://cockpit-project.org/blog/cockpit-221.html

    Instead of writing my plugin, most of the time will probably be wasted with just dealing with the CSS UI framework itself.

    And of course when I do npm install on the demo plugin, it pulls in 214MB for effectively a "hello world" project.

    In conversation 2 months ago from were.social permalink

    Attachments


  2. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Sunday, 04-May-2025 11:05:36 JST arcanicanis arcanicanis

    ..."modern" CSS frameworks feel like a mental illness.

    In conversation 2 months ago from were.social permalink

    Attachments


    1. https://were.social/media/696e314d7e046d8f2b84859b5ec3a4802dfe9baafff3d4ab429b9ca48b94c393.png
  3. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Thursday, 01-May-2025 04:47:52 JST arcanicanis arcanicanis
    in reply to
    • Johnny Peligro

    I guess I'll participate:

    In conversation 2 months ago from were.social permalink

    Attachments


    1. https://were.social/media/69b17df4ffc35768902431ff24549f971ce0238e872622cff7cfdea5a715dda0.png
  4. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Tuesday, 18-Feb-2025 04:50:53 JST arcanicanis arcanicanis
    • T man :sex: :puffgiga: :puffpowerroll:

    Or mentionably the stance is even far beyond Stallman himself: https://stallman.org/stallman-computing.html

    As for microwave ovens and other appliances, if updating software is not a normal part of use of the device, then it is not a computer. In that case, I think the user need not take cognizance of whether the device contains a processor and software, or is built some other way. However, if it has an "update firmware" button, that means installing different software is a normal part of use, so it is a computer.

    In conversation 5 months ago from were.social permalink

    Attachments


  5. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Tuesday, 04-Feb-2025 08:16:42 JST arcanicanis arcanicanis

    Imagine if we had a protocol where it was required that you'd open up your SQL server to the public internet (with access control on writes, or reads on protected data, of course), and just have remote servers/clients just query straight off your database, regardless of query complexity.

    So how is Solid any different than that with SPARQL, N3, Shape Trees, etc?

    Every time I look at the stack of protocols to Solid ( https://solidproject.org/TR/ ), it feels like the engineering mess that was the OSI protocols, of overcomplicating a [relatively] simple problem.

    I'm not saying SPARQL, semantic data, and alike don't have utility, as I'm sure it's probably used in various massively-scaled production environments; but that I don't see how you expect to have something publicly internet-facing that any entity on the internet could incur a heavy query on the server, or just with offloading so much compute responsibility to a server, instead of making a dumber server (just like how you can achieve an ActivityPub implementation in just static files, since it doesn't have a query language).

    I could be uninformed (and I only periodically peek at it, and skim through some of the specs at times, I don't know it in depth), but I still don't see how this is going to be anything that could be operated cost-effectively and not be prone to trivial Denial of Service abuse.

    In conversation 5 months ago from were.social permalink

    Attachments


    1. No result found on File_thumbnail lookup.
      Solid Technical Reports
  6. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Monday, 23-Dec-2024 08:06:45 JST arcanicanis arcanicanis

    Neat, didn't notice that SCRAM for HTTP Authentication was a standardized thing until now: https://datatracker.ietf.org/doc/html/rfc7804

    Apparently authored by an employee of an XMPP software vendor.

    In conversation 6 months ago from were.social permalink

    Attachments


  7. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Wednesday, 27-Nov-2024 00:01:20 JST arcanicanis arcanicanis

    On an unusual train of thought I had: it'd be an interestingly dark and depressing reveal in a dystopian novel to have a subtle detail where nearly anyone that's a threat to some tyrannical government, that whenever they covertly "disappear" someone (of anyone that's not a major highly-visible public figure), that their online accounts are taken over by a government-ran generative AI trained on their collected conversation history, which would continue posting online and holding conversations to their likeness as if nothing happened (and not with any sudden 'change in tune' in beliefs or anything, like some 1984-style compelled speech).

    Whereas you're following the story of the protagonist, they've made various connections with people along the way (some that they've met in-person on a few occasions), but where they correspond primarily online and usually in a private and semi-pseudonymous nature. Then it's at some late point in the story, where the protagonist is about to pull off some big feat, of something that requires the resources of their long-time connections, whereas most of them uncharacteristically back out or give very indirect responses/excuses.

    Through some deductive reasoning, careful probing, and other hints, the protagonist comes across some hidden information revealing said government program, connects the dots, and realizes most of his contacts are compromised and probably haven't been alive for nearly a year, and they're just being led on as some entrapment scheme to catch them, as the protagonist is one of the very last few remaining of their mindshare.

    Obviously I'm not any sort of storyteller nor writer, but that'd be neat to see someone carefully insert something like that into some story idea.

    In conversation 7 months ago from were.social permalink
  8. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Monday, 21-Oct-2024 21:49:03 JST arcanicanis arcanicanis
    in reply to
    • silverpill
    • bryan newbold
    • Erlend Sogge Heggen

    I stole a few ideas from did:plc and did:tdw, yes. It's just an experiment insofar, as I'm using it as a stand-in for other methods, as something I can adjust to my needs as I toy with DIDs in a way with reverse-compatibility to standard non-DID ActivityPub.

    As it currently stands, there doesn't seem to be a lot of methods that clarify whether DID URLs are permitted or not with the method.

    There were a few adjustments I was going to add, such as what other 'authoritative' servers the did:fedi can be discovered from, within the method-specific protocol, maybe.

    Either way, I haven't been public about it yet. Just finished a basic key wrapping and serialization format to go along with it, and I'll probably push out a newer version of the generator demo (which presently lacks a polyfill for browsers that don't have native Ed25519 within WebCrypto) in a day or two. I'll probably be more vocal when I have results.

    As for the primer, that was probably over a year ago, and the mentioned FEPs, even a year before that (with all those FEPs devised by @silverpill )

    In conversation 9 months ago from were.social permalink

    Attachments



  9. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Monday, 21-Oct-2024 21:49:01 JST arcanicanis arcanicanis
    in reply to
    • silverpill
    • bumblefudge
    • bryan newbold
    • Erlend Sogge Heggen

    I have been reading parts of the DID Resolution spec, yes. There are some inconsistencies I noticed when trying to sorta-implement it, such as the example for "8. DID URL Dereferencing Result" whereas it has didUrlDereferencingMetadata while the current JSON-LD context (which is https://w3id.org/did-resolution/v1 which redirects to a broken URL of https://w3c-ccg.github.io/did-resolution/contexts/did-resolution-v1.json, when I think it's instead meant to go to https://w3c.github.io/did-resolution/contexts/did-resolution-v1.json) defines a property name of dereferencingMetadata instead; or also relative-ref instead of relativeRef in some of the diagrams.

    There had been light inferences about using DID URLs for binary content, but it's difficult to see the application of it, when most of it comes to returning a JSON resolution/dereferencing metadata document as an envelope. There's no mention of anything with content negotiation, like if there was a mechanism where: a DID-aware application could ask for the JSON info on resolution, or else, a non-DID-aware application (that doesn't list DID resolution media type in the 'Accept' header) could just be redirected to the dereferenced binary file instead.

    There also doesn't seem to be much for options with simply pointing to the location of the resource, rather than embedding the resulting document directly.

    I've generally tried just 'making up' some makeshift extensions to fill the gaps in my use-case, and might have some results within a week-ish (I have a resolver implemented with DID URL dereferencing, I just need to make further client-facing changes). There could also be a chance that I might have skipped over something important that might address my complaints, as I'm usually skimming through fragments of all the miscellaneous specs at a time.

    In conversation 9 months ago from were.social permalink

    Attachments



  10. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Wednesday, 18-Sep-2024 06:20:59 JST arcanicanis arcanicanis

    I wonder if there's utility in having some sort of "degrees of association" ranking system for dealing with spam accounts. Whereas like the 'Web of Trust' model originally envisioned for PGP, but in this case, not being about asserting legitimacy of real identity, instead just a "not a bot" rating.

    Mainly where you'd endorse someone else's account as 'not a bot' on some sort of scale of: recent online acquaintance, long-time online friend, or have met in-person plenty. The risk of course is that such a thing could be abused for datamining, although, some of that could already be heuristically inferred (follower status + frequency of interaction/replies).

    This is just a musing of distantly watching the happenings of Nostr in dealing with spam, and seeing if there's ideas that could be implemented in ActivityPub-land first before implementations of key-based portable identities are more widespread.

    In conversation 10 months ago from were.social permalink
  11. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Wednesday, 21-Aug-2024 02:36:32 JST arcanicanis arcanicanis
    in reply to
    • lainy
    • Fish of Rage

    You don't use link-local addresses in this way. The point of the link-local address is that it can always be directly inferred by it's MAC address and not something you would typically manually assign. There's also annoying specifics with link-local addresses that make them less usable, specifically that they MUST have an interface identifier on them when entering them in any software, like accessing a webpage by link-local address. For example, you HAVE TO do http://[fe80:🔢56ab:cdef%eth0] you can't just do it plain, as the link-local address is meaningless without the device identifier.

    The IPv6 link-local fe80::/64 range is like IPv4's 169.254.0.0/16 range, except it doesn't pull numbers randomly out it's as, and again: has the additional oddity of requiring an interface ID at the end. Meanwhile that creates an odd predicament with DNS, even with a HOSTS file.

    Nonetheless, what you're looking for instead is the Unique-Local addressing, using the fc00::/7 range, which is more equivalent to IPv4's 10.0.0.0/8 and other private-use IP ranges. Within fc00::/7 it's recommended you only use fd00::/8

    If it's two computers directly wired together, you could pretty much just number them as fd00::1/64 and fd00::2/64, or whatever values you want.

    In conversation 11 months ago from were.social permalink
  12. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Wednesday, 17-Jul-2024 15:40:53 JST arcanicanis arcanicanis
    in reply to
    • Terry Hendrix II 🏹
    • djsumdog
    • PalePimp
    • lain
    • Hyperhidrosis

    There's cleared space around the stage, then a basic perimeter fence around that. Then the risers of attendees behind that (and the chairs in the front). The press were roaming within the cleared space, but probably not desired to be lingering behind the stage (but I don't know, I don't know what their SOP was).

    When you start hearing weird shit over radio chatter, then those in a security role start to get tense and probably start actually enforcing things more seriously. I don't think that's a big stretch.

    It was supposedly less than a one minute time-window between confirming the anomaly upfront, and the incident happening. A whole cascade of events can happen within ~30 seconds of from hearing something like "There is a confirmed shooter on the roof!" of something, from a department of people that only met probably a few hours/day before (such as being a Secret Service agent hearing something on talkgroup shared with local PD, likely not completely believing it at first, but enough to start getting shifty/paranoid).

    In conversation 12 months ago from were.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: www.stretch.It
      STRETCH.IT
  13. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Wednesday, 17-Jul-2024 14:03:23 JST arcanicanis arcanicanis
    in reply to
    • Terry Hendrix II 🏹
    • djsumdog
    • PalePimp
    • lain
    • Hyperhidrosis

    Or the Secret Service were shoo'ing them from a space they probably weren't permitted to be in to begin with, and it became push-comes-to-shove in lieu of possible escalating radio chatter about a suspicious person.

    I believe it was less than a minute before the incident, is when a law enforcement officer climbed the ladder to the roof the shooter was at, had the rifle turned on them, and supposedly the officer ducked back down and could have radio'ed it in. I believe it was shortly after being discovered that the assailant suddenly rushed into committing their act.

    Meanwhile, from the perspective of the agent behind the stage, it was probably getting into a "shit is getting really weird" situation, and probably then started enforcing control of the spaces where even the press shouldn't be lingering, especially if someone were to quickly weasel their way over the back fence, between the blob of press, and pull some unknown stunt. If the space behind the stage is clear, then it's easier to body someone to the ground if they leap the partition. While if it happens from the front, then everyone can see it and react faster.

    I'm aware there were reports and indicators possibly up to even 30 minutes in advance of the incident, but meanwhile everyone else enforcing security only have the understanding solely from the location they're posted, and from potentially vague/cryptic details exchanged over radio. Only the sniper team on the top of the barn were those with a far more holistic vantage point of the situation, while the rest of the security were probably posted primarily around the stage and literally 'playing it by ear', with some of the reports seeming unusually surreal to be believed.

    When you do security for an event and have to work with people that are terrible at describing something or bad at clearly enunciating their words (or the fact of some digital modes butcher the quality of the audio significantly, especially with the vocoder used in P25), it's another thing that can just add to the mess of inaction.

    And to clarify: I'm not saying the security failure was excusable in any way; I'm just trying to give some first-person-like perspective to possibly contextualize it.

    In conversation 12 months ago from were.social permalink
  14. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Monday, 08-Jul-2024 06:27:38 JST arcanicanis arcanicanis
    in reply to
    • Morghur the Sealgave
    • Pawlicker

    Last I remember it only federates blog posts and comments. If the purpose is a blog, then yes, I'm sure that's fully within the use-case. WordPress is fine and pretty mainstream, just don't install a lot of plugins as that increases security risk, as really anyone can publish a plugin (including a lot of web designers that think they know how to code).

    If you need any custom theme (or turning an existing design into a WordPress theme), guidance, or auditing, I can provide that.

    In conversation 12 months ago from were.social permalink
  15. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Monday, 08-Jul-2024 06:27:37 JST arcanicanis arcanicanis
    in reply to
    • Morghur the Sealgave
    • Pawlicker

    The point with a self-hosted WordPress install is you have full autonomy over your own website/blog, and nobody can interfere with that.

    If you use the SaaS WordPress.com offering, then I'm sure it's not much different of a situation than Substack, other than far more customization.

    Edit: additionally, with self-hosted WordPress---it's probably the easiest web application to install on conventional web hosting (LAMP stack) that usually the layperson is able to figure out themself and maintain. And is meant to be widely supported over a broad range of environments or PHP versions, unlike most 'modern' software that's so brittle (and often only deployable via Docker or similar).

    In conversation 12 months ago from were.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: s1.wp.com
      WordPress.com: Fast, Secure Managed WordPress Hosting
      from @wordpressdotcom
      Create a free website or build a blog with ease on WordPress.com. Dozens of free, customizable, mobile-ready designs and themes. Free hosting and support.
  16. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Monday, 08-Jul-2024 06:27:35 JST arcanicanis arcanicanis
    in reply to
    • Morghur the Sealgave
    • Pawlicker

    I mean, hell, I can just start a managed hosting service (under my pseudonym; I already do such professionally) if there's a market for it on fedi. Just a decade ago it wasn't perceived as that much of a hurdle, as people would pursue through it.

    In conversation 12 months ago from were.social permalink
  17. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Tuesday, 07-May-2024 05:42:41 JST arcanicanis arcanicanis
    in reply to
    • silverpill
    • Nimda
    • Harblinger

    It seems like there's inbound federation issues with chat.wizard.casa. The server-to-server port (tcp/5269) is not open, and there's no SRV record at _xmpp-server._tcp.chat.wizard.casa that indicates another host/post otherwise.

    In conversation about a year ago from were.social permalink
  18. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Tuesday, 07-May-2024 05:42:40 JST arcanicanis arcanicanis
    in reply to
    • silverpill
    • Nimda
    • Harblinger

    It seems to federating inward properly now. The predicament that made this easy to overlook is: when S2S connections are initiated outward, that same connection also gets used for inbound traffic from that server too (BiDi).

    Meanwhile, if a server wants to talk to chat.wizard.casa, it tries connecting to the S2S port, but can't if the port isn't open. It's only when someone on chat.wizard.casa initiates activity outward that it'd "start working" momentarily. But now that's resolved.

    Nonetheless, it's probably a usability bug with Dino worth reporting, if it's burying a more critical error (no S2S connectivity) under a lesser-error (can't discover OMEMO keys, because it can't even talk to the server).

    In conversation about a year ago from were.social permalink
  19. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Wednesday, 17-Apr-2024 14:55:18 JST arcanicanis arcanicanis

    The state of the modern web is fairly depressing, in some ways.

    ~15 years ago anyone could self-publish their own podcast, or even their periodic video series, right from their own website by just tossing up an RSS/Atom feed. And you could have frontends like Miro that would check for new uploads from the feed, and auto-download any recent podcasts/videos you don't have downloaded yet that you could watch offline anytime later, in a convenient video player. Slapping a URL into a feed aggregator wasn't too much to ask of a user. Now instead much of that's centrally-consolidated in a few platforms where you even have to pay a monthly subscription for the "privilege" of 'caching' a video for offline viewing...

    Or even just the state of "modern" platforms: I guess the generated DOM of a YouTube webpage is over 2MB of HTML, of over +10,000 elements in the DOM. According to the profiler, it's ~48MiB of in-memory representation for the DOM (+24,000 nodes), and ~48MiB for JavaScript state (640,000+ values). It's much less about optimization now, and more about lofty high-level toolings just to make it cheaper to shuffle around the design periodically. If you want to check for yourself: just open the inspector in the browser developer tools, select the <html> element, right-click, "copy Outer HTML" and paste it to a text editor, and watch it writhe in pain for a little while as it catches up with the clipboard, and save it. Ctrl+F for "</" for a weak estimate of HTML tag count.

    Or meanwhile being rendered "obsolete" (as a web developer) by retards with licensed site builder plugins, that still charge like $100+/hour anyway, to build a website on a third-party site builder plugin for WordPress (which already has a block-based editor), that requires at least 512MB of RAM (server-side) to just generate HTML/etc for ONE REQUEST. And where majority of these "professionals" don't even understand how HTTP or DNS works, or how to configure any of that.

    I hope there's at least some chance again for an indie web, or people bothering to make crap-less web applications, etc.

    In conversation about a year ago from were.social permalink

    Attachments


    1. https://were.social/media/d8de9801bfed346d5e8fabbac9825d478465aec63ca1f0b596c11a0ff0f8720e.png
  20. Embed this notice
    arcanicanis (arcanicanis@were.social)'s status on Saturday, 13-Apr-2024 19:54:21 JST arcanicanis arcanicanis
    in reply to
    • silverpill

    Right now on a Prosody server I have, with the daemon process running for 127 days straight, with 5 local users, +8 remote users, 9 connected servers is running at 161MB memory used.

    For ejabberd, running for over 3 weeks (after restarting for changes for Matrix bridging), 6 local users, (I don't have the other metrics readily accessible) is running at 115MB memory used.

    I do host were.chat, which is registration-by-invite (solely to reduce automated registration and bots), have the domain registered until at least year 2029, have active uptime monitoring and notification, and I tend to keep a deathgrip on keeping things online perpetually, even past their usefulness (such as keeping a forum online for 2 decades now, when it died in activity like a decade ago; and it's shifting into being hosted for preservation/archival sake at this point), so it's exceptionally unlikely that anything I run is going to just disappear.

    In conversation about a year ago from were.social permalink
  • Before

User actions

    arcanicanis

    arcanicanis

    Just a profusely verbose fediverse interloper

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          10459
          Member since
          18 Sep 2022
          Notices
          265
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.

          Embed this notice