@silverpill@steve Fair enough - but in that case I'd suggest linking to a description of the attacks, so that readers can judge the importance for themselves. It's very easy to overlook things like this if nobody's told you that they exist.
@silverpill@steve One suggestion: the content negotiation section should, IMHO, be phrased as a "MUST" level requirement, in the light of the attacks on Mastodon that were discovered at around the turn of the year. That is, senders MUST set the correct Content-Type, and receivers MUST reject any message without it set correctly.
@crepels Nice article! In particular, this is the best explanation I've seen yet of the "infinite signature recursion" problem, and the way around it.
I haven't tried to talk to Threads from my own toy implementation yet. I have a suspicion that the "instance actor" requirement is going to give me a headache.
Mid-40s techie living in #Ely, #Cambridgeshire, UK. Mostly low-level software with bits of #ASIC and #FPGA stuff, #electronics, #RF. Discoverer of the "Snark" in #ConwaysLife. Currently working on memory subsystems for packet matching and filtering in high-speed networking equipment.Player of #Ingress, under the name "Wrongfellow". I've used this name elsewhere, too.#Dog and #cat lover. Drinker of #ale and #cider. Occasional #CAMRA and #beer #festival volunteer.