GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by marius (mariusor@metalhead.club)

  1. Embed this notice
    marius (mariusor@metalhead.club)'s status on Saturday, 18-Jul-2026 03:32:59 JST marius marius
    in reply to
    • Gregory
    • silverpill

    @silverpill yep. Your bane, more JSON-LD bullshit. :D

    @grishka

    In conversation about 15 hours ago from metalhead.club permalink
  2. Embed this notice
    marius (mariusor@metalhead.club)'s status on Saturday, 18-Jul-2026 03:19:44 JST marius marius
    in reply to
    • Gregory
    • silverpill

    @silverpill are we allowing Mastodon guide ActivityPub development again, when alternatives exist?

    @grishka

    In conversation about 15 hours ago from metalhead.club permalink
  3. Embed this notice
    marius (mariusor@metalhead.club)'s status on Saturday, 18-Jul-2026 02:39:37 JST marius marius
    in reply to
    • Gregory

    @grishka yeah, ed25519 for some of my actors supported by GoActivityPub. (Well, it could be anything that the Go crypto library supports, but only ed25519 is in some use)

    In conversation about 16 hours ago from metalhead.club permalink
  4. Embed this notice
    marius (mariusor@metalhead.club)'s status on Monday, 29-Jun-2026 04:05:18 JST marius marius
    • silverpill

    @silverpill with the risk of repeating myself: the organization should be the server!11

    In conversation about 20 days ago from metalhead.club permalink
  5. Embed this notice
    marius (mariusor@metalhead.club)'s status on Wednesday, 17-Jun-2026 03:56:45 JST marius marius
    in reply to
    • silverpill

    @silverpill in the context of Mastodon's FEP, perhaps cache poisoning could be a problem, but from the context of ActivityPub, there's no "cache poisoning" because the canonical version of an object is the one the server retrieves explicitly based on its ID, anything else is hearsay and should not be trusted by default.

    Also I find very hard to reason about what you call "cache poisoning" when the entity that serves the object is the same with the one that sends the activity.

    In conversation about a month ago from metalhead.club permalink
  6. Embed this notice
    marius (mariusor@metalhead.club)'s status on Sunday, 14-Jun-2026 23:33:46 JST marius marius
    in reply to
    • silverpill

    @silverpill hypothetically the last one is the one I find the most consistent with the way I interpreted the Activity vocabulary spec, and the way I implemented the ActivityPub processing state machine.

    In conversation about a month ago from metalhead.club permalink
  7. Embed this notice
    marius (mariusor@metalhead.club)'s status on Sunday, 14-Jun-2026 22:30:34 JST marius marius
    in reply to
    • silverpill

    @silverpill wrong about thinking that the activity type is the only meaningful information about the side-effect of its reception.

    The official specification already has a case where Create/Delete have slightly different logic based on their objects:

    https://www.w3.org/TR/activitystreams-vocabulary/#h-motivations-crud

    vs.

    https://www.w3.org/TR/activitystreams-vocabulary/#h-motivations-relationships

    PS. I'm not defending the Mastodon FEP, but clarifying that the underlying assumption of using existing vocabulary for what is basically the same operation, be it on different object types, makes sense.

    In conversation about a month ago from metalhead.club permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Activity Vocabulary
  8. Embed this notice
    marius (mariusor@metalhead.club)'s status on Sunday, 14-Jun-2026 22:07:54 JST marius marius
    in reply to
    • silverpill

    @silverpill I think you're wrong. It feels perfectly natural that the same activity can be used with different objects. That's the whole purpose of the Activity vocabulary itself being split between activities and objects, isn't it?

    And yes, that sometimes means that different side-effects need to be implemented for processing the same type of activity.

    In conversation about a month ago from metalhead.club permalink
  9. Embed this notice
    marius (mariusor@metalhead.club)'s status on Friday, 05-Jun-2026 20:20:16 JST marius marius
    in reply to
    • Evan Prodromou

    @evan I've noticed that the public ActivityPub objects from tagspub are all behind CORS.

    Can this be relaxed/removed? For one of my projects that fetches them directly from the frontend, it forces a second request through the proxyURL mechanism when the first one fails due to CORS.

    In conversation about a month ago from metalhead.club permalink
  10. Embed this notice
    marius (mariusor@metalhead.club)'s status on Friday, 05-Jun-2026 01:12:14 JST marius marius
    in reply to
    • silverpill

    https://metalhead.club/@mariusor/116691230280367219

    @silverpill I wonder if this might have been also the culprit for why ONI was failing your otherwise correct RFC9421 signature requests.

    :think_bread:

    In conversation about a month ago from metalhead.club permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      marius (@mariusor@metalhead.club)
      from marius
      @dmathieu@fosstodon.org OK, found a bug in my code... the signing for key fetches expects some headers that were not in the request I was building. I'll deploy a fix sometime today. Thanx.
  11. Embed this notice
    marius (mariusor@metalhead.club)'s status on Friday, 29-May-2026 18:37:26 JST marius marius

    So on my ONI instance that I've been use as an alternative fediverse profile for myself for about two years, the full storage used is about 3.4G, but out of that there's 2.5G containing mostly the Delete activities of mastodon.social. Crazy.

    #mastodev #fediverse #ActivityPubDev #ActivityPub

    In conversation about 2 months ago from metalhead.club permalink
  12. Embed this notice
    marius (mariusor@metalhead.club)'s status on Tuesday, 19-May-2026 12:07:36 JST marius marius
    in reply to
    • silverpill
    • Damien

    @dmathieu and a link to where the behaviour is described in the spec: https://www.w3.org/TR/activitypub/#accept-activity-inbox

    @silverpill

    In conversation about 2 months ago from metalhead.club permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: www.w3.org
      ActivityPub
      The ActivityPub protocol is a decentralized social networking protocol based upon the [ActivityStreams] 2.0 data format. It provides a client to server API for creating, updating and deleting content, as well as a federated server to server API for delivering notifications and content.
  13. Embed this notice
    marius (mariusor@metalhead.club)'s status on Monday, 18-May-2026 01:59:20 JST marius marius
    in reply to
    • silverpill
    • Todd Sundsted

    @toddsundsted "being unable" or "no project has support for them" ?

    @silverpill

    In conversation about 2 months ago from metalhead.club permalink
  14. Embed this notice
    marius (mariusor@metalhead.club)'s status on Sunday, 17-May-2026 06:38:00 JST marius marius
    in reply to
    • silverpill

    @silverpill to come back to this, I have added both this example and one of your original requests to the unit-tests, and they both validate correctly.

    So I still have no idea why this is failing in production. The only thing I can think of is the http proxy messing with the value of the "target-uri" parameter.

    In conversation about 2 months ago from metalhead.club permalink

    Attachments


  15. Embed this notice
    marius (mariusor@metalhead.club)'s status on Saturday, 09-May-2026 04:42:08 JST marius marius
    in reply to
    • silverpill
    • marius
    • Marius

    @silverpill ok, cool, that makes sense too.

    Would it be too much trouble for you to create a minimum example that generates a signature using your libraries so I can adapt it to test on my dev setup?

    @marius@marius.federated.id @marius@federated.id

    In conversation about 2 months ago from metalhead.club permalink
  16. Embed this notice
    marius (mariusor@metalhead.club)'s status on Saturday, 09-May-2026 02:15:37 JST marius marius
    in reply to
    • silverpill
    • marius
    • Marius

    @silverpill damn, I didn't have debugging enabled after restarting the server. I found the request, but the errors are not very enlightening on signature check failure.

    Could you do another one please. 🙇

    @marius@marius.federated.id @marius@federated.id

    In conversation about 2 months ago from metalhead.club permalink
  17. Embed this notice
    marius (mariusor@metalhead.club)'s status on Saturday, 09-May-2026 02:15:35 JST marius marius
    in reply to
    • silverpill
    • marius
    • Marius

    @silverpill gaaah!! 😱
    Thank you.

    The log is just telling me the signature failed verification:

    err="actor IRI https://mitra.social/users/silverpill: verification failed: invalid signature: crypto/rsa: verification error"

    Did you by any chance update your key recently? (I might use a locally cached version that's out of date, version in cache is since May 2025)

    @marius@marius.federated.id @marius@federated.id

    In conversation about 2 months ago from metalhead.club permalink

    Attachments


  18. Embed this notice
    marius (mariusor@metalhead.club)'s status on Saturday, 09-May-2026 02:15:33 JST marius marius
    in reply to
    • silverpill
    • marius
    • Marius

    > I might use a locally cached version that's out of date

    @silverpill it's not that, the key online matches the public key in cache.

    Have you tested the key generation against some known vectors?

    The only explanation I can come up with is that the signature is somehow incorrect... :(

    (On my side I checked the verifier against the test examples given in the RFC9421, so I'm 90% confident the code should work as intended)

    @marius@marius.federated.id @marius@federated.id

    In conversation about 2 months ago from metalhead.club permalink
  19. Embed this notice
    marius (mariusor@metalhead.club)'s status on Friday, 08-May-2026 20:47:37 JST marius marius
    in reply to
    • David Chisnall (*Now with 50% more sarcasm!*)

    @david_chisnall as far as I remember Firefox also bundles an LLM with the install (useful at least for in browser translations) but it still manages to keep the size reasonable...

    In conversation about 2 months ago from metalhead.club permalink
  20. Embed this notice
    marius (mariusor@metalhead.club)'s status on Friday, 08-May-2026 20:23:11 JST marius marius
    in reply to
    • silverpill
    • marius
    • Marius

    @silverpill when you get a chance, please send another request. While waiting for the upstream to solve the issue, I fixed on my end trying to validate missing nonces.

    @marius@marius.federated.id @marius@federated.id

    In conversation about 2 months ago from metalhead.club permalink
  • Before

User actions

    marius

    marius

    Mostly a programmer.Implementing #ActivityPub in the #Go programming language.Current projects: * #GoActivityPub - a library to use ActivityPub in Go. * #FedBOX - a generic ActivityPub service supporting the client to server API. * #brutalinks - a link aggregator inspired by (old) reddit, hacker news and lobste.rs built on top of FedBOX. * #oni - a single user ActivityPub server with minimal fuss.My posts are mostly related to ActivityPub and web development.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          7165
          Member since
          25 Aug 2022
          Notices
          240
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.