Notices by silverpill (silverpill@mitra.social)

Added new requirements to FEP-ef34:

https://codeberg.org/fediverse/fep/pulls/672

Previously the FEP put the burden of C2S validation solely on the originating server (producer), but I think it would be better to do corresponding security checks on the consumer side too:

- When fetching an object: verify that Content-Type includes one of the AP & AS media types.
- When verifying a signature: also perform same-owner check and verify key ownership.

Both are already considered good practices in the Fediverse.

I also attempted to clarify how fetching from origin (authentication) is related to access control (authorization).

#fep_fe34

@hongminhee FEP-3b86 defines many such relations:

https://codeberg.org/fediverse/fep/src/branch/main/fep/3b86/fep-3b86.md

@aslakr Do you know any Fediverse platform that uses it?

@helge Speaking of rare HTML tags, I have a couple of interesting samples:

- Lemmy & <details>: https://lemmy.ml/post/35567240
- PieFed & <table>: https://piefed.social/post/1044396

I think Solid had some interesting ideas, but was ruined by Linked Data.
ActivityPub has a chance of evolving into something like Solid, but better.

Actually, I am already using a single account for interacting with most Fediverse apps. Aren't you on Mbin? I thought it also can interact with blogs, forums and everything in between

I don't like the idea, but at least one such application is already being developed:

https://codeberg.org/rozodru/Bridge

@chanology Right-click on the image in the browser, and then "Copy image link / address".

I would like to use a single account for everything, rather than separate accounts for different kinds of content. A server that works like super-app.

@sendpaws

>Right now for example, Misskey galleries don’t federate between instances.

I think federated galleries in AP won't be difficult to implement. Some software from Hubzilla family may already have photo albums. If not, featured / pinned posts would be a good inspiration (under the hood it's a collection of posts).

>golang

But if you choose Rust, you'll be able to use my AP toolkit

Recent context collection news, in case you've missed:

- Mastodon: PR open
- Lemmy: PR merged

@chanology The syntax appears to be correct, but do you have this emoji on your current instance? This command only works with emojis that are already saved.

If emoji is not saved, you can use another command:

@gabriel Yeah, some even theorized that forcing Monero to switch to PoS is the real purpose of Qubic:

https://github.com/monero-project/research-lab/issues/143

cc @hongminhee

New compatibility table at funfedi.dev: JSON-LD @context

https://funfedi.dev/support_tables/generated/context/

6 out of 9 implementations accept any @context value. But Mastodon, Hollo and Friendica reject activity entirely if https://www.w3.org/ns/activitystreams is not included in @context. Mastodon probably does this for no reason, but what about #Friendica and #Hollo?

#ActivityPub specification, section 3. Objects:

Implementers SHOULD include the ActivityPub context in their object definitions. Implementers MAY include additional context as appropriate.

ActivityPub context is recommended, but not required.

@streamsgarden @billstatler Interesting! I knew about this project but didn't realize they plan to use FEP-ef61

@gabriel Is it your post? About the Monero community

@kopper If you want to test it in the real world, Tootik and Mitra support HTTP signatures in combination with Ed25519 keys.

@dimkr This actor forwards Create activities from other people to @nomad

cc @dimkr

So, Discourse needs to be able to follow remote groups?

I still don't quite understand the problem. In my view, broadcasting content is the primary function of a Group, and I don't like when random fedi posts appear in the "Latest" timeline: https://socialhub.activitypub.rocks/latest

@cheeaun The icon near the "Post" button, is it for choosing visibility?

@tadano If you're going to do this, keep in mind that import-posts doesn't import attachments. This will be added in the next version.

@phnt @ex