Hi Fediverse denizens. I've been working on a project I hope will help Fediverse devs make software that federates across ALL services, not just Mastodon-plus-a-few-others.
-
@DrVeronikaCH there is a pause button on the lower right of the page that might help?
-
@darius There seems to be an overlap between this and https://funfedi.dev/support_tables/
Perhaps you can contribute to that project? It seems to be privacy-respecting because samples are generated locally
-
@silverpill yes! It came in my radar last week and I hope to contribute to their cc0 data as well
-
@darius What safeguards are there to ensure someone can't maliciously insert code that reveals the contents of posts and other PII? Trust?
-
@fembot yeah I'm running the code and you have to trust that I'm not putting evil stuff into it. Just like any other Fediverse server that way (I'm currently trusting that this message isn't getting used by your server to malicious ends)
-
@darius Thanks, I trust you Darius. I'm wondering about the ability of someone *else* to mess with the code along the way, which I gather is a weak spot of open source in general, trusted coders & servers aside.
-
@firecat I'm seeing posts from Misskey and Pixelfed without any issue. Could you please describe the issue you're referring to?
-
๐งฟ๐ชฌ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธreplied to Darius Kazemi last edited by
@darius is the idea to post to and read from live ActivityPub servers to analyze whether or not they adhere to specs?
-
Darius Kazemireplied to ๐งฟ๐ชฌ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ last edited by
@schizanon no, it's just to see what kind of data formats live activitypub servers use. Definitely no posting to servers here
-
@fembot sure - someone could run a separate server of this and make it malicious!
In terms of malicious code getting into this project via open source channels, I guess it's the same risk as any open source project. But it's a pretty small and uncomplex code base so I'm thinking it would be easy to spot that kind of thing
-
๐งฟ๐ชฌ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธreplied to Darius Kazemi last edited by
@darius how can you know what they use without using them?
-
Darius Kazemireplied to ๐งฟ๐ชฌ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ last edited by
@schizanon it's to identify problems as a first step prior to further investigation. But I need to know what software to investigate in the first place. I've already done a bunch of investigation myself that has led me to learning about lots of new to me projects and sleuthing in their federation source code
-
๐งฟ๐ชฌ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธreplied to Darius Kazemi last edited by
@darius so you're actually reading the source code for every AP impl? How will you know if they change?
-
Darius Kazemireplied to ๐งฟ๐ชฌ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ last edited by
@schizanon there's a whole community of researchers that keep track of source code on all sorts of projects. We work together to keep each other informed and this tool is a piece of that process
-
Darius Kazemireplied to ๐งฟ๐ชฌ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ last edited by
@schizanon there's a whole community of ActivityPub researchers that keep track of source code on all sorts of projects. We work together to keep each other informed and this tool is a piece of that process
-
@[email protected] Hey just an fyi, I sent an email and it bounced.
We could not deliver the attached mail for the following recipients. [email protected] at remote mailserver smtp.cyber.harvard.edu. (128.103.64.104): SMTPAddressFailedException: 450 4.1.1 <[email protected]>: Recipient address rejected: unverified address: unknown user: "fediverseobservatory" (450)
(this is what my mail provider sent, I am unsure if it's a configuration issue on harvard's side, or if I misspelled the email address) -
@[email protected] Sorry I didn't notice this! I can just copy down the email contents verbatim if that'd be better. Wanted to let you know in case you were wondering why nobody was inquiring
-
@puppygirlhornypost2 you can resend!! we had an early bug with the email address but it's sorted out
-
โจใกใใใฉโจ :sabakan: :mastodont:replied to Darius Kazemi last edited by
@darius First up: I think this is a great idea :neocat_thumbsup:
Something that I wonder, though, is how the service differentiates between fixed strings and variable strings. After all, there's no pattern matching that can be done to identify the string "Emoji" as fixed, but not do the same for a post's contents. Is that done based on frequency, or manual configuration, or maybe something completely different?
-
Darius Kazemireplied to โจใกใใใฉโจ :sabakan: :mastodont: last edited by
@mezzodrinker emoji is taken care of by the fact that I always record the content of a "type" field as-is, because that's a special property. Same with an "@context"
That's kinda all I need really! I just identify the metadata fields rather than trying to parse message content