Hi Fediverse denizens. I've been working on a project I hope will help Fediverse devs make software that federates across ALL services, not just Mastodon-plus-a-few-others.
-
@ireneista 100% correct! That's the idea. Release a version that's very safe, see how useful it is, figure out the gaps, figure out how to safely address those gaps, do another public comment period, rinse and repeat
-
Darius Kazemireplied to Steffo :deadlock_dynamo: last edited by
@steffo yes actually I'm turning this server into a relay itself! So you can just join the relay in order to opt in. It'll be a kind of fake relay where data flows in (and gets scrubbed) but no data flows out
-
@puppygirlhornypost2 @steffo I'm open to that for future iterations if I can figure out how to do that as a safe opt in. But I'm also big on incremental development so I'm building this part first
-
@bnewbold yeah for sure, if I can create something lile caniuse that would be huge! That's been a goal of mine the whole time really though I'm not there yet
-
Darius Kazemireplied to NeoDB Open Source Software last edited by
@neodb correct and I will do so (I already have nodeinfo working)
-
Darius Kazemireplied to Jen :TransButterfly: :3hearts: :Green: last edited by
@SymTrkl yeah I've already noticed that! I considered scrubbing stuff past the + in the semver (so no additional data like most recent commit hash etc) but also kind of the point here is to find patterns from edge cases.
I wonder though, maybe what I'll do is anonymize extra metadata in the semver for enumerated software for a given schema until there are at least N servers emitting that schema.
-
@puppygirlhornypost2 I might be able to make it work as an opt in relay that DOES work with authorized fetch. We'll see
-
Veronika Cheplyginareplied to Darius Kazemi last edited by
@darius I think I support this but the scrolling thing on the side makes it difficult to read the thing
-
Darius Kazemireplied to Mike [SEC=OFFICIAL] last edited by
@mike sorry, I don't control the lab website and I'm salty about some of our choices. Will pass this on to the people in charge
-
Darius Kazemireplied to Veronika Cheplygina last edited by
@DrVeronikaCH I would like it to go away too. I agree with you
-
@DrVeronikaCH there is a pause button on the lower right of the page that might help?
-
@darius There seems to be an overlap between this and https://funfedi.dev/support_tables/
Perhaps you can contribute to that project? It seems to be privacy-respecting because samples are generated locally
-
@silverpill yes! It came in my radar last week and I hope to contribute to their cc0 data as well
-
@darius What safeguards are there to ensure someone can't maliciously insert code that reveals the contents of posts and other PII? Trust?
-
@fembot yeah I'm running the code and you have to trust that I'm not putting evil stuff into it. Just like any other Fediverse server that way (I'm currently trusting that this message isn't getting used by your server to malicious ends)
-
@darius Thanks, I trust you Darius. I'm wondering about the ability of someone *else* to mess with the code along the way, which I gather is a weak spot of open source in general, trusted coders & servers aside.
-
@firecat I'm seeing posts from Misskey and Pixelfed without any issue. Could you please describe the issue you're referring to?
-
@darius is the idea to post to and read from live ActivityPub servers to analyze whether or not they adhere to specs?
-
@schizanon no, it's just to see what kind of data formats live activitypub servers use. Definitely no posting to servers here
-
@fembot sure - someone could run a separate server of this and make it malicious!
In terms of malicious code getting into this project via open source channels, I guess it's the same risk as any open source project. But it's a pretty small and uncomplex code base so I'm thinking it would be easy to spot that kind of thing
