Fedifyを開発していて気づいたことなんですが、MisskeyのActivityPubオブジェクトへのアクセス処理について少し疑問があります。リモートサーバーから、アクセス権限のあるアクターの有効なHTTP Signaturesを含むリクエストでフォロワー限定投稿やDMにアクセスしようとしても、Misskeyは内容を返さずに404を返すようです。どうやらMisskeyはHTTP Signaturesを検証せず、visibilityフィールド(publicとhome)だけを確認しているようです。
Mastodonの場合、authorized fetchを有効にすると、HTTP Signaturesを検証して、リクエストしているアクターに権限があれば内容を返します。MisskeyもMastodonのような仕組みを採用してくれたら、ActivityPubが意図しているアクセス制御のセマンティクスをより適切に尊重できるんじゃないかと思います。他の方も同じようなことに気づかれたことはありますか?それとも、Misskeyがこのような処理をしている特別な理由があるのでしょうか?
#Fedify #Misskey #ActivityPub #Mastodon #authorized_fetch #fedidev
While working on #Fedify, I noticed something about how #Misskey handles #ActivityPub object access. When a remote server requests a followers-only post or DM with a valid HTTP Signatures (draft-cavage) from an authorized actor, Misskey still returns 404 instead of the content. It seems Misskey only checks the visibility field (public/home) without verifying the signature at all.
#Mastodon takes a different approach—when #authorized_fetch is enabled, it validates the HTTP Signatures and returns the content if the requesting actor has permission. I think it would be beneficial if Misskey could adopt a similar mechanism, since it would better respect the access control semantics that ActivityPub intends. Has anyone else run into this, or are there specific reasons Misskey handles it this way?
RE: https://mastodon.social/@fediversereport/115905739520020086
It does feel like #activitypub has been frozen in amber, maybe this will help. I'm hoping #mastodon developers get involved or its very hard to see how things will change.
Especially the Live Online Account Portability stuff which #atprotocol just has from the get go.
@utf_7
You can think of #Pixelfed as an Instagram running on the #Fediverse.
The advantage is that Pixelfed also uses the #ActivityPub protocol, so you can follow a Pixelfed profile from your #Mastodon account. This means you don't necessarily need an account on a Pixelfed server to see the content.
Because my Mastodon server suddenly became inaccessible, I created a status monitor page, lol. At least this will help me see which side has gone wrong.
https://obulou-status.pikapod.net
#Mastodon #Fediverse #SelfHosting #Uptime #StatusPage #ServerMonitoring #Tech #DIY #OpenSource #InstanceDowntime #Malaysia #Seremban #Hosting #WebDev #Monitoring #Troubleshooting #Decentralized #ActivityPub #HomeLab #TechLife
Since I use custom markdown blocks for media posts, the raw markdown blocks were being rendered in Mastodon. That's now fixed and working as expected. Here's what that a media post (note with attachment) looks like.
I'm feeling really good about my implementation. I'll keep testing other post types but I'm feeling confident about deprovisioning my instance and moving entirely to my website soon.
Imagine there was a competing protocol for podcasting. Would that help or hurt the medium?
I say that in light of #ATproto and #ActivityPub, but also now seeing people who I thought were fedi folks, use something I think is called "smoke signal" instead of #owncast which has been around longer (and more independent afaik).
We're seeing people do amazing work and then be ignored cause VC connected new shit comes along. Their runway will last just long enough for popular resistance to falter.
Nostr - First Impressions
https://www.lqdev.me/posts/nostr-first-impressions
Meine Webseite https://Fotodrachen.de läuft auf WordPress, gehostet bei Hetzner. Ich habe das Plugin #ActivityPub installiert und konfiguriert und dann zum Test einen kleinen Blog-Beitrag geschrieben.
https://fotodrachen.de/ein-reim/
Ich kann den Benutzer und den Beitrag von meiner Webseite bei Mastodon nicht finden.
https://nrw.social/@Fotodrachen.de@Fotodrachen.de
Im Plugin wird kein Fehler angezeigt. Wie kann ich das debuggen?
#NeuHier #NeuHierFragen #ActivityPub