@osma@mas.to avatar

osma

@[email protected]

Also at: https://social.fishpool.org/@osma/ (self-hosted) https://me.dm/@osma (Medium) https://pixelfed.social/osma (Pictures)

Systems, organizations, products, platforms, software, science, and a little bit of politics. Whatever you think I identify with, I probably don't. Searchable on #tootfinder

This profile is from a federated server and may be incomplete. Browse more on the original instance.

osma, to random
@osma@mas.to avatar

A case of spec ambiguity, maybe? I can't find a mention in WebFinger or ActivityPub specs of usernames being case insensitive. Are @osma and @osma referring to the same actor? Is that up to implementation? How does a remote server determine which is correct?

Edit: I wrote above (at)[email protected] and (at)[email protected], but some part of the stack converted both to a lowercase mention during posting. I don't know which part, and what specs describes that.

osma,
@osma@mas.to avatar

Watching my own server incoming stream, I have noticed for example that [email protected] and [email protected] both appear. I don't see an automatic method for determining whether they're distinct entities. The actor_uri's appear to resolve to the same thing with a different (case sensitive) URL.
https://lemmy.ml/u/Fediverse
https://lemmy.ml/u/fediverse

osma,
@osma@mas.to avatar

ActivityStreams identifies actors by id (IRI, which by convention but not by spec is URL): https://www.w3.org/TR/activitystreams-core/#actors. This spec makes no use of [email protected] style mentions, because those come from WebFinger. "All URIs are IRIs" (modulo Unicode), and all URLs are URIs. RFC 3986 states in reference to all but the scheme and host components:

> The other generic syntax components are assumed to be case-sensitive unless specifically defined otherwise by the scheme

osma,
@osma@mas.to avatar

@aslakr
Thanks. This is closest to the topic among everything I've seen, but I just can't place where it says unambiguously whether case should be folded or not. For example:

> If an application needs to compare two 'acct' URIs (e.g., for purposes of authentication and authorization), it MUST do so using case normalization and percent-encoding normalization as specified in Sections 6.2.2.1 and 6.2.2.2 of [RFC3986].

..only refer to scheme, host and percent-encoding.

osma,
@osma@mas.to avatar

@aslakr
I googled for various combinations of keywords on this, and couldn't find anything that would tie ActivityPub, ActivityStreams, or WebFinger to the UsernameCaseMapped or -Preserved profiles.

osma,
@osma@mas.to avatar

WebFinger uses the acct URI scheme [RFC 7565], which says "The userpart consists only of Unicode code points that conform to the PRECIS IdentifierClass specified in [RFC7564]", and refers to case folding/normalization ONLY wrt scheme, host and percent-encoding, not the username.

There is a UsernameCaseMapped profile for IdentifierClass [RFC 8265], but no ActivityPub related spec refers to it. Thanks to @aslakr for the references!

osma,
@osma@mas.to avatar

@mikedev
Yep. I only ran into this when my server received messages with mixed conventions... Didn't have a unique lowercase index on the actors, so ended up having two records for the "same" one -- for informal understandings of sameness.

jerry, (edited ) to random
@jerry@infosec.exchange avatar

Pardon the intrusion. Many thanks to those people who donate to support the fediverse instance(s) you use. Nearly all fediverse instances are free to join and use, but they are not free to run. Most instance operators donate tremendous personal time and money because we believe in a better, more privacy conscious social media and we love the growing community that exists here.

These are tough financial times for many. I believe it is important for people going through rough times to have an access to this social outlet. If you are in a position to do so, please consider setting up a monthly donation to support your instance. You can usually find information on how to do so on the About page of your instance. For example, https://infosec.exchange/about. In my experience, most donors contribute between $5 and $20 per month, with some less and some more.

The fediverse doesn’t sell your data or monetize your social activities, which is how nearly all other commercial social networks pay their bills. We generally are dependent on donations from ourselves and from the people using the instance.

For Infosec.exchange, the bills are about $3000US per month, between server rentals, storage providers, and content delivery services. (If you’re curious, that’s $2k to Hetzner for servers, $300 to Wasabi and Backblaze for storage and backups, and $400-$700 for Bunny and Fastly - and this includes all the various mastodon, peertube, pixelfed, lemmy, bookwyrm, firefish, and other servers). I am fortunate that our donations usually come close to covering the bills. Sometimes a bit more, sometimes less. That’s not the case for many instances, though.

Again, donating is voluntary and not required and there is zero problems with those who can’t afford it. At the same time, donations keep this thing called the fediverse alive, and without them, we won’t go far.

I sincerely appreciate being a part of this community and hope you have a great October.

osma,
@osma@mas.to avatar

@skorgu
fedidb.org conveniently provides the public stats of infosec.exchange, too. At 60k total and 18k monthly users, the marginal cost would be close enough to $0.16 per month (taking the active users, since those are the ones more connected to cost base). Most do not, of course, donate, and I don't think Jerry would even expect them to do so. That's why the volunteers donors matter so much.
@jerry

osma,
@osma@mas.to avatar

@jerry
In a past life, I was CTO for a free-to-play games company. You don't need to tell me about those percentages :D

osma,
@osma@mas.to avatar

@jerry
Did 4.2 extend the coverage or demand of the search index enough to noticeably impact your cost base? I suppose between all the software you host, Elastic might have been pretty high utilization already.

osma, to random
@osma@mas.to avatar

Various cool, small projects here in @dansup replies, including a Tumblr -like blog host server that publishes to AP.

https://mastodon.social/@dansup/110887099414417337

darnell, to random
@darnell@one.darnell.one avatar

The flagship instance is experiencing growing pains, but is also discouraging residents in (or rather the 🇪🇺) from signing up due to issues.

👉🏾 https://darnell.day/misskey-io-20-000-new-users-daily-discourages-europeans-from-signing-up-over

Too long; Did Not Read:

👉🏾 Misskey (https://misskey.io) signing up 20,000 new users per day
👉🏾 After consulting lawyers, Misskey.io will now discourage Europeans from signing up
👉🏾 could fill in the vacuum in Europe

osma,
@osma@mas.to avatar

@darnell
That basically is a public admission that Misskey admins are not sufficiently competent to protect data about people, and everyone should be discouraged about signing up there.

Remember

osma,
@osma@mas.to avatar

@darnell @jdp23
Incorrect. You need to:

  • not collect personal data, or
  • inform people why you are collecting it, and
  • offer them the easy opportunity to say no, BEFORE you do that collection
  • not deny service you can perform without data collection

Nothing there says you have to have a popup. That's a convenience lazy designers and companies offering data collection services came up with.

@strypey

osma,
@osma@mas.to avatar

@darnell
That's a misinterpretation of GDPR erasure clauses. If the original text is hard to understand, perhaps this makes it clearer.
https://www.dataprotection.ie/en/individuals/know-your-rights/right-erasure-articles-17-19-gdpr

osma, to random
@osma@mas.to avatar

A few days ago I suggested that once Meta's Threads launches, its focus probably will be in groups - either public or semi-private. The details of what that could mean are in this thread.
https://social.fishpool.org/@[email protected]/posts/193897234189601792/

Earlier, I asked why Strava hasn't integrated with .
https://mas.to/@osma/110371213306088525

Now, consider these two items in combination. A lot of athletes are sharing their training and competition diaries with fans in apps like Strava as well as Instagram. AP could link them together.

osma, to fediverse
@osma@mas.to avatar

The Big Social score so far:

  • Twitter: burning
  • Reddit: detonated a bomb under itself
  • Meta: rumored to join with a new app
  • YouTube: videos were always 2nd to "native" ones on the other networks, but they could trivially open an firehose (and maintain their preroll ads while doing so)
  • rest of Google: never found organic success and don't have a bet in the game apart from wanting to index everything

No predictions here, just stating the obvious. @fediverse

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • KamenRider
  • TheResearchGuardian
  • KbinCafe
  • Socialism
  • oklahoma
  • SuperSentai
  • feritale
  • All magazines
    •