🆕 blog!
Uncategorized
13
Posts
5
Posters
17
Views
-
🆕 blog! “Alpha launch - .well-known/avatar - feedback wanted”
I've gotten sufficiently annoyed with a trivial problem that I'm preparing to write an IETF RFC. Yeah. That's how ticked off I am!
Every site that I sign up for asks me to upload an avatar to represent myself. Whenever I change my photo, I have to log in to a hundred sites and change it…
👀 Read more: https://shkspr.mobi/blog/2025/10/alpha-launch-well-known-avatar-feedback-wanted/
⸻
#IETF #ReDeCentralize #standards #web@Edent my site is statically hosted, I'm not sure I can return different stuff based on the content header.
What about .well-known/avatar.(json|png|jpg|etc) As a fall back option?
-
@Edent my site is statically hosted, I'm not sure I can return different stuff based on the content header.
What about .well-known/avatar.(json|png|jpg|etc) As a fall back option?
@emily_s That's a reasonable point.
For a static site with only one user, you can just save a .jpg as `avatar` (without the file extension and it'll be served up.
-
🆕 blog! “Alpha launch - .well-known/avatar - feedback wanted”
I've gotten sufficiently annoyed with a trivial problem that I'm preparing to write an IETF RFC. Yeah. That's how ticked off I am!
Every site that I sign up for asks me to upload an avatar to represent myself. Whenever I change my photo, I have to log in to a hundred sites and change it…
👀 Read more: https://shkspr.mobi/blog/2025/10/alpha-launch-well-known-avatar-feedback-wanted/
⸻
#IETF #ReDeCentralize #standards #web@Edent would using a hash of the email address in its place improve privacy? 🤔
-
@Edent would using a hash of the email address in its place improve privacy? 🤔
@db Not really. You've given your email address to the service - so they know it.
-
@db Not really. You've given your email address to the service - so they know it.
@Edent I'm just imaging some service hot-linking the image and exposing the URL on the front-end
-
@Edent I'm just imaging some service hot-linking the image and exposing the URL on the front-end
@Edent and URLs/requests find their way into access logs etc
-
@Edent and URLs/requests find their way into access logs etc
@db I agree that people shouldn't hotlink the images.
But as for logs, the domain serving your avatar already knows your address and should already restrict sensitive logging.
-
🆕 blog! “Alpha launch - .well-known/avatar - feedback wanted”
I've gotten sufficiently annoyed with a trivial problem that I'm preparing to write an IETF RFC. Yeah. That's how ticked off I am!
Every site that I sign up for asks me to upload an avatar to represent myself. Whenever I change my photo, I have to log in to a hundred sites and change it…
👀 Read more: https://shkspr.mobi/blog/2025/10/alpha-launch-well-known-avatar-feedback-wanted/
⸻
#IETF #ReDeCentralize #standards #web@Edent Big fan of the decentralization goal! Also curious about what can be learned from Gravatar (what to do, or what not to do). Since quite a few sites do use them, I wonder if having some compatibility with their "API" could be beneficial, to reduce implementation friction. (Edit: also curious about what drove their choice to use hashes)
I also wonder about how the standard would handle "wild success" - if Gmail or Yahoo wanted to implement it, how would that shift the requirements (including non-functional requirements like security)?
Great idea, good for you for tackling the general case!
-
@Edent Big fan of the decentralization goal! Also curious about what can be learned from Gravatar (what to do, or what not to do). Since quite a few sites do use them, I wonder if having some compatibility with their "API" could be beneficial, to reduce implementation friction. (Edit: also curious about what drove their choice to use hashes)
I also wonder about how the standard would handle "wild success" - if Gmail or Yahoo wanted to implement it, how would that shift the requirements (including non-functional requirements like security)?
Great idea, good for you for tackling the general case!
@tychotithonus Gravatar works in a world where everyone only has one email address.
There's always a risk that a large organisation could add weird and proprietary extension.
-
@tychotithonus Gravatar works in a world where everyone only has one email address.
There's always a risk that a large organisation could add weird and proprietary extension.
@Edent Could you elaborate a little? Gravatar also works if you have 15 email addresses (source: me 😅).
And good point about proprietary extensions. One design goal might be to try to preemptively solve what they would try to extend in advance. (Not that that's easy.) I only suggested it as a thought experiment for exploring the problem space, for potential improvements to your own standard. 🤝
-
@Edent Could you elaborate a little? Gravatar also works if you have 15 email addresses (source: me 😅).
And good point about proprietary extensions. One design goal might be to try to preemptively solve what they would try to extend in advance. (Not that that's easy.) I only suggested it as a thought experiment for exploring the problem space, for potential improvements to your own standard. 🤝
@tychotithonus
It does - but I've found that I have to add each email address manually.
I can't have a gravatar of *@example.com -
🆕 blog! “Alpha launch - .well-known/avatar - feedback wanted”
I've gotten sufficiently annoyed with a trivial problem that I'm preparing to write an IETF RFC. Yeah. That's how ticked off I am!
Every site that I sign up for asks me to upload an avatar to represent myself. Whenever I change my photo, I have to log in to a hundred sites and change it…
👀 Read more: https://shkspr.mobi/blog/2025/10/alpha-launch-well-known-avatar-feedback-wanted/
⸻
#IETF #ReDeCentralize #standards #webedent@mastodon.social if you're tying an avatar to a domain, why not just declare a TXT record instead?
That's software agnostic too.
I will now proceed to read the blog post in case you already talked about that 😝
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Bonjour @Neko0001 et bonne journée.
-
@aeva planet earth. all my constituent particles are loaners and shall be recycled eventually
-
@aeva My cat, most likely
-
@aeva@mastodon.gamedev.place my many, many creditors.
-
RE: https://infosec.exchange/@sophieschmieg/116218879218610494
Yay test vectors!
I will write properly about this, but we are going pretty far to test ML-DSA *and make it easy to test,* so I am hopeful ML-DSA bugs will be rare compared to classical [EC|Ed]DSA bugs.
These test gaps were identified by writing multiple alternative ML-DSA implementations and mutation testing *those* to find missing vectors to then bring back to the Go implementation, and share on Wycheproof.
-
Damnit Pokopia for making me kinda want to get a Switch 2 :\
-
@lynnesbian so good, I boosted it twice.
-
@aeva@mastodon.gamedev.place whoever it is, that contract was void and unenforceable, so they owe me so much money
