My position on ATProto, as a protocol, is that the Good Part is the PDS¹.
-
@mcc the web has 5 billion users and i'm the only one on my website. we really ought to be looking at how to establish identity, auth, etc cross-site on the web instead of tying it all up into platforms...
@trwnh @mcc This is one of the big goals of the IndieWeb initiative, and something I've been trying really hard to support for years now.
IndieAuth is a pretty good identity/auth spec. TicketAuth is at least in principle a good way of providing automation for feed readers (although nobody supports it as a consumer, and only a handful support it as a publisher). The lack of adoption outside of IndieWeb is frustrating to see.
-
@trwnh @mcc This is one of the big goals of the IndieWeb initiative, and something I've been trying really hard to support for years now.
IndieAuth is a pretty good identity/auth spec. TicketAuth is at least in principle a good way of providing automation for feed readers (although nobody supports it as a consumer, and only a handful support it as a publisher). The lack of adoption outside of IndieWeb is frustrating to see.
-
@fluffy @mcc i know i talked about how you could handle identity at the level of the http request (advertise an auth-scheme in your www-authenticate header, provide a valid authorization header using that auth-scheme)
but you could also just establish a local session on a site by proving you control some other id, which gets linked to the local id. it's exactly the indieauth idea, "me on github == me on site.example == me on your site" (if you use local accounts, it's basically a credential)
-
@fluffy @mcc i know i talked about how you could handle identity at the level of the http request (advertise an auth-scheme in your www-authenticate header, provide a valid authorization header using that auth-scheme)
but you could also just establish a local session on a site by proving you control some other id, which gets linked to the local id. it's exactly the indieauth idea, "me on github == me on site.example == me on your site" (if you use local accounts, it's basically a credential)
@trwnh @mcc Yeah that's more or less what IndieWeb calls RelMeAuth, although actually implementing that can lead to a lot more complexity because you have to then be able to verify the stated relationship, which usually means having to manage a bunch of OAuth client credentials.
Mastodon uses the weaker form of RelMeAuth (i.e. seeing that there's reciprocal rel="me" links between URLs) for the profile verification but that doesn't help with request-level security.
-
@trwnh @mcc Yeah that's more or less what IndieWeb calls RelMeAuth, although actually implementing that can lead to a lot more complexity because you have to then be able to verify the stated relationship, which usually means having to manage a bunch of OAuth client credentials.
Mastodon uses the weaker form of RelMeAuth (i.e. seeing that there's reciprocal rel="me" links between URLs) for the profile verification but that doesn't help with request-level security.
-
-
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@maj get em
-
-
@grimmy @LeahReich but all of that is not to say, "it's human nature so we should excuse it and move on."
it's to say — we know how and why we created this problem so let's stop building and participating in systems that exploit our basic human instincts for profit.
(like how you are already doing
/preaching to choir <3 )
-
@letsenvision - this is very important to know for American Envision Ally users. American politicians are going to spy lots of citizens through apps and services installed on their phone. Couldn't be so nice asking for weather then finding sirens howling out of the door https://mastodon.social/@eff/115307104267046068
-
@grimmy @LeahReich yeah I think that's absolutely right! I just rabbit-holed on this and check it out:
"“Witnessing violence and destruction … playing out in front of us in real time, gives us the opportunity to confront our fears of death, pain, despair, degradation and annihilation while still feeling some level of safety,” psychiatrist Dr. David Henderson told NBC News. “We watch because we are allowed to ask ourselves ultimate questions with an intensity of emotion that is uncoupled from the true reality of the disaster: ‘If I was in that situation, what would I do? How would I respond? Would I be the hero or the villain? Could I endure the pain? Would I have the strength to recover?’ We play out the different scenarios in our head because it helps us to reconcile that which is uncontrollable with our need to remain in control.”"
-
#3ottobre2025
Sciopero del 3 ottobre: confermata la protesta, per il Garante è «illegittima».
La risposta di #Landini: «Il nostro sciopero è pienamente legittimo perché noi l’abbiamo fatto rispettando la legge 146 che prevede che di fronte a violazioni costituzionali, la messa in discussione della salute e sicurezza dei lavoratori c’è la possibilità di fare lo sciopero senza il preavviso», ha detto a RaiNews24 il segretario della #Cgil Maurizio Landini confermando lo sciopero.
-
La lunga scia del patriarcato. Riflessioni sulle oppressioni
@anarchia
Schiavitù, Matrimonio, “Prezzo della Sposa” Da quando si sono formati i governi, in altri termini il potere politico da parte di pochi di imporre la propria volontà a tutt*, alcuni esseri umani sono caduti sotto il https://www.rivoluzioneanarchica.it/la-lunga-scia-del-patriarcato-riflessioni-sulle-oppressioni/
-
#Gaza #nogenocidio #3ottobre2025
#sciopero per sostenere la #flotilla
