Gli ultimi otto messaggi ricevuti dalla Federazione
-
@julian@activitypub.space That's a fair point; honestly, right now there's no reliable way to know. If a server supports both RFC 9421 and draft cavage, and you lead with cavage, you can't infer anything about its RFC 9421 support from a successful response.
The workaround I applied is intentionally temporary, just to keep things working while Bonfire instances catch up with the fix. Once they do, I'll revert firstKnock back to RFC 9421.
The longer-term answer to your question might be FEP-844e, which proposes a capability discovery mechanism—servers could explicitly advertise which specifications they implement (including RFC 9421) via an Application object. That would make the guesswork unnecessary. It's still a draft, but worth keeping an eye on.
-
@hongminhee@hollo.social interesting... but if you send cavage-12 as the first knock, and it is accepted, then how will you know if the server supports the 9421?
-
Chrome aggiorna tutto… ma tre falle preoccupano: cosa fare ora
📌 Link all'articolo : https://www.redhotcyber.com/post/chrome-aggiorna-tutto-ma-tre-falle-preoccupano-cosa-fare-ora/
#redhotcyber #news #googlechrome #aggiornamentosicurezza #correzionisicurezza #buildnuove #windows #mac #linux #changelog
-
EoL nei sistemi ICS: il caso USR-W610 accende i riflettori e il CISA Avverte
📌 Link all'articolo : https://www.redhotcyber.com/post/eol-nei-sistemi-ics-il-caso-usr-w610-accende-i-riflettori-e-il-cisa-avverte/
#redhotcyber #news #cybersecurity #vulnerabilita #sicurezzainformatica #endofLife #EoL #dispositivivulnerabili #furtocredenziali
-
@elena@aseachange.com Thanks! 🥰
-
@stefano buongiorno Stefano! Spero che tutti i problemi si risolvano presto
-
@hongminhee not all heroes wear capes... thank you for your phenomenal work!!!
-
A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent
a follow request—but the Accept never came back, even though they hadn't
enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.
This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.
I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.
That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.
One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.
After all that, the mutual follow went through and my DM reply landed. Worth it.
#fedidev #fediverse #Hollo #HackersPub
