My position on ATProto, as a protocol, is that the Good Part is the PDS¹.
Senza categoria
27
Post
7
Autori
0
Visualizzazioni
-
@mcc the web has 5 billion users and i'm the only one on my website. we really ought to be looking at how to establish identity, auth, etc cross-site on the web instead of tying it all up into platforms...
@trwnh @mcc This is one of the big goals of the IndieWeb initiative, and something I've been trying really hard to support for years now.
IndieAuth is a pretty good identity/auth spec. TicketAuth is at least in principle a good way of providing automation for feed readers (although nobody supports it as a consumer, and only a handful support it as a publisher). The lack of adoption outside of IndieWeb is frustrating to see.
-
@trwnh @mcc This is one of the big goals of the IndieWeb initiative, and something I've been trying really hard to support for years now.
IndieAuth is a pretty good identity/auth spec. TicketAuth is at least in principle a good way of providing automation for feed readers (although nobody supports it as a consumer, and only a handful support it as a publisher). The lack of adoption outside of IndieWeb is frustrating to see.
-
@fluffy @mcc i know i talked about how you could handle identity at the level of the http request (advertise an auth-scheme in your www-authenticate header, provide a valid authorization header using that auth-scheme)
but you could also just establish a local session on a site by proving you control some other id, which gets linked to the local id. it's exactly the indieauth idea, "me on github == me on site.example == me on your site" (if you use local accounts, it's basically a credential)
-
@fluffy @mcc i know i talked about how you could handle identity at the level of the http request (advertise an auth-scheme in your www-authenticate header, provide a valid authorization header using that auth-scheme)
but you could also just establish a local session on a site by proving you control some other id, which gets linked to the local id. it's exactly the indieauth idea, "me on github == me on site.example == me on your site" (if you use local accounts, it's basically a credential)
@trwnh @mcc Yeah that's more or less what IndieWeb calls RelMeAuth, although actually implementing that can lead to a lot more complexity because you have to then be able to verify the stated relationship, which usually means having to manage a bunch of OAuth client credentials.
Mastodon uses the weaker form of RelMeAuth (i.e. seeing that there's reciprocal rel="me" links between URLs) for the profile verification but that doesn't help with request-level security.
-
@trwnh @mcc Yeah that's more or less what IndieWeb calls RelMeAuth, although actually implementing that can lead to a lot more complexity because you have to then be able to verify the stated relationship, which usually means having to manage a bunch of OAuth client credentials.
Mastodon uses the weaker form of RelMeAuth (i.e. seeing that there's reciprocal rel="me" links between URLs) for the profile verification but that doesn't help with request-level security.
-
-
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@grimmy @LeahReich yeah I think that's absolutely right! I just rabbit-holed on this and check it out:
"“Witnessing violence and destruction … playing out in front of us in real time, gives us the opportunity to confront our fears of death, pain, despair, degradation and annihilation while still feeling some level of safety,” psychiatrist Dr. David Henderson told NBC News. “We watch because we are allowed to ask ourselves ultimate questions with an intensity of emotion that is uncoupled from the true reality of the disaster: ‘If I was in that situation, what would I do? How would I respond? Would I be the hero or the villain? Could I endure the pain? Would I have the strength to recover?’ We play out the different scenarios in our head because it helps us to reconcile that which is uncontrollable with our need to remain in control.”"
-
#3ottobre2025
Sciopero del 3 ottobre: confermata la protesta, per il Garante è «illegittima».
La risposta di #Landini: «Il nostro sciopero è pienamente legittimo perché noi l’abbiamo fatto rispettando la legge 146 che prevede che di fronte a violazioni costituzionali, la messa in discussione della salute e sicurezza dei lavoratori c’è la possibilità di fare lo sciopero senza il preavviso», ha detto a RaiNews24 il segretario della #Cgil Maurizio Landini confermando lo sciopero.
-
La lunga scia del patriarcato. Riflessioni sulle oppressioni
@anarchia
Schiavitù, Matrimonio, “Prezzo della Sposa” Da quando si sono formati i governi, in altri termini il potere politico da parte di pochi di imporre la propria volontà a tutt*, alcuni esseri umani sono caduti sotto il https://www.rivoluzioneanarchica.it/la-lunga-scia-del-patriarcato-riflessioni-sulle-oppressioni/
-
#Gaza #nogenocidio #3ottobre2025
#sciopero per sostenere la #flotilla
-
#nogenocidio #flotilla #insegnanti #scuola #3ottobre2025
Sciopero generale del 3 ottobre 2025: #scuola, indicazioni per il personaleCome aderire, comunicazioni, prestazioni indispensabili e chiusure delle #scuole durante lo #sciopero
https://m.flcgil.it/scuola/sciopero-generale-3-ottobre-2025-scuola-indicazioni-per-personale.flc
-
#Bruxelles #Gaza #nogenocidio #calendario #WILPF
Women's International League for Peace and Freedom
-
-
#Gaza, sciopero generale per la #Flotilla. Le manifestazioni
Venerdì 3 ottobre la #Cgil insieme ad alcuni sindacati di base ha annunciato lo sciopero generale in difesa di Gaza e per la Global Sumud Flotilla. Ecco l’elenco delle manifestazioni organizzate nella giornata, territorio per territorio.
#nogenocidio #3ottobre2025
https://www.collettiva.it/copertine/italia/gaza-sciopero-generale-flotilla-manifestazioni-rgxa4v9f
