#social 2018-10-26

2018-10-26 UTC
# 00:37 
dansup aaronpk: hey, just want to thank you for your work on Nautilus. I was able to use your verify() http sig logic (and mastodons header regex) to get it working! Still using another library to send signed requests
# 00:37 
aaronpk nice
# 05:43 
heluecht[m] Concerning HTTP signatures: Since you can sign different fields (date, content-length, digest, host, ...) you could also sign only a single field. Are there any definitions, that at least some specific fields has to be signed?
vt, dmitriz, xmpp-social, dan, timbl and jdormit_mobile joined the channel
# 12:45 
nightpool[m] no but there probably should be
# 12:47 
nightpool[m] https://matrix.to/#/!GwINGSasznCfuVLHqd:cybre.space/$153667939812748BkpiL:cybre.space
# 12:53 
heluecht[m] Thanks for the hint. I was thinking about just refusing posts that haven't got neither the date nor the digest. Everything else could be used for replay attacks
# 12:54 
nightpool[m] I mean, even posts with the exact same digest could be used for replay attacks, if you're clever enough
# 13:03 
nightpool[m] Like, if someone blocked someone else, and then unblocked them, an attacker could replay the old block activity
dmitriz joined the channel
# 14:35 
heluecht[m] Something else: Do you know, what Mastodon is doing with activities and object types that are unknown?
# 15:17 
nightpool[m] they're discarded
# 16:56 
heluecht[m] But they don't bother the admin with error messages or so? I'm asking, because at Friendica we are using activities like "dislike" and object types like "Event".
# 17:03 
nightpool[m] nope, no errors.
# 17:03 
nightpool[m] we do convert some types to a "note" format, may be worth opening an issue for Event
puck joined the channel
# 17:29 
rialtate[m] I've been wondering if mastodon would ever support events and what the ux would look like
# 18:02 
heluecht[m] I had a look in Mastodon's source to see what is supported. You could support events like articles, just by showing the title (it's the same field) and linking the url. That's not ideal but better than nothing.
# 18:44 
nightpool[m] heluecht: can you open an issue for that?
# 18:44 
nightpool[m] thanks!
Guest84 joined the channel
# 20:59 
heluecht[m] Will try to do it later. Currently I'm working at our receiver class to enable support for more activities.
# 20:59 
heluecht[m] What was "Undo Accept Person" meant for?
# 20:59 
heluecht[m] AFAIK this was some equivalent to some other activity?
# 21:32 
nightpool[m] heluecht: it's Undo Accept Follow
# 21:33 
nightpool[m] which is the same as Reject Follow
timbl joined the channel