Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Aug 11 20:52
    @RubenVerborgh banned @mikeadams1
  • Jan 04 20:23
    @RubenVerborgh banned @WebCivics_twitter
  • Jan 04 20:18
    @RubenVerborgh banned @SailingDigital_twitter
  • May 27 2019 06:08
    User @Mitzi-Laszlo unbanned @in1t3r
  • May 23 2019 06:49
    @Mitzi-Laszlo banned @in1t3r
  • May 16 2019 09:49
    @Mitzi-Laszlo banned @mediaprophet
  • Feb 01 2019 22:04
    User @melvincarvalho unbanned @namedgraph_twitter
  • Feb 01 2019 21:49
    @melvincarvalho banned @namedgraph_twitter
Benoît Alessandroni
@balessan
Thks @timbl good to know those questions are on the roadmap :-)
thanks @Vinnl_gitlab I will check the resource.
Mark Hughes (happybeing/theWebalyst)
@happybeing

Due to a disagreement with Twitter on whether they should have my phone number on top of my real name, I'm revisiting mastodon, so if any of you folks are also using mastodon and wish to connect, you'll find my tech account here: https://mastodon.cloud/@SAFEpress

Mastodon has improved a lot (mainly in responsiveness and quality of the community) in three years, and there's a very nice alternative UI called Pinafore, and an associated side-bar add-on for Firefox.

Hopefully Solid can move into this space too before long. I think comparing any Solid offerings with the performance of mastodon will be a good benchmark - it is seriously responsive. I have two accounts on different instances (servers) and if I have both open and toot or delete toot on one, the feed on the other updates instantly. Same with follows/unfollows, it is impressive and a far nicer UX than twitter. I think Solid should aim to match the mastodon UX in terms of usability and responsiveness, and if it does this could help adoption as I think twitter is getting less friendly and more invasive (as to be expected).

So join me on mastodon for a play and a chat. Lots of like minded folks on there. https://mastodon.cloud/@SAFEpress

Fred Gibson
@gibsonf1
@Vinnl_gitlab One thing we are doing with TrinPod is that we have what we call a OneWorld model for each pod in which all information is modeled as entities and events that are conceptually linked and change through time, and containers are simple indexes of that model. So the source of truth for the entity/event is not in the container. So in that context, automated containers make sense, but if source of truth are files in containers, it's not really possible to do it.
matrixbot
@matrixbot
TomasEkeli yes, mastodon has come far - also other open platforms like e.g. peertube and element (née matrix) - what's the relationship between solid and these?
huhn511
@huhn511
Hey, I'm searching for helping hands and minds for a rust solid server implementation. Already started with a friend a few weeks ago. If you want to help, please write me :) Thanks :v:
7 replies
tsojcanth
@tsojcanth
I have a silly question, but I was wondering about a couple of things. Does solid write any metadata about who creates or touches a file?
Michiel de Jong
@michielbdejong
@tsojcanth not server-side. but we often do so client-side, so just include dc:author triples etc into your data
tsojcanth
@tsojcanth
@michielbdejong thanks
other newbie question: we have a necessity of implementing blacklists. As far as I'm aware it's not possible to do that through solid directly, nor at the SSL offload level by looking into headers. do you have any other suggestion, beside throttling/blocking IPs?
append-only inbox folders are great but it's easy to DOS pods by filling them with garbage
Michiel de Jong
@michielbdejong
right
you should never trust the data inside an inbox item by itself (unless it's signed with a W3C-VC or similar)
that means you would always look up the URL that's mentioned in the inbox item
and from there you can verify the sender
tsojcanth
@tsojcanth
it's not a matter of trusting it, it's a matter of allowing attackers to write in it
Michiel de Jong
@michielbdejong
if the sender is not in the user's addressbook, nor a friend of a friend, then you could just ignore the inbox item
ah you're worried about file size?
tsojcanth
@tsojcanth
i'm worried about Alice filling Bob's pod with garbage so Bob can't get Charlie's mail
Michiel de Jong
@michielbdejong
i thought you were thinking more at the level of the user having to sift through annoying lists of spam
why would Bob not get Charlie's mail? would it not arrive?
tsojcanth
@tsojcanth
because the pod is full
Michiel de Jong
@michielbdejong
ah
so file size, yes
tsojcanth
@tsojcanth
not only file size, also file numbers
Michiel de Jong
@michielbdejong
right, so an enemy of Bob whose aim is to annoy him
or block his work
tsojcanth
@tsojcanth
(it's easy to filter when listing! but beside running an agent cleaning folders I have found no way to do it automatically)
Michiel de Jong
@michielbdejong
yeah, then you should look at throttling and blacklisting probably. maybe you could use CloudFlare?
i personally think from my experience as an email user, spam is a bigger problem than dos
tsojcanth
@tsojcanth
yeah, throttling and blacklisting IP is not really good enough, but spam is easier to handle as you can blacklist as you process your inbox. there could be an agent running the blacklist for you, but that involves scheduling tasks somewhere
if there were a header with the user identity (in conjuction with acl:AuthenticatedAgent rather than merely public) it would be a solution.
Michiel de Jong
@michielbdejong
@tsojcanth then you could still get millions of inbox message, they would just come from as many randomly generated webid's
if you only want inbox items from a whitelist then it's easy, then you just edit /inbox/.acl.
tsojcanth
@tsojcanth
@michielbdejong yes but that requires a whole lot more effort
Michiel de Jong
@michielbdejong
ah, interesting
so you are not interested in message from people outside your existing list of friends, but the reason you don't want to restrict it is the effort of maintaining the correct whitelist?
i think you would at least want to allow incoming messages from friends of friends, otherwise you can never receive friend requests?
tsojcanth
@tsojcanth
that is a very good point. is there a tidy way of finding if someone is friend of a friend (beside parsing by hand all my friends' friendlists)?
Michiel de Jong
@michielbdejong
if it's for the purpose of applying the ACL you could just point to the public friend groups of your friends (assuming your friends publish such a list)
if the list of friends of a friend is not public then it's trickier, then you would have to run a copy
because the server can only parse vcard groups if they are either public or on the same pod
but if you have a list of vcard groups then you could quite easily append those to the ACL document
the ACL check would become quite slow though. so if your goal is avoiding DOS then that's maybe not the best route ;)
an attacker could just send lots of failed requests and bring down the server's cpu instead of the server's storage
tsojcanth
@tsojcanth
all good arguments, I must say, thank you. As development goes through I'm just wondering how solid is going to run at scale
Mark Hughes (happybeing/theWebalyst)
@happybeing

Great news for gitter/gitlab users...

https://mastodon.cloud/@SAFEpress/104954241524753961

3 replies
^^ Gitter is moving to Matrix!
Matthew Hodgson
@ara4n
\o/ :)
no more @matrixbot :D
Mark Hughes (happybeing/theWebalyst)
@happybeing
No more gitter app at all - they're going enhance Matrix to include all the extras which gitter has, and make the accounts and chat rooms all accessible from Matrix clients.