Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Aug 11 20:52
    @RubenVerborgh banned @mikeadams1
  • Jan 04 20:23
    @RubenVerborgh banned @WebCivics_twitter
  • Jan 04 20:18
    @RubenVerborgh banned @SailingDigital_twitter
  • May 27 2019 06:08
    User @Mitzi-Laszlo unbanned @in1t3r
  • May 23 2019 06:49
    @Mitzi-Laszlo banned @in1t3r
  • May 16 2019 09:49
    @Mitzi-Laszlo banned @mediaprophet
  • Feb 01 2019 22:04
    User @melvincarvalho unbanned @namedgraph_twitter
  • Feb 01 2019 21:49
    @melvincarvalho banned @namedgraph_twitter
Michiel de Jong
@michielbdejong
that means you would always look up the URL that's mentioned in the inbox item
and from there you can verify the sender
tsojcanth
@tsojcanth
it's not a matter of trusting it, it's a matter of allowing attackers to write in it
Michiel de Jong
@michielbdejong
if the sender is not in the user's addressbook, nor a friend of a friend, then you could just ignore the inbox item
ah you're worried about file size?
tsojcanth
@tsojcanth
i'm worried about Alice filling Bob's pod with garbage so Bob can't get Charlie's mail
Michiel de Jong
@michielbdejong
i thought you were thinking more at the level of the user having to sift through annoying lists of spam
why would Bob not get Charlie's mail? would it not arrive?
tsojcanth
@tsojcanth
because the pod is full
Michiel de Jong
@michielbdejong
ah
so file size, yes
tsojcanth
@tsojcanth
not only file size, also file numbers
Michiel de Jong
@michielbdejong
right, so an enemy of Bob whose aim is to annoy him
or block his work
tsojcanth
@tsojcanth
(it's easy to filter when listing! but beside running an agent cleaning folders I have found no way to do it automatically)
Michiel de Jong
@michielbdejong
yeah, then you should look at throttling and blacklisting probably. maybe you could use CloudFlare?
i personally think from my experience as an email user, spam is a bigger problem than dos
tsojcanth
@tsojcanth
yeah, throttling and blacklisting IP is not really good enough, but spam is easier to handle as you can blacklist as you process your inbox. there could be an agent running the blacklist for you, but that involves scheduling tasks somewhere
if there were a header with the user identity (in conjuction with acl:AuthenticatedAgent rather than merely public) it would be a solution.
Michiel de Jong
@michielbdejong
@tsojcanth then you could still get millions of inbox message, they would just come from as many randomly generated webid's
if you only want inbox items from a whitelist then it's easy, then you just edit /inbox/.acl.
tsojcanth
@tsojcanth
@michielbdejong yes but that requires a whole lot more effort
Michiel de Jong
@michielbdejong
ah, interesting
so you are not interested in message from people outside your existing list of friends, but the reason you don't want to restrict it is the effort of maintaining the correct whitelist?
i think you would at least want to allow incoming messages from friends of friends, otherwise you can never receive friend requests?
tsojcanth
@tsojcanth
that is a very good point. is there a tidy way of finding if someone is friend of a friend (beside parsing by hand all my friends' friendlists)?
Michiel de Jong
@michielbdejong
if it's for the purpose of applying the ACL you could just point to the public friend groups of your friends (assuming your friends publish such a list)
if the list of friends of a friend is not public then it's trickier, then you would have to run a copy
because the server can only parse vcard groups if they are either public or on the same pod
but if you have a list of vcard groups then you could quite easily append those to the ACL document
the ACL check would become quite slow though. so if your goal is avoiding DOS then that's maybe not the best route ;)
an attacker could just send lots of failed requests and bring down the server's cpu instead of the server's storage
tsojcanth
@tsojcanth
all good arguments, I must say, thank you. As development goes through I'm just wondering how solid is going to run at scale
Mark Hughes (happybeing/theWebalyst)
@happybeing

Great news for gitter/gitlab users...

https://mastodon.cloud/@SAFEpress/104954241524753961

3 replies
^^ Gitter is moving to Matrix!
Matthew Hodgson
@ara4n
\o/ :)
no more @matrixbot :D
Mark Hughes (happybeing/theWebalyst)
@happybeing
No more gitter app at all - they're going enhance Matrix to include all the extras which gitter has, and make the accounts and chat rooms all accessible from Matrix clients.
Iwan Aucamp
@aucampia
lets just hope gitter remains as an interface for some time
because it is quite straight forward, and easier to get people on gitter than on matrix
Mark Hughes (happybeing/theWebalyst)
@happybeing
They refer to this and other issues in the blog, so hopefully they'll manage the transition well.
tsojcanth
@tsojcanth
is there an example of creating a turtle file with rdflib.js? I'm looking at the documentation and at at https://linkeddata.github.io/rdflib.js/Documentation/webapp-intro.html but I must be missing something
Michiel de Jong
@michielbdejong
@tsojcanth yes, do you want POST or PUT?
tsojcanth
@tsojcanth
put
@michielbdejong I already have a store set up with triples (or quads if necessary) and I think I should be using UpdateManager.put() but it's not clear how
Matthias Evering
@ewingson
Michiel de Jong
@michielbdejong
@tsojcanth http://solid.github.io/solid-ui/examples/notepad/#notepad has an example which uses kb.updater.put
Tim Berners-Lee
@timbl
Is theer a python library for doing solid authentication on the command line?
Michiel de Jong
@michielbdejong