@evan that makes sense. I've just updated NodeBB to allow for the use of a manual override marker. The limit and even the marker is now customizable per-instance, and I do use the ellipsis when truncating text. Hopefully that resolves the engagement issue while still preserving the intent of b2b8 <img class="not-responsive emoji" src="https://activitypub.space/assets/plugins/nodebb-plugin-emoji/emoji/android/1f604.png?v=3463a4088f6" title="" /> As for the use of an LLM to generate a summary, I think I will defer on that, since that might be a source of surprise for those not expecting the invocation of a LLM <img class="not-responsive emoji" src="https://activitypub.space/assets/plugins/nodebb-plugin-emoji/emoji/android/1f605.png?v=3463a4088f6" title="" />

@scottjenson> How critical is it that these message are encrypted?If you're going to do DMs at all, it ought to be in the roadmap from day one. A SocialCG taskforce is actively working on E2EE DMs for ActivityPub, using MLS (cc @evan), so you don't need to do it alone.> If we were to make some UX changes as a first pass WITHOUT encryptionThere's never a bad time to improve UX. Making it harder to confuse public and nonpublic posts, for reading and especially for sending, would be great.

Thanks @nutomic@lemmy.ml! I was wondering about that, so good to know it's possible.

came across a thread by @LiquidParasyte about things they are coming across that need work or are broken on @Bonfirehttps://indieweb.studio/post/01KJ0T79KGJRWHYTKWJJF4254R#fedidev #bonfire

@reiver this setting is enabled by default, so you probably changed it at some point to disable quotes of your posts.Or you are looking at an old post that was created before the feature was launched?

RE: https://mastodon.social/@reiver/112133984854710390"A guide to implement ActivityPub in a static site (or any website)" by @mapache https://maho.dev/2024/02/a-guide-to-implement-activitypub-in-a-static-site-or-any-website/#ActivityPub #ActivityStreams #FediDev #FediDevs #Fediverse

@LibertyForward1 @theropologist I just disabled HTTP2 on my side. Fixed it?

NodeBB now sneaks in a mention to the category/community, and this gets pre-filled in the Mastodon composer. I tested it against piefed's crust instance, and the response from Mastodon to my post on NodeBB successfully made its way to crust for distribution <img class="not-responsive emoji" src="https://activitypub.space/assets/plugins/nodebb-plugin-emoji/emoji/android/1f389.png?v=1a14cd885f9" title="" /> @rimu@piefed.social [image: 1772652313700-020a80cf-d0b0-4fbf-aa5a-20b951a109ef-image.jpeg]

@js@podcastindex.social Although... now that you mention it, Anubis does have the ability to filter by header values, so I will update the bot policy file to allow the standard ActivityPub accept headers.

@julian@activitypub.space @julian@fietkau.social well, in theory, you can have private likes and public likes. misskey and pleroma do public likes. mastodon does private likes, but then shows them publicly if anyone asks the origin site. because addressing is just a suggestion, apparently

@lrhodes Twitter managed it, but they had a revenue stream, which Bluesky doesn't

@julian > group itself be the distributorwell, naturally, i would suggest addressing both the group and its members. just like you would address both a person and their followers. or a moderated conversation and its audience. the way inbox forwarding works is that someone has to do the forwarding from their inbox. > list is hiddenyou don't need to know the items. that's private info, and you just need the id to be understood by the forwarder (who will themselves know the secret items)

With EchoCrate, I'm tackling the persistent frustrations of running a single-user instance in the Fediverse. Traditional setups often deliver a subpar experience: profile updates from accounts you follow can arrive delayed or not at all, entire conversation threads (especially deep replies) frequently fail to load properly, and countless other small but annoying gaps in federation create a disjointed feel compared to centralized platforms.EchoCrate addresses these peoblems preemptively.

RE: https://theforkiverse.com/@klemens/115915313316598172this person is working on a mac app specifically for #theforkiverse #fedidev

@evan said in ActivityPub API Client Reputation: > the ticket you're working on for moderating OAuth clients for Mastodon is a really big deal. I'm not actively working on any Mastodon features at the moment because they can't give credit where credit is due, which means it's not financially viable for me to contribute. I also just opened that ticket explaining the problem. CIMDs would fix. > > That's why we wrote the CIMD spec. > > Yes! Using the same identifier for clients in a verifiable way is a big help in having a reputation for using on a single server or multiple servers. You cannot rely on the contents of a CIMD not changing though, for that you'd need to calculate like the CBOR CID of the JSON (that's what I do in https://cimd-service.fly.dev) > > But OAuth security and trust models are complex and generally proprietary > > I think you could get to some pretty useful metrics pretty quickly, though. Some good ones to use might be: You'd be surprised, but no. Whilst I was on the hachyderm infra team, I ran a tonne of queries for research on the data they have for registered OAuth clients, and there's really not a lot of great insight, besides "this app was added a lot to accounts", which isn't really a good score of trust (see: Cambridge Analytica). > - How many people on this server (or other servers) have authorized the client Meaning number, overall. The top registered client on Hachyderm was actually a dead research project if memory serves (found that out after reaching out to the author, and promptly revoked all 200k access token it had left on our servers unrevoked) > - What the average rating has been (but you need a way to rate clients!) Not something 99.9% of people will do meaningfully, see appstore ratings and bridgading of apps to tank their scores. > - How many Flag activities have been submitted for this client (you need a way to report clients) You can't Flag a non-activitypub JSON document. The majority of fediverse software doesn't support multi-modal moderation reports, Pixelfed is one of the few that does. > - Reviews of the client (you need a way to write a review of a client) See prior note on App Stores. > That data could be local to the server, or could be shared from other trusted servers. A trusted intermediary like IFTAS could be helpful. Sure, maybe, but it needs to reference a CIMD at a specific content-hash. Otherwise I can attack that system by changing my metadata to gain more access

You asked this here: https://activitypub.space/topic/fd53b73d-bf92-4e81-a5ae-5a681e4aacd4/flag-activity?_=1768647932631 There has been no changes in status from what I last said, because I get almost zero time to work on AP T&S. I can probably explain Flag activities better in a call or something than quickly in text.

@pfefferle@mastodon.social I'm frankly surprised I ran into a side effect of this so soon after you updated the site <img class="not-responsive emoji" src="https://activitypub.space/assets/plugins/nodebb-plugin-emoji/emoji/android/1f606.png?v=dc334ca9dcb" title="" /> Either the PR is to be reverted or perhaps WP should handle requests to the URL encoded address <img class="not-responsive emoji" src="https://activitypub.space/assets/plugins/nodebb-plugin-emoji/emoji/android/1f937.png?v=dc334ca9dcb" title="" /> But after briefing myself on the root cause, it does seem weird that there exist actors with unicode in their ID. Might be if that is the case you should disregard them as non-compliant, who knows. cc @silverpill@mitra.social

@julian The ActivityPub API Task Force has a meeting today at 11AM EST. https://meet.jit.si/activitypub-api

I've seen hints of backfill working really well, but hadn't seen good examples until recently. As more and more instances upgrade to the newer versions of Mastodon that support context, backfill from Mastodon instances will improve across the board. Today one of the most popular topics on my NodeBB instance was an update from the admin of The Forkiverse, a brand new up-and-coming instance. Despite following only one person from that instance, I was able to see every single reply from that instance, even from users I don't follow. Super stoked to see resolvable contexts and backfill working in the wild. Who says the Fediverse is quiet? Not me, anymore

What is so difficult about comparing a cached object with a new object when handling Update?Move and Remove are just as broad, and these are activities for manipulating collection items. I guess they work well for you because you don't use them for anything else.