@trwnh yea but it seems a bit heavier. bc you have to keep track of tokens and i imagine there would be a lot more of those than statuses. practically speaking as someone who's worried for database server. of course you can cheat a little by making your tokens around a signed bit of a special little capability dsl but god all of that just to post jokes on the internet. and the key rolling oh
alice@gts.void.dog
Posts
-
i wonder if there’s any prior art on breaking the same-origin assumption— like if there’s a way to signal that a URI subpath is being served by a different application than whichever server is handling requests for that hostname? -
i wonder if there’s any prior art on breaking the same-origin assumption— like if there’s a way to signal that a URI subpath is being served by a different application than whichever server is handling requests for that hostname?@trwnh i mean the typical invite link is basically a cap token that you share out of band, that will authorize one request (an account creation) and we should definitely use this already good idea in other ways. but im just not sure of exactly what you were hinting at there. generally i wish activitypub already had capabilities instead of http signatures yea
-
i wonder if there’s any prior art on breaking the same-origin assumption— like if there’s a way to signal that a URI subpath is being served by a different application than whichever server is handling requests for that hostname?@trwnh this is an invite link
-
i wonder if there’s any prior art on breaking the same-origin assumption— like if there’s a way to signal that a URI subpath is being served by a different application than whichever server is handling requests for that hostname?@trwnh ive thought about the Central Registry solution to location and authentication a lot and tbh, i still prefer a more isolated fedi where ppl compare public keys out of band. if the cryptography involved was actually useful and e2e, that is, atm we have about none anyway. reinventing the PKI and its authorities doesnt feel worth the effort for all the flaws it still leaves us
-
i wonder if there’s any prior art on breaking the same-origin assumption— like if there’s a way to signal that a URI subpath is being served by a different application than whichever server is handling requests for that hostname?@trwnh the problem with those is that they're just another smaller theater
-
i wonder if there’s any prior art on breaking the same-origin assumption— like if there’s a way to signal that a URI subpath is being served by a different application than whichever server is handling requests for that hostname?@trwnh are u trying to solve the general case of phishing
-
who wants to form an evil consortium representing vague global interestswho wants to form an evil consortium representing vague global interests
-
everything is deterministic with a large enough input. 'but what about' too late your suggestion has been added to the input scope thank u for your contributioneverything is deterministic with a large enough input. 'but what about' too late your suggestion has been added to the input scope thank u for your contribution