Posts by tesaguri@fedibird.com
(DIR) Post #AvDgNxkD0tN6xuMOsS by tesaguri@fedibird.com
2025-06-17T10:07:17Z
0 likes, 0 repeats
https://twitter.com/robots.txthttps://x.com/robots.txt```User-agent: GooglebotAllow: /*?lang=Allow: /hashtag/*?src=Allow: /search?q=%23Allow: /i/api/[…]User-Agent: Google-ExtendedDisallow: *User-Agent: FacebookBotDisallow: *User-agent: facebookexternalhitDisallow: *User-agent: DiscordbotDisallow: *User-agent: BingbotDisallow: *# Every bot that might possibly read and respect this file# ========================================================User-agent: *Disallow: /[…]```
(DIR) Post #AvDgO579bysvp69K76 by tesaguri@fedibird.com
2025-06-17T11:02:49Z
0 likes, 0 repeats
Wayback Machineは旧Twitterに通常のアクセスを弾かれてもsample streamの収集は続けているのは執念すら感じる(<https://archive.org/details/twitterarchive>)。最近は収集したJSONにファンシーな色まで付けてくれるようになったし(e.g. <https://web.archive.org/web/20210131130848/https://twitter.com/internetarchive/status/1355865617606221839>)。Save Page Nowでは相変わらずこれになるけど:
(DIR) Post #AwhlAGlGTk2LHQYnVA by tesaguri@fedibird.com
2025-07-31T21:24:25Z
1 likes, 0 repeats
https://archive.org/details/wikipedia-eventstreamInternet Archiveが特定の日時にクロールしたデータを探していたら、クロールの日時の表記としてPSTとPDTが混在していてキレている
(DIR) Post #AxbzPYLtdbryOJdGPw by tesaguri@fedibird.com
2025-08-27T21:54:09Z
0 likes, 0 repeats
@silverpill Well, comparing Bluesky as it is today versus the Fediverse in its ideal form doesn't feel quite fair tbh (the two of the networks have slightly different goals anyway). Although I cannot emphasize enough my respect for your work on FEP-ef61, the post you cited in the first place is by the operator of the Fediverse's largest server which doesn't even have the FEP in its public roadmap yet, unfortunately.When it comes to "if"s, I don't think the same argument against the PLC applies as-is *if* […]@thisismissem @stinerman
(DIR) Post #AxbzPZyZbIOxQYjfLE by tesaguri@fedibird.com
2025-08-27T21:54:33Z
0 likes, 0 repeats
[…] *if* Bluesky the company hands over the governance of PLC and introduce a Certificate Transparency-like audit mechanism as Bryan Newbold envisions, just like the very TLS ecosystem which we all rely on anyway.The concerning point then would be that majority of the users don't export their private key nor back up their data repository, but I think that's largely a UX problem and it could be got to a position similar to TOTP secrets (maybe whose tracking record isn't actually that great? uh).@silverpill @thisismissem @stinerman
(DIR) Post #AxkE5pEqCNihY33x68 by tesaguri@fedibird.com
2025-08-31T23:12:39Z
0 likes, 0 repeats
@ricci So, that means servers that don't report MAU via NodeInfo, like Misskey, are excluded?The admin of Misskey.io said on June that the server had ~100k of MAUs (they say they only counted users who consent to analytics though) (<https://misskey.io/notes/a8y6w6zwbd950e9h>), which might have contributed to the stat significantly if they were to report the precise number via NodeInfo.@joe [参照]
(DIR) Post #Ay8GJLUCTbr51srN1E by tesaguri@fedibird.com
2025-09-12T13:46:09Z
0 likes, 0 repeats
@silverpill Actually I didn't think Mastodon was to blame either. I asked them to word the GHSA that way only because my report to the editors of ActivityPub spec was not public yet so I was not comfortable to publicly call it as a problem of AP in general.
(DIR) Post #Ay8GJMkBneEsvlLea0 by tesaguri@fedibird.com
2025-09-12T13:46:25Z
0 likes, 0 repeats
@silverpill That said, when I reported the spoofing vulnerability to @evan, what was in my consideration was not only impersonations, but also craft of fake AS documents on *non-AP* servers. For example, anyone can upload an AS actor document to GitHub, claiming it to be "GitHub support", which might be useful for phishing. While you shouldn't trust a random account calling itself "the support", a common user expectation should suggest that no server with a sensible moderation should just let loose an account assuming the name of its support account. […]
(DIR) Post #Ay8GJNFNvfC0UVwZCi by tesaguri@fedibird.com
2025-09-12T13:46:45Z
0 likes, 0 repeats
@silverpill […] But of course you cannot blame GitHub in this case, so it has to be handled on the clients' side. Mastodon's GHSA didn't elaborate on this problem because Mastodon mandates WebFinger (which requires control of the `/.well-known` route), but WebFinger is not mandatory in AP, and Misskey was indeed vulnerable to it.@evan
(DIR) Post #Ay8GJNvvNVDicRqXVg by tesaguri@fedibird.com
2025-09-12T13:46:56Z
0 likes, 0 repeats
@silverpill Also, I believe the capability of uploading arbitrary documents itself isn't to blame by itself. It's completely common to upload JSON files to e.g. Discord, and it'd be weird if you are allowed to attach a *normal* JSON file, but not one that resembles an AS document. Yes, the best practice is to host user-uploaded contents on a separate domain, but it should be noted that AP is retrofittable to traditional websites like WordPress. For that use-case, it might be over-demanding to retroactively check files under e.g. `/wp-content/`. […]
(DIR) Post #Ay8GJThFwx3IUh1uTo by tesaguri@fedibird.com
2025-09-12T13:47:13Z
0 likes, 0 repeats
@silverpill @silverpill […] In the case of WordPress, maybe you can just trust the uploaded contents, but I don't think that can be generalised.While the `Content-Type` solution has a hole as @trwnh points out, I thought AS is relatively novel type so that it may be acceptable to impose some additional requirements on those who declare the type (at least it's better than blaming servers like GitHub that haven't even opted to support AP).
(DIR) Post #Ay8GJabUGnb3upNtxY by tesaguri@fedibird.com
2025-09-12T13:48:07Z
0 likes, 0 repeats
@silverpill That said, it was like my best-effort proposal then that's least controversial and simple enough for multiple servers to implement at once. So I think it's nice to explore alternative solutions, though I don't have any specific idea yet. (6/6)@trwnh
(DIR) Post #Ay8HttPVvKYschetzk by tesaguri@fedibird.com
2025-09-12T14:15:39Z
0 likes, 0 repeats
@silverpill That sounds reasonably less intrusive and simple for plain-JSON processors, but I feel like that would be susceptible to the usual problem of different expectations between plain-JSON and JSON-LD consumers
(DIR) Post #Ay8MFE5MeJhIdxf6US by tesaguri@fedibird.com
2025-09-12T14:33:29Z
0 likes, 0 repeats
@silverpill No, I'm not particularly against the FEP's recommendations (it's only that I feel a bit sorry about losing the possibility of hosting AS feeds on a simple static site for consumption by AP clients, but I admit that's too much of idealism).I don't quite agree as to whom to blame, since I believe some sort of client-side verification is required anyway and server-side checks are only mitigation after all. But I don't think that's essential.
(DIR) Post #AykSQrurpgk6jse2Sm by tesaguri@fedibird.com
2025-10-01T00:21:07Z
0 likes, 0 repeats
Chromium with the chrome of Firefox……ってこと?(?)
(DIR) Post #AykSQszroaKu5fzXtY by tesaguri@fedibird.com
2025-10-01T00:21:32Z
1 likes, 0 repeats
Chrome - Glossary | MDNhttps://developer.mozilla.org/en-US/docs/Glossary/Chrome> In a browser, the chrome is any visible aspect of a browser aside from the webpages themselves (e.g., toolbars, menu bar, tabs). This is not to be confused with the Google Chrome browser.
(DIR) Post #AykVlWb2at8yYoucwy by tesaguri@fedibird.com
2025-10-01T00:34:24Z
1 likes, 0 repeats
そういえば「TridentベースのFirefox」はあったな(IE Tab)
(DIR) Post #AzNqoiKB7aqY0OpA1o by tesaguri@fedibird.com
2025-10-20T00:30:32Z
1 likes, 1 repeats
よく見るとぼかし背景のロゴは原作そのものでない書き起こしっぽいのが芸が細かい(?)(それによって商標云々に影響するのかは知らないけど)(原作のロゴの「け」「も」「フ」「レ」「ン」の字における縦線と横線がほぼ鉛直・水平の直線で構成されているのに対して、パロディの方は丸みを帯びているあたりとかが分かりやすい。意外と角張っているのですよねあのロゴ(早口))
(DIR) Post #B3i4zR4BeMM3qcXt2G by tesaguri@fedibird.com
2026-02-26T09:44:34Z
0 likes, 0 repeats
@hongminhee > I'm not sure who manages the w3id.org/fep/ redirect configuration.The namespace is established as part of FEP-888d <https://w3id.org/fep/888d> (which you can verify via <https://github.com/perma-id/w3id.org/blob/48812833fbb34354d1a57f635fd98a359794e2d7/fep/README.md>).And it is mentioned in the discussion thread of the FEP that:> Since `codeberg.page` is in [maintenance mode](https://codeberg.org/Codeberg/pages-server/issues/399) and stated to be not suitable for production-use, that is not the best domain imho.https://socialhub.activitypub.rocks/t/fep-888d-using-w3id-org-fep-as-a-namespace-for-extension-terms-and-for-fep-documents/3098/60
(DIR) Post #B5shq8DjMptnuHKyem by tesaguri@fedibird.com
2026-05-02T08:41:33Z
0 likes, 1 repeats
macOSでもスリープを抑止するコマンドの名前が`caffeinate(8)`だったりする