Federation – what flows where, and why?

Jul 13, 2019
With all of the recent hullabaloo with Gab, and then, today Kiwi Farms joining the fediverse, there has been a lot of people asking questions about how data flows in the fediverse and what exposure they actually have. I’m not really particularly a fan of either of those websites, but that’s beside the point.

What is OCAP and why should I care?

Jun 28, 2019
OCAP refers to Object CAPabilities. Object Capabilities are one of many possible ways to achieve capability-based security. OAuth Bearer Tokens, for example, are an example of an OCAP-style implementation. In this context, OCAP refers to an adaptation of ActivityPub which utilizes capability tokens. But why should we care about OCAP? OCAP is a more flexible approach that allows for more efficient federation (considerably reduced cryptography overhead!

Software Does Not Make A Product

Apr 28, 2019
Some fediverse developers approach project management from the philosophy that they are building a product in it’s own right instead of a tool. But does that approach really make sense for the fediverse? It’s that time again, patches have been presented which improve Mastodon’s compatibility with the rest of the fediverse.

What would ActivityPub look like with capability-based security, anyway?

Jan 18, 2019
This is the third article in a series of articles about ActivityPub detailing the challenges of building a trustworthy, secure implementation of the protocol stack. In this case, it also does a significant technical deep dive into informally specifying a set of protocol extensions to ActivityPub. Formal specification of these extensions will be done in the Litepub working group, and will likely see some amount of change, so this blog entry should be considered non-normative in it’s entirety.

ActivityPub: the present state, or why saving the 'worse is better' virus is both possible and important

Jan 10, 2019
This is the second article in a series that will be a fairly critical review of ActivityPub from a trust & safety perspective. Stay tuned for more. In our previous episode, I laid out some personal observations about implementing an AP stack from scratch over the past year. When we started this arduous task, there were only three other AP implementations in progress: Mastodon, Kroeg and PubCrawl (the AP transport for Hubzilla), so it has been a pretty significant journey.

ActivityPub: The “Worse Is Better” Approach to Federated Social Networking

Jan 7, 2019
This is the first article in a series that will be a fairly critical review of ActivityPub from a trust & safety perspective. Stay tuned for more. In the modern day, myself and many other developers working on libre software have been exposed to a protocol design philosophy that emphasizes safety and correctness.

The Case For Blind Key Rotation

Dec 30, 2018
ActivityPub uses cryptographic signatures, mainly for the purpose of authenticating messages. This is largely for the purpose of spoofing prevention, but as any observant person would understand, digital signatures carry strong forensic value. Unfortunately, while ActivityPub uses cryptographic signatures, the types of cryptographic signatures to use have been left unspecified. This has lead to various implementations having to choose on their own which signature types to use.

Pleroma, LitePub, ActivityPub and JSON-LD

Nov 12, 2018
A lot of people make assumptions about my position on whether or not JSON-LD is actually good or not. The reality is that my view is more nuanced than that: there are great uses for JSON-LD, but it’s not appropriate in the scenario it is used in ActivityPub. What is JSON-LD anyway?

Do not use or provide DH-AES or DH-BLOWFISH for SASL/IAL authentication

Dec 26, 2014
Atheme 7.2 dropped support for the DH-AES and DH-BLOWFISH mechanisms. This was for very good reason. At the time that DH-BLOWFISH was created, IRC was a very different place… SSL was not ubiquitous, and it was thought that having some lightweight encryption on the authentication exchange might be useful, without opening services to a DoS vector.