Search
1000 results for “ColdEmber”
-
I've created some Codeberg issues for planned #saugns features and design changes. No feedback on such yet from anyone, but may as well write it down...
Only today did it become clear to me: In theory, reducing the number of script processing passes *and* doing as much as possible at the parser end of the program is not a mistake, it'll be best in the end if only I think my way towards solving each problem that comes up. I just need to think better than a decade ago.
-
FEP-ef61 update: https://codeberg.org/fediverse/fep/pulls/455
I added a couple of sentences clarifying FEP-ef61 design goals. In particular:
1. "This document describes web gateways, which use HTTP transport. However, the data model and authentication mechanism are transport-agnostic and other types of gateways could exist."
FEP-ef61 is designed to be compatible with any transport protocol, including the sneakernet. For example, it should be possible to replace web gateways with iroh nodes.
2. Location discovery using DID services. It came to my attention that some developers are trying to implement a variation of FEP-ef61 where gateways are specified in a DID document instead of an actor document. That significantly differs from existing FEP-ef61 implementations (Streams and Mitra), and has a serious practical disadvantage: it doesn't work with generative DID methods such as
did:key. Support for pure key-based identities is important for several reasons:- It is very useful for client-to-client (#p2p) communication without servers.
- Interoperability with other protocols that use public keys as identities. #Nostr is probably the most popular, but there are many more.
- It lowers the barriers to entry for client developers, who otherwise would need to deploy a did:web or something more complicated like did:webvh.So, don't do that.
Also added a discussion section about media access control.
If media identifier only contains a digest, the gateway can't restrict access to it. This may not be a big problem because digest is very hard to guess, but an access control mechanism still might be useful. One way to implement it is to add an 'ap' identifier of a parent document to a hashlink and make it mandatory.
-
FEP-ef61 update: https://codeberg.org/fediverse/fep/pulls/447
The most important change here is a switch from FEP-c7d3 to FEP-fe34. An algorithm for computing origin of a DID URL has been specified, so now it is possible to do this:
is_same_origin(id, proof.verificationMethod) -
Migrating (some things) to Codeberg. It’s the switching costs that get you. #XProc #XMLCalabash
-
Just merged: https://codeberg.org/dnkl/foot/pulls/483
Improved 'bell' configuration in #FootTerminal. Most importantly, the ability to execute a custom command, regardless of whether the window is focused or not.
And once https://codeberg.org/dnkl/foot/issues/487 has been implemented, things will look really good :)
-
https://jqueralt.codeberg.page Comentari sobre "Silverview· d'en John Le Carré, on els espies jubilats no deixen mai de ser espies. #llibres #llibresencatalà
-
In this Codeberg issue @thisismissem wonders..
> "Has anyone done an assessment of the authentication mechanisms and standards used by each of these [C2S] implementations?
https://codeberg.org/fediverse/delightful-fediverse-experience/issues/130#issuecomment-7554760
I will bring this to a #SocialHub topic later this week, if I don't forget (otherwise remind me :)
-
I opened a #codeberg repo in #gitkraken today and it gave me the choice to upgrade or close the repo because it detected it as a private or self hosted repository despite this being a somewhat well known GitHub alternative.
And so I'm looking for a new #git GUI for Linux. Going to try #relagit for a bit first
-
https://nogithub.codeberg.page/
згоден! юзайте Gitea, Gitlab!
і як варіант можна отримати акаунт на https://git.noleron.com 😉
-
https://nogithub.codeberg.page/
згоден! юзайте Gitea, Gitlab!
і як варіант можна отримати акаунт на https://git.noleron.com 😉
-
https://nogithub.codeberg.page/
згоден! юзайте Gitea, Gitlab!
і як варіант можна отримати акаунт на https://git.noleron.com 😉
-
https://nogithub.codeberg.page/
згоден! юзайте Gitea, Gitlab!
і як варіант можна отримати акаунт на https://git.noleron.com 😉
-
https://nogithub.codeberg.page/
згоден! юзайте Gitea, Gitlab!
і як варіант можна отримати акаунт на https://git.noleron.com 😉
-
@humanetech @lucifargundam @theenoro @realaravinth @codeberg
The project Gitpad definitely looks promising and I hope success for it. The first thing which I checked in it's repo is the #programming #language used. I was hoping it's not in #Python or #Javascript and luckily I saw it's in #Rust
Also #ActivityPub support is in their TODO list. The least I can do now is staring their repo. Maybe in near future I could create a small CLI to post a #gitpad without leaving terminal.
And finally, a community maintained list of current active instances which registration is public in them would be nice as well. Let me know if such a thing already exists. Otherwise I will create if myself.
-
Fuzzing pyhacl (https://codeberg.org/drlazor8/pyhacl), a package of Cython bindings for HACL* (the High Assurance Cryptographic Library), with fusil we only found one crash.
It turned out to actually be a silly bug in #Cython:
Issue: https://github.com/cython/cython/issues/7263
Fix: https://github.com/cython/cython/pull/7264
Goes to show how fuzzing a C-extension can uncover crashes in many different layers.
Thanks @drlazor8 for taking up the call for C-extensions maintainers to fuzz their code.
-
Fuzzing pyhacl (https://codeberg.org/drlazor8/pyhacl), a package of Cython bindings for HACL* (the High Assurance Cryptographic Library), with fusil we only found one crash.
It turned out to actually be a silly bug in #Cython:
Issue: https://github.com/cython/cython/issues/7263
Fix: https://github.com/cython/cython/pull/7264
Goes to show how fuzzing a C-extension can uncover crashes in many different layers.
Thanks @drlazor8 for taking up the call for C-extensions maintainers to fuzz their code.
-
Fuzzing pyhacl (https://codeberg.org/drlazor8/pyhacl), a package of Cython bindings for HACL* (the High Assurance Cryptographic Library), with fusil we only found one crash.
It turned out to actually be a silly bug in #Cython:
Issue: https://github.com/cython/cython/issues/7263
Fix: https://github.com/cython/cython/pull/7264
Goes to show how fuzzing a C-extension can uncover crashes in many different layers.
Thanks @drlazor8 for taking up the call for C-extensions maintainers to fuzz their code.
-
Fuzzing pyhacl (https://codeberg.org/drlazor8/pyhacl), a package of Cython bindings for HACL* (the High Assurance Cryptographic Library), with fusil we only found one crash.
It turned out to actually be a silly bug in #Cython:
Issue: https://github.com/cython/cython/issues/7263
Fix: https://github.com/cython/cython/pull/7264
Goes to show how fuzzing a C-extension can uncover crashes in many different layers.
Thanks @drlazor8 for taking up the call for C-extensions maintainers to fuzz their code.
-
Організував репозиторій тут:
https://codeberg.org/vazub/colemakivka -
FEP-171b update: https://codeberg.org/fediverse/fep/pulls/454
Some clarifications, and an explanation of why FEP-fe34 authentication is important:
>The processing of unauthenticated embedded activities is strongly discouraged. If such activities are not rejected by the consumer, a malicious conversation owner may be able to perform a cache poisoning attack and overwrite any actor or a post in consumer's local cache by sending a forged Update(Actor) or Update(Object) wrapped in an Add activity.
This is not difficult to do. Someone makes a post and says "hey everyone, join my new @group about <popular_topic>". People join and the next day Gargron is messaging them and asking to fund Mastodon's new Trust & Safety initiative by donating bitcoins.
Similar attacks might be possible against FEP-1b12 implementations that don't authenticate announced activities.
-
FEP-171b update: https://codeberg.org/fediverse/fep/pulls/454
Some clarifications, and an explanation of why FEP-fe34 authentication is important:
>The processing of unauthenticated embedded activities is strongly discouraged. If such activities are not rejected by the consumer, a malicious conversation owner may be able to perform a cache poisoning attack and overwrite any actor or a post in consumer's local cache by sending a forged Update(Actor) or Update(Object) wrapped in an Add activity.
This is not difficult to do. Someone makes a post and says "hey everyone, join my new @group about <popular_topic>". People join and the next day Gargron is messaging them and asking to fund Mastodon's new Trust & Safety initiative by donating bitcoins.
Similar attacks might be possible against FEP-1b12 implementations that don't authenticate announced activities.
