Ryan Barrett
Ryan Barrett
Ideally include both traditional security factors and more human-centric user safety threat vectors.
We need to serve [ATProto handle resolution](https://atproto.com/specs/handle#handle-resolution) for all users bridged into ATProto (background: #381). They support both DNS and HTTPS methods, but our ATProto handles are multi-level, eg `@[email protected]`...
Hit a case recently where someone had `#nobot` in their profile bio, which [BF interpreted as them opting out](https://fed.brid.gy/docs#opt-out), but may not have been their intent. They tried to follow...
* https://console.cloud.google.com/errors/COibqNv9r7ynFg?project=bridgy-federated&time=P30D& * https://console.cloud.google.com/errors/CNeU44DZ_Ny47QE?project=bridgy-federated&time=P30D& * https://console.cloud.google.com/errors/CKfzv_v00anl8wE?project=bridgy-federated&time=P30D& * https://console.cloud.google.com/errors/CODcteTys5TIeA?project=bridgy-federated&time=P30D
When we get a follow, should we deliver the last few posts from the followee to the follower? Seems like it'd be nice UX. Those posts' published/updated dates will be...
We currently do some _authentication_ - verify HTTP sigs on incoming AP activities, require SSL and check certificates on web fetches - but we don't really do any _authorization_. We...
https://www.w3.org/TR/activitypub/#liked Collection of everything a given user has liked.
https://www.w3.org/TR/activitypub/#likes Collection of all likes on a given object.
https://www.w3.org/TR/activitypub/#shares Collection of all shares (`Announce`s) of a a given object.