Goofed Home

Hello Fediverse,

I would like to receive some feedback on this idea I have been kicking around, and see if others might be interested in contributing. I have a basic prototype that proves out most of the technology, but not much beyond that.

The basic general description is an Iroh based identity layer for the open web. This platform would serve three primary functions:

1. Preserve and consolidate social graph data in an encrypted local storage vault, allowing for import, display, and management of media and posts from both walled garden platforms and open platforms.
   
2. A “universal translator” across open platforms, allowing for seamless connection between activitypub, AT protocol, and rss subscriptions. You are able to link mastodon, Lemmy, pixelfed, loops, and blusky accounts and your legacy social media imports can also generate RSS subscription feeds for your previous Instagram or YouTube (among other platforms) subscriptions, with all this content showing up in a single filterable fleed.
3. Identities can be linked to any unique URL, using an umbrella DID. That URL can be any location the user chooses, including an indieweb page, a spacehey.com profile, or any other site the user controls and is able to host the corresponding DID document for cross platform identification.

There are many more details and features I have in mind that this architecture could facilitate, but this is the overarching basics of what I had in mind. I am very open to critique or analysis of this architecture, potential issues and limitations, as well as ideas for modification.

I would also welcome collaborators and contributors if there is interest, and I can open up the project for whoever may be interested. Let me know!

Forte and tootik use FEP-ef61 with server-managed keys. I am working on an application where keys are stored on the client side: minimitra. This is probably closer to your idea.

Do you want to use iroh for transport, or for identity?

Iroh was more of the p2p transport layer, but it is what facilitates the authentication through DID to the local vault. The work you linked is very relevant and will be definitely be of use!

In a blog post Richell notes that the New York version as far worse since it “explicitly forbids self-reporting and leaves the allowed methods to regulations written by the Attorney General” and so developers of operating systems and devices would have to have more than just your date of birth to put you into some age bracket like the California law seems to allow.

These types of laws seem to be popping up around the US. How long until this plague spreads to other countries?

It already did for a few years. Now countries seem to be formalizing it.

These types of laws seem to be popping up around the US. How long until this plague spreads to other countries?

There was a post on r/linux and OP said there were lobbyists for this bill, and Meta was one of them.

Feel free to have a look at

!movies@piefed.social
!television@piefed.social
!animation@piefed.social

Just Sinners. And, uh, Heathers. Not that different, really.

Watching the first season of Poirot because it was added to Netflix

Internet Protocol is the protocol underlying all Internet communications, what lets a packet of information get from one computer on the Internet to another.

Since the beginning of the Internet, Internet Protocol has permitted Computer A to send a packet of information to Computer B, regardless of whether Computer B wants that packet or not. Once Computer B receives the packet, it can decide to discard it or not.

The problem is that Computer B also only has so much bandwidth available to it, and if someone can acquire control over sufficient computers that can act as Computer A, then they can overwhelm Computer B’s bandwidth by having all of these computers send packets of data to Computer B; this is a distributed denial-of-service (DDoS) attack.

Any software running on a computer — a game, pretty much any sort of malware, whatever — normally has enough permission to send information to Computer B. In general, it hasn’t been terribly hard for people to acquire enough computers to perform such a DDoS attack.

There have been, in the past, various routes to try to mitigate this. If Computer B was on a home network or on a business’s local network, then they could ask their Internet service provider to stop sending traffic from a given address to them. This wasn’t ideal in that even some small Internet service providers could be overwhelmed, and trying to filter out good traffic from bad wasn’t necessarily a trivial task, especially for an ISP that didn’t really specialize in this sort of thing.

As far as I can tell, the current norm in 2026 for dealing with DDoSes is basically “use CloudFlare”.

CloudFlare is a large American Content Delivery Network (CDN) company — that is, it has servers in locations around the world that keep identical copies of data, and when a user of a website requests, say, an image for some website using the CDN, instead of the image being returned from a given single fixed server somewhere in the world, they use several tricks to arrange for that content to be provided from a server they control near the user. This sort of thing has generally helped to keep load on international datalinks low (e.g. a user in Australia doesn’t need to touch the submarine cables out of Australia if an Australian CloudFlare server already has the image on a website that they want to see) and to keep them more-responsive for users.

However, CDNs also have a certain level of privacy implications. Large ones can monitor a lot of Internet traffic, see traffic from a user spanning many websites, as so much traffic is routed through them. The original idea behind the Internet was that it would work by having many small organizations that talked to each other in a distributed fashion, rather than having one large company basically monitor and address traffic issues Internet-wide.

A CDN is also a position to cut off traffic from an abusive user relatively-close to the source. A request is routed to its server (relatively near the flooding machine), and so a CDN can choose to simply not forward it. CloudFlare has decided to specialize in this DDoS resistance service, and has become very popular. My understanding — I have not used CloudFlare myself — is that they also have a very low barrier to start using them, see it as a way to start small websites out and then later be a path-of-least-resistance to later provide commercial services to them.

Now, I have no technical issue with CloudFlare, and as far as I know, they’ve conducted themselves appropriately. They solve a real problem, which is not a trivial problem to solve, not as the Internet is structured in 2026.

But.

If DDoSes are a problem that pretty much everyone has to be concerned about and the answer simply becomes “use CloudFlare”, that’s routing an awful lot of Internet traffic through CloudFlare. That’s handing CloudFlare an awful lot of information about what’s happening on the Internet, and giving it a lot of leverage. Certainly the Internet’s creators did not envision the idea of there basically being an “Internet, Incorporated” that was responsible for dealing with these sort of administrative issues.

We could, theoretically, have an Internet that solves the DDoS problem without use of such centralized companies. It could be that a host on the Internet could have control over who sends it traffic to a much greater degree than it does today, have some mechanism to let Computer B say “I don’t want to get traffic from this Computer A for some period of time”, and have routers block this traffic as far back as possible.

This is not a trivial problem. For one, determining that a DDoS is underway and identifying which machines are problematic is something of a specialized task. Software would have to do that, be capable of doing that.

For another, currently there is little security at the Internet Protocol layer, where this sort of thing would need to happen. A host would need to have a way to identify itself as authoritative, responsible for the IP address in question. One doesn’t want some Computer C to blacklist traffic from Computer A to Computer B.

For another, many routers are relatively limited as computers. They are not equipped to maintain a terribly-large table of Computer A, Computer B pairs to blacklist.

However, if something like this does not happen, then my expectation is that we will continue to gradually drift down the path to having a large company controlling much of the traffic on the Internet, simply because we don’t have another great way to deal with a technical limitation inherent to Internet Protocol.

This has become somewhat-more important recently, because various parties who would like to train AIs have been running badly-written Web spiders to aggressively scrape website content for their training corpus, often trying to hide that they are a single party to avoid being blocked. This has acted in many cases as a de facto distributed denial of service attack on many websites, so we’ve had software like Anubis, whose mascot you may have seen on an increasing number of websites, be deployed, in an attempt to try to identify and block these:

https://lemmy.today/api/v3/image_proxy?url=https%3A%2F%2Fraw.githubusercontent.com%2FTecharoHQ%2Fanubis%2Frefs%2Fheads%2Fmain%2Fweb%2Fstatic%2Fimg%2Fhappy.webp

We’ve had some instances on the Threadiverse get overwhelmed and become almost unusable under load in recent months from such aggressive Web spiders trying to scrape content. A number of Threadiverse instances disabled their previously-public access and require users to get accounts to view content as a way of mitigating this. In many cases, blocking traffic at the instance is sufficient, because even though the my butt web spiders are aggressive, they aren’t sufficiently so to flood a website’s Internet connection if it simply doesn’t respond to them; something like CloudFlare or Internet Protocol-level support for mitigating DDoS attacks isn’t necessarily required. But it does bring the DDoS issue, something that has always been an issue for the Internet, back to prominent light again in a new way.

It would also solve some other problems. CloudFlare is appropriate for websites, but not all Internet activity is over HTTPS. DoS attacks have happened for a long time — IRC users with disputes (IRC traditionally exposing user IP addresses) would flood each other, for example, and it’d be nice to have a general solution to the problem that isn’t limited to HTTPS.

It could also potentially mitigate DoS attacks more-effectively than do CDNs, since it’d permit pushing a blacklist request further up the network than a CDN datacenter, up to an ISP level.

Thoughts?

1. Akamai is by a huge margin the single biggest CDN in the world, they are the 800lb gorilla. Fastly and Cloudflare aren’t minor players by any means, but their volume is not in the same league.
2. CDNs and DDOS don’t have much to do with each other. Cloudflare mitigates DDOS by scaling up network capacity and using pretty advanced pattern detection to simply soak up the traffic. Cloudflare is really, really good at scaling.

Now on that last point, there will indeed come a time when simply using the engineering technique of “making things bigger” won’t work if the attacks become sophisticated enough, but at that point networking will have fully become geopolitical tools (more than they are now).

A Layer-3 (network-layer) blacklist risks cutting off innocent CGNAT and cloud users. What you’re proposing is similar to mechanisms that already exist (e.g., access control lists at the ISP level work by asking computer B which requests it wants to reject and rejecting those that originate from computer A). However, implementing any large-scale blocking effort beyond the endpoint (i.e. telling an unrelated computer C to blackhole all requests from computer A to computer B) would be too computationally expensive for a use case as wide and as precise as “every computer on the Internet”.

Also, in your post you mentioned, “A host would need to have a way to identify itself as authoritative, responsible for the IP address in question.” This already happens in the form of BGP though it doesn’t provide cryptographic proof of ownership unless additional mechanisms are in use (RPKI/ROA).

Have you been rocking an old classic? Discovering something new? Revisiting some nostalgic bands from the past?

If you’ve got links, post ‘em up!

A fun tool for discovering new bands: https://www.music-map.com/

A friend of mine sent me some of his his recent find, Seb Lowe. A bit on the nose for me, but catchy.

https://youtu.be/jmjLNDobZqM

https://youtu.be/PuBbt10Atzo

https://youtu.be/Rt5qLFFcu6o

Been listening to early In Flames, before they turned alt metal.

While I couldn’t possibly choose between Clayman (2000) and Colony (1999) for a prolonged period of time, these 2 albums have really shaped my music tastes.

As for the past week, I can’t stop listening to Colony. It’s just too good. If you want a sample, the most well-known song is Zombie Inc. Failing that, I really recommend Colony (the track).

21916:https://lemmy.dbzer0.com/pictrs/image/77008464-cc53-4b31-bd21-9d4cc771733e.webp

@anthony@forum.unfinishedprojects.net did a like from an Mbin instance. 13 likes on my side.

• Piefed chat
  
• Fediverse wiki
  
• Guide and tutorial
  

!communitypromo@lemmy.ca • !newcommunities@lemmy.world • !fedigrow@lemmy.zip • !newtolemmy@lemmy.ca

Hi !

Welcome to our monthly thread ! I hope you are well :)

Here we will talk about feature, ui, concept accross the web and app as :
- voting for a new mods team
- nomadic identity
- collaborative writting with color
- a beautiful ui, Swiping gesture…
- accessibility idea…
- a personal project ?

Well, i hope we will find something fun to discuss and share. :)

Heh, it’s possible to integrate piefed inside zulip thanks to integrations. It’s also certainly possible to integrate zulip inside piefed but that’s another thing.

Integrating zulip inside piefed is certainly interesting, maybe just an adapter of the piefed api over zulip’s api should be enough. I don’t see why the software should be checked though

Somehow i think both software are similar, very close to each other. Zulip only misses a server federation protocole :)

Right now to me it’s more important to improve piefed so that I can use its api without using too much resources, and with a bit more reactivity

Well if you have the skill to achieve that it would be greatly appreciated. The dev team would be very happy to have a new contributor 😁 but you should follow your dream…i hope more users will help :3

I browse different lemmy instances usually because the feed is always different. Was blown away when I recently went to lemmy.today, no clue when they did the change but whoever is in charge of the design has my admiration! *(chef’s kiss)*

@UniversalMonk@anarchist.nexus @universalmonk@piefed.social Wanna give people the actual you instead of people misremembering what you said and did?

@UniversalMonk@lemmy.dbzer0.com Wanna give people the actual you instead of people misremembering what you said and did? Up in the thread.

cross-posted from: https://lemmy.ca/post/61027702

Trump’s Truth Social is based on Mastodon (even if with federation and syndication disabled), and the POTUS Threads profile iirc has ActivityPub enabled. Also wasn’t Germany that also adopted for some government profiles fediverse-compatible services? Or some other EU country. Still, if the neighbors and ideological allies of Canada already tapped into such projects, I’d say it’s no longer uncharted territory.

Also wasn’t Germany that also adopted for some government profiles fediverse-compatible services?

The German Goverment has a Mastodon instance:

https://social.bund.de/

Hi, new to the fediverse, mainly looking at Lemmy and mastodon right now through mbin, liking it very much.

I’m a Japanese language learner, currently at N3 and wanted to look at some fediverse content in that language. Keep hearing about misskey, but registration is limited from outside of Japan? I’m going over there next month, does that mean I could open an account while I’m there?

Also a bit confused about how it works, when browsing as a guest everything seems to scroll at lightning speed, how is one supposed to use it?

But if you follow enough users, won’t you start getting quite a good amount of that? Plus, you can probably just browse the local of some Misskey instance and then, if you want to comment or upvote, open it from within your own instance? It won’t be perfect, but I would imagine it will do the job just fine for a student.

One thing that I forgot: Misskey has feature of instance-only post, which means a lot of people post won’t federate.