Highlight of my workday was debugging an issue that turned out to be nothing like what the reporter had diagnosed.
The report suggested that our system was having problems parsing URLs with colons in the pathname, suggesting perhaps an encoding issue. It wasn't until I took a deep dive into the logs that I realised that this was a secondary characteristic of many URLs found in customers' SharePoint installations. And many of those URLs get redirected. And SharePoint often uses relative URLs when it sends redirections. And it turned out that our systems' redirect handler... wasn't correctly handling relative URLs.
It all turned into a hundred line automated test to mock SharePoint and demonstrate the problem... followed by a tiny two-line fix to the actual code. And probably the most-satisfying part of my workday!
Given the US recently made a bid to fast-track multiple censorship bills, KOSA included, and is also trying to kill Section 230 now, which will pose an existential threat to Fediverse instances hosted over the clearnet, how feasible would it be to host said instances over Tor/I2P?
One example is HTTP signatures. Servers sign their payloads and receiving servers should validate not just the hash but ensure the payload is not too old. Mastodon allows for a twelve hour difference (https://docs.joinmastodon.org/spec/security/#http-signatures) but other software might be stricter for security reasons. The a bunch of things like webfinger were designed around public dns and public key chains A mastodon server running on the open internet and/or expecting public keychain HTTPs will not be able to federate with something running in tor.
You could cut enough corners to make something that federates inside tor, but at that point it's better to design something around tor's features.
:neofox_thinking: http/1.1 servers can opt to send neither Content-Length nor Transfer-Encoding in a response, in which case a client should continue to read the response until the connection is closed. how do clients prevent themselves from getting DoSed by a malicious server that just sends an infinite stream their way, or something like that?
Today in User Space
🥾We'll need to resize the /boot
🤖Stuff an #LLM into #Fedora
🦊Handle our profiles in #Firefox
🕸️Let go of our #HTTP sites
⚙️Inject malice into prompts
☄️And recap the Cosmic Desktop
Typically HTTP APIs speak JSON or XML, but what are some other human-readable formats folks have seen that was useful? How about text/plain and sending INI, TOML, RESP etc. for some simpler and smaller request/responses that are still self-describing? These seems nicer for languages that don't have good JSON/XML support or if they do their libraries are cumbersome and awkward to use.
How feasible would it be to host Mastodon, Pixelfed, Lemmy, Friendica, or Matrix over Tor/I2P?
Given the US recently made a bid to fast-track multiple censorship bills, KOSA included, and is also trying to kill Section 230 now, which will pose an existential threat to Fediverse instances hosted over the clearnet, how feasible would it be to host said instances over Tor/I2P?
🌐 Ever wondered what really happens when you type a URL and hit Enter? ( javascript.plainenglish.io )
I just broke down HTTP requests in simple terms—perfect for anyone starting web development or wanting to understand the web’s backbone. ...