skullgiver

I don't see why not. Based on the spec, a server submits a request signed by a keyId which the receiving server caches or obtains, but the new server is also queried for the keys belonging to the actor. You cannot reuse the old key IDs (probably) because it'll stay in the cache, but you can just add new keys of your own.

Step 10 of the key verification algorithm explicitly instruct the server to ignore the old key and fetch a new one, in case the other server has done a blind key rotation.

In other words, the ActivityPub spec only verifies that an account was the source of a message at the time a server submitted or forwarded an event. It does not validate that an Update with new text contents belongs to the same server that once Created the object.

Of course, I expect ActivitiyPub software to (mis)implement this spec in different ways. Some software will be protected against domain hijacking, others will leave domains once registered completely useless in the future for common actor names in ActivityPub.

There is, but the protocol is designed that you can't buy a domain for a month, set up a server, and then let it expire, leaving it unable to use ActivityPub for decades after because you posted a few things to Mastodon with popular usernames.

There is public/private key authentication, but the server is queried for its current keys when verifying content. This allows lemmy.ml to forward lemmy.dbzer0.com content to any other server without knowing the private key, because the receiving server will call back to the original server (if they key is not already cached) and use the user's public key to verify the message.

Once the domain expires and a new person buys the domain, that new person is in charge of what keys a domain lists or not. That, combined with the fact blind key rollover is permitted, leaves it up to programmers of individual servers to decide if they accept the new keys or not (the spec says they should).

https://github.com/google/libphonenumber/blob/master/FALSEHOODS.md has falsehoods about phone numbers.

Country codes are variable. Even the "I'm about to dial another country prefix" (usually + resolves to 00 but that depends on country and carrier) is variable. Phone number lengths are variable. Phone numbers are often written in non-Arabic numerals. Phone numbers can have specific digits in the middle of the number to reroute the call to another carrier.

You can try to parse phone numbers if you're writing a specific phone number parsing library, but you'll need to keep up with the ITU documents, the numbering plans of all countries and satellite providers, and provide support for older standards going back to the 60s. You'll need to deal with edge cases that your language probably doesn't even have names for. And most importantly, you'll have to guess what country the phone number is from based on context clues such as the user's language or location or locale because phone numbers can be and are reused across borders.

Phone numbers are worse than time zones. Don't parse them yourself unless you're building an international phone interconnect.

Kids shouldn't even be on social media, but at least the corporate ones are covering their ass against lawsuits well enough that they try to moderate content.

The Fediverse is not a place for kids. Servers catering especially towards kids are DEFINITELY not for kids, because that's exactly the kind of server I would build if I were a pedo.

The legal requirements for hosting content for kids are a massive headache that you definitely don't want to take on as a volunteer. The Fediverse can't even comply with the GDPR, let alone COPPA and its many international alternatives that actually see enforcement.

Of course I was a kid on the internet too and very few websites care about lying about your age, but if you do that and see the occasional dick, fetish porn or gore, you've only got yourself to blame. Plus, the Fediverse is full of misinformation, lies, and propaganda, from every side of the spectrum. Moderators can only do so much, and some moderators straight-up post misinformation and propaganda themselves. Best not to expose kids to any it that shit until their brains have developed a bit more.

Note that because of the way federation works, the domain can be bought by someone else who can then use the connections and links to lemm.ee images and posts to peddle spam and other nonsense. It's not a problem as long as the domain name stays under control of the lemm.ee admins, but if they don't renew their registration then anyone can pretend to be the old lemm.ee server.

Best for lemm.ee users to delete images from their posts and comments now so whoever grabs the domain in a year or so can't use it to inject weird shit into your old posts as easily. Of course they still can create new accounts for all.the old account names and post in your name if they want, but the user private keys should prevent that for individual posts if the other server software is smart enough to validate them.

Oracle has a generous free server offering. You will need to trust Oracle not to turn off your server because a business customer needs it, though. Availability of their good free tier also fluctuates and you need to figure out their weird IP/firewall/security config.

You need a domain name to effectively federate, too. There are free options available for those too, but they're not very reliable.

We pretty much had this when the first reliable Mastodon<->Bluesky bridge came online. The Fediverse side protested and made the entire system opt-in, making it practically unusable because people that don't have a favourite Linux distro don't know what a fedi is and why they should bridge to it.

When this goes live, I expect people to treat it the same as every other sizeable social media joining the Fediverse, with outrange and block lists.

To prevent annoying trolls from digging through my post history, mostly. I've seen people do this on Lemmy, one person even had a stalker that would go server to server to reply angrily to their posts because he felt "wronged" somehow. Plus, nobody is reading this stuff after a month anyway, the only readership of old comments is AI scrapers trying to steal my words for their algorithm.

Of course, deleting stuff on Lemmy doesn't mean actually deleting anything. You can trivially ignore deletion requests as a server and some seem to keep old copies of deleted content.

There's no automated way to do it with Lemmy so I've written my own automation tool that occasionally runs.

[This comment has been deleted by an automated system]