Another very different part of the #fediverse that you can follow from #Mastodon is #flipboard. However, you can't follow topics/hashtags, only accounts, so if you really want to see EVERYTHING that the #AssociatedPress / #AP puts out, for example, you can follow @AssociatedPress, but that might be a bit much if you're just interested in something like #USpolitics / #USpol.

Hi @toddsundsted,
my https://Seppo.mro.name/aseppototry makes a web view of it's posts as #feed https://doi.org/10.17487/RFC4287 and uses #AP https://www.w3.org/TR/activitypub to federate.
The conversion of single incoming #AP note -> feed entry #RFC4287 is: https://codeberg.org/seppo/seppo/src/commit/d927311ca/lib/ap.ml#L1213-L1242

Feed entry -> AP note here: https://codeberg.org/seppo/seppo/src/commit/d927311ca/lib/ap.ml#L1168-L1211

What usecases do you have in mind?

Hi @toddsundsted,
my https://Seppo.mro.name/aseppototry makes a web view of it's posts as #feed https://doi.org/10.17487/RFC4287 and uses #AP https://www.w3.org/TR/activitypub to federate.
The conversion of single incoming #AP note -> feed entry #RFC4287 is: https://codeberg.org/seppo/seppo/src/commit/d927311ca/lib/ap.ml#L1213-L1242

Feed entry -> AP note here: https://codeberg.org/seppo/seppo/src/commit/d927311ca/lib/ap.ml#L1168-L1211

What usecases do you have in mind?

It's sad to see instances shut down without warning, I'm working on a short term and long term plan

The short term plan: Personal Archive Node (PAN) - The Mini-PDS

PAN will work with Pixelfed, Loops, Mastodon and other projects, and you can self-host or use a trusted PAN server, giving you peace of mind knowing *most* of your data is easily recoverable + migratable to another server, should you ever need it ✨

The long term plan: Personal Data Vault (PDV) - DID Layer for ActivityPub

#soon #ap

Hi @toddsundsted,
my https://Seppo.mro.name/aseppototry makes a web view of it's posts as #feed https://doi.org/10.17487/RFC4287 and uses #AP https://www.w3.org/TR/activitypub to federate.
The conversion of single incoming #AP note -> feed entry #RFC4287 is: https://codeberg.org/seppo/seppo/src/commit/d927311ca/lib/ap.ml#L1213-L1242

Feed entry -> AP note here: https://codeberg.org/seppo/seppo/src/commit/d927311ca/lib/ap.ml#L1168-L1211

What usecases do you have in mind?

It's sad to see instances shut down without warning, I'm working on a short term and long term plan

The short term plan: Personal Archive Node (PAN) - The Mini-PDS

PAN will work with Pixelfed, Loops, Mastodon and other projects, and you can self-host or use a trusted PAN server, giving you peace of mind knowing *most* of your data is easily recoverable + migratable to another server, should you ever need it ✨

The long term plan: Personal Data Vault (PDV) - DID Layer for ActivityPub

#soon #ap

Så Ap vil ha en overgang og de vil ha det innen et bestemt tidspunkt. Men de er villige til å lage regjeringskaos for å ikke si at vi må lage en plan for å oppnå deres egne mål. Interessant strategi.

> For to uker siden undertegnet utenriksminister Espen Barth Eide (Ap) et dokument sammen med EU, hvor de er enige om en «rettferdig, ordnet og rimelig overgang» fra fossilt brensel fram mot 2050.

https://www.vg.no/nyheter/i/XMlmVg/regjeringen-kan-ha-lovet-eu-det-de-nekter-aa-gi-mdg

#budsjettforhandling #NorskTut #Ap #olje #klima

after firing his journo for asking a Q about #Israel,Italian news agency #AgenziaNova stated that that Q embarrassed the agency as it was relaunched by Russian&Islamic channels.Imagine #AP firing #MattLee after he was relaunched by #RT for grilling #USStateDept on #Snowden

#AP -
what was in the note:
‘We need your approval for a Truth Social post soon so you can be the first to announce the deal,’ a photographer from the AFP news agency observed …

[de-DE]
"Wir brauchen bald Ihre Genehmigung für einen Truth-Social-Beitrag, damit Sie den Deal als Erster bekannt geben können", wie ein Fotograf der Nachrichtenagentur AFP am Mittwoch während eines Treffens im Weißen Haus beobachtete.
https://www.t-online.de/nachrichten/ausland/usa/id_100948088/rubio-schiebt-trump-einen-zettel-zu-der-us-praesident-staunt.html
#Trump

Recently on the #ActivityPub developers forum SocialHub, the last active admin announced an intention to stop doing essential maintenance. Since then, we've been talking about the need for new governance;

https://socialhub.activitypub.rocks/t/socialhub-developer-community-reboot-or-shutdown/5445/

We need an admin team responsive to the community who gather there (whether to comment or just read). People whose priority is to help us share knowledge and solve problems together, so we can make the fediverse better for everyone.

(1/3)

#AP #ActivityPub #SocialHub

The statement called on Israel to allow journalists in & out of Gaza & allow adequate food supplies into the territory." | CBC https://www.cbc.ca/news/world/news-organizations-journalists-gaza-face-starvation-1.7592779

See the joint statement: https://www.bbc.co.uk/mediacentre/statements/joint-statement-on-gaza-from-afp-ap-bbc-news-reuters

The statement called on Israel to allow journalists in & out of Gaza & allow adequate food supplies into the territory." | CBC https://www.cbc.ca/news/world/news-organizations-journalists-gaza-face-starvation-1.7592779

See the joint statement: https://www.bbc.co.uk/mediacentre/statements/joint-statement-on-gaza-from-afp-ap-bbc-news-reuters

Summer in the UK usually involves a visit to the pub 🍻

At the Newsmast Foundation, we're spending our summer at a different kind of pub - Activity Pub (but yeah, we'll probably be at the other kind once or twice too)!

The structure of the AP protocol means social is in its DNA, just like it is at your local! Our hope is that, just like your local, AP can provide a hub for your community too 🏡

#ActivtyPub#Fediverse#Mastodon#SocialMedia#Tech#AP#APProto#Tech

Concept for discussion: Replacing HTTP Signatures with Bearer Tokens for ActivityPub Federation

Curious what other people think about this idea. What if federation security was re-worked to use target-assigned bearer tokens to authenticate GET/POST requests? This would remove the need for complicated signing schemes and reduce system load under heavy traffic bursts (as no cryptography is required).

A basic implementation could look like this:

1. When instance A (a.example.com) first attempts to federate with instance B (b.example.com), a POST request is made to a dedicated registration endpoint. (for discussion, we'll say it's https://b.example.com/activity-pub/register-instance). This request includes fields necessary for verification, including the source domain name, target domain name, and a securely-generated verification token. Other metadata could be included to allow instance B to selectively allow/prohibit federation based on other criteria, but this is optional.
2. Instance B makes a POST request back to a dedicated verification endpoint on instance A (for discussion, we'll say it's https://a.example.com/activity-pub/verify-registration). This request must include the target domain name and verification token provided in step 2.
3. Instance A checks the verification token (and verify that it matches the target domain name) and return a successful value. The verification code must be invalidated after this call!
4. Instance B, after verifying instance A's request, returns a securely-generated federation key back to instance A. This federation key is a bearer token used to authenticate all requests from instance A to instance B. This key must be unique to instance A!
5. Instance A completes the original request with the Authorization header set to Bearer {federation_key}.
6. Instance B receives the request, detects the federation key, and checks it against the list of registered instances.
7. If the key does not exist or A has been defederated, then a 403 Forbidden error is returned.
8. If the key is expired or revoked, then 401 Unauthorized error is returned. Upon receiving a 401 error, instance A should start over from step 1 to re-authenticate and complete the request with a new token. This process should not be repeated for recursive failures!
9. If the key is approved, then a 200 OK response or 202 Accepted response is returned, and A can consider the request as successful.

Advantages versus HTTP Signatures:

• No cryptography requirements.
• Simple logic, no edge cases around HTTP query parameters or header order.
• Equally effective for all request types.
• Keys can be easily revoked or rotated.
• Supports authorized fetch and defederation use cases "by default".

Disadvantages versus HTTP Signatures:

• Breaks the actor model - instances are required as a first-class concept. (but really, the actor model is basically dead already. you can't even federate reliably without a WebFinger server, at minimum.)
• Requires multi-request "handshake" before communication. (but this is already required in practice, since a signature can't be validated without first requesting the signing actor.)
• Out-of-band protocol - communication can't happen over ActivityPub / ActivityStreams because this is a prerequisite to authenticate any request. (but again, we already require WebFinger and some software requires NodeInfo for full support.)

So, what are your thoughts? Good idea? Bad idea? Did I miss something? Please let me know, I welcome replies here!

#ActivityPub #AP #Federation

Concept for discussion: Replacing HTTP Signatures with Bearer Tokens for ActivityPub Federation

Curious what other people think about this idea. What if federation security was re-worked to use target-assigned bearer tokens to authenticate GET/POST requests? This would remove the need for complicated signing schemes and reduce system load under heavy traffic bursts (as no cryptography is required).

A basic implementation could look like this:

1. When instance A (a.example.com) first attempts to federate with instance B (b.example.com), a POST request is made to a dedicated registration endpoint. (for discussion, we'll say it's https://b.example.com/activity-pub/register-instance). This request includes fields necessary for verification, including the source domain name, target domain name, and a securely-generated verification token. Other metadata could be included to allow instance B to selectively allow/prohibit federation based on other criteria, but this is optional.
2. Instance B makes a POST request back to a dedicated verification endpoint on instance A (for discussion, we'll say it's https://a.example.com/activity-pub/verify-registration). This request must include the target domain name and verification token provided in step 2.
3. Instance A checks the verification token (and verify that it matches the target domain name) and return a successful value. The verification code must be invalidated after this call!
4. Instance B, after verifying instance A's request, returns a securely-generated federation key back to instance A. This federation key is a bearer token used to authenticate all requests from instance A to instance B. This key must be unique to instance A!
5. Instance A completes the original request with the Authorization header set to Bearer {federation_key}.
6. Instance B receives the request, detects the federation key, and checks it against the list of registered instances.
7. If the key does not exist or A has been defederated, then a 403 Forbidden error is returned.
8. If the key is expired or revoked, then 401 Unauthorized error is returned. Upon receiving a 401 error, instance A should start over from step 1 to re-authenticate and complete the request with a new token. This process should not be repeated for recursive failures!
9. If the key is approved, then a 200 OK response or 202 Accepted response is returned, and A can consider the request as successful.

Advantages versus HTTP Signatures:

• No cryptography requirements.
• Simple logic, no edge cases around HTTP query parameters or header order.
• Equally effective for all request types.
• Keys can be easily revoked or rotated.
• Supports authorized fetch and defederation use cases "by default".

Disadvantages versus HTTP Signatures:

• Breaks the actor model - instances are required as a first-class concept. (but really, the actor model is basically dead already. you can't even federate reliably without a WebFinger server, at minimum.)
• Requires multi-request "handshake" before communication. (but this is already required in practice, since a signature can't be validated without first requesting the signing actor.)
• Out-of-band protocol - communication can't happen over ActivityPub / ActivityStreams because this is a prerequisite to authenticate any request. (but again, we already require WebFinger and some software requires NodeInfo for full support.)

So, what are your thoughts? Good idea? Bad idea? Did I miss something? Please let me know, I welcome replies here!

#ActivityPub #AP #Federation

[now let's see if they do something]

from #AssociatedPress#AP#APNews
By SYLVIA HUI and JILL LAWLESS
Updated 1:05 PM EDT, July 21, 2025

LONDON (AP) — Twenty-five countries including #Britain, #France and a host of #European nations issued a joint statement on Monday that puts more pressure on #Israel, saying the war in #Gaza “must end now” and Israel must comply with international law.

The foreign ministers of countries including #Australia, #Canada and #Japan said “the suffering of civilians in Gaza has reached new depths.” They condemned “the drip feeding of aid and the inhumane killing of civilians, including children, seeking to meet their most basic needs of water and food.”

The statement described as “horrifying” the deaths of over 800 #Palestinians who were seeking aid...

https://apnews.com/article/europe-israel-hamas-war-gaza-e4062cffa9585790061105236a93d8e5/

#StopStarvingGaza
#Palestine#MiddleEast#WestAsia#EU
#news #press #politics @palestine

[now let's see if they do something]

from #AssociatedPress#AP#APNews
By SYLVIA HUI and JILL LAWLESS
Updated 1:05 PM EDT, July 21, 2025

LONDON (AP) — Twenty-five countries including #Britain, #France and a host of #European nations issued a joint statement on Monday that puts more pressure on #Israel, saying the war in #Gaza “must end now” and Israel must comply with international law.

The foreign ministers of countries including #Australia, #Canada and #Japan said “the suffering of civilians in Gaza has reached new depths.” They condemned “the drip feeding of aid and the inhumane killing of civilians, including children, seeking to meet their most basic needs of water and food.”

The statement described as “horrifying” the deaths of over 800 #Palestinians who were seeking aid...

https://apnews.com/article/europe-israel-hamas-war-gaza-e4062cffa9585790061105236a93d8e5/

#StopStarvingGaza
#Palestine#MiddleEast#WestAsia#EU
#news #press #politics @palestine