manton
manton

I really dislike the Mastodon setting to require HTTP signatures for everything. It makes basic features like just grabbing some JSON for an actor more difficult. The user’s profile is on the public web anyway! We need apps that work natively with the web on its own terms, not more protocol layers.

|
Embed
Progress spinner
jsonbecker
jsonbecker

@manton this is really common, unfortunately. A lot of web stuff that is all thrown behind “best practice” to guard against some kind of attack vector that makes 0 sense.

|
Embed
Progress spinner
In reply to
manton
manton

@jsonbecker Yeah. I'm not even sure what the attack is that couldn't be better solved with something like rate-limiting. Sometimes it feels like the Mastodon world can't decide if they want an open web or private accounts. Gets muddled in the middle.

|
Embed
Progress spinner
dave
dave

@manton It's nice to hear you sing this song.

It works better in harmony than just as one lonely voice out in the wildnerness.

|
Embed
Progress spinner
oddevan
oddevan

@manton this this this!

|
Embed
Progress spinner