Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Administered by:

Server stats:

812
active users

digitalcourage.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#api

21 posts14 participants5 posts today
Continued thread
Public *
Marcus Jaschen

[...] 2/2

🧑‍🍳 Meine Erkenntnis vom Wochenende: Haltet mir die Elektronik aus der Küche fern

🗾 Ich baue mir gerade eine Höhendaten Web-API auf Grundlage gut aufgelöster SRTM1- und Lidar-Daten

🗺️ dev.bikerouter.de mit Vite-basiertem Build-Prozess

🔊 In dieser Woche gehört: Sayuara, MEEMA, Dennis Rema

#Wochenrückblick #Bikerouter #GravelOverlay #Gravel #Interview #Heise #ct #Erkenntnis #Kochen #Küche #SRTM #API #Vite #Techno

marcusjaschen.de/blog/2025/202

Marcus Jaschen · Rückblick Kalenderwoche 2025-29
More from Marcus Jaschen
Public *
Marcus Jaschen

Wochenrückblick, Ausgabe 101 (2025-29)

Themen:

🗺️ Bikerouter Gravel-Overlay jetzt weltweit verfügbar

🚵‍♂️ Diese Radverkehrsanlage steht mitten im Wald und gibt Rätsel auf

🎤 Ich gab ein Interview für Heise/c't

[…] 1/2

#Wochenrückblick #Bikerouter #GravelOverlay #Gravel #Interview #Heise #ct #Erkenntnis #Kochen #Küche #SRTM #API #Vite #Techno

marcusjaschen.de/blog/2025/202

Marcus Jaschen · Rückblick Kalenderwoche 2025-29
More from Marcus Jaschen
Public
Nordnick 🐘

Wie föderiert #Mastodon eigentlich die Information über einen verifizierten Link?

Über die #Client-#API liefert #Mastodon im [fields]-Array neben [name] und [value] ein [verified_at], was null sein kann... oder einen TimeStamp enthält, z.B. "2019-11-10T10:31:10.744+00:00".

Frage ich aber einen Account direkt über seine URL ab und frage nach JSON, erhalte ich eine Struktur, wo dieses [verified_at] offenbar nicht enthalten ist.

Für die Felder (Name/Wert-Paare) ist ein [attachment]-Array enthalten. Diese liefert Felder wie [type] ("PropertyValue") sowie [name] und [value].

Und damit sind wir wieder bei meiner einleitenden Frage...

#Fediverse#ActivityPub#Verify
Public
Verfassungklage@troet.cafe

Angriffe auf #OpenSource #Entwicklerumgebungen nehmen drastisch zu.

Im zweiten Quartal 2025 identifizierte #Sonatype über 16.000 schädliche #Pakete. Das entspricht einem Anstieg von 188 Prozent im Vergleich zum Vorjahr. Besonders betroffen ist der #OpenSource Bereich, wo gezielte Angriffe auf Entwicklerumgebungen zunehmend zur Regel werden.

Im Fokus der Angreifer stehen sensible Informationen wie #Zugangsschlüssel, #API Tokens und Konfigurationsdateien.

fosstopia.de/angriffe-oss-entw

fosstopia · Angriffe auf Open Source Entwicklerumgebungen nehmen drastisch zu - fosstopiaTechnik-Blog für Linux, Unix, Open Source, Cloud Computing, Nachhaltigkeit und Co.
Public
Blender Dumbass ( J.Y.Amihud )

From: blenderdumbass . org

This article is published on a website which is powered by BDServer. And I'm trying to make this website support ActivityPub, so you could for example, subscribe to me from your Mastodon account. Yet it is easier said than done.

If you have any experience with ActivityPub, web-development or Python, please consider helping me. We have BDServ...

Read: blenderdumbass.org/articles/pl

blenderdumbass . orgPlease Help Me With Activity Pub
More from Blender Dumbass ( J.Y.Amihud )
#activitypub#fediverse#mastodon
Replied in thread
Public *
Kevin Karhan :verified:

@troed @dalai @foone The problem will be that one will have to reimplement the "#API" as #api0 from scratch by running inspectors in browsers all the time...

  • Remember: The platforms that run these are hostile to the very idea of said phat client.

It'll necessitate all api 0 calls to come from the same #IPv4 and/or #IPv6 as the end-user and hide itself with a fake #UserAgent to prevent countermeasures like #RateLimiting and #blocking.

digipres.clubFoone🏳️‍⚧️ (@foone@digipres.club)The basic philosophy of adversarial automation is that the software/website is the enemy.
Replied in thread
Public *
Kevin Karhan :verified:

@troed @dalai yes, you did misunderstood it as it's still some shitty bridging which runs a way higher risk of getting blocked by #API changes instead of a *"cleanroom" implementation that parses the webinterface and web API with a regular #UserAgent like a #Browser.

Or as @foone said: "#api0"

  • It should be broken down to something that is not dependent on centralized infrastructure to work!
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)One thing that really pisses me off personally is the #regression in terms of #Messenger #Apps. My personal distaste and dislike for #proprietary, #SingleVendor & #SingleProvider #services like #Signal [¹](https://infosec.space/@kkarhan/114234551915193036), #Telegram, #Discord [²](https://infosec.space/@kkarhan/114865723904157014), #WhatsApp [³](https://infosec.space/@kkarhan/114873895410403238), #Slack, #MicrosoftTeams, etc. aside: - *WHY* is there no #CrossProvider #Messenger to handle that shite? - *WHY* does everyone of these shitty providers think people want to download their #bloated #WebApp that takes up triple digit Megabytes if not entire Gigabytes and will gobble up all the #RAM and #CPU they can?? This problem ain't new and *already got [solved for corporate social media](https://infosec.space/@kkarhan/114862619013462466) ages ago!* (Not to mention actually good messengers!) - And no, [bridges](https://toots.ch/@dalai/114862754556459439) *[don't](https://swecyb.com/@troed/114862774972645542) count*! - I mean `API 0` - [style](https://digipres.club/@foone/112685423773959519) access because obviously [none of the platforms](https://digipres.club/@foone/112685414638522984) will *allow, endorse or support such an endeavour* and [*actively fight the developers and users*](https://digipres.club/@foone/112685441496803574) ! So yeah, consider this a call for a @gajim@fosstodon.org / #Gajim or @pidgin@fosstodon.org / #Pidgin *for garbage platforms!* - Cuz back in the day we had *way worse messengers* yet people actually made #AIM, #ICQ, #MSN, #QQ, #IRC & #XMPP work just fine from one single *"phat" client*! - Can we please get that back? #api0 #Enshittification
Public
Felix Moessbauer

While debugging why the #linux #entra #sso #webextension fails to handle token refresh, I noticed a pretty bad design decision in the requestBlocking / declarativeNetRequest #API You need to permit both the source and the target URL to change the request headers (i.e. the app and the login provider).

That's unfortunate, as I was hoping to only grant the login provider URL, no matter which page is using it...

github.com/siemens/linux-entra

These changes bring us closer to what the Edge browser is sending to the broker. We are still not fully there, but this is as far as I was able to deduce things from the official docs. One paramete...
GitHubimprovements of broker protocol and silent token refresh by fmoessbauer · Pull Request #75 · siemens/linux-entra-ssoBy fmoessbauer
Replied in thread
Public *
Kevin Karhan :verified:

@FandaSin nodds in agreeement

I also think that this is kinda #MissedOpportunity for #IndieDevs and #SmallDevelopers: infosec.space/@kkarhan/1148626

I'm not even entertaining the fantasy that this is gonna be done in the Form of some #FLOSS because obviously rapid #API changes at random are far more expensive to deal with than say old, quite static protocols where the minimalist implementation of #IRC or #XMPP has been done dozens of times and where specs detail anything extra and where things like #OMEMO take years to get #downstream'd...

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Like: There's not much of a technical reason something similar to @zulip@fosstodon.org 's #TUI - [based client](https://github.com/zulip/zulip-terminal) could exit. - Obviously #proprietary platforms - (just like #Shitter even before #ApartheidEmeraldBoy took over and speedrun it into becoming a #NaziBar) - will try to [passive-aggressively stifle](https://social.linux.pizza/@FandaSin/114862630037724045) such #clients, but still... If people can build #bots for shite [like](https://www.askpython.com/python/examples/python-discord-bot) #discord, #Telegram, etc. then why not make an actually *good client* ???
ExploreLive feeds
About