I really dislike the Mastodon setting to require HTTP signatures for everything. It makes basic features like just grabbing some JSON for an actor more difficult. The user’s profile is on the public web anyway! We need apps that work natively with the web on its own terms, not more protocol layers.
Jason Becker this is really common, unfortunately. A lot of web stuff that is all thrown behind “best practice” to guard against some kind of attack vector that makes 0 sense.
Manton Reece @jsonbecker Yeah. I’m not even sure what the attack is that couldn’t be better solved with something like rate-limiting. Sometimes it feels like the Mastodon world can’t decide if they want an open web or private accounts. Gets muddled in the middle.
Dave Winer It’s nice to hear you sing this song.
It works better in harmony than just as one lonely voice out in the wildnerness.
