Lady @Lady@cat.family

would you follow me into the darkness? 🥺
stay by my side and fight with me? 🥺

spooky valentines day 🖤

your annual reminder that english horror is a specialized form of romanticism

actually this is a lie, it is my beef to pick; i am a native speaker of English

i realize this isn’t my beef to pick but i just don’t think you should use the term 4-koma if your strips don’t actually follow the narrative structure of 4-koma

just say “four-panel” lol

both pandemics were overseen by Dr Anthony Fauci

not that remembering the AIDS crisis isn’t important but i think thinking about one can help when thinking about the other

01 December is currently marked as Aidsmas but it is also the day on which symptoms began for COVID patient zero so i’m strongly considering making it a day about how governments will fuck you over with a pandemic in general

me the rest of the year: idk maybe i want a bit overboard with this Hallowtide thing i mean do we really need over a month dedicated just to meditating on death and debility

me once november actually hits: no yeah this here is about the vibes

Hallowtide extends through 05 December in KIBI observance so i will not be changing my avatar until then

ah yes, we’re entering the part of the year that the KIBI calendar actually has defined observances for

i guarantee you your mastodon timeline will not be all middle-to-upper class

at least i am consistent

today i had a good idea for a piece of code that, when i looked, i also apparently had a month ago and then forgot about

@mariusor @noracodes it's possible to mitigate this in current (HTTPbis) HTTP signatures, and maybe in the draft mastodon implements too, but to my knowledge mastodon currently does not have the logic needed to defend against somebody replaying somebody else's properly-signed request or similar related issues

@mariusor @noracodes there is a lot more handshaking which needs to happen with pulls also because replay attacks are much more dangerous. if someone replays a push then the server just gets notified of a status twice. but if someone replays a GET then they could have access to all the content that other user saw.

@mariusor @noracodes HTTP signatures do allow for signed pulls, but there is no standardized mechanism for specifying which user is making the pull (which isn't a problem for pushes; it’s in the payload). without knowing which user is making the request, it's impossible to know how to respond correctly (and obviously you don't want user A to be able to sign a request by user B).

mastodon could probably hack a de-facto solution to get around this (maybe it already does; it's been a while since i looked at the HTTP signatures code) but it wouldn't be standardized; the bigger issue though is definitely the fact that there is no real motivation to do so. it's one thing to go through all the posts a user has made and filter them by “does X have access?” but an outbox should properly also include favourites and other kinds of actions the user has made, which sounds expensive to me :P .

footnote: HTTP signatures is not a GREAT auth mechanism regardless, on account of the fact it is currently undergoing IETF standardization and the current HTTPbis draft is very different from the one mastodon implements. that's not really an argument for or against them for this use-case, but it is annoying.

✨Gen II✨

the glitch was really obvious because the lower half of the screen was replaced with repeating question marks but amazingly after exiting the game, transferring the mon, and reopening the game itself seems to have recovered fine