this post was submitted on 03 Jul 2023
118 points (98.4% liked)

Programming

17319 readers
54 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 1 year ago
MODERATORS
 

I recently went on quite a rabbit hole regarding the .well-known directory, and wrote about it.

top 12 comments
sorted by: hot top controversial new old
[–] ragnarokonline@vlemmy.net 13 points 1 year ago (1 children)

Love these little compsci investigation articles. Thanks for sharing!

[–] ishanpage@programming.dev 5 points 1 year ago

Glad you liked it! Thanks for reading ❤️

[–] u_tamtam@programming.dev 8 points 1 year ago
[–] pe1uca@lemmy.pe1uca.dev 6 points 1 year ago (2 children)

It's a really nice anecdote where I see myself reflected haha, I'm just in the middle of something similar with RSA and Ed25519, and also the post-quantum cryptography scene.
But usually once I'm done investigating and I think I understood something well enough I simply bookmark the links, write some bullet points in my notes and that's it.

Do you also have this issue? Do you finish the investigation and start writing for a blog post right away? Or do you just come back to it after some time?

[–] ishanpage@programming.dev 5 points 1 year ago

Haha this is exactly me. That habit of losing the knowledge rapidly post investigation is something I'm trying to break, and that's part of the reason I banged out this blog post immediately after my itch was satisfied.

The "I have to tell people about this NOW" vibe also carried me through completing my website (just so I could publish this blog post)

[–] silver@lemmy.brendan.ie 2 points 1 year ago (1 children)

Out of curiosity are ye planning to do a post about RSA and ED25519?

[–] pe1uca@lemmy.pe1uca.dev 3 points 1 year ago (1 children)

I do want to, not sure when, but I'll find the time since OP gave me a bit of a boost in confidence I can do it :)

[–] ishanpage@programming.dev 3 points 1 year ago

I'll be sure to read it when you do :)

[–] snowe@programming.dev 6 points 1 year ago (1 children)

That is really interesting. Does anyone have an example of what a web finger might contain? It says avatar data but I’m interested in how sites use it.

[–] ishanpage@programming.dev 5 points 1 year ago (1 children)

Hey Thanks for reading, and I'm glad you found it interesting.

To my understanding, Webfinger provides a standard API for discovering the user profile details no matter the software running on the node.

For example,

$ curl https://programming.dev/.well-known/webfinger\?resource\=acct:snowe@programming.dev | jq
{
  "subject": "acct:snowe@programming.dev",
  "links": [
    {
      "rel": "http://webfinger.net/rel/profile-page",
      "type": "text/html",
      "href": "https://programming.dev/u/snowe"
    },
    {
      "rel": "self",
      "type": "application/activity+json",
      "href": "https://programming.dev/u/snowe",
      "properties": {
        "https://www.w3.org/ns/activitystreams#type": "Person"
      }
    }
  ]
}
[–] snowe@programming.dev 3 points 1 year ago (1 children)

lol well look at that. that's neat. seems a bit roundabout. How do you know the resource though? so you request the user information with the resource query param, but that means you already know the user, which means you likely got it from somewhere else right? if you got it from somewhere else, you likely have the ability to get the profile information from that location rather than requesting information twice. or am I thinking about this completely wrong?

for example, I completely understand the chatgpt plugin and change password ones, but this one doesn't really make sense to me, since you have to know information before hitting it.

[–] ishanpage@programming.dev 2 points 1 year ago* (last edited 1 year ago)

You are right that it does feel a little roundabout. My understanding is that webfinger converts from the username to the user profile url and image. This is useful during federation, and for generic fedi/activitypub clients because different Fedi software maps usernames and profiles differently.

For example, user@lemmy.instance will reside at lemmy.instance/u/user, while user @mastodon.instance will reside at mastodon.instance/user.

Fom some poking around, it seems that Lemmy does not properly support sending the profile image on Webfinger because I wasn't able to do it using the rel parameters that are mentioned in the spec.

load more comments
view more: next ›