By @edent · ActivityPub CyberSecurity http security · 5 comments · 400 words · read ~103 times.
It's never great to find out you're wrong, but that's how learning and personal growth happens. HTTP Message Signatures are hard1. There are lots of complex parts and getting any aspect wrong means certain death2. In a previous post, I wrote A simple(ish) guide to verifying HTTP Message Signatures in PHP. It turns out that […]
Continue reading →By @edent · ActivityPub cryptography http mastodon security · 3 comments · 1,150 words · read ~135 times.
Mastodon makes heavy use of HTTP Message Signatures. They're a newish almost-standard which allows a server to verify that a request made to it came from the person who sent it. This is a quick example to show how to verify these signatures using PHP. I don't claim that it covers every use-case, and it […]
Continue reading →By @edent · ActivityPub CyberSecurity encryption fediverse http · 10 comments · 500 words
I'm trying to get my head round HTTP Signatures as they're used extensively in the Fediverse. Conceptually, they're relatively straightforward. You send me a normal HTTP request. For example, you want to POST something to https://example.com/data You send me these headers: POST /data Host: example.com Date: Sat, 24 Feb 2024 14:43:48 GMT Accept-Encoding: gzip Digest: […]
Continue reading →By @edent · compression http · 2 comments · 350 words · read ~169 times.
Perhaps this was obvious to you, but it wasn't to me. So I'm sharing in the hope that you don't spend an evening trying to trick your webserver into doing something stupid. For years, HTTP content has been served with gzip compression (gz). It's basically the same sort of compression algorithm you get in a […]
Continue reading →By @edent · http internet · 4 comments · 550 words · read ~3,632 times.
Hyper-Text Transfer Protocol is, by some measure, the most popular way for computers to talk to each other on the Internet1. Generally speaking2, clients (like browsers) talk to servers using a set number of HTTP "verbs". This tells the server what sort of thing the client is trying to do. The two most popular3 verbs […]
Continue reading →By @edent · facebook http twitter · 1 comment · 450 words · read ~1,188 times.
I've nothing against the Swedes. Lovely people. Sweden is the third-largest country in the European Union by area. But I'm not from there. Neither, as far as I am aware, is Facebook. But Twitter seems to think so. When I share a link to Twitter on Facebook, this (sometimes) happens. And sometimes, I get this […]
Continue reading →By @edent · http isp NaBloPoMo security virign · 6 comments · 1,100 words · read ~4,285 times.
It is a truth universally acknowledged, that an ISP in possession of a good Internet connection must be in want of a customer. One would think that, in these capitalist times, ISPs would compete over who could provide the fastest speed, the best service, and the lowest price. Sadly, in the UK, our ISPs seem […]
Continue reading →By @edent · http https mobile path privacy security ssl · 2 comments · 250 words · read ~275 times.
I'm trying out the new Android app for Path - the new social networking service. I've discovered something rather troubling... Most of the app's communication with the Path servers is over SSL. This means that no-one can see the data you're sending and receiving. If there are snoops on your network, they will only be […]
Continue reading →