@jwildeboer@social.wildeboer.net Right, there's a possible social engineering vector at play here, which I think makes this a little concerning. I certainly don't like my time wasted either cc @thisismissem@hachyderm.io @mariusor@metalhead.club

@osma@mas.to the default assumption is that announces are delivered back to the origin server in order to close the loop. However it is not a requirement. For example I am considering not doing so for group announces.

@msbellows@c.im but that's not what Elon Musk's supporters are expecting. To extend your metaphor, they're paying a mechanic to pull things out of an engine until it magically runs perfectly. There is no second step.

@phillycodehound@indieweb.social sorry, my software does not support content warnings. Apologies if I ruined the episode for you.

@sonofageorge@mstdn.ca the royals took (at least under Elizabeth's reign) a firm stance against public opinion on political matters, leaving that to statesmen to decide upon.

@julian Thanks, will try and let you know.

Finally got around to actioning this. Pinging myself from activitypub.academy got a 403 response: "Sending failed (htps://wanderingadventure.party/inbox responded with status 403 Forbidden)", and generated the following in the console log while in dev mode: 2025-02-24T15:58:18.922Z [4566/131736] - verbose: [activitypub/verify] Starting signature verification... 2025-02-24T15:58:18.923Z [4566/131736] - verbose: [activitypub/verify] Retrieving pubkey for https://activitypub.academy/users/braulus_aelamun#main-key 2025-02-24T15:58:18.927Z [4566/131736] - verbose: [activitypub/get] https://activitypub.academy/users/braulus_aelamun#main-key 2025-02-24T15:58:19.116Z [4566/131736] - warn: Missing translation "global:Home" for language "en-GB" 2025-02-24T15:58:19.116Z [4566/131736] - warn: Missing translation "global:Home" for language "en-GB" 2025-02-24T15:58:19.117Z [4566/131736] - warn: Missing translation "global:Home" for language "en-GB" 2025-02-24T15:58:19.370Z [4566/131736] - verbose: [activitypub/verify] Attempting signed string verification 2025-02-24T15:58:19.371Z [4566/131736] - verbose: [middleware/activitypub] HTTP signature verification passed. 2025-02-24T15:58:19.371Z [4566/131736] - verbose: [middleware/activitypub] Validating incoming payload... 2025-02-24T15:58:19.371Z [4566/131736] - verbose: [middleware/activitypub] Request body check passed. 2025-02-24T15:58:19.377Z [4566/131736] - verbose: [middleware/activitypub] Origin check passed. 2025-02-24T15:58:19.380Z [4566/131736] - verbose: [activitypub/actors] Asserting 1 actor(s) 2025-02-24T15:58:19.380Z [4566/131736] - verbose: [activitypub/actors] Processing https://activitypub.academy/users/braulus_aelamun 2025-02-24T15:58:19.383Z [4566/131736] - verbose: [activitypub/get] https://activitypub.academy/users/braulus_aelamun 2025-02-24T15:58:19.390Z [4566/131736] - warn: Route requested but not found: /api/v1/timelines/public?limit=40 2025-02-24T15:58:19.415Z [4566/131736] - warn: Route requested but not found: /api/v1/streaming/public 2025-02-24T15:58:19.799Z [4566/131736] - verbose: [activitypub/get] https://activitypub.academy/users/braulus_aelamun/followers 2025-02-24T15:58:19.802Z [4566/131736] - verbose: [activitypub/get] https://activitypub.academy/users/braulus_aelamun/following 2025-02-24T15:58:20.310Z [4566/131736] - verbose: [middleware/activitypub] Key ownership cross-check passed. 2025-02-24T15:58:20.317Z [4566/131736] - verbose: [activitypub/get] https://activitypub.academy/users/braulus_aelamun/statuses/114059686602376517 2025-02-24T15:58:20.777Z [4566/131736] - verbose: [activitypub/context] https://activitypub.academy/users/braulus_aelamun/statuses/114059686602376517 contains no context. 2025-02-24T15:58:20.819Z [4566/131736] - verbose: [notes/assert] 1 new note(s) found. [api] Exception caught, error with stack trace follows: Error: [[error:no-privileges]] at Topics.post (/var/www/html/nodebb_wap/src/topics/create.js:115:10) at process.processTicksAndRejections (node:internal/process/task_queues:105:5) at async Promise.all (index 0) at async Notes.assert (/var/www/html/nodebb_wap/src/activitypub/notes.js:172:3) at async inbox.create (/var/www/html/nodebb_wap/src/activitypub/inbox.js:72:19) at async Controller.postInbox (/var/www/html/nodebb_wap/src/controllers/activitypub/index.js:169:3) No such errors occur, however, if I follow the user account: 2025-02-24T16:21:10.499Z [4566/131736] - verbose: [activitypub/verify] Starting signature verification... 2025-02-24T16:21:10.499Z [4566/131736] - verbose: [activitypub/verify] Retrieving pubkey for https://activitypub.academy/users/braulus_aelamun#main-key 2025-02-24T16:21:10.504Z [4566/131736] - verbose: [activitypub/get] https://activitypub.academy/users/braulus_aelamun#main-key 2025-02-24T16:21:10.958Z [4566/131736] - verbose: [activitypub/verify] Attempting signed string verification 2025-02-24T16:21:10.959Z [4566/131736] - verbose: [middleware/activitypub] HTTP signature verification passed. 2025-02-24T16:21:10.962Z [4566/131736] - verbose: [middleware/activitypub] Validating incoming payload... 2025-02-24T16:21:10.962Z [4566/131736] - verbose: [middleware/activitypub] Request body check passed. 2025-02-24T16:21:10.971Z [4566/131736] - verbose: [middleware/activitypub] Key ownership cross-check passed. 2025-02-24T16:21:10.972Z [4566/131736] - verbose: [middleware/activitypub] Resolving object(s)... 2025-02-24T16:21:10.978Z [4566/131736] - verbose: [middleware/activitypub] Object(s) successfully resolved. 2025-02-24T16:21:11.014Z [4566/131736] - verbose: [activitypub/send] https://activitypub.academy/inbox 2025-02-24T16:21:11.466Z [4566/131736] - verbose: [activitypub/send] Successfully sent Accept to https://activitypub.academy/inbox Nor if I send a direct message: 2025-02-24T16:25:27.790Z [4566/131736] - verbose: [activitypub/verify] Starting signature verification... 2025-02-24T16:25:27.791Z [4566/131736] - verbose: [activitypub/verify] Retrieving pubkey for https://activitypub.academy/users/braulus_aelamun#main-key 2025-02-24T16:25:27.791Z [4566/131736] - verbose: [activitypub/verify] Attempting signed string verification 2025-02-24T16:25:27.792Z [4566/131736] - verbose: [middleware/activitypub] HTTP signature verification passed. 2025-02-24T16:25:27.793Z [4566/131736] - verbose: [middleware/activitypub] Validating incoming payload... 2025-02-24T16:25:27.793Z [4566/131736] - verbose: [middleware/activitypub] Request body check passed. 2025-02-24T16:25:27.798Z [4566/131736] - verbose: [middleware/activitypub] Origin check passed. 2025-02-24T16:25:27.802Z [4566/131736] - verbose: [middleware/activitypub] Key ownership cross-check passed. Following the activitypub.academy account also seems to work fine: 2025-02-24T16:27:54.805Z [4566/131736] - verbose: [activitypub/verify] Starting signature verification... 2025-02-24T16:27:54.805Z [4566/131736] - verbose: [activitypub/verify] Retrieving pubkey for https://activitypub.academy/users/braulus_aelamun#main-key 2025-02-24T16:27:54.808Z [4566/131736] - verbose: [activitypub/get] https://activitypub.academy/users/braulus_aelamun#main-key 2025-02-24T16:27:54.811Z [4566/131736] - verbose: [activitypub/inbox.delete] Object (https://mastodon.social/users/goma0) does not exist locally. Doing nothing. 2025-02-24T16:27:55.216Z [4566/131736] - verbose: [activitypub/verify] Attempting signed string verification 2025-02-24T16:27:55.217Z [4566/131736] - verbose: [middleware/activitypub] HTTP signature verification passed. 2025-02-24T16:27:55.220Z [4566/131736] - verbose: [middleware/activitypub] Validating incoming payload... 2025-02-24T16:27:55.220Z [4566/131736] - verbose: [middleware/activitypub] Request body check passed. 2025-02-24T16:27:55.228Z [4566/131736] - verbose: [middleware/activitypub] Origin check failed, stripping object down to id. 2025-02-24T16:27:55.228Z [4566/131736] - verbose: [middleware/activitypub] Origin check passed. 2025-02-24T16:27:55.236Z [4566/131736] - verbose: [middleware/activitypub] Key ownership cross-check passed. 2025-02-24T16:27:55.236Z [4566/131736] - verbose: [middleware/activitypub] Resolving object(s)... 2025-02-24T16:27:55.237Z [4566/131736] - verbose: [middleware/activitypub] Object(s) successfully resolved. But when I post publicly from it, the messages bounce from my nodebb site, once again with a 403 error: 2025-02-24T16:30:11.720Z [4566/131736] - verbose: [activitypub/verify] Starting signature verification... 2025-02-24T16:30:11.721Z [4566/131736] - verbose: [activitypub/verify] Retrieving pubkey for https://activitypub.academy/users/braulus_aelamun#main-key 2025-02-24T16:30:11.721Z [4566/131736] - verbose: [activitypub/verify] Attempting signed string verification 2025-02-24T16:30:11.722Z [4566/131736] - verbose: [middleware/activitypub] HTTP signature verification passed. 2025-02-24T16:30:11.722Z [4566/131736] - verbose: [middleware/activitypub] Validating incoming payload... 2025-02-24T16:30:11.722Z [4566/131736] - verbose: [middleware/activitypub] Request body check passed. 2025-02-24T16:30:11.728Z [4566/131736] - verbose: [middleware/activitypub] Origin check passed. 2025-02-24T16:30:11.732Z [4566/131736] - verbose: [middleware/activitypub] Key ownership cross-check passed. 2025-02-24T16:30:11.741Z [4566/131736] - verbose: [activitypub/get] https://activitypub.academy/users/braulus_aelamun/statuses/114059811962674026 2025-02-24T16:30:12.190Z [4566/131736] - verbose: [activitypub/context] https://activitypub.academy/users/braulus_aelamun/statuses/114059811962674026 contains no context. 2025-02-24T16:30:12.203Z [4566/131736] - verbose: [notes/assert] 1 new note(s) found. [api] Exception caught, error with stack trace follows: Error: [[error:no-privileges]] at Topics.post (/var/www/html/nodebb_wap/src/topics/create.js:115:10) at process.processTicksAndRejections (node:internal/process/task_queues:105:5) at async Promise.all (index 0) at async Notes.assert (/var/www/html/nodebb_wap/src/activitypub/notes.js:172:3) at async inbox.create (/var/www/html/nodebb_wap/src/activitypub/inbox.js:72:19) at async Controller.postInbox (/var/www/html/nodebb_wap/src/controllers/activitypub/index.js:169:3) While skimming the output stream, I'm also noticing a lot of entries from Mastodon servers reporting 410 errors: 2025-02-24T16:24:36.870Z [4566/131736] - verbose: [activitypub/verify] Starting signature verification... 2025-02-24T16:24:36.870Z [4566/131736] - verbose: [activitypub/verify] Retrieving pubkey for https://mastodon.social/users/pathinisca#main-key 2025-02-24T16:24:36.874Z [4566/131736] - verbose: [activitypub/get] https://mastodon.social/users/pathinisca#main-key 2025-02-24T16:24:36.888Z [4566/131736] - verbose: [activitypub/get] Received 410 when querying https://mastodon.social/users/pathinisca#main-key 2025-02-24T16:24:36.888Z [4566/131736] - verbose: [activitypub/get] Error received: Gone 2025-02-24T16:24:36.889Z [4566/131736] - verbose: [activitypub/verify] Failed, key retrieval or verification failure. It's not clear to me what these are, though, as when I try to boost content or post from my main Mastodon account, which is being followed by my nodebb account, I get the 403 error reported a the top of this post. Is there some kind of conflict with respect to file ownership that's causing this? Or is this about the fediverse pseudo-user's permissions to access different categories? Because the linux user running nodebb should have full ownership rights to the folder, but it's possible I've broken that somehow. Meanwhile, I've absolutely been playing with category access rights, but I've reset them all since this started.

@shoppingtonz@mastodon.social if edits from PieFed aren't reflected here that may be a bug.