{
"type": "entry",
"author": {
"name": null,
"url": "https://herestomwiththeweather.com/",
"photo": null
},
"url": "https://herestomwiththeweather.com/2026/04/27/ai-fail/",
"published": "2026-04-27T17:02:14+00:00",
"content": {
"html": "<p>A significant github issue was opened a few days ago by <a href=\"https://github.com/luckygreen\">luckygreen</a>:</p>\n\n<p><a href=\"https://github.com/anthropics/claude-code/issues/53223\">[BUG][SECURITY] CLAUDE.md/AGENTS.md instruction compliance is architecturally unenforced \u2014 documented security consequences and 10+ independent reports #53223</a></p>\n\n<p>Claude code allows a project to declare persistent context and instructions to control Claude Code\u2019s behavior in a file named CLAUDE.md. It seems that these instructions defined the the CLAUDE.md file can be silently overriden if they conflict with Claude\u2019s internal instructions.</p>\n\n<p>The issue references at least 10 other issues that belong to this same class of failure.</p>\n\n<p>Clearly, at the very least, the failure should not be silent and Claude should stop before proceeding any further with an alert so that the problem can be managed.</p>",
"text": "A significant github issue was opened a few days ago by luckygreen:\n\n[BUG][SECURITY] CLAUDE.md/AGENTS.md instruction compliance is architecturally unenforced \u2014 documented security consequences and 10+ independent reports #53223\n\nClaude code allows a project to declare persistent context and instructions to control Claude Code\u2019s behavior in a file named CLAUDE.md. It seems that these instructions defined the the CLAUDE.md file can be silently overriden if they conflict with Claude\u2019s internal instructions.\n\nThe issue references at least 10 other issues that belong to this same class of failure.\n\nClearly, at the very least, the failure should not be silent and Claude should stop before proceeding any further with an alert so that the problem can be managed."
},
"name": "AI Fail",
"post-type": "article",
"_id": "48078621",
"_source": "246"
}
{
"type": "entry",
"author": {
"name": null,
"url": "https://herestomwiththeweather.com/",
"photo": null
},
"url": "https://herestomwiththeweather.com/2026/04/26/follow-button-with-activity-intents/",
"published": "2026-04-26T19:45:06+00:00",
"content": {
"html": "<p>I don\u2019t want to brag but I finally added a follow button to my static jekyll blog. Because it uses <a href=\"https://codeberg.org/fediverse/fep/src/branch/main/fep/3b86/fep-3b86.md\">Activity Intents</a>, a visitor can <em>remotely</em> follow my fediverse account regardless of where their host server lives as long as their server supports Activity Intents. The good news is that <a href=\"https://mastodon.social/\">mastodon.social</a> already supports this as it is running the nightly build. It will be included in the next major release (4.6) as mentioned in <a href=\"https://blog.joinmastodon.org/2026/04/trunk-tidbits-march-2026/\">Trunk & Tidbits, March 2026</a> so that other Mastodon servers will support it.</p>\n\n<p>Usually, the idea is suppose a visitor Alice from home server A.com visits Bob\u2019s account on server B.com. Alice would like to easily follow Bob. Alice clicks on the follow button and is prompted for her fediverse address and she submits alice@A.com. Her browser makes a CORS webfinger request to A.com so that the web page at B.com can discover what url to redirect Alice to so that she can follow Bob from her home server where she is logged in. My setup is slightly different because my follow button is on my blog instead of on my fediverse server.</p>\n\n<p>The code was added to Mastodon in <a href=\"https://github.com/mastodon/mastodon/commit/69b1f60f4e46cf58e7240c2bfb81588accc1af6f\">Add support for FEP-3b86 (Activity Intents) (#38120)</a> and it seems there are 2 different values for \u201crel\u201d a home server may offer to accept a follow: <a href=\"https://codeberg.org/fediverse/fep/src/branch/main/fep/3b86/fep-3b86.md#4-10-follow-intent\">4.10 Follow Intent</a> and <a href=\"https://codeberg.org/fediverse/fep/src/branch/main/fep/3b86/fep-3b86.md#5-1-object-intent\">5.1 Object Intent</a> so my button <a href=\"https://github.com/herestomwiththeweather/herestomwiththeweather.github.io/blob/master/_includes/follow.html#L42\">accepts 2 different values</a>.</p>\n\n<pre><code>var rels = ['https://w3id.org/fep/3b86/Follow', 'https://w3id.org/fep/3b86/Object'];\n</code></pre>\n\n<p>Intents are for all activities but it seems there is a tendency for fediverse home servers to support just a subset of activities at the moment. Earlier this week, I added <a href=\"https://github.com/herestomwiththeweather/irwin/commit/6d06e99d93d00317ee6f532a0a336f8ccdc2c4f4\">support just for follow and like</a> for <a href=\"https://otisburg.social/\">my home server</a>. Since my webfinger identifier has a different domain than my fediverse server, I also had to <a href=\"https://github.com/herestomwiththeweather/herestomwiththeweather.github.io/commit/d11d2354bea1782a2df16f2a0c5d3118ffa454d2\">add intents to webfinger</a> in my jekyll software as well as <a href=\"https://github.com/herestomwiththeweather/herestomwiththeweather.github.io/commit/e7001989233c08d7afc1d3835dc846e6e65e2eb5\">allow webfinger to respond to CORS request</a>.</p>",
"text": "I don\u2019t want to brag but I finally added a follow button to my static jekyll blog. Because it uses Activity Intents, a visitor can remotely follow my fediverse account regardless of where their host server lives as long as their server supports Activity Intents. The good news is that mastodon.social already supports this as it is running the nightly build. It will be included in the next major release (4.6) as mentioned in Trunk & Tidbits, March 2026 so that other Mastodon servers will support it.\n\nUsually, the idea is suppose a visitor Alice from home server A.com visits Bob\u2019s account on server B.com. Alice would like to easily follow Bob. Alice clicks on the follow button and is prompted for her fediverse address and she submits alice@A.com. Her browser makes a CORS webfinger request to A.com so that the web page at B.com can discover what url to redirect Alice to so that she can follow Bob from her home server where she is logged in. My setup is slightly different because my follow button is on my blog instead of on my fediverse server.\n\nThe code was added to Mastodon in Add support for FEP-3b86 (Activity Intents) (#38120) and it seems there are 2 different values for \u201crel\u201d a home server may offer to accept a follow: 4.10 Follow Intent and 5.1 Object Intent so my button accepts 2 different values.\n\nvar rels = ['https://w3id.org/fep/3b86/Follow', 'https://w3id.org/fep/3b86/Object'];\n\n\nIntents are for all activities but it seems there is a tendency for fediverse home servers to support just a subset of activities at the moment. Earlier this week, I added support just for follow and like for my home server. Since my webfinger identifier has a different domain than my fediverse server, I also had to add intents to webfinger in my jekyll software as well as allow webfinger to respond to CORS request."
},
"name": "Follow button with Activity Intents",
"post-type": "article",
"_id": "48069708",
"_source": "246"
}
