#dev 2022-11-23

2022-11-23 UTC
Nuve, [fluffy], [snarfed] and [Jeremy_Keith] joined the channel
#
gRegor Could someone with Mastodon screenshot the post creation UI for content warnings and add to https://indieweb.org/content_warning#Mastodon?
#
[tantek] speaking of UI
#
[tantek] moderation << Intel Bleep AI for dialing up/down and filtering the levels of toxicity gamers want to experience / convey in voice chat: https://www.theverge.com/2021/4/8/22373290/intel-bleep-ai-powered-abuse-toxicity-gaming-filters
#
Loqi ok, I added "Intel Bleep AI for dialing up/down and filtering the levels of toxicity gamers want to experience / convey in voice chat: https://www.theverge.com/2021/4/8/22373290/intel-bleep-ai-powered-abuse-toxicity-gaming-filters" to the "See Also" section of /moderation https://indieweb.org/wiki/index.php?diff=84573&oldid=84523
#
[tantek] moderation << ^ https://www.polygon.com/22374120/intel-bleep-voice-chat-hate-speech-censor-spirit-ai
#
Loqi ok, I added "^ https://www.polygon.com/22374120/intel-bleep-voice-chat-hate-speech-censor-spirit-ai" to the "See Also" section of /moderation https://indieweb.org/wiki/index.php?diff=84574&oldid=84573
#
[tantek] moderation << ^ more (how not to build a UI for moderation) https://www.forbes.com/sites/alisondurkee/2021/04/08/intel-bleep-gaming-this-software-will-let-you-censor-the-n-word-and-other-offensive-speech-but-on-a-sliding-scale/?sh=5fff41766a4e
#
Loqi ok, I added "^ more (how not to build a UI for moderation) https://www.forbes.com/sites/alisondurkee/2021/04/08/intel-bleep-gaming-this-software-will-let-you-censor-the-n-word-and-other-offensive-speech-but-on-a-sliding-scale/?sh=5fff41766a4e" to the "See Also" section of /moderation https://indieweb.org/wiki/index.php?diff=84575&oldid=84574
#
@tomcritchlow ↩️ This looks pretty neat! https://fed.brid.gy/ (twitter.com/_/status/1595230377962078211)
#
[tantek] it is pretty neat! BridgyFed++
#
Loqi BridgyFed has 2 karma over the last year
#
[tantek] 🤔
geoffo joined the channel
#
angelo does mastodon even know they lost microformats support in the move to a js frontend?
#
barnaby I don’t think anyone raised an issue about it yet. I’d be up for helping draft one, but am not planning on filing one myself until it affects me personally
#
[tantek] it affects anyone who decides to use Bridgy Fed, and attempts to retrieve a reply-context when replying to a mastodon post permalink
#
barnaby yeah, which is not me, yet.
#
aaronpk oh i hadn't thought about reply contexts... did I add activitypub support to xray already??
#
aaronpk or would that be considered activitystreams?
#
aaronpk or does that not even have a name yet
#
[tantek] aaronpk, presumably your site "just worked" and retrieved the h-entry from the permalink of any Mastodon post you replied to, until instances started migrating to 4.0
#
[tantek] do you have any old replies to toots?
#
[tantek] they really should have called replies tootchés (pronounced tootshays)
#
[tantek] [snarfed] are you tracking/charting any "interesting" stats for Bridgy Fed over time? E.g. number of indieweb sites being federated? Number of followers of Bridgy Federated sites? Number of posts federated out from indieweb sites? Number of responses (replies, likes, reposts) federated from elsewhere to indieweb sites?
#
[tantek] like we must already be over 1000 followers of bridgy federated sites for example
gxt joined the channel
#
[snarfed] Ad hoc, privately, yes, https://github.com/snarfed/bridgy-fed#stats , but not recently
#
Loqi [snarfed] bridgy-fed: 🕸 Bridges the IndieWeb to federated social networks: ActivityPub, OStatus, etc.
#
[snarfed] I'm also planning https://github.com/snarfed/bridgy-fed/issues/273, but unlike BigQuery etc, that GCP monitoring product isn't easy to expose fully publicly
#
Loqi [snarfed] #273 Monitoring dashboard
#
[tantek] makes sense
#
[tantek] might be good to run some stats / make charts near the end of December for how well Bridgy Fed has done this year
#
[tantek] [snarfed] am I understanding issue 60 correctly that if implemented it would involve making a link like "https://fed.brid.gy/user/tantek.com/remote_follow" work?
#
[tantek] https://github.com/snarfed/bridgy-fed/issues/60
#
Loqi [petermolnar] #60 add a "remote follow" page
#
[snarfed] Honestly I haven't deeply followed or researched that whole need
#
[snarfed] Prioritizing other things
jeremycherfas joined the channel
#
[snarfed] I'd be happy for someone else to design and/or implement it
#
[tantek] no worries, I can add to the issue to help move it along
gRegorLove_ joined the channel
#
gRegor The code snippet in that issue helped me understand it better.
#
gRegor Build the webfinger URL for the account that wants to subscribe; fetch the JSON; look for rel:http://ostatus.org/schema/1.0/subscribe; get the 'template' from the same object as that rel and that is the subscribe template url...
#
gRegor e.g. indieweb.social's template is: https://indieweb.social/authorize_interaction?uri={uri}
#
gRegor replace {uri} with your @-@ and redirect to the result
#
gRegor So: https://indieweb.social/authorize_interaction?uri=gregorlove.com@gregorlove.com, presumably
#
gRegor No idea how fragile that is / if every mastodon uses that same rel? :shrug:
#
[snarfed] gRegor++
#
Loqi gRegor has 23 karma in this channel over the last year (78 in all channels)
gxt, geoffo, mro, gRegor and joshproehl joined the channel
#
@TechLifeWeb Testing http://fed.brid.gy #indieweb (https://techlifeweb.com/static/Note-2211230027.html) (twitter.com/_/status/1595334531653210112)
joshproehl, [Jeremy_Keith], benji, Nuve, barnaby and jonnybarnes joined the channel
#
[tantek] Interesting gRegor! So there needs to be a set of URLs for a user to “authorize” the various webactions, and a way to discover them (preferably follow your nose instead of baroque well known / JSON digging)
#
@paulrobertlloyd A nice chunky release for Indiekit on the road to v1.0. Adds a new built-in IndieAuth endpoint, adding support for the latest version of the spec and improving the application sign in journey. Updated the getting started guide, too. https://getindiekit.com/get-started (twitter.com/_/status/1595401583537184768)
mouse[d]_, pmlnr and IWDiscordRelay joined the channel
#
@paulrobertlloyd @manton Added a few more issues, this time relating to http://Micro.blog’s IndieAuth support. Probably worth reviewing at some point, as the spec has moved on quite a bit in the last few years. https://aaronparecki.com/2020/12/03/1/indieauth-2020 (twitter.com/_/status/1595415004492070913)
geoffo joined the channel
#
[schmarty] cwebber working to hand off the activitypub test suite! https://octodon.social/@cwebber/109393609248065993
#
aaronpk Oh my https://twitter.com/donmacaskill/status/1594945727255699457?s=46&t=fZarCeIxRmRrt8fiqDdhOA
#
@DonMacAskill Was just discussing ActivityPub earlier this week internally. Should we add to @Flickr? (No promises, just thinking [err, Tweeting] out loud to gauge interest.) It might be right up our alley, though… https://twitter.com/photomatt/status/1594577983028740096 (twitter.com/_/status/1594945727255699457)
#
[tantek] yeah [KevinMarks] posted something similar yesterday: https://chat.indieweb.org/dev/2022-11-22#t1669158860820500
#
Loqi [[KevinMarks]] https://octodon.social/@cwebber/109389760204927183
#
aaronpk I really think the AP spec needs some serious cleanup before more people try to adopt it
#
[tantek] True
#
aaronpk cleanup as in actually specify http signatures, remove all the unused stuff from AS2, narrow the focus, etc
#
[tantek] that said, if Flickr / Don is considering AP, then it's worth reaching out re: other specs like IndieAuth, Micropub etc.
#
aaronpk those arent getting the same level of widespread deployment right now
#
[tantek] would be a lot less work for them and they'd get incremental benefits immediately
#
aaronpk oh yeah micropub reminds me that frankly the c2s part of AP should get removed or split into its own spec since nobody implemented it
#
[snarfed] also realistically the number of people who will jump at taking over someone else's "clever" Guile codebase is...low
#
[tantek] aaronpk, right, there's nearly zero c2s AP. that's why I chose those two specs in particular to pitch *now* to Flickr
#
[schmarty] snarfed: agreed. i have an interest in looking through this to understand it at a high level and maybe i'd even think about porting it to something i find more maintainable. ... but how will i test my port of the test suite? 😏
#
[tantek] [schmarty] hence as that thread you posted points out, the implementations have drifted from the spec, which means there's a lot of research needed to first figure *that* out and update the spec
#
[tantek] this is literally what happens when there's no test suite to keep a spec "anchored", and do test-drive spec iteration / development
#
[schmarty] you mean we can't just put up the old test suite and say "mastodon is wrong, fix mastodon"?? 😏
#
barnaby tidying up the test suites for standards we maintain is a better use of our time IMO — e.g. adding PKCE support to the micropub test suite, making an indieauth test suite
#
[tantek] ^
#
[schmarty] +1
#
[tantek] yup. similarly iterating on the specs this community uses / prototypes / proposes improvements to (e.g. all the mf2 vocabs and mf2 parsing)
#
[tantek] I wonder if a monthly spec/ts specific sync-up/meetup would help
#
[tantek] rather than "popups" for this kind of thing
#
[tantek] maybe it's a bit meta, but it's dev-meta so worth exploring here I think
#
barnaby monthly sounds like a good rhythm to me
#
[tantek] it feels "doable"
#
barnaby would also mean we could write up a this-month-in-indieweb-dev post after each one to capture progress and the current state
mro joined the channel
#
[tantek] oh yeah! that would be good too
#
[snarfed] [tantek] I forgot, BF does have this: https://fed.brid.gy/stats . updated daily. pretty meager right now though
#
[snarfed] oh whoa wait
#
[snarfed] uh
#
[snarfed] waaaaaaaat https://brid.gy/mastodon/@joebuhlig@truthsocial.com
#
[schmarty] 😳
#
[snarfed] API seems functional. log from 9d ago: https://brid.gy/log?start_time=1668387578&key=agdicmlkLWd5cigLEghNYXN0b2RvbiIaQGpvZWJ1aGxpZ0B0cnV0aHNvY2lhbC5jb20M&module=background
mro joined the channel
#
[snarfed] looks like that's the only Truth Social Bridgy user so far
#
aaronpk Whoa
#
[manton] So Truth Social is blocked from federation, right, but it still works as a standalone Mastodon instance?
#
[snarfed] yup
mro joined the channel
#
[schmarty] is this person using brid.gy to get around those blocks? 🤔
#
[snarfed] they have an account there, so...no? or well, had an account. https://truthsocial.com/@joebuhlig now redirects to login
#
aaronpk That's not Bridgy fed right? So that's to get responses back to the blog?
#
aaronpk time for a domain block list for Bridgy services?
#
[snarfed] right, non-Fed
#
[snarfed] maybe? I mean, I'm maybe ok with it?
#
mro aaronpk and cleanup in removing all the references to expired certs, run-out domains and broken backends.
#
[KevinMarks] the Mastodon issue about backfilling posts https://github.com/mastodon/mastodon/issues/12423
#
Loqi [SilverWolf32] #12423 Support Post Migration
#
aaronpk I personally would not be comfortable providing services to that person but that's just me
#
aaronpk Open source code is one thing since you can't control what people do with it on their own, but services that I run and provide resources for are a different story
#
[snarfed] I definitely haven't thought it through 🤷
#
[KevinMarks] be wary of other instances too like poa.st
#
[snarfed] evidently truthsocial.com doesn't serve any AS2. that's definitely one sledgehammer to prevent federation. example attempt: https://fed.brid.gy/log?start_time=1669223558&key=https://snarfed.org/2022-11-23_realdonaldtrump-truth-social%20https://truthsocial.com/@realDonaldTrump&module=
#
[tantek] [snarfed] time for a Bridgy Fed participation policy perhaps. You could default/delegate to https://indieweb.org/code-of-conduct
#
[snarfed] maybe! right now there's https://brid.gy/about#terms
#
[tantek] looks like this is a POSSE example, their originals are at their own domain
#
[snarfed] I'm a bit reluctant to do much more since Bridgy is a transient (ish) bridge, not a content host
#
[snarfed] yeah, they're indieweb, and they've contributed to projects, eg https://github.com/getindiekit/indiekit/pulls?q=is%3Apr+author%3Ajoebuhlig
#
[snarfed] I'm not sure I want to assume anything about them or their content or block them preemptively just because they happen to have had a truth social account at one point. I mean, I tried to sign up a while back, just to see the train wreck. (couldn't get the signup process to work 😆)
#
[tantek] from the footer on their posts, they POSSE to lots of places
#
[tantek] including their own Mastodon instance, served from a subdomain: https://mastodon.joebuhlig.com/@joebuhlig (yes I scanned the default list of posts displayed)
#
[tantek] and POSSE to micro.blog: (basically same content as that link) https://micro.blog/joebuhlig
gRegor joined the channel
#
[snarfed] they're also here, in Slack
#
[tantek] nothing in the last 90 days but yeah
gRegorLove_ joined the channel
#
[tantek] IMO merely the act of POSSEing to TS is not something worth worrying about. I mean, not for me personally, but if folks want to POSSE to lots of different places, that's up to them. I don't see how that impacts the community here or frankly the Bridgy services unless I'm missing something
#
[snarfed] absolutely agreed
#
aaronpk Like I said, that's just my personal feelings about it
#
[tantek] aaronpk, I think it would be different if Bridgy Fed was transferring code-of-conduct violating content back from a service like TS, backfeeding rando replies etc. But that's not the case here.
#
[tantek] If anything, if Bridgy Fed allows people to keep a level of separation from TS, perhaps even move off of TS onto their own personal sites, that seems like a good thing
#
[tantek] anyway, those are also just my opinions, and not any kind of nudge toward policy for BF
#
[snarfed] fwiw this is Bridgy non-Fed. doesn't change much though
#
[snarfed] also technically https://brid.gy/mastodon/@joebuhlig@truthsocial.com is backfeeding. but the account is gone from TS so that one page of responses is everything
#
[tantek] sorry yes that's what I meant. this is Bridgy Pub as it were
#
[snarfed] (for this specific instance, backfeed, not publish. regardless though)
#
[tantek] ah and Bridgy classic/backfeed
#
[tantek] snarfed, maybe they haven't noticed about the account being gone? it's still listed in the footer of their posts (along with other silo links)
#
[snarfed] who knows
#
[snarfed] more importantly, I expect Bridgy has handled plenty of "bad"/CoC-violating content already, from "ok" places like Twitter etc. so 🤷
#
[tantek] well with Twitter backfeed, IIRC, Bridgy is respecting personal blocking of other twitter accounts so there is a mechanism for users to stop CoC violating content hitting them personally
#
gRegor whoa, interesting. maybe they were trolling TS.
#
[tantek] I think the broader / more general concern is if someone would figure out a way to use Bridgy to amplify hate or misinformation. If that's not deliberately happening then I'm not sure what else to do?
#
gRegor Though I prob wouldn't set up backfeed if I was doing that haha
#
[snarfed] yup
#
[tantek] snarfed, that might be worth considering in advance of it happening
#
barnaby seems like the last time they POSSEd content to ts was in september https://joebuhlig.com/, but were consistently POSSEing content there before that. I imagine plenty of people made an account on TS to see what it was like, but it doesn’t look like the case here
#
[snarfed] I'm open to hearing concrete vulnerabilities or problems!
#
barnaby I don’t see anything particularly objectionable at a glance, other than any active use of TS immediately raising red flags
#
[tantek] e.g. if they used Bridgy to "reply guy" or "sealion" send (possibly hate speech) replies to people on Mastodon (or Twitter)
#
[tantek] like if a Mastodon instance admin complained hey we're seeing hate speech from this user on your "Bridgy" instance, that's the time that you might need to take concrete action
#
[tantek] so that's the sort of thing to consider up front and have a policy about
#
[tantek] maybe even a short paragraph directed at Mastodon admins so they know you're open to being contacted about such things
#
[tantek] even without an explicit policy about what such things are / are not
#
[snarfed] yeah more language in the terms could definitely be good
#
[snarfed] I'm still interested in problem vectors via Bridgy that don't have existing non-Bridgy parallels, and that can't be addressed by the existing account/instance blocking and moderation
#
[snarfed] eg for Bridgy non-Fed, they'd just take action against the connected Mastodon account directly, right?
#
[tantek] snarfed, i.e. where it says (in the link you provided): "However, we may terminate or block your access for any reason, or no reason at all. (We've never done this, and we expect we never will. Just playing it safe.)"
#
[snarfed] same with Bridgy Fed I guess
#
[snarfed] well no but account/instance blocking would still work
#
[KevinMarks] working out the actual Mastodon protocol for follows by observation: https://hachyderm.wtf/@nova/109394300367047565
#
Loqi [Kris Nóva] Going to write a blog about my early morning adventures with the #Mastodon database and #Sidekiq queuing systems to capture all of the detail however here are a few key takeaways. - Follows are cryptographically authenticated by both the host and th...
#
[tantek] you could add something like: "However, we may terminate or block your access for any reason, or no reason at all. Are you an admin on a service that Bridgy interacts with and have concerns? Please get in touch! [contact info]."
#
[snarfed] Definitely. Will do
#
[tantek] that's open ended enough that it could be about *anything* whether content, or API usage, or whatever
#
[tantek] "simply" being open to being contacted I think would express good faith towards resolving concerns/conflicts
#
[tantek] snarfed is the "We've never done this, and we expect we never will." a deliberate canary or did you just drop it in there?
#
[snarfed] Both
#
[snarfed] I guess the former
#
[snarfed] Bridgy isn't important enough for anyone to care about or notice a canary, but still kind of fun
#
[snarfed] I should also mention retention. Right now it's 1y
#
Loqi +1
#
[snarfed] aaronpk I'm curious, does wm.io currently block truthsocial.com or poa.st in source, target, or u-url?
#
[snarfed] Ok if you don't want to answer
#
[tantek] snarfed, you can also redirect that "set" by reference to /dragons
#
aaronpk I don't have any global blocks in webmention.io right now, only user-added blocks. I am thinking about it tho
#
aaronpk Frankly I'm even more okay with anyone's personal opinions deciding who their services can be used for since the whole point of standards is to encourage more interoperable services. So if I tell someone they can't use webmention.io they should be able to find another option easily
#
[snarfed] true!
#
[snarfed] not a ton for wm storage, but some
#
[snarfed] backfeed, not so much 😢
#
barnaby webmention.io is open source, anyone can run their own instance anyway if they get blocked from the main one
mro joined the channel
#
[snarfed] yup. if anyone ever does that though, or eg with Bridgy, we will want to strongly encourage them to change the name, home page text, etc to emphasize that it's not the main instance, doesn't have the main instance's support, etc
#
[snarfed] ideally they'd just make their instance private, but that's more work
#
aaronpk interesting argument for making sure the home page branding is easily configurable
#
[snarfed] If/when someone _actually_ stands up their own instance, as opposed to just threatening 😆
mro joined the channel
#
IWDiscordRelay <j​acky#7226> Lol not threatening
#
gRegor ash[m], On your homepage h-feed, you might want to add class=u-repost-of for shares/reposts. I subscribed in Monocle and was confused for a moment seeing posts from people I didn't recognize.
#
ash[m] What... I thought I was doing that
#
ash[m] Oh apparently I pulled the wrong file recently
#
gRegor Also, happy birthday! 🎂
geoffo and mro joined the channel
#
[tantek] here you go snarfed, I added my suggested text / encouragement to file an issue (seemed consistent with what you already had in the doc), kept your current canary-like text: https://github.com/snarfed/bridgy/pull/1353
#
Loqi [tantek] #1353 encourage service admins to file issues for concerns
#
[snarfed] Awesome, thank you!
#
[KevinMarks] https://front-end.social/@bramus/109382713177862052
#
Loqi [Bramus] One thing that’s a bit of a hassle with Mastodon is that you can’t immediately follow people on other instances.You have to copy the username and search for it on the server that has your account.To make this easier, I’ve created a little bookm... [video]
angelo, bterry1 and sp1ff`` joined the channel