#dev 2023-02-18

2023-02-18 UTC
#
prologic
Yea we already use WebSub
#
prologic
Why's that?
#
[tantek]
I'm curious about your experience contrasting the two in terms of PUSH capabilities
#
prologic
WebSub is way better IMO
#
prologic
Way easier to implement and use
#
prologic
gotosocial_gotosocial.1.vobxn2s9wz6a@dm6.mills.io | timestamp="18/02/2023 00:36:01.331" func=federation.(*federator).AuthenticateFederatedRequest level=DEBUG msg="could not parse public key https://prologic.shortcircuit.net.au/@prologic.json from block bytes: x509: failed to parse public key (use ParsePKCS1PublicKey instead for this key format)"
#
prologic
Hmmmm
#
prologic
I could swear its in the right format
#
Loqi
[preview] James Mills
#
prologic
oh damn
#
prologic
I'm encoding as ASN1
#
prologic
🤦‍♂️
IWSlackGateway and [snarfed] joined the channel
#
[snarfed]
also finally a useful error message
#
prologic
trying to find those links you posted again to understand what the expected encoding is
#
prologic
GTS looks like its parsing it as PKIX (ASN.1 DER) PEM encoded
#
prologic
not sure if I saw this in any docs hmm
#
prologic
found 'em
#
prologic
hmm doesn't seem to say
#
prologic
Success! 🥳
#
prologic
My first authenticated request to an AP instance from the command-line :D
#
[snarfed]
congrats!!!
#
prologic
are there even any decent cli tools for AP around?
#
prologic
kinda wondering how useful developing these crappy ass prototype tools would be to anyone else
#
prologic
especially static website folks
#
[snarfed]
curl -H 'Accept: application/activity+json' 🤷
#
[snarfed]
maybe nudge dansup about https://fedidb.org/
#
prologic
hmm
#
prologic
gotosocial_gotosocial.1.vobxn2s9wz6a@dm6.mills.io | timestamp="18/02/2023 01:23:01.611" func=middleware.Logger.func1.1 level=INFO latency=182.807µs clientIP=10.0.2.56 userAgent=Go-http-client/2.0 method=POST statusCode=400 path=/users/prologic/inbox msg="Bad Request: wrote 70B"
#
prologic
not sure what I'm doing wrong, trying to send to this test inbox
#
prologic
not a very helpful message ;)
#
prologic
looks like its just reuetrning false (!posted) and a 400 bad Request
#
prologic
do you have to generally follow before posting to an inbox?
#
[snarfed]
afaik no, but maybe GtS requires it
#
[snarfed]
maybe try delivering to the shared inbox instead of your user's
gRegor joined the channel
#
prologic
I think I saw a "manually approve followers"
#
prologic
so maybe that has something to do with it
#
prologic
in any case let's figure out how to consturct a Follow activity
gxt joined the channel
#
[snarfed]
approve followers is separate logic, it means the user needs to accept a follow, and GtS will send an `Accept` activity, before it starts delivering posts
#
prologic
hmm
#
prologic
does this look right to you?
#
[snarfed]
assuming that actor URL serves your actor, yes. missing Content-Type though
#
prologic
yeah the content-type didn't seem to matter too much
#
[snarfed]
maybe it needs the `to` field
#
prologic
hmm
#
[snarfed]
gotta run. gl!
#
prologic
thanks
[tantek] joined the channel
#
prologic
Brilliant!
#
prologic
Worked it out
#
prologic
I was sending requests with no Content-Type
#
prologic
Which GTS would flat our reject
#
prologic
I can successfully send Follow activities and Create actitivies of Type Note
#
prologic
Nice
#
prologic
Kind of wondering whether an outbox id strictly required here at Ll?
#
prologic
if the entire idea behind AP is to PUSH stuff around
#
prologic
why bother with an outbox?
#
prologic
hmmmm
#
prologic
I think I can entirely skip this S2S part of the spec
#
prologic
Oh boi this is going to be challenging now that I understand the basic flows
#
prologic
trying to mix and pull based social ecosystem with a push based distributed network
#
prologic
uggh
#
prologic
I think I have to do something like; accept all Create/Note activities, and translate those inbound objects into a "fake" twtxt feed per actor
#
prologic
In addition I have to keep a mapping of the object id and the twt we end up creating as a sort-of "fake twtxt feed"
#
prologic
the only reason we need to do this is to process replies and map the twt hash (we use in Subjects / replies) back out to actors following us, tripping the Twt Subject (easy) and setting the right inReplyTo ID
[aciccarello], [asuh] and IWSlackGateway joined the channel
#
[snarfed]
Yup, this is all basically what Bridgy Fed does too
#
prologic
rightio
#
prologic
I guess it'll be okay, just a necessary requirement/design
[James_Van_Dyne] and geoffo joined the channel
#
IWDiscordRelay
<c​apjamesg#4492> This is cool: https://github.com/jannikmi/timezonefinder
#
Loqi
[preview] [jannikmi] timezonefinder: python package for finding the timezone of any point on earth (coordinates) offline
[jacky] joined the channel
#
[jacky]
interesting counter-point to using something like a `<picture>` tag https://indieweb.social/@ascorbic/109847181079065102
#
Loqi
[preview] [Matt Kane] I've spent a lot of time looking at how web frameworks handle images since I worked on Gatsby image a couple of years ago and I'm more convinced than ever that most sites should just use an image CDN and an `<img>` tag. Resizing at build time is too ...
#
prologic
[snarfed] You be around later at some point to jump on a video call with me to talk AP and some concerns I have with even doing this in the first place ? :D
#
[snarfed]
sadly no, sorry, I'm headed to the airport tomorrow morning, off on vacation with limited connectivity for the next week and a bit
#
[snarfed]
maybe when I'm back!
#
prologic
Ahh no worries
#
prologic
Have a nice vacation 🏖️
#
@hurutoriya
↩️ https://www.kunimiya.info/blog/2016/06/26/introduction-to-webmention/ ウエブメンションとかが普及すれば、感想は書くまでもないけど読んだよ〜面白かったよ〜がみたいな弱いシグナルが伝えられて良いのになぁと思っているんですが… チャットとかで書いたよ見て〜みたいなコミュニケーションって自分はちょっと躊躇するので…
(twitter.com/_/status/1626848616618033154)
#
prologic
Q: Is the self type Self or self (lowercase)
#
prologic
I'm so confused
#
prologic
I think it is "self" (lowercase)
#
prologic
Q: Why does GTS perform a request to the webfinger's self link with a Accept: application/ld+json and not application/activiry+json ?
[KevinMarks] joined the channel
#
[KevinMarks]
Is that doing LRRD rather than AP?
#
@neizod
เชี้ยยยย เพิ่งรู้จัก http://webmention.io กราบๆๆ @dtinth @nimomiao #bcbk10
(twitter.com/_/status/1626861577923366915)
#
[KevinMarks]
Hm. GTS may be using LD internally. It should be asking for /activity+json and assuming the @context, but you could allow /ld+json and supply the @context too
mro joined the channel
#
prologic
Oh this is so goddamn confusing
#
prologic
servers out ther ein the wild will eitehr respond with ld+json or activity+json
#
prologic
and there's literally no difference between teh two
#
prologic
you end up with teh same JSON objects
#
prologic
this is just silly
#
prologic
oh boi
#
prologic
These Go libraries are really hard to use :/
#
prologic
I'm having to write my own just to cut down on the insane amount of code you have to learn and cognitive overload
#
prologic
Who designed this ActivityPub and ActivityStreams anyway?D 🤦‍♂️
#
prologic
it wreaks of "Enterprise" :D 🤣
#
prologic
I really do not need 13 dependencies and and 20k SLOC just to render a simple webfinger actor response :/
#
[KevinMarks]
*shuffles awkwardly * - looks at James Snell (actually it is mostly not his fault that w3c forced the issue on LD).
#
prologic
Ahh!
#
prologic
Well the whole JSON-LD thing is just nuts :D
#
prologic
its just over complciated what could have been infiniately simpler to deal with
#
prologic
so unnecessary :)
#
prologic
speaking from experience in several years of dealing with academics and working for universities (they love that shit 🤦‍♂️)
#
prologic
Okay now GTS rightfully complains that my PublicKey is basicallh bnank (which it is right now)
#
prologic
So now I have to decide how to handle this
#
prologic
Do I create an RSA key per user?
#
prologic
or create a server RSA key and derive a unqiue key per user on the fly?
#
prologic
I'm not even sure if I can do the later at all actually hmm
#
[KevinMarks]
The original activity spec that morphed into AS1 and AS2 was Atom or plain JSON, which I worked on, and making the JSON be plain and not the gData mangling was a huge fight inside Google that I won, but got me moved from Eng to DevRel.
#
[KevinMarks]
That choice depends on how you want to handle revocation, which is always tricky.
#
prologic
might be easier to just generate unique keys pairs actually
#
prologic
Ahh interesting history ;) so you had something to do with this but lost out in the end with the mess we now have :)
#
prologic
So with these RSA keys used to basically sign HTTP requests on behalf of Actors (users), they seem to be stored server-side right?
#
prologic
What's to stop a rogue server implementation or bad operator of a server from abusing the RSA keys of other actors (users)?
#
prologic
Do users implicitly have to both a) trust the server and b) trust the operator
#
prologic
?
#
[KevinMarks]
Pretty much. This is where the model doesn't quite add up. There is the idea of things being determined by keys, but no actual way to keeps keys separate from servers, so there's no real improvement over ssl. In principle you can get the keys from the source server and use that to validate data you got some other way (via a cache server, say) but you're still trusting both servers implicitly, and AFAIK there isn't a 3rd server
#
[KevinMarks]
or transport involved apart from the origin and your viewing one. Maybe showing replies to a post on an origin? That was the Salmon use case, but given you need to check keys with the server anyway there's a lot of work for modest benefit imo.
#
prologic
yeah right, so basically really the whole idea of signed requests by an actor that doesn't actually control the keys is kind of useless
#
prologic
you can't make any guarntees that activites are actualyl from the person they claim to be
#
prologic
Oh well :)
[jamietanna] joined the channel
#
[jamietanna]
[snarfed] have a great holiday ⛱
#
IWDiscordRelay
<c​apjamesg#4492> angelo I fixed the Command + K / annotation conflict. Annotation is now triggered by Command + L on my website.
mro joined the channel
#
prologic
Success! (partially) 🥳
#
prologic
You can now lookup @james@yarn.mills.io on the "fediverse"
#
prologic
Be great if someone else could verify this on their favourite "fediverse" space
#
IWDiscordRelay
<c​apjamesg#4492> Yay!
#
Loqi
😃
#
IWDiscordRelay
<c​apjamesg#4492> How do JavaScript CDNs work?
#
IWDiscordRelay
<c​apjamesg#4492> I wonder if I could host a CDN on fly.
mro_ and mro joined the channel
#
prologic
I'm not sure why but GTS isn't picking up the image/icon on my A2S actor
#
prologic
despite that the url is valid and works
#
prologic
any ideas?
[pfefferle] joined the channel
#
sknebel
has it already fetched it before and cached?
#
sknebel
then you need to send an update telling it that it has changed
#
prologic
Oh, so because AP is all pushed based, if I change my Avatar
#
prologic
I have to push some kind of activity update to let all my follows know?
#
prologic
I guess that makes sense
#
prologic
eaiser to blow away my gts test instance for now :)
#
prologic
:D
#
prologic
can't figure out where it's caching this :)
#
[snarfed]
re JSON-LD, AP basically allows but doesn't require it. after Example 1 on https://www.w3.org/TR/activitypub/ :
#
[snarfed]
"ActivityStreams can be extended via [JSON-LD]. If you know what JSON-LD is, you can take advantage of the cool linked data approaches provided by JSON-LD. If you don't, don't worry, JSON-LD documents and ActivityStreams can be understood as plain old simple JSON."
#
[snarfed]
and it says both content-types are ok and interchangeable: https://www.w3.org/TR/activitypub/#retrieving-objects
#
prologic
I'm not completely sure but I think GTS for example doens't adhere to the spec in this case
#
prologic
it seems to strictly require JSON-LD
#
prologic
but I'd have to re-test that, which if true, just makes my life more difficult
#
prologic
As it is now I'm basically creating a very "liberal" implementation here that is quite "lax" in how it behaves and what it accepts
#
[snarfed]
and re key management, yes. KevinMarks++ . There's still a difference between a single Twitter and many fediverse instances you get to choose from, though, and you have the ability to run your own
#
[snarfed]
The three models are centralized, federated, and peer to peer, which prologic it sounds like you prefer
#
[snarfed]
Check out Bluesky, it's an interesting one here, it tries to allow federation but still let users handle rogue admins, undo spoofed posts or migrate without their server's cooperation, etc. https://atproto.com/guides/identity
#
[snarfed]
by "require LD" do you mean it doesn't allow incoming allowing/activity+json requests? If so then yeah that's overly strict
#
[snarfed]
If it just wants @context, that is technically necessary, but you don't have to do anything with it other than include it
#
prologic
I think I found that it was making Accept: application/ld_json requests for my A2S actor
#
prologic
:/
#
[snarfed]
Right, which is allowed
#
prologic
even though there's no hint to tell it to do that
#
prologic
yes but it didn't even bother content negogationg the request I think
#
prologic
forcing me to deal with JSON-LD ;?
#
[snarfed]
Technically the two content-types are interchangeable in AP, it's allowed. https://www.w3.org/TR/activitypub/#retrieving-objects
#
[snarfed]
But again you don't have to "deal with" LD other than just accepting that content-type
#
prologic
yeah I think what I ended up doing was just defaulting on the Accept:
#
prologic
and ignoring what was asked
#
prologic
because GTS was being overly stict
#
[snarfed]
conneg--
#
Loqi
conneg has -21 karma in this channel over the last year (-27 in all channels)
#
prologic
haha
#
prologic
nobody does conneg properly :)
#
[tantek]
[KevinMarks] hah that was quite the TPAC session with the list of folks there and topics discussed.
#
[tantek]
Did we capture that as an event in the microformats wiki for 2011?
retronav, mro, geoffo, AramZS, IWSlackGateway, [schmarty], [tantek] and angelo joined the channel
#
IWDiscordRelay
<j​acky#7226> https://hachyderm.io/@hrefna/109887787033151885 thread about federated moderation
#
Loqi
[preview] [Hrefna (DHC)] Moderation in this environment is a _nightmare_ of inconsistency and, instead of a faceless megacorporation, you get eight million individuals who have no idea what they are doing, no training, no accountability, and a lot of Ideas™ about what effe...
#
prologic
Is it normal to have to link to an actual instance and a particular status?
#
prologic
Are thread/statuses not content addressable and linkable on any instance?
#
prologic
Also a lot of the problem as far as I see it is scale
#
prologic
we really should focus on rearchitecting decentralised/distirbuted social ecosystems to be small interconnected communities
#
prologic
not hard 20k, 150k+ users
#
prologic
you cannot IMO scale "human interactions" like this and have a good time
#
prologic
we suck :)
#
prologic
You will always upset 1% or hurt 2% or end up in flame wars of such stupid shit where 1% or 2% of large instances like the ones you typically see in the so-called "Fediverse" mean 100s to thousands of folks
gRegor joined the channel
#
gRegor
prologic, I don't think so. The @-@ is used in the status permalink on each instance (that is aware of the status, I guess), e.g. https://xoxo.zone/@gregorlove.com@gregorlove.com/109831444476945604 (that link will redirect to my original post though)
#
Loqi
[preview] Testing a federated post with a footnote. ¹ I expect that footnote number won't be linked when this appears on Mastodon, but fingers crossed! ¹ See indieweb.org/footnote  
#
gRegor
And same post on another instance https://mastodon.social/@gregorlove.com@gregorlove.com/109831450394862564, so the post id differs between instances
#
Loqi
[preview] Testing a federated post with a footnote. ¹ I expect that footnote number won't be linked when this appears on Mastodon, but fingers crossed! ¹ See indieweb.org/footnote  
#
gRegor
Because I think a post only exists on a Mastodon instance if its sent to the inbox there
#
prologic
gRegor Ahh okay
#
prologic
Wait...
#
prologic
So you can't link to a status or thread by its id on another instnace?
#
prologic
it gets a different id on other instances?
#
gRegor
Each instance gets a different ID, looks like.
#
prologic
oh geez
#
gRegor
I'm not aware of a globally unique permalink for a status.
#
prologic
so you can't easily link to a "conversation" really
#
prologic
you have to link to the home instance
#
gRegor
You can, but you have to pick an instance to link to I guess.
#
prologic
OH my
#
prologic
crazy system this "federation" thing :D
#
gRegor
For "native" Mastodon users they'd just use their own, I'm sure. It should include interactions from other instances.
#
prologic
thanks for the insights
#
prologic
back later
#
prologic
👋
#
gRegor
Good luck! I'm thankful I can rely on Bridgy Fed for this, otherwise I wouldn't put much effort into it, haha
#
aaronpk
a "globally unique permalink for a status" is the original link on the status the original was posted to :)
#
aaronpk
the status links on other instances are that instance's own internal version of the post. it's just a coincidence that since everything is mastodon they end up looking similar
#
aaronpk
e.g. mastodon.social's version of my latest post is https://mastodon.social/@aaronpk@aaronparecki.com/109887141177015404 but of course my post doesn't have a canonical "ID" because that's not how my URLs work
#
Loqi
[preview] [Aaron Parecki] It's okay, I didn't really need to use Twitter today anyway. https://aaronparecki.com/img/1240x0/2023/02/18/7/photo.png
#
aaronpk
so it's more like that ID just mastodon.social's own internal reference to my post
#
gRegor
Fair, though can you even tell whether one is the canonical status?
#
aaronpk
bridgy does this too, it has its own URLs for tweets so that webmentions work
#
aaronpk
if you're not logged in, the mastodon.social URL redirects to mine, which is how Loqi got the preview
#
gRegor
aaronpk, would you be able to try this and deploy it before next week's newsletter? https://github.com/indieweb/this-week/pull/24
#
Loqi
[preview] [gRegorLove] #24 Group event wiki page notes
#
gRegor
Not sure if it auto deploys on merge like indiewebify.me
#
aaronpk
oh yeah sure. it doesn't auto deploy
#
prologic
This just makes it hard to reference and link things really
#
prologic
Content addressing should have been considered at the start IMO
#
gRegor
Well for indieweb setups it's a bit easier since the link on our own domain is the original
#
aaronpk
content addressing has its own problems
#
gRegor
yeah, was just wondering about updated posts
#
aaronpk
e.g. what happens when someone edits a post
#
aaronpk
also remember that mastodon existed before activitypub :)
#
Zegnat
I think AS takes any URI as ID, right? So you could actually do ipfs URLs or similar and have content addressable activitypub posts. (Though my guess would be Mastodon is not going to be able to display them.)
#
Zegnat
Although I guess it needs to be HTTP fetchable for AP. Mm.