#dev 2023-02-18
2023-02-18 UTC
# prologic Yea we already use WebSub
# prologic Why's that?
# prologic WebSub is way better IMO
# prologic Way easier to implement and use
# prologic gotosocial_gotosocial.1.vobxn2s9wz6a@dm6.mills.io | timestamp="18/02/2023 00:36:01.331" func=federation.(*federator).AuthenticateFederatedRequest level=DEBUG msg="could not parse public key https://prologic.shortcircuit.net.au/@prologic.json from block bytes: x509: failed to parse public key (use ParsePKCS1PublicKey instead for this key format)"
# prologic Hmmmm
# prologic I could swear its in the right format
# prologic oh damn
# prologic I'm encoding as ASN1
# prologic 🤦♂️
IWSlackGateway and [snarfed] joined the channel
# prologic trying to find those links you posted again to understand what the expected encoding is
# prologic GTS looks like its parsing it as PKIX (ASN.1 DER) PEM encoded
# prologic not sure if I saw this in any docs hmm
# prologic found 'em
# prologic hmm doesn't seem to say
# prologic Success! 🥳
# prologic My first authenticated request to an AP instance from the command-line :D
# prologic are there even any decent cli tools for AP around?
# prologic kinda wondering how useful developing these crappy ass prototype tools would be to anyone else
# prologic especially static website folks
# [snarfed] maybe nudge dansup about https://fedidb.org/
# prologic hmm
# prologic gotosocial_gotosocial.1.vobxn2s9wz6a@dm6.mills.io | timestamp="18/02/2023 01:23:01.611" func=middleware.Logger.func1.1 level=INFO latency=182.807µs clientIP=10.0.2.56 userAgent=Go-http-client/2.0 method=POST statusCode=400 path=/users/prologic/inbox msg="Bad Request: wrote 70B"
# prologic not sure what I'm doing wrong, trying to send to this test inbox
# prologic not a very helpful message ;)
# prologic looks like its just reuetrning false (!posted) and a 400 bad Request
# prologic do you have to generally follow before posting to an inbox?
gRegor joined the channel
# prologic I think I saw a "manually approve followers"
# prologic so maybe that has something to do with it
# prologic in any case let's figure out how to consturct a Follow activity
gxt joined the channel
# prologic hmm
# prologic does this look right to you?
# prologic yeah the content-type didn't seem to matter too much
# prologic hmm
# prologic thanks
[tantek] joined the channel
# prologic Brilliant!
# prologic Worked it out
# prologic I was sending requests with no Content-Type
# prologic Which GTS would flat our reject
# prologic I can successfully send Follow activities and Create actitivies of Type Note
# prologic Nice
# prologic Kind of wondering whether an outbox id strictly required here at Ll?
# prologic if the entire idea behind AP is to PUSH stuff around
# prologic why bother with an outbox?
# prologic hmmmm
# prologic I think I can entirely skip this S2S part of the spec
# prologic Oh boi this is going to be challenging now that I understand the basic flows
# prologic trying to mix and pull based social ecosystem with a push based distributed network
# prologic uggh
# prologic I think I have to do something like; accept all Create/Note activities, and translate those inbound objects into a "fake" twtxt feed per actor
# prologic In addition I have to keep a mapping of the object id and the twt we end up creating as a sort-of "fake twtxt feed"
# prologic the only reason we need to do this is to process replies and map the twt hash (we use in Subjects / replies) back out to actors following us, tripping the Twt Subject (easy) and setting the right inReplyTo ID
[aciccarello], [asuh] and IWSlackGateway joined the channel
# prologic rightio
# prologic I guess it'll be okay, just a necessary requirement/design
[James_Van_Dyne] and geoffo joined the channel
# IWDiscordRelay <capjamesg#4492> This is cool: https://github.com/jannikmi/timezonefinder
[jacky] joined the channel
# [jacky] interesting counter-point to using something like a `<picture>` tag https://indieweb.social/@ascorbic/109847181079065102
# prologic [snarfed] You be around later at some point to jump on a video call with me to talk AP and some concerns I have with even doing this in the first place ? :D
# prologic Ahh no worries
# prologic Have a nice vacation 🏖️
# @hurutoriya ↩️ https://www.kunimiya.info/blog/2016/06/26/introduction-to-webmention/
ウエブメンションとかが普及すれば、感想は書くまでもないけど読んだよ〜面白かったよ〜がみたいな弱いシグナルが伝えられて良いのになぁと思っているんですが…
チャットとかで書いたよ見て〜みたいなコミュニケーションって自分はちょっと躊躇するので… (twitter.com/_/status/1626848616618033154)
# prologic Q: Is the self type Self or self (lowercase)
# prologic I'm so confused
# prologic I think it is "self" (lowercase)
# prologic Q: Why does GTS perform a request to the webfinger's self link with a Accept: application/ld+json and not application/activiry+json ?
[KevinMarks] joined the channel
# [KevinMarks] Is that doing LRRD rather than AP?
# @neizod เชี้ยยยย เพิ่งรู้จัก http://webmention.io กราบๆๆ @dtinth @nimomiao #bcbk10 (twitter.com/_/status/1626861577923366915)
# [KevinMarks] Hm. GTS may be using LD internally. It should be asking for /activity+json and assuming the @context, but you could allow /ld+json and supply the @context too
mro joined the channel
# prologic Oh this is so goddamn confusing
# prologic servers out ther ein the wild will eitehr respond with ld+json or activity+json
# prologic and there's literally no difference between teh two
# prologic you end up with teh same JSON objects
# prologic this is just silly
# prologic oh boi
# prologic These Go libraries are really hard to use :/
# prologic I'm having to write my own just to cut down on the insane amount of code you have to learn and cognitive overload
# prologic Who designed this ActivityPub and ActivityStreams anyway?D 🤦♂️
# prologic it wreaks of "Enterprise" :D 🤣
# prologic I really do not need 13 dependencies and and 20k SLOC just to render a simple webfinger actor response :/
# [KevinMarks] *shuffles awkwardly * - looks at James Snell (actually it is mostly not his fault that w3c forced the issue on LD).
# prologic Ahh!
# prologic Well the whole JSON-LD thing is just nuts :D
# prologic its just over complciated what could have been infiniately simpler to deal with
# prologic so unnecessary :)
# prologic speaking from experience in several years of dealing with academics and working for universities (they love that shit 🤦♂️)
# prologic Okay now GTS rightfully complains that my PublicKey is basicallh bnank (which it is right now)
# prologic So now I have to decide how to handle this
# prologic Do I create an RSA key per user?
# prologic or create a server RSA key and derive a unqiue key per user on the fly?
# prologic I'm not even sure if I can do the later at all actually hmm
# [KevinMarks] The original activity spec that morphed into AS1 and AS2 was Atom or plain JSON, which I worked on, and making the JSON be plain and not the gData mangling was a huge fight inside Google that I won, but got me moved from Eng to DevRel.
# [KevinMarks] That choice depends on how you want to handle revocation, which is always tricky.
# prologic might be easier to just generate unique keys pairs actually
# prologic Ahh interesting history ;) so you had something to do with this but lost out in the end with the mess we now have :)
# prologic So with these RSA keys used to basically sign HTTP requests on behalf of Actors (users), they seem to be stored server-side right?
# prologic What's to stop a rogue server implementation or bad operator of a server from abusing the RSA keys of other actors (users)?
# prologic Do users implicitly have to both a) trust the server and b) trust the operator
# prologic ?
# [KevinMarks] Pretty much. This is where the model doesn't quite add up. There is the idea of things being determined by keys, but no actual way to keeps keys separate from servers, so there's no real improvement over ssl. In principle you can get the keys from the source server and use that to validate data you got some other way (via a cache server, say) but you're still trusting both servers implicitly, and AFAIK there isn't a 3rd server
# [KevinMarks] or transport involved apart from the origin and your viewing one. Maybe showing replies to a post on an origin? That was the Salmon use case, but given you need to check keys with the server anyway there's a lot of work for modest benefit imo.
# prologic yeah right, so basically really the whole idea of signed requests by an actor that doesn't actually control the keys is kind of useless
# prologic you can't make any guarntees that activites are actualyl from the person they claim to be
# prologic Oh well :)
[jamietanna] joined the channel
# [jamietanna] [snarfed] have a great holiday ⛱
# IWDiscordRelay <capjamesg#4492> angelo I fixed the Command + K / annotation conflict. Annotation is now triggered by Command + L on my website.
mro joined the channel
# prologic Success! (partially) 🥳
# prologic You can now lookup @james@yarn.mills.io on the "fediverse"
# prologic Be great if someone else could verify this on their favourite "fediverse" space
# IWDiscordRelay <capjamesg#4492> Yay!
# IWDiscordRelay <capjamesg#4492> I like this: https://jvns.ca/blog/2023/02/16/writing-javascript-without-a-build-system/
# IWDiscordRelay <capjamesg#4492> How do JavaScript CDNs work?
# IWDiscordRelay <capjamesg#4492> I wonder if I could host a CDN on fly.
mro_ and mro joined the channel
# prologic I'm not sure why but GTS isn't picking up the image/icon on my A2S actor
# prologic despite that the url is valid and works
# prologic any ideas?
[pfefferle] joined the channel
# [KevinMarks] Remember this one Tantek https://www.w3.org/wiki/TPAC/2011/Semantic_Syntaxes
# prologic Oh, so because AP is all pushed based, if I change my Avatar
# prologic I have to push some kind of activity update to let all my follows know?
# prologic I guess that makes sense
# prologic eaiser to blow away my gts test instance for now :)
# prologic :D
# prologic can't figure out where it's caching this :)
# prologic https://docs.mills.io/s/Q295YR2Gz
# [snarfed] re JSON-LD, AP basically allows but doesn't require it. after Example 1 on https://www.w3.org/TR/activitypub/ :
# [snarfed] and it says both content-types are ok and interchangeable: https://www.w3.org/TR/activitypub/#retrieving-objects
# prologic I'm not completely sure but I think GTS for example doens't adhere to the spec in this case
# prologic it seems to strictly require JSON-LD
# prologic but I'd have to re-test that, which if true, just makes my life more difficult
# prologic As it is now I'm basically creating a very "liberal" implementation here that is quite "lax" in how it behaves and what it accepts
# [snarfed] Check out Bluesky, it's an interesting one here, it tries to allow federation but still let users handle rogue admins, undo spoofed posts or migrate without their server's cooperation, etc. https://atproto.com/guides/identity
# prologic I think I found that it was making Accept: application/ld_json requests for my A2S actor
# prologic :/
# prologic even though there's no hint to tell it to do that
# prologic yes but it didn't even bother content negogationg the request I think
# prologic forcing me to deal with JSON-LD ;?
# [snarfed] Technically the two content-types are interchangeable in AP, it's allowed. https://www.w3.org/TR/activitypub/#retrieving-objects
# prologic yeah I think what I ended up doing was just defaulting on the Accept:
# prologic and ignoring what was asked
# prologic because GTS was being overly stict
# prologic haha
# prologic nobody does conneg properly :)
retronav, mro, geoffo, AramZS, IWSlackGateway, [schmarty], [tantek] and angelo joined the channel
# IWDiscordRelay <jacky#7226> https://hachyderm.io/@hrefna/109887787033151885 thread about federated moderation
# prologic Is it normal to have to link to an actual instance and a particular status?
# prologic Are thread/statuses not content addressable and linkable on any instance?
# prologic Also a lot of the problem as far as I see it is scale
# prologic we really should focus on rearchitecting decentralised/distirbuted social ecosystems to be small interconnected communities
# prologic not hard 20k, 150k+ users
# prologic you cannot IMO scale "human interactions" like this and have a good time
# prologic we suck :)
# prologic You will always upset 1% or hurt 2% or end up in flame wars of such stupid shit where 1% or 2% of large instances like the ones you typically see in the so-called "Fediverse" mean 100s to thousands of folks
gRegor joined the channel
# gRegor prologic, I don't think so. The @-@ is used in the status permalink on each instance (that is aware of the status, I guess), e.g. https://xoxo.zone/@gregorlove.com@gregorlove.com/109831444476945604 (that link will redirect to my original post though)
# gRegor And same post on another instance https://mastodon.social/@gregorlove.com@gregorlove.com/109831450394862564, so the post id differs between instances
# prologic gRegor Ahh okay
# prologic Wait...
# prologic So you can't link to a status or thread by its id on another instnace?
# prologic it gets a different id on other instances?
# prologic oh geez
# prologic so you can't easily link to a "conversation" really
# prologic you have to link to the home instance
# prologic OH my
# prologic crazy system this "federation" thing :D
# prologic thanks for the insights
# prologic back later
# prologic 👋
# aaronpk e.g. mastodon.social's version of my latest post is https://mastodon.social/@aaronpk@aaronparecki.com/109887141177015404 but of course my post doesn't have a canonical "ID" because that's not how my URLs work
# Loqi [preview] [Aaron Parecki] It's okay, I didn't really need to use Twitter today anyway. https://aaronparecki.com/img/1240x0/2023/02/18/7/photo.png
# gRegor aaronpk, would you be able to try this and deploy it before next week's newsletter? https://github.com/indieweb/this-week/pull/24
# prologic This just makes it hard to reference and link things really
# prologic Content addressing should have been considered at the start IMO