#dev 2023-02-18

2023-02-18 UTC
#
prologic Yea we already use WebSub
#
prologic Why's that?
#
[tantek] I'm curious about your experience contrasting the two in terms of PUSH capabilities
#
prologic WebSub is way better IMO
#
prologic Way easier to implement and use
#
prologic gotosocial_gotosocial.1.vobxn2s9wz6a@dm6.mills.io | timestamp="18/02/2023 00:36:01.331" func=federation.(*federator).AuthenticateFederatedRequest level=DEBUG msg="could not parse public key https://prologic.shortcircuit.net.au/@prologic.json from block bytes: x509: failed to parse public key (use ParsePKCS1PublicKey instead for this key format)"
#
prologic Hmmmm
#
prologic I could swear its in the right format
#
Loqi [preview] James Mills
#
prologic oh damn
#
prologic I'm encoding as ASN1
#
prologic 🤦‍♂️
IWSlackGateway and [snarfed] joined the channel
#
[snarfed] also finally a useful error message
#
prologic trying to find those links you posted again to understand what the expected encoding is
#
prologic GTS looks like its parsing it as PKIX (ASN.1 DER) PEM encoded
#
prologic not sure if I saw this in any docs hmm
#
prologic found 'em
#
prologic hmm doesn't seem to say
#
prologic Success! 🥳
#
prologic My first authenticated request to an AP instance from the command-line :D
#
[snarfed] congrats!!!
#
prologic are there even any decent cli tools for AP around?
#
prologic kinda wondering how useful developing these crappy ass prototype tools would be to anyone else
#
prologic especially static website folks
#
[snarfed] curl -H 'Accept: application/activity+json' 🤷
#
[snarfed] maybe nudge dansup about https://fedidb.org/
#
prologic hmm
#
prologic gotosocial_gotosocial.1.vobxn2s9wz6a@dm6.mills.io | timestamp="18/02/2023 01:23:01.611" func=middleware.Logger.func1.1 level=INFO latency=182.807µs clientIP=10.0.2.56 userAgent=Go-http-client/2.0 method=POST statusCode=400 path=/users/prologic/inbox msg="Bad Request: wrote 70B"
#
prologic not sure what I'm doing wrong, trying to send to this test inbox
#
prologic not a very helpful message ;)
#
prologic looks like its just reuetrning false (!posted) and a 400 bad Request
#
prologic do you have to generally follow before posting to an inbox?
#
[snarfed] afaik no, but maybe GtS requires it
#
[snarfed] maybe try delivering to the shared inbox instead of your user's
gRegor joined the channel
#
prologic I think I saw a "manually approve followers"
#
prologic so maybe that has something to do with it
#
prologic in any case let's figure out how to consturct a Follow activity
gxt joined the channel
#
[snarfed] approve followers is separate logic, it means the user needs to accept a follow, and GtS will send an `Accept` activity, before it starts delivering posts
#
prologic hmm
#
prologic https://files.mills.io/download/Screenshot%202023-02-18%20at%2011.46.46.png
#
prologic does this look right to you?
#
[snarfed] assuming that actor URL serves your actor, yes. missing Content-Type though
#
[snarfed] ?
#
prologic yeah the content-type didn't seem to matter too much
#
[snarfed] maybe it needs the `to` field
#
prologic hmm
#
[snarfed] gotta run. gl!
#
prologic thanks
[tantek] joined the channel
#
prologic Brilliant!
#
prologic Worked it out
#
prologic I was sending requests with no Content-Type
#
prologic Which GTS would flat our reject
#
prologic I can successfully send Follow activities and Create actitivies of Type Note
#
prologic Nice
#
prologic Kind of wondering whether an outbox id strictly required here at Ll?
#
prologic if the entire idea behind AP is to PUSH stuff around
#
prologic why bother with an outbox?
#
prologic https://www.w3.org/TR/activitypub/#server-to-server-interactions
#
prologic hmmmm
#
prologic I think I can entirely skip this S2S part of the spec
#
prologic Oh boi this is going to be challenging now that I understand the basic flows
#
prologic trying to mix and pull based social ecosystem with a push based distributed network
#
prologic uggh
#
prologic I think I have to do something like; accept all Create/Note activities, and translate those inbound objects into a "fake" twtxt feed per actor
#
prologic In addition I have to keep a mapping of the object id and the twt we end up creating as a sort-of "fake twtxt feed"
#
prologic the only reason we need to do this is to process replies and map the twt hash (we use in Subjects / replies) back out to actors following us, tripping the Twt Subject (easy) and setting the right inReplyTo ID
[aciccarello], [asuh] and IWSlackGateway joined the channel
#
[snarfed] Yup, this is all basically what Bridgy Fed does too
#
prologic rightio
#
prologic I guess it'll be okay, just a necessary requirement/design
[James_Van_Dyne] and geoffo joined the channel
#
IWDiscordRelay <c​apjamesg#4492> This is cool: https://github.com/jannikmi/timezonefinder
#
Loqi [preview] [jannikmi] timezonefinder: python package for finding the timezone of any point on earth (coordinates) offline
[jacky] joined the channel
#
[jacky] interesting counter-point to using something like a `<picture>` tag https://indieweb.social/@ascorbic/109847181079065102
#
Loqi [preview] [Matt Kane] I've spent a lot of time looking at how web frameworks handle images since I worked on Gatsby image a couple of years ago and I'm more convinced than ever that most sites should just use an image CDN and an `<img>` tag. Resizing at build time is too ...
#
prologic [snarfed] You be around later at some point to jump on a video call with me to talk AP and some concerns I have with even doing this in the first place ? :D
#
[snarfed] sadly no, sorry, I'm headed to the airport tomorrow morning, off on vacation with limited connectivity for the next week and a bit
#
[snarfed] maybe when I'm back!
#
prologic Ahh no worries
#
prologic Have a nice vacation 🏖️
#
@hurutoriya ↩️ https://www.kunimiya.info/blog/2016/06/26/introduction-to-webmention/ ウエブメンションとかが普及すれば、感想は書くまでもないけど読んだよ〜面白かったよ〜がみたいな弱いシグナルが伝えられて良いのになぁと思っているんですが… チャットとかで書いたよ見て〜みたいなコミュニケーションって自分はちょっと躊躇するので… (twitter.com/_/status/1626848616618033154)
#
prologic Q: Is the self type Self or self (lowercase)
#
prologic I'm so confused
#
prologic https://www.iana.org/assignments/link-relations/link-relations.xhtml
#
prologic I think it is "self" (lowercase)
#
prologic Q: Why does GTS perform a request to the webfinger's self link with a Accept: application/ld+json and not application/activiry+json ?
[KevinMarks] joined the channel
#
[KevinMarks] Is that doing LRRD rather than AP?
#
@neizod เชี้ยยยย เพิ่งรู้จัก http://webmention.io กราบๆๆ @dtinth @nimomiao #bcbk10 (twitter.com/_/status/1626861577923366915)
#
[KevinMarks] Hm. GTS may be using LD internally. It should be asking for /activity+json and assuming the @context, but you could allow /ld+json and supply the @context too
mro joined the channel
#
prologic Oh this is so goddamn confusing
#
prologic servers out ther ein the wild will eitehr respond with ld+json or activity+json
#
prologic and there's literally no difference between teh two
#
prologic you end up with teh same JSON objects
#
prologic this is just silly
#
prologic oh boi
#
prologic These Go libraries are really hard to use :/
#
prologic I'm having to write my own just to cut down on the insane amount of code you have to learn and cognitive overload
#
prologic Who designed this ActivityPub and ActivityStreams anyway?D 🤦‍♂️
#
prologic it wreaks of "Enterprise" :D 🤣
#
prologic I really do not need 13 dependencies and and 20k SLOC just to render a simple webfinger actor response :/
#
[KevinMarks] *shuffles awkwardly * - looks at James Snell (actually it is mostly not his fault that w3c forced the issue on LD).
#
prologic Ahh!
#
prologic Well the whole JSON-LD thing is just nuts :D
#
prologic its just over complciated what could have been infiniately simpler to deal with
#
prologic so unnecessary :)
#
prologic speaking from experience in several years of dealing with academics and working for universities (they love that shit 🤦‍♂️)
#
prologic Okay now GTS rightfully complains that my PublicKey is basicallh bnank (which it is right now)
#
prologic So now I have to decide how to handle this
#
prologic Do I create an RSA key per user?
#
prologic or create a server RSA key and derive a unqiue key per user on the fly?
#
prologic I'm not even sure if I can do the later at all actually hmm
#
[KevinMarks] The original activity spec that morphed into AS1 and AS2 was Atom or plain JSON, which I worked on, and making the JSON be plain and not the gData mangling was a huge fight inside Google that I won, but got me moved from Eng to DevRel.
#
[KevinMarks] That choice depends on how you want to handle revocation, which is always tricky.
#
prologic might be easier to just generate unique keys pairs actually
#
prologic Ahh interesting history ;) so you had something to do with this but lost out in the end with the mess we now have :)
#
prologic So with these RSA keys used to basically sign HTTP requests on behalf of Actors (users), they seem to be stored server-side right?
#
prologic What's to stop a rogue server implementation or bad operator of a server from abusing the RSA keys of other actors (users)?
#
prologic Do users implicitly have to both a) trust the server and b) trust the operator
#
prologic ?
#
[KevinMarks] Pretty much. This is where the model doesn't quite add up. There is the idea of things being determined by keys, but no actual way to keeps keys separate from servers, so there's no real improvement over ssl. In principle you can get the keys from the source server and use that to validate data you got some other way (via a cache server, say) but you're still trusting both servers implicitly, and AFAIK there isn't a 3rd server
#
[KevinMarks] or transport involved apart from the origin and your viewing one. Maybe showing replies to a post on an origin? That was the Salmon use case, but given you need to check keys with the server anyway there's a lot of work for modest benefit imo.
#
prologic yeah right, so basically really the whole idea of signed requests by an actor that doesn't actually control the keys is kind of useless
#
prologic you can't make any guarntees that activites are actualyl from the person they claim to be
#
prologic Oh well :)
[jamietanna] joined the channel
#
[jamietanna] [snarfed] have a great holiday ⛱
#
IWDiscordRelay <c​apjamesg#4492> angelo I fixed the Command + K / annotation conflict. Annotation is now triggered by Command + L on my website.
mro joined the channel
#
prologic Success! (partially) 🥳
#
prologic You can now lookup @james@yarn.mills.io on the "fediverse"
#
prologic Be great if someone else could verify this on their favourite "fediverse" space
#
IWDiscordRelay <c​apjamesg#4492> Yay!
#
Loqi 😃
#
IWDiscordRelay <c​apjamesg#4492> I like this: https://jvns.ca/blog/2023/02/16/writing-javascript-without-a-build-system/
#
IWDiscordRelay <c​apjamesg#4492> How do JavaScript CDNs work?
#
IWDiscordRelay <c​apjamesg#4492> I wonder if I could host a CDN on fly.
mro_ and mro joined the channel
#
prologic I'm not sure why but GTS isn't picking up the image/icon on my A2S actor
#
prologic despite that the url is valid and works
#
prologic any ideas?
[pfefferle] joined the channel
#
sknebel has it already fetched it before and cached?
#
sknebel then you need to send an update telling it that it has changed
#
[KevinMarks] Remember this one Tantek https://www.w3.org/wiki/TPAC/2011/Semantic_Syntaxes
#
prologic Oh, so because AP is all pushed based, if I change my Avatar
#
prologic I have to push some kind of activity update to let all my follows know?
#
prologic I guess that makes sense
#
sknebel yep
#
prologic eaiser to blow away my gts test instance for now :)
#
prologic :D
#
prologic can't figure out where it's caching this :)
#
prologic https://docs.mills.io/s/Q295YR2Gz
#
[snarfed] re JSON-LD, AP basically allows but doesn't require it. after Example 1 on https://www.w3.org/TR/activitypub/ :
#
[snarfed] "ActivityStreams can be extended via [JSON-LD]. If you know what JSON-LD is, you can take advantage of the cool linked data approaches provided by JSON-LD. If you don't, don't worry, JSON-LD documents and ActivityStreams can be understood as plain old simple JSON."
#
[snarfed] and it says both content-types are ok and interchangeable: https://www.w3.org/TR/activitypub/#retrieving-objects
#
prologic I'm not completely sure but I think GTS for example doens't adhere to the spec in this case
#
prologic it seems to strictly require JSON-LD
#
prologic but I'd have to re-test that, which if true, just makes my life more difficult
#
prologic As it is now I'm basically creating a very "liberal" implementation here that is quite "lax" in how it behaves and what it accepts
#
[snarfed] and re key management, yes. KevinMarks++ . There's still a difference between a single Twitter and many fediverse instances you get to choose from, though, and you have the ability to run your own
#
[snarfed] The three models are centralized, federated, and peer to peer, which prologic it sounds like you prefer
#
[snarfed] Check out Bluesky, it's an interesting one here, it tries to allow federation but still let users handle rogue admins, undo spoofed posts or migrate without their server's cooperation, etc. https://atproto.com/guides/identity
#
[snarfed] by "require LD" do you mean it doesn't allow incoming allowing/activity+json requests? If so then yeah that's overly strict
#
[snarfed] If it just wants @context, that is technically necessary, but you don't have to do anything with it other than include it
#
prologic I think I found that it was making Accept: application/ld_json requests for my A2S actor
#
prologic :/
#
[snarfed] Right, which is allowed
#
prologic even though there's no hint to tell it to do that
#
prologic yes but it didn't even bother content negogationg the request I think
#
prologic forcing me to deal with JSON-LD ;?
#
[snarfed] Technically the two content-types are interchangeable in AP, it's allowed. https://www.w3.org/TR/activitypub/#retrieving-objects
#
[snarfed] But again you don't have to "deal with" LD other than just accepting that content-type
#
prologic yeah I think what I ended up doing was just defaulting on the Accept:
#
prologic and ignoring what was asked
#
prologic because GTS was being overly stict
#
[snarfed] conneg--
#
Loqi conneg has -21 karma in this channel over the last year (-27 in all channels)
#
prologic haha
#
prologic nobody does conneg properly :)
#
[tantek] [KevinMarks] hah that was quite the TPAC session with the list of folks there and topics discussed.
#
[tantek] Did we capture that as an event in the microformats wiki for 2011?
retronav, mro, geoffo, AramZS, IWSlackGateway, [schmarty], [tantek] and angelo joined the channel
#
IWDiscordRelay <j​acky#7226> https://hachyderm.io/@hrefna/109887787033151885 thread about federated moderation
#
Loqi [preview] [Hrefna (DHC)] Moderation in this environment is a _nightmare_ of inconsistency and, instead of a faceless megacorporation, you get eight million individuals who have no idea what they are doing, no training, no accountability, and a lot of Ideas™ about what effe...
#
prologic Is it normal to have to link to an actual instance and a particular status?
#
prologic Are thread/statuses not content addressable and linkable on any instance?
#
prologic Also a lot of the problem as far as I see it is scale
#
prologic we really should focus on rearchitecting decentralised/distirbuted social ecosystems to be small interconnected communities
#
prologic not hard 20k, 150k+ users
#
prologic you cannot IMO scale "human interactions" like this and have a good time
#
prologic we suck :)
#
prologic You will always upset 1% or hurt 2% or end up in flame wars of such stupid shit where 1% or 2% of large instances like the ones you typically see in the so-called "Fediverse" mean 100s to thousands of folks
gRegor joined the channel
#
gRegor prologic, I don't think so. The @-@ is used in the status permalink on each instance (that is aware of the status, I guess), e.g. https://xoxo.zone/@gregorlove.com@gregorlove.com/109831444476945604 (that link will redirect to my original post though)
#
Loqi [preview] Testing a federated post with a footnote. ¹ I expect that footnote number won't be linked when this appears on Mastodon, but fingers crossed! ¹ See indieweb.org/footnote  
#
gRegor And same post on another instance https://mastodon.social/@gregorlove.com@gregorlove.com/109831450394862564, so the post id differs between instances
#
Loqi [preview] Testing a federated post with a footnote. ¹ I expect that footnote number won't be linked when this appears on Mastodon, but fingers crossed! ¹ See indieweb.org/footnote  
#
gRegor Because I think a post only exists on a Mastodon instance if its sent to the inbox there
#
prologic gRegor Ahh okay
#
prologic Wait...
#
prologic So you can't link to a status or thread by its id on another instnace?
#
prologic it gets a different id on other instances?
#
gRegor Each instance gets a different ID, looks like.
#
prologic oh geez
#
gRegor I'm not aware of a globally unique permalink for a status.
#
prologic so you can't easily link to a "conversation" really
#
prologic you have to link to the home instance
#
gRegor You can, but you have to pick an instance to link to I guess.
#
prologic OH my
#
prologic crazy system this "federation" thing :D
#
gRegor For "native" Mastodon users they'd just use their own, I'm sure. It should include interactions from other instances.
#
prologic thanks for the insights
#
prologic back later
#
prologic 👋
#
gRegor Good luck! I'm thankful I can rely on Bridgy Fed for this, otherwise I wouldn't put much effort into it, haha
#
aaronpk a "globally unique permalink for a status" is the original link on the status the original was posted to :)
#
aaronpk the status links on other instances are that instance's own internal version of the post. it's just a coincidence that since everything is mastodon they end up looking similar
#
aaronpk e.g. mastodon.social's version of my latest post is https://mastodon.social/@aaronpk@aaronparecki.com/109887141177015404 but of course my post doesn't have a canonical "ID" because that's not how my URLs work
#
Loqi [preview] [Aaron Parecki] It's okay, I didn't really need to use Twitter today anyway. https://aaronparecki.com/img/1240x0/2023/02/18/7/photo.png
#
aaronpk so it's more like that ID just mastodon.social's own internal reference to my post
#
gRegor Fair, though can you even tell whether one is the canonical status?
#
aaronpk bridgy does this too, it has its own URLs for tweets so that webmentions work
#
aaronpk if you're not logged in, the mastodon.social URL redirects to mine, which is how Loqi got the preview
#
gRegor aaronpk, would you be able to try this and deploy it before next week's newsletter? https://github.com/indieweb/this-week/pull/24
#
Loqi [preview] [gRegorLove] #24 Group event wiki page notes
#
gRegor Not sure if it auto deploys on merge like indiewebify.me
#
aaronpk oh yeah sure. it doesn't auto deploy
#
prologic This just makes it hard to reference and link things really
#
prologic Content addressing should have been considered at the start IMO
#
gRegor Well for indieweb setups it's a bit easier since the link on our own domain is the original
#
aaronpk content addressing has its own problems
#
gRegor yeah, was just wondering about updated posts
#
aaronpk e.g. what happens when someone edits a post
#
gRegor jinx
#
aaronpk also remember that mastodon existed before activitypub :)
#
Zegnat I think AS takes any URI as ID, right? So you could actually do ipfs URLs or similar and have content addressable activitypub posts. (Though my guess would be Mastodon is not going to be able to display them.)
#
Zegnat Although I guess it needs to be HTTP fetchable for AP. Mm.