#dev 2023-03-04

2023-03-04 UTC
#
[snarfed] fully implementing salmentions, ie when a wm is received, the receiver has to figure out and send more wms send upstream
#
[capjamesg] I think I am doing that in my code.
#
[capjamesg] (`send_webmention` call)
gerben joined the channel
#
prologic Q: How (in Activity Pub land) do I go from an actor's inbox (the full url) to their webfinger @user@domain account/address?
#
prologic Is there a way to look this up in reverse?
#
[snarfed] yeah, you use preferredUsername from the actor object with the domain from the URL
#
prologic Ahh!
#
prologic that simple nice
#
[snarfed] actually that will often work, eg with Mastodon, but not necessarily with all other implementations. BF struggled with this a bit
#
prologic arggg
#
prologic so it's not reliable?
#
[snarfed] it may be webfinger
#
[snarfed] iirc @-@ syntax is technically only specified there, not in AP or AS2. and I think that's where Mastodon pulls it from
#
[snarfed] specifically the subject field
#
prologic Oh well I'll just do what you suggested and see how it goes
#
prologic I mean if enough implementations assume we can go from preferredUsername + Inbox domain
#
prologic then they'll adopt :)
#
[snarfed] not exactly. Mastodon actually requires BF to put domain in preferredUsername
#
[snarfed] even though it accepts and displays non-domain username from eg webfinger (I think)
#
prologic Oh really?
#
prologic interesting
#
prologic So maybe just use the preferredUsername?
#
[snarfed] some background in https://github.com/snarfed/bridgy-fed/issues/3, more somewhere in https://github.com/snarfed/bridgy-fed/issues?q=is%3Aissue+preferredusername
#
prologic but that could collide hmm
#
[snarfed] I believe it's webfinger, that's the only one that specifies @-@ syntax. but feel free to experiment
#
prologic 👌
#
prologic Thanks 🙏
geoffo joined the channel
#
prologic hmmm
lockywolf joined the channel
#
[KevinMarks] Webfinger--
#
Loqi Webfinger has -4 karma in this channel over the last year (-5 in all channels)
#
@JoelOtter Getting Webmentions working has been a bit of a pain in the arse but I think I’m getting there, slowly. (twitter.com/_/status/1631847759081766912)
geoffo joined the channel
#
prologic Why?!
#
prologic Webfinger++
#
Loqi Webfinger has -3 karma in this channel over the last year (-4 in all channels)
#
prologic Webfinger is awesome :)
#
aaronpk Yes this worked out well "a WebFinger resource might return JRDs containing link relations that enable a client to discover, for example, that a printer can print in color on A4 paper"
#
[KevinMarks] What do you like about it?
#
prologic I think it s a great lookup mechanisms, simple and elegant
#
[KevinMarks] That's clearly a DNS-SD lookup then a 'kind' txt record. You know, the spec that printers have shipped with for 20 years or so.
#
prologic yeah well we (salty.im) uses both DNS SRV for delgation as well as WKD lookups
#
prologic both approaches have their merits and uses
#
prologic Is there a reliable way to "detect" that a URL is an Activity Pub actor?
#
prologic Answering my own question:
#
prologic Accept:text/plain,application/activity+json
#
prologic content negotiate the request
#
prologic ahh but dealing with actor endpoints that strictly required a signed request is a PITA
gxt__, mro, jeremycherfas, jeremy and gerben joined the channel
#
[snarfed] it's annoying but not that bad. eg in BF, I just always sign AP GETs, I don't bother trying to detect which instance requires sigs. I usually use the "current" user's keys, but on the rare occasion that there's no obvious current user, I use my own personal account's keys
mro joined the channel
#
aaronpk Has anyone complained about the privacy implications of signed GET requests yet?
#
[snarfed] got me. I think Mastodon instances with that turned on still serve posts as HTML without auth...?
#
[snarfed] confirmed. eg types.pl requires signed AP GETs, but serves HTML publicly: https://types.pl/@abnv/109360439631118847
mro and [manton] joined the channel
#
[manton] Requiring signed GETs for ActivityPub when the HTML version of the same thing is totally public… Not really sure what that is solving.
#
[manton] I always try unsigned GETs and only sign them if they fail. Not great.
#
[snarfed] I suspect the idea is that AS2 structured data is more amenable to indexing, which they want to avoid, than jsdr HTML
jonnybarnes, mro, Xe, [timothy_chambe], geoffo and gxt__ joined the channel
#
prologic well I'm going down a path of storing an integer for the type of feed a user follows
#
prologic e.g: 0 https://twtxt.net/user/prologic/twtxt.txt
#
prologic or 1 https://gts.mills.io/users/prologic
#
prologic for activity pub
#
prologic I really can't see a way to tell them apart in a reliable way, doing multiple requests will just upset people :(
#
prologic Anyone know of any AP bots out there that I can follow?
#
prologic Something like https://twtxt.net/twt/fxpzv7a
#
prologic So I can at least tell if shit™'s actually working :D
#
Loqi [preview] [tiktok] 🕘 The time is now nine o’clock in the evening 🌛
#
prologic Oh that's nice
#
prologic love how that works so well ;)
#
[KevinMarks] Lots of bots on botsin.space
#
prologic I honestly can't find a single one
#
prologic I obviously don't know how to use a Mastodon's search/explore :D
#
prologic How do people actually use this thing seriously? :D
#
[KevinMarks] https://botsin.space/public/local
#
[KevinMarks] Most recent posts
#
prologic Is there a list of accounts anywhere with descriptions?
#
prologic maybe @VoteChess@botsin.space will do
#
prologic only useful thing I could find so far :)
#
prologic I keep seeing some Mastodon instnaces sending me Delete activities, for what looks like deleted accounts
#
prologic How do I respond correctly to make these go away?
#
prologic They're like every few mins :(
#
[snarfed] hah, welcome to the fediverse, those are a fact of AP life
#
prologic well that's just dumb isn't it :)
#
prologic like now I have to accept this traffic and can do nothing about it?
#
[snarfed] technically you should delete/tombstone those actors if you've stored them, and if they've followed any of your users, stop sending your users' activities to them
#
prologic brilliant :)
#
prologic But if that's not the case?
#
prologic I still get these Delete activites :(
#
[snarfed] yup
#
[snarfed] return 200 and ignore them then
#
prologic fuck
#
prologic (sorry)
#
prologic Oh returning 202 Accepted is wrong?
#
[snarfed] oh no 2xx is fine
#
prologic Ahh
#
prologic so great zero things I can do about this
#
prologic :(
#
[snarfed] it's overly chatty, but it technically is a valid part of AP and has a purpose, so you don't/can't "stop" it
#
prologic starting to doubt whether AP integration is even a good idea now :)
#
[snarfed] i mean, it's easy and cheap to just 202 and ignore all of these requests
#
[snarfed] they're not that expensive
#
prologic Maybe
#
prologic depends on how I deal with them I guess
#
prologic Also on another topic
#
prologic Create activities and the To field
#
prologic Is this a string or an array of strings?
#
prologic I can't honestly tell from the specs :(
#
prologic I found cases where it can be either :(
#
[snarfed] yeah it can be either. https://www.w3.org/TR/activitystreams-vocabulary/#dfn-to
#
[snarfed] also see to/cc on https://docs.joinmastodon.org/spec/activitypub/#properties-used
#
prologic curious, whwere does it say it can be either a single value or an array of values?
#
prologic This spec is hard to read :(
#
[snarfed] yeah true
#
[snarfed] https://www.w3.org/TR/activitystreams-vocabulary/#properties : "Properties marked as being "Functional" can have only one value. Items not marked as "Functional" can have multiple values."
#
[snarfed] btw one important thing to do to reduce request handling cost is cache the ids of activities you've handled recently and ignore activities you've already seen
#
prologic Gotcha
#
prologic I can use that technique to not queue it up for processing and save a goroutine
#
[snarfed] you'll want to set up sharedInbox on your users' actors to try to get those Delete activities sent to you just once, and not once per user
#
[snarfed] but even then, you'll get lots of duplicates, so ignoring seen ids helps
#
prologic Yup
#
prologic I'm really not convinced of this "push" model :D
#
prologic I smell more DDoS coming my way one day :D
#
[snarfed] yeah the push model is chatty
#
IWDiscordRelay <c​apjamesg#4492> [tantek] I’m focusing on the logic for receiving Salmentions, not displaying them.
#
IWDiscordRelay <c​apjamesg#4492> I need the nesting logic before I can display them.
#
IWDiscordRelay <c​apjamesg#4492> And that’s what I am stuck on.
#
IWDiscordRelay <c​apjamesg#4492> I have three local HTML files that I am using for testing.
#
IWDiscordRelay <c​apjamesg#4492> I want to be able to parse Salmentions then I can think about displaying them.
#
[tantek] Those make sense as logical discrete implementation steps
#
[tantek] Have you listed those steps somewhere besides chat?
#
IWDiscordRelay <c​apjamesg#4492> Not yet.
#
IWDiscordRelay <c​apjamesg#4492> I can put it on the wiki.
#
prologic I'm curious about one thing though
#
prologic Why am I getting Delete activities for actors I've never interacted with ever?
#
[snarfed] they may have been mentioned or something similar, minor, in activities that passed through your instance
#
prologic e.g: https://mas.to/users/HitClub1#main-key
#
prologic I've never interacted with this instance or that actor
#
[snarfed] or maybe never, it's possible Mastodon is promiscuous and advertises deletes everywhere just to be extra sure, since they're extra important
#
[snarfed] iirc it's widely discussed in mastodon's github issues
#
prologic well this is kind of worrying for me really
#
prologic if I can't control what servers are going to blaast me back with stuff I a) don't care about and b) never interacted with ever
#
prologic I'm second guessing doing this at all :/
#
prologic like basically I seem to have zero control over this
#
[snarfed] true. but again, it's cheap to 202 and ignore them
#
prologic is it still cheap if I have 1,000 AP servers doing this at my server?
#
prologic that's what worries me
#
prologic I'm seeing this at "small scale" and I can't even track where it's coming from or how
#
[snarfed] if you cache seen ids, yes, it is cheap, I can tell you from experience
#
prologic Will background network chatter go up, and by how much?
#
[snarfed] if you're really worried about CPU, special case them and don't even check sigs, just drop them
#
[snarfed] but in practice caching seen ids is enough
#
prologic kk
IWSlackGateway and [KevinMarks] joined the channel
#
[0x3b0b] <[snarfed]> "if you're really worried about..." <- I suspect that's what microblogpub does, given that all the `Dropping delete activity early` messages in the logs come from the httpsigchecker.
[tantek] joined the channel
#
prologic One more thing...
#
prologic What's to stop a rogue AP servers from blasting out delete activities for basically everything?