#dev 2023-06-27

2023-06-27 UTC
gRegor and tei_ joined the channel
#
Soni anyone wanna talk about activitypub instance poisoning?
[timothy_chambe] joined the channel
#
[timothy_chambe] OK sure.
me4 joined the channel
#
[snarfed] we've been talking a lot about the fediverse and activitypub here, I wonder if/when we should start moving some of those conversations to #fediverse-devs:http://matrix.org , at least if they're not indieweb relevant?
#
[snarfed] (I'm ok either way)
[tw2113_Slack_], omz13 and tei_ joined the channel
#
Soni we should do instance poisoning to keep rent low
#
Loqi yea!
tei_1, holiday_medley, tei_, [Jo], [capjamesg], [Serena], lockywolf, gRegor, btrem and gRegorLove_ joined the channel
#
[KevinMarks] architecture astronomy << https://grugbrain.dev/
#
Loqi ok, I added "https://grugbrain.dev/" to the "See Also" section of /architecture_astronomy https://indieweb.org/wiki/index.php?diff=88378&oldid=87263
#
[schmarty] grugbrain++
#
Loqi grugbrain has 1 karma over the last year
tei_1 joined the channel
#
[tantek] that is a hilarious read. only thing that gave me a "ugh bad feels" about it was their gender-roles assumption caveman analogy with "wife firmly remind grug about young grugs at home need roof, food, and so forth" which is certainly not helping inclusiveness
#
[tantek] what is text first design
#
Loqi Text-first design refers to the practice of designing information and UIs so they are readable/usable/actionable at least as basic plain text https://indieweb.org/text_first_design
#
[tantek] ^ aaronpk
nsh joined the channel
#
Soni instance poisoning is just serving different things to different instances
#
Soni this could be a 403 or it could be something more creative (perhaps also boostable) and it's an intended part of the activitypub protocol
#
[snarfed] yup, it does seem like the AP development process only considered a relatively thin threat model, and it didn't really include malicious instance admins
#
[snarfed] (which may be ok, difficult problem, but would be nice to at least acknowledge in the spec at some point)
#
Soni eh, "loud blocking" isn't malicious
#
Soni sometimes you just need a better solution to a meta problem
#
[snarfed] oh sure blocking isn't, malicious AP instance admins can do way more than that
#
[snarfed] esp since they hold all of their users' keys, so they can forge arbitrary activities
#
Soni yes, admins can gaslight their users, but we don't see how AP can fix that without true multihoming
#
Soni (but that can be added on later)
#
Soni also, this isn't even actually required for gaslighting your users
#
Soni anyway it'd be nice if someone implemented "loud blocking" as an admin feature
#
Soni "loud defederation"
#
[snarfed] hmm, fedi admins are already pretty loud whenever they defederate with anyone 😆
#
aaronpk lol
#
[tantek] heh
#
Soni we guess what we want is "megaphone defederation" then
#
[tantek] perhaps instances defederating will motivate people to move to their own sites where they have more fine-grain control.
#
[tantek] what happens when the instance you're on defederates from another instances with a few (but not a lot) of your friends?
#
[tantek] do you go make another account on their instance? do you move to that instance that was defederated and then get cut-off from another set of people?
tei_ joined the channel
#
Soni what happens when you quiet quit facebook? does it solve anything? (the answer is no)
#
Soni anyway, multihoming is the general solution to "instances defederating eachother and your friends are there"
#
Soni everyone loves to complain about lack of multihoming but nobody wants to have multihoming for some reason
#
Soni or uh
#
Soni ppl love to complain about defederation we guess
#
Soni but they don't want a solution that works for everyone for some reason
#
Soni like, we genuinely don't know how to show ppl that multihoming would largely solve defederation for them
#
Soni tbh we get frustrated too easily
#
Soni tbh ppl complaining about stuff that we see as "solved" makes us frustrated
#
[tantek] when you quiet quit Facebook you do improve on perhaps the #1 problem, your own personal mental health
#
Soni tbh it's way more likely that they just haven't heard of the solution than that they don't want it
#
[tantek] frankly it's made a huge difference to me. as did quietly walking away from (most of) the Twitter UI when I started posting all my "tweets" to my own site instead of to Twitter directly
#
Soni we guess we have a problem :<
#
[tantek] people underestimate the huge positive impact that posting to your own site instead of silos has
#
[tantek] you can't really understand how massive the impact until you start doing it and notice the changes in yourself, your outlook, your mood, your mindset. it's massive
#
Soni we feel like mastodon often doesn't let you own your data. the server owns it.
#
Soni but eh, w/e we guess
#
[tantek] correct. the instance admins (who I lovingly refer to as "Little Chads") own it
#
[tantek] or rather "neighborhood Chad": https://tantek.com/2023/001/t1/own-your-notes
#
Loqi [preview] [Tantek Çelik] I am once again asking you to own your notes, rather than tweeting them into Big Chad’s garage. Maybe you left the big garage and now toot in your neighborhood Chad’s garage. It’s still someone else’s garage. https://xkcd.com/1150 #IndieWeb ...
#
[tantek] "little Chad" reference: https://tantek.com/2023/022/t2/own-your-notes-domain-migration
#
Loqi [preview] [Tantek Çelik] 3 weeks since the 1st, since asking you to own your notes¹ Still tweeting in Big Chad’s garage or tooting in little Chad’s garage next door?² What’s the delay? Choosing a domain name?³ Or a service or other path?⁴ Or #TwitterMigration to...
#
Soni yeah, well, multihoming largely solves this
#
Soni (if you make backups)
#
[tantek] no it doesn't because no one has actually made it work
#
[tantek] it's a handwavy theory like many social web projects
#
[tantek] and multihoming is user-unfriendly — adds lots of work (admintax) and such
#
Soni multihoming works fine in TCP and I2P
#
Soni eh, it's just key management
#
[tantek] I'll be blunt & direct. Using Mastodon or anything "fediverse-only" or "on someone else's instance" is *at best* a stepping stone towards actual web data ownership & control of using your own site
#
[tantek] there is no "just" about "key management"
#
Soni you don't have to do it "properly", you don't have to follow cryptography best practices to get effective results
#
[tantek] even that very statement belies the complexity of the user-unfriendliness of key management
#
Soni what is ipfs if not multihoming at scale
#
[tantek] besides, none of the "my friends are on an instance that was defederated" problem has anything to do with crypto or keys
#
Loqi It looks like we don't have a page for "ipfs if not multihoming at scale" yet. Would you like to create it? (Or just say "ipfs if not multihoming at scale is ____", a sentence describing the term)
#
[tantek] IPFS is very good at a few narrow use-cases. Attempting to use it as a panacea for user data storage is how you end up with fragile & unreliable & lost data
#
Soni ipfs is immutable, which makes everyone sad
#
[tantek] and again, just like crypto/keys, discussing it is a *distraction* from the actual end user problems
#
Soni anyway, we know how much key management sucks, that's why we don't bother
#
Soni pgp? we just make a new key every time we have to use it
#
[tantek] I didn't have to solve any weird crypto or key management to use my site instead of Twitter
#
[tantek] I didn't have to solve any weird crypto or key management to use my site directly to post/reply to "the fediverse"
#
Soni no, you just had to solve hosting and sysadmin
#
[tantek] so no, I have zero interest in any "jump into the plumbing of keys/crypto/ipfs" discussions
#
[tantek] because they are YAGNI to solving the actual user problems
#
Soni we feel like "bass-ackwards key management" is easier than "hosting and sysadmin"
#
[tantek] let me know when you have a real world example of it then
#
Soni we're working on it
#
Soni we need to solve a different problem first
#
[tantek] I have solved the user-level problems, with my site http://tantek.com — so until someone steps up and says here is my site (domain) that solves the user-level problems, I'm going to remain skeptical
#
Soni (well... we don't *need* to. but we wanna solve it first, because it'll make things easier for us.)
#
Loqi [preview] Tantek Çelik
#
[tantek] I've heard enough "working on it" and "solve a different problem first" excuses to unfortunately dismiss them as signs of impracticality
#
Soni (but it's a development thing, so nobody really cares about it)
#
[tantek] exactly, no one should care about it
#
Soni yes, so we hide the key management entirely
#
[tantek] if it's not making a user-visible impact on your personal site, then you're wasting your time
#
[tantek] (or discussing it in the wrong channel, because this is *indieweb* #indieweb-dev after all)
#
Soni yes, self-hosted IRC is not indieweb
#
[tantek] and the web is not chat
#
[tantek] Soni, if you want to start an "IndieChat" effort, please be my guest! But that's outside the scope of the Indie*Web* chats
#
Soni they're fuzzy boundaries ofc
#
[tantek] not really
#
Soni we can make them fuzzier by pushing at them
#
[tantek] fuzzy only in theory. once you start using your own website to publish as much of your own content as you can, such fuzziness largely disappears
#
Soni anyway we're mostly here for desearch
#
Soni and something about web-based feed readers
#
Soni are feeds indieweb?
#
gRegor what is feed
#
Loqi A feed is a dynamic set of posts, typically listed in reverse-chronological order, often only the most recent (like 10), published on the IndieWeb as separate feed files and on homepages with h-feed markup https://indieweb.org/feed
#
gRegor what is social reader
#
Loqi A social reader is a modern interactive reader that allows you to directly respond to posts (with a like, comment, etc) right there inline with posts as you read them (as people do in social media), in contrast to legacy feed readers which were one-way read-only experiences and provided no mechanisms to interact with or respond to posts https://indieweb.org/social_reader
#
gRegor I try to use my website itself as the feed, with microformats2 and use tools like /Granary to convert those into Atom feeds for people not on social readers yet
#
[tantek] Soni, to better ground these discussions, what's your personal site that you're looking to improve by building new things?
#
Soni https://soniex2.autistic.space/ ofc!
#
Soni we'd love to have an atom button you can actually use
#
[tantek] Soni++ awesome
#
Loqi Soni has 1 karma over the last year
#
gRegor How do you mean? Like it prompts to subscribe in a feed reader?
#
Soni maybe we can get there in our lifetime
#
gRegor I've used subtome.com for that in the past
#
Soni like it prompts for a domain name and treats it like a web-based feed reader
#
gRegor what is webaction
#
Loqi A web action is the interface and user experience of taking a specific discrete action, across the web, from one site to another site or application, like a cross-site follow button, or a reply button on a post, which when activated, allows you to reply using your own site instead of the site you are viewing https://indieweb.org/webaction
#
Soni :shrug:
#
Soni just give us /.well-known/protocol-handler?target=%s
#
Soni we'd also like to have proper search and share it with our friends
#
Soni (and only our friends)
#
[tantek] the idea is good, the method is bad. well-known--
#
Loqi well-known has -6 karma in this channel over the last year (-9 in all channels)
tei_ and [benatwork] joined the channel
#
Soni yeah we know y'all hate well-known but we have big plans with it that we can't talk about
#
Soni but hey, mastodon wants something like this, so we might aswell make it fit our needs
#
[tantek] it's not about hate. it's about fragility, non-portability, etc.
#
[tantek] .well-known is a technical & engineering dead-end
#
[tantek] if you need it for backward compat / interop, fine, create a service that implements it and then no one else has to bother. e.g. see the example of Bridgy Fed which deals with Mastodon's needs for .well-known so #indieweb sites don't have to.
#
[tantek] it's a waste of time & effort to build anything *new* on top of / inside of .well-known
#
[tantek] strongly recommend follow your nose discovery mechanisms instead
#
[tantek] what is follow your nose
#
Loqi 👃 follow your nose is an intentional principle for designing discovery algorithms that start with the specific URL you want to discover things about, retrieving headers or contents, and parsing for particular link rel values to URLs to the desired information, in contrast to the “well-known” approach of looking outside the specific URL, like using only its domain and a hardcoded path https://indieweb.org/follow_your_nose
#
Soni so we should shove it in dns then
#
[snarfed] jamesg++ for pinging SWICG! https://lists.w3.org/Archives/Public/public-swicg/2023Jun/0019.html
#
Loqi jamesg has 1 karma over the last year
#
[tantek] capjamesg++
#
Loqi capjamesg has 37 karma in this channel over the last year (110 in all channels)
#
[KevinMarks] grrr. today's yakshaving is `import` versus `require` in node. Because a package I use has switched to ESM I now need to change everything else to it too.
tei_ joined the channel
#
[KevinMarks] I think this is now tomorrow's yakshaving.
tei_, tei_1 and bkil joined the channel
#
[KevinMarks] Definitely at the point where I want to write code in something other than node for my next project
#
[tantek] capjamesg, I have expanded on some email POSSE brainstorming here based on existing practice, interested in your feedback! https://indieweb.org/email#POSSE_techniques
#
c​apjamesg Will review later today (Wednesday).
#
[KevinMarks] I think I want a language that is working with rather than against the idea of branching call graphs and completing them all. Maybe I need to read up on elixir
[jacky] joined the channel
#
[jacky] interesting project as I'm looking for means of protecting SSG sites https://github.com/netlify/gotrue
#
Loqi [preview] [netlify] gotrue: An SWT based API for managing users and issuing SWT tokens.
#
aaronpk what's an SWT?
tei_1 joined the channel