[tantek]I expect there is a good chance of auto-cross-posting from IG to Threads becoming a thing and then when anyone can opt-in to syndicating out from Threads via ActivityPub...
[snarfed][tantek] oh huh, good point, that should redirect to http://nature.com itself. that's how it works for traditional mf2-based BF profile URLs like that when you're logged out of the Mastodon instance. thx for the nudge, will look
[snarfed]lol nah webfinger isn't involved, it's more of a Mastodon logged in vs logged out difference thing, plus maybe BF's fault for not including the url field
[snarfed]the simplest proposal I could think of would be, a web site can link to its preferred/official bridged account with a <link rel=me type=application/ld+json> (or application/activity+json) on its home page. if other bridges see that rel-me link, they'd then stop bridging that web site
[tantek]i.e. if you're logged into indieweb.social, you should see a green checkmark next to "http://tantek.com" when you visit that indieweb social link above to my @-@.
[tantek]that should be sufficient to indicate my preferred bridge. if a consuming bridge needs to conneg for application/activity+json etc., that should be up to them, not me to pollute my code with
[snarfed][tantek] right! the catch is that those existing rel-me links don't currently indicate which network they're for, if any. ie if you're a bridge, and you fetch a homepage and see a bunch of rel-me links, you don't necessarily know if any of them are for the fediverse
[tantek][snarfed] type attribute is a mismatch for indicating a bridge semantic. Much better would be rel=bridge and since rel is space separated, we can do rel="me bridge" on such links and should be sufficient for your de-dupe use case
[snarfed]so when there are multiple bridges for a given network, and they want to de-dupe, like I mentioned. the web site indicates which bridge for that network it uses, somehow. the other bridges need to be able to fetch the web site's home page, determine that they _aren't_ its preferred bridge for that network, and stop bridging that site
[snarfed]right. but ideally bridges would be able to look at a site's rel-me links and determine whether _any_ of them is a bridge for a given network, without (conneg) fetching them all
[tantek]If a bridge is looking, it just needs to look for links to itself, either not find any (this not preferred), or not find any with rel=me, again, not preferred
[snarfed]right, that brings us back to my question of _which network_ earlier. there may be multiple bridges for different networks. so if you're a bluesky bridge, rel=bridge doesn't tell you if that bridge is for bluesky or the fediverse or something else
[snarfed]it seems like an unpleasant surprise. say your site is currently getting bridged into multiple other networks, and people are happily following you on those, but as soon as you bless one bridge to one network, suddenly all of your followers in all other networks are cut off
[tantek]I’m also a little reticent about auto-bridging sites into networks that sites may not know about, especially if there's a chance of undesired webmentions from another source like that
[snarfed]I definitely see the arguments on both sides. but it makes less sense to me to say, bridging is opt out, but as soon as you bless one bridge/network, it's suddenly opt in
[0x3b0b]I think part of what's coloring my reaction to this conversation is that there are exactly two contexts in which I have previously come across the concept of a bridge that the _party being bridged_ doesn't know about and endorse. One of them is when I wish I could follow someone's Twitter account as an activitypub actor instead. The other is when I get signal boosts from people I follow of other people ranting indignantly about how such-and-such...
[0x3b0b]... bridge of their Twitter posts as an Activitypub feed is NOT them, is NOT endorsed, is IMPERSONATING them, and everybody get the torches and pitchforks. So the idea of a bridge that _you didn't set up_, but that is polite enough to notice you set one up for yourself and stop bridging you, took me a minute to wrap my head around.
[snarfed]right. I've been talking with and working with a number of the fediverse T&S people about how to best handle and prevent these kinds of abuses and problems on a bridge
[snarfed]I just think jumping straight to allowlist/opt-in federation over bridges is a huge sledgehammer that kills most of the benefits from the start
[snarfed]I like https://privacy.thenexus.today/free-fediverses-and-consent/ as a description of this. I'm not on board with the core idea, but what I do really like is that it's at least consistent about allowlist/opt in federation in applying it _to the fediverse itself_, not just to "othered" external networks
[0x3b0b]Well-behaved bridges are only posting things that person posted. I think (possibly a small) part of the reason that some people are concerned about it is that if they let it go unchecked, it could slip in illegitimate messages.
[snarfed]anyway. I've been thinking about this a lot lately, and reached out to a number of fediverse trust & safety orgs and people. those conversations have been really productive so far
[tantek]There might be some middle ground where auto-BF defaults to an allow list of instance domains, and only opens full arbitrary following if the author opts in
[snarfed]maybe. I'd really rather spend this time and effort helping with all of the native anti-abuse mechanisms on each platform, eg blocks/mutes in the fediverse and vouch in the indieweb, since those all automatically work with BF too
[snarfed](managing an instance allowlist would be just as much of a hamster wheel, maybe more so, since everyone will want to follow someone that's not on the initial allowlist)
[tantek]Also the requirement to "ask permission" is a huge discouragement to a lot (most?) bad actors because it forces them to be vulnerable before they can attack
[snarfed]I get the allowlist proposal, and I definitely see how it prevents abuse. I think we're just prioritizing different sides of the prevent abuse vs prevent valid usage tradeoff, and maybe also in our estimations of how big each side is
[0x3b0b]snarfed++ It seems to me that you are being wise and prudent in your proactive efforts to ensure that BF is a well-behaved instance of the things that it bridges, and it is thus unlikely to draw any more ire than any other instance, with the _small_ possible exception of some people not liking the idea that it makes it easier for their signal to be boosted beyond the boundaries they expected. But since in that case BF is probably _better_ behaved...
[snarfed]ok, that ^ redirect issue looks oddly specific to indieweb.social. looking at a couple other instances, http://mas.to and mastodon.art, they don't have the same problem
[0x3b0b]So could be an odd configuration, maybe a version difference (I didn't go look at the other servers' versions), maybe something weird in the actual webserver? ...before you commented on other instances not exhibiting the issue, I was wondering if either it might be special weird handling of the www, or something implicitly requiring the trailing slash in the url property of the AP actor.
[0x3b0b]fe.disroot.org doesn't seem to redirect even if you aren't logged in, and my website doesn't even have an applicable endpoint. I had to add a redirect for my site from /@0x3b0b to / because some things apparently expected to be able to construct that endpoint as my profile location instead of respecting the webfinger response, but this doesn't seem to be related to that, because there's no @. Hmm.
Sonihow do you write hoedown flavored markdown, given that hoedown documentation assumes you're a) already familiar with markdown (we find it a questionable design choice but it isn't too hard to find a bunch of stuff on how to markdown) and b) don't care about using any of the extensions or else it'd document how to use them y'know?
LoqiA footnote is a typographical convention predating the web for indicating more information is available about a word, phrase, or sentence by the use of an immediately adjacent superscript (usually a number), and the presentation of the same superscript followed by a note, often a citation, in the footer of the page, and sometimes used on the web instead of inline hyperlinks to reduce reader distraction https://indieweb.org/footnotes
[snarfed]re Bridgy Fed bridging any web site now, one thing https://rss-parrot.net/ does that I like is use AS2 type Application instead of Person, so that its fediverse profiles have a big "Automated" label
[snarfed]...a web site with a <link rel="alternate" type="application/atom+xml">, pointing to a URL with path /atom.xml, that serves Content-Type: application/xml...but the body is RSS 🤦♂️
LoqiIt looks like we don't have a page for "image map" yet. Would you like to create it? (Or just say "image map is ____", a sentence describing the term)
[tantek]long time ago I built HTML+JS polyglots for the lulz (and make it so double-clicking the .js file would render it as HTML, for richly documented source code)
[Joe_Crawford](apologies for the obnoxious google ads on this page). But Server Side Image Maps still work - and work on my site whose webserver is Apache https://lab.artlung.com/server-side-image-map/
[Joe_Crawford]The 4 digits server side and client side in an image may are upper left corner of the image, bottom right corner of the map. For a rectangle. But other shapes are supported as well.
[tantek]for a while I think I was pondering doing this as a (semi-)formal "Atom 2.0" spec, rewritten from scratch to document actual Atom+RSS interop (like HTML5 was rewritten to document actual HTML interop)
[tantek]capjamesg, the image at the top of this post is a good use-case for an image map: https://ma.tt/2023/12/the-bag-post/ (though it doesn't have an image map, the unlinked numbers on each thing demonstrate an obvious need for one so you can click instead of having to scan)
lazcorp[capjamesg] i _think_ that the coords need to be expressed in px (I don't think there's support for any other unit), so to be able to plot the coords you'd need a known/fixed image size
[tantek] [snarfed] I tried https://indieweb.social/@nature.com@web.brid.gy and it redirected me to https://web.brid.gy/nature.com which displayed what looks like AS2 JSON, perhaps not the most user friendly experience
[snarfed] [tantek] oh huh, good point, that should redirect to http://nature.com itself. that's how it works for traditional mf2-based BF profile URLs like that when you're logged out of the Mastodon instance. thx for the nudge, will look
[0x3b0b] I think part of what's coloring my reaction to this conversation is that there are exactly two contexts in which I have previously come across the concept of a bridge that the _party being bridged_ doesn't know about and endorse. One of them is when I wish I could follow someone's Twitter account as an activitypub actor instead. The other is when I get signal boosts from people I follow of other people ranting indignantly about how such-and-such...
Loqi A footnote is a typographical convention predating the web for indicating more information is available about a word, phrase, or sentence by the use of an immediately adjacent superscript (usually a number), and the presentation of the same superscript followed by a note, often a citation, in the footer of the page, and sometimes used on the web instead of inline hyperlinks to reduce reader distraction https://indieweb.org/footnotes
[capjamesg] [Jo] How did you calculate coordinates for your image map?
lazcorp [capjamessg] - some basic info about working out the coordinates in image maps at https://www.w3schools.com/html/html_images_imagemap.asp
gRegor supposedly w3schools got better, but I still prefer mdn. https://www.w3fools.com/