#[tantek]I expect there is a good chance of auto-cross-posting from IG to Threads becoming a thing and then when anyone can opt-in to syndicating out from Threads via ActivityPub...
#[tantek]IG -> Threads --ActivityPub--> OwnYourThreads --MicroPub--> your Micropub enabled IndieWeb server
#[tantek]^ as a way to eventually resurrect OwnYourGram, so don't ditch the domain just yet 🙂
#[snarfed][tantek] oh huh, good point, that should redirect to http://nature.com itself. that's how it works for traditional mf2-based BF profile URLs like that when you're logged out of the Mastodon instance. thx for the nudge, will look
#Loqiwebfinger has -6 karma in this channel over the last year (-8 in all channels)
#[snarfed]lol nah webfinger isn't involved, it's more of a Mastodon logged in vs logged out difference thing, plus maybe BF's fault for not including the url field
#[snarfed]but I get what you mean about handles at least
#[snarfed]the simplest proposal I could think of would be, a web site can link to its preferred/official bridged account with a <link rel=me type=application/ld+json> (or application/activity+json) on its home page. if other bridges see that rel-me link, they'd then stop bridging that web site
#[tantek]I think this is already a solved problem due to the method of getting a verified checkmark on Mastodon
#[tantek]i.e. if you're logged into indieweb.social, you should see a green checkmark next to "http://tantek.com" when you visit that indieweb social link above to my @-@.
#[tantek]that should be sufficient to indicate my preferred bridge. if a consuming bridge needs to conneg for application/activity+json etc., that should be up to them, not me to pollute my code with
#[tantek]another way to put it: I already have a link rel="me" to a bridge for an existing use-case, don't make me add a second link rel="me"
#gRegor[snarfed], Does the new domain@web.brid.gy search only work if signed in? I don't get any results searching for @gregorlove.com@web.brid.gy
#[snarfed]yeah Mastodon search only does actual remote lookup if you're logged into that Mastodon instance
#[snarfed][tantek] right! the catch is that those existing rel-me links don't currently indicate which network they're for, if any. ie if you're a bridge, and you fetch a homepage and see a bunch of rel-me links, you don't necessarily know if any of them are for the fediverse
#[snarfed]so incuding type=application/ld+json or typeapplication/activity+json in the rel-me link would indicate that
#gRegorMakes sense. So if someone searches that, they'll still end up getting my curated feed, right? The ones I federate by sending a wm.
#[tantek][snarfed] type attribute is a mismatch for indicating a bridge semantic. Much better would be rel=bridge and since rel is space separated, we can do rel="me bridge" on such links and should be sufficient for your de-dupe use case
#[snarfed]so when there are multiple bridges for a given network, and they want to de-dupe, like I mentioned. the web site indicates which bridge for that network it uses, somehow. the other bridges need to be able to fetch the web site's home page, determine that they _aren't_ its preferred bridge for that network, and stop bridging that site
#[tantek]Only the preferred bridge gets a rel-me link anyway right?
#[snarfed]right. but ideally bridges would be able to look at a site's rel-me links and determine whether _any_ of them is a bridge for a given network, without (conneg) fetching them all
#[snarfed]not to mention, conneg works for the fediverse, but might not for other networks
#[tantek]If a bridge is looking, it just needs to look for links to itself, either not find any (this not preferred), or not find any with rel=me, again, not preferred
#[snarfed]right, but it needs to know if the site _has chosen_ a preferred bridge or not
#[snarfed]if there are rel-me links but none are to a bridge, it can continue bridging
#[snarfed]if a rel-me link is to a bridge for the given network, only then would other bridges stop bridging
#[tantek]Yes absence of an explicit rel=bridge means it can keep bridging. But if there is one, and that bridge is not it, then don't
#[snarfed]right, that brings us back to my question of _which network_ earlier. there may be multiple bridges for different networks. so if you're a bluesky bridge, rel=bridge doesn't tell you if that bridge is for bluesky or the fediverse or something else
#[tantek]Maybe it doesn't matter? If the site has opted into a bridge but not yours, maybe better to not bridge and wait for them to opt in
#[tantek]That feels more polite to sites which have clearly taken a step to opt into at least one bridge
#[snarfed]esp for smaller networks like Nostr that many web sites may not even know exist
#[snarfed]it seems like an unpleasant surprise. say your site is currently getting bridged into multiple other networks, and people are happily following you on those, but as soon as you bless one bridge to one network, suddenly all of your followers in all other networks are cut off
#[tantek]I’m also a little reticent about auto-bridging sites into networks that sites may not know about, especially if there's a chance of undesired webmentions from another source like that
#[snarfed]yeah opt in vs opt out in general is a fair question, but I think mostly separate from this
#[snarfed]I definitely see the arguments on both sides. but it makes less sense to me to say, bridging is opt out, but as soon as you bless one bridge/network, it's suddenly opt in
#[tantek]Not that separate. There a big difference in a site has made no choice (legacy, or corp) and a site has made at least one bridging choice
#[snarfed]yeah. I need to write a post for this. it's pretty tied into evanp's big fedi, small fedi dichotomy
#[snarfed]if you think of other networks as others, ie othering, then yes
#[snarfed]but if you think of other networks as just broader federation, like these networks already do, then no
#[snarfed]right. I'm speaking to your "reticent about auto-bridging sites into networks that sites may not know about" earlier
#[0x3b0b]I think part of what's coloring my reaction to this conversation is that there are exactly two contexts in which I have previously come across the concept of a bridge that the _party being bridged_ doesn't know about and endorse. One of them is when I wish I could follow someone's Twitter account as an activitypub actor instead. The other is when I get signal boosts from people I follow of other people ranting indignantly about how such-and-such...
#[tantek]Remember how there was the concerns about abuse if all Threads accounts were auto-syndicate out to AP? That's what I’m talking about
#[0x3b0b]... bridge of their Twitter posts as an Activitypub feed is NOT them, is NOT endorsed, is IMPERSONATING them, and everybody get the torches and pitchforks. So the idea of a bridge that _you didn't set up_, but that is polite enough to notice you set one up for yourself and stop bridging you, took me a minute to wrap my head around.
#[snarfed]yeah Threads is a perfect example. there were those concerns, and yet we don't have those concerns about other fediverse instances
#[tantek]Yeah enabling impersonators is another concern
#[snarfed]pretty much all fediverse instances do opt-out federation, ie blocklist-based, not opt-in allowlist-based
#[tantek]Because the fedi instances that suffered shut down
#[tantek]We DO have those concerns about past fedi instances that were abused by other fedi instances due to this
#[snarfed]I think "impersonation" is overstating it. bridges are only posting things that person themself posted
#[tantek]Look at any fedi instance that is/was primarily a marginalized set of folks
#[snarfed]right. I've been talking with and working with a number of the fediverse T&S people about how to best handle and prevent these kinds of abuses and problems on a bridge
#[snarfed]I just think jumping straight to allowlist/opt-in federation over bridges is a huge sledgehammer that kills most of the benefits from the start
#[tantek]And it is biased against those that already get more abuse
#[tantek]We know "big fedi" killed a lot of marginalized fedi instances. We don't need to repeat that
#[snarfed]I like https://privacy.thenexus.today/free-fediverses-and-consent/ as a description of this. I'm not on board with the core idea, but what I do really like is that it's at least consistent about allowlist/opt in federation in applying it _to the fediverse itself_, not just to "othered" external networks
#[0x3b0b]Well-behaved bridges are only posting things that person posted. I think (possibly a small) part of the reason that some people are concerned about it is that if they let it go unchecked, it could slip in illegitimate messages.
#[snarfed]yeah that kind of assuming malice from the start...I dunno what to say about that
#[snarfed]just have to build track record of trust over time
#[tantek]It's not assuming. We have experience and evidence of this happening
#[snarfed]evidence of people running general purpose bridges and then injecting fabricated posts?!
#[tantek]No if marginalized instances getting abused into shutting down
#[snarfed]oh. sure, of course. I was replying to 0x3b0b
#[snarfed]anyway. I've been thinking about this a lot lately, and reached out to a number of fediverse trust & safety orgs and people. those conversations have been really productive so far
#[tantek]I had to deal with "bridges" of bots reposting my content in a broken way to Twitter and thus making me look bad
#[snarfed]and I need to very loudly keep telling people that I'm doing that, and want to try to prevent abuse, help with all this, etc
#[tantek]Even short of impersonation we know that random bridges can be harmful
#[snarfed]agreed! so I definitely need to do everything I can to help prevent that
#[snarfed]...but at this point I'm not quite on board with the idea that I'd have to make Bridgy Fed opt in
#[snarfed]since again, I think that would kill 99% of its value
#[tantek]There might be some middle ground where auto-BF defaults to an allow list of instance domains, and only opens full arbitrary following if the author opts in
#[tantek]80/20 rule, you'll easily get 80% of the value by handpicking 20% of instances that are allowed to follow
[jacky] joined the channel
#[snarfed]maybe. I'd really rather spend this time and effort helping with all of the native anti-abuse mechanisms on each platform, eg blocks/mutes in the fediverse and vouch in the indieweb, since those all automatically work with BF too
#[tantek]Or managing an allow list rather than making authors review and block ugly instances out there
#[snarfed](managing an instance allowlist would be just as much of a hamster wheel, maybe more so, since everyone will want to follow someone that's not on the initial allowlist)
#[tantek]Much less IMO if the experience of Dopplr is any indicator
#[tantek]Also the requirement to "ask permission" is a huge discouragement to a lot (most?) bad actors because it forces them to be vulnerable before they can attack
#[snarfed]there are 30k fediverse instances. I alone follow people on at least a few dozen of them, including a number of one- or few-person instances
#[snarfed]I get the allowlist proposal, and I definitely see how it prevents abuse. I think we're just prioritizing different sides of the prevent abuse vs prevent valid usage tradeoff, and maybe also in our estimations of how big each side is
#[0x3b0b]snarfed++ It seems to me that you are being wise and prudent in your proactive efforts to ensure that BF is a well-behaved instance of the things that it bridges, and it is thus unlikely to draw any more ire than any other instance, with the _small_ possible exception of some people not liking the idea that it makes it easier for their signal to be boosted beyond the boundaries they expected. But since in that case BF is probably _better_ behaved...
#[0x3b0b]... than the alternative...I don't think that's much of a worry.
#[snarfed]thanks for the vote of confidence 0x3b0b!
#[snarfed]ok, that ^ redirect issue looks oddly specific to indieweb.social. looking at a couple other instances, http://mas.to and mastodon.art, they don't have the same problem
#[0x3b0b]So could be an odd configuration, maybe a version difference (I didn't go look at the other servers' versions), maybe something weird in the actual webserver? ...before you commented on other instances not exhibiting the issue, I was wondering if either it might be special weird handling of the www, or something implicitly requiring the trailing slash in the url property of the AP actor.
#[0x3b0b]fe.disroot.org doesn't seem to redirect even if you aren't logged in, and my website doesn't even have an applicable endpoint. I had to add a redirect for my site from /@0x3b0b to / because some things apparently expected to be able to construct that endpoint as my profile location instead of respecting the webfinger response, but this doesn't seem to be related to that, because there's no @. Hmm.
#[0x3b0b]...conclusion: yeah, seems like indiweb.social is doing something weird...
#[0x3b0b]oh hey, it got all late and whatnot. Good luck with the thingy.
#Sonihow do you write hoedown flavored markdown, given that hoedown documentation assumes you're a) already familiar with markdown (we find it a questionable design choice but it isn't too hard to find a bunch of stuff on how to markdown) and b) don't care about using any of the extensions or else it'd document how to use them y'know?
#Sonianyway we have no idea what footnotes are but we know hoedown allegedly supports them?
#Soni(then again, we're not surprised, given the the name of the project and what it derives from)
#LoqiA footnote is a typographical convention predating the web for indicating more information is available about a word, phrase, or sentence by the use of an immediately adjacent superscript (usually a number), and the presentation of the same superscript followed by a note, often a citation, in the footer of the page, and sometimes used on the web instead of inline hyperlinks to reduce reader distraction https://indieweb.org/footnotes
#capjamesgrubenwardy It took me a few days to get around to it but I added an X-Cache-Status section to my NGINX post. Thank you!
#Sonihmm, footnotes don't seem like they're what we want...
geoffo joined the channel
#[snarfed]re Bridgy Fed bridging any web site now, one thing https://rss-parrot.net/ does that I like is use AS2 type Application instead of Person, so that its fediverse profiles have a big "Automated" label
#[tantek]oooh that's an interesting compromise and way to communicate if the bridge is more bot than not
#[snarfed]the next question, further down the road, will be whether/how to use that for users on other networks, eg Bluesky
#[snarfed]since BF's design for them doesn't yet have clear "opt in" steps like sending a webmention for web users
#[snarfed]not urgent though, can cross that bridge (ahem) when we come to it
[bjoern], barnaby, to2ds, vikanezrimaya, eb, srushe, capjamesg, alecjonathon, geoffo, ancarda, roxwize, gRegorLove_, [aciccarello], [Murray], wagle, benji- and [Joe_Crawford] joined the channel
#[snarfed]...a web site with a <link rel="alternate" type="application/atom+xml">, pointing to a URL with path /atom.xml, that serves Content-Type: application/xml...but the body is RSS 🤦♂️
#[snarfed]the cherry on top is that the top level element is <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">. what does that even mean?! 😆
#[tantek][snarfed] that sounds like a polyglot challenge 😂
to2ds, lazcorp, benji, barnaby and [capjamesg] joined the channel
#[capjamesg][Jo] How did you calculate coordinates for your image map?
#LoqiIt looks like we don't have a page for "image map" yet. Would you like to create it? (Or just say "image map is ____", a sentence describing the term)
#[tantek]gRegor lol, that would make a good April 1 MIME type registration "application/rss+atom+xml"
#[tantek]with XML you can include multiple namespaces in the same file and processors are supposed to ignore tags they don't understand
#[tantek]I web searched for RSS Atom polyglot and didn't find any obvious results of someone doing this before
#[tantek]long time ago I built HTML+JS polyglots for the lulz (and make it so double-clicking the .js file would render it as HTML, for richly documented source code)
#lazcorp[capjamesg] - if you create an Image Map then I'll see if I can replicate it with CSS Shapes
#lazcorp(I have no idea if that's possible, but it's my favourite way to learn these things)
#[Joe_Crawford](apologies for the obnoxious google ads on this page). But Server Side Image Maps still work - and work on my site whose webserver is Apache https://lab.artlung.com/server-side-image-map/
#[Joe_Crawford]The 4 digits server side and client side in an image may are upper left corner of the image, bottom right corner of the map. For a rectangle. But other shapes are supported as well.
lazcorp joined the channel
#lazcorpre. w3fools - I cannot, CANNOT, work out why anyone ever imagined this as an example of :after
#[tantek]for a while I think I was pondering doing this as a (semi-)formal "Atom 2.0" spec, rewritten from scratch to document actual Atom+RSS interop (like HTML5 was rewritten to document actual HTML interop)
#[tantek]capjamesg, the image at the top of this post is a good use-case for an image map: https://ma.tt/2023/12/the-bag-post/ (though it doesn't have an image map, the unlinked numbers on each thing demonstrate an obvious need for one so you can click instead of having to scan)
#capjamesgI can’t figure out how to make the map scale.
#lazcorp[capjamesg] i _think_ that the coords need to be expressed in px (I don't think there's support for any other unit), so to be able to plot the coords you'd need a known/fixed image size