#social 2015-10-22

2015-10-22 UTC
nicolagreco, jasnell, kevinmarks, bblfish, aaronpk, JonathanC, the_frey, ShaneHudson, the_frey_, peacekeeper1, peacekeeper2, jaywink and tilgovi joined the channel
# 18:40 
jasnell https://github.com/jasnell/w3c-socialwg-activitystreams/pull/220
# 18:40 
jasnell cwebber2: ^^
# 18:41 
aaronpk "816 additions, 720 deletions not shown"
the_frey joined the channel
# 18:52 
cwebber2 jasnell: will look
the_frey joined the channel
# 19:32 
ben_thatmustbeme cwebber2: while i'm thinking of it (somewhat on a lack of sleep today) why do you have published and updated when an object is deleted?  why would you care?  http://w3c-social.github.io/activitypump/#h-delete-activity
# 19:33 
cwebber2 ben_thatmustbeme: good question!  tbh, I kind of hate this, and I have a direction I'd like to go to get rid of it, but let me explain the current logic.
# 19:33 
cwebber2 ben_thatmustbeme: if I get a notice from rhiaro saying "rhiaro favorited this image by ben_thatmustbeme of a kitten typing on a keyboard"
# 19:34 
cwebber2 that's great, right?  everyone loves kittens!
# 19:34 
cwebber2 but instead, what if it was this
# 19:35 
cwebber2 ben_thatmustbeme: I get a notice from rhiaro saying "rhiaro favorited this note by ben_thatmustbeme saying "I am against Godwin's Law because I support the Nazi party""
# 19:35 
cwebber2 wow!  did you really say that?  i'd better check, right?
# 19:35 
cwebber2 so my server should verify that you actually posted this
# 19:35 
cwebber2 all sorts of nodes might point to other nodes
# 19:36 
cwebber2 and so the document requires to avoid spooofing attacks
# 19:36 
cwebber2 that you verify that the other objects on other peoples' servers really came from them
# 19:36 
aaronpk whaaaat does that have to do with published and updated?
# 19:36 
cwebber2 aaronpk: I'm getting to it.
# 19:36 
cwebber2 this is a prereq for the current situation.
# 19:37 
cwebber2 also I never believe rhiaro or ben_thatmustbeme would ever do these things, other than the kitten one :)
# 19:37 
cwebber2 I was intentonally picking an example of something that clearly wouldn't have happened, and throwing in a godwin's law example, hope that's clear
# 19:37 
cwebber2 so
# 19:37 
aaronpk (this is why i like the microformats/webmention approach where we don't send notification text around and everything is always referenced by URLs)
# 19:37 
cwebber2 right
# 19:38 
cwebber2 well what if my thing points to your old activity, and it isn't there?
# 19:38 
cwebber2 and it was never there either
# 19:38 
ben_thatmustbeme then its treated as invalid
# 19:38 
ben_thatmustbeme if you liked something that never was there, it can just be dismissed
# 19:39 
aaronpk you can tell if something was there before based on whether the site returns 404 or 410 for the URL
# 19:39 
ben_thatmustbeme if you like something that is old and deleted.... its treated as invalid and can be dismissed
# 19:39 
ben_thatmustbeme as to the case you were getting to, i see where you are going, you can see when the post existed, that it changed at some point, things like that
# 19:40 
cwebber2 right, so, tsyesika can clarify on this better than I can
# 19:40 
cwebber2 but the validation step requires that things stick around permanently
# 19:40 
rhiaro_ I like the approach of just referencing things by URLs - if the receiver needs to verify it anyway, the sender doesn't need to ship the whole lot in the first place
# 19:40 
cwebber2 except that I *HATE* this approach.
# 19:40 
cwebber2 especially
# 19:40 
cwebber2 because it means that you can't implement transient communication in the spec
# 19:40 
cwebber2 a log that a communication occurred is around forever
# 19:40 
cwebber2 no plausible deniability
# 19:41 
ben_thatmustbeme but edited is basically pointless as you have to treat the non-authoritative data (godwin's law line) as possibly incorrect / false
# 19:41 
aaronpk if you don't like URLs, then you are basically creating a message passing platform that has nothign to do with the web, and can be accomplished with TCP and crypto signing
# 19:41 
ben_thatmustbeme cwebber2: there is nothing saying that you can't delete it after you have given it to the target or have some sort of handshake there
# 19:41 
aaronpk or just use jabber
# 19:41 
cwebber2 well I think crypto signing probably should be in there for the transient communication sake
# 19:41 
cwebber2 honestly, I think dereferencing nodes is better usually
# 19:41 
cwebber2 I do agree there.
# 19:42 
ben_thatmustbeme also, this would probably be a really GOOD thing for corporate social networking where they don't want plausible deniability as to what you said to someone at another company
# 19:42 
cwebber2 activitypump's predecessor, the pump api, has the option to support either dereferencing
# 19:42 
cwebber2 or including in line
# 19:42 
cwebber2 except
# 19:42 
cwebber2 it means that activities recursively bloat.
# 19:43 
ben_thatmustbeme there has to be some trust of the source if you don't derefence
# 19:43 
cwebber2 ben_thatmustbeme: that's true
# 19:43 
cwebber2 I think for server to server, it's necessary to dereference anyway, so maybe doing the recursive bloated approach is not so helpful anyhow
# 19:43 
cwebber2 client to server is different
# 19:44 
cwebber2 it makes sense to give the client a filled out payload with all that data for display purposes
# 19:44 
cwebber2 but you trust the server you're retrieving it form, so
# 19:44 
cwebber2 from
# 19:44 
cwebber2 anyway, this is an annoying part of the spec IMO
# 19:44 
cwebber2 ben_thatmustbeme: I'm open to removing the "keep a shell around" part
# 19:45 
cwebber2 but I think tsyesika and evan would need to be part of that conversation
# 19:45 
cwebber2 it's my least favorite part of the spec.
# 19:45 
cwebber2 ben_thatmustbeme: glad you're reading it and giving feedback though, that's great :)
# 19:48 
ben_thatmustbeme well depends on how you mean client to server.  client to your own server (how micropub works) you can trust because you have oauthed to your own server
# 19:48 
cwebber2 ben_thatmustbeme: right
# 19:48 
cwebber2 that's what I mean.
# 19:49 
ben_thatmustbeme if you are doing client to someone else's server you can only trust data it reports about its own data
# 19:50 
cwebber2 right.
# 19:50 
ben_thatmustbeme its things like this where i still say client - server and server to server are different things
# 19:50 
cwebber2 ben_thatmustbeme: sure
# 19:50 
ben_thatmustbeme there is certainly overlap
# 19:50 
cwebber2 ben_thatmustbeme: activitypump only specifies client to your own server
# 19:50 
cwebber2 for that reason
# 19:52 
ben_thatmustbeme okay, other question, as probably the one to use media the most (you as in mediagoblin... the royal you :P)  do you see the necessity of the mediaType property?
# 19:52 
ben_thatmustbeme seems to me like its better to fetch the content and assume that
# 19:53 
cwebber2 ben_thatmustbeme: I *absolutely* see the value of the mediaType property!  I think it's pretty critical for us being able to represent things properly.
# 19:53 
cwebber2 MediaGoblin gives different presentation displays depending on what kind of media is being shown
# 19:54 
ben_thatmustbeme but again, it could be given incorrectly
# 19:54 
cwebber2 a document PDF loads a totally different display than an audio display
# 19:54 
ben_thatmustbeme i'm talking server to server
# 19:54 
cwebber2 ben_thatmustbeme: sure, and that'd be the fault of the remote server
# 19:54 
cwebber2 anyway, yes, absolutely, I'm glad that property is there
# 19:55 
cwebber2 it fits well with MediaGoblin's design
# 19:56 
cwebber2 in this case, the worst thing that will happen is the remote media won't display right for the remote server's media
# 19:56 
cwebber2 which is too bad, they won't get to show off their stuff
peacekeeper1, the_frey, bblfish, nicolagreco, elf-pavlik and kevinmarks joined the channel
# 21:25 
aaronpk standards: https://medium.com/@ade3/the-zombie-mobile-b03932ac971d#.15kcnjt39
# 21:33 
cwebber2 aaronpk: heh :)
kevinmarks, bblfish, the_frey and the_frey_ joined the channel