#social 2017-01-20

2017-01-20 UTC
fabrixxm and lambadalambda joined the channel
# 11:05 
lambadalambda hello, quick question about activitypub.
# 11:06 
lambadalambda i read the current draft spec, but i don't understand what mechanism is supposed to replace salmons in the ostatus.
# 11:06 
lambadalambda the spec talks about signing, but i don't really understand in what cases an activity is supposed to be signed.
# 12:24 
csarven lambadalambda: cwebber will be up soon :)
fabrixxm joined the channel
# 14:31 
@csarven @fils @timrdf @pgroth @gklyne @soilandreyes @TomDeNies In case haven't across this yet, you might find https://www.w3.org/TR/ldn/ of interest (twitter.com/_/status/822450830829846529)
# 14:54 
cwebber hey lambadalambda
# 14:55 
cwebber lambadalambda: so two things to that.  the thing that replaces the server to server side of things with private communication is simply the servers posting to individual inboxes
# 14:55 
cwebber but
# 14:55 
cwebber where does the signing / cryptography come in?
# 14:55 
cwebber well, as for encryption... hopefully it's tls encrypted, but
# 14:55 
cwebber as for signing
# 14:56 
cwebber we *do* have an option for that
# 14:56 
cwebber unfortunately, it's not a "hard requirement" because the technology it suggests is very young
# 14:56 
cwebber and the rest of the group decided they didn't want signatures as a hard requirement
# 14:57 
cwebber personally I think signing is going to be pretty important tho
# 14:57 
cwebber https://www.w3.org/TR/activitypub/#authorization-lds here's the section on how to do it with Linked Data Signatures + signed HTTP messages
# 14:58 
cwebber lambadalambda: are you interested in implementing that? if so I'd be interested in testing our implementations against each other
# 15:04 
lambadalambda i am interested in implementing it
# 15:05 
lambadalambda but i'm a bit puzzled why the signing isn't a hard requirement
# 15:05 
lambadalambda how is a server supposed to verify that a post comes from the person it says it comes from?
# 15:05 
cwebber lambadalambda: because the group decided against making it a hard requirement in favor of dialing back and verifying that the content exists on the origin server
# 15:06 
cwebber which, if you're like "but what if it's a transient communication"
# 15:06 
cwebber you're absolutely right
# 15:06 
lambadalambda oh, that's how it works!
# 15:06 
lambadalambda you look it up on the origin server?
# 15:06 
cwebber lambadalambda: if you don't implement signatures, yes
# 15:06 
lambadalambda but that doesn't work with restricted content, right?
# 15:07 
lambadalambda if my post can only be read by user y on server b, if server b asks me if it exists, i shouldn't tell it.
# 15:09 
cwebber lambadalambda: in the OAuth mechanism, your server can give your credentials so they can have access to the restricted post
# 15:09 
cwebber but it's not as good as signatures IMO
# 15:09 
cwebber because it requires keeping the content around
# 15:09 
lambadalambda sounds complicated, signatures seem to be easier.
# 15:10 
cwebber I agree :)
# 15:10 
cwebber lambadalambda: so the mechanism is, in theory, there
# 15:10 
cwebber if you'd like to work with me on testing it out... :)
# 15:11 
lambadalambda i'm still working on ostatus support for my server, i wanted to add activitypub after that
# 15:11 
lambadalambda on the other hand, activitypub seems to be easier to implement....
# 15:12 
lambadalambda is your code publicly accesible so i can take a look at it?
# 15:13 
cwebber lambadalambda: yes but I don't have the signatures yet, and it needs more work in general... :)
# 15:16 
lambadalambda i'll have to read through the spec again, i'll get back to you once i actually have something going :)
# 15:16 
cwebber lambadalambda: I'm a bit embarassed about my implementation, but you can take a look at it
# 15:16 
cwebber it only barely federates so far
# 15:17 
cwebber i've been working on other infrastructure things
# 15:17 
cwebber so that it'll be easier to flesh it out
# 15:17 
cwebber https://gitlab.com/dustyweb/pubstrate
# 15:17 
cwebber lambadalambda: but, I should be fleshing things out more over the next month
# 15:17 
lambadalambda but i'm surprised that the signature system isn't specified more explicitly, seems pretty essential to me.
# 15:17 
cwebber so...
# 15:17 
lambadalambda cwebber thank you
# 15:17 
cwebber lambadalambda: again, I agree.
# 15:17 
cwebber lambadalambda: my hope in writing the LDS + HTTP signatures stuff is
# 15:18 
cwebber maybe we could get it good enough that this will become the default mechanism
# 15:18 
cwebber and if that happens, we could add some later document suggesting such
# 15:18 
cwebber but the tech it relies on is too young to do that now.
# 15:26 
lambadalambda it does sound like a sensible approach
# 15:30 
lambadalambda there isn't any special pubsub mechanism in activitypub, right?
# 15:30 
lambadalambda just the posting to users inboxes?
# 15:49 
cwebber lambadalambda: right, that minimal interface turns out to be able to get the whole job done
# 15:49 
lambadalambda i really like that aspect
# 15:50 
cwebber me too :)
timbl joined the channel
# 16:04 
lambadalambda are there any working activitypub clients already?
# 16:07 
rhiaro lambadalambda: hi, I have some AP clients but right now they're all broken. Catching up with fixing in the next week or so, stay tuned
# 16:07 
rhiaro Just, super simple content creation clients, not everything AP
# 16:08 
rhiaro working on small, modular pieces
# 16:08 
lambadalambda i'm just doing a GS like server, so something simple would be enough.
# 16:26 
rhiaro Here's a blog post from last year (wow that was a long time ago) very briefly describing a client, and it links to a post about the server portion of the protocol too https://rhiaro.co.uk/2016/05/minimal-activitypub
fabrixxm joined the channel