#social 2017-06-02

2017-06-02 UTC
#
saranix I actually don't think it's as complicated as you guys are making it out to be. As you say, the current way people do it often times is they will just tell certain people about the account switch. This can be digitized in the form of a private message of a certain type ("hey, you can find me here now, [sig from old accout key]"-- then parties receiving that message can go through all of their old communications and update old urls to the new location [CUT]
#
saranix parties==bots
#
saranix in case that wasn't clear
#
saranix I thought diaspora was already planning to add such a message. Zot can do it by abusing the "clone" feature, but it isn't fully impl in hubzilla as a seamless ux yet.
#
saranix for a broader interop spec, it a useful thing would be a list of url translations (regex?) so that e.g. note, photo, etc. links could be properly updated with each of their various impl specific schemes
#
saranix !tell tantek I was wondering what were the reasons that W3 started switching to github 'issues' and what are they 'switching' from?
#
Loqi Ok, I'll tell them that when I see them next
#
astronouth7303 i still think that federated identity (being able to group together many agent URLs as the same entity) handles this kind of thing well, as well as a bunch of other use cases
ben_thatmustbeme and tcit joined the channel
#
ajordan cwebber2: correct me if I'm wrong but isn't AP supposed to be *super* cozy with LDN? so that LDN clients can interoperate with AP stuff?
#
ajordan or is that *just* JSON-LD?
#
ajordan saranix: re: mailing list problems. the problem is not "searchability" per se, more filtering
#
ajordan e.g. in a mailing list, how can I say, "show me all threads with issues that are still under discussion"?
#
ajordan how can I say (using an example in the context of SocialWG), "show me all threads discussing issues where we decided to punt and revisit this in the SocialCG"?
#
ajordan both of these are trivially accomplished with issue trackers (the former with open/closed states, the latter with labels) but difficult in mailing lists
#
ajordan rhiaro, csarven, others: congrats!! \o/ that's amazing
#
ajordan cwebber2: nvm, looks like you answered that later :P
#
ajordan re: mutation, one way to solve this (in a way that could maybe be finangled into working with a CAS system?) would be to treat every bit of data as an append-only transaction log
#
ajordan e.g. if I designed git from scratch with the deadname usecase in mind
#
ajordan (something which I am now annoyed about, though not really in an important way, because I'm starting to have people refer to me by the nickname 'AJ')
#
ajordan I'd design the system to have the same type of commit graph, but the author metadata in commits would be a pointer to a separate graph which would track *only* updates to names
#
ajordan everything's still strictly speaking immutable, but you can change author names now
#
ajordan likewise in AP currently an edited post is represented by a mutation in the original AS2 Object but semantically you can represent the exact same data as a combination of the original Create activity plus the Update activity that mutated the Object
#
ajordan I feel like there *must* be a way to make that work in a content-addressible storage system, but I don't feel like thinking about it because it's 2 AM and I'm about to go to bed :P
#
ajordan ben_thatmustbeme: something we discussed on the SocialCG call was that while DM'ing people/posting a notice works for people, it breaks machine-readable interop in a big big way. which is unfortunate since first-class interop/machine-friendliness is one of the reasons the stuff we're working on is so much better than silos (IMO at least)
#
ajordan oops
#
ajordan wall of text'd again :O
timbl joined the channel
#
RRSAgent excuses himself; his presence no longer seems to be needed
#
ben_thatmustbeme ajordan: there is a difference between machine readable and automatic action. Nothing prevents a special post or message type that is a (I migrated my account, my old/new one was/is X) but I think that must be user moderated. A user manually seems it, and a receiving user manually approves it. Having some move of all data to a new account location and redirect all old accounts, etc, is a hugely more ambitious goal.
#
ben_thatmustbeme Maybe a simple flag that you can set on a user account that has a link to the new account is all that you really need.
#
ben_thatmustbeme I find a post and the system can look up the use and sees, oh, hey, new user URL is X.... UI can do whatever with that
#
ben_thatmustbeme I'm a big believer in solve the simplest solution first and then see if thats actually all you need
jankusanagi_ joined the channel
#
cwebber2 annando answered what I was looking for https://github.com/swicg/general/issues/1#issuecomment-305746256
#
Loqi [annando] @cwebber Friendica uses a special method to create a unique guid: https://github.com/friendica/friendica/blob/develop/boot.php#L799-L816 Means: The first few bytes are the CRC32 hash of the hostname. This is followed by characters that are created...
#
cwebber2 they encode the hash of the hostname into the guid to avoid the kind of attacks I was concerned about
#
aaronpk that sounds like that avoids unintentional conflicts, but does that really prevent intentional conflicts?
#
aaronpk unless that guid encoding is specced somewhere and is verified by everyone, i don't think it solves the problem you pointed out
#
cwebber2 aaronpk: it probably makes them less likely, but I haven't looked at how easy it is to generate a conflict
#
aaronpk what's stopping me from publishing a guid with the first few bytes of someone else's CRC32
#
cwebber2 aaronpk: hm, good point
#
astronouth7303 you can verify if someone is the originator, and could (with sufficient computation) reverse it to a pile of potential originators
#
aaronpk my point is if that crc32 hash thing isn't part of the spec then the problem isn't really solved at all
#
aaronpk and if it is part of the spec, you might as well be using a full URL as an ID anyway
#
ben_thatmustbeme fullurl++
#
Loqi fullurl has 1 karma
#
ben_thatmustbeme the problem is that right now you have authoritative and non-authoritative in the same space
#
ben_thatmustbeme with using the full URL that is
#
cwebber2 note that friendica does include signatures though
#
cwebber2 so I guess if you have the actor's key ahead of time
#
cwebber2 you can still verify
#
cwebber2 that it came from them
#
aaronpk that doesn't solve the ID problem
#
astronouth7303 so you'd need a domain with a CRC32 collision in order to spoof the ID
#
astronouth7303 (not hard, but can't use an arbitrary domain)
#
aaronpk did anyone confirm that the software actually verifies the CRC32?
#
aaronpk from my reading of that comment, the crc32 is only used when generating the guid
#
astronouth7303 even if it does, CRC32 is pretty far down the collision-difficulty tree
#
astronouth7303 i'd rank it pretty far down MD5 or even MD4
#
aaronpk down == easier to create a collision?
#
astronouth7303 yeah
#
astronouth7303 even if you brute-force it, it's fast and simple
#
astronouth7303 and if you wanted to apply intelligence, it's trivial
#
aaronpk yeah that's kind of why i suspect the intent of this hash was not cryptographic verification
#
astronouth7303 it's more like a shard key for the id space
#
aaronpk yeah
#
aaronpk which means treating it with the same security considerations you would a sharding key
#
astronouth7303 security: none
#
astronouth7303 helps prevent collisions in a massively-parallel system, but doesn't provide significant security
#
aaronpk right
#
aaronpk these kinds of architectural decisions point to a monoculture thinking
#
astronouth7303 ok, there's only like 8 public servers? At this point, any collisions are most likely malicious
#
astronouth7303 (birthday problem of 8 people into 2^32 birthdays)
timbl joined the channel
#
cwebber2 aaronpk: regarding monoculture, friendica/zot are like the only ones who have implemented like every protocol... so while I think this id thing seems like a bug in the protocol (and maybe a serious one), they're also probably some of the champions of the federation world in breaking down monocultures by implementing protocols
#
aaronpk fair enough
#
saranix zot++
#
Loqi zot has 1 karma
#
jaywink astronouth7303: now I'm super interested on how did you end up with "like 8 public servers"?
#
jaywink nice bashing going on but "like" zero understanding ;)
#
jaywink I suggest reading the diaspora protocol spec (which is basically what friendica does) if you're interested in how security works. it might not be the clearest but the details are there, in the signatures section: https://diaspora.github.io/diaspora_federation/
#
jaywink regarding the "reserving a guid from another node" problem - that is real for sure, the answer from annando doesn't change that
#
astronouth7303 https://dir.friendica.social/servers
#
jaywink but at no point can a person hijack another persons post
#
jaywink that is just bullshit and means you don't understand what is going on
#
jaywink https://the-federation.info/ lists 54 active friendica servers and I know for a fact it's more hundreds since not all have the diaspora plugin active
#
jaywink (since the-federation.info is interested only on diaspora protocol using friendica servers)
#
jaywink maybe ask annando, he will know better as core dev
#
jaywink not sure what that friendica.social site is. the real home page is friendi.ca
#
astronouth7303 linked from http://friendi.ca/find-a-server/
#
Loqi Find a server
#
jaywink well it does say "recommending" - not "all"
#
aaronpk jaywink: did you see the original problem cwebber2 described?
#
jaywink yes, I'm in that discussion. the problem was what I mentioned above - reserving a guid on a node which doesn't know about that guid yet
#
aaronpk right, i don't see how the crc32 thing solves that
#
jaywink neither do I - it doesn't ;)
#
aaronpk aha okay :)
#
jaywink (well, not to my knowledge, can't see how it could)
#
nightpool yeah the crc32 thing doesn't solve that
#
nightpool My understanding is that it also allows you to spoof references
#
nightpool So like, if a post referenced another post in some way, it would do it by guid
#
nightpool and an attacker had gotten to that guid first, well.....
#
jaywink hmmm so you mean server A posts to server B but attacker server C posts it to server D using their own signing, someone would later maybe deliver something like a comment to server B referencing post by server A but it would end up under the post of server C? thats seems... not sure on what checks the servers do, whether or not the comment would be rejected or accepted
#
nightpool That's a little complex, but yeah
#
nightpool Say I have a quote-post, like on twitter
#
nightpool So I make post B, which quotes post A and says "right on!"
#
nightpool That post gets federated to server 1
#
nightpool But a clever attacker, who already had seen post A and was like "wow, I bet a bunch of people are going to agree with this post"
#
nightpool Created post A' with the same guid, and spread it around to all of the servers they knew about
#
nightpool so when post B arrives, server 1 is like "oh, I already know post A, so I don't have to look it up"
#
nightpool and displays post B with A' embedded, instead of A.
#
jaywink at least diaspora protocol requires also "root_author" in the reshare, so in this case, I'm not sure what kind of checks are related to that - the docs don't mention that. I'll ask. Also friendica might do things differently. Good point.
#
jaywink nightpool++
#
Loqi nightpool has 5 karma
#
nightpool anyway, this is people like URLs :D they come with authority and verification already solved
#
jaywink I talked about diaspora protocol and it seems for comments/likes that kind of thing will not be possible. The reason is that according to the spec (my complex example) server D would only accept comments to server C's post from server C - since comments/likes always come from the originating server (by relaying). now relating to reshare (quote example), they'll make sure sufficient checks are in place
#
cwebber2 nightpool: more or less you're describing the kind of scenario I was concerned about
#
cwebber2 (also I was *NOT* meaning to hate on Friendica by exploring this! I was trying to find out if it was a problem or not by my understanding.)
#
jaywink I'll notify annando too, to check friendica side ?