#social 2017-06-20

2017-06-20 UTC
jankusanagi_, ajordan and JanKusanagi joined the channel
#
ajordan aaronpk: I'm shocked you're not giving an IWC-related talk at Open Source Bridge this year
#
aaronpk Me too. I'm on the backup list if someone cancels but it looks like probably not
#
ajordan aaronpk: ahhhh, gotcha
#
ajordan lol. I figured it had to be something like that
#
ajordan you could give (something like) it Friday too
#
ajordan on a related note
#
ajordan adds himself to regrets tomorrow
KevinMarks joined the channel
#
ajordan aaronpk: I'm curious how many years you've been giving those?
#
aaronpk A while! https://indieweb.org/User:Aaronparecki.com#related_talks
#
ajordan wow, nice!
#
ajordan will you be at the conference tomorrow then?
#
Loqi Strugee made 1 edit to [[Socialwg/2017-06-20]] https://www.w3.org/wiki/index.php?diff=103274&oldid=103214
#
aaronpk Nope, I get back to PDX late Wednesday night
#
ajordan aaronpk: gotcha. travel safe! hopefully I'll see you later in the week then
bwn, KevinMarks, jankusanagi_ and timbl joined the channel
#
rhiaro Got distracted buying chocolate, might be 5 mins late
#
sandro okay, if you share
#
ben_thatmustbeme is sick and going to avoid talking, but will join call and listen
#
ben_thatmustbeme throat is really rough, easier to not talk
eprodrom joined the channel
#
sandro trackbot, start meeting
#
trackbot is preparing a teleconference.
#
RRSAgent logging to http://www.w3.org/2017/06/20-social-irc
RRSAgent joined the channel
#
trackbot RRSAgent, make logs public
#
RRSAgent I have made the request, trackbot
Zakim joined the channel
#
trackbot Zakim, this will be SOCL
#
Zakim ok, trackbot
#
trackbot Meeting: Social Web Working Group Teleconference
#
trackbot Date: 20 June 2017
#
eprodrom present+
#
ben_thatmustbeme present+
#
sandro cwebber2 ? aaronpk ?
#
sandro present+
#
ben_thatmustbeme i am on, just as i said, through hurts
#
ben_thatmustbeme no problem
#
eprodrom We'll wait for people to join until 5 min past the hour
#
ben_thatmustbeme is on the app, so i can confirm its just the 3 of us right now
#
ben_thatmustbeme its not really worth it
#
ben_thatmustbeme I do it from the web
#
ben_thatmustbeme under firefox i never have an issue
#
cwebber2 hi
#
cwebber2 I'm dialing
#
cwebber2 in
#
ben_thatmustbeme yes, on linux
#
ben_thatmustbeme it used to let you rename the callers, which was helpful when i was learning names
#
ben_thatmustbeme the web app doesn't let you do that any more
#
ben_thatmustbeme hah
#
cwebber2 I could scribe during the non-AP parts
#
ben_thatmustbeme defaultscribenick:ben_thatmustbeme
#
ben_thatmustbeme yeah, i noticed that sandro
#
ben_thatmustbeme :/
#
cwebber2 :)
#
ben_thatmustbeme yes
#
cwebber2 can hear you
#
cwebber2 present+
#
ben_thatmustbeme scribenick: ben_thatmustbeme
#
ben_thatmustbeme eprodrom: we have 4 on the call, its enough to have a call, but I don't want to do binding resolutions
#
ben_thatmustbeme .. cwebber2 are you in need of any?
#
ben_thatmustbeme cwebber2: its okay to not have a resolution, just need group input
#
ben_thatmustbeme eprodrom: i'd be ok with doing things like closing issues, i think thats fine
#
ben_thatmustbeme is already scribing
#
cwebber2 THANK YOU ben_thatmustbeme
#
ben_thatmustbeme TOPIC: review of minutes from last week
#
eprodrom PROPOSAL accept https://www.w3.org/wiki/Socialwg/2017-06-13-minutes as minutes for 13 Jun 2017 meeting
#
rhiaro present+
#
cwebber2 oh yay rhiaro
#
eprodrom PROPOSED: accept https://www.w3.org/wiki/Socialwg/2017-06-13-minutes as minutes for 13 Jun 2017 meeting
#
cwebber2 I thought we weren't doing binding resolutions ;)
#
cwebber2 jk jk
#
ben_thatmustbeme hehehe meme in minutes yay!
#
cwebber2 +1
#
ben_thatmustbeme +1
#
Loqi woot
#
eprodrom +1
#
sandro +1
#
eprodrom RESOLVED: accept https://www.w3.org/wiki/Socialwg/2017-06-13-minutes as minutes for 13 Jun 2017 meeting
#
ben_thatmustbeme TOPIC: confirm next telcon
#
ben_thatmustbeme eprodrom: we are moving in to the summer months, so i'd like to have a meeting on the 27th, and then discuss if we are going to have an abbreviated schedule after that
#
sandro +1 meeting on 27t
#
cwebber2 +1
#
ben_thatmustbeme <ben_thatmustbeme>+1
#
ben_thatmustbeme eprodrom: then I as chair, unilaterally say we are having a meeting next week
#
ben_thatmustbeme i think i owe tantek one, so I may chair that too
#
ben_thatmustbeme TOPIC: extension update
#
ben_thatmustbeme sandro: what i can say is that voting period ended friday, we don't know the official answer yet
#
ben_thatmustbeme sandro: we should find out tomorrow
#
ben_thatmustbeme eprodrom: well i'm glad that we are meeting next week then
#
ben_thatmustbeme TOPIC: activitypub
#
ben_thatmustbeme cwebber2: my estimate last week was that we would have the test suite up 2 weeks from then, and i hink i'm on track for that. We have a number of new issues i'd like to discuss, they partly came up from mastodon being very active on their implementation right now
#
cwebber2 https://github.com/w3c/activitypub/issues/233
#
Loqi [cwebber] #233 Move "do not overload" and "don't trust submitted content" to Security Considerations?
#
ben_thatmustbeme ... we also have another implementation in progress by puckipedia, a dotnet implementation
#
ben_thatmustbeme ... first lets look at issue 233
#
ben_thatmustbeme ... there are 2 parts, they are SHOULD so they should be in the test suite, but they are hard to test, but the feel like they should be part of the security consideration section things
#
ben_thatmustbeme eprodrom: for me the second one is clearly a security consideration
#
ben_thatmustbeme ... trusting client submitted content is an interesting way to get to it, but ...
#
ben_thatmustbeme cwebber2: yeah, the server should definitely should verify the embedded object
#
ben_thatmustbeme eprodrom: if cwebber2 submits "cwebber likes eprodrom's photo" that should be checked, but if its his own photo, thats probably okay
#
ben_thatmustbeme ... there is a balance to be struck there
#
ben_thatmustbeme ... but existance is definitely an issue
#
ben_thatmustbeme sandro: what about the date field?
#
ben_thatmustbeme eprodrom: thats an interesting one, we do a bunch of things like that in pump.io
#
ben_thatmustbeme q+
#
Zakim sees ben_thatmustbeme on the speaker queue
#
ben_thatmustbeme sandro: there is an issue on mastodon about bulk uploading posts
#
ben_thatmustbeme if they do that, then they are backdating things, so are they falsly claiming published date?
#
ben_thatmustbeme cwebber2: you could have an updated field, but i don't think that reflects the real meaning
#
ben_thatmustbeme eprodrom: in status.net and pump.io you mark it as a share.
#
rhiaro q+
#
Zakim sees ben_thatmustbeme, rhiaro on the speaker queue
#
cwebber2 q+
#
Zakim sees ben_thatmustbeme, rhiaro, cwebber on the speaker queue
#
eprodrom ack ben_thatmustbeme
#
Zakim sees rhiaro, cwebber on the speaker queue
#
ben_thatmustbeme <ben_thatmustbeme> getting back to what cwebber2 asked...
#
ben_thatmustbeme ... the first thing is not really testable
#
ben_thatmustbeme the second i feel, while security questions, is VERY testable
#
ben_thatmustbeme and i would argue should be tested
#
ben_thatmustbeme done
#
rhiaro q-
#
Zakim sees cwebber on the speaker queue
#
ben_thatmustbeme eprodrom: there is a lot in there that could be tested
#
eprodrom ack cwebber
#
Zakim sees no one on the speaker queue
#
ben_thatmustbeme ... do you accept something with an actor that is not the authenticated person
#
ben_thatmustbeme cwebber2: the second can be tested to some degree, maybe we should enumerate some ways in which it should be tested
#
ben_thatmustbeme <ben_thatmustbeme> even just a few tests is fine
#
rhiaro q+
#
Zakim sees rhiaro on the speaker queue
#
ben_thatmustbeme cwebber2: it might be some things where it intentionally does leaves parts out and replaces it with its own data
#
ben_thatmustbeme ... i agree we could certainly do some tests
#
ben_thatmustbeme as to the exponential backoff is it security of is it just a note in the doc?
#
ben_thatmustbeme eprodrom: is there some other doc we could just reference?
#
ben_thatmustbeme sandro: the security consideration is that most restful apis force backoff
#
ben_thatmustbeme cwebber2: you can only force it to some degree, you could reject the requests, but you can still get ddos'ed
#
ben_thatmustbeme sandro: you should be able to handle a single dos though
#
ben_thatmustbeme ... i think there is an appropriate security consideration here though
#
rhiaro q?
#
Zakim sees rhiaro on the speaker queue
#
eprodrom ack rhiaro
#
Zakim sees no one on the speaker queue
#
ben_thatmustbeme rhiaro: we don't need 100% automated test coverage, a test can be something as simple as having a checkbox and we take their word for it
#
ben_thatmustbeme cwebber2: that was the original way i was doing it, but i was getting some pushback from it being too prompty
#
ben_thatmustbeme rhiaro: whatever the shortest way is
#
ben_thatmustbeme cwebber2: the former one i would like to ...
#
ben_thatmustbeme being rewritten as proposal
#
eprodrom PROPOSED: move section on exponential backoff to security considerations, section on trusting content to security consideration with tests to close https://github.com/w3c/activitypub/issues/233
#
Loqi [cwebber] #233 Move "do not overload" and "don't trust submitted content" to Security Considerations?
#
cwebber2 +1
#
sandro +1
#
rhiaro +1
#
eprodrom +1
#
ben_thatmustbeme +1
#
ben_thatmustbeme is this a normative change?
#
eprodrom RESOLVED: move section on exponential backoff to security considerations, section on trusting content to security consideration with tests to close https://github.com/w3c/activitypub/issues/233
#
Loqi [cwebber] #233 Move "do not overload" and "don't trust submitted content" to Security Considerations?
#
ben_thatmustbeme cwebber2: it sounds like we have been agreeing that relaxing requirements is more ok than adding requirements
#
ben_thatmustbeme sandro: i don't think it matters either given our schedule
#
ben_thatmustbeme ... we can't go to PR next week since we don't have the test suite out
#
ben_thatmustbeme cwebber2: next one is , mastodon has been trying pretty hard to be respectful of what people are and aren't willing to see
#
cwebber2 https://github.com/w3c/activitypub/issues/232 https://github.com/w3c/activitypub/issues/231
#
Loqi [cwebber] #232 Content Warnings
#
ben_thatmustbeme these two are interrellated
#
saranix my view on this is tags are appropriate
#
ben_thatmustbeme if you haven't seen it in mastodon, you see 'content warning explicit", etc
#
saranix ... handling as tags
#
ben_thatmustbeme cwebber2: the way it is done now using the summary field
#
Zakim sees no one on the speaker queue
#
sandro q?
#
ben_thatmustbeme ... this is like reading a short blog post you see the shortened version of it, but expand to see the full version
#
saranix I agree with the comment that said that summary is meant for different screen realestate / UI concerns
#
ben_thatmustbeme cwebber2: i have a little bit of a concern that its a little bit of an abuse of that property
#
ben_thatmustbeme ... if you have those two distinct contexts, if two servers are using them in different ways, someone might see things that they hadn't intended to see
#
ben_thatmustbeme ... i had original envisioned it as a tag , but this works, but i think it still should be wrapped in another type
#
sandro q+
#
Zakim sees sandro on the speaker queue
#
ben_thatmustbeme eprodrom: i don't understand why a tag or the context wouldn't work here
#
ben_thatmustbeme ... there is no need to have backward compatibility with ostatus
#
ben_thatmustbeme cwebber2: it does need to give a clear indication that it should not be exposed by default, so i think it should have its own type on the tag
#
ben_thatmustbeme ... i agree that it makes more sense to me at the moment to use a tag
#
ben_thatmustbeme .. i think it would be more useful to tag multiple things at once
#
ben_thatmustbeme if you lump them all in one big text box, you can lose them
#
ben_thatmustbeme sandro: a tag should default to being show, don't show, or prompt
#
ben_thatmustbeme eprodrom: that is between you and your user agent ..
#
ben_thatmustbeme ... the sender should not have to decide how the content is receieved
#
ben_thatmustbeme sandro: well thats what the tagging is
#
ben_thatmustbeme sandro: before my client has ever seen one of these tags, ... the person who is inventing the tag, the creator would have to say 'when a server sees this for the first time' what do they do
#
saranix the tagging is semantic
#
ben_thatmustbeme lost the scribing of cwebber on that
#
saranix is that bad?
#
saranix sandro, is that bad?
#
ben_thatmustbeme sandro: while we are doing this, i want a 3rd option, that is an opt-in tags
#
ben_thatmustbeme saranix we are on a call
#
ben_thatmustbeme sandro: what i want to be able to do is scribe meetings on mastodon, i am going to be posting 4-500 things in an hour, i don't want them to be prompted at all
#
ben_thatmustbeme cwebber2: that is quite a bit different
#
ben_thatmustbeme sandro: but it comes into the same implementation territory
#
ben_thatmustbeme eprodrom: the pump.io way of doing that is setting up a list and limiting it to only a specific audience
#
ben_thatmustbeme sandro: and thats something people can join later?
#
ben_thatmustbeme eprodrom: exactly
#
ben_thatmustbeme cwebber2: it could apply to more things than we initially thought about.
#
ben_thatmustbeme eprodrom: movie ratings, appropriate for children, trigger warnings, there is a lot that goes in to this area, and people do a lot of non-semantic stuff, like stuffing things in to the summary. or people make the post much longer than the default wrap, like "spoiler warning" then a bunch of extra lines, etc
#
cwebber2 q?
#
Zakim sees sandro on the speaker queue
#
eprodrom ack sandro
#
Zakim sees no one on the speaker queue
#
ben_thatmustbeme ... finding a good way to do this is good, is good to add
#
ben_thatmustbeme cwebber2: i am in favor of tags, but if we want to get others in to it, we should get like Gargron and evenminto on the CG call and bring it up there
#
ben_thatmustbeme ... i'll try to get them on tomorrow or next week to discuss this
#
eprodrom tag, warning, freetext, id
#
ben_thatmustbeme eprodrom: ideally i'd like to see something where 'this is a tag' and a warning
#
ben_thatmustbeme ... either a url or some text that indicates what we are warning about
#
ben_thatmustbeme cwebber2: there are 2 issues related to this
#
cwebber2 https://github.com/w3c/activitypub/issues/231
#
Loqi [cwebber] #231 "Sensitive Media" tag
#
ben_thatmustbeme ... that might be a good solution to one of them
#
ben_thatmustbeme ... i think there might be a good solution for this, a specific content warning one that is just 'NSFW'
#
rhiaro do they use nsfw on japanese mastodon?
#
ben_thatmustbeme maybe 'senative media' or something like that
#
ben_thatmustbeme rhiaro shiranai *shruggie*
#
ben_thatmustbeme cwebber2: people on mastodon don't want to use NSFW anymore
#
ben_thatmustbeme but a more accurate 'sensative media'
#
ben_thatmustbeme eprodrom: .... YES
#
ben_thatmustbeme eprodrom: so they don't want to use that term because for some people sex work is WORK, but...
#
ben_thatmustbeme has no comments on that, no
#
cwebber2 https://github.com/w3c/activitypub/issues/231#issuecomment-309835489
#
Loqi [cwebber] We're thinking related to #232 there would be a common Content Warning type tag for sensitive media.
#
cwebber2 q?
#
Zakim sees no one on the speaker queue
#
ben_thatmustbeme cwebber2: they seem pretty related to me, so using the same mechanism seems to make sense to me
#
ben_thatmustbeme eprodrom: where the concern comes from for me, is when we start dictating what people want to see, but its pretty useful to have that people will want to see different things
#
ben_thatmustbeme eprodrom: i wonder if just having a 'content warning' tag and then the other tags after that describe what it is
#
ben_thatmustbeme sandro: i don't see how that would work
#
ben_thatmustbeme eprodrom: if i had a post on 'stephen universe', i put in a tag of type content warning,
#
ben_thatmustbeme or 'here is the content warning' and here is the other tag related to it
#
ben_thatmustbeme sandro: i don't see how i could read that as a spoiler vs trigger warning, etc
#
ben_thatmustbeme eprodrom: going in to the ontology of what content makes people uncomfortable ...
#
ben_thatmustbeme cwebber2: i think there are 2 things beeing suggested
#
ben_thatmustbeme one is marking certain tags as content warning,
#
ben_thatmustbeme 's hands are getting tired
#
ben_thatmustbeme sandro: spoiler warnings are definitely a thing
#
ben_thatmustbeme cwebber2: you could still handle it all with eprodrom proposal
#
ben_thatmustbeme eprodrom: do you put up police tape or police tape that says quatentine, murder, etc
#
ben_thatmustbeme cwebber2: i feel like its good for this to go to the CG as well
#
ben_thatmustbeme sandro: and some hundreds of thousands of users may have opinions about it as well
#
ben_thatmustbeme cwebber2: plus changing people over who may not like it, they may have some complaints about it
#
ben_thatmustbeme sandro: exactly why i would want to add functionality
#
ben_thatmustbeme <ben_thatmustbeme> my hands can't take much more though
#
cwebber2 https://github.com/swicg/general/issues/6
#
Loqi [Gargron] #6 Hashtag representation
#
ben_thatmustbeme cries
#
cwebber2 https://mastodon.social/users/Gargron/updates/3288643
#
Loqi [Eugen] @cwebber i had another concern: OStatus URIs of the type tag:example.com;12345;foobar are not represented in ActivityPub, but present in Mastodon. How to avoid duplicates between things Mastodon sees via AP vs what it sees via OStatus?
#
ben_thatmustbeme cwebber2: the basic question is 'how you represent tags'
#
ben_thatmustbeme ... what the id of a tag
#
eprodrom https://www.w3.org/TR/activitystreams-vocabulary/#microsyntaxes
#
ben_thatmustbeme ... does each server have its own tag id?
#
cwebber2 tag:example.com;12345;foobar
#
ben_thatmustbeme ... the way ostatus does this, is there are tag status URIs
#
ben_thatmustbeme eprodrom: there is a big section on this in the AS2 vocab
#
ben_thatmustbeme eprodrom: it sounds like 'what are the identities' is the question
#
ben_thatmustbeme cwebber2: i'll bring this to the CG as well
KevinMarks joined the channel
#
ben_thatmustbeme sandro: is this 'aspect' part actually implemented yet?
#
ben_thatmustbeme cwebber2: i'm about to
#
ben_thatmustbeme sandro: they are very different from groups
#
ben_thatmustbeme cwebber2: they are just a collection of people
#
ben_thatmustbeme sandro: does that work if the server is down?
#
ben_thatmustbeme cwebber2: well, you can't do that with mailing lists
#
ben_thatmustbeme sandro: no, but you can with hashtags
#
ben_thatmustbeme ... its never going to be anything more than another twitter if there is context collapse
#
ben_thatmustbeme sandro: i don't want the person sending it to say who it goes to , but the subscriber has to opt in to it
#
ben_thatmustbeme eprodrom: i think you should probably write this up as an issue
#
eprodrom trackbot, end meeting
#
trackbot is ending a teleconference.
#
Zakim As of this point the attendees have been eprodrom, ben_thatmustbeme, sandro, cwebber, rhiaro
#
trackbot Zakim, list attendees
#
ben_thatmustbeme eprodrom: lets wrap this up
#
cwebber2 ben_thatmustbeme++ for scribing YET AGAIN
#
Loqi ben_thatmustbeme has 74 karma in this channel (233 overall)
#
trackbot RRSAgent, please draft minutes
#
RRSAgent I have made the request to generate http://www.w3.org/2017/06/20-social-minutes.html trackbot
#
trackbot RRSAgent, bye
#
RRSAgent I see no action items
#
cwebber2 ben_thatmustbeme: the next call that isn't 80% me raising issues I'll scribe :)
#
ben_thatmustbeme i also try to be a stenographer more than just a scribe
#
ben_thatmustbeme Zakim: bye
#
ben_thatmustbeme Zakim, bye
#
Zakim leaving. As of this point the attendees have been eprodrom, ben_thatmustbeme, sandro, cwebber, rhiaro
#
ben_thatmustbeme https://www.w3.org/wiki/Socialwg/2017-06-20-minutes
#
ben_thatmustbeme saranix: sorry about that, now that call is over people are more likely to see questions
#
sandro saranix, I'm not sure what you were asking about being bad
#
Loqi Benthatmustbeme made 1 edit to [[Socialwg/2017-06-20-minutes]] https://www.w3.org/wiki/index.php?diff=103275&oldid=0
#
puckipedia <ben_thatmustbeme> ... we also have another implementation in progress by puckipedia, a dotnet implementation <- /me waves
#
puckipedia ... hm. Sudden question that popped up: How would a client know which ID a tag is?
#
ben_thatmustbeme cwebber ^^
#
puckipedia like, I'm lazy and just going to move determining hashtags etc to the client
#
puckipedia ... but the client must somehow figure out what the ID should be for the tag.
#
puckipedia .. or, when it creates the post, it adds a shell for the tag, which is then either given an ID (if new) or replaced with the existing tag (if already known)
#
ben_thatmustbeme !tell cwebber2 did you look at https://www.w3.org/TR/webmention/#preventing-abuse for inspiration by the way
#
Loqi Ok, I'll tell them that when I see them next
#
cwebber2 https://now.kibousoft.co.jp/users/gh694646/updates/1475 what the unicode is going on here
#
Loqi cwebber2: ben_thatmustbeme left you a message 1 hour, 1 minute ago: did you look at https://www.w3.org/TR/webmention/#preventing-abuse for inspiration by the way
#
Loqi [wordijp]     _    _/ミ\   (|ミOミ|~    T\ミ/~ ∧_∧    ||  ̄~ (・ω・`)   _/ ̄L   O旦と )  (_◎_)   (_(_つ
#
cwebber2 how is that rotation happening
#
cwebber2 oh
#
cwebber2 <span class="fa fa-spin">
#
cwebber2 huh
#
cwebber2 puckipedia: re: how to infer which uri from the hashtag, that was in discussion today and I think will be discussed at the CG tomorrow
#
puckipedia right
#
puckipedia btw, I still didn't figure out a way to join the thing yet
#
ben_thatmustbeme yeah, i was just about to say that cwebber2, haha, font awesome
#
Loqi ben_thatmustbeme: lol
timbl joined the channel
#
ben_thatmustbeme cwebber2: this one is pretty impressive https://now.kibousoft.co.jp/users/gh1529200/updates/1521
#
Loqi [ぬくれあ] . . . ★★★★★★★★★ . . .
#
cwebber2 puckipedia: ah right
#
cwebber2 puckipedia: https://www.w3.org/accounts/request seems to resolve now
#
puckipedia well, that part works, I have an account already
#
cwebber2 puckipedia: the join on https://www.w3.org/community/socialcg/ still breaks for you?
#
puckipedia yep
#
puckipedia it goes to https://www.w3.org/community/socialcg/join
#
puckipedia "The requested group (id: ) doesn't exist ; contact the author of the originating page to have the link fixed."
#
cwebber2 puckipedia: I bet it's becasue it used to be swicg
#
cwebber2 sandro: ^^^ know anything of this?
KevinMarks joined the channel
#
cwebber2 https://twitter.com/ragzouken/status/877294446135713792 apparently there are more of these.
#
Loqi [@ragzouken] there's an exploit in mastodon that lets ppl make text rotate lol https://pbs.twimg.com/tweet_video_thumb/DCzGkxFXYAE80dZ.jpg
#
cwebber2 fun times
KevinMarks_ joined the channel