#social 2017-07-13
2017-07-13 UTC
saper, timbl, prtksxna_, xmpp-social, bwn, prtksxna, timbl_ and csarven joined the channel
#
cwebber2 https://tsyesika.se/post/ap-why-creates/ by tsyesika
![](https://chat.indieweb.org/img.php?url=https%3A%2F%2Fidenti.ca%2Fuploads%2Fcwebber%2F2014%2F9%2F5%2Fvi4xWw_thumb.png&sig=4fcd134509a00bfe34f6143d3e6484247906cbf0dc72999a81291c7d55fc38d7)
#
puckipedia but yeah, that's basically my opinion on it
#
puckipedia and also I like the idea of the inbox/outbox being a list of Activities
#
puckipedia ... question: should a user be able to delete an activity???
#
puckipedia same with "should the server disallow Create'ing activities?"
#
puckipedia mine ... doesn't, I think?
#
puckipedia also things like "should the server disallow liking/announcing an Activity?"
#
xmpp-social [ajordan] I can easily imagine deleting an activity "AJ rides a bike" to unpublish
#
puckipedia ajordan: but then everyone has a Tombstone in their inbox
#
puckipedia that message is actually amazing out of context
#
puckipedia ... but yeah, I see where you're coming from
#
puckipedia ... maybe limit it to the list of activities defined in the spec (and thus have side effects)?
#
xmpp-social [ajordan] How else would you represent unpublishing things?
#
xmpp-social [ajordan] You could argue that you could Undo that activity but it still seems like that should result in a Tombstone
#
puckipedia if you'd delete a Create, would it delete the object of that Create too?
#
puckipedia or does that mean we now have an object that isn't Created?
#
xmpp-social [ajordan] I have a theory but I gotta check the spec
#
puckipedia Though: "The Create activity is used when posting a new object. This has the side effect that the object embedded within the Activity (in the object property) is created."
#
puckipedia I guess it's good we're having it
#
puckipedia ... sidenote: I just had the worst idea for an ActivityPub server: one which stores the entire object inside the id
#
puckipedia so the server doesn't have to store anything :D:
#
puckipedia like https://example.com/object?data=
{"type":
"Create", etc...}#
puckipedia well, collections kinda don't work still, so you have to store collections and the ids of the objects inside
#
cwebber2 https://example.com/object?data=
![](https://chat.indieweb.org/img.php?url=https%3A%2F%2Fidenti.ca%2Fuploads%2Fcwebber%2F2014%2F9%2F5%2Fvi4xWw_thumb.png&sig=4fcd134509a00bfe34f6143d3e6484247906cbf0dc72999a81291c7d55fc38d7)
{"type":
"Note", "content": "I'm a butt", ...}#
puckipedia oh and as a sidenote
#
puckipedia I was thinking of a way to add blocklists into Kroeg
#
puckipedia yep
#
puckipedia basically, if you were to block a Collection, it'd add that into the 'blocked' list, and the internal list of blocked actors is then updated from the collection that was added
#
puckipedia then if the actor got an Add to that collection, it'd look through every person that has that blocklist
#
puckipedia soo wouldn't that just be a Collection someone Created?
#
puckipedia I mean. Isn't that how ActivityPub should work? :P
#
puckipedia that was basically exactly what I would do
#
puckipedia wouldn't that be something like ["OrderedCollection", "Blocklist"]
#
puckipedia actually now that we're talking about collections
#
puckipedia ... (how) should servers sync collections?
#
puckipedia e.g. you want to verify a remote collection contains a specific object
#
puckipedia do you have to load the entire thing again?
#
ajordan I wonder if we should add "collection queries" to https://www.w3.org/wiki/ActivityPub_extensions#Possible_future_extensions
![](https://chat.indieweb.org/img.php?url=https%3A%2F%2Fstrugee.net%2Fimages%2Fsmall-headshot.jpeg&sig=49ede6db54813c12f32cfba7b8fa1feaed200e94136f1412019a1a3d3cecd3d9)
#
puckipedia looks at the list
#
puckipedia "WebSockets(? also value in something like SockJS) interface for clients to get streams like the inbox sent to them in realtime" woops I have that already
#
puckipedia well, I use EventSource
#
puckipedia beause of stupid CORS reasons the authorization header is in the query url
#
puckipedia query of the url*
#
puckipedia I can't set arbitrary headers with the EventSource API
#
puckipedia EventSource is basically server push
#
puckipedia sidenote, exactly how I implement it: I set data to an unflattened version of the object, id to the id of the object, and don't use event
#
puckipedia so if the connection drops and reconnects I can grab the Last-Event-ID and use it
#
ajordan https://caniuse.com/#feat=eventsource better compatibility and there are more Known Issues in the EventSource one
![](https://chat.indieweb.org/img.php?url=https%3A%2F%2Fstrugee.net%2Fimages%2Fsmall-headshot.jpeg&sig=49ede6db54813c12f32cfba7b8fa1feaed200e94136f1412019a1a3d3cecd3d9)
#
puckipedia ajordan: well, I mean, I can't set headers with either js WebSocket or EventSource
#
puckipedia that was what I meant with CORS, for some reason
#
puckipedia I think the idea of EventSource is that it is one-way
#
puckipedia exactly
#
puckipedia with websockets I could probably send the authorization value inside a websocket message
#
puckipedia cwebber2: I could poke a test into Kroeg
#
puckipedia yes
#
puckipedia well, the client may not be on the same server as the server
#
puckipedia e.g. people writing simple clients that run on github pages or so
#
puckipedia I have cors on my server open, maybe I could limit it to authorized people
#
puckipedia there's an endpoint "proxyUrl"
#
puckipedia :)
#
puckipedia my idea is that not even the client runing on the same server is special
#
puckipedia so it'd use the same oauth mechanism
#
puckipedia dogfooding :P
#
puckipedia yeah, this is a part I should think about more
#
puckipedia some other systems fix it by POSTing to a place, and then you get a unique url you use for websockets
#
puckipedia I think websockets are almost finished (with same ?authorization=[...] requirement as above sadly)
#
puckipedia of course, this is a ... 5-minute hack
#
xmpp-social [ajordan] I mean you could also support both
#
xmpp-social [ajordan] Hacky, but it'd work
#
xmpp-social [ajordan] Hahahaha
#
xmpp-social [ajordan] XMPP bridge
#
xmpp-social [ajordan] When I get around to it I'll port #indieweb's Slack gateway to XMPP so it doesn't have the weird single-user thing you just noticed
#
xmpp-social [ajordan] csarven: bidirectional bridge between #social and an XMPP room
#
xmpp-social [ajordan] At xmpp:w3social@muc.im.koderoot.net?join
#
xmpp-social [ajordan] cwebber2: I guess
#
xmpp-social [ajordan] But really what's important is the concept of an origin, which just happens to be domains atm
#
xmpp-social [ajordan] That seems better than all the alternatives tbh
#
xmpp-social [ajordan] Disallow by default, poke holes where it's safe
#
xmpp-social [ajordan] See also https://w3c.github.io/webappsec-suborigins/
#
xmpp-social [ajordan] Hmm, I guess
#
xmpp-social [ajordan] Maybe I'm just too used to the web to properly think about this :)
#
xmpp-social [ajordan] I mean, it's been around basically my entire life. Web 2.0 happened when I was like, 8 or something
#
puckipedia I remember web 2.0 kinda
#
cwebber2 see also https://web.archive.org/web/20160302160222/www.eros-os.org/essays/capintro.html and the incredible http://mumble.net/~jar/pubs/secureos/secureos.html which demonstrates that security capabilities are a natural extension of the lambda calculus
![](https://chat.indieweb.org/img.php?url=https%3A%2F%2Fidenti.ca%2Fuploads%2Fcwebber%2F2014%2F9%2F5%2Fvi4xWw_thumb.png&sig=4fcd134509a00bfe34f6143d3e6484247906cbf0dc72999a81291c7d55fc38d7)
#
puckipedia mostly https://script.aculo.us/
#
xmpp-social [ajordan] Oh god lambda calculus
#
xmpp-social [ajordan] I've tried to learn that a couple times lol
#
xmpp-social [ajordan] Each time I've gotten a little more but still not any semblance of "understanding" ?
#
xmpp-social [ajordan] Right
#
xmpp-social [ajordan] Neat
#
xmpp-social [ajordan] Lol I've been meaning to learn *both* of those languages for so long
#
xmpp-social [ajordan] Especially because, for someone who uses Emacs, I'm VERY BAD at Lisp
#
xmpp-social [ajordan] Sounds awesome!
#
xmpp-social [ajordan] Ahhhh right yes
#
xmpp-social [ajordan] I went to a talk on Pony a couple years ago which is very into this stuff
#
puckipedia somehow I'm getting double values in my websocket client thingy
#
puckipedia ... I know why :D:
#
xmpp-social [ajordan] Lol yes
#
cwebber2 http://mumble.net/~jar/pubs/secureos/secureos.html demonstrates running a program that you don't even trust
![](https://chat.indieweb.org/img.php?url=https%3A%2F%2Fidenti.ca%2Fuploads%2Fcwebber%2F2014%2F9%2F5%2Fvi4xWw_thumb.png&sig=4fcd134509a00bfe34f6143d3e6484247906cbf0dc72999a81291c7d55fc38d7)
#
xmpp-social [ajordan] In a way chroot jails are a way of shoehorning capabilities into the existing model
#
puckipedia yay, websockets work
#
puckipedia and are exactly as boring as you'd expect
#
xmpp-social [ajordan] Hahahaha of COURSE you're into microkernels
#
xmpp-social [ajordan] That's neat though
#
puckipedia quickly deploys to main instance
#
puckipedia hm. what if I set up a large Kroeg instance and asked people like EUR 1 per month to have their own account
#
xmpp-social [ajordan] I think I see what you mean with origins too
#
xmpp-social [ajordan] I've always thought that Content Security Policy was a gross (but necessary) hack
#
xmpp-social [ajordan] And np! This is super interesting
#
xmpp-social [ajordan] puckipedia: !!!!!!!!!
#
xmpp-social [ajordan] Awesome!
#
xmpp-social [ajordan] cwebber2: right
#
puckipedia I mean, it's more of an idea and it'd be interesting to have e.g. yourusernamehere.kroegapp.com
#
puckipedia though I feel it has to have a GUI at least :P
#
puckipedia I wonder how high I can scale Kroeg
#
puckipedia hehe, I tested it out
#
puckipedia http://test1.social.puckipedia.com/ (says it's https but don't be fooled, I don't have https for it)
#
puckipedia also woops http://test2.social.puckipedia.com//status/31f4dfe1/this-is-awesome
#
puckipedia yes that's two slashes
#
xmpp-social [ajordan] Hahahaha
#
xmpp-social [ajordan] I feel for you
#
xmpp-social [ajordan] That's the worst kind of bug
#
xmpp-social [ajordan] Like off-by-one errors
#
puckipedia so I was thinking
#
puckipedia
{type: Create, object: {type: Person, id: example/A, name: "Example"}, actor: example/A}
#
puckipedia yes. the user creating themself
#
puckipedia iirc this is how I'm doing user creation now
#
puckipedia well, without the actor: example/A part though :<
#
puckipedia no wait yes
#
xmpp-social [ajordan] Quick update on where I am in my life rn: I talk in #social enough through my phone that the Android keyboard now suggests "cwebber2" as a word
#
puckipedia :D
#
puckipedia btw, https://lol.puckipedia.com/d10a9265/create/f9f4cfdf.json
#
puckipedia (not online for a long time, going to bed pretty soon)
#
xmpp-social [ajordan] cwebber2: lgtm lol
#
puckipedia but yes that's a Create for the user that created that Create
#
puckipedia hm? oh wooooops
#
puckipedia I forgot I dropped the DNS but kept it in my hosts file for some reason
#
puckipedia I added the CNAME but it might take a while to recover
#
puckipedia ajordan: that's actually in your outbox when you create an account :P
#
puckipedia I don't consider this recursive :P
#
puckipedia I just kinda like the idea that you create yourself
#
puckipedia unless you count object->outbox->first->next->next->[...]->next
#
puckipedia anyways
{type: Update, object: {id: puckipedia, location: bed}}
#
ajordan sooo RRSAgent made a request yesterday (https://chat.indieweb.org/social/2017-07-12#t1499876297131000) but https://www.w3.org/2017/07/12-social-minutes.html never got generated?
![](https://chat.indieweb.org/img.php?url=https%3A%2F%2Fstrugee.net%2Fimages%2Fsmall-headshot.jpeg&sig=49ede6db54813c12f32cfba7b8fa1feaed200e94136f1412019a1a3d3cecd3d9)
#
Loqi [RRSAgent] I have made the request to generate http://www.w3.org/2017/07/12-social-minutes.html trackbot
![](https://chat.indieweb.org/img.php?url=http%3A%2F%2Floqi.me%2Flogo%2Floqisaur.png&sig=3571041228810c0664972bd517c3e0cb2b50fe82c7359f310bed393df91a84e0)