#social 2017-07-19

2017-07-19 UTC
ben_thatmust and ben_thatmustbeme joined the channel
#
saranix Hmm... missing endpoint: asking the server to deliver an object by id from other origins. i.e. a client can only access objects by collection. Technically an object can be fetched by url if it is same origin, but a local copy of a foreign object that's been delivered can't be got by id
xmpp-social joined the channel
#
puckipedia saranix: you mean the proxyUrl?
JanKusanagi joined the channel
#
saranix oh yeah, I suppose that works. The name is confusing because of my other extensions, but it works.
#
saranix puckipedia: hrm, just noticed, your 'liked' collection is misnamed on your actor obj. "likes" is only for attaching to target objects, "liked" is the actor's collection.
#
saranix so a "likes" collection on your actor object should could contain people who liked your actor object
#
puckipedia woops
#
saranix I did the same thing :-P
#
puckipedia not feeling super well, so I just poked it into the issue tracker
#
saranix poked what?
#
saranix oh.. you mean for Kroeg
#
saranix yeah
#
saranix lol
#
saranix only reason I did it is cause I copied your obj as a baseline when I started
timbl joined the channel
#
Loqi Benthatmustbeme made 2 edits to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=103846&oldid=103712
#
Loqi Benthatmustbeme made 1 edit to [[Socialwg/2017-07-18-minutes]] https://www.w3.org/wiki/index.php?diff=103847&oldid=103823
#
ben_thatmustbeme new WD of JF2 just went out
#
cwebber2 oh hello
#
cwebber2 we should have a meeting today eh
#
Loqi +1
#
nightpool I probably won't be able to make the meeting, b/c i'm on vacation with family stuff, but I'm working on mastodon's websub report. found a few bugs that's im working through
#
nightpool s/that's/that
#
cwebber2 nightpool: enjoy your vacation!
#
ben_thatmustbeme getting linkedIn invites from facebook recruiters.... somehow i don't think that would work out
#
rhiaro ben_thatmustbeme: get them from the inside
#
cwebber2 guess it's time to dial in
#
cwebber2 assuming we have a call anyway :)
judah joined the channel
#
cwebber2 maybe nobody wants to have one this week, which would be fine
bwn joined the channel
#
ben_thatmustbeme jumps on to listen in
#
ben_thatmustbeme hello
#
ben_thatmustbeme cwebber2:
#
cwebber2 :)
#
sandro oops, yeah, on a deadline with some other work, sorry
#
ben_thatmustbeme JF2 updated WD went out today
#
cwebber2 cool, nice work
#
ben_thatmustbeme in other news, i forked bcrypt-ruby because ... well... just because
#
Loqi Benthatmustbeme made 1 edit to [[Socialwg/2017-07-25]] https://www.w3.org/wiki/index.php?diff=103854&oldid=103820
#
cwebber2 cool
#
cwebber2 ben_thatmustbeme: looks like it's just us... anything you want to talk about?
#
cwebber2 or we can get 50 minutes of our time back :)
#
cwebber2 I take that as the latter
#
ben_thatmustbeme i think we can get 50 minutes back, the conference room is taken, so i can't really talk, but we can discuss things in IRC
#
cwebber2 ok! sounds good to me
#
cwebber2 trackbot, skip meeting
#
trackbot Sorry, cwebber2, I don't understand 'trackbot, skip meeting'. Please refer to <http://www.w3.org/2005/06/tracker/irc> for help.
#
cwebber2 ;)
#
cwebber2 so here's something I've been thinking about
#
cwebber2 for https://github.com/w3c/activitypub/issues/244 Evan suggested using https://www.w3.org/TR/activitystreams-vocabulary/#modeling-friend-requests instead of requiring accept/reject of Follow
#
cwebber2 but
#
Loqi [cwebber] #244 Accept / Reject a Follow
#
cwebber2 I think that also introduces a lot of complexity too
#
cwebber2 because it's a totally different mechanism
#
cwebber2 and now we have to specify two mechanisms
#
ben_thatmustbeme so is the issue "rejecting" friend requests, or making sure they were received, or both
#
ben_thatmustbeme as those are different layers
#
cwebber2 ben_thatmustbeme: it's about allowing user to accept/reject a friend request
#
cwebber2 ben_thatmustbeme: you should know if it was delivered by whether the POST was successful to the inbox, in theory
#
ben_thatmustbeme "in theory", there dragons lie :P
#
cwebber2 okay
#
cwebber2 well that applies to everything
#
cwebber2 not just follow
#
cwebber2 and to answer your question
#
cwebber2 that's not the thing being discussed
#
ben_thatmustbeme well, i know that was brought up, if its 'reject' you don't want that confused with 'didn't receive it'
#
ben_thatmustbeme so i'm just trying to make sure there is a basic 'ack' as you don't want rejects to just keep retrying
#
ben_thatmustbeme which would be the issue with existing implementations
#
cwebber2 okay, there may be time before it's processed and this does help with that
#
cwebber2 but
#
cwebber2 that's not the goal of it
#
ben_thatmustbeme i know, just setting that as a stage
#
ben_thatmustbeme what are the advantages / disadvantages for each option here
bwn and jaywink joined the channel
#
jaywink > "Canceled due to low turnout. See you next time! " ... todays meeting canceled?
#
jaywink ok yeah just read logs ^_^
tantek joined the channel
#
ben_thatmustbeme sorry cwebber2, was in a meeting at the same time
#
saranix considering everything that happened over the weekend I thought this would be a busy meeting
#
cwebber2 maybe we meeting'ed out
#
cwebber2 I'm a-ok with it :P
#
cwebber2 I know *I'm* meeting'ed out ;p
#
tantek checks logs
#
tantek also relates, blocking is hard :/
#
tantek perks up at the follow discussion, actually really interested in how to federate follow in a MVF way
#
tantek is on another telcon but can chat in IRC
#
puckipedia MVF?
#
tantek minimum viable feature OR in our context, minimum viable federation
#
tantek similar to MVP
#
puckipedia ah
#
saranix It's not that difficult
#
saranix I think the people that struggle are used to only seeing one very specific usecase
#
saranix some people have no imagination outside their own pet projects
#
tantek saranix: if it were "not that difficult" lots of people would be doing it. Or rephrased in a question, could you share links to sites doing it today as evidence of "it's not that difficult"?
#
cwebber2 tantek: MVP of what?
#
cwebber2 oh of blocks?
#
saranix hubzilla/zot seems really straightforward. request permission, ok here's your permissions, or "GTFO"
#
tantek cwebber2: MVP of nothing
#
tantek I was referring to MVF
#
cwebber2 oh the federation of follow stuff with ACK / NACK ?
#
tantek gives up on secondary requests for links
#
cwebber2 XMPP already does that
#
tantek cwebber2: MVF for follow, the user feature.
#
cwebber2 as an example of a federated system
#
cwebber2 which has ack/nack on friend requests
#
cwebber2 it's not on the web but that's a tried and true system in terms of its usage there
#
cwebber2 I've been accepting/rejecting friend requests for 1.5 decades on xmpp :)
#
tantek cwebber2: yes I meant on the web
#
cwebber2 tantek: I think the principle would be exactly the same though
#
puckipedia doesn't Mastodon do follow authorization too?
#
cwebber2 in terms of structural challenges
#
cwebber2 puckipedia: does it? I don't remember.
timbl joined the channel
#
tantek cwebber2: sounds good in theory, rarely (never) true in practice
#
puckipedia cwebber2: request-friend
#
cwebber2 aha
#
puckipedia then the user must respond with authorize/reject
#
tantek re: principle would be exactly the same though
#
tantek I reject that assertion without implementation and deployment experience
#
cwebber2 it's two systems that both encompass message passing
#
saranix that's where the "complexity" creeps in. People thinking that "friend" means something. It doesn't. Discrete perms and permission-sets is the only logical way to go.
#
tantek cwebber2: WADR, "two systems that both encompass message passing" sounds like architecture astronomy reasoning, I can't accept that
#
tantek (abstracting to such a high level that conclusions become spurious)
#
cwebber2 tantek: so if i said "hey it works on mastodon" then could also say the same for AP
#
cwebber2 because they aren't exactly the same system
#
cwebber2 just because they're both on the web doesn't mean they wouldn't have differences in system implementation
#
saranix layer 10 on the OSI model ;-)
#
cwebber2 so yes that's true, but it being on the web / not on the web is not necessarily a good benchmark of whether the concept applies or not
#
tantek saranix: it's the other way around. developers think they can assert meaning independent of user interpreation of UX, when developers doing so in practice are wrong, the users are right.
#
tantek cwebber2: whether a concept applies or not is not a good benchmark of whether something works in practice or not
#
saranix tantek: now you lost me
#
cwebber2 I'm also lost now
#
cwebber2 okay I'm going back to hacking
#
puckipedia saranix: so all the systems I can think of.... A user generally follows one person, and can then put them into one or more categories
#
tantek saranix, you asserted "People thinking that "friend" means something. It doesn't. " is an attempt at developer/spec fiat which is wrong. users will interpret UX and assign meaning to it regardless of any attempt by any developer to do or intend or demand otherwise
#
puckipedia saranix: think Google+ circles, etc. but you do not ask specifically to be put in the 'weird friends' group, you probably won't even know that group exists
#
saranix tantek: "people" in my assertion is "developers" not users, you are conflating. I agree the user is always right.
#
tantek saranix: good to know. appreciate the clarification.
#
tantek cwebber2: you made a point about good benchmark which I believe was a red herring
#
tantek that is you asserted "whether the concept applies or not" matters in practical terms, and I'm asserting that in practice it does not
#
cwebber2 tantek: I'm trying to get the distinction as to how whether or not the concept of protocol A can map to B assuming A != B
#
tantek anyway when someone has a *link*, to a *site*, *doing it*, please share. thanks
#
cwebber2 you're implying that if A and B are both on the web, that's a strong indicator
#
cwebber2 but what web aspects apply, in this case
#
saranix tantek: at current rate, I imagine it will probably take me at least 2 more weeks before my impl is spitting messages across the ether
#
cwebber2 and, I'm saying that A and B may indeed have issues that make the concept apply but
#
tantek cwebber2: more like if you want to study mammals, you don't start with invertebrates
#
cwebber2 that can happen also if they're both on the web
#
tantek experience closer to the domain is more valuable than experience farther from the domain, that's the point
#
cwebber2 tantek: sure, but if you're going to make that claim, explain where along the lines you think there's a domain breakdown
#
cwebber2 tantek: I'll assert that federated message passing systems have more in common than looking at centralized web systems as an example
#
tantek has anyone here researched/studied/documented existing follow/reject behavior in popular social media silos?
#
saranix tantek: "in popular social media silos" I think is an extremely narrow and actually ironicly unrelated domain to the AP protocol
#
tantek it's a user centric approach
#
tantek dismissing it is what is ironic
#
cwebber2 we can get information from both
#
tantek yes
#
saranix no, I mean it's a bunch of people who all copied one narrow impl
#
cwebber2 but, as in terms of the protocol layer, I'm trying to explain that I have seen a system that did work
#
saranix It's like looking at Christianity sects instead of religion
#
cwebber2 and the properties on which it would succeed/fail are more likely to be understood in terms of how things work / break down on a federated model
#
tantek saranix, no, it's a set of models (or variants) that have demonstrated user adoption
#
cwebber2 also I feel like this is *such* an unproductive debate to be having in the direction it has gone
#
saranix but they are all centralized, and AP is inherently decentralized. Apples and oranges.
#
cwebber2 I'd much rather be saying "yes, but that concept may not apply because X"
#
cwebber2 and then great I can reason with that
#
tantek if you think the (de)centralization is the key distinguishing aspect between social media silos and AP, then I think you are missing the point of the paramount importance of the UX and user models the silos have innovated
#
cwebber2 I'm definitely thinking about centralized system design
#
cwebber2 we talked about it on the call even
#
cwebber2 facebook was given as an example
#
cwebber2 of accept/reject
#
saranix tantek: not missing the point, I'm deliberately *rejecting* the idea that silos have innovated. I say they stagnated and incestously copied each other.
#
tantek you might as well design a new protocole for new RSS readers, when modern UX has abandoned that and gone to integrated readers
#
tantek *protocol
#
tantek if you are rejecting silo UX innovations then yes I believe you are missing where the social web UX has evolved to
#
saranix Looking at silos as an example of diversity of impl is like looking at all the White people to get an understanding of diversity.
#
cwebber2 okay this conversation has gone off the rails
#
tantek that sounds like a strawman about diversity which no one previously brought up
#
cwebber2 everyone
#
cwebber2 cool it.
#
cwebber2 take a 15 minute break.
#
cwebber2 I'm gonna do the same.
#
tantek cwebber2: it's a fundamental difference between user-centric/first design (studying where users are at, what they are using, why) and principle/concept/protocol centric/first design and I do not see a way to reconcile those approaches
#
saranix My opinion is that methodology is bigoted.
#
cwebber2 tantek: okay, last message before I close this, but I tried to explain that I'm looking at both when considering things, and I even gave examples of how I'm looking at both, and it feels like I'm being shut down and that this criticism is not constructive. so I'm out of here for a while.
#
tantek cwebber2: no one is shutting you down, to be clear
#
tantek you're looking at a different axis, web vs. non-web, and that's (potentially) orthogonal to user-centric vs. concept/principle/protocol-centric
#
tantek cwebber2 I agree with you that there are lessons to be learned (and hopefully re-used) from non-web federation successes (and failures)
#
tantek but I assert that is insufficient
#
tantek and certainly insufficient to jump to an assertion like "It's not that difficult"
#
saranix you say it's difficult, but then when trying to analyze it, you only want to look at one tiny little usecase without giving an credence to minorites simply *because* they aren't popular/wide-spread
#
saranix the majority minority seems to be the only one you care about
#
tantek saranix, the burden of proof is on those who claim "it's not difficult"
#
tantek and like I said (3rd request), links to sites doing it
#
saranix http://hubzilla.org
#
saranix already mentioned by name without link
#
tantek saranix, studying users wherever they are is being user/human centric
#
tantek ignoring where users are is weird kind of elitist discrimination
#
tantek I'll check out http://hubzilla.org
#
saranix I feel like you are the only one doing ignoring. Myself and cwebber are talking about big picture and all you are talking about is silos
#
tantek I'm talking about real world examples, and pointing out what appears to be ignored
#
tantek "big picture" doesn't get you to "It's not difficult"
#
tantek shipping things and getting people to use them does
#
saranix "shipping things and getting people to use them does" <-- there, that's the source of my consternation. That's bigoted thinking.
#
tantek nope, standards are determined by interoperable implementations (shipping things)
#
tantek if you're not interested in that, you're not interested in practical standards, just academic fictions
#
saranix not true at all
#
saranix but I don't feel like arguing right now...
#
tantek sorry saranix you're categorically wrong about that. IETF, W3C, "rough consensus *and* running code" etc. The internet and Web were built by interopable implementations, not theory
#
saranix And that's why a HUGE number of people hold the opinion that IETF and W3C are inherently bigoted processees not worth participating in
#
tantek huge? really? citation needed
#
tantek and some start other groups / communities too: WHATWG, microformats.org, indieweb.org etc.
#
tantek the common theme to all of them: implementations that ship and work together
#
saranix there you go again, with your bigoted brain. "you must argue on my terms or your argument isn't valid"
#
tantek now you've crossed the line into a personal attack, which is unwarranted and unwelcome
#
saranix you've left me no options. You've excluded me a bunch of different ways, leaving me no way to defend my position.
#
saranix That's personal.
#
tantek if you take asking questions as personal, then you may have difficulty with any scientific approach
#
tantek as that's quite fundamental
#
saranix If you fail to see my criticism for what they are, then you aren't even listening.
#
tantek can you explain your criticism to others here who may be able to explain it differently?
#
saranix maybe, I don't know. This isn't a very diverse group. I'm pretty outnumbered as it is.
#
tantek hubzilla.org redirects to https://project.hubzilla.org/page/hubzilla/hubzilla-project which is a project page. that's a good start, and has some bold claims on it. I don't see any links on that page to actual running deployments that are in actual (non demo) use. do you know of any?
#
saranix https://the-federation.info/hubzilla
#
sandro bigoted against who?
#
saranix sandro: all who don't share the same methodology
#
saranix if one person has an idea, and it's a really good solution to the problem, it doesn't suddenly stop being a good solution because only one person came up with it, and it isn't popular *yet*
#
saranix populism is bigotry
timbl joined the channel
#
tantek https://the-federation.info/ is a fascinating directory of sorts
#
tantek thanks for the link saranix
#
sandro okay, thanks, saranix
#
tantek interesting that they include diaspora, Friendica, Hubzilla, but not Mastodon. I wonder if that's a temporary or deliberate omission
#
saranix I believe the diaspora project is custodian of that site
#
saranix informally
#
aaronpk "each ... is an installation of a software which supports the diaspora* protocol"
#
aaronpk mastodon does not support the diaspora protocol
#
saranix anyone can opt-in to being listed by only implementing the part of the protocol that gets you listed though :-)
#
sandro As I understand it, "The Federation" is diaspora* - Friendica - Hubzilla while "The Fediverse" is gnusocial - postActive - Mastodon.
#
tantek notes "diaspora* protocol" links to https://diaspora.github.io/diaspora_federation/
#
tantek sandro, why does that start to sound like a Monty Python skit
#
aaronpk sandro: so what your'e saying is... they're all the Feds
#
tantek perhaps we should start The Decentralized People's Federation. Or the People's Federation of Decentralization.
#
tantek or both
#
aaronpk or the People's Decentralized Federation... or PDF for short
#
saranix take back the acronym!
#
tantek finds https://diaspora.github.io/diaspora_federation/discovery/hcard.html
#
sandro y'all haven't read Amy's thesis. Opening quote of chapter 4: https://rhiaro.github.io/thesis/chapter4
#
tantek I'm surprised she didn't reference https://en.wikipedia.org/wiki/Narcissism_of_small_differences
#
tantek (at least by name if not URL)
#
saranix <3 thomas willingham
#
puckipedia sandro: iirc isn't postActiv a fork of GNU Social?
#
tantek subtle hr14 troll sandro :P
#
tantek (my fault for reading past the "Opening quote" :) )
#
saranix Getting added to the-federation.info: https://github.com/jhass/nodeinfo/blob/master/PROTOCOL.md
#
saranix just have to support that protocol endpoint. A json blob basically.
#
tantek interesting, https://rhiaro.github.io/thesis/chapter4#standards-and-monocultures criticizes Hubzilla/Zot as monoculture (by section and "isn't clear there is uptake outside of Hubzilla implementations")
#
tantek needs to read all of rhiaro's paper
#
saranix there is slow uptake, but most people only want to half-ass implement the tiny featureset that silos have and be done, but Zot has many features that no one else does.
#
tantek if no one implements a feature, does it really exist?
#
saranix everyone who has implemented Zot has implemented the full stack
#
saranix and yes
#
saranix it exists on hundreds of servers and 4 different software stacks that I know of
#
tantek that "everyone" sounds like "just Hubzilla" per ibid
#
saranix Hubzilla is an interesting case. Y'all might not be aware, but there is even a rift amongst Hubzilla vs Redmatrix
#
sandro puckipedia, yes, postActive is a fork, and I've not evaluated how distinct it really is.
#
tantek saranix, that rift is referred to in the opening quote of https://rhiaro.github.io/thesis/chapter4#standards-and-monocultures
#
tantek sorry, opening quote of https://rhiaro.github.io/thesis/chapter4
#
tantek "If you use Hubzilla, you hate Diaspora, Ostatus, and RedMatrix. / / If you use RedMatrix, you hate Hubzilla."
#
saranix oh hah, yeah... but what isn't mentioned there is that Hubzilla is a fork by the creator of Redmatrix
#
saranix he insists it is an upgrade and not a fork, but it's a fork
#
saranix that's actually where the anger from Thomas' quote comes from
#
tantek In W3C circles the "XML crowd" used to "hate HTML" as well (circa early 2000s)
#
tantek and similarly, the XML "stack" was supposed to be an "upgrade" to the HTML "stack"
#
saranix https://www.xkcd.com/1095/
#
tantek lol
#
tantek saranix++
#
Loqi saranix has 3 karma
#
ben_thatmustbeme haha
#
ben_thatmustbeme nice
#
Loqi hehe
#
saranix remembers that Thomas doesn't like having his s stolen s/Thomas'/Thomas's/
timbl joined the channel
#
tantek finishes reading https://rhiaro.github.io/thesis/chapter4 decides to come back later to start at chapter1
#
sandro meanwhile, I'm arguing with W3C management about their quiet decision requiring everyone to use github to participate -- even comment -- at W3C. Perhaps it's only post-REC; maybe that matters.
#
sandro I guess you're party to this tantek.
#
rhiaro hides
#
tantek sandro, I raised it at the most recent AB meeting
#
sandro +1
#
tantek that we (W3C) should not require everyone to use github, specifically we must not demand W3C participants agree to the ToS of a separate private entity as a condition for participation in W3C
#
ben_thatmustbeme wait, seriously?
#
tantek yes that is what I raised, with those points
#
saranix shakes head that people would even consider it a good idea
#
sandro Just more people selling their soul to silos, because they're so darned convenient.
#
tantek per input feedback from saranix
#
tantek as promised
#
saranix tantek++
#
Loqi tantek has 67 karma in this channel (371 overall)
#
ben_thatmustbeme i guess a self hosted version of gitlab isn't on the table though
#
saranix :)
#
saranix sandro++
#
Loqi sandro has 48 karma in this channel (55 overall)
#
tantek I don't have a good answer. But that does not stop me from asking the questions.
#
sandro tantek, anything public about AB discussion I can link from https://github.com/w3c/specberus/issues/629#issuecomment-316456848
#
Loqi [sandhawke] So are gitlab, and many other system. Selling your soul to github is likely to turn out to be a mistake, in the long run.
#
sandro ben_thatmustbeme, of course the problem with self-hosted gitlab is the SOCIAL WEB problem. It's a ghost town.
#
tantek sandro nothing more public to link to than what I just stated above
#
tantek if you want a public link for "most recent AB meeting", that is https://www.w3.org/wiki/AB/2017-06-MA
#
Loqi W3C Advisory Board Meeting 2017-06 Cambridge
#
sandro Loqi___, pointer?
#
sandro Loqi doesn't do the RRSAgent thing, of giving you a URL to the current conversation?
#
tantek aaronpk, feature? ^^^
#
aaronpk pointer?
#
aaronpk like, permalink to current logs?
#
tantek yeah
#
aaronpk i mean it's in the topic
#
tantek or rather, current *point* in the logs (fragid)
#
tantek the topic that gets reset every time W3C's IRC server restarts :)
RRSAgent joined the channel
#
RRSAgent logging to http://www.w3.org/2017/07/19-social-irc
#
sandro RRSAgent, pointer?
#
RRSAgent See http://www.w3.org/2017/07/19-social-irc#T17-40-39
#
sandro see, hash!
#
aaronpk i guess i could send the hash to the previous message
#
tantek fragment! :)
#
sandro yes, fragment
#
ben_thatmustbeme loqi, time?
#
tantek gets his link
#
aaronpk but the current message doesn't have a link until after it's written to the logs which is after Loqi responds
#
ben_thatmustbeme wasn't there something like that
#
sandro RRSAgent, bye
#
RRSAgent I'm staying, sandro; no access has been specified for the meeting record
#
sandro RRSAgent, make logs public
#
RRSAgent I have made the request, sandro
#
sandro RRSAgent, bye
#
RRSAgent I see no action items
#
ben_thatmustbeme it would just put the current timestamp on to it
#
aaronpk RRSAgent, gtfo
#
RRSAgent I'm logging. I don't understand 'gtfo', aaronpk. Try /msg RRSAgent help
#
ben_thatmustbeme lol
#
aaronpk ben_thatmustbeme: Loqi uses microseconds so there is likely no log message for whatever microsecond he happens to have been invoked
#
ben_thatmustbeme true
#
tantek http://tantek.com/2011/238/b1/many-ways-slice-url-name-pieces#ud fragement predates and is used in more specs than hash
#
tantek applauds sandro for linking him to a github issue wherein he feels compelled to thumbs-up reacji nearly everything sandro commented regarding not exclusively requiring github
#
saranix totally right about haggling over the price
#
tantek I believe https://github.com/w3c/specberus/issues/629 is the only issue in existence where sandro, tantek, and chaals actually agree in contrast to others.
#
saranix well it's all right.
#
Loqi [marcoscaceres] #629 Don't require mailing list
#
tantek though I also agree with the original issue description: don't require mailing list (obv)
#
sandro I know -- I'm not used to agreeing with chaals
#
sandro sure
#
sandro or chaals agreeing with me
#
tantek is just going to point out that the only biggest reason the "just use github" thing is an issue is superior UX, that no other decentralized attempt has come even close to
#
tantek and if you say "self-hosted" you've likely already lost the UX discussion
#
jaywink btw, the-federation.info is missing two new projects that federate using the Diaspora protocol. Socialhome (https://github.com/jaywink/socialhome <-- mine) and GangGo (https://github.com/ganggo). I'm the author of the-federation.info, btw. Plan is to include non-Diaspora protocols there too, just haven't had time to do anything. Also, Mastodon doesn't seem to have an endpoint for statistics, the
#
Loqi [jaywink] socialhome: A federated social home.
#
jaywink statistics site they have doesn't seem to be open source so not sure how it works.
#
tantek jaywink++ wow well done
#
Loqi jaywink has 5 karma
#
sandro tantek, do you mean UX in terms of social critical mass? Or the UI design of github being better than gitlab?
#
tantek I thought donp was running a Mastodon stats site. he showed it to me during IndieWebSummit (can't remember URL)
#
tantek UX apart from social critical mass
#
tantek the good UX came first, not the social critical mass
#
aaronpk he's running a thing that charts the data from instances.mastodon.xyz
#
jaywink I logged this issue for a stats route: https://github.com/tootsuite/mastodon/issues/874 .. AFAICT instances.mastodon.xyz does web scraping or something
#
Loqi [jaywink] #874 Active users statistics from instances
#
saranix "superior UX, that no other decentralized attempt has come even close to" - this is a symptom of what I described earlier that the popular decentralized projects only try to copy the tiny featureset from silo "microblog"/tooting and nothing else. They just stop right there... lazyyyyy
#
tantek is going to print out https://www.xkcd.com/1095/ when he gets to work and add it to existing collection of 386 and 927
#
tantek saranix, where you say "lazyyyyy" I'm saying "It's difficult"
#
saranix tantek: federation and consensus: difficult, but self-implementing, no. And no one (besides Zot) has tried self-implementing extra features.
#
jaywink what would be really interesting would be a standard way to expose statistics and metadata. Diaspora has NodeInfo but IMHO it's not good design: http://nodeinfo.diaspora.software/ .. maybe something for the SWICG :P
#
tantek even cloning that bird site is pretty tough: https://indieweb.org/Twitter#Features
#
saranix tantek: still disagree :)
#
tantek no one has cloned the bird site :)
#
saranix I would never want to, it's useless crap :)
#
tantek just small subsets of
#
tantek sure that's a different question :)
#
tantek does not dispute that cloning it is difficult
#
saranix but that's a different question than whether it's difficult to copy features from non-social apps and make them social
#
tantek notes it's been way more than 15min since cwebber2 left and wonders if we scared (scarred?) him away
#
tantek yes, also a different question
#
saranix jaywink: it would be nice for a slightly better version of that standard for sure
timbl and timbl_ joined the channel
#
tantek alright new question re: following as a feature. Who here has a "Follow" button on their personal site? and how does it work?
#
tantek just discovered support for "webcal:" links appears to have dropped in major browsers
#
saranix Side note re: lazy vs difficult-- There are so many things that for some reason people think are difficult but they come super easy to me, but I literally can't spend any time showing the way because I'm spending 100% of my time "earning" food/shelter money... I suspect there are...
#
jaywink my personal website runs on Socialhome and I can follow anyone from the Diaspora protocol powered network. I chose a Twitter style follow, ie if I follow someone, they don't have to follow me back. There is no approval for the follow, since it doesn't exist in the Diaspora protocol. I personally find it an odd use case anyway. I don't see why I should be able to approve who follows my public posts?
#
jaywink Private posts are targeted anyway to various lists (well, will be :)).
#
jaywink (assuming tantek meant discussing follow in general, not embedded follow widgets like facebook has)
#
saranix ... many hundreds of thousands if not millions of more people like me, who have solutions but can't implement them for the same reason... mathematically speaking it's the only thing that makes sense with 7 billion people and the number of solutions out there...
#
saranix ...so when I criticize "lazy", it's from the standpoint, of these people have so many resources, hours and people, to make a product, and they waste it on only implementing tooting, it's kind of frustrating...
#
saranix UBI++
#
Loqi ubi has 1 karma
#
saranix none of this would be an issue if UBI were a thing
#
tantek saranix I don't think difficult vs easy can be separated from cost of time and money which you refer to, I believe that is why we disagree on the use of those terms.
#
tantek I'm saying things are difficult if they cost (too much?) time and money (to build, use, maintain), indepedenent of any conceptual ease or simplicity.
#
saranix but I have 0 hours, whereas these tooting projects have "used" 1000's of hours on nothing
#
tantek have 0 hours = everything is infinitely difficult
#
saranix exactly
#
tantek and nothing is easy
#
saranix well
#
saranix besides the point I'm making though
#
tantek no - the presence (or past usage) of time is no indicator that any additional task would be easy
#
saranix no no no
#
tantek jaywink I'm interested in both
#
saranix my point is, I have 0 hours, *if* I had 1000 hours, like these other projects had, then I would've implemented it. With *their* 1000 hours, they implemented effectively nothing.
#
tantek that is precisely the software engineering estimation fallacy that I'm criticizing
#
saranix it's not a fallacy
#
saranix I'm not estimating either. I'm 100% sure my implementation would be more feature-rich if I had those 1000 hours. 100% sure. Not an estimation.
#
saranix The reason I'm so sure, is because I can see, visually, with my weird brain, the entire process end to end, step by step, and nothing is unclear.
#
saranix I can even see code. But to type it into a screen with these feeble hands that can only go ~180wpm
#
saranix would take lifetimes
#
tantek lifetimes != 100% certainty in 1000 hours, which itself is an extraordinary claim (100% certainty of any project estimation), and "extraordinary claims require extraordinary evidence".
#
saranix Don't make me angry again. Dismissing because no proof means you are 100% dooming me to failure because of my inaccassibility to funds. That's wrong.
#
saranix "but I literally can't spend any time showing the way because I'm spending 100% of my time "earning" food/shelter money"
#
saranix with 0 hours, it's infinitely impossible for me to win this argument by your conditions
#
tantek do you know examples of anyone in history who can/could "see ... the entire process end to end, step by step, and nothing is unclear"? that's where the root of the skepticism is - no existing implementation was built that way so it's not unreasonable to be skeptical that any could be. you might be the first, but then that's the "extraordinary claim" aspect.
#
saranix lifetimes vs 1000 hours I was talking about 2 different things
#
tantek and regardless, it's unreasonable to compare others spending actual time vs assertions of theoretical spending of time
#
tantek the two are never comparable in practice. c.f. mythical man month
#
saranix IF you knew what I know...
#
tantek hence why I ask questions
#
saranix I have life experience to inform my estimations, backing it up. You can't see inside my brain to see those experiences, assuming they don't exist because I can't give you links is ignorant
#
tantek not "assuming they don't exist" but rather, questioning in the absence of evidence
#
saranix evidence which is impossible to provide
#
saranix thereby just shutting down the convo
#
tantek no, claiming evidence is impossible to provide is making an appeal to faith, a religious argument
#
saranix No, it isn't
#
saranix It's respecting another human being, taking them at their word that they aren't full of shit
#
tantek human beings deserve respect. ideas and words deserve questioning
#
saranix you aren't even allowing for the possibility, that's not the same as questioning
#
tantek connecting those two (or not) is up to each individual for themselves
#
tantek no, I'm noting the extraordinariness of the claim, not the impossibility thereof. and thus requiring extraordinary evidence. not my quote: https://www.google.com/search?q=%22extraordinary+claims+require+extraordinary+evidence%22
#
saranix You *think* the claim is extraordinary, my life experience informs me that it is a widespread truth, you aren't listening to me when I say that
#
tantek yes, a claim which has no other examples is extraordinary
#
saranix I have examples, in my life
#
saranix you can't see those
#
saranix I'm repeeating myself
#
tantek again appeal to "unseeable" evidence is no more than claiming evidence is impossible to provide, again, an appeal to faith
#
saranix Faith that I'm telling the truth tantek. If you don't respect that then you aren't having a respectful conversation. I wish you would finally get that.
#
tantek again, there is a difference between questioning an idea (which is respectful), and being respectful (to a person)
#
saranix If you say "prove it" to everything, I have no way to change the tone of the conversation. It is literally impossible. You are making it impossible. GRR
#
tantek not everything, and not "proof", just evidence to start with, especially for extraordinary claims
#
saranix but it's *not* extraordinary. I'm sorry your life experience is limited to not seeing these events, but if you were respecting me, you'd give me the presumption that I'm telling the truth about MY life experience... and continue the conversation on the basis of that presumption. To do otherwise is rude as fuck
#
tantek this all started with disputing your assertion of "It's not that difficult"
#
tantek without evidence, yes, I am rejecting that assertion
#
tantek it's extraordinary in that there is only one (claimed) example, yourself self-claimed.
#
saranix in this room. in your limited experience. I'm telling you otherwise. Respect would dictate that you'd take me at that, and continue.
#
saranix but you are dwelling
#
saranix and I have no time for this
#
tantek not respect no, you are asking for faith to "take me at that"
#
saranix No, I'm asking that you take the stipulation in order to have a productive conversation about it instead of being so nihilist
#
tantek everyone's experience is limited, that's orthogonal, and also why we ask questions
#
tantek there is nothing productive about claiming "It's not that difficult" without backing it up
#
saranix Yes, and a conversation therefore requires stipulations, and you aren't allowing me to make a stipulation.
#
saranix There is nothing productive about shutting down a conversation because you are incredulous of the premise.
#
saranix nor respectful, I say
#
tantek there is, science require rejecting assertions without evidence or even proposed experiments to test them
#
tantek requires*
#
saranix See now you're being rude again by appealing to the elistist "but science"...
#
tantek labeling science as "elitist" is an appeal to anti-intellecutalism which is bordering on that very populism you railed against
#
saranix the rules of science aren't the rules of having a respectful/productive conversation, and you know that
#
saranix you're being elitist by *saying this is about science*
#
saranix as if I don't know science
#
saranix it's completely orthogonal to the conversation we are having
#
tantek it is precisely the conversation, see the link above. questioning assertions, ideas, etc. are core to science, without any assertion to your knowledge or not
#
tantek tl;dr: "It's not that difficult" - if so demonstrate it
#
tantek or point to someone else who has demonstrated it
#
tantek etc.
#
saranix tl;dr "but I literally can't spend any time showing the way because" -- you're ignoring the entire first sentence that brought up the conversation when saying what the conversation is about
#
saranix You are making it about that and that is precisely what is so rude
#
tantek no it is quite reasonable to reject claims of proof / evidence etc. that are caveated with "no time"
#
saranix no it is not respectful when someone is telling you about their life experience and hardships to make the conversation about something else
#
cwebber2 I'm not scared or scarred, though I did intentionally leave the conversation (and went to lunch and to do a grocery run)
#
cwebber2 and I'm not jumping back in either :)
#
tantek there may even be a theorem here: if it is difficult to even show evidence for something being not difficult, then it is reasonable to conclude that absent any evidence that something is also difficult
#
saranix cwebber2: you definitely don't want to, this is such a waste of time
#
saranix tantek: stop making this about what you want it to be about
#
saranix If you wanted to talk about the merits of UBI, or whether my statistical assertions were reasonable, that would be one thing, but you are just being a dick at this point
#
tantek saranix, that's quite a rude request.
#
saranix no it isn't, the convo started when I told you about a *personal experience*
#
tantek when the topic "follow" "federating follow" is quite core to this venue
#
saranix respect dictates that you don't change the convo to be about you when someone is starting by telling you about themself
#
tantek no the conversation started with https://chat.indieweb.org/social/2017-07-19/1500481574919000
#
Loqi [tantek] perks up at the follow discussion, actually really interested in how to federate follow in a MVF way
#
saranix No, that convo ended. *this* convo started when I gave my personal experience
#
tantek puckipedia asked about MVF and then you claimed " It's not that difficult"
#
saranix there was like hours in between
#
tantek no, this is literally still a rabbithole of that conversation
#
saranix No
#
tantek so yeah, you're right it is not productive because in all this time you've provided nothing to back your claim of " It's not that difficult"
#
saranix You are disrespecting what was a personal experience story. You need to understand that.
#
saranix You should've just ignored it if your intention was not to antagonize me.
#
tantek you are doing precisely what you claimed "change the convo to be about you" by "personal experience story"
#
saranix No, I started the convo! There was hours in between!
#
saranix You responded to my first message
#
saranix so that's what the convo is about
#
jaywink guys, take a break :P
#
tantek I am still trying to have a conversation about follow, which is what I cited above. I don't know what "first message" you're talking about saranix, you'll have to link such references
#
saranix I would've just walked away long ago, but now I really want tantek to understand his social faux paux
#
tantek saranix, that's fairly arrogant to assume and assert any kind of social evaluation of a faux paux or not, and frankly I'm not interested
#
ben_thatmustbeme jaywink, btw, does your new code do websub?
#
saranix https://chat.indieweb.org/social/2017-07-19/1500489959247000 <-- conversation started here. Look at timestamps, other convo was hours earlier
#
Loqi [saranix] Side note re: lazy vs difficult-- There are so many things that for some reason people think are difficult but they come super easy to me, but I literally can't spend any time showing the way because I'm spending 100% of my time "earning" food/shelte...
#
tantek jaywink, re: https://chat.indieweb.org/social/2017-07-19/1500490001779000 yes I am interested in both, but my question was specifically whether anyone actually shows an (interactive) "Follow" button on their personal site
#
Loqi [jaywink] (assuming tantek meant discussing follow in general, not embedded follow widgets like facebook has)
#
tantek to be clear, for people visiting your site to use, rather than yourself
#
saranix I specifically say "side note"... the side note was about me, and my struggle, and you crapped all over that by diverting the convo to the previous quagmire
#
cwebber2 <jaywink> guys, take a break :P
#
cwebber2 +1 breaks are great
#
cwebber2 I got pie on my break
#
cwebber2 pie is great
#
jaywink ben_thatmustbeme: no. I started with the diaspora protocol, since that is what I know. I don't actually have that much knowledge about websub, but should probably look at it more closer at some point ?
#
jaywink AP is next for me, as soon as we agree on signatures! :D
#
jaywink is hopeful
#
cwebber2 jaywink: sounds like everything's converging on http signatures at least, even if LDS isn't happening for now... which I think is probably Good Enough for what we need to make interop work securely
#
cwebber2 I'm pretty happy about it.
#
tantek what is Socialhome
#
jaywink tantek: then for my personal site the answer is no - except if they manage to create an account on my instance then they can log in and follow me. This is one of the things that would make decentralized sites so awesome :P
#
tantek jaywink, this? https://github.com/jaywink/socialhome
#
Loqi [jaywink] socialhome: A federated social home.
#
jaywink tantek: yes
#
tantek cool
#
tantek nice name :)
#
jaywink thanks :)
#
tantek does "create an account on my instance" work with "just" providing a URL? or is it the classic email/pw ?
#
tantek (sorry if that's a dumb question)
#
jaywink invitations are closed on my instance. basically an account would mean a local account on my instance. there is a public instance at https://socialhome.network - it federates of course, but without logging in you wouldn't be able to follow anyway (to answer your question of following from another site)
#
jaywink invitations == registrations
#
tantek ok I think I understand
#
jaywink basically like you can't follow a facebook user using a twitter account by visiting their facebook profile ;)
#
jaywink (but then you can't anyway lol)
#
tantek regarding a MVF of a Follow button, would those orange RSS chicklets qualify?
#
tantek (asking people's opinions)
#
ben_thatmustbeme jaywink: implementing publishing is pretty stright forward for any type of feed format, just a few rel links and then pinging an existing hub to push updates to subscribers
#
jaywink ben_thatmustbeme: ? for sure it makes sense to do. I'll log an issue right away :)
#
ben_thatmustbeme isn't diaspora working toward replacing their API currently?
#
tantek finds https://www.rss.com/whatisrss
#
ben_thatmustbeme jaywink++
#
Loqi jaywink has 6 karma
#
jaywink ben_thatmustbeme: with API do you mean the REST API or the federation protocol?
#
ben_thatmustbeme ohh, is that it, they are creating a REST API in addition to the federation protocol?
#
saranix jaywink: for diaspora AP are you guys planning to populate https://www.w3.org/TR/activitypub/#source-property ? (I hope yes)
#
jaywink yes the REST API is for local users to interact with their account - for mobile clients for example. The federation protocol is just for server to server.
#
jaywink saranix: I'm not with Diaspora project since 1,5 years :P I use it and implement the protocol in my own server (Socialhome)
#
saranix oh wow
#
saranix so who represents Diaspora in the CG?
#
ben_thatmustbeme from what i have heard, diaspora has not shown much interest in working with the CG
#
jaywink saranix: whether Diaspora is hacking on AP I don't know. Diaspora has renewed it's own protocol recently with various fixes and improvements.
#
saranix I kind of secretly like the diaspora protocol...but mostly because it uses XML :-P
#
jaywink I work with the diaspora protocol - that is why I keep mentioning it as examples :D
#
cwebber2 jaywink has supplied us with a lot of useful info about how Diaspora works though, and what its concerns and needs are, even if not working ont he project directly right now
#
cwebber2 which I appreciate, thanks jaywink !
#
cwebber2 there was another Diaspora person who showed up briefly but I think they didn't continue in the CG iirc.
#
ben_thatmustbeme great jaywink, tis always good to have more input from different perspectives
#
cwebber2 or at least, not at the moment
#
ben_thatmustbeme DenSchub: is from Diaspora
#
DenSchub huh what when how what? yes, yes I am!
#
ben_thatmustbeme speak his name, and he shall appear :P
#
jaywink the diaspora protocol (now that is has some documentation and doesn't have to be reverse engineered :P) is good in the sense that it is absolute to how things work. No need to guess how things should go. I hope AP defines more strictly soon how delivery for example is supposed to work, once implementations actually get stuff working.
#
DenSchub ben_thatmustbeme: irc highlights, they are a thing!
#
DenSchub sorry, but i simply don't have the resources to read everything. however, jaywink also knows the protocol very well and he is in touch with the person mainly implementing it, so i totally trust him in answering questions :p
#
cwebber2 ha :)
#
cwebber2 hi DenSchub
#
cwebber2 I'm not good with names, so I apologize :)
#
saranix So I've read rhiaro's social protocol summary (too lazy to hyperlink, but you guys know which one), but I still don't understand why, if you've implemented ActivityPub, that you would want to also implement WebSub... anyone?
#
cwebber2 saranix: cross-compatibility with existing sites
#
saranix thought that was it... hmm
#
cwebber2 well
#
ben_thatmustbeme PubSubHubbub is very widely deployed and in use for social apps
#
cwebber2 some people are also still excited about it as its own protocol and it continuing :)
#
ben_thatmustbeme but was never fully specified, it had some holes
#
cwebber2 and that's a-ok, and I think work on it is good
#
ben_thatmustbeme and a bad name
#
saranix almost seems like it's begging for a fracturing of the federation though
#
cwebber2 WebSub as a reification of things is good
#
cwebber2 saranix: the federation has *been* fractured for a long time :)
#
cwebber2 I think AP and WebSub folks talking has probably been helping
#
cwebber2 we're the closest we've ever been to uniting the fediverse, though granted it hasn't happened yet :)
#
ben_thatmustbeme it was brought up pretty early, that 2 stacks isn't great, but its better than having no specs and getting a bunch of different stacks popping up
#
saranix I'm pretty darn excited about AP. I wasn't a year ago, but now I feel like it nearly supports 100% of the more complicated usecases with extensions, albeit with a few caveats
#
saranix err, I guess I was looking WebSub a year ago...don't think I even heard of AP til fairly recently
#
puckipedia looks away for 30 minutes and somehow the discussion went into incredibly positive
#
saranix grumbles tantek was bringing it down
#
ben_thatmustbeme saranix: i think that was you too
#
saranix I was trying to get him to understand he was making it an unsafe space, otherwise I would've walked away. I hate arguing. Especially when it's obvoius the other party has no intention of budging their position
#
cwebber2 puckipedia: I think it's because I reminded everyone that pie exists, and is good
#
cwebber2 :)
#
puckipedia so a thing I was wondering about
#
ben_thatmustbeme in rereading the conversation though, you came off as extremely arogent, claiming you know for sure you can implement things that other people cannot, you basically just insulted all the mastodon devs directly
#
saranix on edge of seat
#
saranix yes puckipedia?
#
puckipedia hm. Diaspora and such are best compared to Facebook, I would guess? Or maybe Google+ circles
#
saranix ben_thatmustbeme: claiming superior skills can sound arrogant, if you ignore the context
#
cwebber2 puckipedia: yeah, Diaspora actually came up with these first
#
cwebber2 and G+ and Facebook adopted them
#
cwebber2 aspects in Diaspora
#
puckipedia and GNU Social and Mastodon look more like Twitter
#
cwebber2 but yeah
#
cwebber2 yep
#
cwebber2 puckipedia: that's very true yup
#
cwebber2 those are the two predominant designs
#
saranix groups? what are the differences?
#
puckipedia and we're trying to get two systems that have many differences to cooperate
#
cwebber2 and activitypub can technically serve both, but whether there will be a UX hybridization has yet to be seen
#
cwebber2 saranix: it's primarily "public by default" or "private by default"
#
cwebber2 and how you expose the UX for that
#
cwebber2 that's really the whole crux of it IMO
#
saranix doesn't leak into the protocol though...we have envelopes for that?
#
puckipedia I wonder if I should write down basically how these two systems would work in ActivityPub
#
cwebber2 so, I agree it's "not a protocol issue", but in reality
#
cwebber2 users will be using clients that may present things differnetly
#
ben_thatmustbeme goes back to playing with socialhome
#
cwebber2 so while I disagreed a lot with tantek today, I do agree that UX is important, but really I think this is more about opening a dialogue about how these things will be seen
#
saranix "clients that may present things differnetly" <-- feature++
#
cwebber2 well maybe it is, maybe it'll force some assumptions to break down and it turns out that's helpful, but it's likely be very awkward in the middle
#
puckipedia I wonder.. There's one feature in ActivityPub which is kinda weirding me out because I personally don't think it has any use
#
ben_thatmustbeme jaywink++
#
cwebber2 but
#
puckipedia or could actually be properly implemented
#
ben_thatmustbeme jaywink, feature request: mf2 markup so i can parse posts
#
jaywink ben_thatmustbeme: lots of very basic things missing still :P but have fun!
#
puckipedia https://www.w3.org/TR/activitypub/#inbox-delivery I think this can't be implemented properly, because of authentication
#
cwebber2 I think XMPP Multi User Chat has a good example of a protocol technically supporting everything, but clients never succeeding
#
puckipedia I can't verify you're in a collection that is not owned by the server
#
cwebber2 dramatically superior to IRC in protocol design
#
cwebber2 but all the clients that supported it were designed for Pidgin-style IM sessions
#
jaywink ben_thatmustbeme: sure it could be done - unfortunately wont be top of my list but I'll log it to the tracker ?
#
cwebber2 and the UX of joining a multi-user-xmpp chat in pretty much every client
#
cwebber2 is still unsatisfying
#
ben_thatmustbeme don't worry, you may just get a PR from me on that :)
#
jaywink hehe great :)
#
saranix XMPPs impl failure was in having a confusing XEP system... it overwhelmed developers before they even started
#
saranix I think AP will succeed because I think that already there's almost a dozen impl being written
#
saranix and there is really good diversity low-key (not everyone represented in CG though)
#
cwebber2 saranix: Multi User Chat seemed pretty well understood though
#
cwebber2 I still think that one failed for application adoption issues
#
jaywink puckipedia: what do you mean about "can't be implemented"? the delivery is done by the receiving server onwards to other servers, so authentication shouldn't be an issue (afaik I understood the problem here)
#
cwebber2 puckipedia: ah yeah
#
puckipedia jaywink: actually .. ehm. wait, correction
#
cwebber2 puckipedia: I know what you're talking about
#
puckipedia jaywink: inbox forwarding. the server that receives the message then forwards it
#
cwebber2 puckipedia: you sign up to a Collection, like it's a mailing list
#
cwebber2 are you really part of it?
#
cwebber2 is one example
#
puckipedia jaywink: but it can't do that, because it's not authorized to act in name of that server
#
saranix puckipedia: if I understand you right, I have a private Collection (mnemberlist private), and I want to deliver to the collection, my server knows it has to explode the collection to a list of names when delivering to their inboxes
#
puckipedia saranix: no, I mean the other thing
#
puckipedia wait I linked the wrong thing :<
#
puckipedia I linked the right thing. inbox forwarding
#
puckipedia ... wait, okay, well, I think I did something wrong myself
#
puckipedia I think I started confusing myself
#
cwebber2 ah
#
jaywink User A makes Like to Note of User B. User B server should forward it to other people that received the note
#
puckipedia well, authentication is still an issue
#
jaywink User C who receives Like of User A from User B should verify it
#
jaywink somehow :P
#
cwebber2 jaywink: right, it's not User A's server that does the forwarding, and right
#
cwebber2 well
#
cwebber2 and actually there's a problem where looking it up with user C's credentials is not enough
#
puckipedia cwebber2: tbh, inbox delivery I fix by allowing you to see all items in your own inbox. withotu checking authentication
#
cwebber2 because the reason they may have gotten it is because it was forwarded and user A's server doesn't know who's in the collection
#
puckipedia but that brings other issues with it
#
jaywink *cough* signatures *cough*
#
cwebber2 jaywink: yep
#
cwebber2 LDS would help here.
#
puckipedia jaywink: yes yes yes. but that doesn't fix the issue that you can't verify that you are allowed to see the object
#
puckipedia s/yes./yes :P/
#
puckipedia e.g. a message to from https://a.example.com/user to https://b.example.com/user, sent to: ["https://a.example.com/collection","https://b.example.com/collection"]
#
puckipedia now b.example.com/someoneelse wants to see the object. server b checks its https://b.example.com/collection, but someoneelse isn't there. Now what? Deny authentication? Try to get it on a.example.com and hope it works?
#
puckipedia or imagine a user on a.example.com trying to get it, but they aren't in a.example.com/collection
#
puckipedia and both collections are private of course
#
puckipedia okay you know I'm going to finish JSON-LD support
#
jaywink b.example.com/someoneelse should definitely not see the object in this case? I don't see why b.example.com/user would ever have forwarded it to that user. Assuming I understood the problem description.
#
cwebber2 puckipedia: well, maybe just assume that if you got the signed object delivered to your inbox, you can see it ;)
#
cwebber2 it's different for the siteInbox
#
cwebber2 hey, I can read everything that hits my email inbox, so...
#
puckipedia jaywink: b.example.com/someoneelse is in a.example.com/collection
#
puckipedia cwebber2: yes, but someone else could've delivered it *with* the signature
#
cwebber2 right if it has the signature
#
cwebber2 then you know it's legit
#
cwebber2 and you can read it
#
cwebber2 servers shouldn't be forwarding people stuff they shouldn't read
#
jaywink puckipedia: ok but then b.example.com/user would not deliver it as a forward :)
#
cwebber2 right!
#
puckipedia cwebber2: you would not send the signatures to the client?
#
cwebber2 puckipedia: sure it can go to the client too, I don't see how that's a problem
#
puckipedia because then the client could use the signed object and send it to someone else
#
cwebber2 but it's the server that usually makes sure it's legit before handing it to the client
#
cwebber2 puckipedia: I can forward a private email too...
#
puckipedia and now it's in their inbox and you skip authentication? :P
#
puckipedia cwebber2: but it wouldn't update though?
#
puckipedia a private email won't update if it's changed. an AP object will
#
cwebber2 a signature won't be valid if it's updated?
#
cwebber2 puckipedia: you might get an old copy of an object and never get an update, that's true
#
puckipedia I mean. I would insert the ID ofthe activity into the inbox. and it'd automatically update for everyone on the server at the same time
#
jaywink rogue servers could skip checking any proof of authorship and dump every private message out to google - not much that can be done except either encrypt or not share with a rogue server :P
#
cwebber2 updates do make things tricky but
#
cwebber2 you could look at the timestamp
#
cwebber2 and pick the latest one
#
cwebber2 if they're both signed by the actor
#
cwebber2 then it should be trustable that it really is the newer one
#
puckipedia I mean. I would verify the signed upda- ooh no
#
puckipedia wait, no, not an issue
#
cwebber2 yeah
#
cwebber2 I think it's fine actually!
#
cwebber2 the key is signing the object
#
puckipedia I would personally sign the object, but all the objects flattened out
#
cwebber2 no pun intended
#
puckipedia but how would that work with updates? but then I realised, the object itself is signed too
#
cwebber2 yep!
#
cwebber2 and since it has a timestamp
#
cwebber2 you can identify it
#
cwebber2 see?
#
cwebber2 I'm not totally crazy for pushing for signatures
#
puckipedia well, we need to specify how to sign
#
cwebber2 I'm glad other people in this channel aside from myself and jaywink are coming to conclusions on their own ;)
#
cwebber2 yeah
#
cwebber2 that's true :)
#
puckipedia saranix had the idea of also signing specific values from *inside* the object. but I personally think that's a bad idea
#
cwebber2 but for a long time this group has been predominantly anti-signatures
#
puckipedia cwebber2: butthen we realised we can't do without :P
#
cwebber2 :)
#
jaywink cwebber2: I just come from using a protocol that works like this - and it works ;)
#
puckipedia if you sign data from inside, you have to verify by unflattening the objects
#
cwebber2 puckipedia: well ok, if you sign an object in LDS
#
cwebber2 you're signing it as either embedding the objects or not
#
cwebber2 take a look at the nquads on http://dpaste.com/1ACY96B
#
puckipedia hm. Can we somehow spec that out?
#
cwebber2 puckipedia: you mean specify whether or not you *should* sign the child objects?
#
puckipedia cwebber2: yes
#
cwebber2 I mean really, you can see whether it did and leave it to server's choice
#
cwebber2 just by seeing whether they chose to include the full object
#
cwebber2 though, storing the choice if you want to reproduce it
#
puckipedia well. one issue with that
#
cwebber2 *that* may be tricky
#
cwebber2 is that your one issue? :)
#
cwebber2 because I agree that's a tricky thing
#
puckipedia as a server, if I deliver e.g. a Create activity, I want to embed the object inside, so the receiving server doesn't have to do another roundtrip
#
puckipedia but then I have to sign the thing in total
#
puckipedia but I would sign every object separately
#
cwebber2 puckipedia: you can do both
#
cwebber2 puckipedia: oh, though I see what you mean
#
cwebber2 you can sign the "child" objects on their own
#
cwebber2 but the entire thing, you have to sign as one thing
#
cwebber2 that's true.
#
cwebber2 if you're doing in one payload.
#
cwebber2 puckipedia: what's wrong with signing as one payload though?
#
cwebber2 puckipedia: the main problem I see is storage of each object along with its signature
#
cwebber2 s
#
cwebber2 if you want to forwad them along
#
jaywink for s2s wouldn't it always be one child?
#
puckipedia jaywink: I unflatten to a depth of 3 always
#
puckipedia cwebber2: maybe we can just specify you json-ld flatten it and sign each object? :)
#
cwebber2 puckipedia: heh :)
#
puckipedia but, hm
#
cwebber2 puckipedia: the tricky thing, which I think you're getting but I want to say out loud
#
cwebber2 is if I want to
#
cwebber2 {Like {Accept {Offer}}} ;; like that someone accepted some sort of proposal
#
cwebber2 {Accept {Offer}} could be transmitted as
#
cwebber2 {"Accept" {Offer}}
#
cwebber2 or
#
saranix flatten objects https://ecogirlcosmoboy.files.wordpress.com/2011/05/monty-python-foot.jpg
#
cwebber2 {Accept <offer-uri>}
#
cwebber2 and those would be signed differently
#
puckipedia yep!
#
cwebber2 puckipedia: I agree this is a problem.
#
puckipedia and would you sign the object with the uris, or would you sign the payload?
#
puckipedia if you sign the payload you can't pass it on
#
cwebber2 puckipedia: maybe I should take this to the verifiable claims community group
#
cwebber2 get their advice
#
cwebber2 puckipedia: oh you can pass it on if you sign the expanded one
#
saranix we sort of touched on this over the weekend
#
cwebber2 but you have to consistently either flatten or unflatten
#
saranix about assurance symantics
#
saranix if you sign the object, you are assuring the object integrity, if you are signing the url, you are not
#
cwebber2 saranix: right that's true
#
ajordan saranix: would you be okay with https://github.com/w3c/activitypub/issues/246#issuecomment-316420431 as a resolution to the Collection size issue?
#
Loqi [cwebber] Yeah I think it should go in security considerations. I'd be good with that.
#
saranix oh hmm, those comments are missing my later normative references about the Prefer: header
#
saranix err informative i guess
#
saranix ld-sigs group
#
saranix I think. Will probably have to find it in the IRC logs, I don't think I have those windows open anymore
#
puckipedia <saranix> if you sign the object, you are assuring the object integrity, if you are signing the url, you are not <- okay, hm
#
puckipedia user A posts a note. user B posts a reply and signs it (including user A)
#
puckipedia user C posts a reply to user B, and signs it (including user B's reply, which includes user A's reply, because signature)
#
puckipedia etc etc etc.
#
puckipedia now user ZZ gets the reply user ZY posts. does that mean it contains all the replies from A-ZY?
#
puckipedia you can't remove any of the inReplyTo, because it breaks the signature
#
cwebber2 puckipedia: I usually don't include the inReplyTo object as something expanded
#
cwebber2 but you're right
#
cwebber2 if you started adding and signing it
#
cwebber2 you force the payload to grow
#
cwebber2 or
#
cwebber2 another way to do it actually
#
cwebber2 is cut the chain yourself!
#
cwebber2 even if you got
#
saranix puckipedia: no, ZZ can have an object that inReplyTo is a url
#
cwebber2 {Note inReplyTo {Note inReplyTo {Note}}}
#
saranix "cut the chain yourself" <- this
#
cwebber2 you can just {Note <link>}
#
cwebber2 yep
#
cwebber2 saranix: you got it
#
jaywink always signing the object itself, not including other objects
#
puckipedia saranix: but then user ZY can change the object, and trick you into replying something stupid
#
cwebber2 jaywink: or just not embedding the object
#
jaywink cwebber2 yes, exactly
#
saranix puckipedia: UI issue as discussed before
#
cwebber2 puckipedia: that's always a risk in a mutable system
#
cwebber2 though
#
saranix puckipedia: UI should convey what is and what isn't signed
#
cwebber2 you can keep around their old object, maybe
#
cwebber2 if you still have their old object, you'd know and could present it
#
cwebber2 if you overwrote it, tough luck
#
cwebber2 this is one reason that I started thinking about the append-only approach in http://dustycloud.org/blog/an-even-more-distributed-activitypub/
#
cwebber2 but
#
cwebber2 I think nightpool raised that some users prefer that mutability is propagated
#
cwebber2 you can't force someone to remove their old copy (and with signatures you can prove it)
#
cwebber2 but maybe you wanted to fix what you said
#
cwebber2 that's going down a rabbit hole though
#
cwebber2 we aren't building that system at present
#
puckipedia I mean more the DoSing by requiring the object to contain a million nested objects in order for the signature to be valid
#
cwebber2 puckipedia: there's no requirement that you keep the nesting
#
cwebber2 *only* if you want to share the child object
#
saranix yeah
#
cwebber2 puckipedia: you're right, if you want to keep it around to prove they didn't make a fool of you
#
cwebber2 though if you were doing that
#
puckipedia . o O ( an object that refers itself, and you have to include it in itself for 100000 times for the signature to be valid )
#
cwebber2 you're maybe such a cyber-necromancer that you could still keep around the old object and even if you linked to its uri, you can present it
#
cwebber2 puckipedia: lol, that would be nonsense and also
#
cwebber2 puckipedia: it turns out that if you presented it in n-quads
#
puckipedia it de-nests itself?
#
cwebber2 it would be as efficiently stored as one level deep :)
#
cwebber2 yep
#
puckipedia oh frick yep
#
cwebber2 :D
#
puckipedia I suddenly realised how n-quads look
#
saranix ajordan: re: https://github.com/w3c/activitypub/issues/246#issuecomment-316420431 I was thinking we add something similar to https://www.w3.org/TR/ldp-paging/#ldpp-client-advertise but more specific to AP and less RDF
#
Loqi [cwebber] Yeah I think it should go in security considerations. I'd be good with that.
#
cwebber2 saranix: I think we should add an extension to handle requesting paging settings
#
cwebber2 as ajordan said, as far as security goes, someone could "request" a size, and the server could still lie
#
cwebber2 so the receiver still has to be on-guard anyhow, or people still need to play nice
#
cwebber2 so I think security considerations is a good fit
#
saranix cwebber2: yeah, 2 seperate things though, the ldp-paging-style thing should be in the spec I think
#
saranix cwebber2: so people at least know what a proper Prefer header looks like
#
cwebber2 saranix: I'd like it also, but unfortunately I think it's too late to get that in
#
cwebber2 that's a big normative change and I'm not convinced we'd get it right in time
#
cwebber2 puckipedia: yeah we've had some convo in here about how database design influences thinking
#
cwebber2 and lately we've just been talking about relational vs document store approach
#
cwebber2 but this group does have people thinking in terms of graph stores too ;)
#
cwebber2 even if they've been more quiet lately
#
cwebber2 triple/quad stores
#
puckipedia wait, aren't -- oooooh
#
puckipedia I SHOULD TRY THAT
#
cwebber2 haha!
#
cwebber2 you would probably love it puckipedia
#
Loqi rofl
#
puckipedia I realised that was the thing I missed to get it properly into a database
#
puckipedia really fast searching on any attribute
#
puckipedia without being stuck to one database
#
saranix yeah, you have to pretty much choose one
#
cwebber2 I wish postgres had good out of the box support for quad/triple stores
#
cwebber2 the way they've adopted support for document store stuff with jsonb
#
saranix cwebber2: it does sort of... has xml AND json indexing :-)
#
cwebber2 saranix: hm, not the same thing
#
cwebber2 though I agree that's cool
#
cwebber2 those are tree structures
#
cwebber2 graph structure is a lot more flat
#
saranix more like DAG
#
cwebber2 not directed necessarily :)
#
cwebber2 cycles allowed ;)
#
cwebber2 the web has tons of cycles
#
puckipedia create table elementName(id integer, name string); create table triples (subjectId integer, predicateId integer, object string);
#
puckipedia sometrhing like that
#
cwebber2 anything with both forward and back links has cycles :)
#
cwebber2 puckipedia: okay yeah, technically you could do that :P
#
puckipedia cwebber2: well, I'm thinking how I could get it so I can look up anything incredibly fast
#
cwebber2 I'm not sure all the tooling would be as sweet as in graphdb and etc though
#
cwebber2 or datadog, whatever that is
#
cwebber2 stardog?
#
cwebber2 something dog
#
cwebber2 proprietary, sadly
#
puckipedia so now e.g. I can search for content by looking up the AS2 content id, then do select subjectId from triples where predicateId=contentId and object like '%puckipedia%';
#
saranix pg rocks, it can handle anything :)
#
cwebber2 I like PG
#
cwebber2 though I wish I could talk to it in AST form
#
cwebber2 instead of having to use "stringly typed" systems
#
puckipedia cwebber2: tbh my AS2 C# wrapper is incredibly inspired by triples
#
cwebber2 little bobby tables ftl
#
cwebber2 puckipedia: cool
#
puckipedia I mean, it's a map<string, list<string>>
#
puckipedia approx
#
cwebber2 puckipedia: one reason I've stayed away from it in pubstrate:
#
cwebber2 I wanted pubstrate to be as dumb as possible so I wouldn't push too many assumptions about linked data stuff in there for people who had to build off of existing systems
#
cwebber2 eg, I don't appreciate when conversations start *assuming* I'm using a triple/quad store
#
cwebber2 sometimes people work with applications that aren't doing that
#
cwebber2 I want to make sure that AP can work on codebases that have the database structures people currently have
#
saranix I feel like almost anything can be translated to-from a triple/quad
#
cwebber2 saranix: probably everything can
#
cwebber2 though, it's not a mindset, or structure, everyone has
#
saranix mostly aspies :-P
#
cwebber2 so I wanted to try to make I didn't move forward with it myself when trying to make sure AP landed :)
#
cwebber2 saranix: hopefully you meant that in a pro-aspie way!
#
saranix absolutely
#
cwebber2 ok good :)
#
saranix I'm in the aspie is a difference not a disease camp. Like left-handedness.
#
puckipedia hm. The biggest issue with JSON-LD is that it assumes everyone uses a weak typed language
#
puckipedia I would like it if the JSON-LD api clearly indicates "a full inverse context looks like this:"
#
saranix I'm still unclear on some things JSON-LD dictates about types. For example why an xsd#float isn't typed when normalizing but an xsd#datetime somehow is
#
puckipedia because JSON has a float, but no datetime?
#
saranix but if you look at xsd there is no semantics that state this
#
saranix I guess? it's never really specified anywhere
#
saranix json floats are kind of loosely defined as is
#
saranix not even IEEE1194 or whatever
#
saranix probably the wrong number
#
puckipedia IEEE754?
#
cwebber2 in any type system you have low level primitive types, and types composed on top of those
#
saranix yeah that sounds more right ;-)
#
cwebber2 saranix: so this is the difference between object types and value types basically...
#
puckipedia oooh, I get how JSON-LD dose this
#
cwebber2 https://json-ld.org/spec/latest/json-ld/#typed-values
#
puckipedia inverse context is a {"iri": {"@container": {"@language": {}, "@type": {}}} I think?
#
cwebber2 yeah so contexts can specify how those value types work
#
cwebber2 puckipedia: wait inverse context, what?
#
cwebber2 where is that stated
#
puckipedia cwebber2: in the compaction algorithm
#
cwebber2 oh the algorithms :)
#
cwebber2 the algorithms use some terms that aren't technically part of the user-facing syntax
#
puckipedia I know! :)
#
cwebber2 they overload the term context, yeah
#
cwebber2 it's super frustrating
#
cwebber2 it has NOTHING to do with an @context
#
cwebber2 I got SO confused when implementing it
#
puckipedia the inverse context is just a map from iri -> container/type/language map
#
cwebber2 then I asked them and basically the response was... yeah.... that doesn't mean a context like the term we use context for ;)
#
cwebber2 yep you got it
#
cwebber2 so basically you build up a mapping of how to reverse everything
#
cwebber2 puckipedia: these are really only of concern to people working on jsonld libraries though :)
#
puckipedia so that's me :P
#
cwebber2 or people curious enough to open the hood ;)
#
puckipedia json-ld.net is horrible as I mentioned before
#
puckipedia I'm building a thing that works asynchronously
#
puckipedia I could even make it defer processing until background, to get more @contexts
#
puckipedia it can already process contexts and expand
#
puckipedia the word 'language' looks weird now
#
saranix puckipedia: so you are righting your own ld-sigs?
#
puckipedia yes
#
saranix cool
#
puckipedia I'm first fixing up the JSON-LD parser I'm writing
#
saranix oh know...the homonyms are coming out :-o
#
puckipedia then I'll probably replace the current hacky AS2 parser with it
#
saranix gah! my bank changed to a serif font and it hurts my eyes
#
saranix 's AS2 parser just got n times more craptastic
#
puckipedia " append the result of of using the IRI Compaction algorithm, passing"
#
puckipedia of of? :P
#
saranix Clear as mudd
#
saranix I'm almost afraid to share my ideas with the crowd now
#
cwebber2 heya
#
cwebber2 saranix: puckipedia: https://github.com/w3c-dvcg/ld-signatures/issues/7 issue raised
#
Loqi [cwebber] #7 Storing information on whether a child object is referenced by id or included recursively
#
puckipedia cwebber2: good
#
puckipedia wonder if it's really an issue in ld-signatures
#
cwebber2 I don't think it is
#
cwebber2 I asked someone who works on it and they said why not file on github
#
cwebber2 and I was like, is that the place? but they thought people could ask to move it to another venue if it should be
#
cwebber2 so ok
#
cwebber2 I did it
#
puckipedia tbh json-ld is made so that you can link these objects
#
puckipedia so I guess it's kinda valid
#
cwebber2 at the very least
#
cwebber2 it seems like something people will encounter
#
cwebber2 the bunch of us bumped into it conceptually independently
#
cwebber2 so surely others will
#
cwebber2 should have a good answer to give people, at least.
#
saranix I'll have to read it again when I'm not so hungry
#
saranix actually no, I'm able to *ahem* digest ;-) it just fine...
#
saranix I see a problem...
#
saranix Eva's server did not store the object that was signed, that's eva's server's fault
#
saranix of course the signature does not match
#
saranix why even bother storing the signature at that point
#
cwebber2 it did store the object
#
cwebber2 but it stored it as a separate object
#
puckipedia saranix: You store the information needed to rebuild the document as it was signed
#
cwebber2 yep what puckipedia said
#
saranix yeah, if you do, then there is no problem
#
cwebber2 there's still a problem
#
cwebber2 because when it rebuilds it, it needs to know whether to "just link" to the object, or expand it, see?
#
cwebber2 and it needs to know that for *every property*
#
cwebber2 that's a lot of extra bookkeeping, and it may not be obvious how to do it.
#
saranix then it didn't store the object. it only stored a representation and lost fidelity
#
puckipedia cwebber2: not every. I would suggest storing only the list of objects that have to be expanded
#
saranix that's a datastore problem
#
puckipedia tbh, if you can't rebuild the signature, just return an id to the object instead
#
saranix yeah
#
cwebber2 puckipedia: but you still need to know about whether you'll rebuild the signature right or not
#
cwebber2 puckipedia: you could *check* the signature every time you rebuild, true
#
cwebber2 but, that seems kinda weird
#
cwebber2 as a solution
#
puckipedia you know which objects have to be expanded. you verify if you store all the properties in the object
#
puckipedia if you can't rebuild the signature for any child object that is embedded, or you don't store all the properties, you can't rebuild the signature
#
saranix if you want to deconstruct the object, you can make it a lot of book-keeping. Or you can make it easy on yourself, store the signed object, in it's entirety, as json, even in a relational db.
#
puckipedia I can imagine Mastodon might add a 'string signature' in the statuses table
#
puckipedia they just determine beforehand 'can we rebuild this signature'. if it's possible, signature is set to the json of the signature
#
saranix or if you could store a hash and check if your rebuilt matches the hash
#
saranix I'll have to think about this some more though...
#
saranix those are kind of sucky choices... eat up a lot of space in your db, or fetch a fresh copy...
#
puckipedia saranix: if you pass an id and the other user also has an id, it's fine(TM)
#
puckipedia {type: Accept, object: {type: Bed}}
#
saranix gnight
#
saranix I just thought of a compaction algorithm... it's not great, but it could be good
#
saranix something like { object: { fields:[], object: { fields:[], object: fields: [] } } }
#
saranix store the json of that and use it to reconstruct properly
#
saranix along with the sig
#
saranix and the signed obj obviously
#
saranix would also apply to target field too
#
saranix if target is an obj and not an array
#
saranix hmm... so json gzips pretty ok. :)
#
saranix create table sigrebuild(sigid text, field text, depth int); <-- list of objects that need to be expanded for that sig
#
saranix I wonder what vc will come up with...