#social 2017-07-19

2017-07-19 UTC
ben_thatmust and ben_thatmustbeme joined the channel
#
saranix
Hmm... missing endpoint: asking the server to deliver an object by id from other origins. i.e. a client can only access objects by collection. Technically an object can be fetched by url if it is same origin, but a local copy of a foreign object that's been delivered can't be got by id
xmpp-social joined the channel
#
puckipedia
saranix: you mean the proxyUrl?
JanKusanagi joined the channel
#
saranix
oh yeah, I suppose that works. The name is confusing because of my other extensions, but it works.
#
saranix
puckipedia: hrm, just noticed, your 'liked' collection is misnamed on your actor obj. "likes" is only for attaching to target objects, "liked" is the actor's collection.
#
saranix
so a "likes" collection on your actor object should could contain people who liked your actor object
#
puckipedia
woops
#
saranix
I did the same thing :-P
#
puckipedia
not feeling super well, so I just poked it into the issue tracker
#
saranix
poked what?
#
saranix
oh.. you mean for Kroeg
#
saranix
yeah
#
saranix
lol
#
saranix
only reason I did it is cause I copied your obj as a baseline when I started
timbl joined the channel
#
ben_thatmustbeme
new WD of JF2 just went out
#
cwebber2
oh hello
#
cwebber2
we should have a meeting today eh
#
nightpool
I probably won't be able to make the meeting, b/c i'm on vacation with family stuff, but I'm working on mastodon's websub report. found a few bugs that's im working through
#
nightpool
s/that's/that
#
cwebber2
nightpool: enjoy your vacation!
#
ben_thatmustbeme
getting linkedIn invites from facebook recruiters.... somehow i don't think that would work out
#
rhiaro
ben_thatmustbeme: get them from the inside
#
cwebber2
guess it's time to dial in
#
cwebber2
assuming we have a call anyway :)
judah joined the channel
#
cwebber2
maybe nobody wants to have one this week, which would be fine
bwn joined the channel
#
ben_thatmustbeme
jumps on to listen in
#
sandro
oops, yeah, on a deadline with some other work, sorry
#
ben_thatmustbeme
JF2 updated WD went out today
#
cwebber2
cool, nice work
#
ben_thatmustbeme
in other news, i forked bcrypt-ruby because ... well... just because
#
cwebber2
ben_thatmustbeme: looks like it's just us... anything you want to talk about?
#
cwebber2
or we can get 50 minutes of our time back :)
#
cwebber2
I take that as the latter
#
ben_thatmustbeme
i think we can get 50 minutes back, the conference room is taken, so i can't really talk, but we can discuss things in IRC
#
cwebber2
ok! sounds good to me
#
cwebber2
trackbot, skip meeting
#
trackbot
Sorry, cwebber2, I don't understand 'trackbot, skip meeting'. Please refer to <http://www.w3.org/2005/06/tracker/irc> for help.
#
cwebber2
so here's something I've been thinking about
#
Loqi
[cwebber] #244 Accept / Reject a Follow
#
cwebber2
I think that also introduces a lot of complexity too
#
cwebber2
because it's a totally different mechanism
#
cwebber2
and now we have to specify two mechanisms
#
ben_thatmustbeme
so is the issue "rejecting" friend requests, or making sure they were received, or both
#
ben_thatmustbeme
as those are different layers
#
cwebber2
ben_thatmustbeme: it's about allowing user to accept/reject a friend request
#
cwebber2
ben_thatmustbeme: you should know if it was delivered by whether the POST was successful to the inbox, in theory
#
ben_thatmustbeme
"in theory", there dragons lie :P
#
cwebber2
well that applies to everything
#
cwebber2
not just follow
#
cwebber2
and to answer your question
#
cwebber2
that's not the thing being discussed
#
ben_thatmustbeme
well, i know that was brought up, if its 'reject' you don't want that confused with 'didn't receive it'
#
ben_thatmustbeme
so i'm just trying to make sure there is a basic 'ack' as you don't want rejects to just keep retrying
#
ben_thatmustbeme
which would be the issue with existing implementations
#
cwebber2
okay, there may be time before it's processed and this does help with that
#
cwebber2
that's not the goal of it
#
ben_thatmustbeme
i know, just setting that as a stage
#
ben_thatmustbeme
what are the advantages / disadvantages for each option here
bwn and jaywink joined the channel
#
jaywink
> "Canceled due to low turnout. See you next time! " ... todays meeting canceled?
#
jaywink
ok yeah just read logs ^_^
tantek joined the channel
#
ben_thatmustbeme
sorry cwebber2, was in a meeting at the same time
#
saranix
considering everything that happened over the weekend I thought this would be a busy meeting
#
cwebber2
maybe we meeting'ed out
#
cwebber2
I'm a-ok with it :P
#
cwebber2
I know *I'm* meeting'ed out ;p
#
tantek
checks logs
#
tantek
also relates, blocking is hard :/
#
tantek
perks up at the follow discussion, actually really interested in how to federate follow in a MVF way
#
tantek
is on another telcon but can chat in IRC
#
puckipedia
MVF?
#
tantek
minimum viable feature OR in our context, minimum viable federation
#
tantek
similar to MVP
#
puckipedia
ah
#
saranix
It's not that difficult
#
saranix
I think the people that struggle are used to only seeing one very specific usecase
#
saranix
some people have no imagination outside their own pet projects
#
tantek
saranix: if it were "not that difficult" lots of people would be doing it. Or rephrased in a question, could you share links to sites doing it today as evidence of "it's not that difficult"?
#
cwebber2
tantek: MVP of what?
#
cwebber2
oh of blocks?
#
saranix
hubzilla/zot seems really straightforward. request permission, ok here's your permissions, or "GTFO"
#
tantek
cwebber2: MVP of nothing
#
tantek
I was referring to MVF
#
cwebber2
oh the federation of follow stuff with ACK / NACK ?
#
tantek
gives up on secondary requests for links
#
cwebber2
XMPP already does that
#
tantek
cwebber2: MVF for follow, the user feature.
#
cwebber2
as an example of a federated system
#
cwebber2
which has ack/nack on friend requests
#
cwebber2
it's not on the web but that's a tried and true system in terms of its usage there
#
cwebber2
I've been accepting/rejecting friend requests for 1.5 decades on xmpp :)
#
tantek
cwebber2: yes I meant on the web
#
cwebber2
tantek: I think the principle would be exactly the same though
#
puckipedia
doesn't Mastodon do follow authorization too?
#
cwebber2
in terms of structural challenges
#
cwebber2
puckipedia: does it? I don't remember.
timbl joined the channel
#
tantek
cwebber2: sounds good in theory, rarely (never) true in practice
#
puckipedia
cwebber2: request-friend
#
puckipedia
then the user must respond with authorize/reject
#
tantek
re: principle would be exactly the same though
#
tantek
I reject that assertion without implementation and deployment experience
#
cwebber2
it's two systems that both encompass message passing
#
saranix
that's where the "complexity" creeps in. People thinking that "friend" means something. It doesn't. Discrete perms and permission-sets is the only logical way to go.
#
tantek
cwebber2: WADR, "two systems that both encompass message passing" sounds like architecture astronomy reasoning, I can't accept that
#
tantek
(abstracting to such a high level that conclusions become spurious)
#
cwebber2
tantek: so if i said "hey it works on mastodon" then could also say the same for AP
#
cwebber2
because they aren't exactly the same system
#
cwebber2
just because they're both on the web doesn't mean they wouldn't have differences in system implementation
#
saranix
layer 10 on the OSI model ;-)
#
cwebber2
so yes that's true, but it being on the web / not on the web is not necessarily a good benchmark of whether the concept applies or not
#
tantek
saranix: it's the other way around. developers think they can assert meaning independent of user interpreation of UX, when developers doing so in practice are wrong, the users are right.
#
tantek
cwebber2: whether a concept applies or not is not a good benchmark of whether something works in practice or not
#
saranix
tantek: now you lost me
#
cwebber2
I'm also lost now
#
cwebber2
okay I'm going back to hacking
#
puckipedia
saranix: so all the systems I can think of.... A user generally follows one person, and can then put them into one or more categories
#
tantek
saranix, you asserted "People thinking that "friend" means something. It doesn't. " is an attempt at developer/spec fiat which is wrong. users will interpret UX and assign meaning to it regardless of any attempt by any developer to do or intend or demand otherwise
#
puckipedia
saranix: think Google+ circles, etc. but you do not ask specifically to be put in the 'weird friends' group, you probably won't even know that group exists
#
saranix
tantek: "people" in my assertion is "developers" not users, you are conflating. I agree the user is always right.
#
tantek
saranix: good to know. appreciate the clarification.
#
tantek
cwebber2: you made a point about good benchmark which I believe was a red herring
#
tantek
that is you asserted "whether the concept applies or not" matters in practical terms, and I'm asserting that in practice it does not
#
cwebber2
tantek: I'm trying to get the distinction as to how whether or not the concept of protocol A can map to B assuming A != B
#
tantek
anyway when someone has a *link*, to a *site*, *doing it*, please share. thanks
#
cwebber2
you're implying that if A and B are both on the web, that's a strong indicator
#
cwebber2
but what web aspects apply, in this case
#
saranix
tantek: at current rate, I imagine it will probably take me at least 2 more weeks before my impl is spitting messages across the ether
#
cwebber2
and, I'm saying that A and B may indeed have issues that make the concept apply but
#
tantek
cwebber2: more like if you want to study mammals, you don't start with invertebrates
#
cwebber2
that can happen also if they're both on the web
#
tantek
experience closer to the domain is more valuable than experience farther from the domain, that's the point
#
cwebber2
tantek: sure, but if you're going to make that claim, explain where along the lines you think there's a domain breakdown
#
cwebber2
tantek: I'll assert that federated message passing systems have more in common than looking at centralized web systems as an example
#
tantek
has anyone here researched/studied/documented existing follow/reject behavior in popular social media silos?
#
saranix
tantek: "in popular social media silos" I think is an extremely narrow and actually ironicly unrelated domain to the AP protocol
#
tantek
it's a user centric approach
#
tantek
dismissing it is what is ironic
#
cwebber2
we can get information from both
#
saranix
no, I mean it's a bunch of people who all copied one narrow impl
#
cwebber2
but, as in terms of the protocol layer, I'm trying to explain that I have seen a system that did work
#
saranix
It's like looking at Christianity sects instead of religion
#
cwebber2
and the properties on which it would succeed/fail are more likely to be understood in terms of how things work / break down on a federated model
#
tantek
saranix, no, it's a set of models (or variants) that have demonstrated user adoption
#
cwebber2
also I feel like this is *such* an unproductive debate to be having in the direction it has gone
#
saranix
but they are all centralized, and AP is inherently decentralized. Apples and oranges.
#
cwebber2
I'd much rather be saying "yes, but that concept may not apply because X"
#
cwebber2
and then great I can reason with that
#
tantek
if you think the (de)centralization is the key distinguishing aspect between social media silos and AP, then I think you are missing the point of the paramount importance of the UX and user models the silos have innovated
#
cwebber2
I'm definitely thinking about centralized system design
#
cwebber2
we talked about it on the call even
#
cwebber2
facebook was given as an example
#
cwebber2
of accept/reject
#
saranix
tantek: not missing the point, I'm deliberately *rejecting* the idea that silos have innovated. I say they stagnated and incestously copied each other.
#
tantek
you might as well design a new protocole for new RSS readers, when modern UX has abandoned that and gone to integrated readers
#
tantek
*protocol
#
tantek
if you are rejecting silo UX innovations then yes I believe you are missing where the social web UX has evolved to
#
saranix
Looking at silos as an example of diversity of impl is like looking at all the White people to get an understanding of diversity.
#
cwebber2
okay this conversation has gone off the rails
#
tantek
that sounds like a strawman about diversity which no one previously brought up
#
cwebber2
everyone
#
cwebber2
cool it.
#
cwebber2
take a 15 minute break.
#
cwebber2
I'm gonna do the same.
#
tantek
cwebber2: it's a fundamental difference between user-centric/first design (studying where users are at, what they are using, why) and principle/concept/protocol centric/first design and I do not see a way to reconcile those approaches
#
saranix
My opinion is that methodology is bigoted.
#
cwebber2
tantek: okay, last message before I close this, but I tried to explain that I'm looking at both when considering things, and I even gave examples of how I'm looking at both, and it feels like I'm being shut down and that this criticism is not constructive. so I'm out of here for a while.
#
tantek
cwebber2: no one is shutting you down, to be clear
#
tantek
you're looking at a different axis, web vs. non-web, and that's (potentially) orthogonal to user-centric vs. concept/principle/protocol-centric
#
tantek
cwebber2 I agree with you that there are lessons to be learned (and hopefully re-used) from non-web federation successes (and failures)
#
tantek
but I assert that is insufficient
#
tantek
and certainly insufficient to jump to an assertion like "It's not that difficult"
#
saranix
you say it's difficult, but then when trying to analyze it, you only want to look at one tiny little usecase without giving an credence to minorites simply *because* they aren't popular/wide-spread
#
saranix
the majority minority seems to be the only one you care about
#
tantek
saranix, the burden of proof is on those who claim "it's not difficult"
#
tantek
and like I said (3rd request), links to sites doing it
#
saranix
already mentioned by name without link
#
tantek
saranix, studying users wherever they are is being user/human centric
#
tantek
ignoring where users are is weird kind of elitist discrimination
#
saranix
I feel like you are the only one doing ignoring. Myself and cwebber are talking about big picture and all you are talking about is silos
#
tantek
I'm talking about real world examples, and pointing out what appears to be ignored
#
tantek
"big picture" doesn't get you to "It's not difficult"
#
tantek
shipping things and getting people to use them does
#
saranix
"shipping things and getting people to use them does" <-- there, that's the source of my consternation. That's bigoted thinking.
#
tantek
nope, standards are determined by interoperable implementations (shipping things)
#
tantek
if you're not interested in that, you're not interested in practical standards, just academic fictions
#
saranix
not true at all
#
saranix
but I don't feel like arguing right now...
#
tantek
sorry saranix you're categorically wrong about that. IETF, W3C, "rough consensus *and* running code" etc. The internet and Web were built by interopable implementations, not theory
#
saranix
And that's why a HUGE number of people hold the opinion that IETF and W3C are inherently bigoted processees not worth participating in
#
tantek
huge? really? citation needed
#
tantek
and some start other groups / communities too: WHATWG, microformats.org, indieweb.org etc.
#
tantek
the common theme to all of them: implementations that ship and work together
#
saranix
there you go again, with your bigoted brain. "you must argue on my terms or your argument isn't valid"
#
tantek
now you've crossed the line into a personal attack, which is unwarranted and unwelcome
#
saranix
you've left me no options. You've excluded me a bunch of different ways, leaving me no way to defend my position.
#
saranix
That's personal.
#
tantek
if you take asking questions as personal, then you may have difficulty with any scientific approach
#
tantek
as that's quite fundamental
#
saranix
If you fail to see my criticism for what they are, then you aren't even listening.
#
tantek
can you explain your criticism to others here who may be able to explain it differently?
#
saranix
maybe, I don't know. This isn't a very diverse group. I'm pretty outnumbered as it is.
#
tantek
hubzilla.org redirects to https://project.hubzilla.org/page/hubzilla/hubzilla-project which is a project page. that's a good start, and has some bold claims on it. I don't see any links on that page to actual running deployments that are in actual (non demo) use. do you know of any?
#
sandro
bigoted against who?
#
saranix
sandro: all who don't share the same methodology
#
saranix
if one person has an idea, and it's a really good solution to the problem, it doesn't suddenly stop being a good solution because only one person came up with it, and it isn't popular *yet*
#
saranix
populism is bigotry
timbl joined the channel
#
tantek
https://the-federation.info/ is a fascinating directory of sorts
#
tantek
thanks for the link saranix
#
sandro
okay, thanks, saranix
#
tantek
interesting that they include diaspora, Friendica, Hubzilla, but not Mastodon. I wonder if that's a temporary or deliberate omission
#
saranix
I believe the diaspora project is custodian of that site
#
saranix
informally
#
aaronpk
"each ... is an installation of a software which supports the diaspora* protocol"
#
aaronpk
mastodon does not support the diaspora protocol
#
saranix
anyone can opt-in to being listed by only implementing the part of the protocol that gets you listed though :-)
#
sandro
As I understand it, "The Federation" is diaspora* - Friendica - Hubzilla while "The Fediverse" is gnusocial - postActive - Mastodon.
#
tantek
sandro, why does that start to sound like a Monty Python skit
#
aaronpk
sandro: so what your'e saying is... they're all the Feds
#
tantek
perhaps we should start The Decentralized People's Federation. Or the People's Federation of Decentralization.
#
tantek
or both
#
aaronpk
or the People's Decentralized Federation... or PDF for short
#
saranix
take back the acronym!
#
sandro
y'all haven't read Amy's thesis. Opening quote of chapter 4: https://rhiaro.github.io/thesis/chapter4
#
tantek
(at least by name if not URL)
#
saranix
<3 thomas willingham
#
puckipedia
sandro: iirc isn't postActiv a fork of GNU Social?
#
tantek
subtle hr14 troll sandro :P
#
tantek
(my fault for reading past the "Opening quote" :) )
#
saranix
Getting added to the-federation.info: https://github.com/jhass/nodeinfo/blob/master/PROTOCOL.md
#
saranix
just have to support that protocol endpoint. A json blob basically.
#
tantek
interesting, https://rhiaro.github.io/thesis/chapter4#standards-and-monocultures criticizes Hubzilla/Zot as monoculture (by section and "isn't clear there is uptake outside of Hubzilla implementations")
#
tantek
needs to read all of rhiaro's paper
#
saranix
there is slow uptake, but most people only want to half-ass implement the tiny featureset that silos have and be done, but Zot has many features that no one else does.
#
tantek
if no one implements a feature, does it really exist?
#
saranix
everyone who has implemented Zot has implemented the full stack
#
saranix
and yes
#
saranix
it exists on hundreds of servers and 4 different software stacks that I know of
#
tantek
that "everyone" sounds like "just Hubzilla" per ibid
#
saranix
Hubzilla is an interesting case. Y'all might not be aware, but there is even a rift amongst Hubzilla vs Redmatrix
#
sandro
puckipedia, yes, postActive is a fork, and I've not evaluated how distinct it really is.
#
tantek
saranix, that rift is referred to in the opening quote of https://rhiaro.github.io/thesis/chapter4#standards-and-monocultures
#
tantek
"If you use Hubzilla, you hate Diaspora, Ostatus, and RedMatrix. / / If you use RedMatrix, you hate Hubzilla."
#
saranix
oh hah, yeah... but what isn't mentioned there is that Hubzilla is a fork by the creator of Redmatrix
#
saranix
he insists it is an upgrade and not a fork, but it's a fork
#
saranix
that's actually where the anger from Thomas' quote comes from
#
tantek
In W3C circles the "XML crowd" used to "hate HTML" as well (circa early 2000s)
#
tantek
and similarly, the XML "stack" was supposed to be an "upgrade" to the HTML "stack"
#
tantek
saranix++
#
Loqi
saranix has 3 karma
#
Loqi
hehe
#
saranix
remembers that Thomas doesn't like having his s stolen s/Thomas'/Thomas's/
timbl joined the channel
#
tantek
finishes reading https://rhiaro.github.io/thesis/chapter4 decides to come back later to start at chapter1
#
sandro
meanwhile, I'm arguing with W3C management about their quiet decision requiring everyone to use github to participate -- even comment -- at W3C. Perhaps it's only post-REC; maybe that matters.
#
sandro
I guess you're party to this tantek.
#
rhiaro
hides
#
tantek
sandro, I raised it at the most recent AB meeting
#
tantek
that we (W3C) should not require everyone to use github, specifically we must not demand W3C participants agree to the ToS of a separate private entity as a condition for participation in W3C
#
ben_thatmustbeme
wait, seriously?
#
tantek
yes that is what I raised, with those points
#
saranix
shakes head that people would even consider it a good idea
#
sandro
Just more people selling their soul to silos, because they're so darned convenient.
#
tantek
per input feedback from saranix
#
tantek
as promised
#
saranix
tantek++
#
Loqi
tantek has 67 karma in this channel (371 overall)
#
ben_thatmustbeme
i guess a self hosted version of gitlab isn't on the table though
#
saranix
:)
#
saranix
sandro++
#
Loqi
sandro has 48 karma in this channel (55 overall)
#
tantek
I don't have a good answer. But that does not stop me from asking the questions.
#
sandro
tantek, anything public about AB discussion I can link from https://github.com/w3c/specberus/issues/629#issuecomment-316456848
#
Loqi
[sandhawke] So are gitlab, and many other system. Selling your soul to github is likely to turn out to be a mistake, in the long run.
#
sandro
ben_thatmustbeme, of course the problem with self-hosted gitlab is the SOCIAL WEB problem. It's a ghost town.
#
tantek
sandro nothing more public to link to than what I just stated above
#
tantek
if you want a public link for "most recent AB meeting", that is https://www.w3.org/wiki/AB/2017-06-MA
#
Loqi
W3C Advisory Board Meeting 2017-06 Cambridge
#
sandro
Loqi___, pointer?
#
sandro
Loqi doesn't do the RRSAgent thing, of giving you a URL to the current conversation?
#
tantek
aaronpk, feature? ^^^
#
aaronpk
pointer?
#
aaronpk
like, permalink to current logs?
#
aaronpk
i mean it's in the topic
#
tantek
or rather, current *point* in the logs (fragid)
#
tantek
the topic that gets reset every time W3C's IRC server restarts :)
RRSAgent joined the channel
#
sandro
RRSAgent, pointer?
#
sandro
see, hash!
#
aaronpk
i guess i could send the hash to the previous message
#
tantek
fragment! :)
#
sandro
yes, fragment
#
tantek
gets his link
#
aaronpk
but the current message doesn't have a link until after it's written to the logs which is after Loqi responds
#
ben_thatmustbeme
wasn't there something like that
#
sandro
RRSAgent, bye
#
RRSAgent
I'm staying, sandro; no access has been specified for the meeting record
#
sandro
RRSAgent, make logs public
#
RRSAgent
I have made the request, sandro
#
sandro
RRSAgent, bye
#
RRSAgent
I see no action items
#
ben_thatmustbeme
it would just put the current timestamp on to it
#
aaronpk
RRSAgent, gtfo
#
RRSAgent
I'm logging. I don't understand 'gtfo', aaronpk. Try /msg RRSAgent help
#
aaronpk
ben_thatmustbeme: Loqi uses microseconds so there is likely no log message for whatever microsecond he happens to have been invoked
#
tantek
http://tantek.com/2011/238/b1/many-ways-slice-url-name-pieces#ud fragement predates and is used in more specs than hash
#
tantek
applauds sandro for linking him to a github issue wherein he feels compelled to thumbs-up reacji nearly everything sandro commented regarding not exclusively requiring github
#
saranix
totally right about haggling over the price
#
tantek
I believe https://github.com/w3c/specberus/issues/629 is the only issue in existence where sandro, tantek, and chaals actually agree in contrast to others.
#
saranix
well it's all right.
#
Loqi
[marcoscaceres] #629 Don't require mailing list
#
tantek
though I also agree with the original issue description: don't require mailing list (obv)
#
sandro
I know -- I'm not used to agreeing with chaals
#
sandro
or chaals agreeing with me
#
tantek
is just going to point out that the only biggest reason the "just use github" thing is an issue is superior UX, that no other decentralized attempt has come even close to
#
tantek
and if you say "self-hosted" you've likely already lost the UX discussion
#
jaywink
btw, the-federation.info is missing two new projects that federate using the Diaspora protocol. Socialhome (https://github.com/jaywink/socialhome <-- mine) and GangGo (https://github.com/ganggo). I'm the author of the-federation.info, btw. Plan is to include non-Diaspora protocols there too, just haven't had time to do anything. Also, Mastodon doesn't seem to have an endpoint for statistics, the
#
Loqi
[jaywink] socialhome: A federated social home.
#
jaywink
statistics site they have doesn't seem to be open source so not sure how it works.
#
tantek
jaywink++ wow well done
#
Loqi
jaywink has 5 karma
#
sandro
tantek, do you mean UX in terms of social critical mass? Or the UI design of github being better than gitlab?
#
tantek
I thought donp was running a Mastodon stats site. he showed it to me during IndieWebSummit (can't remember URL)
#
tantek
UX apart from social critical mass
#
tantek
the good UX came first, not the social critical mass
#
aaronpk
he's running a thing that charts the data from instances.mastodon.xyz
#
jaywink
I logged this issue for a stats route: https://github.com/tootsuite/mastodon/issues/874 .. AFAICT instances.mastodon.xyz does web scraping or something
#
Loqi
[jaywink] #874 Active users statistics from instances
#
saranix
"superior UX, that no other decentralized attempt has come even close to" - this is a symptom of what I described earlier that the popular decentralized projects only try to copy the tiny featureset from silo "microblog"/tooting and nothing else. They just stop right there... lazyyyyy
#
tantek
is going to print out https://www.xkcd.com/1095/ when he gets to work and add it to existing collection of 386 and 927
#
tantek
saranix, where you say "lazyyyyy" I'm saying "It's difficult"
#
saranix
tantek: federation and consensus: difficult, but self-implementing, no. And no one (besides Zot) has tried self-implementing extra features.
#
jaywink
what would be really interesting would be a standard way to expose statistics and metadata. Diaspora has NodeInfo but IMHO it's not good design: http://nodeinfo.diaspora.software/ .. maybe something for the SWICG :P
#
tantek
even cloning that bird site is pretty tough: https://indieweb.org/Twitter#Features
#
saranix
tantek: still disagree :)
#
tantek
no one has cloned the bird site :)
#
saranix
I would never want to, it's useless crap :)
#
tantek
just small subsets of
#
tantek
sure that's a different question :)
#
tantek
does not dispute that cloning it is difficult
#
saranix
but that's a different question than whether it's difficult to copy features from non-social apps and make them social
#
tantek
notes it's been way more than 15min since cwebber2 left and wonders if we scared (scarred?) him away
#
tantek
yes, also a different question
#
saranix
jaywink: it would be nice for a slightly better version of that standard for sure
timbl and timbl_ joined the channel
#
tantek
alright new question re: following as a feature. Who here has a "Follow" button on their personal site? and how does it work?
#
tantek
just discovered support for "webcal:" links appears to have dropped in major browsers
#
saranix
Side note re: lazy vs difficult-- There are so many things that for some reason people think are difficult but they come super easy to me, but I literally can't spend any time showing the way because I'm spending 100% of my time "earning" food/shelter money... I suspect there are...
#
jaywink
my personal website runs on Socialhome and I can follow anyone from the Diaspora protocol powered network. I chose a Twitter style follow, ie if I follow someone, they don't have to follow me back. There is no approval for the follow, since it doesn't exist in the Diaspora protocol. I personally find it an odd use case anyway. I don't see why I should be able to approve who follows my public posts?
#
jaywink
Private posts are targeted anyway to various lists (well, will be :)).
#
jaywink
(assuming tantek meant discussing follow in general, not embedded follow widgets like facebook has)
#
saranix
... many hundreds of thousands if not millions of more people like me, who have solutions but can't implement them for the same reason... mathematically speaking it's the only thing that makes sense with 7 billion people and the number of solutions out there...
#
saranix
...so when I criticize "lazy", it's from the standpoint, of these people have so many resources, hours and people, to make a product, and they waste it on only implementing tooting, it's kind of frustrating...
#
saranix
UBI++
#
Loqi
ubi has 1 karma
#
saranix
none of this would be an issue if UBI were a thing
#
tantek
saranix I don't think difficult vs easy can be separated from cost of time and money which you refer to, I believe that is why we disagree on the use of those terms.
#
tantek
I'm saying things are difficult if they cost (too much?) time and money (to build, use, maintain), indepedenent of any conceptual ease or simplicity.
#
saranix
but I have 0 hours, whereas these tooting projects have "used" 1000's of hours on nothing
#
tantek
have 0 hours = everything is infinitely difficult
#
saranix
exactly
#
tantek
and nothing is easy
#
saranix
well
#
saranix
besides the point I'm making though
#
tantek
no - the presence (or past usage) of time is no indicator that any additional task would be easy
#
saranix
no no no
#
tantek
jaywink I'm interested in both
#
saranix
my point is, I have 0 hours, *if* I had 1000 hours, like these other projects had, then I would've implemented it. With *their* 1000 hours, they implemented effectively nothing.
#
tantek
that is precisely the software engineering estimation fallacy that I'm criticizing
#
saranix
it's not a fallacy
#
saranix
I'm not estimating either. I'm 100% sure my implementation would be more feature-rich if I had those 1000 hours. 100% sure. Not an estimation.
#
saranix
The reason I'm so sure, is because I can see, visually, with my weird brain, the entire process end to end, step by step, and nothing is unclear.
#
saranix
I can even see code. But to type it into a screen with these feeble hands that can only go ~180wpm
#
saranix
would take lifetimes
#
tantek
lifetimes != 100% certainty in 1000 hours, which itself is an extraordinary claim (100% certainty of any project estimation), and "extraordinary claims require extraordinary evidence".
#
saranix
Don't make me angry again. Dismissing because no proof means you are 100% dooming me to failure because of my inaccassibility to funds. That's wrong.
#
saranix
"but I literally can't spend any time showing the way because I'm spending 100% of my time "earning" food/shelter money"
#
saranix
with 0 hours, it's infinitely impossible for me to win this argument by your conditions
#
tantek
do you know examples of anyone in history who can/could "see ... the entire process end to end, step by step, and nothing is unclear"? that's where the root of the skepticism is - no existing implementation was built that way so it's not unreasonable to be skeptical that any could be. you might be the first, but then that's the "extraordinary claim" aspect.
#
saranix
lifetimes vs 1000 hours I was talking about 2 different things
#
tantek
and regardless, it's unreasonable to compare others spending actual time vs assertions of theoretical spending of time
#
tantek
the two are never comparable in practice. c.f. mythical man month
#
saranix
IF you knew what I know...
#
tantek
hence why I ask questions
#
saranix
I have life experience to inform my estimations, backing it up. You can't see inside my brain to see those experiences, assuming they don't exist because I can't give you links is ignorant
#
tantek
not "assuming they don't exist" but rather, questioning in the absence of evidence
#
saranix
evidence which is impossible to provide
#
saranix
thereby just shutting down the convo
#
tantek
no, claiming evidence is impossible to provide is making an appeal to faith, a religious argument
#
saranix
No, it isn't
#
saranix
It's respecting another human being, taking them at their word that they aren't full of shit
#
tantek
human beings deserve respect. ideas and words deserve questioning
#
saranix
you aren't even allowing for the possibility, that's not the same as questioning
#
tantek
connecting those two (or not) is up to each individual for themselves
#
tantek
no, I'm noting the extraordinariness of the claim, not the impossibility thereof. and thus requiring extraordinary evidence. not my quote: https://www.google.com/search?q=%22extraordinary+claims+require+extraordinary+evidence%22
#
saranix
You *think* the claim is extraordinary, my life experience informs me that it is a widespread truth, you aren't listening to me when I say that
#
tantek
yes, a claim which has no other examples is extraordinary
#
saranix
I have examples, in my life
#
saranix
you can't see those
#
saranix
I'm repeeating myself
#
tantek
again appeal to "unseeable" evidence is no more than claiming evidence is impossible to provide, again, an appeal to faith
#
saranix
Faith that I'm telling the truth tantek. If you don't respect that then you aren't having a respectful conversation. I wish you would finally get that.
#
tantek
again, there is a difference between questioning an idea (which is respectful), and being respectful (to a person)
#
saranix
If you say "prove it" to everything, I have no way to change the tone of the conversation. It is literally impossible. You are making it impossible. GRR
#
tantek
not everything, and not "proof", just evidence to start with, especially for extraordinary claims
#
saranix
but it's *not* extraordinary. I'm sorry your life experience is limited to not seeing these events, but if you were respecting me, you'd give me the presumption that I'm telling the truth about MY life experience... and continue the conversation on the basis of that presumption. To do otherwise is rude as fuck
#
tantek
this all started with disputing your assertion of "It's not that difficult"
#
tantek
without evidence, yes, I am rejecting that assertion
#
tantek
it's extraordinary in that there is only one (claimed) example, yourself self-claimed.
#
saranix
in this room. in your limited experience. I'm telling you otherwise. Respect would dictate that you'd take me at that, and continue.
#
saranix
but you are dwelling
#
saranix
and I have no time for this
#
tantek
not respect no, you are asking for faith to "take me at that"
#
saranix
No, I'm asking that you take the stipulation in order to have a productive conversation about it instead of being so nihilist
#
tantek
everyone's experience is limited, that's orthogonal, and also why we ask questions
#
tantek
there is nothing productive about claiming "It's not that difficult" without backing it up
#
saranix
Yes, and a conversation therefore requires stipulations, and you aren't allowing me to make a stipulation.
#
saranix
There is nothing productive about shutting down a conversation because you are incredulous of the premise.
#
saranix
nor respectful, I say
#
tantek
there is, science require rejecting assertions without evidence or even proposed experiments to test them
#
tantek
requires*
#
saranix
See now you're being rude again by appealing to the elistist "but science"...
#
tantek
labeling science as "elitist" is an appeal to anti-intellecutalism which is bordering on that very populism you railed against
#
saranix
the rules of science aren't the rules of having a respectful/productive conversation, and you know that
#
saranix
you're being elitist by *saying this is about science*
#
saranix
as if I don't know science
#
saranix
it's completely orthogonal to the conversation we are having
#
tantek
it is precisely the conversation, see the link above. questioning assertions, ideas, etc. are core to science, without any assertion to your knowledge or not
#
tantek
tl;dr: "It's not that difficult" - if so demonstrate it
#
tantek
or point to someone else who has demonstrated it
#
saranix
tl;dr "but I literally can't spend any time showing the way because" -- you're ignoring the entire first sentence that brought up the conversation when saying what the conversation is about
#
saranix
You are making it about that and that is precisely what is so rude
#
tantek
no it is quite reasonable to reject claims of proof / evidence etc. that are caveated with "no time"
#
saranix
no it is not respectful when someone is telling you about their life experience and hardships to make the conversation about something else
#
cwebber2
I'm not scared or scarred, though I did intentionally leave the conversation (and went to lunch and to do a grocery run)
#
cwebber2
and I'm not jumping back in either :)
#
tantek
there may even be a theorem here: if it is difficult to even show evidence for something being not difficult, then it is reasonable to conclude that absent any evidence that something is also difficult
#
saranix
cwebber2: you definitely don't want to, this is such a waste of time
#
saranix
tantek: stop making this about what you want it to be about
#
saranix
If you wanted to talk about the merits of UBI, or whether my statistical assertions were reasonable, that would be one thing, but you are just being a dick at this point
#
tantek
saranix, that's quite a rude request.
#
saranix
no it isn't, the convo started when I told you about a *personal experience*
#
tantek
when the topic "follow" "federating follow" is quite core to this venue
#
saranix
respect dictates that you don't change the convo to be about you when someone is starting by telling you about themself
#
Loqi
[tantek] perks up at the follow discussion, actually really interested in how to federate follow in a MVF way
#
saranix
No, that convo ended. *this* convo started when I gave my personal experience
#
tantek
puckipedia asked about MVF and then you claimed " It's not that difficult"
#
saranix
there was like hours in between
#
tantek
no, this is literally still a rabbithole of that conversation
#
saranix
No
#
tantek
so yeah, you're right it is not productive because in all this time you've provided nothing to back your claim of " It's not that difficult"
#
saranix
You are disrespecting what was a personal experience story. You need to understand that.
#
saranix
You should've just ignored it if your intention was not to antagonize me.
#
tantek
you are doing precisely what you claimed "change the convo to be about you" by "personal experience story"
#
saranix
No, I started the convo! There was hours in between!
#
saranix
You responded to my first message
#
saranix
so that's what the convo is about
#
jaywink
guys, take a break :P
#
tantek
I am still trying to have a conversation about follow, which is what I cited above. I don't know what "first message" you're talking about saranix, you'll have to link such references
#
saranix
I would've just walked away long ago, but now I really want tantek to understand his social faux paux
#
tantek
saranix, that's fairly arrogant to assume and assert any kind of social evaluation of a faux paux or not, and frankly I'm not interested
#
ben_thatmustbeme
jaywink, btw, does your new code do websub?
#
saranix
https://chat.indieweb.org/social/2017-07-19/1500489959247000 <-- conversation started here. Look at timestamps, other convo was hours earlier
#
Loqi
[saranix] Side note re: lazy vs difficult-- There are so many things that for some reason people think are difficult but they come super easy to me, but I literally can't spend any time showing the way because I'm spending 100% of my time "earning" food/shelte...
#
tantek
jaywink, re: https://chat.indieweb.org/social/2017-07-19/1500490001779000 yes I am interested in both, but my question was specifically whether anyone actually shows an (interactive) "Follow" button on their personal site
#
Loqi
[jaywink] (assuming tantek meant discussing follow in general, not embedded follow widgets like facebook has)
#
tantek
to be clear, for people visiting your site to use, rather than yourself
#
saranix
I specifically say "side note"... the side note was about me, and my struggle, and you crapped all over that by diverting the convo to the previous quagmire
#
cwebber2
<jaywink> guys, take a break :P
#
cwebber2
+1 breaks are great
#
cwebber2
I got pie on my break
#
cwebber2
pie is great
#
jaywink
ben_thatmustbeme: no. I started with the diaspora protocol, since that is what I know. I don't actually have that much knowledge about websub, but should probably look at it more closer at some point ?
#
jaywink
AP is next for me, as soon as we agree on signatures! :D
#
jaywink
is hopeful
#
cwebber2
jaywink: sounds like everything's converging on http signatures at least, even if LDS isn't happening for now... which I think is probably Good Enough for what we need to make interop work securely
#
cwebber2
I'm pretty happy about it.
#
tantek
what is Socialhome
#
jaywink
tantek: then for my personal site the answer is no - except if they manage to create an account on my instance then they can log in and follow me. This is one of the things that would make decentralized sites so awesome :P
#
Loqi
[jaywink] socialhome: A federated social home.
#
jaywink
tantek: yes
#
tantek
nice name :)
#
jaywink
thanks :)
#
tantek
does "create an account on my instance" work with "just" providing a URL? or is it the classic email/pw ?
#
tantek
(sorry if that's a dumb question)
#
jaywink
invitations are closed on my instance. basically an account would mean a local account on my instance. there is a public instance at https://socialhome.network - it federates of course, but without logging in you wouldn't be able to follow anyway (to answer your question of following from another site)
#
jaywink
invitations == registrations
#
tantek
ok I think I understand
#
jaywink
basically like you can't follow a facebook user using a twitter account by visiting their facebook profile ;)
#
jaywink
(but then you can't anyway lol)
#
tantek
regarding a MVF of a Follow button, would those orange RSS chicklets qualify?
#
tantek
(asking people's opinions)
#
ben_thatmustbeme
jaywink: implementing publishing is pretty stright forward for any type of feed format, just a few rel links and then pinging an existing hub to push updates to subscribers
#
jaywink
ben_thatmustbeme: ? for sure it makes sense to do. I'll log an issue right away :)
#
ben_thatmustbeme
isn't diaspora working toward replacing their API currently?
#
Loqi
jaywink has 6 karma
#
jaywink
ben_thatmustbeme: with API do you mean the REST API or the federation protocol?
#
ben_thatmustbeme
ohh, is that it, they are creating a REST API in addition to the federation protocol?
#
saranix
jaywink: for diaspora AP are you guys planning to populate https://www.w3.org/TR/activitypub/#source-property ? (I hope yes)
#
jaywink
yes the REST API is for local users to interact with their account - for mobile clients for example. The federation protocol is just for server to server.
#
jaywink
saranix: I'm not with Diaspora project since 1,5 years :P I use it and implement the protocol in my own server (Socialhome)
#
saranix
oh wow
#
saranix
so who represents Diaspora in the CG?
#
ben_thatmustbeme
from what i have heard, diaspora has not shown much interest in working with the CG
#
jaywink
saranix: whether Diaspora is hacking on AP I don't know. Diaspora has renewed it's own protocol recently with various fixes and improvements.
#
saranix
I kind of secretly like the diaspora protocol...but mostly because it uses XML :-P
#
jaywink
I work with the diaspora protocol - that is why I keep mentioning it as examples :D
#
cwebber2
jaywink has supplied us with a lot of useful info about how Diaspora works though, and what its concerns and needs are, even if not working ont he project directly right now
#
cwebber2
which I appreciate, thanks jaywink !
#
cwebber2
there was another Diaspora person who showed up briefly but I think they didn't continue in the CG iirc.
#
ben_thatmustbeme
great jaywink, tis always good to have more input from different perspectives
#
cwebber2
or at least, not at the moment
#
ben_thatmustbeme
DenSchub: is from Diaspora
#
DenSchub
huh what when how what? yes, yes I am!
#
ben_thatmustbeme
speak his name, and he shall appear :P
#
jaywink
the diaspora protocol (now that is has some documentation and doesn't have to be reverse engineered :P) is good in the sense that it is absolute to how things work. No need to guess how things should go. I hope AP defines more strictly soon how delivery for example is supposed to work, once implementations actually get stuff working.
#
DenSchub
ben_thatmustbeme: irc highlights, they are a thing!
#
DenSchub
sorry, but i simply don't have the resources to read everything. however, jaywink also knows the protocol very well and he is in touch with the person mainly implementing it, so i totally trust him in answering questions :p
#
cwebber2
hi DenSchub
#
cwebber2
I'm not good with names, so I apologize :)
#
saranix
So I've read rhiaro's social protocol summary (too lazy to hyperlink, but you guys know which one), but I still don't understand why, if you've implemented ActivityPub, that you would want to also implement WebSub... anyone?
#
cwebber2
saranix: cross-compatibility with existing sites
#
saranix
thought that was it... hmm
#
ben_thatmustbeme
PubSubHubbub is very widely deployed and in use for social apps
#
cwebber2
some people are also still excited about it as its own protocol and it continuing :)
#
ben_thatmustbeme
but was never fully specified, it had some holes
#
cwebber2
and that's a-ok, and I think work on it is good
#
ben_thatmustbeme
and a bad name
#
saranix
almost seems like it's begging for a fracturing of the federation though
#
cwebber2
WebSub as a reification of things is good
#
cwebber2
saranix: the federation has *been* fractured for a long time :)
#
cwebber2
I think AP and WebSub folks talking has probably been helping
#
cwebber2
we're the closest we've ever been to uniting the fediverse, though granted it hasn't happened yet :)
#
ben_thatmustbeme
it was brought up pretty early, that 2 stacks isn't great, but its better than having no specs and getting a bunch of different stacks popping up
#
saranix
I'm pretty darn excited about AP. I wasn't a year ago, but now I feel like it nearly supports 100% of the more complicated usecases with extensions, albeit with a few caveats
#
saranix
err, I guess I was looking WebSub a year ago...don't think I even heard of AP til fairly recently
#
puckipedia
looks away for 30 minutes and somehow the discussion went into incredibly positive
#
saranix
grumbles tantek was bringing it down
#
ben_thatmustbeme
saranix: i think that was you too
#
saranix
I was trying to get him to understand he was making it an unsafe space, otherwise I would've walked away. I hate arguing. Especially when it's obvoius the other party has no intention of budging their position
#
cwebber2
puckipedia: I think it's because I reminded everyone that pie exists, and is good
#
puckipedia
so a thing I was wondering about
#
ben_thatmustbeme
in rereading the conversation though, you came off as extremely arogent, claiming you know for sure you can implement things that other people cannot, you basically just insulted all the mastodon devs directly
#
saranix
on edge of seat
#
saranix
yes puckipedia?
#
puckipedia
hm. Diaspora and such are best compared to Facebook, I would guess? Or maybe Google+ circles
#
saranix
ben_thatmustbeme: claiming superior skills can sound arrogant, if you ignore the context
#
cwebber2
puckipedia: yeah, Diaspora actually came up with these first
#
cwebber2
and G+ and Facebook adopted them
#
cwebber2
aspects in Diaspora
#
puckipedia
and GNU Social and Mastodon look more like Twitter
#
cwebber2
but yeah
#
cwebber2
puckipedia: that's very true yup
#
cwebber2
those are the two predominant designs
#
saranix
groups? what are the differences?
#
puckipedia
and we're trying to get two systems that have many differences to cooperate
#
cwebber2
and activitypub can technically serve both, but whether there will be a UX hybridization has yet to be seen
#
cwebber2
saranix: it's primarily "public by default" or "private by default"
#
cwebber2
and how you expose the UX for that
#
cwebber2
that's really the whole crux of it IMO
#
saranix
doesn't leak into the protocol though...we have envelopes for that?
#
puckipedia
I wonder if I should write down basically how these two systems would work in ActivityPub
#
cwebber2
so, I agree it's "not a protocol issue", but in reality
#
cwebber2
users will be using clients that may present things differnetly
#
ben_thatmustbeme
goes back to playing with socialhome
#
cwebber2
so while I disagreed a lot with tantek today, I do agree that UX is important, but really I think this is more about opening a dialogue about how these things will be seen
#
saranix
"clients that may present things differnetly" <-- feature++
#
cwebber2
well maybe it is, maybe it'll force some assumptions to break down and it turns out that's helpful, but it's likely be very awkward in the middle
#
puckipedia
I wonder.. There's one feature in ActivityPub which is kinda weirding me out because I personally don't think it has any use
#
puckipedia
or could actually be properly implemented
#
ben_thatmustbeme
jaywink, feature request: mf2 markup so i can parse posts
#
jaywink
ben_thatmustbeme: lots of very basic things missing still :P but have fun!
#
puckipedia
https://www.w3.org/TR/activitypub/#inbox-delivery I think this can't be implemented properly, because of authentication
#
cwebber2
I think XMPP Multi User Chat has a good example of a protocol technically supporting everything, but clients never succeeding
#
puckipedia
I can't verify you're in a collection that is not owned by the server
#
cwebber2
dramatically superior to IRC in protocol design
#
cwebber2
but all the clients that supported it were designed for Pidgin-style IM sessions
#
jaywink
ben_thatmustbeme: sure it could be done - unfortunately wont be top of my list but I'll log it to the tracker ?
#
cwebber2
and the UX of joining a multi-user-xmpp chat in pretty much every client
#
cwebber2
is still unsatisfying
#
ben_thatmustbeme
don't worry, you may just get a PR from me on that :)
#
jaywink
hehe great :)
#
saranix
XMPPs impl failure was in having a confusing XEP system... it overwhelmed developers before they even started
#
saranix
I think AP will succeed because I think that already there's almost a dozen impl being written
#
saranix
and there is really good diversity low-key (not everyone represented in CG though)
#
cwebber2
saranix: Multi User Chat seemed pretty well understood though
#
cwebber2
I still think that one failed for application adoption issues
#
jaywink
puckipedia: what do you mean about "can't be implemented"? the delivery is done by the receiving server onwards to other servers, so authentication shouldn't be an issue (afaik I understood the problem here)
#
cwebber2
puckipedia: ah yeah
#
puckipedia
jaywink: actually .. ehm. wait, correction
#
cwebber2
puckipedia: I know what you're talking about
#
puckipedia
jaywink: inbox forwarding. the server that receives the message then forwards it
#
cwebber2
puckipedia: you sign up to a Collection, like it's a mailing list
#
cwebber2
are you really part of it?
#
cwebber2
is one example
#
puckipedia
jaywink: but it can't do that, because it's not authorized to act in name of that server
#
saranix
puckipedia: if I understand you right, I have a private Collection (mnemberlist private), and I want to deliver to the collection, my server knows it has to explode the collection to a list of names when delivering to their inboxes
#
puckipedia
saranix: no, I mean the other thing
#
puckipedia
wait I linked the wrong thing :<
#
puckipedia
I linked the right thing. inbox forwarding
#
puckipedia
... wait, okay, well, I think I did something wrong myself
#
puckipedia
I think I started confusing myself
#
jaywink
User A makes Like to Note of User B. User B server should forward it to other people that received the note
#
puckipedia
well, authentication is still an issue
#
jaywink
User C who receives Like of User A from User B should verify it
#
jaywink
somehow :P
#
cwebber2
jaywink: right, it's not User A's server that does the forwarding, and right
#
cwebber2
and actually there's a problem where looking it up with user C's credentials is not enough
#
puckipedia
cwebber2: tbh, inbox delivery I fix by allowing you to see all items in your own inbox. withotu checking authentication
#
cwebber2
because the reason they may have gotten it is because it was forwarded and user A's server doesn't know who's in the collection
#
puckipedia
but that brings other issues with it
#
jaywink
*cough* signatures *cough*
#
cwebber2
jaywink: yep
#
cwebber2
LDS would help here.
#
puckipedia
jaywink: yes yes yes. but that doesn't fix the issue that you can't verify that you are allowed to see the object
#
puckipedia
s/yes./yes :P/
#
puckipedia
e.g. a message to from https://a.example.com/user to https://b.example.com/user, sent to: ["https://a.example.com/collection","https://b.example.com/collection"]
#
puckipedia
now b.example.com/someoneelse wants to see the object. server b checks its https://b.example.com/collection, but someoneelse isn't there. Now what? Deny authentication? Try to get it on a.example.com and hope it works?
#
puckipedia
or imagine a user on a.example.com trying to get it, but they aren't in a.example.com/collection
#
puckipedia
and both collections are private of course
#
puckipedia
okay you know I'm going to finish JSON-LD support
#
jaywink
b.example.com/someoneelse should definitely not see the object in this case? I don't see why b.example.com/user would ever have forwarded it to that user. Assuming I understood the problem description.
#
cwebber2
puckipedia: well, maybe just assume that if you got the signed object delivered to your inbox, you can see it ;)
#
cwebber2
it's different for the siteInbox
#
cwebber2
hey, I can read everything that hits my email inbox, so...
#
puckipedia
jaywink: b.example.com/someoneelse is in a.example.com/collection
#
puckipedia
cwebber2: yes, but someone else could've delivered it *with* the signature
#
cwebber2
right if it has the signature
#
cwebber2
then you know it's legit
#
cwebber2
and you can read it
#
cwebber2
servers shouldn't be forwarding people stuff they shouldn't read
#
jaywink
puckipedia: ok but then b.example.com/user would not deliver it as a forward :)
#
puckipedia
cwebber2: you would not send the signatures to the client?
#
cwebber2
puckipedia: sure it can go to the client too, I don't see how that's a problem
#
puckipedia
because then the client could use the signed object and send it to someone else
#
cwebber2
but it's the server that usually makes sure it's legit before handing it to the client
#
cwebber2
puckipedia: I can forward a private email too...
#
puckipedia
and now it's in their inbox and you skip authentication? :P
#
puckipedia
cwebber2: but it wouldn't update though?
#
puckipedia
a private email won't update if it's changed. an AP object will
#
cwebber2
a signature won't be valid if it's updated?
#
cwebber2
puckipedia: you might get an old copy of an object and never get an update, that's true
#
puckipedia
I mean. I would insert the ID ofthe activity into the inbox. and it'd automatically update for everyone on the server at the same time
#
jaywink
rogue servers could skip checking any proof of authorship and dump every private message out to google - not much that can be done except either encrypt or not share with a rogue server :P
#
cwebber2
updates do make things tricky but
#
cwebber2
you could look at the timestamp
#
cwebber2
and pick the latest one
#
cwebber2
if they're both signed by the actor
#
cwebber2
then it should be trustable that it really is the newer one
#
puckipedia
I mean. I would verify the signed upda- ooh no
#
puckipedia
wait, no, not an issue
#
cwebber2
I think it's fine actually!
#
cwebber2
the key is signing the object
#
puckipedia
I would personally sign the object, but all the objects flattened out
#
cwebber2
no pun intended
#
puckipedia
but how would that work with updates? but then I realised, the object itself is signed too
#
cwebber2
and since it has a timestamp
#
cwebber2
you can identify it
#
cwebber2
I'm not totally crazy for pushing for signatures
#
puckipedia
well, we need to specify how to sign
#
cwebber2
I'm glad other people in this channel aside from myself and jaywink are coming to conclusions on their own ;)
#
cwebber2
that's true :)
#
puckipedia
saranix had the idea of also signing specific values from *inside* the object. but I personally think that's a bad idea
#
cwebber2
but for a long time this group has been predominantly anti-signatures
#
puckipedia
cwebber2: butthen we realised we can't do without :P
#
jaywink
cwebber2: I just come from using a protocol that works like this - and it works ;)
#
puckipedia
if you sign data from inside, you have to verify by unflattening the objects
#
cwebber2
puckipedia: well ok, if you sign an object in LDS
#
cwebber2
you're signing it as either embedding the objects or not
#
cwebber2
take a look at the nquads on http://dpaste.com/1ACY96B
#
puckipedia
hm. Can we somehow spec that out?
#
cwebber2
puckipedia: you mean specify whether or not you *should* sign the child objects?
#
puckipedia
cwebber2: yes
#
cwebber2
I mean really, you can see whether it did and leave it to server's choice
#
cwebber2
just by seeing whether they chose to include the full object
#
cwebber2
though, storing the choice if you want to reproduce it
#
puckipedia
well. one issue with that
#
cwebber2
*that* may be tricky
#
cwebber2
is that your one issue? :)
#
cwebber2
because I agree that's a tricky thing
#
puckipedia
as a server, if I deliver e.g. a Create activity, I want to embed the object inside, so the receiving server doesn't have to do another roundtrip
#
puckipedia
but then I have to sign the thing in total
#
puckipedia
but I would sign every object separately
#
cwebber2
puckipedia: you can do both
#
cwebber2
puckipedia: oh, though I see what you mean
#
cwebber2
you can sign the "child" objects on their own
#
cwebber2
but the entire thing, you have to sign as one thing
#
cwebber2
that's true.
#
cwebber2
if you're doing in one payload.
#
cwebber2
puckipedia: what's wrong with signing as one payload though?
#
cwebber2
puckipedia: the main problem I see is storage of each object along with its signature
#
cwebber2
if you want to forwad them along
#
jaywink
for s2s wouldn't it always be one child?
#
puckipedia
jaywink: I unflatten to a depth of 3 always
#
puckipedia
cwebber2: maybe we can just specify you json-ld flatten it and sign each object? :)
#
cwebber2
puckipedia: heh :)
#
puckipedia
but, hm
#
cwebber2
puckipedia: the tricky thing, which I think you're getting but I want to say out loud
#
cwebber2
is if I want to
#
cwebber2
{Like {Accept {Offer}}} ;; like that someone accepted some sort of proposal
#
cwebber2
{Accept {Offer}} could be transmitted as
#
cwebber2
{"Accept" {Offer}}
#
cwebber2
{Accept <offer-uri>}
#
cwebber2
and those would be signed differently
#
puckipedia
yep!
#
cwebber2
puckipedia: I agree this is a problem.
#
puckipedia
and would you sign the object with the uris, or would you sign the payload?
#
puckipedia
if you sign the payload you can't pass it on
#
cwebber2
puckipedia: maybe I should take this to the verifiable claims community group
#
cwebber2
get their advice
#
cwebber2
puckipedia: oh you can pass it on if you sign the expanded one
#
saranix
we sort of touched on this over the weekend
#
cwebber2
but you have to consistently either flatten or unflatten
#
saranix
about assurance symantics
#
saranix
if you sign the object, you are assuring the object integrity, if you are signing the url, you are not
#
cwebber2
saranix: right that's true
#
ajordan
saranix: would you be okay with https://github.com/w3c/activitypub/issues/246#issuecomment-316420431 as a resolution to the Collection size issue?
#
Loqi
[cwebber] Yeah I think it should go in security considerations. I'd be good with that.
#
saranix
oh hmm, those comments are missing my later normative references about the Prefer: header
#
saranix
err informative i guess
#
saranix
ld-sigs group
#
saranix
I think. Will probably have to find it in the IRC logs, I don't think I have those windows open anymore
#
puckipedia
<saranix> if you sign the object, you are assuring the object integrity, if you are signing the url, you are not <- okay, hm
#
puckipedia
user A posts a note. user B posts a reply and signs it (including user A)
#
puckipedia
user C posts a reply to user B, and signs it (including user B's reply, which includes user A's reply, because signature)
#
puckipedia
etc etc etc.
#
puckipedia
now user ZZ gets the reply user ZY posts. does that mean it contains all the replies from A-ZY?
#
puckipedia
you can't remove any of the inReplyTo, because it breaks the signature
#
cwebber2
puckipedia: I usually don't include the inReplyTo object as something expanded
#
cwebber2
but you're right
#
cwebber2
if you started adding and signing it
#
cwebber2
you force the payload to grow
#
cwebber2
another way to do it actually
#
cwebber2
is cut the chain yourself!
#
cwebber2
even if you got
#
saranix
puckipedia: no, ZZ can have an object that inReplyTo is a url
#
cwebber2
{Note inReplyTo {Note inReplyTo {Note}}}
#
saranix
"cut the chain yourself" <- this
#
cwebber2
you can just {Note <link>}
#
cwebber2
saranix: you got it
#
jaywink
always signing the object itself, not including other objects
#
puckipedia
saranix: but then user ZY can change the object, and trick you into replying something stupid
#
cwebber2
jaywink: or just not embedding the object
#
jaywink
cwebber2 yes, exactly
#
saranix
puckipedia: UI issue as discussed before
#
cwebber2
puckipedia: that's always a risk in a mutable system
#
saranix
puckipedia: UI should convey what is and what isn't signed
#
cwebber2
you can keep around their old object, maybe
#
cwebber2
if you still have their old object, you'd know and could present it
#
cwebber2
if you overwrote it, tough luck
#
cwebber2
this is one reason that I started thinking about the append-only approach in http://dustycloud.org/blog/an-even-more-distributed-activitypub/
#
cwebber2
I think nightpool raised that some users prefer that mutability is propagated
#
cwebber2
you can't force someone to remove their old copy (and with signatures you can prove it)
#
cwebber2
but maybe you wanted to fix what you said
#
cwebber2
that's going down a rabbit hole though
#
cwebber2
we aren't building that system at present
#
puckipedia
I mean more the DoSing by requiring the object to contain a million nested objects in order for the signature to be valid
#
cwebber2
puckipedia: there's no requirement that you keep the nesting
#
cwebber2
*only* if you want to share the child object
#
saranix
yeah
#
cwebber2
puckipedia: you're right, if you want to keep it around to prove they didn't make a fool of you
#
cwebber2
though if you were doing that
#
puckipedia
. o O ( an object that refers itself, and you have to include it in itself for 100000 times for the signature to be valid )
#
cwebber2
you're maybe such a cyber-necromancer that you could still keep around the old object and even if you linked to its uri, you can present it
#
cwebber2
puckipedia: lol, that would be nonsense and also
#
cwebber2
puckipedia: it turns out that if you presented it in n-quads
#
puckipedia
it de-nests itself?
#
cwebber2
it would be as efficiently stored as one level deep :)
#
puckipedia
oh frick yep
#
puckipedia
I suddenly realised how n-quads look
#
saranix
ajordan: re: https://github.com/w3c/activitypub/issues/246#issuecomment-316420431 I was thinking we add something similar to https://www.w3.org/TR/ldp-paging/#ldpp-client-advertise but more specific to AP and less RDF
#
Loqi
[cwebber] Yeah I think it should go in security considerations. I'd be good with that.
#
cwebber2
saranix: I think we should add an extension to handle requesting paging settings
#
cwebber2
as ajordan said, as far as security goes, someone could "request" a size, and the server could still lie
#
cwebber2
so the receiver still has to be on-guard anyhow, or people still need to play nice
#
cwebber2
so I think security considerations is a good fit
#
saranix
cwebber2: yeah, 2 seperate things though, the ldp-paging-style thing should be in the spec I think
#
saranix
cwebber2: so people at least know what a proper Prefer header looks like
#
cwebber2
saranix: I'd like it also, but unfortunately I think it's too late to get that in
#
cwebber2
that's a big normative change and I'm not convinced we'd get it right in time
#
cwebber2
puckipedia: yeah we've had some convo in here about how database design influences thinking
#
cwebber2
and lately we've just been talking about relational vs document store approach
#
cwebber2
but this group does have people thinking in terms of graph stores too ;)
#
cwebber2
even if they've been more quiet lately
#
cwebber2
triple/quad stores
#
puckipedia
wait, aren't -- oooooh
#
puckipedia
I SHOULD TRY THAT
#
cwebber2
you would probably love it puckipedia
#
Loqi
rofl
#
puckipedia
I realised that was the thing I missed to get it properly into a database
#
puckipedia
really fast searching on any attribute
#
puckipedia
without being stuck to one database
#
saranix
yeah, you have to pretty much choose one
#
cwebber2
I wish postgres had good out of the box support for quad/triple stores
#
cwebber2
the way they've adopted support for document store stuff with jsonb
#
saranix
cwebber2: it does sort of... has xml AND json indexing :-)
#
cwebber2
saranix: hm, not the same thing
#
cwebber2
though I agree that's cool
#
cwebber2
those are tree structures
#
cwebber2
graph structure is a lot more flat
#
saranix
more like DAG
#
cwebber2
not directed necessarily :)
#
cwebber2
cycles allowed ;)
#
cwebber2
the web has tons of cycles
#
puckipedia
create table elementName(id integer, name string); create table triples (subjectId integer, predicateId integer, object string);
#
puckipedia
sometrhing like that
#
cwebber2
anything with both forward and back links has cycles :)
#
cwebber2
puckipedia: okay yeah, technically you could do that :P
#
puckipedia
cwebber2: well, I'm thinking how I could get it so I can look up anything incredibly fast
#
cwebber2
I'm not sure all the tooling would be as sweet as in graphdb and etc though
#
cwebber2
or datadog, whatever that is
#
cwebber2
stardog?
#
cwebber2
something dog
#
cwebber2
proprietary, sadly
#
puckipedia
so now e.g. I can search for content by looking up the AS2 content id, then do select subjectId from triples where predicateId=contentId and object like '%puckipedia%';
#
saranix
pg rocks, it can handle anything :)
#
cwebber2
I like PG
#
cwebber2
though I wish I could talk to it in AST form
#
cwebber2
instead of having to use "stringly typed" systems
#
puckipedia
cwebber2: tbh my AS2 C# wrapper is incredibly inspired by triples
#
cwebber2
little bobby tables ftl
#
cwebber2
puckipedia: cool
#
puckipedia
I mean, it's a map<string, list<string>>
#
puckipedia
approx
#
cwebber2
puckipedia: one reason I've stayed away from it in pubstrate:
#
cwebber2
I wanted pubstrate to be as dumb as possible so I wouldn't push too many assumptions about linked data stuff in there for people who had to build off of existing systems
#
cwebber2
eg, I don't appreciate when conversations start *assuming* I'm using a triple/quad store
#
cwebber2
sometimes people work with applications that aren't doing that
#
cwebber2
I want to make sure that AP can work on codebases that have the database structures people currently have
#
saranix
I feel like almost anything can be translated to-from a triple/quad
#
cwebber2
saranix: probably everything can
#
cwebber2
though, it's not a mindset, or structure, everyone has
#
saranix
mostly aspies :-P
#
cwebber2
so I wanted to try to make I didn't move forward with it myself when trying to make sure AP landed :)
#
cwebber2
saranix: hopefully you meant that in a pro-aspie way!
#
saranix
absolutely
#
cwebber2
ok good :)
#
saranix
I'm in the aspie is a difference not a disease camp. Like left-handedness.
#
puckipedia
hm. The biggest issue with JSON-LD is that it assumes everyone uses a weak typed language
#
puckipedia
I would like it if the JSON-LD api clearly indicates "a full inverse context looks like this:"
#
saranix
I'm still unclear on some things JSON-LD dictates about types. For example why an xsd#float isn't typed when normalizing but an xsd#datetime somehow is
#
puckipedia
because JSON has a float, but no datetime?
#
saranix
but if you look at xsd there is no semantics that state this
#
saranix
I guess? it's never really specified anywhere
#
saranix
json floats are kind of loosely defined as is
#
saranix
not even IEEE1194 or whatever
#
saranix
probably the wrong number
#
puckipedia
IEEE754?
#
cwebber2
in any type system you have low level primitive types, and types composed on top of those
#
saranix
yeah that sounds more right ;-)
#
cwebber2
saranix: so this is the difference between object types and value types basically...
#
puckipedia
oooh, I get how JSON-LD dose this
#
puckipedia
inverse context is a {"iri": {"@container": {"@language": {}, "@type": {}}} I think?
#
cwebber2
yeah so contexts can specify how those value types work
#
cwebber2
puckipedia: wait inverse context, what?
#
cwebber2
where is that stated
#
puckipedia
cwebber2: in the compaction algorithm
#
cwebber2
oh the algorithms :)
#
cwebber2
the algorithms use some terms that aren't technically part of the user-facing syntax
#
puckipedia
I know! :)
#
cwebber2
they overload the term context, yeah
#
cwebber2
it's super frustrating
#
cwebber2
it has NOTHING to do with an @context
#
cwebber2
I got SO confused when implementing it
#
puckipedia
the inverse context is just a map from iri -> container/type/language map
#
cwebber2
then I asked them and basically the response was... yeah.... that doesn't mean a context like the term we use context for ;)
#
cwebber2
yep you got it
#
cwebber2
so basically you build up a mapping of how to reverse everything
#
cwebber2
puckipedia: these are really only of concern to people working on jsonld libraries though :)
#
puckipedia
so that's me :P
#
cwebber2
or people curious enough to open the hood ;)
#
puckipedia
json-ld.net is horrible as I mentioned before
#
puckipedia
I'm building a thing that works asynchronously
#
puckipedia
I could even make it defer processing until background, to get more @contexts
#
puckipedia
it can already process contexts and expand
#
puckipedia
the word 'language' looks weird now
#
saranix
puckipedia: so you are righting your own ld-sigs?
#
puckipedia
yes
#
saranix
cool
#
puckipedia
I'm first fixing up the JSON-LD parser I'm writing
#
saranix
oh know...the homonyms are coming out :-o
#
puckipedia
then I'll probably replace the current hacky AS2 parser with it
#
saranix
gah! my bank changed to a serif font and it hurts my eyes
#
saranix
's AS2 parser just got n times more craptastic
#
puckipedia
" append the result of of using the IRI Compaction algorithm, passing"
#
puckipedia
of of? :P
#
saranix
Clear as mudd
#
saranix
I'm almost afraid to share my ideas with the crowd now
#
Loqi
[cwebber] #7 Storing information on whether a child object is referenced by id or included recursively
#
puckipedia
cwebber2: good
#
puckipedia
wonder if it's really an issue in ld-signatures
#
cwebber2
I don't think it is
#
cwebber2
I asked someone who works on it and they said why not file on github
#
cwebber2
and I was like, is that the place? but they thought people could ask to move it to another venue if it should be
#
cwebber2
I did it
#
puckipedia
tbh json-ld is made so that you can link these objects
#
puckipedia
so I guess it's kinda valid
#
cwebber2
at the very least
#
cwebber2
it seems like something people will encounter
#
cwebber2
the bunch of us bumped into it conceptually independently
#
cwebber2
so surely others will
#
cwebber2
should have a good answer to give people, at least.
#
saranix
I'll have to read it again when I'm not so hungry
#
saranix
actually no, I'm able to *ahem* digest ;-) it just fine...
#
saranix
I see a problem...
#
saranix
Eva's server did not store the object that was signed, that's eva's server's fault
#
saranix
of course the signature does not match
#
saranix
why even bother storing the signature at that point
#
cwebber2
it did store the object
#
cwebber2
but it stored it as a separate object
#
puckipedia
saranix: You store the information needed to rebuild the document as it was signed
#
cwebber2
yep what puckipedia said
#
saranix
yeah, if you do, then there is no problem
#
cwebber2
there's still a problem
#
cwebber2
because when it rebuilds it, it needs to know whether to "just link" to the object, or expand it, see?
#
cwebber2
and it needs to know that for *every property*
#
cwebber2
that's a lot of extra bookkeeping, and it may not be obvious how to do it.
#
saranix
then it didn't store the object. it only stored a representation and lost fidelity
#
puckipedia
cwebber2: not every. I would suggest storing only the list of objects that have to be expanded
#
saranix
that's a datastore problem
#
puckipedia
tbh, if you can't rebuild the signature, just return an id to the object instead
#
saranix
yeah
#
cwebber2
puckipedia: but you still need to know about whether you'll rebuild the signature right or not
#
cwebber2
puckipedia: you could *check* the signature every time you rebuild, true
#
cwebber2
but, that seems kinda weird
#
cwebber2
as a solution
#
puckipedia
you know which objects have to be expanded. you verify if you store all the properties in the object
#
puckipedia
if you can't rebuild the signature for any child object that is embedded, or you don't store all the properties, you can't rebuild the signature
#
saranix
if you want to deconstruct the object, you can make it a lot of book-keeping. Or you can make it easy on yourself, store the signed object, in it's entirety, as json, even in a relational db.
#
puckipedia
I can imagine Mastodon might add a 'string signature' in the statuses table
#
puckipedia
they just determine beforehand 'can we rebuild this signature'. if it's possible, signature is set to the json of the signature
#
saranix
or if you could store a hash and check if your rebuilt matches the hash
#
saranix
I'll have to think about this some more though...
#
saranix
those are kind of sucky choices... eat up a lot of space in your db, or fetch a fresh copy...
#
puckipedia
saranix: if you pass an id and the other user also has an id, it's fine(TM)
#
puckipedia
{type: Accept, object: {type: Bed}}
#
saranix
gnight
#
saranix
I just thought of a compaction algorithm... it's not great, but it could be good
#
saranix
something like { object: { fields:[], object: { fields:[], object: fields: [] } } }
#
saranix
store the json of that and use it to reconstruct properly
#
saranix
along with the sig
#
saranix
and the signed obj obviously
#
saranix
would also apply to target field too
#
saranix
if target is an obj and not an array
#
saranix
hmm... so json gzips pretty ok. :)
#
saranix
create table sigrebuild(sigid text, field text, depth int); <-- list of objects that need to be expanded for that sig
#
saranix
I wonder what vc will come up with...