#social 2017-07-19
2017-07-19 UTC
ben_thatmust and ben_thatmustbeme joined the channel
# saranix Hmm... missing endpoint: asking the server to deliver an object by id from other origins. i.e. a client can only access objects by collection. Technically an object can be fetched by url if it is same origin, but a local copy of a foreign object that's been delivered can't be got by id
xmpp-social joined the channel
# puckipedia saranix: you mean the proxyUrl?
JanKusanagi joined the channel
# saranix oh yeah, I suppose that works. The name is confusing because of my other extensions, but it works.
# saranix puckipedia: hrm, just noticed, your 'liked' collection is misnamed on your actor obj. "likes" is only for attaching to target objects, "liked" is the actor's collection.
# saranix so a "likes" collection on your actor object should could contain people who liked your actor object
# puckipedia woops
# saranix I did the same thing :-P
# puckipedia not feeling super well, so I just poked it into the issue tracker
# saranix poked what?
# saranix oh.. you mean for Kroeg
# saranix yeah
# saranix lol
# saranix only reason I did it is cause I copied your obj as a baseline when I started
timbl joined the channel
# Loqi Benthatmustbeme made 2 edits to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=103846&oldid=103712
# Loqi Benthatmustbeme made 1 edit to [[Socialwg/2017-07-18-minutes]] https://www.w3.org/wiki/index.php?diff=103847&oldid=103823
# ben_thatmustbeme new WD of JF2 just went out
# nightpool I probably won't be able to make the meeting, b/c i'm on vacation with family stuff, but I'm working on mastodon's websub report. found a few bugs that's im working through
# nightpool s/that's/that
# ben_thatmustbeme getting linkedIn invites from facebook recruiters.... somehow i don't think that would work out
judah joined the channel
bwn joined the channel
# ben_thatmustbeme jumps on to listen in
# ben_thatmustbeme hello
# ben_thatmustbeme cwebber2:
# ben_thatmustbeme JF2 updated WD went out today
# ben_thatmustbeme in other news, i forked bcrypt-ruby because ... well... just because
# Loqi Benthatmustbeme made 1 edit to [[Socialwg/2017-07-25]] https://www.w3.org/wiki/index.php?diff=103854&oldid=103820
# ben_thatmustbeme i think we can get 50 minutes back, the conference room is taken, so i can't really talk, but we can discuss things in IRC
# trackbot Sorry, cwebber2, I don't understand 'trackbot, skip meeting'. Please refer to <http://www.w3.org/2005/06/tracker/irc> for help.
# cwebber2 for https://github.com/w3c/activitypub/issues/244 Evan suggested using https://www.w3.org/TR/activitystreams-vocabulary/#modeling-friend-requests instead of requiring accept/reject of Follow
# ben_thatmustbeme so is the issue "rejecting" friend requests, or making sure they were received, or both
# ben_thatmustbeme as those are different layers
# ben_thatmustbeme "in theory", there dragons lie :P
# ben_thatmustbeme well, i know that was brought up, if its 'reject' you don't want that confused with 'didn't receive it'
# ben_thatmustbeme so i'm just trying to make sure there is a basic 'ack' as you don't want rejects to just keep retrying
# ben_thatmustbeme which would be the issue with existing implementations
# ben_thatmustbeme i know, just setting that as a stage
# ben_thatmustbeme what are the advantages / disadvantages for each option here
bwn and jaywink joined the channel
tantek joined the channel
# ben_thatmustbeme sorry cwebber2, was in a meeting at the same time
# saranix considering everything that happened over the weekend I thought this would be a busy meeting
# puckipedia MVF?
# puckipedia ah
# saranix It's not that difficult
# saranix I think the people that struggle are used to only seeing one very specific usecase
# saranix some people have no imagination outside their own pet projects
# saranix hubzilla/zot seems really straightforward. request permission, ok here's your permissions, or "GTFO"
# puckipedia doesn't Mastodon do follow authorization too?
timbl joined the channel
# puckipedia cwebber2: request-friend
# puckipedia then the user must respond with authorize/reject
# saranix that's where the "complexity" creeps in. People thinking that "friend" means something. It doesn't. Discrete perms and permission-sets is the only logical way to go.
# saranix layer 10 on the OSI model ;-)
# saranix tantek: now you lost me
# puckipedia saranix: so all the systems I can think of.... A user generally follows one person, and can then put them into one or more categories
# puckipedia saranix: think Google+ circles, etc. but you do not ask specifically to be put in the 'weird friends' group, you probably won't even know that group exists
# saranix tantek: "people" in my assertion is "developers" not users, you are conflating. I agree the user is always right.
# saranix tantek: at current rate, I imagine it will probably take me at least 2 more weeks before my impl is spitting messages across the ether
# saranix tantek: "in popular social media silos" I think is an extremely narrow and actually ironicly unrelated domain to the AP protocol
# saranix no, I mean it's a bunch of people who all copied one narrow impl
# saranix It's like looking at Christianity sects instead of religion
# saranix but they are all centralized, and AP is inherently decentralized. Apples and oranges.
# saranix tantek: not missing the point, I'm deliberately *rejecting* the idea that silos have innovated. I say they stagnated and incestously copied each other.
# saranix Looking at silos as an example of diversity of impl is like looking at all the White people to get an understanding of diversity.
# saranix My opinion is that methodology is bigoted.
# saranix you say it's difficult, but then when trying to analyze it, you only want to look at one tiny little usecase without giving an credence to minorites simply *because* they aren't popular/wide-spread
# saranix the majority minority seems to be the only one you care about
# saranix http://hubzilla.org
# saranix already mentioned by name without link
# tantek I'll check out http://hubzilla.org
# saranix I feel like you are the only one doing ignoring. Myself and cwebber are talking about big picture and all you are talking about is silos
# saranix "shipping things and getting people to use them does" <-- there, that's the source of my consternation. That's bigoted thinking.
# saranix not true at all
# saranix but I don't feel like arguing right now...
# saranix And that's why a HUGE number of people hold the opinion that IETF and W3C are inherently bigoted processees not worth participating in
# saranix there you go again, with your bigoted brain. "you must argue on my terms or your argument isn't valid"
# saranix you've left me no options. You've excluded me a bunch of different ways, leaving me no way to defend my position.
# saranix That's personal.
# saranix If you fail to see my criticism for what they are, then you aren't even listening.
# saranix maybe, I don't know. This isn't a very diverse group. I'm pretty outnumbered as it is.
# tantek hubzilla.org redirects to https://project.hubzilla.org/page/hubzilla/hubzilla-project which is a project page. that's a good start, and has some bold claims on it. I don't see any links on that page to actual running deployments that are in actual (non demo) use. do you know of any?
# saranix sandro: all who don't share the same methodology
# saranix if one person has an idea, and it's a really good solution to the problem, it doesn't suddenly stop being a good solution because only one person came up with it, and it isn't popular *yet*
# saranix populism is bigotry
timbl joined the channel
# tantek https://the-federation.info/ is a fascinating directory of sorts
# saranix I believe the diaspora project is custodian of that site
# saranix informally
# saranix anyone can opt-in to being listed by only implementing the part of the protocol that gets you listed though :-)
# tantek notes "diaspora* protocol" links to https://diaspora.github.io/diaspora_federation/
# saranix take back the acronym!
# sandro y'all haven't read Amy's thesis. Opening quote of chapter 4: https://rhiaro.github.io/thesis/chapter4
# tantek I'm surprised she didn't reference https://en.wikipedia.org/wiki/Narcissism_of_small_differences
# saranix <3 thomas willingham
# puckipedia sandro: iirc isn't postActiv a fork of GNU Social?
# saranix Getting added to the-federation.info: https://github.com/jhass/nodeinfo/blob/master/PROTOCOL.md
# saranix just have to support that protocol endpoint. A json blob basically.
# tantek interesting, https://rhiaro.github.io/thesis/chapter4#standards-and-monocultures criticizes Hubzilla/Zot as monoculture (by section and "isn't clear there is uptake outside of Hubzilla implementations")
# saranix there is slow uptake, but most people only want to half-ass implement the tiny featureset that silos have and be done, but Zot has many features that no one else does.
# saranix everyone who has implemented Zot has implemented the full stack
# saranix and yes
# saranix it exists on hundreds of servers and 4 different software stacks that I know of
# saranix Hubzilla is an interesting case. Y'all might not be aware, but there is even a rift amongst Hubzilla vs Redmatrix
# tantek saranix, that rift is referred to in the opening quote of https://rhiaro.github.io/thesis/chapter4#standards-and-monocultures
# tantek sorry, opening quote of https://rhiaro.github.io/thesis/chapter4
# saranix oh hah, yeah... but what isn't mentioned there is that Hubzilla is a fork by the creator of Redmatrix
# saranix he insists it is an upgrade and not a fork, but it's a fork
# saranix that's actually where the anger from Thomas' quote comes from
# saranix https://www.xkcd.com/1095/
# ben_thatmustbeme haha
# ben_thatmustbeme nice
# saranix remembers that Thomas doesn't like having his s stolen s/Thomas'/Thomas's/
timbl joined the channel
# tantek finishes reading https://rhiaro.github.io/thesis/chapter4 decides to come back later to start at chapter1
# ben_thatmustbeme wait, seriously?
# saranix shakes head that people would even consider it a good idea
# saranix tantek++
# ben_thatmustbeme i guess a self hosted version of gitlab isn't on the table though
# saranix :)
# saranix sandro++
# sandro tantek, anything public about AB discussion I can link from https://github.com/w3c/specberus/issues/629#issuecomment-316456848
# tantek if you want a public link for "most recent AB meeting", that is https://www.w3.org/wiki/AB/2017-06-MA
RRSAgent joined the channel
# RRSAgent logging to http://www.w3.org/2017/07/19-social-irc
# ben_thatmustbeme loqi, time?
# ben_thatmustbeme wasn't there something like that
# ben_thatmustbeme it would just put the current timestamp on to it
# ben_thatmustbeme lol
# ben_thatmustbeme true
# tantek http://tantek.com/2011/238/b1/many-ways-slice-url-name-pieces#ud fragement predates and is used in more specs than hash
# saranix totally right about haggling over the price
# tantek I believe https://github.com/w3c/specberus/issues/629 is the only issue in existence where sandro, tantek, and chaals actually agree in contrast to others.
# saranix well it's all right.
# jaywink btw, the-federation.info is missing two new projects that federate using the Diaspora protocol. Socialhome (https://github.com/jaywink/socialhome <-- mine) and GangGo (https://github.com/ganggo). I'm the author of the-federation.info, btw. Plan is to include non-Diaspora protocols there too, just haven't had time to do anything. Also, Mastodon doesn't seem to have an endpoint for statistics, the
# jaywink I logged this issue for a stats route: https://github.com/tootsuite/mastodon/issues/874 .. AFAICT instances.mastodon.xyz does web scraping or something
# saranix "superior UX, that no other decentralized attempt has come even close to" - this is a symptom of what I described earlier that the popular decentralized projects only try to copy the tiny featureset from silo "microblog"/tooting and nothing else. They just stop right there... lazyyyyy
# tantek is going to print out https://www.xkcd.com/1095/ when he gets to work and add it to existing collection of 386 and 927
# saranix tantek: federation and consensus: difficult, but self-implementing, no. And no one (besides Zot) has tried self-implementing extra features.
# jaywink what would be really interesting would be a standard way to expose statistics and metadata. Diaspora has NodeInfo but IMHO it's not good design: http://nodeinfo.diaspora.software/ .. maybe something for the SWICG :P
# tantek even cloning that bird site is pretty tough: https://indieweb.org/Twitter#Features
# saranix tantek: still disagree :)
# saranix I would never want to, it's useless crap :)
# saranix but that's a different question than whether it's difficult to copy features from non-social apps and make them social
# saranix jaywink: it would be nice for a slightly better version of that standard for sure
timbl and timbl_ joined the channel
# saranix Side note re: lazy vs difficult-- There are so many things that for some reason people think are difficult but they come super easy to me, but I literally can't spend any time showing the way because I'm spending 100% of my time "earning" food/shelter money... I suspect there are...
# jaywink my personal website runs on Socialhome and I can follow anyone from the Diaspora protocol powered network. I chose a Twitter style follow, ie if I follow someone, they don't have to follow me back. There is no approval for the follow, since it doesn't exist in the Diaspora protocol. I personally find it an odd use case anyway. I don't see why I should be able to approve who follows my public posts?
# saranix ... many hundreds of thousands if not millions of more people like me, who have solutions but can't implement them for the same reason... mathematically speaking it's the only thing that makes sense with 7 billion people and the number of solutions out there...
# saranix ...so when I criticize "lazy", it's from the standpoint, of these people have so many resources, hours and people, to make a product, and they waste it on only implementing tooting, it's kind of frustrating...
# saranix UBI++
# saranix none of this would be an issue if UBI were a thing
# saranix but I have 0 hours, whereas these tooting projects have "used" 1000's of hours on nothing
# saranix exactly
# saranix well
# saranix besides the point I'm making though
# saranix no no no
# saranix my point is, I have 0 hours, *if* I had 1000 hours, like these other projects had, then I would've implemented it. With *their* 1000 hours, they implemented effectively nothing.
# saranix it's not a fallacy
# saranix I'm not estimating either. I'm 100% sure my implementation would be more feature-rich if I had those 1000 hours. 100% sure. Not an estimation.
# saranix The reason I'm so sure, is because I can see, visually, with my weird brain, the entire process end to end, step by step, and nothing is unclear.
# saranix I can even see code. But to type it into a screen with these feeble hands that can only go ~180wpm
# saranix would take lifetimes
# saranix Don't make me angry again. Dismissing because no proof means you are 100% dooming me to failure because of my inaccassibility to funds. That's wrong.
# saranix "but I literally can't spend any time showing the way because I'm spending 100% of my time "earning" food/shelter money"
# saranix with 0 hours, it's infinitely impossible for me to win this argument by your conditions
# tantek do you know examples of anyone in history who can/could "see ... the entire process end to end, step by step, and nothing is unclear"? that's where the root of the skepticism is - no existing implementation was built that way so it's not unreasonable to be skeptical that any could be. you might be the first, but then that's the "extraordinary claim" aspect.
# saranix lifetimes vs 1000 hours I was talking about 2 different things
# saranix IF you knew what I know...
# saranix I have life experience to inform my estimations, backing it up. You can't see inside my brain to see those experiences, assuming they don't exist because I can't give you links is ignorant
# saranix evidence which is impossible to provide
# saranix thereby just shutting down the convo
# saranix No, it isn't
# saranix It's respecting another human being, taking them at their word that they aren't full of shit
# saranix you aren't even allowing for the possibility, that's not the same as questioning
# tantek no, I'm noting the extraordinariness of the claim, not the impossibility thereof. and thus requiring extraordinary evidence. not my quote: https://www.google.com/search?q=%22extraordinary+claims+require+extraordinary+evidence%22
# saranix You *think* the claim is extraordinary, my life experience informs me that it is a widespread truth, you aren't listening to me when I say that
# saranix I have examples, in my life
# saranix you can't see those
# saranix I'm repeeating myself
# saranix Faith that I'm telling the truth tantek. If you don't respect that then you aren't having a respectful conversation. I wish you would finally get that.
# saranix If you say "prove it" to everything, I have no way to change the tone of the conversation. It is literally impossible. You are making it impossible. GRR
# saranix but it's *not* extraordinary. I'm sorry your life experience is limited to not seeing these events, but if you were respecting me, you'd give me the presumption that I'm telling the truth about MY life experience... and continue the conversation on the basis of that presumption. To do otherwise is rude as fuck
# saranix in this room. in your limited experience. I'm telling you otherwise. Respect would dictate that you'd take me at that, and continue.
# saranix but you are dwelling
# saranix and I have no time for this
# saranix No, I'm asking that you take the stipulation in order to have a productive conversation about it instead of being so nihilist
# saranix Yes, and a conversation therefore requires stipulations, and you aren't allowing me to make a stipulation.
# saranix There is nothing productive about shutting down a conversation because you are incredulous of the premise.
# saranix nor respectful, I say
# saranix See now you're being rude again by appealing to the elistist "but science"...
# saranix the rules of science aren't the rules of having a respectful/productive conversation, and you know that
# saranix you're being elitist by *saying this is about science*
# saranix as if I don't know science
# saranix it's completely orthogonal to the conversation we are having
# saranix tl;dr "but I literally can't spend any time showing the way because" -- you're ignoring the entire first sentence that brought up the conversation when saying what the conversation is about
# saranix You are making it about that and that is precisely what is so rude
# saranix no it is not respectful when someone is telling you about their life experience and hardships to make the conversation about something else
# saranix cwebber2: you definitely don't want to, this is such a waste of time
# saranix tantek: stop making this about what you want it to be about
# saranix If you wanted to talk about the merits of UBI, or whether my statistical assertions were reasonable, that would be one thing, but you are just being a dick at this point
# saranix no it isn't, the convo started when I told you about a *personal experience*
# saranix respect dictates that you don't change the convo to be about you when someone is starting by telling you about themself
# tantek no the conversation started with https://chat.indieweb.org/social/2017-07-19/1500481574919000
# saranix No, that convo ended. *this* convo started when I gave my personal experience
# saranix there was like hours in between
# saranix No
# saranix You are disrespecting what was a personal experience story. You need to understand that.
# saranix You should've just ignored it if your intention was not to antagonize me.
# saranix No, I started the convo! There was hours in between!
# saranix You responded to my first message
# saranix so that's what the convo is about
# saranix I would've just walked away long ago, but now I really want tantek to understand his social faux paux
# ben_thatmustbeme jaywink, btw, does your new code do websub?
# saranix https://chat.indieweb.org/social/2017-07-19/1500489959247000 <-- conversation started here. Look at timestamps, other convo was hours earlier
# tantek jaywink, re: https://chat.indieweb.org/social/2017-07-19/1500490001779000 yes I am interested in both, but my question was specifically whether anyone actually shows an (interactive) "Follow" button on their personal site
# saranix I specifically say "side note"... the side note was about me, and my struggle, and you crapped all over that by diverting the convo to the previous quagmire
# tantek jaywink, this? https://github.com/jaywink/socialhome
# jaywink invitations are closed on my instance. basically an account would mean a local account on my instance. there is a public instance at https://socialhome.network - it federates of course, but without logging in you wouldn't be able to follow anyway (to answer your question of following from another site)
# ben_thatmustbeme jaywink: implementing publishing is pretty stright forward for any type of feed format, just a few rel links and then pinging an existing hub to push updates to subscribers
# ben_thatmustbeme isn't diaspora working toward replacing their API currently?
# ben_thatmustbeme jaywink++
# ben_thatmustbeme ohh, is that it, they are creating a REST API in addition to the federation protocol?
# saranix jaywink: for diaspora AP are you guys planning to populate https://www.w3.org/TR/activitypub/#source-property ? (I hope yes)
# saranix oh wow
# saranix so who represents Diaspora in the CG?
# ben_thatmustbeme from what i have heard, diaspora has not shown much interest in working with the CG
# saranix I kind of secretly like the diaspora protocol...but mostly because it uses XML :-P
# ben_thatmustbeme great jaywink, tis always good to have more input from different perspectives
# ben_thatmustbeme DenSchub: is from Diaspora
# DenSchub huh what when how what? yes, yes I am!
# ben_thatmustbeme speak his name, and he shall appear :P
# jaywink the diaspora protocol (now that is has some documentation and doesn't have to be reverse engineered :P) is good in the sense that it is absolute to how things work. No need to guess how things should go. I hope AP defines more strictly soon how delivery for example is supposed to work, once implementations actually get stuff working.
# DenSchub ben_thatmustbeme: irc highlights, they are a thing!
# DenSchub sorry, but i simply don't have the resources to read everything. however, jaywink also knows the protocol very well and he is in touch with the person mainly implementing it, so i totally trust him in answering questions :p
# saranix So I've read rhiaro's social protocol summary (too lazy to hyperlink, but you guys know which one), but I still don't understand why, if you've implemented ActivityPub, that you would want to also implement WebSub... anyone?
# saranix thought that was it... hmm
# ben_thatmustbeme PubSubHubbub is very widely deployed and in use for social apps
# ben_thatmustbeme but was never fully specified, it had some holes
# ben_thatmustbeme and a bad name
# saranix almost seems like it's begging for a fracturing of the federation though
# ben_thatmustbeme it was brought up pretty early, that 2 stacks isn't great, but its better than having no specs and getting a bunch of different stacks popping up
# saranix I'm pretty darn excited about AP. I wasn't a year ago, but now I feel like it nearly supports 100% of the more complicated usecases with extensions, albeit with a few caveats
# saranix err, I guess I was looking WebSub a year ago...don't think I even heard of AP til fairly recently
# puckipedia looks away for 30 minutes and somehow the discussion went into incredibly positive
# saranix grumbles tantek was bringing it down
# ben_thatmustbeme saranix: i think that was you too
# saranix I was trying to get him to understand he was making it an unsafe space, otherwise I would've walked away. I hate arguing. Especially when it's obvoius the other party has no intention of budging their position
# puckipedia so a thing I was wondering about
# ben_thatmustbeme in rereading the conversation though, you came off as extremely arogent, claiming you know for sure you can implement things that other people cannot, you basically just insulted all the mastodon devs directly
# saranix on edge of seat
# saranix yes puckipedia?
# puckipedia hm. Diaspora and such are best compared to Facebook, I would guess? Or maybe Google+ circles
# saranix ben_thatmustbeme: claiming superior skills can sound arrogant, if you ignore the context
# puckipedia and GNU Social and Mastodon look more like Twitter
# saranix groups? what are the differences?
# puckipedia and we're trying to get two systems that have many differences to cooperate
# saranix doesn't leak into the protocol though...we have envelopes for that?
# puckipedia I wonder if I should write down basically how these two systems would work in ActivityPub
# ben_thatmustbeme goes back to playing with socialhome
# saranix "clients that may present things differnetly" <-- feature++
# puckipedia I wonder.. There's one feature in ActivityPub which is kinda weirding me out because I personally don't think it has any use
# ben_thatmustbeme jaywink++
# puckipedia or could actually be properly implemented
# ben_thatmustbeme jaywink, feature request: mf2 markup so i can parse posts
# puckipedia https://www.w3.org/TR/activitypub/#inbox-delivery I think this can't be implemented properly, because of authentication
# puckipedia I can't verify you're in a collection that is not owned by the server
# ben_thatmustbeme don't worry, you may just get a PR from me on that :)
# saranix XMPPs impl failure was in having a confusing XEP system... it overwhelmed developers before they even started
# saranix I think AP will succeed because I think that already there's almost a dozen impl being written
# saranix and there is really good diversity low-key (not everyone represented in CG though)
# puckipedia jaywink: actually .. ehm. wait, correction
# puckipedia jaywink: inbox forwarding. the server that receives the message then forwards it
# puckipedia jaywink: but it can't do that, because it's not authorized to act in name of that server
# saranix puckipedia: if I understand you right, I have a private Collection (mnemberlist private), and I want to deliver to the collection, my server knows it has to explode the collection to a list of names when delivering to their inboxes
# puckipedia saranix: no, I mean the other thing
# puckipedia wait I linked the wrong thing :<
# puckipedia I linked the right thing. inbox forwarding
# puckipedia ... wait, okay, well, I think I did something wrong myself
# puckipedia I think I started confusing myself
# puckipedia well, authentication is still an issue
# puckipedia cwebber2: tbh, inbox delivery I fix by allowing you to see all items in your own inbox. withotu checking authentication
# puckipedia but that brings other issues with it
# puckipedia jaywink: yes yes yes. but that doesn't fix the issue that you can't verify that you are allowed to see the object
# puckipedia s/yes./yes :P/
# puckipedia e.g. a message to from https://a.example.com/user to https://b.example.com/user, sent to: ["https://a.example.com/collection","https://b.example.com/collection"]
# puckipedia now b.example.com/someoneelse wants to see the object. server b checks its https://b.example.com/collection, but someoneelse isn't there. Now what? Deny authentication? Try to get it on a.example.com and hope it works?
# puckipedia or imagine a user on a.example.com trying to get it, but they aren't in a.example.com/collection
# puckipedia and both collections are private of course
# puckipedia okay you know I'm going to finish JSON-LD support
# puckipedia jaywink: b.example.com/someoneelse is in a.example.com/collection
# puckipedia cwebber2: yes, but someone else could've delivered it *with* the signature
# puckipedia cwebber2: you would not send the signatures to the client?
# puckipedia because then the client could use the signed object and send it to someone else
# puckipedia and now it's in their inbox and you skip authentication? :P
# puckipedia cwebber2: but it wouldn't update though?
# puckipedia a private email won't update if it's changed. an AP object will
# puckipedia I mean. I would insert the ID ofthe activity into the inbox. and it'd automatically update for everyone on the server at the same time
# puckipedia I mean. I would verify the signed upda- ooh no
# puckipedia wait, no, not an issue
# puckipedia I would personally sign the object, but all the objects flattened out
# puckipedia but how would that work with updates? but then I realised, the object itself is signed too
# puckipedia well, we need to specify how to sign
# puckipedia saranix had the idea of also signing specific values from *inside* the object. but I personally think that's a bad idea
# puckipedia cwebber2: butthen we realised we can't do without :P
# puckipedia if you sign data from inside, you have to verify by unflattening the objects
# cwebber2 take a look at the nquads on http://dpaste.com/1ACY96B
# puckipedia hm. Can we somehow spec that out?
# puckipedia cwebber2: yes
# puckipedia well. one issue with that
# puckipedia as a server, if I deliver e.g. a Create activity, I want to embed the object inside, so the receiving server doesn't have to do another roundtrip
# puckipedia but then I have to sign the thing in total
# puckipedia but I would sign every object separately
# puckipedia jaywink: I unflatten to a depth of 3 always
# puckipedia cwebber2: maybe we can just specify you json-ld flatten it and sign each object? :)
# puckipedia but, hm
# saranix flatten objects https://ecogirlcosmoboy.files.wordpress.com/2011/05/monty-python-foot.jpg
# puckipedia yep!
# puckipedia and would you sign the object with the uris, or would you sign the payload?
# puckipedia if you sign the payload you can't pass it on
# saranix we sort of touched on this over the weekend
# saranix about assurance symantics
# saranix if you sign the object, you are assuring the object integrity, if you are signing the url, you are not
# ajordan saranix: would you be okay with https://github.com/w3c/activitypub/issues/246#issuecomment-316420431 as a resolution to the Collection size issue?
# saranix oh hmm, those comments are missing my later normative references about the Prefer: header
# saranix err informative i guess
# saranix ld-sigs group
# saranix I think. Will probably have to find it in the IRC logs, I don't think I have those windows open anymore
# puckipedia <saranix> if you sign the object, you are assuring the object integrity, if you are signing the url, you are not <- okay, hm
# puckipedia user A posts a note. user B posts a reply and signs it (including user A)
# puckipedia user C posts a reply to user B, and signs it (including user B's reply, which includes user A's reply, because signature)
# puckipedia etc etc etc.
# puckipedia now user ZZ gets the reply user ZY posts. does that mean it contains all the replies from A-ZY?
# puckipedia you can't remove any of the inReplyTo, because it breaks the signature
# saranix puckipedia: no, ZZ can have an object that inReplyTo is a url
# saranix "cut the chain yourself" <- this
# puckipedia saranix: but then user ZY can change the object, and trick you into replying something stupid
# saranix puckipedia: UI issue as discussed before
# saranix puckipedia: UI should convey what is and what isn't signed
# cwebber2 this is one reason that I started thinking about the append-only approach in http://dustycloud.org/blog/an-even-more-distributed-activitypub/
# puckipedia I mean more the DoSing by requiring the object to contain a million nested objects in order for the signature to be valid
# saranix yeah
# puckipedia . o O ( an object that refers itself, and you have to include it in itself for 100000 times for the signature to be valid )
# puckipedia it de-nests itself?
# puckipedia oh frick yep
# puckipedia I suddenly realised how n-quads look
# saranix ajordan: re: https://github.com/w3c/activitypub/issues/246#issuecomment-316420431 I was thinking we add something similar to https://www.w3.org/TR/ldp-paging/#ldpp-client-advertise but more specific to AP and less RDF
# saranix cwebber2: yeah, 2 seperate things though, the ldp-paging-style thing should be in the spec I think
# saranix cwebber2: so people at least know what a proper Prefer header looks like
# puckipedia wait, aren't -- oooooh
# puckipedia I SHOULD TRY THAT
# puckipedia I realised that was the thing I missed to get it properly into a database
# puckipedia really fast searching on any attribute
# puckipedia without being stuck to one database
# saranix yeah, you have to pretty much choose one
# saranix cwebber2: it does sort of... has xml AND json indexing :-)
# saranix more like DAG
# puckipedia create table elementName(id integer, name string); create table triples (subjectId integer, predicateId integer, object string);
# puckipedia sometrhing like that
# puckipedia cwebber2: well, I'm thinking how I could get it so I can look up anything incredibly fast
# puckipedia so now e.g. I can search for content by looking up the AS2 content id, then do select subjectId from triples where predicateId=contentId and object like '%puckipedia%';
# saranix pg rocks, it can handle anything :)
# puckipedia cwebber2: tbh my AS2 C# wrapper is incredibly inspired by triples
# puckipedia I mean, it's a map<string, list<string>>
# puckipedia approx
# saranix I feel like almost anything can be translated to-from a triple/quad
# saranix mostly aspies :-P
# saranix absolutely
# saranix I'm in the aspie is a difference not a disease camp. Like left-handedness.
# puckipedia hm. The biggest issue with JSON-LD is that it assumes everyone uses a weak typed language
# puckipedia I would like it if the JSON-LD api clearly indicates "a full inverse context looks like this:"
# saranix I'm still unclear on some things JSON-LD dictates about types. For example why an xsd#float isn't typed when normalizing but an xsd#datetime somehow is
# puckipedia because JSON has a float, but no datetime?
# saranix but if you look at xsd there is no semantics that state this
# saranix I guess? it's never really specified anywhere
# saranix json floats are kind of loosely defined as is
# saranix not even IEEE1194 or whatever
# saranix probably the wrong number
# puckipedia IEEE754?
# saranix yeah that sounds more right ;-)
# puckipedia oooh, I get how JSON-LD dose this
# puckipedia inverse context is a
{"iri": {"@container": {"@language": {}, "@type": {}}}
I think?# puckipedia cwebber2: in the compaction algorithm
# puckipedia I know! :)
# puckipedia the inverse context is just a map from iri -> container/type/language map
# puckipedia so that's me :P
# puckipedia json-ld.net is horrible as I mentioned before
# puckipedia I'm building a thing that works asynchronously
# puckipedia I could even make it defer processing until background, to get more @contexts
# puckipedia it can already process contexts and expand
# puckipedia the word 'language' looks weird now
# saranix puckipedia: so you are righting your own ld-sigs?
# puckipedia yes
# saranix cool
# puckipedia I'm first fixing up the JSON-LD parser I'm writing
# saranix oh know...the homonyms are coming out :-o
# puckipedia then I'll probably replace the current hacky AS2 parser with it
# saranix gah! my bank changed to a serif font and it hurts my eyes
# saranix 's AS2 parser just got n times more craptastic
# puckipedia " append the result of of using the IRI Compaction algorithm, passing"
# puckipedia of of? :P
# saranix Clear as mudd
# saranix I'm almost afraid to share my ideas with the crowd now
# cwebber2 saranix: puckipedia: https://github.com/w3c-dvcg/ld-signatures/issues/7 issue raised
# puckipedia cwebber2: good
# puckipedia wonder if it's really an issue in ld-signatures
# puckipedia tbh json-ld is made so that you can link these objects
# puckipedia so I guess it's kinda valid
# saranix I'll have to read it again when I'm not so hungry
# saranix actually no, I'm able to *ahem* digest ;-) it just fine...
# saranix I see a problem...
# saranix Eva's server did not store the object that was signed, that's eva's server's fault
# saranix of course the signature does not match
# saranix why even bother storing the signature at that point
# puckipedia saranix: You store the information needed to rebuild the document as it was signed
# saranix yeah, if you do, then there is no problem
# saranix then it didn't store the object. it only stored a representation and lost fidelity
# puckipedia cwebber2: not every. I would suggest storing only the list of objects that have to be expanded
# saranix that's a datastore problem
# puckipedia tbh, if you can't rebuild the signature, just return an id to the object instead
# saranix yeah
# puckipedia you know which objects have to be expanded. you verify if you store all the properties in the object
# puckipedia if you can't rebuild the signature for any child object that is embedded, or you don't store all the properties, you can't rebuild the signature
# saranix if you want to deconstruct the object, you can make it a lot of book-keeping. Or you can make it easy on yourself, store the signed object, in it's entirety, as json, even in a relational db.
# puckipedia I can imagine Mastodon might add a 'string signature' in the statuses table
# puckipedia they just determine beforehand 'can we rebuild this signature'. if it's possible, signature is set to the json of the signature
# saranix or if you could store a hash and check if your rebuilt matches the hash
# saranix I'll have to think about this some more though...
# saranix those are kind of sucky choices... eat up a lot of space in your db, or fetch a fresh copy...
# puckipedia saranix: if you pass an id and the other user also has an id, it's fine(TM)
# puckipedia
{type: Accept, object: {type: Bed}}
# saranix gnight
# saranix I just thought of a compaction algorithm... it's not great, but it could be good
# saranix something like
{ object: { fields:[], object: { fields:[], object: fields: [] } } }
# saranix store the json of that and use it to reconstruct properly
# saranix along with the sig
# saranix and the signed obj obviously
# saranix would also apply to target field too
# saranix if target is an obj and not an array
# saranix hmm... so json gzips pretty ok. :)
# saranix create table sigrebuild(sigid text, field text, depth int); <-- list of objects that need to be expanded for that sig
# saranix I wonder what vc will come up with...