#social 2017-07-20

2017-07-20 UTC
#
saranix
seeing those actual example jsons really helps. I started writing up a followup example that adds to the issue... have to take a food break though
timbl and xmpp-social joined the channel
#
jaywink
Why do you need to rebuild signatures for remote objects? Local objects you can always sign whenever, remote objects can be verified at the source. I think this is thought of a bit too complex.
#
jaywink
You could store the original signature as is for remote objects, but then you must be sure to provide the object as it was received. Which probably would not always be possible.
#
jaywink
But the reader can always fetch it at the source if they need to validate it.
#
@angusscown
@michaelneale Hopefully better when the work to pull in the w3c standards is finished https://www.w3.org/TR/social-web-protocols/
(twitter.com/_/status/887958420187369474)
KjetilK joined the channel
#
cwebber2
I might have a good encoding scheme for reconstructing which properties should be expanded along with signature
#
cwebber2
guess I should write it up...
tantek joined the channel
#
saranix
jaywink: the most desirable advantage of ldsig is the embed capability, so that sigs can be verified without fetch
dlongley joined the channel
#
ben_thatmustbeme
looks at conversation backlog, blinks, and walks away
#
tantek
!tell cwebber2 when is the next CG telcon? update /topic ?
#
Loqi
Ok, I'll tell them that when I see them next
#
tantek
saranix: we've discussed the use and (non)-requirement of tools at W3C in the past, and I wanted to bring back some work on that for your review and further input. Here's an ongoing wiki page listing various tools in use at W3C in various degrees: https://www.w3.org/wiki/AB/Tooling
#
tantek
cwebber2, aaronpk ^^^ for you as well (though in quickly re-reading I'm now noticing that it's mssing CG / Mumble
timbl joined the channel
#
saranix
tantek: thx I'll check it out
#
tantek
thanks
#
tantek
all: since I think all CG members should have accounts to W3C wiki, please feel free to add other tools that the CG is explicitly using to get its work done. or you may also tell me and I can do the edits. either way no problem.
#
xmpp-social
[ajordan] tantek: in theory everyone has access but I believe a number of people have run into problems similar to the ones I had a couple months ago
#
saranix
is the create account thing fixed yet?
#
tantek
ajordan: I can try to help with that too. If I'm not around I also encourage directly asking for help from the W3C Systems Team in #sysreq
#
tantek
saying you're a member of the CG should be enough to help get you started with that
#
tantek
has to run for now but will be back in a few hours
#
aaronpk
yeah the password system is a nightmare but it'll work once you find the right combination of short password and number of special characters
#
cwebber2
does w3c's system fail sometimes with longer passwords?
#
Loqi
cwebber2: tantek left you a message 52 minutes ago: when is the next CG telcon? update /topic ?
#
cwebber2
that might explain some things
#
aaronpk
yeah, i can't remember the length but i had that problem when i was setting mine up
#
tantek
thanks cwebber2
#
tantek
regarding the previous "Follow" button conversation, there's a bunch of documented research here: https://indieweb.org/follow
#
tantek
Does anyone have summary documentation of the "follow" vs. "reject" (and even "block") interactions that were mentioned here in chat the past few days week?
#
tantek
I'd like to capture at least the state of current systems regarding that
#
cwebber2
tantek: added the wiki page too
#
tantek
which one?
#
cwebber2
(I'm not very good at remembering to do that kind of stuff!)
#
cwebber2
tantek: added 07-26
#
cwebber2
next week's meeting stub
#
tantek
oh sorry yea diff topic :)
#
xmpp-social
[ajordan] tantek: yeah it's unclear as to whether it's a problem with ACLs or just the wiki not handling "interesting" passwords. I've suggested a couple things to them, including asking in #sysreq if the rest doesn't work, but I don't know if they ever followed up
#
cwebber2
yeah I use a password manager so probably that explains why my password causes me trouble in some places
#
cwebber2
I guess I should retry.
#
xmpp-social
[ajordan] Lol yeah I started with 128 characters with special characters, and kept trying to see if I could reduce it just a *bit*
#
cwebber2
hm, facebook's follow and friend are different?
#
xmpp-social
[ajordan] But ended up with 16, no special chars :P
#
cwebber2
just a single bit? that's not even a full character! ;)
#
xmpp-social
[ajordan] Hahahaha
#
Loqi
awesome
#
xmpp-social
[ajordan] Re: Facebook, yeah they're different
#
xmpp-social
[ajordan] I've never really understood it
tantek joined the channel
#
cwebber2
so we *could* make following and a friend list type thing different
#
cwebber2
and I think that's what Evan was proposing, if we wanted ack/nack
#
cwebber2
I dunno, I wonder if it's really worth doing that?
#
aaronpk
personally following and friending are completely different to me
#
aaronpk
especially when you're talking about public content
#
cwebber2
Gargron: right now mastodon basically treats friending and following as equivalent for private accounts right?
#
cwebber2
aaronpk: we already have a distinction between to-public and to-followers though
#
cwebber2
you can already define something as to-followers and not to-public, or vice versa, though most people will usually do both for public content
#
cwebber2
I think right now Mastodon, for instance, allowes users some control over who's following them, but only for "locked accounts"
#
cwebber2
so followers-only posts acts like to-friends
#
cwebber2
this is what evan suggested we do instead of having following have an ack/nack
#
cwebber2
the cost of having an ack/nack doesn't seem very high to me though on following. it does introduce an intermediate state, that's true.
#
saranix
many systems have discrete permissions for each.
#
saranix
I would go so far as to even say it's common.
#
cwebber2
allowing for ack/nack is, in any case, more general
#
xmpp-social
[ajordan] cwebber2: I also don't think we have time to iterate if we went with what Evan suggested
#
xmpp-social
[ajordan] When I looked at that part of the spec it looked more like a framework for modeling stuff to me tbh
#
xmpp-social
[ajordan] So I think we'd need to add a bunch of normative text for exactly how to do this and I don't think we'd get it right
#
cwebber2
ajordan: that's my feeling as well.
#
cwebber2
I feel like the Accept/Reject proposal is honestly pretty straightforward for followers/following and is needed
#
xmpp-social
[ajordan] Yeah me too
#
xmpp-social
[ajordan] Plus there's the problem with having two separate mechanisms as you mentioned on GitHub
#
cwebber2
and I think if we don't do this
#
cwebber2
we're going to see two mechanisms both be used
#
cwebber2
and we'll have inconsistency
#
saranix
2 mechanisms?
#
xmpp-social
[ajordan] Define "this"?
#
xmpp-social
[ajordan] The accept/reject route?
#
xmpp-social
[ajordan] Right
#
cwebber2
saranix: 2 mechanisms are: 1) Follow action expects immediate acceptance of following, every time; it's just inferred
#
cwebber2
2) expect an explicit Accept/Reject
#
xmpp-social
[ajordan] Brb, rebooting my phone
#
saranix
under security I explained why it can't be *required* it forces an insecure mode
#
cwebber2
the behaviors for those two systems are different, though the first can be modeled on top of the second mostly by doing automatic Accept
#
cwebber2
saranix: I think I'm still not understanding your security issue :\
#
cwebber2
could you write out an example scenario?
#
cwebber2
User A does this, Server B does that, etc
#
cwebber2
demonstrate the attack
#
saranix
it's a reflective attack. I explained in the etherpad
#
saranix
more importantly, it's not a big deal for the UI to show that an accept/reject was never received. it's a UX issue and should definitely not be normative in the spec
#
Loqi
[strugee] #245 DoS to Security Considerations section
#
cwebber2
saranix: implementations can decide that, I'm considering how it's done from the UX perspective, but you and I don't need to discuss it
#
cwebber2
saranix: 245 addresses that right?
#
cwebber2
saranix: it seems that this problem is more general than just Accept/Reject though; you could DDOS AP servers generally with many kinds of activities (or even most servers with any kind of requests)
#
saranix
yeah 245 addresses
#
cwebber2
saranix: ok cool
#
saranix
probably is general
#
cwebber2
saranix: we'll get that in
#
xmpp-social
[ajordan] cwebber2: I can plan on PR'ing that soon
#
cwebber2
thanks ajordan
#
cwebber2
btw in about an hour I'm going to go offline for the rest of the day so I can focus on the test suite.
#
cwebber2
so if I go nonresponsive, that's why.
#
cwebber2
right now I'm too distracted
#
saranix
\o/ test suite!
#
cwebber2
reading a paper on IPFS :P
#
cwebber2
the paper is amazingly great btw
#
cwebber2
highly recommended; it's an easy read
#
saranix
I read it once, I probably forgot 90% of it ;-)
#
Loqi
[strugee] It seems to me that when we do this we should also mention that servers should ratelimit C2S interactions, because if they "blindly" pass through data then a malicious user could get their server on another server's blacklist for DoS problems.
#
xmpp-social
[ajordan] I'm about to get on a plane too
#
cwebber2
I +1'ed both of your posts on that issue :)
#
xmpp-social
[ajordan] ?
#
xmpp-social
[ajordan] Good luck with the test suite btw!
#
cwebber2
thanks ajordan, enjoy your flight :)
#
xmpp-social
[ajordan] Sure thing!
#
ben_thatmustbeme
i think thing that is really a DoS issue at all for those
#
ben_thatmustbeme
oh i see, if attacker sends a friend request pretending to be another server
#
ben_thatmustbeme
i mean, it is an issue, but at least it doesn't fan out
#
cwebber2
you have to make checks for those already
#
ben_thatmustbeme
faked source?
#
saranix
technically I think nearly every software currently deployed is susceptible to the client overload thing... i.e. no one rate limits
#
xmpp-social
[ajordan] ben_thatmustbeme: it's a confused deputy attack
#
xmpp-social
[ajordan] In this case the "deputy" is the malicious user's server and it's a problem because said user can get the "deputy" blacklisted on other instances
#
xmpp-social
[ajordan] So it's a DoS problem _for the deputy_
#
cwebber2
that's still true for nearly any activity though
#
cwebber2
Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like
#
ben_thatmustbeme
ah, so its really a C2S rate limit issue, basically
#
xmpp-social
[ajordan] cwebber2: yes, that's what I'm saying
#
ben_thatmustbeme
but thats also not necessarily a bad thing, just a super busy user, look at all the twitter bots that automatically tweet, etc
#
xmpp-social
[ajordan] Right but I mean if you're generating thousands per second
#
ben_thatmustbeme
yeah, its more likley going to be a problem for the server they are connecting too
#
ben_thatmustbeme
more than a problem for the other server
#
xmpp-social
[ajordan] Lol yes that's my point
#
ben_thatmustbeme
so its entirely just "rate limit C2S"
#
ben_thatmustbeme
confused deputy (which is about privledge escalation, not this) has nothing to do with it
#
xmpp-social
[ajordan] You need C2S rate limiting to a) avoid being overloaded yourself and b) to avoid overloading others so much that you trigger their S2S DoS protection
#
xmpp-social
[ajordan] When I said "confused deputy" I meant b) although you're right that it's not a perfect description
#
ben_thatmustbeme
well, no, b) is false
#
xmpp-social
[ajordan] ?
#
ben_thatmustbeme
i mean, yes, you want to rate limit S2S recieiving
#
ben_thatmustbeme
but saying you have to watch S2S sending is rediculous
#
ben_thatmustbeme
since you should be limiting at c2s
#
ben_thatmustbeme
and if you are sending that much, you should be blocked, as you are not rate limiting c2s
#
ben_thatmustbeme
if you rate limit s2s sending, you are going to have really bad UI, sorry, i can't send your friend request now, as i am talking to (other popular server) too much right now
#
saranix
just throwing this out there: one way to do UX this is like cloud providers do with email-- you can only send x/hr as a new user unless you explain usecase to admin
#
xmpp-social
[ajordan] ben_thatmustbeme: we're in agreement
#
xmpp-social
[ajordan] C2S rate limiting solves b)
#
xmpp-social
[ajordan] And that's what I was proposing
#
xmpp-social
[ajordan] C2S only
#
xmpp-social
[ajordan] I was only pointing out the problem
#
ben_thatmustbeme
the two parts are rate limit c2s (receiving) in case of bad clients, and rate limit s2s (receiving) in case of bad servers
#
xmpp-social
[ajordan] Yes
#
xmpp-social
[ajordan] Agreed
#
ben_thatmustbeme
arguably someone could just create thousands upon thousands of accounts on on system and then use multiple accounts to do the same, but thats also sort of outside of the spec of the scope
#
ben_thatmustbeme
scope of the spec *
#
xmpp-social
[ajordan] Lol
#
ben_thatmustbeme
saranix, thats sort of tangental though, spec shouldn't define UX
#
saranix
no, just throwing it out there
#
ben_thatmustbeme
that is certainly a possibility though
tantek joined the channel
#
jaywink
saranix: "the most desirable advantage of ldsig is the embed capability, so that sigs can be verified without fetch" <--- I would say the most desirable feature is verifying content :) But anyway, the point was, to bring something difficult into the spec, we might have to stop at some point. Simple is better than complex. I just feel the whole signatures discussion is taken on a way too complex path. Or
#
jaywink
maybe I'm just mirroring existing experience with signatures where the simple, clear and easy to implement path has been taken.
#
saranix
jaywink: "the most desirable feature is verifying content" <-- yes but ld-sigs allows embedding foreign objects, that's the advantage over say http-sigs
#
saranix
but it is starting to look a little bit like verifying foreign content is a fairytale of sorts
#
jaywink
if it can be done without making the spec and implementers life too complex. following the discussion it seems to be a very unclear topic :)
#
saranix
I'm doing work on both fronts-- writing up the issues involved, and also a possible breakage scenario that I thought up, but I have to work through the json to see if it's true
#
jaywink
btw, someone asked about facebook follow vs friend. Follow means "I follow your public content", Friend means "I requested friendship, you accept/deny". Follow doesn't even cause a notification AFAICR.
#
tantek
I think follow *does* cause a notification but you can turn it off
#
jaywink
could be
#
tantek
that's what I remember, and it makes sense because it's a gentler gesture, and provides the followee the opportunity to "follow back" should they wish to do so, or perhaps even "upgrade" by responding with a friend request
#
jaywink
would be nice if AP covered both easily. I guess the "auto-ack" can do done to allow a one-sided follow, if ack could be a requirement
#
tantek
indeed. would be nice if we had a better understanding of what/which follow vs friend models / implied protocols were out there now so we have an idea of what they have in common vs differences
#
tantek
nevermind what "should" be standardized which is entirely a different question, but hard to do a good job answering without first researching and documenting existing examples to see what user models are expected to be modeled by the plumbing underneath
#
jaywink
facebook follow is basically the same as twitter follow. Diaspora has something that is a monster child in between. When you add a person to an aspect, you 1) follow the person and 2) share your limited content in that aspect. I think though they're planning on separating them, AFAICR.
#
tantek
oh that *is* a confusing follow
#
tantek
though sounds like G+ Circles
#
tantek
I vaguely recall seeing notifcations like "personA added you to one or more of their circles"
#
tantek
I have a feeling Diaspora modeled Aspects after G+ Circles but I could be mistaken
#
saranix
you'd really be blown away by zot connection perms then :-P
#
tantek
I remember d* happening in the temporal context of when G+ Circles were the new hotness
#
tantek
IIRC G+ Circles have largely failed because no one likes to do explicit "circle maintenance"
#
saranix
hubzilla can handle every combination mentioned so far, and 1000's more, you should really check it out
#
tantek
I wonder if d* Aspects faired any better (in longterm use / maintenance)
#
tantek
yikes no thanks. "1000's more" sounds like a nightmare of a UX
#
saranix
some say
#
saranix
I don't think so
#
saranix
depends if you're a "nerd" I guess
#
tantek
demonstrated consistently with UX/psych research per Pardox of Choice etc.
#
tantek
*Paradox of Choice
#
saranix
yeah... mac users will not be happy, linux users love it :-)
#
jaywink
tantek: well, diaspora aspects came before google+ :)
#
jaywink
but I agree about them and circles. For me it ended up in maintenance hell and now I just have one aspect for everybody :D
#
jaywink
but maybe for some people that kind of contact management is useful for sure
#
tantek
or seems to be at first
#
tantek
and then the ongoing maintenance tax kicks in
#
tantek
and eventually costs more than perceived utility
#
jaywink
personally I post 99% public content anyway
#
tantek
jaywink, thanks for the temporal correction re: d* aspects vs g+
#
tantek
2010 d* vs 2011 G+ I think?
#
tantek
jaywink: while I agree with the commonality of the public content use-case, there are many "limited audience" use-cases that people seem to use FB for
#
tantek
my understanding was d* aspects were an attempt to provide a viable alternative to FB limited audience posts in order to help encourage / make it easier for folks to use d* instead
#
tantek
for those use-case
#
jaywink
tantek: yes d* came out 2010. And sure, I'm not saying limited audience use cases are not important. Just my personal preference is public use case :) Especially on Facebook, I'm quite sure (from following friends) that a large part or even a clear majority of posts are limited.
#
jaywink
since often people communicate with friends and family mainly
#
cwebber2
that's a distinction I think getting caught up in this: "I want to subscribe to someone's public posts" vs "I want to subscribe to someone's public posts and their limited-audience posts"
#
cwebber2
having followers be both a limited audience distribution system and also the public notification system maybe is overloading, but
#
cwebber2
yeah I dunno.
#
tantek
cwebber2: I dunno either (from a which UX is more desirable perspective), hence I'm trying to document (and ask for help documenting) the various existing models which have clearly been through some user-feedback/iteration and thus are worth seriously considering supporting with any protocol
#
jaywink
for Socialhome I'm anyway going to implement contact lists which can be used for targeting private posts. Similar to aspects, but without the requirement of following the person you want to post to. In this case, in AP, it wouldn't be the followers list at all, but just a list of people. I think it makes more sense because sometimes you might want to post only to for example colleagues, sometimes friends,
#
jaywink
sometimes all your contacts.
#
tantek
If you have other suggested paths forward to better evidence-based understanding, I'm open to it
#
tantek
jaywink - I agree with that asymmetry (may want to post to a limited set of folks, but not have to make follow decisions about each of them)
#
saranix
{type: Follow, object: { type:Collection, name:PrivateCollection } } --- Reject/Accept
#
cwebber2
jaywink: basically have a default "friends" collection?
#
cwebber2
that users have set up by default?
#
jaywink
how I see the AP followers list is "people who follow my public content"
#
saranix
jaywink: I think that's what it says too
#
cwebber2
it doesn't say that's how it's used specifically
#
cwebber2
you can address to followers only and not public in AP
#
cwebber2
which actually maps to how mastodon and twitter accept some types of posts
#
jaywink
yes, I just said what I think it means to me :P use cases could be very different
#
cwebber2
with the overloading of followers as also a "close friends" *and* "public subscription* thing
#
cwebber2
"public subscription"
#
cwebber2
I think that overloading is causing some of this rift
#
saranix
I don't think it's an issue
#
tantek
and overloading is present in every existing UX of these I know of
#
cwebber2
twitter's is super overloaded / confusing
#
tantek
e.g. "friends" on FB by default also have permissions to post on your "wall"
#
saranix
different implementations will be detectable from what's present in their requests
#
cwebber2
the distinction between locked accounts vs public accounts is a weird thing
#
cwebber2
mastodon basically can make use of all their distinctions using just public and followers but
#
jaywink
it could be we're trying to lock some of the verbs and meanings in AS/AP too much into UX. the reality is, implemneters will be free to do their own interactions and business logic in their apps.
#
cwebber2
it requires an ack/nack on followers
#
cwebber2
and that followers is probably-overloaded
#
saranix
jaywink: agreed
#
tantek
cwebber2: attempts at documenting a few "private account" variants here: https://indieweb.org/private_account
#
tantek
they all have things in common and differences
#
cwebber2
jaywink: well... I feel like I'd agree, though users might be surprised/annoyed that behavior is different between implementations
#
tantek
more examples welcome on that page!
#
cwebber2
when there are different expectations
#
cwebber2
I don't think it's the end of the world thoug
#
jaywink
cwebber2: but the point is you wont be able to control that with a protocol :)
#
tantek
jaywink - agreed trying to minimize locking some of the meanings. however I think we have to explicitly design for flexibility at the protocol level to enable the various UX variants
#
cwebber2
jaywink: so what do you think of the accept/reject on follow?
#
tantek
I don't know how to do that without documenting the UX variants first
#
jaywink
tantek: sure, agreed
#
tantek
because the theory / abstract approach is likely to lead to non-interop over designed complexity
#
saranix
only helpful if you document ALL variants and make sure you don't miss any
#
jaywink
cwebber2: I don't see a need for accept/Reject on a follow at all for my use cases, but I understand if someone does. Though currently I'm unsure how this would be different from a Friend request in AP. A friend request (in FB for example) is a special symmetrical relationship that grants special rights for both parties when accepted. A follow, even if accepted, to me just makes the other person follow
#
jaywink
the other.
#
jaywink
but if "ack" becomes a thing, for me that is ok, I would just make the software "auto-ack"
#
saranix
and really, I think the expansive example in the AS2 spec is plenty
#
jaywink
wishes he had time to hack some limited AP support into Socialhome to actually be able to contribute to these kind of discussions in more than just theory :P
#
saranix
I've already made several changes in my app i'm building based on these discussions (well not the follow one, but others in the channel)
#
saranix
but I've spent about 10 times as much time on IRC as I have coding :(
#
cwebber2
I've spent too much time talking in here myself this week
#
cwebber2
hey wasn't I gonna go offline? :)
#
cwebber2
does so
#
cwebber2
later, *
#
tantek
"only helpful if you document ALL variants and make sure you don't miss any" <-- nope. any evidence is better than no evidence.
#
tantek
jaywink++ for at embracing the spirit of selfdogfooding
#
Loqi
jaywink has 7 karma
#
saranix
tantek: not if you replace a standard that works for some uses cases that is then left out after you make changes because you missed it in your research
#
tantek
hence you call for open contributions to the research
#
tantek
and then iterate
#
tantek
this is why w3c has periods of WD for wide review, of CR for implementation experience etc.
#
tantek
it's why standards take time
#
tantek
and if you miss it in a spec that goes to REC, you iterate on a new version. happens all the time
tantek, timbl and MMN-o joined the channel