#social 2017-07-20

2017-07-20 UTC
#
saranix seeing those actual example jsons really helps. I started writing up a followup example that adds to the issue... have to take a food break though
timbl and xmpp-social joined the channel
#
jaywink Why do you need to rebuild signatures for remote objects? Local objects you can always sign whenever, remote objects can be verified at the source. I think this is thought of a bit too complex.
#
jaywink You could store the original signature as is for remote objects, but then you must be sure to provide the object as it was received. Which probably would not always be possible.
#
jaywink But the reader can always fetch it at the source if they need to validate it.
#
@angusscown @michaelneale Hopefully better when the work to pull in the w3c standards is finished https://www.w3.org/TR/social-web-protocols/ (twitter.com/_/status/887958420187369474)
KjetilK joined the channel
#
cwebber2 so
#
cwebber2 I might have a good encoding scheme for reconstructing which properties should be expanded along with signature
#
cwebber2 guess I should write it up...
tantek joined the channel
#
saranix jaywink: the most desirable advantage of ldsig is the embed capability, so that sigs can be verified without fetch
dlongley joined the channel
#
ben_thatmustbeme looks at conversation backlog, blinks, and walks away
#
tantek !tell cwebber2 when is the next CG telcon? update /topic ?
#
Loqi Ok, I'll tell them that when I see them next
#
tantek saranix: we've discussed the use and (non)-requirement of tools at W3C in the past, and I wanted to bring back some work on that for your review and further input. Here's an ongoing wiki page listing various tools in use at W3C in various degrees: https://www.w3.org/wiki/AB/Tooling
#
tantek cwebber2, aaronpk ^^^ for you as well (though in quickly re-reading I'm now noticing that it's mssing CG / Mumble
#
tantek just added: https://www.w3.org/wiki/AB/Tooling#CG_tools
timbl joined the channel
#
saranix tantek: thx I'll check it out
#
tantek thanks
#
tantek all: since I think all CG members should have accounts to W3C wiki, please feel free to add other tools that the CG is explicitly using to get its work done. or you may also tell me and I can do the edits. either way no problem.
#
xmpp-social [ajordan] tantek: in theory everyone has access but I believe a number of people have run into problems similar to the ones I had a couple months ago
#
saranix is the create account thing fixed yet?
#
tantek ajordan: I can try to help with that too. If I'm not around I also encourage directly asking for help from the W3C Systems Team in #sysreq
#
tantek saying you're a member of the CG should be enough to help get you started with that
#
tantek has to run for now but will be back in a few hours
#
aaronpk yeah the password system is a nightmare but it'll work once you find the right combination of short password and number of special characters
#
cwebber2 does w3c's system fail sometimes with longer passwords?
#
Loqi cwebber2: tantek left you a message 52 minutes ago: when is the next CG telcon? update /topic ?
#
cwebber2 that might explain some things
#
aaronpk yeah, i can't remember the length but i had that problem when i was setting mine up
#
tantek thanks cwebber2
#
tantek regarding the previous "Follow" button conversation, there's a bunch of documented research here: https://indieweb.org/follow
#
tantek Does anyone have summary documentation of the "follow" vs. "reject" (and even "block") interactions that were mentioned here in chat the past few days week?
#
tantek I'd like to capture at least the state of current systems regarding that
#
cwebber2 tantek: added the wiki page too
#
tantek which one?
#
cwebber2 (I'm not very good at remembering to do that kind of stuff!)
#
cwebber2 tantek: added 07-26
#
cwebber2 next week's meeting stub
#
tantek oh sorry yea diff topic :)
#
cwebber2 heh :)
#
xmpp-social [ajordan] tantek: yeah it's unclear as to whether it's a problem with ACLs or just the wiki not handling "interesting" passwords. I've suggested a couple things to them, including asking in #sysreq if the rest doesn't work, but I don't know if they ever followed up
#
cwebber2 yeah I use a password manager so probably that explains why my password causes me trouble in some places
#
cwebber2 I guess I should retry.
#
xmpp-social [ajordan] Lol yeah I started with 128 characters with special characters, and kept trying to see if I could reduce it just a *bit*
#
cwebber2 hm, facebook's follow and friend are different?
#
xmpp-social [ajordan] But ended up with 16, no special chars :P
#
cwebber2 just a single bit? that's not even a full character! ;)
#
xmpp-social [ajordan] Hahahaha
#
Loqi awesome
#
xmpp-social [ajordan] Re: Facebook, yeah they're different
#
xmpp-social [ajordan] I've never really understood it
tantek joined the channel
#
cwebber2 so we *could* make following and a friend list type thing different
#
cwebber2 and I think that's what Evan was proposing, if we wanted ack/nack
#
cwebber2 though
#
cwebber2 I dunno, I wonder if it's really worth doing that?
#
aaronpk personally following and friending are completely different to me
#
aaronpk especially when you're talking about public content
#
cwebber2 Gargron: right now mastodon basically treats friending and following as equivalent for private accounts right?
#
cwebber2 aaronpk: we already have a distinction between to-public and to-followers though
#
cwebber2 you can already define something as to-followers and not to-public, or vice versa, though most people will usually do both for public content
#
cwebber2 I think right now Mastodon, for instance, allowes users some control over who's following them, but only for "locked accounts"
#
cwebber2 so followers-only posts acts like to-friends
#
cwebber2 see https://www.w3.org/TR/activitystreams-vocabulary/#modeling-friend-requests which was mentioned here https://github.com/w3c/activitypub/issues/244#issuecomment-316420126
#
cwebber2 this is what evan suggested we do instead of having following have an ack/nack
#
cwebber2 the cost of having an ack/nack doesn't seem very high to me though on following. it does introduce an intermediate state, that's true.
#
saranix many systems have discrete permissions for each.
#
saranix I would go so far as to even say it's common.
#
cwebber2 allowing for ack/nack is, in any case, more general
#
xmpp-social [ajordan] cwebber2: I also don't think we have time to iterate if we went with what Evan suggested
#
xmpp-social [ajordan] When I looked at that part of the spec it looked more like a framework for modeling stuff to me tbh
#
xmpp-social [ajordan] So I think we'd need to add a bunch of normative text for exactly how to do this and I don't think we'd get it right
#
cwebber2 ajordan: that's my feeling as well.
#
cwebber2 I feel like the Accept/Reject proposal is honestly pretty straightforward for followers/following and is needed
#
xmpp-social [ajordan] Yeah me too
#
xmpp-social [ajordan] Plus there's the problem with having two separate mechanisms as you mentioned on GitHub
#
cwebber2 yup
#
cwebber2 and I think if we don't do this
#
cwebber2 we're going to see two mechanisms both be used
#
cwebber2 and we'll have inconsistency
#
saranix 2 mechanisms?
#
xmpp-social [ajordan] Define "this"?
#
xmpp-social [ajordan] The accept/reject route?
#
cwebber2 yep
#
xmpp-social [ajordan] Right
#
cwebber2 saranix: 2 mechanisms are: 1) Follow action expects immediate acceptance of following, every time; it's just inferred
#
cwebber2 2) expect an explicit Accept/Reject
#
xmpp-social [ajordan] Brb, rebooting my phone
#
saranix under security I explained why it can't be *required* it forces an insecure mode
#
cwebber2 the behaviors for those two systems are different, though the first can be modeled on top of the second mostly by doing automatic Accept
#
cwebber2 saranix: I think I'm still not understanding your security issue :\
#
cwebber2 could you write out an example scenario?
#
cwebber2 User A does this, Server B does that, etc
#
cwebber2 demonstrate the attack
#
saranix it's a reflective attack. I explained in the etherpad
#
saranix more importantly, it's not a big deal for the UI to show that an accept/reject was never received. it's a UX issue and should definitely not be normative in the spec
#
cwebber2 https://github.com/w3c/activitypub/issues/245 ?
#
Loqi [strugee] #245 DoS to Security Considerations section
#
cwebber2 saranix: implementations can decide that, I'm considering how it's done from the UX perspective, but you and I don't need to discuss it
#
cwebber2 saranix: 245 addresses that right?
#
cwebber2 saranix: it seems that this problem is more general than just Accept/Reject though; you could DDOS AP servers generally with many kinds of activities (or even most servers with any kind of requests)
#
saranix yeah 245 addresses
#
cwebber2 saranix: ok cool
#
saranix probably is general
#
cwebber2 saranix: we'll get that in
#
xmpp-social [ajordan] cwebber2: I can plan on PR'ing that soon
#
cwebber2 thanks ajordan
#
cwebber2 btw in about an hour I'm going to go offline for the rest of the day so I can focus on the test suite.
#
cwebber2 so if I go nonresponsive, that's why.
#
cwebber2 right now I'm too distracted
#
saranix \o/ test suite!
#
cwebber2 reading a paper on IPFS :P
#
cwebber2 the paper is amazingly great btw
#
cwebber2 https://github.com/ipfs/ipfs/blob/master/papers/ipfs-cap2pfs/ipfs-p2p-file-system.pdf?raw=true
#
cwebber2 highly recommended; it's an easy read
#
saranix I read it once, I probably forgot 90% of it ;-)
#
xmpp-social [ajordan] https://github.com/w3c/activitypub/issues/245#issuecomment-316755274 thoughts?
#
Loqi [strugee] It seems to me that when we do this we should also mention that servers should ratelimit C2S interactions, because if they "blindly" pass through data then a malicious user could get their server on another server's blacklist for DoS problems.
#
xmpp-social [ajordan] I'm about to get on a plane too
#
cwebber2 I +1'ed both of your posts on that issue :)
#
xmpp-social [ajordan] ?
#
xmpp-social [ajordan] Good luck with the test suite btw!
#
cwebber2 thanks ajordan, enjoy your flight :)
#
xmpp-social [ajordan] Sure thing!
#
ben_thatmustbeme i think thing that is really a DoS issue at all for those
#
ben_thatmustbeme oh i see, if attacker sends a friend request pretending to be another server
#
ben_thatmustbeme i mean, it is an issue, but at least it doesn't fan out
#
cwebber2 you have to make checks for those already
#
ben_thatmustbeme for what?
#
ben_thatmustbeme faked source?
#
saranix technically I think nearly every software currently deployed is susceptible to the client overload thing... i.e. no one rate limits
#
xmpp-social [ajordan] ben_thatmustbeme: it's a confused deputy attack
#
xmpp-social [ajordan] In this case the "deputy" is the malicious user's server and it's a problem because said user can get the "deputy" blacklisted on other instances
#
xmpp-social [ajordan] So it's a DoS problem _for the deputy_
#
cwebber2 that's still true for nearly any activity though
#
cwebber2 Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like Like
#
ben_thatmustbeme ah, so its really a C2S rate limit issue, basically
#
xmpp-social [ajordan] cwebber2: yes, that's what I'm saying
#
ben_thatmustbeme but thats also not necessarily a bad thing, just a super busy user, look at all the twitter bots that automatically tweet, etc
#
xmpp-social [ajordan] Right but I mean if you're generating thousands per second
#
ben_thatmustbeme yeah, its more likley going to be a problem for the server they are connecting too
#
ben_thatmustbeme more than a problem for the other server
#
xmpp-social [ajordan] Lol yes that's my point
#
ben_thatmustbeme so its entirely just "rate limit C2S"
#
ben_thatmustbeme confused deputy (which is about privledge escalation, not this) has nothing to do with it
#
xmpp-social [ajordan] You need C2S rate limiting to a) avoid being overloaded yourself and b) to avoid overloading others so much that you trigger their S2S DoS protection
#
xmpp-social [ajordan] When I said "confused deputy" I meant b) although you're right that it's not a perfect description
#
ben_thatmustbeme well, no, b) is false
#
xmpp-social [ajordan] ?
#
ben_thatmustbeme i mean, yes, you want to rate limit S2S recieiving
#
ben_thatmustbeme but saying you have to watch S2S sending is rediculous
#
ben_thatmustbeme since you should be limiting at c2s
#
ben_thatmustbeme and if you are sending that much, you should be blocked, as you are not rate limiting c2s
#
ben_thatmustbeme if you rate limit s2s sending, you are going to have really bad UI, sorry, i can't send your friend request now, as i am talking to (other popular server) too much right now
#
saranix just throwing this out there: one way to do UX this is like cloud providers do with email-- you can only send x/hr as a new user unless you explain usecase to admin
#
xmpp-social [ajordan] ben_thatmustbeme: we're in agreement
#
xmpp-social [ajordan] C2S rate limiting solves b)
#
xmpp-social [ajordan] And that's what I was proposing
#
xmpp-social [ajordan] C2S only
#
xmpp-social [ajordan] I was only pointing out the problem
#
ben_thatmustbeme the two parts are rate limit c2s (receiving) in case of bad clients, and rate limit s2s (receiving) in case of bad servers
#
xmpp-social [ajordan] Yes
#
xmpp-social [ajordan] Agreed
#
ben_thatmustbeme arguably someone could just create thousands upon thousands of accounts on on system and then use multiple accounts to do the same, but thats also sort of outside of the spec of the scope
#
ben_thatmustbeme scope of the spec *
#
xmpp-social [ajordan] Lol
#
ben_thatmustbeme saranix, thats sort of tangental though, spec shouldn't define UX
#
saranix no, just throwing it out there
#
ben_thatmustbeme that is certainly a possibility though
tantek joined the channel
#
jaywink saranix: "the most desirable advantage of ldsig is the embed capability, so that sigs can be verified without fetch" <--- I would say the most desirable feature is verifying content :) But anyway, the point was, to bring something difficult into the spec, we might have to stop at some point. Simple is better than complex. I just feel the whole signatures discussion is taken on a way too complex path. Or
#
jaywink maybe I'm just mirroring existing experience with signatures where the simple, clear and easy to implement path has been taken.
#
saranix jaywink: "the most desirable feature is verifying content" <-- yes but ld-sigs allows embedding foreign objects, that's the advantage over say http-sigs
#
saranix but it is starting to look a little bit like verifying foreign content is a fairytale of sorts
#
jaywink if it can be done without making the spec and implementers life too complex. following the discussion it seems to be a very unclear topic :)
#
saranix I'm doing work on both fronts-- writing up the issues involved, and also a possible breakage scenario that I thought up, but I have to work through the json to see if it's true
#
jaywink btw, someone asked about facebook follow vs friend. Follow means "I follow your public content", Friend means "I requested friendship, you accept/deny". Follow doesn't even cause a notification AFAICR.
#
tantek yes
#
tantek I think follow *does* cause a notification but you can turn it off
#
jaywink could be
#
tantek that's what I remember, and it makes sense because it's a gentler gesture, and provides the followee the opportunity to "follow back" should they wish to do so, or perhaps even "upgrade" by responding with a friend request
#
jaywink would be nice if AP covered both easily. I guess the "auto-ack" can do done to allow a one-sided follow, if ack could be a requirement
#
tantek indeed. would be nice if we had a better understanding of what/which follow vs friend models / implied protocols were out there now so we have an idea of what they have in common vs differences
#
tantek nevermind what "should" be standardized which is entirely a different question, but hard to do a good job answering without first researching and documenting existing examples to see what user models are expected to be modeled by the plumbing underneath
#
jaywink facebook follow is basically the same as twitter follow. Diaspora has something that is a monster child in between. When you add a person to an aspect, you 1) follow the person and 2) share your limited content in that aspect. I think though they're planning on separating them, AFAICR.
#
tantek oh that *is* a confusing follow
#
tantek though sounds like G+ Circles
#
tantek I vaguely recall seeing notifcations like "personA added you to one or more of their circles"
#
tantek I have a feeling Diaspora modeled Aspects after G+ Circles but I could be mistaken
#
saranix you'd really be blown away by zot connection perms then :-P
#
tantek I remember d* happening in the temporal context of when G+ Circles were the new hotness
#
tantek IIRC G+ Circles have largely failed because no one likes to do explicit "circle maintenance"
#
saranix hubzilla can handle every combination mentioned so far, and 1000's more, you should really check it out
#
tantek I wonder if d* Aspects faired any better (in longterm use / maintenance)
#
tantek yikes no thanks. "1000's more" sounds like a nightmare of a UX
#
saranix some say
#
saranix I don't think so
#
saranix depends if you're a "nerd" I guess
#
tantek demonstrated consistently with UX/psych research per Pardox of Choice etc.
#
tantek *Paradox of Choice
#
saranix yeah... mac users will not be happy, linux users love it :-)
#
tantek heh
#
jaywink tantek: well, diaspora aspects came before google+ :)
#
jaywink but I agree about them and circles. For me it ended up in maintenance hell and now I just have one aspect for everybody :D
#
jaywink but maybe for some people that kind of contact management is useful for sure
#
tantek or seems to be at first
#
tantek and then the ongoing maintenance tax kicks in
#
tantek and eventually costs more than perceived utility
#
jaywink personally I post 99% public content anyway
#
tantek jaywink, thanks for the temporal correction re: d* aspects vs g+
#
tantek 2010 d* vs 2011 G+ I think?
#
tantek jaywink: while I agree with the commonality of the public content use-case, there are many "limited audience" use-cases that people seem to use FB for
#
tantek my understanding was d* aspects were an attempt to provide a viable alternative to FB limited audience posts in order to help encourage / make it easier for folks to use d* instead
#
tantek for those use-case
#
tantek s
#
jaywink tantek: yes d* came out 2010. And sure, I'm not saying limited audience use cases are not important. Just my personal preference is public use case :) Especially on Facebook, I'm quite sure (from following friends) that a large part or even a clear majority of posts are limited.
#
jaywink since often people communicate with friends and family mainly
#
tantek nods
#
cwebber2 that's a distinction I think getting caught up in this: "I want to subscribe to someone's public posts" vs "I want to subscribe to someone's public posts and their limited-audience posts"
#
cwebber2 having followers be both a limited audience distribution system and also the public notification system maybe is overloading, but
#
cwebber2 yeah I dunno.
#
tantek cwebber2: I dunno either (from a which UX is more desirable perspective), hence I'm trying to document (and ask for help documenting) the various existing models which have clearly been through some user-feedback/iteration and thus are worth seriously considering supporting with any protocol
#
jaywink for Socialhome I'm anyway going to implement contact lists which can be used for targeting private posts. Similar to aspects, but without the requirement of following the person you want to post to. In this case, in AP, it wouldn't be the followers list at all, but just a list of people. I think it makes more sense because sometimes you might want to post only to for example colleagues, sometimes friends,
#
jaywink sometimes all your contacts.
#
tantek If you have other suggested paths forward to better evidence-based understanding, I'm open to it
#
tantek jaywink - I agree with that asymmetry (may want to post to a limited set of folks, but not have to make follow decisions about each of them)
#
saranix {type: Follow, object: { type:Collection, name:PrivateCollection } } --- Reject/Accept
#
cwebber2 jaywink: basically have a default "friends" collection?
#
cwebber2 that users have set up by default?
#
jaywink how I see the AP followers list is "people who follow my public content"
#
saranix jaywink: I think that's what it says too
#
cwebber2 it doesn't say that's how it's used specifically
#
cwebber2 you can address to followers only and not public in AP
#
cwebber2 which actually maps to how mastodon and twitter accept some types of posts
#
jaywink yes, I just said what I think it means to me :P use cases could be very different
#
cwebber2 with the overloading of followers as also a "close friends" *and* "public subscription* thing
#
cwebber2 "public subscription"
#
cwebber2 I think that overloading is causing some of this rift
#
saranix I don't think it's an issue
#
tantek and overloading is present in every existing UX of these I know of
#
cwebber2 twitter's is super overloaded / confusing
#
tantek e.g. "friends" on FB by default also have permissions to post on your "wall"
#
saranix different implementations will be detectable from what's present in their requests
#
cwebber2 the distinction between locked accounts vs public accounts is a weird thing
#
tantek yup
#
cwebber2 mastodon basically can make use of all their distinctions using just public and followers but
#
jaywink it could be we're trying to lock some of the verbs and meanings in AS/AP too much into UX. the reality is, implemneters will be free to do their own interactions and business logic in their apps.
#
cwebber2 it requires an ack/nack on followers
#
cwebber2 and that followers is probably-overloaded
#
cwebber2 but
#
saranix jaywink: agreed
#
tantek cwebber2: attempts at documenting a few "private account" variants here: https://indieweb.org/private_account
#
tantek they all have things in common and differences
#
cwebber2 jaywink: well... I feel like I'd agree, though users might be surprised/annoyed that behavior is different between implementations
#
tantek more examples welcome on that page!
#
cwebber2 when there are different expectations
#
cwebber2 I don't think it's the end of the world thoug
#
cwebber2 h
#
jaywink cwebber2: but the point is you wont be able to control that with a protocol :)
#
tantek jaywink - agreed trying to minimize locking some of the meanings. however I think we have to explicitly design for flexibility at the protocol level to enable the various UX variants
#
cwebber2 jaywink: so what do you think of the accept/reject on follow?
#
tantek I don't know how to do that without documenting the UX variants first
#
jaywink tantek: sure, agreed
#
tantek because the theory / abstract approach is likely to lead to non-interop over designed complexity
#
saranix only helpful if you document ALL variants and make sure you don't miss any
#
jaywink cwebber2: I don't see a need for accept/Reject on a follow at all for my use cases, but I understand if someone does. Though currently I'm unsure how this would be different from a Friend request in AP. A friend request (in FB for example) is a special symmetrical relationship that grants special rights for both parties when accepted. A follow, even if accepted, to me just makes the other person follow
#
jaywink the other.
#
jaywink but if "ack" becomes a thing, for me that is ok, I would just make the software "auto-ack"
#
saranix and really, I think the expansive example in the AS2 spec is plenty
#
jaywink wishes he had time to hack some limited AP support into Socialhome to actually be able to contribute to these kind of discussions in more than just theory :P
#
saranix I've already made several changes in my app i'm building based on these discussions (well not the follow one, but others in the channel)
#
saranix but I've spent about 10 times as much time on IRC as I have coding :(
#
cwebber2 I've spent too much time talking in here myself this week
#
cwebber2 hey wasn't I gonna go offline? :)
#
cwebber2 does so
#
cwebber2 later, *
#
tantek "only helpful if you document ALL variants and make sure you don't miss any" <-- nope. any evidence is better than no evidence.
#
tantek jaywink++ for at embracing the spirit of selfdogfooding
#
Loqi jaywink has 7 karma
#
saranix tantek: not if you replace a standard that works for some uses cases that is then left out after you make changes because you missed it in your research
#
tantek hence you call for open contributions to the research
#
tantek and then iterate
#
tantek this is why w3c has periods of WD for wide review, of CR for implementation experience etc.
#
tantek it's why standards take time
#
tantek and if you miss it in a spec that goes to REC, you iterate on a new version. happens all the time
tantek, timbl and MMN-o joined the channel