#social 2017-09-02

2017-09-02 UTC
JanKusanagi and sandro joined the channel
#
sandro catching up on as:locked discussion....
#
sandro My main thoughts:
#
sandro 1. We clearly need an initial policy for adding terms to the namespace asap. The policy probably does need some waiting/comment period before anything going in which might have backward compatibility issues - eg anything used in a Mastodon release
#
sandro 2. Having something like as:locked sounds like it makes sense, but I think it probably ought to have a name that explains what it is, and isn't likely to mean anything else. in the context of 'activity streams' "locked" could mean a lot of different things. Maybe as:followersMustBeApproved or something like that?
#
cwebber2 as:approvesFollowers
#
cwebber2 ?
#
sandro I suppose -- it's a boolean property of an actor?
#
cwebber2 looks like it
#
cwebber2 Gargron: ^^
#
sandro It's slightly odd / problematic modeling in RDF, because it kind of uses defaults. If it's missing, it mean false, I guess? RDF should generally be written so that missing triples are just unknowns, not something different.
#
sandro I guess I'm lost on the meaning of 'locked' somewhere between the UI and the protocol. What different code paths happen when I click 'Follow' on a locked and unlocked account? In either case, a request goes to the to-be-followed user's server and at some point it replies...
#
cwebber2 in this case, it's more for a visual indicator than a promise
#
cwebber2 sandro: the maning "locked" here is borrowed from twitter
#
cwebber2 it's not a very good term
#
cwebber2 IMO
#
cwebber2 so I think that as:approvesFollowers is clearer
#
sandro But really the semantics are to indicate to the user that typically approval takes minutes/days and might not happen, vs will probably happen within milliseconds. But even with approvesFollowers=false, actually every follower has to be approved by the followed-user's server, and with it true, there might be a rule to approves you in milliseconds.
#
sandro (I'm just poking at the edge-case semantics.)
#
sandro One *could* separate those, into slow-approval and conditional-approval.
#
cwebber2 right
#
cwebber2 it's more of a UI indicator than anything
#
cwebber2 so we need to indicate that in the text
#
sandro Maybe the most pointed question is what happens when it's NOT marked approvesFollowers and yet still takes a long time and/or fails. Is it important the protocol/software wise this flag is ignored? it's only advise, not anything crisp.
#
cwebber2 yes
#
sandro as:manuallyApprovesFollowers : when TRUE, conveys that for this actor, follow requests are not usually automatically approved, but instead are examined by a person who may accept or reject the request eventually. Setting of FALSE conveys no information and may be ignored.
#
cwebber2 sandro: I like that
#
cwebber2 sandro: want to put that on the extensions page?
#
cwebber2 Gargron: are you willing to switch to that?
#
sandro + This information is typically used to affect display of accounts, such as showing an account as private or locked.
#
sandro One hopes he's asleep at 4am :-)
#
cwebber2 as long as we aren't seeing a 4am release I think it's okay to be bumped to tomorrow ;)
#
sandro Going back to the namespace question, the issue is how much notice do we need to give the world before giving away a little bit of the namespace like this. I feel much more comfortable giving away a term like as:manuallyApprovesFollowers than as:locked without extensive review, but I don't know how to quantify that.
#
cwebber2 sandro: I think probably the reason for your gutfeel there is as:locked is ambiguous and you can imagine a bunch of locking things whereas as:manuallyApprovesFollowers is very clear and unlikely to collide
#
cwebber2 but I don't think that means we should push for verbose properties as a lesson from that ;)
#
sandro No, just ones that are unlikely to be used to mean anything else. Properties no one else would want, as it were.
#
sandro which mean they will tend to be long, I expect. When I first tried to make the URI scheme that became tag: I called it tann: because I didn't want it to be contested real-estate. At the time, in that process, that turned out not to be what mattered.
#
sandro https://www.w3.org/2001/02/tann/
#
sandro I'm reading the relevant RFCs about how IETF runs these registries
#
sandro Added to extension page, https://www.w3.org/wiki/Activity_Streams_extensions#as:manuallyApprovesFollowers
#
sandro Reminaing questions:
#
sandro 1. how do we decide these are "approved"
#
sandro 2. at what point do they go in the namespace document
#
sandro 3. in what way is their status reflected in the document
#
cwebber2 all good questions
#
sandro 4. What linguistic style to use. The three current extensions are all over the map. Ideally they would all have examples, etc.
#
cwebber2 5. should we have a versioned context that includes all these extensions? maybe it should actually be an AP versioned context, or alternately it could be https://www.w3.org/ns/activitystreams/v1 etc
#
Loqi [Amy Guy] ActivityStreams 2.0 Terms
#
sandro 5. Can we reasonably do this quickly enough to not be slowing Eugen down too much
#
cwebber2 where https://www.w3.org/ns/activitystreams contains the "full current" context
#
Loqi [Amy Guy] ActivityStreams 2.0 Terms
#
sandro My understanding is versioning of namespaces never works. Have you ever heard of a case where it did?
#
cwebber2 sandro: I'm not suggesting versioning the *namespace*
#
cwebber2 but rather the *context*
#
cwebber2 versioned contexts can still point to the same terms
#
sandro ohhh, so making them be different strings.....
#
cwebber2 yep
#
cwebber2 so as we add things
#
sandro but that'
#
sandro but that's not what the AS2 spec says to do. It says they must be the same string, doesnt it?
#
cwebber2 wait, don't know what you mean
#
sandro eh, never mind, key point is:
#
cwebber2 something in activitystreams/v1 *context* will still point to activitystreams
#
cwebber2 the point here is to make sure you don't have the invalid signatures problem caused by append-only mutation
#
sandro Spec says: Implementations producing Activity Streams 2.0 documents SHOULD include a @context property with a value that includes a reference to the normative Activity Streams 2.0 JSON-LD @context definition using the URL " https://www.w3.org/ns/activitystreams".
#
Loqi [Amy Guy] ActivityStreams 2.0 Terms
#
cwebber2 yeah
#
cwebber2 that does make it wonky a bit
#
cwebber2 it could be that that reflects AS2 core
#
cwebber2 but we could even have an AP versioned context if that makes it less awkward
#
sandro was that the answer from the ld-sig folks? Never change the bytes at a context URL, mint a new URL?
#
cwebber2 I'm just thinking about how to get around the signature mutation problem invalidating signatures etc
#
cwebber2 sandro: effectively yeah... https://github.com/w3c-dvcg/ld-signatures/issues/9
#
Loqi [cwebber] #9 LD Signatures and json-ld contexts which grow
#
cwebber2 look at Manu's response
#
sandro Kinda skimmed it, but he seems to be saying adding is fine, as I'd expect, so ... what would you gain by versioning?
#
cwebber2 no adding creates problems, and here's how
#
cwebber2 say Mastodon released an initial version of AP that used only the AS2 core terms, no extensions, and has https://www.w3.org/ns/activitystreams cached
#
Loqi [Amy Guy] ActivityStreams 2.0 Terms
#
cwebber2 right?
#
cwebber2 now a new version comes out
#
cwebber2 and it uses sensitive
#
cwebber2 it fires the documents with signatures on sensitive over the wire to the old instances
#
cwebber2 and they don't recognize sensitive, it isn't in their context
#
cwebber2 so the signature fails
#
cwebber2 so you don't want to version vocabulary, but you do want to version contexts IIUC
#
sandro But I think versioning would fail in exactly the same way. By the time the LDS algo is run, the @context processing is long over.
#
cwebber2 in the versioned scenario it does not fail
#
cwebber2 say they instead had (bear with me on the url, not saying it would be this) https://www.w3.org/ns/activitystreams/context/v1
#
Loqi [Amy Guy] ActivityStreams 2.0 Terms
#
cwebber2 now the new version comes out and has https://www.w3.org/ns/activitystreams/context/v2
#
Loqi [Amy Guy] ActivityStreams 2.0 Terms
#
sandro actually ---- in the versioned schenario it fails when it hits the @context line and see the value is not what it's expecting.
#
cwebber2 so the old instances would say "hm... I don't have that context, guess I have to fetch and cache it"
#
sandro Ah, I see. Yes.
#
sandro By putting the version in the URL, you can always cache forever.
#
cwebber2 yep
#
sandro and fetch at most once.
#
cwebber2 I'm not wild about this in some ways
#
cwebber2 it's much more complicated
#
sandro Might as well use the SHA256 as the URL then
#
cwebber2 but it does seem like the right thing
#
cwebber2 sandro: aha! yup
#
cwebber2 so in my post I said somewhat jokingly "if we content-address-stored the context we wouldn't hit this problem"
#
sandro For super convenience, I suppose we could fetch them from github with its sha1 ids
#
cwebber2 "but that's futuristic space technology to most but we can't really do that"
#
cwebber2 but apparently that's in progress
#
cwebber2 but I don't expect that to be accessible tech in the near term
#
cwebber2 sandro: so one way we *could* do it
#
sandro this is the trick that jquery did for itself, and every js library since then
#
cwebber2 https://www.w3.org/ns/activitystreams/context/v1/b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
#
Loqi [Amy Guy] ActivityStreams 2.0 Terms
#
cwebber2 put the sha256 in the url but still use traditional https
#
cwebber2 that solves both things, and prevents needing an incrementally increasing version
#
cwebber2 we can instead just issue a new sha'ed context every time we add a new term
#
cwebber2 oops
#
cwebber2 sorry
#
cwebber2 https://www.w3.org/ns/activitystreams/context/b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
#
Loqi [Amy Guy] ActivityStreams 2.0 Terms
#
cwebber2 there was no need for the /v1
#
sandro How about https://www.w3.org/ns/activitystreams&version=1.7 or https://www.w3.org/ns/activitystreams&sha256=17b2ffec941a63916ef621efdc4820672637ed9b22738586fe836bf7510e64da
#
sandro never mind
#
cwebber2 wouldn't it be ?sha256=
#
sandro I meant ? not & but that's bad
#
cwebber2 heh
#
cwebber2 yeah I think it would be better to have it just be part of the path
#
sandro https://www.w3.org/ns/activitystreams/v1.3 I think
#
Loqi [Amy Guy] ActivityStreams 2.0 Terms
#
cwebber2 sandro: wai u no like my super long urls
#
sandro and/or hash if people like
#
cwebber2 yeah, one of those ;)
#
sandro I'd be inclined to publish both short and long, and let people use whichever they prefer
#
cwebber2 "why have one when you can have two... for twice the price"
#
sandro In this case, is there any harm in having lots of them?
#
cwebber2 https://www.youtube.com/watch?v=VTUrdizRZyw
#
sandro At first I thought that was an example of a hash URI
#
cwebber2 ;)
#
sandro What's that from?
#
cwebber2 Contac5
#
cwebber2 Contact
#
sandro ah
#
cwebber2 the film version obviously
#
sandro Hmmm. Con-neg is another issue. We only care about this for json-ld, but the namespace doc is alos available in other froms, eg html.
#
sandro maybe putting /context in there is good
#
sandro doesn't need to be in /ns but I guess it might as well.
#
sandro I think apache might be tricky with activitystreams being both a file and a directory. I guess I could do it with a RewriteRule. Or simpler: ns/activitystreams-context/v1.2
#
sandro the actual current sha256 is 8b8e384b31fef5b62e3a5ff6e408a8f7358cf1b4ce562da82baaca479e3b48aa. Remember that. :-)
#
cwebber2 sandro: I didn't want to assume that I was making a sha256 for a specific period in time
#
cwebber2 so I did it for "foo" ;)
#
cwebber2 "foo" is timeless
#
sandro And the current revision is 1.8. (The w3c website is in CVS.) So, I could easily pull out 1.1 through 1.8 and put them by those names, and by the sha256 as ns/activitystreams-context.
#
sandro (I have a script like that lying around)
#
cwebber2 adds this suggestion to https://github.com/w3c-dvcg/ld-signatures/issues/9#issuecomment-326718071
#
Loqi [cwebber] `https://www.w3.org/ns/activitystreams/` is likely to keep mutating in append-only fashion, and maybe this is just fine, since that doesn't preclude having a versioned one as well that's more specific. One thing we discussed in #social is that may...
#
sandro found my script. But its conventions I would be putting them at activitystreams-history/rev_1.8
#
sandro I think I like "-history" more than "-context", but I think v1.8 is better than rev_1.8 (as long as we're only doing numeric version tags, not words)
#
cwebber2 I'd be fine with -history
#
sandro okay. all generated. I guess I'll go ahead and publish it.... fingers crfosed
#
sandro https://www.w3.org/ns/activitystreams-history/
#
sandro I wonder if I should drop the "1." in the version, as just a CVS artifact. So it'd be /v1 /v2 up to the current /v8
#
sandro the downside is that feels like they are big changes
#
sandro script is at https://github.com/sandhawke/expose-history
#
Loqi [sandhawke] expose-history: shell script for turning CVS history into a bunch of web files
#
sandro And now I've set: Cache-Control: max-age=31536000, public
#
sandro (ie 1 year)
#
sandro and posted https://github.com/w3c-dvcg/ld-signatures/issues/9#issuecomment-326720082
#
Loqi [sandhawke] I've now implemented this so people can experiment: https://www.w3.org/ns/activitystreams-history/ contains all (eight so far) versions of the jsonld version of the namespace document, with cache control max-age 1 year. It's generated by a s...
cdchapman, jankusanagi_ and xmpp-social joined the channel
#
cwebber2 sandro: awesome :D
#
cwebber2 Gargron: https://github.com/w3c-dvcg/ld-signatures/issues/9#issuecomment-326720082
#
Loqi [sandhawke] I've now implemented this so people can experiment: https://www.w3.org/ns/activitystreams-history/ contains all (eight so far) versions of the jsonld version of the namespace document, with cache control max-age 1 year. It's generated by a s...
#
Gargron that's good but i am still preempting stuff that's not there :D
#
Gargron also i see that i need to change my code to do manuallyApprovesFollowers
#
cwebber2 Gargron: heh :) yes, though if you have the pre-empted version with context terms that are not yet there, but are manually included by you in your @context alongside the context without them
#
cwebber2 Gargron: when the new context comes out with them, you can append that, and things will work great still
#
cwebber2 or rather use that
#
cwebber2 so now we have more of an upgrade path for such terms at least
#
cwebber2 ie, you use {"@context": ["https://www.w3.org/ns/activitystreams-history/v1.8.jsonld", {"sensitive": "as:sensitive"] ...}
#
cwebber2 then when sensitive gets baked in
#
cwebber2 you use {"@context": ["https://www.w3.org/ns/activitystreams-history/v1.9.jsonld"}
#
cwebber2 well, with fixed [] ;)
#
cwebber2 and both will work and signatures won't break
cdchapman joined the channel
#
Gargron wondering what db i would pick for a fresh AP implementation like the one i was talking about (youtube-esque)
#
Gargron relational or document storage?
#
Gargron a lot of things seem to be document storage oriented in AP
#
Gargron (there is a choice here too tho: mongodb, couchdb, cockroachdb)
#
Gargron but postgres is so battle tested
#
Gargron and, honestly, you could even just store json in postgres, there is a json data type
#
aaronpk A former coworker of mine says that Postgres is a better MongoDB than MongoDB is
#
cwebber2 Gargron: postgres + jsonb
#
cwebber2 jsonb is the shit
#
aaronpk You can even build indexes on specific properties of the JSON columns
#
cwebber2 you can index json fields and even join across them
#
Gargron haha, i would believe that! i used mongo a few years ago
#
cwebber2 beat me to it aaronpk
#
Loqi nice
#
Gargron i wonder if i could do a prototype of what i had in mind quickly in rails
#
Gargron maybe after 1.6 is out
#
Gargron the idea of spending a day setting up boilerplate in rails is daunting but i think i could copypaste a lot of code from masto after that
#
Gargron but i could try out shrine.rb instead of paperclip~ and write an ipfs driver for it. and try out ipfs, for that matter
#
Gargron has anyone tried using cockroachdb anyway?
#
Gargron terrible branding
#
Gargron but they make some interesting promises
#
cwebber2 I haven't tried it out
#
cwebber2 as an aside, Zooko tried to convince me to use tahoe-lafs as MediaGoblin's database way back in the day https://lists.gnu.org/archive/html/social-mediagoblin/2011-04/msg00008.html
#
cwebber2 gosh over 5 years ago D: