#social 2018-04-20

2018-04-20 UTC
# 00:15 
dansup Thanks for the opinions on javascript!
timbl joined the channel
# 01:20 
ajordan dansup: can't tell if you're being sarcastic? I assume no?
# 01:20 
dansup Heh, nope
# 01:22 
dansup I was just wondering what people thought about it, I know mastodon uses react and quitter is a js heavy UI.
# 01:22 
dansup And I got this response, https://mastodon.social/@kit_darko/99884705917217035
# 01:22 
Loqi [Kit Darko] @dansup A full page reload just for liking something though? 🤮
# 01:24 
dansup I'll be using js but it wont be required, the js experience will be a lot smoother though
JanKusanagi joined the channel
# 01:37 
ajordan dansup: excellent haha, just checking
# 01:37 
ajordan I mean FWIW pump.io requires JS too, but that bothers me
# 01:37 
ajordan honestly I want to throw away all the frontend code we have currently and try for a simpler model
# 01:38 
ajordan and also I'd like to do a better job of supporting people without JS on
# 01:38 
ajordan Legacy(tm)
# 01:40 
dansup Nice, I think a fresh UI could help both pump and gnu social a lot!
# 01:43 
dansup I started a gnu social clone using the laravel framework, https://mastodon.social/@dansup/99807919226835952
# 01:43 
Loqi [dansup] Sneak peek of the basic bootstrap UI.
evanp joined the channel
# 01:45 
dansup hey evanp, big fan of your work on statusnet and pump! I've recently been working on new patches for GNU social (including ActivityPub support), and tinkering with stuff like https://git.gnu.io/gnu/gnu-social/issues/308
# 01:47 
dansup I ran a statusnet instance from 2012 to 2015 on the hyperboria network (wasnt federated since it required cjdns access)
# 01:49 
dansup Just the beginning... https://git.gnu.io/dansup/ActivityPub/blob/dev/actions/activitypubactor.php
evanp joined the channel
# 02:14 
ajordan ahh so to be clear dansup
# 02:14 
ajordan that refactoring I was talking about would be different than a UI redesign :-)
# 02:14 
ajordan though I'd like to improve the web UI too haha
# 02:49 
dansup ajordan: Oh I see, I might be able to help with that. I'm familiar with bootstrap, bulma, semantic and foundation. https://dansup.github.io/bulma-templates/
# 02:49 
ajordan ah nice
# 02:49 
ajordan I mean so am I, it's just a matter of time
# 02:49 
ajordan I'm bad about reviewing PRs too unfortunately
# 02:50 
ajordan there's some low-hanging fruit like e.g. getting us off Bootstrap 2 lol
# 02:51 
dansup Yeah I hear ya, I've been trying to add bcrypt/argon2I support to GNU social and performance/security takes precedence over UI
# 03:29 
ajordan yeah for sure
# 03:29 
ajordan I have so many ideas to improve security
# 03:29 
ajordan just never enough time...
evanp and cdchapman joined the channel
# 04:12 
dansup ajordan: does pump support ActivityPub or does it just support ActivityStreams 1.0?
# 04:12 
ajordan dansup: AP support is WIP
# 04:12 
ajordan actively being worked on
# 04:13 
dansup ah nice
cdchapman joined the channel
# 04:14 
ajordan yep
# 04:14 
ajordan I expect AS2 support will ship in our next beta
# 04:14 
ajordan that's blocked on me doing a review unfortunately
# 04:14 
dansup if you support image uploads, I will be able to federate your content to the instagram clone
# 04:20 
ajordan we do!
# 04:21 
ajordan (fair warning I'm going to bed literally any minute now)
# 04:37 
dansup goodnight!
# 04:37 
Loqi sleep tight!
# 04:43 
cwebber2 ajordan: :D :D
# 04:43 
cwebber2 go go AP in pump.io!
vasilakisfil, xmpp-social, mib_lfcapy, githree, fr33domlover, Zakia, gf, hadleybeeman and downey joined the channel
# 13:16 
Gargron cwebber2: https://github.com/tootsuite/mastodon/issues/1629#issuecomment-382767542
# 13:16 
Loqi [Gargron] In that case maybe you don't want polls, maybe you want to use Strawpoll... Either that or ActivityPub needs a way to display answer counts without listing individual answers. Tbh, imagine a typical poll on Twitter, it can get thousands of replies. T...
# 13:20 
cwebber2 Gargron: *reading*
# 13:28 
cwebber2 Gargron: I gave a suggestion
# 13:29 
cwebber2 !tell evanp hey, could you look at https://github.com/tootsuite/mastodon/issues/1629#issuecomment-383095637 ?
# 13:29 
Loqi Ok, I'll tell them that when I see them next
# 13:29 
Loqi [cwebber] Maybe each answer that shows up in the poll could itself be an AS2 collection which can give its totalItems, but which can (optionally, if non-anonymous) also expose its items (which are the actual response objects) in case anyone wants to "audit" it...
# 13:47 
Gargron is evan back in activitypub development?
# 14:12 
ajordan Gargron: evan's been hacking on AP in pump.io
# 14:16 
cwebber2 !tell pfrazee is this true?  does Dat use nodejs' representation of json as its "canoicalization" format? https://news.ycombinator.com/item?id=16879954 Is there any plans to change that?
# 14:16 
Loqi Ok, I'll tell them that when I see them next
# 14:16 
Loqi [Vendan] (I'm the author of the repo in question)
Note that this repo has been sidelined, as I have fundamental issues with the protocol SSB is built on.  Unless there's changes to how the messages are signed and verified, I'm not planning on putting any seri...
# 14:16 
cwebber2 oh wait
# 14:16 
cwebber2 SSB not dat
# 14:16 
cwebber2 nm then :D
# 14:16 
cwebber2 I keep mixing up SSB and dat
# 14:16 
cwebber2 !tell pfrazee once again I mixed up SSB and dat apparently.  Never mind and carry on!
# 14:16 
Loqi Ok, I'll tell them that when I see them next
evanp joined the channel
# 14:18 
cwebber2 hey hey evanp
# 14:18 
cwebber2 I left you messages with Loqi ;)
# 14:19 
cwebber2 I think you need to speak to get them! :)
# 14:19 
ajordan ahhh SSB
# 14:19 
ajordan it *does* have a lot of interesting ideas
# 14:21 
cwebber2 otoh this commenter has it right https://news.ycombinator.com/item?id=16880304
# 14:21 
Loqi [zeveb] I know that I sound like a broken record, but this is exactly the issue which canonical S-expressions were designed for, and which SPKI wrestled with &amp; solved twenty years ago.
The SPKI version of a message would look something like (I've removed...
# 14:21 
cwebber2 yeah yeah canonical s-exps for life
# 14:21 
cwebber2 notes they co-authored a protocol that does not use canonical s-exps but shhh
evanp joined the channel
# 14:25 
ajordan cwebber2: heathen!
# 14:25 
ajordan has exactly zero opinion on canonical s-exps
# 14:33 
cwebber2 canonical s-exps are great and it makes me sad that SPKI/SDSI didn't take off (well, I'm sad about that for lots of reasons)
# 14:38 
ajordan searches
# 14:39 
ajordan aw man
# 14:39 
ajordan that looks really nice :/
# 14:41 
cwebber2 yeah instead we got X.509 and SSL Certificate Authorities
# 14:41 
cwebber2 sad
# 14:42 
ajordan no kidding
# 14:43 
ajordan at least we have Let's Encrypt I guess?
# 14:55 
cwebber2 Let's Encrypt is a useful tarp (built an maintained by wonderful people) thrown over the current dystopia of certificate authorities
# 14:56 
cwebber2 if you haven't considered it before, consider that SSL CAs are only as strong as the *weakest* CA you have
# 14:56 
cwebber2 any CA, if compromised or unethical, can lie
# 14:56 
cwebber2 and in fact, some CAs will lie if you pay them to
# 14:56 
cwebber2 I forget which but some of the CAs allow corporate environments to purchase a "service" where they will allow you to MITM sites on a corporate network
# 14:58 
ajordan cwebber2: I'm aware of all the problems with PKI (moxie's talk on Convergence is really good for that and also I taught a class on this lol)
# 14:58 
ajordan and I totally agree
# 14:58 
michiel cwebber2: would SPKI have solved that issue?
# 14:58 
ajordan right now the situtation is still pretty bad but I think Certificate Transparency will actually get us to a decent place
# 14:59 
cwebber2 michiel: yes, SPKI/SDSI as I understand it allowed there to not be one "central authortiy" but allowed one to set up a trust network
# 15:00 
cwebber2 michiel: it had a petnames system using path based names IIRC
# 15:00 
cwebber2 however most of my knowledge comes from only skimming the specs, but reading and falling in love with the canonical s-exps one ;)
# 15:00 
cwebber2 and talking with ocap folks
# 15:01 
cwebber2 and also Christopher Allen
# 15:01 
cwebber2 who is the person behind tls/ssl
# 15:01 
cwebber2 and also *did not want* a certificate authority system, and wanted to use SPKI/SDSI
# 15:01 
cwebber2 well, the main person behind, I should say
# 15:02 
ajordan oh interesting
# 15:02 
ajordan according to someone moxie talked to they just "threw [PKI] in at the end"
# 15:03 
cwebber2 btw if you read the petnames thing (unfinished) that I was working on with Mark Miller and etc for Rebooting Web of Trust that's a good idea of how a different naming and security model could work: https://github.com/cwebber/rebooting-the-web-of-trust-spring2018/blob/petnames/draft-documents/making-dids-invisible-with-petnames.md
# 15:03 
ajordan I wonder if he talked to Christopher Allen or someone else
# 15:03 
cwebber2 sadly unfinished
# 15:03 
cwebber2 yes Christopher Allen told me something like "we tried to warn Netscape about all the problems that would happen if they went with a CA model but they were like, this is easy to ship, so let's roll it out"
# 15:04 
cwebber2 the petnames stuff will probably be more important as we're starting to see more experiments with activitypub over tor onion services
# 15:04 
ajordan Kip Hickman (sp?) apparently
# 15:04 
ajordan right
# 15:04 
ajordan https://strugee.net/presentation-https-deployment/#11
# 15:04 
cwebber2 and webfinger sure as heck won't work for that :P
# 15:05 
cwebber2 especially not as onion v2 services roll out with a zillion character long onion names
# 15:06 
cwebber2 petnames reduce phishing risks as well
# 15:06 
ajordan lol I've had a vanity onion v2 generator running for... let's see
# 15:07 
ajordan two months apparently
# 15:07 
ajordan I should just give up right?
# 15:08 
ajordan https://pump.strugee.net/alex/note/Zp6YptdKQq-LVxir8PwN9w
# 15:08 
Loqi [AJ Jordan] I'm now generating (vanity) Tor onion service keys for strugee.net and nodecompat.com. Onion services coming Real Soon Now™!
# 15:08 
Loqi +1
# 15:09 
cwebber2 heh
# 15:09 
cwebber2 vanity .onions are funny but also kind of dangerous
# 15:09 
ajordan dangerous how?
# 15:09 
cwebber2 especially the facebook one worries me
# 15:09 
cwebber2 they increase phishability
# 15:10 
cwebber2 if you get used to the idea that something like facebookcorewwwi.onion is really facebook
# 15:10 
ajordan ohhh yeah that's interesting
# 15:10 
cwebber2 then facebookcorewwii.onion may be an easy way to trick people
# 15:10 
cwebber2 and this will be worse in tor onion services v2
# 15:10 
cwebber2 where they're much larger
# 15:11 
cwebber2 even harder to distinguish
# 15:11 
cwebber2 if you only look at the first N characters, you might say "seems legit?" and go through
# 15:11 
cwebber2 and then bam, phished
# 15:11 
cwebber2 petnames are the right answer
# 15:11 
ajordan well that depends on how you keep track of onions
# 15:11 
ajordan I have a text file where I record known onions
# 15:11 
cwebber2 ajordan: that's an informal petnames system :)
# 15:11 
cwebber2 now let's make a formal one
# 15:12 
ajordan you could argue that v2 will improve things because it forces more people into that kind of setup
# 15:12 
ajordan ah true
# 15:12 
cwebber2 bookmarks are also petnames
# 15:12 
cwebber2 now, if you add edge names
# 15:12 
cwebber2 where I can recommend you
# 15:12 
cwebber2 er, recommend to you
# 15:12 
cwebber2 some names
# 15:12 
cwebber2 cwebber => rhiaro
# 15:12 
cwebber2 here's how you find Amy
# 15:13 
cwebber2 now you start to establish a system where, like real world connections between people
# 15:13 
cwebber2 we can introduce folks to each other
# 15:13 
cwebber2 and also!
# 15:13 
cwebber2 DNS doesn't need to appear
# 15:13 
cwebber2 it just becomes an equal participant
# 15:13 
cwebber2 if you have a dns petname, then
# 15:13 
cwebber2 dns => dustycloud.org
# 15:13 
cwebber2 er, doesn't need to disappear :)
# 15:13 
cwebber2 same thing with namecoin or even your local university staff directory
# 15:14 
rhiaro considers herself found
# 15:14 
cwebber2 MIT Staff => Gerald Sussman
# 15:14 
cwebber2 hi rhiaro :)
# 15:14 
ajordan hm interesting
# 15:14 
ajordan also side note because of this conversation I was like I wonder what rhiaro is up to? and so I went to http://amy.gy and well
# 15:15 
ajordan poop emoji :P
# 15:18 
rhiaro That's because online rhiaro is authoritative not amyg
# 15:18 
rhiaro rhiaro.co.uk should tell you what I'm up to more or less
# 15:18 
ajordan lol yeah I went there
# 15:19 
rhiaro is on a bus to Prague
# 15:19 
ajordan I couldn't remember the URL and wanted to be lazy so I took a guess :D
# 15:19 
ajordan rhiaro: nice, how come?
# 15:19 
rhiaro Where to start
# 15:19 
ajordan hahaha
# 15:20 
Loqi hehe
# 15:20 
rhiaro Convenient connection to Lyon for webconf is the simplest explanation
# 15:21 
rhiaro Anyone here going to webconf next week? I know Sandro is
# 15:22 
ajordan ahh nice
evanp left the channel
# 15:38 
aaronpk I haven't been paying enough attention to conferences ahead of time to actually go to much this year. Hopefully next year I can do more since I can plan ahead now
cdchapman, jankusanagi_, fr33domlover, JanKusanagi and bwn joined the channel
# 21:08 
@kevinmarks ↩️ @alicemazzy This sounds like Activity Streams: https://www.w3.org/TR/activitystreams-core/#example-3 (twitter.com/_/status/987437917940408320)
cdchapman joined the channel