#social 2018-06-23

2018-06-23 UTC
cwebber2, tantek, pantherse and xmpp-social joined the channel
#
Loqi
[dansup] I'm working on an ActivityPub guide website for coders & non-coders! It's something I wish existed before I started pixelfed.
#
dansup
I started this because I want to help make it easier to understand using real world examples, and have both visual and code representations so that its easily explained for both users and developers alike.
#
Loqi
[dansup] The ActivityPub guide was inspired by me trying explain to my 8 year old niece what the fediverse is! She is really excited to share her art on PixelFed (she can draw way better than me) 😁
#
dansup
I
#
dansup
I am getting feedback from her tomorrow :)
#
jaywink[m]
dansup: extremely cool 👍 and needed. Would be great to especially have examples on auth and signing from the current implementations
#
dansup
yes, HTTP signatures first, then LD
#
jaywink[m]
ooh didn't realize funkwhale was django
#
dansup
funkwhale is pretty cool, I am working with the dev to support audio on pixelfed
#
jaywink[m]
I might need to steal... I mean learn from some of the AP related code for socialhome :P
#
dansup
yabir is also working with python on an AP IG replacement! https://github.com/yabirgb/zinat
#
Loqi
[yabirgb] zinat: Self-hosted photo gallery social network. Under development
#
dansup
we are working together so UX is similar, lmk if you have any questions about our implementation
#
jaywink[m]
cool thanks, seen heard of zinat before but didn't realize it was python. nice to have some reference implementations when creating the AP stuff
timbl and cwebber2 joined the channel
#
nightpool[m]
gargron wrote a great intro post about AP if anyone wanted to check it out https://blog.joinmastodon.org/2018/06/how-to-implement-a-basic-activitypub-server/
#
nightpool[m]
I know there were a couple people in here who were looking into AP but weren't sure where to get started
#
technomancy
oooh
#
technomancy
<3 static files
#
jaywink[m]
was just reading it and about to link here. nice :)
#
dansup
that is awesome :D
#
dansup
I'm working on something like that too
#
Loqi
[dansup] WIP #activityPubGuide
#
jaywink[m]
nice 👍
#
Gargron
could you drop some upvotes on HN if you liked the blog post?
vasilakisfil joined the channel
#
puckipedia
been building kroeg with a thought of easy decentralized trust, which should allow for any user to delegate signing the object to e.g. another server, or even to your local machine
cwebber2 joined the channel
#
nightpool[m]
hey puckipedia!! great to see you around again
#
nightpool[m]
also lol @ cwebber2 joining right as you mentioned decentralized trust
#
nightpool[m]
i'm definitely really pro that kind of stuff
#
nightpool[m]
signing delegation would be really useful for e.g. the gitpub stuff yookoala is doing
#
puckipedia
primary use is signing in on server A, then posting messages on server B
#
ajordan
oh that's interesting puckipedia
#
ajordan
we have a similar problem on pump.io
#
ajordan
we have a "login with remote account" option that lets you sign in to a different pump.io site and interact with it normally
#
ajordan
and the way that works internally is that basically the remote site goes through the client OAuth flow and gets tokens. but that means it can do *anything*
#
ajordan
as I understand it we're going to fix this with the move to OAuth 2 (which of course we have to do anyway) by issuing tokens scoped to a particular domain
#
puckipedia
ajordan: ah, this is mostly a flow used when the server doesn't actually have the private key
#
ajordan
so like a.com would be able to create activities on b.com but only activities related to a.com
#
ajordan
puckipedia: right
#
ajordan
but it sounds like you're thinking of delegating signing authority from b.com to a.com?
#
ajordan
so a.com would be acting as a server in the network instead of acting as a client to b.com
#
puckipedia
yes and no
#
puckipedia
It'd probably be a "to_sign" claim inside the authorization token, which is a url. send the objects and requests to sign there, the server/client signs it, returns the objects
#
ajordan
ahhh I see
#
puckipedia
the only thing is
#
puckipedia
if we implement this, we need to probably throw out the current LD signing technique
#
ajordan
so in other words a.com could submit to e.g. b.com/plz_sign_my_json and get back a response signed with b.com's private key?
#
puckipedia
ajordan: yes, but only after the user accepts
#
ajordan
got it
#
puckipedia
the current LD signing is just for an entire document
#
ajordan
you should be careful when implementing that interface
#
puckipedia
yeah
#
ajordan
seems super easy to create warning fatigue
#
puckipedia
it'd probably be like a draft view
#
Loqi
I agree
#
puckipedia
so you'd see the result, accept/reject it
#
puckipedia
for the LD signatures: I have an untangling thingy that works for everything but completely tangled documents
#
ajordan
I guess what I'm thinking of is, how would such an interface work for high volumes of activities?
#
puckipedia
no idea, as, y'know, I haven't thought this out further than "this would be nice for allowing e.g. ipfs-stored actors"
#
puckipedia
fun fact: I can have kroeg-rs create the most cursed activity ever
cwebber2 joined the channel
#
puckipedia
curl -H 'Authorization: ...' --data '{"id": "_:b0", "type": ["Create", "Person", "Note"], "object": "_:b0", "content": "hi", "attributedTo": "user", "actor": "user", "name": "Cursed Post-user-thing", "preferredUsername": "idk-even"}' http://127.0.0.1:3000/~puckipedia/outbox
#
puckipedia
I am slightly proud that this works at least
#
puckipedia
anyways i gotta sleep
#
ajordan
puckipedia: nice lol
#
puckipedia
kroeg-rs is like way better already
#
puckipedia
and written in rust :P
#
ajordan
puckipedia: oh my god
#
ajordan
re: cursed activity
#
ajordan
what have you done
#
puckipedia
turns out not giving up and just building infrastructure on top of json-ld node maps works
#
puckipedia
took a little work to make it work
#
puckipedia
but. I never touch the raw JSON unless it is to translate it into expanded JSON-LD, and even then I just flatten it
#
puckipedia
also I ehm. I kinda dropped the divide between Create and just using it immediately, because of code reasons
#
puckipedia
so now, {"type": "Announce", "object": {"type": "Note"}} is valid
#
puckipedia
TIME FOR BED
#
ajordan
lol night puckipedia