#social 2018-06-23

2018-06-23 UTC
cwebber2, tantek, pantherse and xmpp-social joined the channel
# 07:37 
dansup Hello ActivityPub. https://mastodon.social/@dansup/100253003190305470
# 07:38 
Loqi [dansup] I'm working on an ActivityPub guide website for coders & non-coders! It's something I wish existed before I started pixelfed.
# 07:41 
dansup I started this because I want to help make it easier to understand using real world examples, and have both visual and code representations so that its easily explained for both users and developers alike.
# 07:57 
dansup and also this, lol. https://mastodon.social/@dansup/100253075924652260
# 07:57 
Loqi [dansup] The ActivityPub guide was inspired by me trying explain to my 8 year old niece what the fediverse is! She is really excited to share her art on PixelFed (she can draw way better than me) 😁
# 07:58 
dansup I
# 07:58 
dansup I am getting feedback from her tomorrow :)
# 08:41 
jaywink[m] dansup: extremely cool 👍 and needed. Would be great to especially have examples on auth and signing from the current implementations
# 08:43 
dansup yes, HTTP signatures first, then LD
# 08:56 
jaywink[m] ooh didn't realize funkwhale was django
# 08:57 
dansup funkwhale is pretty cool, I am working with the dev to support audio on pixelfed
# 08:58 
jaywink[m] I might need to steal... I mean learn from some of the AP related code for socialhome :P
# 08:59 
dansup yabir is also working with python on an AP IG replacement! https://github.com/yabirgb/zinat
# 08:59 
Loqi [yabirgb] zinat: Self-hosted photo gallery social network. Under development
# 09:01 
dansup we are working together so UX is similar, lmk if you have any questions about our implementation
# 09:02 
jaywink[m] cool thanks, seen heard of zinat before but didn't realize it was python. nice to have some reference implementations when creating the AP stuff
timbl and cwebber2 joined the channel
# 21:04 
nightpool[m] gargron wrote a great intro post about AP if anyone wanted to check it out https://blog.joinmastodon.org/2018/06/how-to-implement-a-basic-activitypub-server/
# 21:04 
nightpool[m] I know there were a couple people in here who were looking into AP but weren't sure where to get started
# 21:04 
technomancy oooh
# 21:04 
technomancy <3 static files
# 21:05 
jaywink[m] was just reading it and about to link here. nice :)
# 21:06 
dansup that is awesome :D
# 21:07 
dansup I'm working on something like that too
# 21:23 
dansup https://mastodon.social/@dansup/100256248886745984
# 21:23 
Loqi [dansup] WIP #activityPubGuide
# 21:39 
jaywink[m] nice 👍
# 21:48 
Gargron could you drop some upvotes on HN if you liked the blog post?
vasilakisfil joined the channel
# 23:04 
puckipedia been building kroeg with a thought of easy decentralized trust, which should allow for any user to delegate signing the object to e.g. another server, or even to your local machine
cwebber2 joined the channel
# 23:21 
nightpool[m] hey puckipedia!! great to see you around again
# 23:22 
nightpool[m] also lol @ cwebber2 joining right as you mentioned decentralized trust
# 23:22 
nightpool[m] i'm definitely really pro that kind of stuff
# 23:22 
nightpool[m] signing delegation would be really useful for e.g. the gitpub stuff yookoala is doing
# 23:27 
puckipedia primary use is signing in on server A, then posting messages on server B
# 23:27 
ajordan oh that's interesting puckipedia
# 23:27 
ajordan we have a similar problem on pump.io
# 23:28 
ajordan we have a "login with remote account" option that lets you sign in to a different pump.io site and interact with it normally
# 23:28 
ajordan and the way that works internally is that basically the remote site goes through the client OAuth flow and gets tokens. but that means it can do *anything*
# 23:29 
ajordan as I understand it we're going to fix this with the move to OAuth 2 (which of course we have to do anyway) by issuing tokens scoped to a particular domain
# 23:29 
puckipedia ajordan: ah, this is mostly a flow used when the server doesn't actually have the private key
# 23:29 
ajordan so like a.com would be able to create activities on b.com but only activities related to a.com
# 23:29 
ajordan puckipedia: right
# 23:30 
ajordan but it sounds like you're thinking of delegating signing authority from b.com to a.com?
# 23:30 
ajordan so a.com would be acting as a server in the network instead of acting as a client to b.com
# 23:30 
puckipedia yes and no
# 23:31 
puckipedia It'd probably be a "to_sign" claim inside the authorization token, which is a url. send the objects and requests to sign there, the server/client signs it, returns the objects
# 23:31 
ajordan ahhh I see
# 23:31 
puckipedia the only thing is
# 23:32 
puckipedia if we implement this, we need to probably throw out the current LD signing technique
# 23:32 
ajordan so in other words a.com could submit to e.g. b.com/plz_sign_my_json and get back a response signed with b.com's private key?
# 23:32 
puckipedia ajordan: yes, but only after the user accepts
# 23:32 
ajordan got it
# 23:32 
puckipedia the current LD signing is just for an entire document
# 23:32 
ajordan you should be careful when implementing that interface
# 23:33 
puckipedia yeah
# 23:33 
ajordan seems super easy to create warning fatigue
# 23:33 
puckipedia it'd probably be like a draft view
# 23:33 
Loqi I agree
# 23:33 
puckipedia so you'd see the result, accept/reject it
# 23:33 
ajordan hm
# 23:33 
puckipedia for the LD signatures: I have an untangling thingy that works for everything but completely tangled documents
# 23:34 
ajordan I guess what I'm thinking of is, how would such an interface work for high volumes of activities?
# 23:36 
puckipedia no idea, as, y'know, I haven't thought this out further than "this would be nice for allowing e.g. ipfs-stored actors"
# 23:36 
puckipedia fun fact: I can have kroeg-rs create the most cursed activity ever
cwebber2 joined the channel
# 23:37 
puckipedia curl -H 'Authorization: ...' --data '{"id": "_:b0", "type": ["Create", "Person", "Note"], "object": "_:b0", "content": "hi", "attributedTo": "user", "actor": "user", "name": "Cursed Post-user-thing", "preferredUsername": "idk-even"}' http://127.0.0.1:3000/~puckipedia/outbox
# 23:38 
puckipedia I am slightly proud that this works at least
# 23:38 
puckipedia output is approx https://gist.github.com/puckipedia/bedf18b1c87d3c2a6bd318e41b723468
# 23:41 
puckipedia anyways i gotta sleep
# 23:42 
ajordan puckipedia: nice lol
# 23:42 
puckipedia kroeg-rs is like way better already
# 23:42 
puckipedia and written in rust :P
# 23:43 
ajordan puckipedia: oh my god
# 23:43 
ajordan re: cursed activity
# 23:43 
ajordan what have you done
# 23:43 
puckipedia turns out not giving up and just building infrastructure on top of json-ld node maps works
# 23:44 
puckipedia took a little work to make it work
# 23:44 
puckipedia but. I never touch the raw JSON unless it is to translate it into expanded JSON-LD, and even then I just flatten it
# 23:48 
puckipedia also I ehm. I kinda dropped the divide between Create and just using it immediately, because of code reasons
# 23:48 
puckipedia so now, {"type": "Announce", "object": {"type": "Note"}} is valid
# 23:48 
puckipedia TIME FOR BED
# 23:52 
ajordan lol night puckipedia