#social 2018-08-14

2018-08-14 UTC
#
nightpool[m]
i don't understand your usecase kaniini. if you're trying to emulate webfinger, why invent another thing to do what webfinger already does?
#
saranix
nightpool[m]: I think it was the same thing I was saying yesterday. That mastodon can use preferredUsername to acomplish what it wants and does not need to require webfinger.
#
nightpool[m]
"what mastodon wants" is a unambiguous mapping from "@user@domain" -> activitypub actor
#
saranix
I defintely fall on the side of breaking-follow-your-nose is bad
#
nightpool[m]
preferredUsername doesn't accomplish that.
#
saranix
preferredUsername acomplishes exactly that
#
saranix
I don't know why you don't see it
#
nightpool[m]
how do I go from @user@domain to an actor with preferredUsername
#
nightpool[m]
what is the algorithm.
#
donpdonp
I believe whats being thrown around is the idea of 'backfilling' a url with an email style id of <preferredUsername>@<host part of url>.
#
saranix
dead-reckoning is the one exception. A fresh hub with no seeded contacts. This edge case should not rule all other behavior. IOW, if it's the only way, then it's the only way, but requiring it when it's not the only way is bad
#
donpdonp
it doesnt address starting with an email identifier.
#
nightpool[m]
i don't think you're understanding what I mean
#
nightpool[m]
when I say a mapping from "@user@domain" -> activitypub actor
#
puckipedia
nightpool[m]: what's the use of a unique username. usernames should be able to change
#
nightpool[m]
puckipedia: almost every service has some amount of uniqueness that people rely on when they're communicating in side-channels, IRL, etc
#
nightpool[m]
twitter, tumblr and email are obviously unique.
#
nightpool[m]
discord, battlenet, and other mmo platforms have "tags"
#
nightpool[m]
facebook gets away with this because if you're using it, it owns your entire social network.
#
saranix
nightpool[m]: My thing is, if mastodon has enough information to calculate a user@host with preferredusername it already fetched, it *should not* require that it ALSO GET the exact same information from webfinger before working.
#
puckipedia
nightpool[m]: twitter usernames can change freely
#
nightpool[m]
puckipedia: .... but they're still unique??
#
nightpool[m]
i don't understand your question
#
puckipedia
kinda assumed you were on the changability
#
puckipedia
I don't like that mastodon keys accounts on username/domain
#
nightpool[m]
that's a different question.
#
puckipedia
nightpool[m]: here's the thing. why should the display of a user's account be dependant on a side effect from an unreleated component
#
nightpool[m]
what?
#
puckipedia
mastodon figures out it should be e.g. user@example.social instead of user@mastodon.example.social because it's in webfinger
#
puckipedia
webfinger should not be required to figure this out
#
nightpool[m]
i'm not sure what you mean
#
nightpool[m]
user@example.social has no meaning outside of webfinger
#
puckipedia
then why are we using it all in activitypub
#
nightpool[m]
people who don't use webfinger, presumably, don't use it
#
nightpool[m]
people who do, do
#
puckipedia
why didn't we move to @https://example.social/user when we moved to activitypub
#
nightpool[m]
who is we here
#
puckipedia
everyone who moved to activitypub
#
puckipedia
in general
#
puckipedia
why didn't we abandon email-style IDs
#
nightpool[m]
only one software, to my knowledge, moved to activitypub
#
nightpool[m]
and i've already given the justification for the decision we made at the time.
#
nightpool[m]
(where "moved" means "used to implement another federated protocol, now implements activitypub")
#
nightpool[m]
(pleroma has a more complicated history but they were never federated over ostatus)
#
saranix
point of order, if mastodon requires webfinger to work, and webfinger is not part of the activitypub protocol, then mastodon has not (yet) *moved* to activitypub ;-)
ajordan joined the channel
#
nightpool[m]
that doesn't make any sense
#
donpdonp
id say mastodon implements two things, webfinger and activitypub. if it used a different system to translate email to url, the activitypub part would remain unchanged.
#
nightpool[m]
when mail servers start requiring dmarc, do we say they've STOPPED implementing smtp?
#
dansup
hey nightpool[m], pleroma can discover a pixelfed profile but mastodon can't. Any idea why?
#
dansup
curl -H "Accept: application/activity+json" https://pixelfed.social/users/dansup -v
#
nightpool[m]
I'll take a look when I'm at my computer
#
dansup
ok thanks!
#
puckipedia
dansup: wanna bet it's the redirect
#
aaronpk
Mastodon is soooo picky
#
dansup
puckipedia: that is fixed
#
puckipedia
ah
#
nightpool[m]
are you returning the right content-type header? that seems to be the main error we're running into when debugging federation
#
puckipedia
dansup: multiple accept values do not work
#
puckipedia
again
#
puckipedia
.
#
dansup
Content-Type: application/activity+json
#
puckipedia
accept: application/activity+json, text/html
#
puckipedia
I'm pretty sure I pointed this exact thing out to exactly you before
#
dansup
MUST present the ActivityStreams object representation in response to application/ld+json; profile="https://www.w3.org/ns/activitystreams", and SHOULD also present the ActivityStreams representation in response to application/activity+json as well.
#
puckipedia
dansup: multiple content type values is like. an http spec
#
puckipedia
come on
#
dansup
puckipedia: I don't understand what you are trying to say
#
puckipedia
a content-type header can be e.g. application/activity+json, text/html, */*
#
puckipedia
as in
#
puckipedia
Content-Type: application/activity+json, text/html, */*
#
dansup
oh, I thought you were talking about the Accept type
#
puckipedia
ehm
#
puckipedia
I WAs
#
puckipedia
sorry
#
puckipedia
accept
#
puckipedia
yes
#
puckipedia
content type can be one
#
puckipedia
I ma tired
#
dansup
I know it can be
#
puckipedia
but pixelfed isn't accepting it
#
dansup
oh I see what you are saying now, lol.
#
nightpool[m]
i think that makes 5/5 "mastodon is mean and not federating correctly!" problems I debug down to bad content negotiation implementations now
#
dansup
that was an easy fix, in_array() to str_contains()
#
puckipedia
now I'm gonna give you multiple Accept headers :P
#
dansup
just wait, its not deployed yet!
#
nightpool[m]
..... are you implementing your own content negotiation algorithm now.
#
nightpool[m]
aren't you using like, php??? is there seriously no library for this?
#
dansup
yay it works on mastodon now
#
Loqi
giggles
#
dansup
puckipedia: I'm sorry I didnt understand what you were saying before
#
dansup
I think that was the issue with the GS AP plugin, cc up201705417
#
nightpool[m]
what is the point of having a web framework if you're not going to use it.
#
dansup
lol what?
#
dansup
puckipedia: try it now
#
aaronpk
Don’t forget about application/activity+json; charset=UTF-8
#
dansup
nightpool[m]: I could do it a few ways, in the router or middleware but this was the quickest/dirtiest way. Its not even 4 months old yet
#
aaronpk
content type parsing is the worst lol
#
nightpool[m]
so, if someone requested something like text/html, application/activity+json; q=0.5, you'd give them the wrong one.
#
Gargron
i am suddenly curious about how web of trust could work with the fediverse
#
saranix
nightpool[m]: "when mail servers start requiring dmarc, do we say they've STOPPED implementing smtp?" 1) this is probably why thy never will require it, 2) dmarc is a standard on too of existing email infrastructure specifically on top of smtp. webfinger was not built specifically on top of activitypub. it is a totally different standard
#
dansup
nightpool[m]: oh, I need to use prefers() rather than accepts()
#
aaronpk
I really like that that’s the first thing you’ve said here in a long time Gargron
#
nightpool[m]
Gargron: did you see my reply to j?
#
nightpool[m]
i'm guessing we could implement a really basic web-of-trust thing completely with local information and fix 90% of the problem
#
nightpool[m]
since spammers aren't exactly setting up their own mastodon servers lol
#
Gargron
yes, but it reminded me of how everybody wants some form of verified accounts
#
nightpool[m]
eh
#
saranix
Gargron: good you're here. Maybe you can settle this finally. I say it's a bug that if you try to add a non-webfinger contact (i.e. @https://foo.example) and mastodon then refuses to lookup that contact because it doesn't *also have* a webfinger
#
Gargron
its not a bug, i designed it that way
#
saranix
it's designed to require something it doesn't need?
#
Gargron
you could put it that way
#
Gargron
if you cant mention it using plaintext in mastodon, there's no point in that account entering the database
#
saranix
activitypub spec does not have webfinger, requiring it means that mastodon can't talk activitypub
#
saranix
gargon: but pleroma does, it uses preferredusername
#
saranix
Gargron: it is the same information. simply refusing to accept it because it does not come from webfinger is just wrong
#
donpdonp
Gargron: re: verified accounts, in ssb "you are your ed25519 key". if mastodon allowed for private key upload, that might be a way forward.
#
Gargron
private key upload doesnt sound safe
#
Gargron
but i guess requiring something else would be too much for normal people
#
nightpool[m]
"normal people" don't have private keys
#
Gargron
true too. it wouldnt be much use unless you could also prove ownership of the key by posting on twitter or somewhere else, which requires gnupg knowledge
#
aaronpk
What kind of verification are people wanting? That’s a very strange idea
#
Gargron
simplest example, real gargron vs impersonators
#
Gargron
more practically, let's say "John Scalzi"
#
aaronpk
Who determines who the “real” Gargron is?
#
aaronpk
Linking to a real world identity sounds like a nightmare road you don’t want to go down
#
Gargron
i mean, its a choice
#
nightpool[m]
yeah, verification is inherently a "human" thing. i could make a keybase account that says my name is Eugen Rochko and convince my friends to sign it, but it wouldn't mean anything in terms of "verification"
#
aaronpk
This happens on facebook all the time. People make a fake account, then try to friend as many people as they can, so that eventually people see the friend request and its like “you have 20 friends in common” and they approve it
#
aaronpk
doesnt work so well when you went to high school with 17 other people and this person is claiming to be from the school
#
aaronpk
long story short I don’t think web of trust is your solution here ;-)
#
aaronpk
I guess that was a short story short
#
saranix
Gargron: "if you cant mention it using plaintext in mastodon, there's no point in that account entering the database". ok fine but you can. preferredUsername is the same information. if mastodon already has it, it should stop looking for it another place and then complaining when it can't find it.
#
dansup
request()->wantsJson() was the key, no dealing with headers :)
#
aaronpk
hope they implemented it right!
#
aaronpk
I had to step down a level and look at the header because I also wanted to return other json types
#
nightpool[m]
wow
#
nightpool[m]
hearing php try to talk about libraries is just like a whole other world.
#
donpdonp
php has come a long way.
#
nightpool[m]
in rails, all we do is register the two mime types, and then we immediately have response parsing built in
#
aaronpk
I’m sure someone has written a PHP library that works that way too. This is Laravel
#
dansup
nightpool[m]: its not a contest :)
#
nightpool[m]
sure, but that's the opposite of what you want
#
nightpool[m]
the controller should be able to say "here's the list of content types I can respond with", and the framework should figure out which is the best content-type for that request.
#
nightpool[m]
and call the associated functions/lambdas/closures or w/e
#
dansup
you can do that too, or call middleware from the route
#
aaronpk
Let’s not get in to web framework debates here
#
Gargron
back on the WOT thing. keybase is popular as a way to verify that you on one site is you on another
#
Gargron
but keybase still doesnt support mastodon or AP or anything, and even if it did that info would be stashed away
#
nightpool[m]
popular is maybe stretching it
#
Gargron
whats more popular is the twitter verified checkmark, which is controversial and yet desired by vulnerable people as a means of preventing impersonation attacks
#
dansup
Yeah, thats true
#
Gargron
i think this should not be a celebrity status thing, but really just a way to prevent impersonations.
#
Gargron
so after spending so much time explaining why i am interested in it, can anyone explain if WOT is a possible approach for it and how it would work
#
nightpool[m]
cwebber2: ping
#
nightpool[m]
my gut says "yes" because most people are entering the network with some form of personal connection to someone they trust
#
Gargron
the backup solution is if you let servers vote... assuming that an admin/mod would check the account independently, then vote for its integrity (local or remote no matter), and then on the origin server it would display which servers have verified the account
#
Gargron
oh wait nevermind the origin server could just fake that
#
Gargron
unless the origin server would forward those votes so receivers would be able to verify those votes came from those servers.
#
Gargron
growing complicated.
#
dansup
Gargron: Why not just do what keybase does, generate a proof to upload to twitter or github and then that acts as validation? Keybase not required
#
dansup
you already have the private keys to generate one
#
dansup
3rd parties could verify it too
#
Gargron
hmm
#
Gargron
for 3rd parties to validate it, the validation snippet would have to be public, and those identities too
#
Gargron
so it would have to be encoded in AP somehow
#
Gargron
would we have to add special handling for twitter? keybase seems to; and they periodically re-check, i'm not sure if that's truly necessary, but if we didn't add special handling the tweet with the snippet would fall off the profile page
#
Gargron
of course we already have *a* form of verification: each link in the profile fields is marked up with rel="me" so if the page linked contains a link back also with rel="me", that's a verification. of course, nobody uses that, and you couldn't make it work with twitter or fb anyway, only custom websites.
#
Gargron
i am tempted to return that whole idea to "unsolveable"
#
dansup
yeah, it would require a lot of work and it might not be used enough to warrant that
#
dansup
Gargron: btw, pixelfed will be supporting federating pretty soon. https://mastodon.social/web/accounts/418582
#
Loqi
dansup
#
dansup
federation*
#
Gargron
cool cool
#
kaniini
anyway my conclusion is that i don't want pleroma to be as deeply involved with webfinger as mastodon is
#
kaniini
so the feature isn't that important to me
#
saranix
kaniini: from my point of view pleroma is activitypub compliant and mastodon isn't. They both use webfinger but pleroma doesn't require it but mastodon does
#
kaniini
i would hope that pleroma is activitypub compliant in some way, pleroma's AS2 internal representation was based on an early draft of AP
#
dansup
saranix: how else does pleroma handle discovery? meta tags?
#
kaniini
pleroma can do discovery a few different ways
#
kaniini
like i said earlier
#
kaniini
it is possible if you know what you're doing
#
kaniini
to build pleroma without webfinger at all
#
saranix
kaniini: well technically there is one non-compliance but it's not that big of a deal. It requires the preferredUsername property even though the spec says it's a "SHOULD".
#
kaniini
saranix pleroma does not require preferredUsername
#
kaniini
it will show the URI of the user instead of building a user@domain
#
saranix
kaniini: with the live server I was testing with it would not accept the actor until I added a preferredIsername property
#
kaniini
that's the default configuration yes
#
kaniini
the core itself does not care though
#
dansup
webfinger isnt that bad, nodeinfo uses .well-known too
#
dansup
it does require an additional http req, thats about it
#
kaniini
dansup i'm not against webfinger, i just do not think the implementation should be locked into it
#
dansup
whose implementation?
#
kaniini
any
#
kaniini
if we were against webfinger, pleroma wouldn't have it
#
kaniini
but pleroma keeps webfinger solely in the discovery box
#
kaniini
if you give an AP actor URI, that works too
#
kaniini
anyway
#
kaniini
i solve verified accounts for you
#
kaniini
people send me money
#
kaniini
i say they are ok
#
kaniini
win win
#
kaniini
;)
#
kaniini
no, this isn't the CA debacle all over again
#
kaniini
never !
#
kaniini
saranix anyway
#
kaniini
saranix the internal core functions fine without preferredUsername. if you know what you're doing, those checks can be bypassed
#
kaniini
saranix the problem is, in practice, the APIs we provide get upset when there is no preferredUsername
#
saranix
requiring a SHOULD property on an object already being transferred isn't that big of a transgression. Requiring a whole seperate request from a completely different and in some ways competing protocol is just all kinds of rude.
#
aaronpk
Re: WoT my story was meant to demonstrate how a web of trust can still be taken advantage of
#
kaniini
saranix pleroma core does not require preferredUsername: https://pleroma.site/relay
#
aaronpk
because people end up trusting that everyone else they know has properly verified the person even if they haven't
#
aaronpk
I think the best you can do is prove that one person controls some number of other accounts
#
aaronpk
Which is basically what keybase does
#
aaronpk
So like if I trust that Gargron on Twitter is who I think he is, and if I can see some sort of proof that the person who controls that twitter account also controls this mastodon account, then I can transfer my trust to that mastodon account
#
aaronpk
same works for email, or other website,
#
aaronpk
or even a PGP key if that's your thing
#
dansup
yeah
#
dansup
but
#
dansup
you have to consider revocation, so you have to periodically validate that trust
#
dansup
hello!
#
Loqi
[pixelfed] @dansup You can now mention pixelfed users, will be releasing more AP support this week!#helloPixelfed
#
nightpool[m]
some wot thoughts in the backscroll for you cwebber
#
nightpool[m]
and also "there is no ethical consumption under webfinger" vol. 200
#
cwebber2
oh I just said a bunch of stuff about this over PM
#
cwebber2
dansup: cool!
#
cwebber2
nightpool[m]: yes
#
cwebber2
I have a lot of thoughts on WOT
#
cwebber2
and I actually think it *is* possible to do in a good human UX way
#
cwebber2
I already said this over PM but I'll say it all again
#
saranix
the problem isn't the consumption of webfinger, it's the requiring of it. Bottom line is, it is not in the activitypub spec. I don't think it was ever even being considered for inclusion but if it was, we all voted against it and approved a spec without it. So for mastodon to require it is a big *expletive* to all of us who worked on the protocol and approved what got approved
#
cwebber2
the thing is a web of turst thing should be *combined with* a naming system
#
cwebber2
there is not just one Chris Webber in the world
#
cwebber2
there is also a basketball player and some others
#
cwebber2
who is the "right" Chris Webber?
#
cwebber2
there isn't a right one
#
cwebber2
you have a social circle though
#
cwebber2
and maybe you know one who is right for you
#
cwebber2
let's assume you think I'm cwebber
#
cwebber2
we met up, I said "oh yeah, follow me here" (maybe I gave you my http address, maybe I emailed it to you, maybe you scanned a QR code)
#
cwebber2
great, you go to that page and hit "follow"
#
cwebber2
what happens?
#
cwebber2
when you follow, you save the name you want to remember me as
#
cwebber2
it should provide default text: if you don't know a cwebber yet, maybe it suggests cwebber, but you can fill in what you want
#
cwebber2
maybe you say "socialcg guy" instead
#
cwebber2
next time you see me, I show up as "socialcg guy"
#
cwebber2
think of a phone contact list:
#
cwebber2
there's no assumption that your names for contacts (which map to things you can barely remember) are global
#
cwebber2
if you have my phone number, you have it for me
#
cwebber2
if you have it for your "Mom"
#
cwebber2
there's no assumption there's one world "Mom"
#
cwebber2
so those are petnames
#
cwebber2
now, how do we get to a web of trust?
#
cwebber2
let's say you followed me, and when you followed me, you marked me as "cwebber" in your contact list
#
cwebber2
now I'm your cwebber.
#
cwebber2
now you want to find nightpool
#
cwebber2
since you have no local nightpool, but *I* know and have recommended a nightpool to friends
#
cwebber2
when you search your list, your system helpfully gives a suggestion
#
cwebber2
cwebber => nightpool
#
cwebber2
or if you saved me as "socialcg guy"
#
cwebber2
socialcg guy => nightpool
#
cwebber2
now, that's how it renders for you when you see nightpool's id, but maybe you want to save nightpool locally
#
cwebber2
you can do that
#
cwebber2
now it's just "nightpool"
#
cwebber2
you want to limit recursion here, probably between 2-4 levels deep.
#
aaronpk
Whoa, this relies on people sharing their contact list tho... that sounds ... dangerous
#
cwebber2
aaronpk: you explicitly decide every time you follow someone whether to share them with your followers
#
cwebber2
and you have to give someone a "capability" to get that somehow
#
cwebber2
what constitutes that can vary from implementation
#
cwebber2
it can be as simple as just following me, or maybe I have to ack it, maybe you have to request it
#
cwebber2
so yes it's risky but the user is informed that they're going to share that
#
cwebber2
maybe I know someone who's a journalist at risk
#
cwebber2
I don't want to share their name
#
cwebber2
when I follow them, I don't click the "share with friends" box
#
cwebber2
this system isn't new btw
#
cwebber2
it was designed for SPKI / SDSI
#
saranix
cwebber2: what you described is basically how the WoT I've been developing for about 7 years works (based on massive research and just about every rwot page ever published)
#
cwebber2
saranix: cool. it's also what the people working on SSL wanted
#
cwebber2
before Netscape shipped with "just trust what Verisign says"
#
cwebber2
so there are three types of names in a petname system
#
saranix
so sad
#
cwebber2
- petnames: a name *you have chosen* to represent an identity
#
cwebber2
saved in your contacts / bookmarks
#
cwebber2
- edge names: recommendations from one entity to another on what a person may be
#
cwebber2
- intro names: names that are introduced and suggested to you in a context. For example, a hyperlink that suggests a name is an intro name. An incoming call with caller id for someone you don't know, that's an intro name
#
cwebber2
whether someone giving a recommendation to themselves is an intro name or an edgename back to themselves, up for debate / barely matters
#
cwebber2
you want to visually make these distinct though
#
cwebber2
so now you may be like
#
cwebber2
"tough shit chris, dns won"
#
cwebber2
guess what
#
cwebber2
here's the great part about a petnames system
#
cwebber2
it can absorb dns
#
cwebber2
just make dns a petname!
#
cwebber2
dns => dustycloud.org
#
cwebber2
points at the same person as "cwebber" in your contacts list
#
cwebber2
horray!
#
cwebber2
now you can also set up your local university staff directory as a petname that can hand out edge names, etc
#
cwebber2
dns becomes an *equal player* naming hub, not a special priority one
#
cwebber2
the big thing about all this though is it needs buy-in from the clients you're using.
#
cwebber2
it doesn't affect the S2S protocol at all
#
cwebber2
other than possibly having an endpoint by which you can suggest edge names.
#
saranix
you got all this in the form of an article/deck? This feels very much like an "idiot's guide" that would be great to share
#
cwebber2
saranix: only that unfinished article
#
cwebber2
but I should probably do so
#
cwebber2
in a more compact form... one with pictures :)
#
cwebber2
anyway, if we do this kind of thing we can open ourselves up to much better, safer systems
#
cwebber2
which also tear down the big piece of centralization in our federated systems
#
cwebber2
dns + CAs
#
cwebber2
just make dns an equal player participant instead
#
saranix
ones which also reflect existing realworld paradigms instead of inventing new ones "on the interwebs"
#
cwebber2
right, so that's the thing
#
cwebber2
the mechanism I just described?
#
cwebber2
it's not so revolutionary
#
cwebber2
it reflects how real communities communicate with each other
#
cwebber2
how you map names in your own life to different people
#
cwebber2
and how you pass along contact information to other people
#
cwebber2
so that's my schpiel
#
cwebber2
it's also a system that's necessary if we move more systems onto using things like .onion addresses
#
cwebber2
ain't no way anoyone's going to be able to use webfinger with @foouser@agopaiybhsounabsouihgoisaddhgoisadhgiohasdgiohaoisgdiohsdgiohasdogihp.onion
#
cwebber2
PGP didn't work because it was building on top of an existing UX system that wasn't set up *at all* to be retrofitted for these ideas. and it awkwardly separated the human readable address from vouching that a key is associated with it
#
cwebber2
bundle the actual address with its cryptographic identity
#
cwebber2
you don't need CAs to sign https with .onion addresses because the address is itself the key fingerprint
#
cwebber2
all bundled together in the address
#
cwebber2
now, does that mean a petname system is only useful once we move to things like .onion addresses?
#
cwebber2
heck no
#
cwebber2
still useful even if using dns / https
#
cwebber2
Petname Tool is a (sadly defunct) browser extension for Firefox
#
cwebber2
what was it for?
#
cwebber2
to prevent phishing attacks.
#
cwebber2
using bookmarks!
#
cwebber2
bookmarks can be petnames, just like a contact list can
#
cwebber2
so when you visit paypal.com you get a green box that says "small payments", your petname for paypal
#
cwebber2
and when you go to paypa1.com
#
cwebber2
you don't have any indication your browser knows what it is
#
cwebber2
even more important in the age of unicode based phishing attacks
#
cwebber2
here's the good news: we actually have a social network system that resembles a web of trust
#
cwebber2
when you follow someone, that is exactly the kind of workflow we want for a web of trust system
#
cwebber2
just give the user an opportunity to choose the name at that step, and opt-in to sharing that name (or an adjusted one) to others
#
cwebber2
oh, one last thing
#
cwebber2
the edge name you share for someone doesn't have to be the same as your petname for them
#
cwebber2
Jane Smith may call her mom "Mom"
#
cwebber2
but the name she shares with the world is "Agatha Smith"
#
saranix
even non-malicious dns names can be confusing. great.tech, great.technology, greattech.com, greattechco.com, greattech.llc, etc.
#
cwebber2
saranix: yep, and it helps alleviate that pain when you register a domain name and wonder if for the sake of protecting yourself you should register the same one under 20 more gtlds :)
#
cwebber2
anyway, Gargron and nightpool[m] asked for my input on this and boy howdy did they get it, eh?
#
cwebber2
aaronpk: btw I'll note that despite your WoT skepticism, you already have and have advocated a WoT system in the indieweb community. Vouch *is* a WoT system, even if you don't recognize it as such ;)
#
cwebber2
though... there are two types of WoT, and the Vouch route is "I trust this person is legit" one, and the petnames one is "I believe that this person is this identity"
#
saranix
cwebber2: same type different property. another property would be the triple I trust xxx to do yyy. Or I trust that when xxx talks on topic yyy it is truthful
#
saranix
s/triple/quad since I = 1
#
saranix
still, just encoding real world actual social trust networks into bits and chars
#
cwebber2
off to bed. g'nite
#
saranix
gnite
xmpp-social, vasilakisfil and Chocobozzz joined the channel
#
aaronpk
cwebber2: you might also notice that I am a bit skeptical of vouch :-)
cwebber2 joined the channel
#
cwebber2
aaronpk: fwiw I'm more skeptical of reputation based WoT systems than I am of petnames style naming based WoT systems
#
cwebber2
reputation is a very difficult and often very perilous problem
dlongley joined the channel
#
up201705417
dansup, nightpool: Yeah, GS had the same Accept Header issue and it was solved by using this lib: https://git.gnu.io/dansup/ActivityPub/blob/dev/utils/AcceptHeader.php
#
up201705417
puckipedia: well.. GS supports email like IDs both because it is easier to type and due to OStatus compatibility
#
up201705417
but we are supporting ActivityPub like identifiers with no issues as well :)
#
up201705417
in our case we have a little special route to make everything easier on email like ideas, a somewhat innocent hack xD
#
up201705417
and that brings no problems because of ids consistency ^^
#
up201705417
we are using GS webfinger plugin so I can't really explain the internals of it, but the implementation was kinda easy on AP Plugin side :)
cdchapman, cwebber2 and ajordan joined the channel
#
puckipedia
.. eww, mastodon does some nasty things if a post that is replied is removed
#
aaronpk
haha sorry
#
puckipedia
i mean, not your fault
#
puckipedia
but
#
puckipedia
bad behavior on Mastodon's side
#
nightpool[m]
what do you mean "that is replied"?
#
puckipedia
nightpool[m]: inReplyTo is nulled if the post that it originally pointed to is removed
#
nightpool[m]
yeah?
#
puckipedia
so now there's no indication that the post was ever a reply
#
saranix
lights a gas lantern
#
nightpool[m]
because it's not a reply anymore
#
puckipedia
it's still a reply
#
nightpool[m]
maybe, but it's certainly no longer inReplyTo anything
#
aaronpk
it's a reply to a deleted post
#
aaronpk
so it should look like that
#
aaronpk
isn't there a Tombstone object for this?
#
aaronpk
could render the reply context as a stub showing that something used to be there
#
saranix
s/could/supposed to
#
nightpool[m]
tombstone is a may
#
nightpool[m]
we chose not to implement it for privacy/security reasons
#
nightpool[m]
ideally, if you delete a post on mastodon, noone later should be able to tell that it existed
#
saranix
thinks you didn't get my /me if you think it's better security
#
aaronpk
nightpool[m]: you don't have to show that *that particular post* existed in order to show a tombstone on the reply
#
JasonRobinson[m]
are there really replies in microblogging? it's all just statuses isn't it? sure you can link them, but in the end they're individual statuses
#
aaronpk
what do you mean "are there really replies"
#
saranix
JasonRobinson[m]: you make microblogging sound like flatulence... oh wait
#
aaronpk
these look like replies to me https://aaronparecki.com/replies
#
saranix
so that's why they call them toots I guess
#
puckipedia
nightpool[m]: just link it to the deleted post and let the other servers figure it out
timbl joined the channel