#social 2018-11-06

2018-11-06 UTC
zzo38 joined the channel
# 00:40 
zzo38 First, how can I get rid of the public.cloak? That isn't my domain name. My correct address is: 24.207.47.161
# 00:42 
zzo38 I also have questions about the ActivityPub. The document says it is using JSON, but if I try to access the test server then it is a HTML document instead, even if the Accept header specifies JSON.
# 00:42 
puck everyone has the same public.cloak
# 00:43 
puck and, ehm, what test server are you trying to connect to? i'm unaware there is one
# 00:43 
zzo38 puck: Yes, but I don't like that. Some IRC servers allow to use MODE <nickname> -x to remove it but it doesn't work here
# 00:43 
zzo38 The test server I am trying is https://test.activitypub.rocks/
# 00:44 
puck ah, that's a server for testing your client and/or server, so it doesn't serve up AS2 json directly afaik
# 00:46 
zzo38 Sorry, I do not quite understand. How can it be tested if it doesn't serve JSON?
# 00:46 
puck it's not to be tested, it is the tester
# 00:47 
zzo38 Maybe it can act as a client then, but still it doesn't seem to work. But how to test another client, then?
# 00:48 
zzo38 The client should need a server to connect to, in order to test, it should seem to me, isn't it?
# 00:48 
zzo38 Probably there is something I am failing to understand properly
# 00:49 
puck cwebber2: wait, did the test suite have support for testing servers already?
# 00:50 
puck zzo38: i suspect the test suite for clients doesn't work yet, but i haven't been around a lot recently
# 00:50 
zzo38 Ah, maybe that is what it is.
# 00:50 
nightpool[m] my understanding is that the test suite is a manual checkbox list for c2s clients and s2s servers
# 00:51 
nightpool[m] and it can act as an automated client to test parts of a c2s server
# 01:48 
zzo38 The specification look like complicated and has many documents. I may at first to just try to make up some client that can just receive at first, but later may also implment sending by client, posting messages to a local file by client, as well as server (client-to-server and server-to-server, JSON only). I intend making the command-line program. Some things such as the summary, and default MIME type for content, is HTML, but I do not want to implement HTML.
# 01:49 
zzo38 Why is it so complicated?
# 01:51 
rialtate[m] Lol
# 01:51 
rialtate[m] bookmarks
# 01:57 
zzo38 Is there a server that can be used to test a client that can only receive?
# 02:06 
rialtate[m] zzo38: in most cases you would need to be able to send a Follow before you can receive. To bypass that would usually invite abuse
# 02:10 
rialtate[m] zzo38: if your first step is to send Follows, you will then be able to receive Accept:Follow, and from there you can graduate to Create:Note
dmitriz joined the channel
# 02:27 
zzo38 To be able to follow isn't a server needed? I only intend to implement a client at first, that just makes a GET request to receive a single object or list of public messages, posted to the sharedInbox. I think the specification says that authorization is not needed to read public messages, isn't it?
# 02:38 
rialtate[m] zzo38: oh I misread. Technically a client doesn't "receive" but rather fetches like you describe. There isn't many servers that support fetching the inbox though,  and none that support fetching the sharedinbox, but it would probably work like you think if anyone did support it
# 02:42 
zzo38 Does any server support fetching all public messages from the outbox without needing authorization? If I understand the specification properly, it seem to say that it is possible.
# 02:43 
nightpool[m] sure, look at cybre.space/@nightpool.json for an example
# 02:44 
zzo38 What is the full URL to access that file?
# 02:46 
nightpool[m] huh?
# 02:47 
nightpool[m] that is the full url
# 02:48 
zzo38 Doesn't looks like to me; it is just a filename (and a strange one, if there is @ in it). Shouldn't an absolute URL have a scheme?
# 02:48 
zzo38 And a domain name and so on?
# 02:48 
nightpool[m] ....
# 02:48 
nightpool[m] I assumed the https was implicit
# 02:49 
nightpool[m] the full URI is really https://cybre.space/@nightpool
# 02:49 
zzo38 O, is that the domain name? I suppose there is many new kind of TLDs that I have never heard of before...well, now I know!
# 02:49 
nightpool[m] the .json is a shortcut to access the activity+json formatted document
# 02:49 
zzo38 OK I will try that.
# 02:50 
zzo38 Yes, that works.
# 03:00 
zzo38 I suppose it should be possible to render a HTML content as plain text by just stripping all HTML tags and then replacing all entities with the corresponding character. With the test I just tried, that works, although of course I cannot possibly try all messages on all servers. Do you expect this should work?
# 03:01 
nightpool[m] why do you want to render html content as plain text?
# 03:01 
nightpool[m] the answer will depend on your use case
# 03:02 
zzo38 Because it is a command-line program.
# 03:04 
nightpool[m] then really what you want to do is render it into ASCII formatting, right?
# 03:04 
nightpool[m] like, if someone put in a table, then it might be useful to render that with box drawing characters
# 03:05 
nightpool[m] I'm not saying you need to do that all right away, but that's the way I would start thinking about it
# 03:05 
nightpool[m] it's possible there are some libraries out there that would do this for you
# 03:08 
nightpool[m] w3m's -dump option, for example
# 03:09 
zzo38 Yes, maybe. Possibly Lynx is capable of doing it if needed, I suppose. I suppose when I make it to post my own messages, I can make it to set the mediaType property to text/plain to indicate that it isn't HTML, and when fetching messages, to check if there is a mediaType set that isn't text/html and to bypass the formatting if it isn't HTML. Another alternative would be to use the "source" property; if it exists and its mediaType is text/plain then it can u[CUT]
# 03:12 
zzo38 If I do make it posting messages as text/plain and the message contains line breaks, what is the recommended way to represent them, "\n", or "\r\n"?
# 03:15 
cwebber2 puck: not really
# 03:15 
cwebber2 except for c2s
# 03:15 
dansup cwebber2: hi!
# 03:16 
nightpool[m] zzo38: i don't know if anybody currently uses text/plain, so that's hard to answer
# 03:17 
nightpool[m] if you're talking about server-side though, i think almost all HTTP servers serve linebreaks as \r\n
# 03:17 
cwebber2 hi dansup
# 03:17 
cwebber2 is heading to bed, has to wake up early to drive to a conference
# 03:17 
cwebber2 later, *
# 03:17 
zzo38 I mean within the "content" property of the message. Of course they will be escaped whichever way it is, since it is JSON.
# 03:18 
dansup cwebber2: have a good night!
Angle joined the channel
# 03:25 
zzo38 If no other ActivityPub server currently uses text/plain, then maybe my software may be the first one that does. Of course, is also necessary to decide what to call this software; what should I call it?
# 03:54 
zzo38 Also, what exactly are you supposed to use the "audience" field for? Since you can use "to", "bto", "cc", and "bcc", to indicate the primary and secondary audience, I am not sure what the "audience" field is supposed to be doing exactly.
# 04:26 
zzo38 Which properties are mandatory?
# 04:26 
nightpool[m] mandatory to what?
# 04:27 
zzo38 Mandatory to include when composing a message.
# 04:43 
nightpool[m] a message for whom?
# 04:43 
nightpool[m] ActivityPub is just about the delivery and distribution of Activities
# 04:43 
nightpool[m] it doesn't specify content at all
# 05:33 
zzo38 OK.
# 05:47 
zzo38 I have now decided I think I will not implement POST for client to server protocol on either end, but both as the client and server to implement GET; POST is implemented for server to server protocol only. Since, the intention is that you will write the messages locally and then it will send it to your followers as well as post it to the local database to be received by other clients.
# 05:58 
zzo38 Is any kind of authentication necessary for server to server if the message you send belongs to the sender (that can be verified by a DNS lookup)?
# 05:59 
dansup zzo38: Yes, HTTP Signatures or Linked Data Signatures
# 06:01 
zzo38 How does that work? The ActivityPub specification says "there are no agreed mechanisms for authentication".
# 06:11 
zzo38 I found the document for Linked Data Signatures
# 06:14 
zzo38 Although it is unclear how it is supposed to be used with ActivityPub.
xmpp-social joined the channel
# 06:27 
zzo38 I found HTTP Signatures and that look like OK. If a server requires authentication for messages it receives due to Follow (and doesn't verify by DNS lookup), though, how to indicate this? If a standard HTTP username and password are needed, that seems like easily enough to do: When the server copies the Follow message elsewhere, it can strip the username and password from the URL, using them only to send messages to the server that sent the Follow message.
Guest84 joined the channel
# 07:00 
zzo38 Please note that I only intend to support public messages anyways, not private messages.
timbl and Guest84 joined the channel
# 12:53 
nightpool[m] https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization is the document you want
# 12:54 
nightpool[m] see "signing including http signatures"
Angle, timbl and dmitriz joined the channel
# 16:40 
zzo38 Will the server respond by 401 and WWW-Authenticate if needed? In such case it will be possible to know what kind of authentication will be required.
# 16:42 
zzo38 I suppose another possibility is to just see if there is a publicKey field.
# 16:44 
zzo38 However, the example given, while it is JSON, does not seems a ActivityPub object; the @context is different, for one thing.
# 16:55 
nightpool[m] zzo38: I'm not sure what you mean by www-authenticate
# 16:56 
nightpool[m] it will certainly respond with some sort of error message
# 16:56 
nightpool[m] it probably won't be specific to HTTP signatures
Angle joined the channel
# 16:59 
zzo38 The document for HTTP signatures says that 401 error and WWW-Authenticate header is used to specify the details of that error message, if that is the kind of authentication that is needed. (Although 401 error code is used for any needing authentication I should think, including Basic and Digest)
# 17:03 
zzo38 Please note that I only intend to implement support for public messages and not private, and no authentication should be needed to read public messages, I should think?
# 17:09 
nightpool[m] authentication is primarily for SENDING messages
# 17:10 
nightpool[m] at least, in the s2s protocol
# 17:14 
zzo38 Yes, I know that. But messages that will be sent are probably either a Follow message or a message that is sent due to receiving a Follow message earlier I think (although maybe there is other cases that I have missed), so it seem it would be possible to verify the message without needing authentication (and if signatures are used, is still needs to verify the key, so verification is still needed anyways)
# 17:14 
nightpool[m] I'm not sure I follow
# 17:15 
nightpool[m] no pun intended
# 17:15 
zzo38 I suppose if the message ID and the author have different domains, then what I suggested might not work
# 17:15 
nightpool[m] are you saying we should adopt an authentication algorithm that negotiates symmetric secrets during follow requests?
# 17:16 
zzo38 But I fail to see why they would.
# 17:16 
nightpool[m] that sounds very complex
# 17:16 
zzo38 No, I am saying that the message is public and that if the message ID and author have the same domain name then authentication should not be necessary it look like.
# 17:17 
nightpool[m] shrug
# 17:17 
zzo38 That is, if you can verify it by DNS lookup.
# 17:17 
nightpool[m] you're not wrong, but doing a full round trip lookup is slow
# 17:17 
nightpool[m] some servers will do it, some won't.
# 17:19 
zzo38 O, OK.
# 17:20 
zzo38 Yes, I suppose using signatures would allow the keys to be cached, perhaps.
# 17:26 
zzo38 (Or maybe I misunderstand.)
dmitriz, timbl, Angle and xkr47 joined the channel