#social 2020-01-12

2020-01-12 UTC
robin joined the channel
# 08:02 
robin Hello, I had a question about activity pub.
# 08:02 
robin Is it possible for a user to have one account on mutiple activity pub servers?
# 08:03 
robin For example if a user has a mastodon account, can this user re-use his account on a peertube server. So that if they upload a video it will be shared with their mastodon followers.
sl007 joined the channel
# 10:43 
trwnh robin: no. at least, not currently. accounts aren't part of activitypub. activitypub only deals with actors. it is possible to use the same actor on one server with multiple clients, but neither mastodon nor peertube are activitypub servers. they are simply apps that use the activitypub server-to-server federation protocol.
jesopo joined the channel
# 15:21 
melody that's sure a hair to split
# 15:21 
aaronpk lol
# 15:22 
aaronpk what exactly is an activitypub server then?
# 15:27 
trwnh imo an activitypub Server implements both c2s and s2s
# 15:28 
cjslep[m] robin , another way to think about it: ActivityPub solves federating portions of an RDF data graph between instances, but nomadic/multi-homed accounts (having them exist in one or more places) is a different problem than the one AP solved. Maybe nomadic/multi-homed accounts could be solved using AP or some other specific tech. Unfortunately, nothing inherent about AP to help here. :(
# 15:28 
trwnh pretty much everything we have right now is a monolith
# 15:31 
trwnh back into users creating statuses).
# 15:31 
trwnh in mastodon's case for example, there isn't a discrete activitypub component in the server stack -- it just uses transformers between the internal database and the federation controller. you can't interface with the activitypub bits in mastodon, they're abstracted away. you are a user posting a status, not an actor creating a note. it's just that for federation purposes that information is encoded as Actor Create Note over the wire (and then transformed
# 15:37 
melody I think those are just implementation details, and not particularly important ones, I don't know that you could have usable software that was as thin a layer over AP as you're implying would be necessary for it to count, the AP and AS verbs and nouns are ontological abstractions, they aren't intended to be remotely useful for end users
# 15:40 
melody Communication over the wire is the important part, I don't see what part of anything implies that the storage component of a server, or the UI layer, should reflect or care about it
# 15:48 
nightpool[m] no, you definitely can have usable software, you just have to think of it as a thick client onto a thin server, rather then the other way around
# 15:57 
melody Nothing that exposed "Actors" unmediated to end users could be functional -- my point was that abstracting away the wire federation is a perfectly fine, the vocabularies are not meant to be presented unfiltered and not exposing the AP internals directly at a conceptual level shouldn't disqualify something from counting as ActivityPub
# 16:09 
nightpool[m] yes, but that's not the argument that's being made. the argument that's being made is that mastodon isn't a full AP server because it doesn't allow for pluggable clients, which I think is a reasonable argument given the scope of the spec.
# 16:10 
nightpool[m] you're assuming that the user would interface with the server directly, trwnh is assuming the user would interface with a client that interfaces with the server.
# 16:11 
trwnh yeah exactly ^
# 16:11 
trwnh the client can be an app that runs on a server
# 16:12 
trwnh like how you can use thunderbird, or you can use the gmail webapp
# 16:13 
trwnh except if i wrote an abstract messaging app that could send out over smtp xmpp or activitypub, is that a triple server?
# 16:13 
trwnh implementation-wise, i could have it speak c2s of all three protocols, or i could make it a monolithic app
# 16:16 
trwnh the user never sees the implementation details, though. as far as mastodon users are concerned, they have a mastodon account and they are using mastodon apps that interface with the mastodon api. the mastodon software is managing their profile, they have an account with their mastodon website. at no point does activitypub enter this equation, except for federation (which is subsumed into the federation controller).
# 16:17 
trwnh to be more precise, the original question about accounts on multiple servers doesn't really make sense because to have the behavior described, peertube would have to be a mastodon app instead of an activitypub "server". it would do oauth with mastodon, not with the activitypub bits.
# 16:27 
melody well activitypub doesn't specify any authentication at all
# 16:27 
melody and that's a small part of the larger problem which is that the C2S spec is just grossly insufficient for real use cases or people might be more interested in implementing it
# 16:30 
melody Given that both C2S and S2S are explicitly optional I don't think it makes sense to say that Mastodon isn't an ActivityPub server because well, it implements ActivityPub
# 16:30 
trwnh imap is grossly insufficient for electronic communication because it's not designed for that -- smtp handles delivery. but it's a moot point as long as there aren't any real generic ap servers that do only id assignment and delivery per the spec, nor any apps that can plug in as a client.
# 16:31 
trwnh i think the best examples in other protocols would be quassel for irc, or movim for xmpp
# 16:31 
trwnh quassel's core server is an irc client, but it is a quassel server
# 16:31 
trwnh movim is an xmpp client but it is a social server
# 16:32 
trwnh especially in movim's case, movim handles the status updates and the microblogging, but it uses the xmpp server for storage.
# 16:33 
jaywink[m] activitypub is more of a framework, not a strict spec - I don't see how there could be a true generic server? doesn't sound very useful as a platform imho
# 16:33 
melody A generic server doesn't make sense really, the C2S spec isn't robust enough to support a heavy client
# 16:33 
melody w/ a generic server
# 16:33 
melody it'd just be a stack of trash
# 16:34 
trwnh to me a generic server implements c2s and s2s and behaves roughly like what is described in the spec -- the Client does C2S POST and receives a 201 Created with the id, the Client can also define to/cc and the Server does the S2S POST
# 16:34 
trwnh what the client does with those ids is up to the client
# 16:35 
trwnh it's probably the kind of thing that would make much more sense if it were demo'd by example instead of discussing theoretical behavior
# 16:35 
melody the spec is too incomplete for that to work and be any good
# 16:35 
trwnh but the ap client would be the "core", logically speaking
# 16:35 
trwnh the server would be more like having a google account
# 16:36 
melody it'd be more like an unauthenticated SMTP relay on the open internet
# 16:36 
trwnh it would not be like smtp at all, it's more akin to imap really
# 16:39 
trwnh the potentially confusing ux would be having to have two accounts -- one for authorizing with the account on the client, one for authorizing with the actor on the server
# 16:39 
melody except authentication and authorization aren't part of the spec so a pure generic server shouldn't do either
# 16:40 
trwnh that's too literalist. how authorization is done is entirely up to whoever is implementing the server. you can say "my server requires oauth" or "my server requires username/password"
# 16:40 
trwnh just like how imap/smtp settings have to be defined for email clients
# 16:41 
trwnh which server, which port, which encryption (ssl, tls, etc)
# 16:42 
melody except those are part of the spec for imap and smtp
# 16:42 
trwnh is gmail's oauth2 part of the imap spec?
# 16:43 
melody no, and they are criticized all over for it and there's a bunch of email clients their shit doesn't work in because of it
# 16:43 
trwnh well the same isnt and shouldn't be true for the web equivalent of email for websites
# 16:44 
trwnh it's just that it's a new paradigm, all the existing email clients expect username/password
sl007 joined the channel
# 16:45 
trwnh we kind of already have interop issues with e.g. mastodon requiring HTTP Signatures or LD Signatures for certain things. or even just requiring https. or requiring webfinger which matches preferredUsername.
# 16:47 
jaywink[m] in the real world people want to make different kinds of platforms with different types of features - so there will always be interop issues, no spec can cover all cases
# 16:47 
jaywink[m] activitypub is flexible for this reason
# 16:47 
jaywink[m] compare to the diaspora protocol for example which is more strict and covers only a small set of features
# 16:48 
jaywink[m] it would never work for what activitypub does with tens of platforms with different features and needs
# 16:53 
melody Yeah, and AP's lack of specificity is helpful for that and I don't actually think it's a problem, I just think gatekeeping what counts as an AP server based on whether it implements the optional C2S portion is weird, since generic interop is already thoroughly impossible I don't see why a server can't still count as a server if it defines its own client API -- anything functioning would need to anyway by way of extensions at a minimum
# 16:54 
trwnh it's not a big deal, just a precision-of-language thing? it's the difference between "activitypub server" and "application that implements activitypub s2s"
# 16:55 
melody which is why my initial comment was "that's a hair to split", it's pretty pedantic and that pedanticness wasn't helpful to the question that was asked
# 16:59 
trwnh peertube to post to mastodon because peertube isn't a client of mastodon but also it doesn't have a way to be a client of the underlying actor. if it wanted to add mastodon integration it would have to integrate with the mastodon account instead of the activitypub actor.
# 16:59 
trwnh you can use activitypub server to mean "anything that implements s2s" but i feel like that's a very collapsed model. they're monoliths in the sense that the quassel monolithic package is a monolith -- it has a core and a client but no meaningful separation between them, and thus is basically an irc client. wrt mastodon/peertube it's not pedantic because the lack of separation is relevant to the question, and it's the entire issue actually. you can't use
# 16:59 
trwnh maybe it would make more sense if we considered a local-only instance of mastodon with federation turned off?
# 16:59 
trwnh or a hypothetical fork of mastodon that removed the federation controller
# 17:00 
trwnh in those cases there would be no activitypub at all
# 17:03 
nightpool[m] i don't think i follow everything trwnh (IRC) is saying, so I can't speak to that, but i do think the difference between "software that just implements activitypub s2s" and "servers that implement s2s and c2s" is really crucial for the question asked
# 17:05 
nightpool[m] "Can I use a youtube-like social media service and a microblogging-like social media service with the same account" is a really easy question to answer when you have thin servers and thick clients, and a very hard question to answer when the server hosting your account is fundamentally tied to a specific piece of client software
# 17:27 
melody I mean the answer is neither service would function
# 17:28 
melody thin servers and thick clients just means globally subpar experience and even worse interop issues
# 17:28 
melody + even less in the way of anti-harassment or abuse controls
# 17:30 
nightpool[m] would you say that browsers are a globally subpar experience and have worse interop issues compared to current activitypub?
# 17:30 
melody i don't think that analogy works
# 17:30 
nightpool[m] in my experience, the interop issues are better, because users can easily try out different browsers when one isn't working
# 17:31 
nightpool[m] it's the same model. ActivityPub clients provide a way to view AS2 content.
# 17:31 
melody also browsers are awful, and so hard to implement that there's only two left, i'm not sure that's a mistake anyone wants to repeat
# 17:32 
nightpool[m] i don't think it makes sense to call safari and chrome the same browser, even if they share an ancestor.
# 17:32 
nightpool[m] almost all of the internals have diverged
# 17:33 
melody i don't think there being 3 whole browsers instead of 2 really changes the salient point here
# 17:34 
melody and part of the reason everything has converged is because the interop issues were insurmountable without all browsers using the same core and users hated needing to use different browsers to access different websites and developers couldn't juggle them all to deal with their incompatible implementaions
# 17:34 
melody all of which sound like mistakes we don't want to repeat
# 17:35 
melody purpose-built servers which know enough about content expectations to normalize them for potential clients smooths things over
# 17:35 
nightpool[m] yes, and no-one is proposing adding complex layout algorithms or a runtime scripting engine to activitypub. The thing i'm saying is that "pluggable clients lead to a globally subpar experience" is an unsupported statement.
# 17:36 
melody I'm pretty sure browsers support my point better than yours
# 17:37 
nightpool[m] do they? There is nothing in the browser world that's at all similar to how activitypub is now.
# 17:39 
melody and the email ecosystem has also functionally centralized because thick clients are incapable of coping with unwanted content and they've been stagnant on features for years because of the interop challenges getting in the way of clients implementing new enhancements
# 17:39 
melody thick clients exacerbate interop issues unless there's few enough of them that developers can special-case behavior to handle the set
# 17:40 
nightpool[m] and thick servers don't?
# 17:41 
nightpool[m] "your client has to implement the extension" is not fundamentally any different from "your server has to implement the extension"
# 17:41 
nightpool[m] except the user can easily change one and not the other.
# 17:42 
melody purpose-built servers know enough about their own content to transform it for their needs, and that work can be done in a somewhat centralized place where multiple users can benefit from it, clients need to live on underpowered devices  where they can't take advantage of economies of scale and are often also on harder network constraints, where servers could do additional filtering to prevent unnecessary data transfer
# 17:43 
nightpool[m] Backend-for-frontend is a type of client, nobody is saying this code literally needs to live on user's devices.
# 17:43 
melody i mean half the point of being federated over p2p is to be able to take advantage of some of these constraints on reality that way
# 17:46 
nightpool[m] The idea of the client/server distinction is the idea of that the processing you're talking about should be decoupled from the actual software that's hosting the content.
# 17:46 
nightpool[m] so that the processing can change while the hosting remains stable
# 17:50 
melody yeah, and i don't really agree, i think you'd see even more dangerous centralization if activitypub servers became glorified account & hosting providers, in part because servers becoming more content-agnostic would balloon costs for stuff like media storage
# 17:51 
nightpool[m] in what way?
# 17:53 
melody because servers no longer knowing what kinds of clients they will be interacting with will either be left behind for not supporting video uploads, as a for instance, or will need to pool resources to take advantage of economies of scale for more storage -- that's how gmail took over email -- long term
# 17:54 
melody servers being purpose built aids decentralizing in part because they can be selective about content and drop things they don't want to deal with
# 17:55 
melody and potential hosts can maintain better awareness up front of what kinds of service needs they need to provide for
# 17:56 
melody and can implement more specific strategies for offsetting costs -- like peertube trying to offset bandwidth costs for popular content by using a p2p network in the browser layer
# 17:56 
melody a generic server would not realistically be able to do that or at least, not while maintaining a diversity of implementations
# 18:02 
trwnh media storage can be done on the client tbh, or entirely external to the server. i see the server's real role as just assigning the id. linked data, basically.
# 18:02 
trwnh this is part of the id/url distinction to me
# 18:03 
trwnh in fact if the id is complex enough you practically require going through the client which can do access control and filtering there
# 18:04 
melody media storage can't be done in the client unless clients are always-available, but the reason we have servers is because they aren't, it has to be hosted somewhere
# 18:04 
trwnh clients can be servers too. quassel and movim are examples of this
# 18:04 
nightpool[m] sure, but the client could choose a different external service, or say "this media is only available through BT" or whatever.
# 18:05 
melody i mean fine, but i think that just recreates the existing structure but more complicated
# 18:05 
trwnh suppose you have an id of ap.trwnh.com/7203820382938303038201012 and a url of trwnh.com/image.jpg
# 18:05 
melody and makes the AP server even more superfluous because it's not actually providing any value anymore at that point if it's no longer hosting content either
# 18:05 
trwnh the thing is you can then update the url without breaking the linked data web
# 18:06 
melody making AP servers into glorified identity providers but without any actual auth specs seems like a really weird turn
# 18:07 
melody and servers that provided additional value would see more adoption than ones that didn't
# 18:07 
melody and you'd eventually centralize around the providers that could actually provide hosting & content storage at scale again
# 18:08 
trwnh content storage only matters for the json documents, the actual assets and media can be stored elsewhere at some url.
# 18:09 
melody and somebody needs to provide that -- an activitypub server that supported media storage would see more adoption than one that didn't, because it would be compatible with more clients that rely on media
# 18:09 
melody it'd be a storage race
# 18:09 
trwnh the only part of activitypub that really matters is the id, because that's what powers the linked data web. the client can host its own media and probably should
# 18:10 
melody again -- then you are just recreating the current structure, but with more complexity
# 18:10 
Loqi again has -1 karma over the last year
# 18:10 
trwnh the complexity provides the benefit of using different clients
# 18:11 
melody if clients have to be servers with their own clients and then also be clients to activitypub servers that don't do anything it increases architectural complexity to no benefit
# 18:11 
melody and end-user device clients couldn't interop directly with the AP servers because they are intermittently available and content would be frequently gone from the network
# 18:11 
trwnh the benefit is being able to use the same actor
# 18:12 
melody i don't think that's enough benefit for the additional problems it causes
# 18:13 
melody you also end up with like a 4 party auth chain
# 18:17 
trwnh you could do it with 2 layers, idk where 4 comes from
# 18:17 
melody also using the same actor everywhere is often undesirable, people often want to present different identities on platforms with different purposes, i think if you were gonna try for a generic identity provider you'd also need to provide a lot of functionality for alias actors, but that becomes difficult with AP being tied so hard to the DNS system, people would need to congregate around large providers for additional pseudonimity
# 18:17 
trwnh i already do this as a quassel user for example -- i sign into my quassel core which is signed into and connected to various irc networks
# 18:18 
melody 1) the user as a person, 2) their client's client, 3) the server client, 4) the server
# 18:19 
trwnh in fact my quassel core lets me select one of multiple identities
# 18:19 
melody IRC is different
# 18:19 
melody IRC users don't resolve to a domain
# 18:19 
trwnh not terribly so -- there's a user/pass for the core, and then a user/pass for nickserv.
# 18:20 
melody IRC users aren't dereferenceable
# 18:20 
melody an AP identity provider is tied to its domain
# 18:20 
melody so if you wanted to retain pseudonimity you'd need to have an account on a large provider
# 18:21 
melody because an AP provider wouldn't be able to provide aliases on other domains
# 18:22 
melody the relationship a quassel core has to the idents it provides to IRC networks isn't really similar
# 18:22 
melody in terms of information leak
# 18:23 
melody and there's one less level of indirection because IRC doesn't really do media
# 18:23 
melody and your proposal would require most clients to actually be servers that also have their own clients so that there's a host separate from the identity provider to handle media
# 18:26 
trwnh if you're worried about anonymity you wouldn't use a personal domain though...
# 18:27 
melody that's my point
# 18:27 
melody there are incentives to clustering around larger identity providers
# 18:28 
melody beyond the normal incentives
# 18:31 
trwnh only because there is no generic widely supported way to use your own identity provider
# 18:31 
trwnh indieauth could be this
# 18:32 
trwnh openid promised to be this but was not generic enough or widely adopted enough
# 18:34 
trwnh still in cases where i *want* one identity i cannot have that
ajordan joined the channel