Pre-Alpha ActivityPub-related bug reports
-
thisismissem@hachyderm.ioreplied to thisismissem@hachyderm.io on last edited by
@julian Why? because the unauthenticated user should not be able to view federated content, since this may make you susceptible to public cache poisoning attacks, where a third-party could make you publicly display CSAM content, and then it looks like you're displaying it first-party and hosting CSAM to your hosting company, who takes your server down immediately and/or reports to LEO.
We've already seen this attack used to take down fediverse servers.
-
scott@authorship.studioreplied to julian@community.nodebb.org on last edited by@julian
I often feel like I am pushing against the "ActivityPub zeitgeist" of sorts, because I am plainly advocating for a thoughtfully designed pull-based mechanism for backfill purposes, but at least among those I've talked to, I'm not hearing any pushback.
Hubzilla and Friendica were one of the first platforms to implement forums (or more accurately "discussion groups" although the only difference is the UI). The biggest challenge at the time was that other platforms didn't (and most still don't) understand groups and group discussions.
When developing, they basically used the following tactics:
1. Implement full discussion group features within Hubzilla, and Friendica, respectively. People who use those platforms get the full experience and full feature set.
2. For platforms that don't have the same features, they implemented what they could. If other platforms don't support certain things, that is not our fault. But we still designed it so that it works with their platforms, mostly using workarounds. They could at least participate, even if they didn't get the full experience.
I think we need to take the same approach. We design it so that thread-based platforms (forums, discussion groups, Facebook-style social media, etc.) all can interact with a full set of features. For social media platforms that don't support threaded conversations, we just do "best effort" accepting the fact that their users will have a degraded experience because their software doesn't support the same features.
So, I would recommend that we create some method of backfilling a thread from the authoritative source (using a pull mechanism), and we advertise that this functionality is available via webfinger and as part of the meta data of the posts themselves. Platforms that don't know what that is will ignore it. Platforms that know what that is will use it.
ActivityPub seems to be a push only protocol, so we may need to make our own mini-pull protocol for this purpose. You can look at the Zot protocol that is part of Hubzilla as an example. I think the Nomad protocol that is part of Streams also does the same thing. Not sure about Friendica. But there is working code that already pulls the entire thread. -
scott@authorship.studioreplied to thisismissem@hachyderm.io on last edited by@Emelia @julian
I don't think there really will be a duplicate content issue. Typically, copies of posts are delivered to people's private inbox, not reposted publicly on other websites. Unless someone is operating a relay or reposting other people's posts, all of the copies of the post that are sent over ActivityPub should be private. -
scott@authorship.studioreplied to crazycells@community.nodebb.org on last edited by@crazycells Search engines would not see them. ActivityPub basically serves as a notification mechanism, except it delivers the entire post to the follower's private inbox and they can reply back without visiting the forum. Forum posts and comments do not get republished publicly.
-
stevebate@socialhub.activitypub.rocksreplied to scott@authorship.studio on last edited byscott:
Search engines would not see them.
This doesn't seem to be true.
The content of Julian's post at https://socialhub.activitypub.rocks/t/hi-julian-i-wonder-how-search-engines-and-seo-will/4135/12?u=stevebate is indexed with both socialhub and nodebb URLs.
Google SERP screenshot:
-
silverpill@mitra.socialreplied to julian@community.nodebb.org on last edited by
@julian The URL of this topic is https://community.nodebb.org/topic/17867/pre-alpha-activitypub-related-bug-reports
When I make a request with AP Accept header, the server responds with aCollection
. Technically, this is not wrong, but I think most people would expect a top-level post (Note / Article) when making such request -
julian@community.nodebb.orgreplied to silverpill@mitra.social on last edited by
@silverpill@mitra.social you're the first person to have noticed!
It's by design, but of course, can β and maybe should β change. It's part of @trwnh@mastodon.social's FEP-7888 and its concept of a resolvable collection.
Mapping the topic URL to the top post (or perhaps a redirect to it) would ensure compatibility with Mastodon, but I am unsure of whether that is the best path forward.
-
trwnh@mastodon.socialreplied to julian@community.nodebb.org on last edited by
@julian @silverpill why would anyone expect a Note/Article when fetching the URL for an entire thread/topic?
-
thisismissem@hachyderm.ioreplied to trwnh@mastodon.social on last edited by
@trwnh @julian @silverpill I'd only expect a Note/Article when explicitly requesting the first post in a thread/topic, not when fetching the topic itself
-
julian@community.nodebb.orgreplied to thisismissem@hachyderm.io on last edited by
@thisismissem@hachyderm.io @trwnh@mastodon.social that was my thought as well, and why NodeBB currently responds as it does.
Ideally it could be both an Article and a Collection, but now we're really committing to incompatibility there lol
-
thisismissem@hachyderm.ioreplied to julian@community.nodebb.org on last edited by
@julian @trwnh @silverpill I mean... theoretically ActivityPub allows for multi-typed objects due to json-ld
But will anyone understand that correctly? No idea.
-
trwnh@mastodon.socialreplied to thisismissem@hachyderm.io on last edited by
@thisismissem @julian @silverpill you could generate a document that is both an Article and a Collection but i'm gonna go out on a limb and say that this is probably *not* what you want. it's a thread. a thread is a Collection of posts. it's already "ideal" to represent it as a Collection and not an Article.
i suspect the source of confusion is that most other projects don't have threads/topics, they have reply trees which they show below the "top level" post. The URL there is for the post.
-
silverpill@mitra.socialreplied to trwnh@mastodon.social on last edited by
@trwnh @julian Because it is not clear how client should display this collection. Searching for URL is a common UI pattern: user expects to see a post or a profile as a result (this is not unique to Mastodon).
Server can attempt to fetch the first item in a collection, but NodeBB's FEP-7888 collection doesn't identify itself as a "thread". It has "OrderedCollectionPage" type and properties that many other collections also have
-
julian@community.nodebb.orgreplied to silverpill@mitra.social on last edited by
@silverpill@mitra.social said:
NodeBB's FEP-7888 collection doesn't identify itself as a "thread".
That's because I am not aware of a clear way to signal that my collection is a thread.
Lemmy uses
as:Page
, which is far too generic of an object type to signal as a thread. Mastodon doesn't even have an external concept of a conversation (oStatus conversation notwithstanding) -
silverpill@mitra.socialreplied to silverpill@mitra.social on last edited by
@julian Another report: when NodeBB generates an
Announce(Create)
activity, the ID ofAnnounce
has wrong origin. Here's an example:{ "@context": "https://www.w3.org/ns/activitystreams", "actor": "https://community.nodebb.org/category/30", "id": "https://mitra.social/objects/01920059-5b7c-203f-fc4e-285ec442c032#activity/announce/1726582718443", "object": ... "type": "Announce" }
ID indicates that activity has originated on my server, but this is not possible
-
trwnh@mastodon.socialreplied to silverpill@mitra.social on last edited by
@silverpill @julian Searching for the URL should give you what that URL represents. If you want the post, search for the URL of the post specifically.
-
trwnh@mastodon.socialreplied to julian@community.nodebb.org on last edited by
@julian @silverpill We could define a dedicated type for Thread or Conversation or whatever you want to call "a Collection that contains only "post" objects", but it would still be a Collection as well. I think this was something I was considering for a FEP that I ended up never really writing because it felt unnecessary and also very premature. The general idea is to define some way to know what a Collection "contains" -- is it a Conversation or a MediaAlbum or whatever. The problem is taxonomy
-
trwnh@mastodon.socialreplied to trwnh@mastodon.social on last edited by
@julian @silverpill Really we need to take a step back and first define what a "post" object is. I'm tentatively leaning toward "any object that has content", but I'm sure there are plenty of edge cases I haven't accounted for that will pop up when thinking more deeply about the issue.
-
evan@cosocial.careplied to trwnh@mastodon.social on last edited by
@trwnh @julian @silverpill Content types? Note, Article, Image, Video, Audio, Document? That should cover most Web content collections.
If you want to add an extension (Listicle, say) you could multi-type with the most appropriate Activity Vocabulary content type (`type`: ['buzz:Listicle', 'as:Article']`).
-
evan@cosocial.careplied to evan@cosocial.ca on last edited by