NodeBB-ActivityPub Bridge Test Instance

@julian Yes, IDs should be unique:>All Objects in [ActivityStreams] should have unique global identifiers. ActivityPub extends this requirement; all objects distributed by the ActivityPub protocol MUST have unique global identifiers, unless they are intentionally transient-- https://www.w3.org/TR/activitypub/#obj-id

test reply from another account

@trwnh@socialhub.activitypub.rocks said in Handling "410 Gone" when retrieving an actor: You could do what Reddit does and just leave the posts up but pointing to a tombstone user. If you've ever seen a post attributed to [deleted] then you know what I'm talking about. Yes, this makes sense. It's coming into clearer focus why account and content deletions are so noisy in ActivityPub, since each deletion of a user's content needs to be federated before the account can be deleted. In absence of anything more explicit (like your aforementioned DeleteAllCreatedObjects), that's all we have to explicitly signal full account and content deletion. I think we'll go ahead with that. NodeBB already does display something like [deleted] (we show "A Former User"), and we also save the old user id as a reference in case it needs to be cleaned up. That'll work, thank you for your input a!

@julian that's a good point. I feel it'd mostly be better for integration with Lemmy/Kbin type systems that mimic forums.

@julian to clarify: this is mostly about "canonical" identifiers vs. aliases. there is generally one canonical identifier for the conversation collection, and this is what should be used as the value of `context`. this could get a bit complicated but there are potential ways to coordinate replication between equivalent conversation collections, probably involving mutual following/follower relationship, plus some indicator of aliases like `alsoKnownAs` or some other extension property.

Of course you have a wiki page for this already! Why am I not surprised. Yes, that follow-accept has state synchronization responsibilities means that some additional specification would be nice, though as long as everybody tends to conform to the same behaviour I suppose thats less urgent. I still don't like that the current UX is "follow is in a pending state", but short of additional specification re: error handling, there's not much to do here. At any rate it seems I am now correctly following @weekinfediverse@mitra.social so I suppose maybe my server was slow at processing the accept.

julian: If the activity is the thing being forwarded, then an additional complication could arise in that I cannot simply re-sign the activity, as my instance key does not belong to the originating actor. this is indeed an issue that arises due to the following: ActivityPub does not specify any authentication/verification mechanism HTTP Signatures, which the current fediverse uses, are not replayable or relayable. If you're concluding that this makes inbox forwarding impossible with HTTP Signatures, then congratulations, you understand why LD Signatures ended up being used for this (and why FEP-8b32 proposes using Data Integrity Proofs at the LD level as well). It's either that, or find a way to replay entire HTTP messages (so that the HTTP Signature can be validated against the original HTTP interaction). Or otherwise rethink the fundamentals of the fediverse's entire security model.

@ariadne@social.treehouse.systems right. I think functionally I'll never encounter a Delete, check the origin, and find that the note hasn't actually been deleted, but stranger things have happened!

Technical stuff ahead ... This is merely exposing the frontend UI to the already established backend logic. We have two methods internally that are used for this: Notes.assert, which when given a object url or id, parses it and attempts to resolve the parent chain all the way to the top-level post. It then creates a topic to house all of those posts. Actors.assert, which when given an object url, id, or handle, creates a local representation of the user. How come "query"/etc. didn't show up? For both user and post searching, if the passed-in url does not resolve or does not resolve to a processable object, then we do not proceed. It's important to realize that while in an ideal world, we'd all be passing immutable identifiers everywhere, the real world is just a bit messier. Search queries could be a post or user URL, or a webfinger handle, so additional logic was required to handle those use cases. Most ActivityPub-enabled software I've encountered handle these vanity URLs when queried via ActivityPub — it returns the appropriate representation for processing. Some do not, and so in those cases, those items will not show up in the search results.

@evan@cosocial.ca @tedu@honk.tedunangst.com, @oplik0 and I took a closer look today and found the one place where IDs were not sent with Announce activities. Let me know if you find any other oddities