NodeBB-ActivityPub Bridge Test Instance

@julian Yes, IDs should be unique:>All Objects in [ActivityStreams] should have unique global identifiers. ActivityPub extends this requirement; all objects distributed by the ActivityPub protocol MUST have unique global identifiers, unless they are intentionally transient-- https://www.w3.org/TR/activitypub/#obj-id

@trwnh@socialhub.activitypub.rocks said in Handling "410 Gone" when retrieving an actor: You could do what Reddit does and just leave the posts up but pointing to a tombstone user. If you've ever seen a post attributed to [deleted] then you know what I'm talking about. Yes, this makes sense. It's coming into clearer focus why account and content deletions are so noisy in ActivityPub, since each deletion of a user's content needs to be federated before the account can be deleted. In absence of anything more explicit (like your aforementioned DeleteAllCreatedObjects), that's all we have to explicitly signal full account and content deletion. I think we'll go ahead with that. NodeBB already does display something like [deleted] (we show "A Former User"), and we also save the old user id as a reference in case it needs to be cleaned up. That'll work, thank you for your input a!

@BeAware@social.beaware.live The other part of it is... unlike Mastodon, we're not looking for NodeBB to become the app to use to interact with the fediverse. It's certainly something I want out of my use of NodeBB, but what forums are great for are cultivating niche communities based on shared interest. If I'm able to preserve that aspect all while allowing remote content to also interact with the forum, then it's win-win.

Of course you have a wiki page for this already! Why am I not surprised. Yes, that follow-accept has state synchronization responsibilities means that some additional specification would be nice, though as long as everybody tends to conform to the same behaviour I suppose thats less urgent. I still don't like that the current UX is "follow is in a pending state", but short of additional specification re: error handling, there's not much to do here. At any rate it seems I am now correctly following @weekinfediverse@mitra.social so I suppose maybe my server was slow at processing the accept.

julian: If the activity is the thing being forwarded, then an additional complication could arise in that I cannot simply re-sign the activity, as my instance key does not belong to the originating actor. this is indeed an issue that arises due to the following: ActivityPub does not specify any authentication/verification mechanism HTTP Signatures, which the current fediverse uses, are not replayable or relayable. If you're concluding that this makes inbox forwarding impossible with HTTP Signatures, then congratulations, you understand why LD Signatures ended up being used for this (and why FEP-8b32 proposes using Data Integrity Proofs at the LD level as well). It's either that, or find a way to replay entire HTTP messages (so that the HTTP Signature can be validated against the original HTTP interaction). Or otherwise rethink the fundamentals of the fediverse's entire security model.

It's not a NodeBB in particular but it's worth mentioning another mismatch: Misskey and forks will also delete replies when a post is deleted.

Technical stuff ahead ... This is merely exposing the frontend UI to the already established backend logic. We have two methods internally that are used for this: Notes.assert, which when given a object url or id, parses it and attempts to resolve the parent chain all the way to the top-level post. It then creates a topic to house all of those posts. Actors.assert, which when given an object url, id, or handle, creates a local representation of the user. How come "query"/etc. didn't show up? For both user and post searching, if the passed-in url does not resolve or does not resolve to a processable object, then we do not proceed. It's important to realize that while in an ideal world, we'd all be passing immutable identifiers everywhere, the real world is just a bit messier. Search queries could be a post or user URL, or a webfinger handle, so additional logic was required to handle those use cases. Most ActivityPub-enabled software I've encountered handle these vanity URLs when queried via ActivityPub — it returns the appropriate representation for processing. Some do not, and so in those cases, those items will not show up in the search results.

@julian to clarify: this is mostly about "canonical" identifiers vs. aliases. there is generally one canonical identifier for the conversation collection, and this is what should be used as the value of `context`. this could get a bit complicated but there are potential ways to coordinate replication between equivalent conversation collections, probably involving mutual following/follower relationship, plus some indicator of aliases like `alsoKnownAs` or some other extension property.

@julian Ooo good point about adding the ? back on.If you're interested in a non-regex solution, here's what I have - https://codeberg.org/rimu/pyfedi/src/branch/main/app/utils.py#L247

@pfefferle@mastodon.social it was actually because of @ in actor IDs - the codepath for choosing a webfinger lookup over just accepting the URL as the ID only checked for its presence, and the code for webfinger lookups was only meant to run for the acct: protocol. So yeah, not WP fault at all, just a combination of a bug and missing feature Now both should be fixed.

Hi @kariboka @julian @evan @silverpill,I read page, not host. Please refrain from idiosyncratic or obsolete legacy.