Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

NodeBB

trwnh@mastodon.socialT

trwnh@mastodon.social

@trwnh@mastodon.social
Unfollow Follow
About
Posts
125
Topics
8
Shares
0
Groups
0
Followers
0
Following
0

View Original

Posts

Recent Best Controversial

  • FEP-f228: Backfilling conversations has been updated:https://codeberg.org/fediverse/fep/pulls/853
    trwnh@mastodon.socialT trwnh@mastodon.social

    @silverpill @mike

    > What's important is that "post" is not an activity.

    I don't see why this is important. In my view activities are posts. If Mastodon et al disagree, that's not my problem.

    Also, the context can be anything. I don't see why a 2nd "contextHistory" property is necessary, nor am I entirely clear what it's supposed to mean semantically...

    Technical Discussion fedidev fep fepf228

  • Something missing from 'followers' and 'following' collections.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @steve @reiver it could also be resolved in AS2 itself by fixing the Relationship type and/or by making Link no longer disjoint, but we'll see what happens in the coming months i guess...

    Technical Discussion activitypub activitystreams fedidev

  • Something missing from 'followers' and 'following' collections.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @steve @reiver sadly as:published is defined for Object, not Link. since they're currently disjoint this won't be valid. i think a Relationship is the next closest thing, but that has its own open issues right now...

    Technical Discussion activitypub activitystreams fedidev

  • Something missing from 'followers' and 'following' collections.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @reiver I guess thinking about it a bit more, the reason it can't really be Follow or Accept Follow activities on its own is that any future Reject Follow may or may not exist without your knowledge. So there needs to be an entity separate from the activities to act as a sort of "record" of the current state inherent to a resource rather than a "record" of the state change inherent to some action.

    Technical Discussion activitypub activitystreams fedidev

  • Something missing from 'followers' and 'following' collections.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @smallcircles @reiver Sadly the as:Relationship concept is underdefined and underutilized (and arguably duplicative of as:Link).

    I don't think Follow makes *everything* into a microblog, though. By default, the Follow does nothing, actually. Even when you Accept Follow, it just adds them to the followers collection. You have to address and deliver to the followers collection for it to mean anything. You are free to address or deliver to arbitrary audiences that *don't* include your followers.

    Technical Discussion activitypub activitystreams fedidev

  • Something missing from 'followers' and 'following' collections.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @reiver Having an explicit notion of a "follower relationship" or a "subscription" is useful for other reasons, too -- like, say, being able to specify which activities one is interested in receiving. Or the datetime of last successful delivery, so that inactive followers can be marked inactive instead of destroying the follow relationship entirely.

    Technical Discussion activitypub activitystreams fedidev

  • Something missing from 'followers' and 'following' collections.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @reiver FWIW, I actually think that a collection of subscriptions / "follower relationships" is needed for other reasons! Mainly, to help with desync issues in follower state that plague the fediverse today in practice. (I know in a lot of cases people are interested in knowing directly "who is a follower" and not indirectly via "which follower relationships exist", but the former is currently broken and the latter would fix those issues.)

    Technical Discussion activitypub activitystreams fedidev

  • Something missing from 'followers' and 'following' collections.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @reiver This is claiming the actors themselves were published at the given datetime, which is probably not what you want.

    I think what you want is a collection of actual follower/following relationships, or possibly a collection of Follow activities, or possibly a collection of subscription records. Those can have a "published" datetime and be understood correctly as when the relation was created (instead of when the actor was created).

    Technical Discussion activitypub activitystreams fedidev

  • Question re: Origin Based Security Model (FEP-fe34)
    trwnh@mastodon.socialT trwnh@mastodon.social

    @julian @thisismissem @technical-discussion Note that a community's attributedTo doesn't work for anything outside of communities, but a moderator can be declared for any object.

    Right now, attributedTo.inbox is the last option to send your moderation activities. There are probably more relevant options to try first. The work is to identify those options and make them consistently discoverable. See "Delegated control" here: https://github.com/swicg/activitypub-trust-and-safety/issues/24#issuecomment-4365331657

    Technical Discussion activitypub security fe34 fep

  • Question re: Origin Based Security Model (FEP-fe34)
    trwnh@mastodon.socialT trwnh@mastodon.social

    @Profpatsch @julian i've been doing some trust and safety TF work to explore/develop a bidirectional link between actors and moderators/hosts, yeah. mostly in the context of "where to send moderation related activities" (so you don't Flag a user to themselves if there's a better option), but also could be used for authorizing Update/Delete activities.

    alternatively, the problem would not be there if service actors messaged each other for more explicit syndication...

    Technical Discussion activitypub security fe34 fep

  • Question re: Origin Based Security Model (FEP-fe34)
    trwnh@mastodon.socialT trwnh@mastodon.social

    @julian oh dear, these couple of mentions seem not to have made it across. do i need to also mention @technical-discussion too?

    Technical Discussion activitypub security fe34 fep

  • Question re: Origin Based Security Model (FEP-fe34)
    trwnh@mastodon.socialT trwnh@mastodon.social

    @julian Really, taking "same origin" to its logical conclusion would mean that every actor MUST have their own origin and therefore their own FQDN. It doesn't make sense for origins hosting user-generated content unless the UGC is very tightly controlled and sanitized. And even that's not a guarantee of safety.

    Technical Discussion activitypub security fe34 fep

  • Question re: Origin Based Security Model (FEP-fe34)
    trwnh@mastodon.socialT trwnh@mastodon.social

    @julian The sending server might not have boundaries to enforce. Especially not along "same origin" lines. This requires agreement on what the authorization model is.

    Say for example everyone gets a subdirectory that they "own" -- /~alice/ and /~bob/ have their spaces on the same origin. One authorization model is "anything within this container is authorized". If you don't recognize this, you can't detect that alice and bob have a boundary between them.

    Technical Discussion activitypub security fe34 fep

  • Question re: Origin Based Security Model (FEP-fe34)
    trwnh@mastodon.socialT trwnh@mastodon.social

    @julian You're making a very strong assumption that the remote server is necessarily checking for things it might not actually be checking for.

    Neither the "instance" model nor the "same origin" model are enshrined in ActivityPub. This technically falls under "undefined behavior", because AP doesn't define an authorization model. (It suggests ("may") same origin, but that's about it. A lot of things are "at the receiving server's discretion".)

    Technical Discussion activitypub security fe34 fep

  • ActivityPub being treated as JSON is a good thing.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @smallcircles @nik @reiver JSON vs JSON-LD is a red herring tbh. The real question is, "do you recognize that other people might do things differently"? If you do, then you recognize that conflicts may arise, and you can try to resolve the conflict. But if you don't recognize even the *possibility* of a conflict, then it's painful for everyone involved.

    General Discussion activitypub fedidev

  • With ActivityPub / ActivityStreams...
    trwnh@mastodon.socialT trwnh@mastodon.social

    @reiver i think the disjunction between Object and Link was actually unnecessary. https://github.com/w3c/activitystreams/issues/666

    i also think there's too much emphasis on types when there really shouldn't be -- it's the *properties* that you end up using almost all of the time. pretty much the only types that actually matter are the Activity types (because you can't infer those).

    General Discussion activitypub activitystreams fedidev fediverse

  • @evan @darius what about switching to YAML for #ActivityPub 2.0
    trwnh@mastodon.socialT trwnh@mastodon.social

    @darius @pfefferle @evan i'm guessing that's a Norway

    General Discussion activitypub fediverse socialwebwg

  • "how to not regret c2s"w.on-t.work/activitypub/c2smy opinions about how activitypub c2s ought to be implemented, probably with way too much snark for anyone to take it seriously.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @kopper nah it's good shit. i've been meaning to compile all my thoughts on the subject but you basically did it for me with this piece 👍

    General Discussion activitypub fedidevs

  • There's now a proper rendered web interface for FEPs at `https://fediverse.codeberg.page/fep/fep/*/`, which is much nicer to read than the raw Markdown source on Codeberg.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @hongminhee @silverpill ah, wait, i remember now -- the issue is that Codeberg Pages doesn't set CORS headers at all, which means javascript jsonld parsers like the one on the playground won't work.

    although per https://codeberg.org/git-pages/git-pages#:~:text=CORS it seems that a _headers file might allow manually enabling CORS for the site?

    General Discussion fep fedidev fediverse activitypub

  • There's now a proper rendered web interface for FEPs at `https://fediverse.codeberg.page/fep/fep/*/`, which is much nicer to read than the raw Markdown source on Codeberg.
    trwnh@mastodon.socialT trwnh@mastodon.social

    @hongminhee @silverpill i intend to review my submitted feps soon-ish to do some spring housekeeping, and this is definitely one of the things i want to test. iirc last i checked there were some issues with how codeberg's pages-server handled headers, but the new git-pages server seems to handle them correctly now? which is a good sign

    General Discussion fep fedidev fediverse activitypub
  • Login

  • Don't have an account? Register

  • Login or register to search.
Powered by NodeBB Contributors
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups