Ugggggghhhhhh. Whhyyyyyy.
-
Ugggggghhhhhh. Whhyyyyyy.
I know I've ranted about this before, but still, looking at it tonight and just… why.
-
For those who are playing at home, two questions across a few examples should illustrate the frustration:
Q1. What should happen?
Q2. What do you think _would_ happen with implementations today?Scenarios.
S1. Replying to two separate posts.
S2. Replying to itself.
S3. Providing a Link object reference.
S4. Providing a Link*
S5. Providing an Actor.
S6. Providing an Activity.What actually happens isn't a mystery but it isn't pretty: https://funfedi.dev/support_tables/generated/in_reply_to/
-
@[email protected] just waiting for someone to totally abuse this by shoving all previous replies in the chain into
inReplyToAfter all, the protocol doesn't forbid it, no? Haha
-
@julian I'm wondering how much processing systems naïvely do to understand the result here.
If I provide a link to a 10 MB object do you have safeties in place?
Does it traverse? If so that has lots of exciting edge cases.
If it refers into a loop will it catch that?
etc.
-
@[email protected] Actually, this gets me thinking...
This might simultaneously amuse and/or horrify you, from an SRE perspective, but a "chaos monkey" type ActivityPub implementor that randomly shuffles through all possible permutations of data structures for any given object... would be good for the ecosystem.
Short term pain!!!
-
@julian brb, implementing something that builds arbitrary B-tree structures of ActivityPub objects for Reasons
-
@[email protected] there was some talk about it awhile back which summarized reply chain traversal as essentially being decently reliable but exploitable (infinite loops, etc.)
So chain traversal should have a hard cap for that reason, but ForumWG is also looking into recommending an alternative — resolvable
contextcollections, in order to achieve backfill in a more performant manner.The same security implications apply, however, so that's something that ought to be discussed as well.
