With respect to #ActivityPub
-
@benpate @puppygirlhornypost2 @sebinthestars @hrefna @jenniferplusplus @lily
One of my pet peeves: Guarantee that the the "fetch"-based sequence of activities is the same as the "POST"-based sequence. In other words, guarantee that if I missed receiving a POST, I can recover by browsing the outbox.
-
@benpate @puppygirlhornypost2 @sebinthestars @hrefna @jenniferplusplus @lily
1. Remote server interactions need a solution that is invisible to user
2. Account migration to other servers needing to be standardized beyond just Mastodon’s technique
3. Reply moderation needed - including hide reply to all
4. Simple solutions for Auto backfill of missing replies, old follow counts, etc -
@benpate
Here's one
Why can i see that you have two replies but i can't see those replies? -
@CassandraVert Yep, great example. I think this is called something like "phantom replies" or "dropped replies"
And, I think the "Threaded Discussions Working Group" is working on something for this, but (as always) support may be spotty.
I've read several replies from people saying versions of "this is just because of the nature of 'Federation', so deal with it" but no other self-respecting social network would allow this behavior.
We're building ONE system, not many interconnected systems.
-
@tchambers @puppygirlhornypost2 @sebinthestars @hrefna @jenniferplusplus @lily
Thank you, and yes. Excellent issues to fix.
I'll add these to my list, with some placeholders for "Proposed Solutions"
--
I can't stand when people sit on the sidelines and gripe about my work, but don't propose any way out of the problem, so I'm determined to not do this here.I have plenty to gripe about, but feel like we should at least say what we'd do about it -- even if nobody else is listening
-
@benpate @puppygirlhornypost2 @hrefna @jenniferplusplus @lily
(Long reply follows, possibly breaking your client implementation?)
- Lack of reference implementation. A spec without a reference implementation or usable test suite hands control of the spec to the largest implementer.
- Lack of easy extensibility. A successor needs a clearly documented capability for extensions.
- Lack of opinion on implementation. This is a controversial one, but leads to implementations that are spec-conformant but not interoperable. The spec should provide a baseline set of operations that may/must be implemented upon receiving a message, with a set of expected responses.
- Feature discoverability. When your protocol allows for wildly different implementations, feature discovery is essential to allow interoperability. This allows servers to negotiate for the largest implemented subset of features instead of defensively assuming the smallest.
- Trust at the server level. A server verifies actors it owns, no individual certs. The verification mechanism must be baked into the spec and not left to implementers.
- Batching.
- Doesn't utulise HTTP effectively. ActivityPub mandates HTTPS as a transport protocol but does not mandate use of HTTP features such as response codes. This is a must-fix for operational scaling.
- Client API. C2S is almost impossible to implement. A replacement should be an optional, lightweight, minimum-surface REST API. -
@benpate @puppygirlhornypost2 @sebinthestars @hrefna @jenniferplusplus @lily A pretty solid list on https://github.com/mastodon/mastodon/issues?q=is%3Aissue%20state%3Aopen%20sort%3Areactions-%2B1-desc ! (It’s the mastodon issue list, sorted by upvotes)
Most of my personal biggest pain points are covered in that first two pages of issues.
-
@sebinthestars @puppygirlhornypost2 @hrefna @jenniferplusplus @lily
These are all great issues to address. I may have some specific follow up questions when I get back to my desk.
-
@Brendanjones @puppygirlhornypost2 @sebinthestars @hrefna @jenniferplusplus @lily
Thank you! There’s some great ideas in this post, and they’re already nicely documented.
I’ll sift through it to find the issues that seem addressable, and add them into the document I’m making.
When I get it posted, could you double check my work to make sure I’ve captured everything correctly?
-
LitePub was mostly a rejection of LD-signatures and started with an outspoken Pleroma developer. The spec itself was basically an incomplete rant that contained very little specification. By reading it, you had no idea what it actually did or how.
Which is OK, we've all rejected LD-signatures now and we've got an alternative (object proofs built on elliptic curve cryptography and a fairly simple data normaliser). The only thing you need to be careful with are floats (used by location-aware ActivityPub services). A few of the normalisers have issues with these. -
@mikedev Thank you for the history lesson! The LitePub website has just enough information in it to let me pour all of my hopes and dreams into it, with no pesky details to burst the illusion
-
-
@hrefna we would be very happy to join such a working group
-
@hrefna we'd like to propose just making a coalition of the willing without any overarching organization, and then having meetings and longform discussions in the way that a standards body does
-
@jenniferplusplus @hrefna Yes to this.
If we *have* to break compatibility, fine, let’s go. But hopefully we can provided a smooth migration path so we’re not rebuilding the whole network from scratch.
The existing AP network (flaws and all) is incredibly valuable -- especially for microscopic projects like mine because it solves the “empty party” problem. If I can connect into an existing network, my app is instantly more valuable.
-
smallcircles (Humanity Now 🕊)replied to Irenes (many) last edited by
Just FYI. Elsewhere on the thread I mentioned that I can facilitate such working group, under umbrella of Social Coding movement, but otherwise retaining full independence to set own course.
smallcircles (Humanity Now 🕊) (@[email protected])
@[email protected] @[email protected] @[email protected] @[email protected] @[email protected] @[email protected] Many points have been brought up in the course of the year and discussed in a variety of different contexts. Trouble is that all of that is now fragmented and dispersed. Ideally we should exchange ideas and insights in a more central location. SocialHub may be too AP-themed for this. I can offer forum space at https://discuss.coding.social and a dev portal at https://fedi.foundation and also Hedgedoc, Codeberg org, Matrix space.
social.coop (social.coop)
Even if only to discuss things upfront to explore the opportunities, it can be very useful to use the forum and maybe other tools available.
-
Hey #Fedidevs -- I've tried to collect the areas where we could improve #ActivityPub and #Fediverse development, including as many points from this thread as I could find. Take a look and tell me how close I am to the mark?
This is me begging for feedback, so don't be shy, but do be kind
@puppygirlhornypost2 @sebinthestars @hrefna @jenniferplusplus @lily
-
I’ve listed seven core topics:
1. Strict mode
2. Rich Interactions in the Inbox
3. ActivityPub Intents
4. HTTP signatures
5. Reply Collections
6. Account Portability
7. Client APII think we could make mostly-backward-compatible changes in these area, and go a long way towards turning the Fediverse into a single, cohesive ecosystem.
@puppygirlhornypost2 @sebinthestars @hrefna @jenniferplusplus @lily
-
@benpate @puppygirlhornypost2 @jenniferplusplus @hrefna @sebinthestars i think you summarised a lot of the big pain points of activitypub pretty well, but i do want to mention that i don't think lookup validation is a good replacement for http signatures, because if we were to solely rely on it as a verification method, it could be abused by malicious instances to make the network ddos a certain instance (or any website for that matter, but that is already happening and doesn't seem to have a lot of impact on static sites) which could be bad for smaller instances running on low-spec hardware
other than a couple typos here and there i think your summary is pretty good overall though -
@lily @puppygirlhornypost2 @jenniferplusplus @hrefna @sebinthestars
Yeah, I’ve gone back and forth on “lookup validation” and I’m happy to be corrected.
It seems to me that it doesn’t open up any additional attack vectors that don’t already exist, but it does drastically reduce the overhead required to send/receive messages.
Low-spec servers may need to improve their caching tools, but I think it’s probably a net win for efficiency.
(And sorry for the typos)
