@Fabio Comuni This summer (starting around July) I can start working on the Bulgarian translations.

@Fabio thanks :)

@hauke https://www.transifex.net/projects/p/friendica/

@Michael Vogel Did you see the latest enhancements for public servers? @In The Git...

Also, I notice you are using Diabook. Things are much faster if you switch the Twitter, map and community profile boxes off. As the admin, you can disable them by default.

Beyond that, there's probably plenty of scope for what you're aiming at. But I wanted to make sure you're up to date on the improvements that are already possible for larger servers.

Well, I found some typos in German language pack, so how can I change and upload fixes for review?

Mike is now friends with Michael Vogel

At the moment I'm trying to get some people for the perfomance stuff.

The slow performance is something I really want to change. I only can't do that in the next 2 weeks since I will be away on a business trip from monday on.

Really great to read that post @Mike . It's good to see all the things that have to go on in order to make this all work. I like the invited/needed involvement of the people. It truly is becoming a community project and has grown in leaps and bounds even just since I've jumped on board! Very wonderful!

Sounds like a lot of heavy lifting...wow.

We've got a library in library/langdet which recognises 50-60 languages.

That's what we have at the moment. One would need to run this on posts that are imported or created here and it needs a column in the item table to store the results (an array of probabilities).

Then we would need a member setting to store what languages we are OK seeing, and something added to the network search to provide an ability to filter others out of the conversation (or translate them).

Currently translation is an issue. Google is no longer possible, bing is but could expose your conversations to monitoring, and the best open source translator I've found doesn't support German - which might not bother you, but affects most other Friendica folks since we have a large number of German members with unreadable (to me) conversations. I think German was in beta (unsupported) in that project - but I'll have to dig it up again. Perhaps the situation has improved.

If my expectations are the same as the idea behind it, the "post language detector" sounds to be a feature I was always wondering why does there not exist such a function.
I don't know if I have enough knowledge to work on this part and free time is also not so much, but I would be interested.
Let me know how far it is and where I could find the relevant code and I will take a look on this. But first I need to finish the libravatar addon still.

GnuPG is one (AFAIK the only) implementation of OpenPGP, so ISTM that there should be the equivalent of Apache 2.0/MIT licensing there somewhere. Most likely, wherever PGP Corp posted its OpenPGP release info.

but not sure why it needs to be whirlpooled

Because you might move to a different URL and not wish to be associated or trackable by the former one. All we really need is a unique identifier - which is difficult in a decentralised system. So DNS gives us something unique that we can hash to an id, but after that you're considered a nomad.

Yes, we need to handle revocation. Revocation at the same time as relocation is a problem which will require human intervention; but as long as they are kept separate, we could get mobility.

GnuPG has issues with permissive licensing and the web of trust works best with a certain degree of centralisation in key publishing. I'm not ruling it out, but I'm not sure it's a good fit for what we're doing.

@Paco Men Zarbien I put some photos up last night...

Well, Rasquera is burning, 2000ha was burned yesterday and the fire still uncontrolled.

i agree with URL being the GID, but not sure why it needs to be whirlpooled, can the callback URL be the same?
might want to look at GnuPG, the requests can be signed and responses verified and there is a good keyring mechanism which i don't believe is implemented in SSH. i think what you describe requires that the server have knowledge of the public key, and what happens in a security breach - is there a revocation mechanism?
pgp - it's possible that 'user jay' can send a request (and get a response) providing only the keyid of a publicly posted key, ie, in a directory. just a thought.

So I'm looking through the literature on remote authentication protocols for Red/Zot - because openid is a freaking monstrosity and total overkill for what we're trying to do. Don't get me started on oauth, which is great for protecting proprietary APIs but like making sausage, some things should not be seen in public.

Anyway I end up looking at SSH - concise, proven in the field, and it doesn't have any ambitions of being the "one and only authentication protocol for the corporate owned internet". It's simple, secure, and it just works. 

You know something? Change a couple of variables, and gosh darn - at the lower layers it's indistinguishable from DFRN; which I came up with on my own.

So maybe instead of trying to get rid of DFRN, we should be embracing it.

We do have to get rid of our hardwired URL dependence, though. So I'm thinking we take http://example/com/uid/23 , whirlpool it and turn that into our global ID.

So to initiate a conversation we send

global ID,
pubkey,
callback URL

then go through a little DFRN/SSH handshake. If you hold onto your global ID and private key wherever you go - you can be anywhere on the web, even multiple locations. Just tell us your callback URL. We can prove who you are with the other two pieces of information.

I'm using mod_gnutls on Ubuntu Server 10.04 LTS right now. It probably depends on what you are doing, but when I first set up the server itself, there was an awful struggle to get mod_ssl to work correctly with a self-signed multi-domain certificate. This was one of those times when the Linode Library was not helpful.

After several days of "working the duck," I came across a couple sites with mod_gnutls instructions. Within minutes, it was doing what I wanted.

I looked at mod_gnutls briefly when it got mentioned here a little while ago.

I'm not any longer a programmer, and have not been since 1985, but it sounds to me much too good to be true. They're supposedly offering a lot more capability with a much smaller footprint while not using OpenSSL.

Maybe they are. I'd like to feel like there's been some widespread adoption so I know this really works first.

@Arto I don't know. I never used mod_gnutls, I only wanted to tell foonetix that with current Debian, the newer Apache with mod_ssl is available.

@zottel Are there advantages in running mod_gnutls over mod_ssl?

I am not going to insist on anything because you're right on the practical aspects (besides the fact that I haven't coded anything on Friendica).

Small (and last) note though, on my personal website I have enabled Gravatar avatars in a way that doesn't make visitors connect directly to Gravatar, it doesn't store remote content locally either, it's a bit of curl/sessions that behaves like a proxy. I find it good for multiple reasons, one being that the user doesn't have to trust various unknown websites and their certificates and all that goes with it as well as other privacy and censorship related concerns. I think it works a bit like the Friendica plugin, privacy image cache.
I am not even sure this would be very efficient on the server's resources.

Regardless, I am not asking you (@Mike to make anything "this way" or "that way", so please don't take my comments the wrong way. I think the practical aspect you are concerned with is indeed very important if you want to scale up and I respect that. So voila, that's it from me on this SSL business in regards to La Red. I'll still test it and probably deploy it, talk about it, etc etc and such.. :].

@zottel @olivier

Ah, then I just need to update to a newer version of the distro. I already planned to do this, so now I'll just go ahead.

This shouldn't be a problem anymore, @foonetic : Debian Squeeze has Apache 2.2.16, whose mod_ssl deals perfectly with SNI.

@foonetic (lnxwalt) I'm running Debian, stable only, and it features Apache 2.2.16, and name-based vhosts with mod_ssl do work. This is Debian Squeeze, though, not Lenny.

Hopefully, Debian (and by extension Ubuntu) will have updated some of their software by that time.

Their current Apache is 2.2.8, which does not support ssl-enabled name-based vhosts with mod_ssl. (mod_gnutls is said to work.)

i'm viewing it similarly, la red and friendica. "different strokes for different folks", and even different tools for different jobs, for the same person/people.

it's like using a screwdriver to bang in a nail. you can do it, but it works better with a hammer.

I'm trying to think #lared as www.blogger.com (for the bloggers). If I like it and want more than what it offers I'll have to host myself a wordpress or even a complete cms like joomla or drupal (friendica proper). Today we have the "more" (the joomla equivalent) that is Friendica. But, with current scalability problems, it's impossible to have something like www.blogger.com.

@Mike is that the idea?

I will be on my Friendica (proper). Yes... www.blogger.com options around were not enough for me (I want joomla!!!).

So, "la red" for me personally is a "downgrade". But, I would be glad to host a "la red" node !!! Yes, of course.
I didn't invited lots of people or made my friendica server public just because I would not have the conditions to maintain it if it grows!!! So, if I had "la red" today it would be surely open (and advertised).

Centralization is like salt on diet. It's bad when it's too much salt. But no salt at all is bad also. We cannot make confusion with "overcentralization" and things like hosting a single church or school on a node.

So, be welcome "la red". (Just don't let Friendica die).

@Friendica Developers

We've got a lot of development activities that could use some attention, regardless of future direction planning. Many of these already have had some initial development and mostly need somebody to finish them off.

"localize_item" - update with group join and profile update activities. The latter will be difficult to translate, but both need zrl support and perhaps magic-auth links added

Revamp "account remove" to send unfriend/delete-me activities to everybody possible (including global directory unpublish), while deferring actual removal for one day. But remove all content and mark profile as defunct.

Provide a "blog" page type which allows moderated comments.

Finish off "mail2" contacts. They will need to verify their address, and agree to make their communications with you public.

Statusnet (plugin) import/follow all contacts.

Spam filter

Event RSVP

mobile theme (there are several initiatives working on aspects of this)

"polls"


global directory theming/translation (repository will be made available shortly).

Friend "closeness" filter/zoom of stream

xmpp friends (not chat) w/ offline storage/queuing,

Split off tags/mentions/fileas/category from item table and put in a "taxonomy" or term table - while preserving current functionality.

We've got a "post language detector" component. Those that want automatic language filtering may wish to work on integrating this.


Performance tuning.


Import Wordpress comment feeds, attached to Wordpress contacts


Then there's the R&D work on the next generation server aka Zot2/Red, including a revised application archicture, openid, the protocol framework, account forwarding and DNS abstraction.


If you wish to take on any of these activities, just raise your hand - and I'll try and fill you in on where we've taken feature 'x' so far and where to find the relevant code and how we initially envisioned it working.

Abinoam Jr tagged Mike's status with #friendica_red

Top user complaints for Friendica - Diaspora doesn't work, Facebook's API is buggy.

Top admin complaint for Friendica - the CA system is FUBAR.

I think it's great that the only things we've got left to complain about are things that are beyond Friendica's control.

But we can have an ideological network that makes everybody cross, and nobody uses, or we can have a network that pragmatically uses things like CA SSL (and Facebook, Twitter, Diaspora, etc in the case of standard Friendica), which people will actually use.

Here's the deal - if we were as big as Facebook (or even within a couple of orders of magnitude), we could insist that the certificate infrastructure be fixed - and it would probably happen. Until such time as it is fixed, we will have to do one of

• copy all remote content (including images/attachments/media) to our own system or
  
• view the content on your own system using links to the remote content
  

The first one doesn't scale as you'll require infinite hard disk. The second one will fail because people will quickly get fed up with dismissing 30 warnings every time they open their network page.

If one of you that are so amandant about using self-signed certificates wants to figure out how to make them secure and keep the browser from issuing warnings (and also fix the CA system), go for it. I'm behind you all the way. I don't see this happening any time soon.

From a project perspective, we're going with option 2 so as not to exhaust hard disk any faster than we do already, and so that we can best control access to our photo/media/etc at the source. Assuming that option 2 is the goal, we can either

• require valid certs
  
• annoy everybody with popups
  
• split the network into people who are OK being annoyed and people that aren't
  

Have I missed anything?

@Woop: Friendica Days happen. So who knows when the next one will be?

I don't think La Red is meant for that kind of thing - you'd use Friendica, which will probably always have more features anyway.

A valid, non-self-signed SSL cert (e.g. StartSSL) being an absolute requirement for La Red would instantly kill off any chances of success for low-cost to no-cost home hosting, though. I just found out the hard way that StartSSL class 1 certificates do not work with dynamic DNS subdomains (or subdomains at all), they only work with second-level domains that you own yourself. So you either have to pay for your own second-level domain (or even webspace, regardless of any server-like device already running at your place, the preferred device to host distributed social networks on), or you have to pay even more for an SSL cert for a subdomain. But you cannot host La Red on, say, a NAS or a plug server connected to the 'Net via dynamic DNS.

@Mike: and have a glass of Friendica Beer tonight! :D

probably... and therefore irrelevant to us except by accident.

Congrats to all.

@Woop, this is the post from @Mike which started the idea. So who knows how often it may be...

We could always piggy back off other days.

International Towel Day (hurry up, you've only got ten days - but smiley_pack really needs a towel smiley if you're stuck for an idea), and Sys Admin Appreciation Day would be good candidates.

Okay, so... how is a friendica day settled? If it is not annual....

@Keith Fernie That's about the limit of my own Antarctic ambitions. The Alps more or less stop a few miles earlier in Como - and so, if I have my way, do I.

For Friendica Day I have started setting a new public server at http://geek.tf

.tf is the Internet country code top-level domain for the French Southern and Antarctic Lands

Registration will soon be open to all, including non-Antarcticans.
The server is located in Milan, Italy.

Next YEAR? I hope the next one will be in a few months' time...

@Woop Yes indeed, take a look at the stuff on @Friendica Day ...

So it is some kind of #friendicaday today? May 15 it is? i gotta take that date into my calendar and recall it next year then... ;)

: ]

@Mike You too mate: for you for me