cover photo

Mike Macgirvin

Mike Macgirvin
 High Range, Australia 
It appears the voices of rational thinking are getting drowned out in the federated social web. Most folks here aren't seeing it because they're in the Hubzilla filter bubble. It's all about privacy. Mastodon is trying to implement it on top of OStatus (good luck with that). Hubzilla has been lambasted for even trying to provide privacy that isn't 100% perfect against state sponsored actors or rogue admins.

I'm tired of arguing with everybody so I won't. I'm going to talk about flying. If you get in an airplane, there's a chance you could crash. You could get shot down by rogue government agents, your pilot could go rogue, sometimes there are just accidents.

What do you do about this?

1) Outlaw flight.
2) Only allow folks to pilot themselves. This doesn't eliminate risk, but might help minimise damage and death. If you're not a pilot it actually increases the risk.
3) acknowledge that air flight presents risks and do your best to manage the risks.

It seems that most technologists when confronted with this same situation in regards to privacy choose #1 - outlaw it. A small handful believe #2 is the best solution. They won't even consider #3. Now think about what would happen if these same people were in charge of air flight.

Thank you for your time.
Mike Macgirvin
 High Range, Australia 
“Man suffers only because he takes seriously what the gods made for fun.”
― Alan W. Watts
Mike Macgirvin
 High Range, Australia 
I'll hush up my mug if you fill up my jug with that good ol' Mountain Dew.

Alexandre Hannud Abdo
:smile: :musical_score: :guitar:
Einer von Vielen
Mike Macgirvin
 High Range, Australia 
So now the US is using planning to use Australia as its land base for the coming showdown with North Korea. If you want to be known as a great country and hurl nukes at each other, at least be man enough to launch them from your own damn country. Using Australia as a human shield is really chicken shit.
Adam Robertson
Sorry, our president needs to raise his approval rating. You just happen to be handy.
Mike Macgirvin
He's welcome to go to the pub with me and listen to folks brag about stabbing seppos (yanks).
Mike Macgirvin
 High Range, Australia 

Christopher Allan Webber @cwebber

@maiyannah @bob Right.  Here's the impression I'm getting; let's see if we agree:

a) email-like "encrypted over ssl, addressed privately to the user but technically readable by the admins" is useful, as long as users are aware of that

b) but we'd like to support end to end encryption where the admin *doesn't* know your contents, but how to make that user friendly is a challenging (but worthwhile) space to explore.

Sound about right?

Encrypted content

Advisory Privacy

Mike Macgirvin
 High Range, Australia 
As long as I'm in a ranting mood, I'd like to mention Advisory Privacy, because it's something other projects love to throw in my face. Advisory Privacy basically means that every message contains the recipients or scope for that message, and if it's private and it's not addressed to you, you're not supposed to look at it - even if it arrives at your server.

The obvious question arises, "But if there's nothing actually preventing you from looking at it, it isn't really private - is it? You can just ignore the advisory."

Quite true.

A very vocal opponent of everything Hubzilla on another project recently wrote a scathing blog post on advisory privacy (right after we had an online dispute about something else - coincidence? I think not.) Anyway he rightly said that this mode was an atrocity and insecure and their project would never allow such a thing because they take pride in your security (while passing around hidden metadata in a way that exposes the metadata they're hiding and using encryption that's basically plaintext to any hacker and protecting private photos with random strings that can easily be seen by fuskers - but I digress). That's not the point. The point is that Hubzilla does have this mode available - we just don't use it. You can only trigger if you set your permissions to 'custom/expert mode' and only applies to exactly one of the 20 categories you can manually set limits for in expert mode. We actually don't use it even there to send private posts, but only to set a limit to how public things should be. Now I'm fine with people using insecure privacy if they are 'experts' and choose to do so. I'm not going to question their right to do whatever they want. But the fact is that unless you choose this expert mode, there's no way you're going to ever use advisory privacy, and our documentation strongly discourages it.

Anyway, here's the irony... advisory privacy is the de facto privacy mode for activitypub which several projects are being asked/bullied to adopt. It is also the new privacy mode under development at mastodon. There are no other mechanisms under consideration.
Haakon Meland Eriksen (Parlementum)
  last edited: Sat, 15 Apr 2017 19:58:42 +1000  
How many dimensions do we use to describe a privacy setting now? Four? Something like this - Scope/Context-Permission/Capability-Role-Person? It should be possible to compare and contrast our privacy settings with other solutions. I borrowed a bit from Moodle to high-light similar concepts like our Scope and their Context. However, these are not the same dimensions, there are just four(?) of them, e.g. Context in Moodle is tied to the surface area you have access to, either Portal-Category-Course-Activity while our Scope is tied to person, i.e. Only you-etc-to-Anybody on the Internet.

Edit: :facepalm . I see now Asset/Object/Thing/Context are the same, i.e. what you have access to.
Mike Macgirvin
 High Range, Australia 
Sorry for all the typos tonight, I'm on a tablet. Anyway it just dawned on me that an anniversary passed a few days ago. I traded city life and the stars and stripes for country life and the southern cross. Traded a culture of fear for a culture of mates and beers. It's been ten years.
We passed ten years in Catalunya a couple of months ago. Though country life is a struggle, I'm not trading it either.
Raymond Monret
You forgot to mention all the wild and lethal animals without which life in Australia wouldn't really be life in Australia!
Mike Macgirvin
The lethal animals keep you on your toes and prevent you from ever becoming complacent. It's a good thing to not become complacent.
However needs some training in spliff building if you ask me.
Seth Martin
Ya, that's way too loose, it's gonna run.
How to Federate the Social Web

Mike Macgirvin
 High Range, Australia 
So there are two web communication services and you want to federate them. Great. You're probably thinking "Let's just all use the same protocol." Easy.

You couldn't be further from the truth. Let me give you an example of what it takes and some of the things you need to consider and problems you *must* resolve to federate two different web communication systems.

We'll start with identity. Who are you communicating with? How do you find them? How do you connect with them? But let's step back to the top. What is an identity anyway?

Does the service use webfinger addresses?

Does it use URLs?

Can an identity be used on two different servers simultaneously?

Can an identity move? How?

Let's say it uses webfinger addresses. What characters are allowed in a username? What if these aren't all supported on your service? Or what if you allow more characters than are allowed on the other service? What do you do?

Are there length restrictions on the username? What are they? How do you resolve differences?

Does the service use "old webfinger" (host XRD) or "new webfinger" or something else?

Is everything you need to communicate with the person available in webfinger? (Highly unlikely.)

What other files or resource do you need to check to find all the information you need to communicate with them? How many of these resources do you need to check before you have enough information to continue?

Does the service allow http only or self-signed certs or any certs which are not "browser valid"? (This affects images and embedded content appearing in remote streams, as many browsers will either not display it or pop up a warning, or in some cases hundreds of warnings if your service is decentralised. It also affects whether you need to fall back to http if an https request fails, potentially doubling the number of lookup requests).

Does the service support privacy? What do you do if it doesn't and a member on your service tries to send a private message to them?

Does the service support private photos? How are these accessed? Are they fetched through an authenticated channel, or embedded? If they are embedded, what are the size restrictions on a message? Can the private photo fit in that size? Will it even be recognised? If authenticated, how do you authenticate exactly? Does this require a popup login box in the middle of your social stream? What if there are more than one of these in your stream? What if there are hundreds? What login do you use? Your own? Or some other login on a different system?

Does the system support private mail (DM)? Does this work from other services? What do you do if it doesn't?

Hashtags. Can they be one word or multiple words? If multiple, how does the service decide where the hashtag ends? Are there length restrictions? Character case restrictions? Character set restrictions? How do you resolve the differences? Are the hashtags linked on the outbound site or on the inbound site? (The latter tends to lead to large centralised servers because small sites are starved of hashtag content.)

Mentions. Same questions as hashtags. Can you mention a person with a webfinger address? What do you do if somebody in a private conversation mentions somebody not included in the conversation? Does this change the privacy?

What is the markup format used? Are there any hacks you need to add to this particular service to support their markup format?

What are the length limits of a post? (This was mentioned earlier w/r/t embedding photos, but now we're just talking about text.) How do you resolve differences in length limits? Are these discoverable? How exactly?

Is there a way to flag a post as adult or inappropriate?

Does the service provide groups/forums? How are these addressed? Can they be mentioned? How? Can they be private? How?

Does the service allow "wall-to-wall" posts? If not, are they able to recognise wall-to-wall posts created on another service or are the posts all incorrectly attributed to the same author?

Does the system support events? Are they timezone aware? Are these iCal enabled? If not, how do you convert iCal information so that it is not lost in federation?

Do they support emojis and/or emoticons? How are these designated? If emoticons are they converted on the sender or receiver side?

Can you retract a private mail message? How?

Can you retract a post? How?

Does the service support editing of posts? How?

Can you "expire" a post/comment? How?

Do comments to your posts require some service specific metadata such as signed XML fields in order for you to federate them to the other service? What if the comment author was on a system which does not federate with the other system and has no concept of requiring signed XML fields? What do you do?

Does the service support 'dislike'?

Does the service support likes of comments?

Tags in comments?

Mentions in comments? What happens to these?

Sub-comments? To what level? How do you collapse them if you service doesn't support the same number of levels?

Does the service support "apps"? What if it doesn't and the post only contains a single embedded app with no text? Do you send it?

Does the service provide a directory?

Can you request friendship/connection/follow from the profile page if non-authenticated? How?

Embedded content - what services are supported? Which are not supported? Can you embed a map? How? Is there a blacklist/whitelist? How do you know in advance if your embed will actually make it "intact" or not?


I came up with this list in under ten minutes based on real-world experience implementing federation between systems. I'm sure I could go for several more pages and still only scratch the surface of compatibility. So if you wish to provide service federation between two providers, these are all questions you need to ask and find answers for. "Just use Activitypub" or "Just use OStatus" isn't going to fix or answer any of these real-world examples.
I was going to ask how long it took you to come up with this list. Wow.
Mike Macgirvin
I could go on for days, but at some point it would get nauseating to read. Probably crossed that line for some people already.
I confess to scanning after about half-way through.
Mike Macgirvin
 High Range, Australia 

Bet you never saw this one coming...

Barry Manilow reveals he is gay


Singer says he has been in a relationship with his manager since 1978, but kept it from fans for fear of disappointing them
Mike Macgirvin
 High Range, Australia 
For all of you conspiracy theorists out there...

Adolf Hitler Part 01 of 04


hitweb1.pdf — PDF document, 8,400 kB (8,601,655 bytes) - Administrative Policy Procedures - Anti-War - Bureau Personnel - Civil Rights - Counterterrorism - Foreign Counterintelligence- Frequently Requested - Fugitives - Gangs Extremist Groups - Gangster Era - Miscellaneous - Organizations - Organized Crime - Political Figures Events -...
Mike Macgirvin
Snopes calls it false, but it's still an interesting read and I find their rebuttal to be lacking a bit of their typical due diligence.
Mike Macgirvin
 High Range, Australia 
I reckon this should be an Australian Tourism poster.

Snake eats crocodile in a midnight feast with teeth


Two men driving across a Kimberley river crossing late at night find a large snake eating a crocodile.
In the Wind
Oh.. boy
Mike Macgirvin
 High Range, Australia 
Please delete my post from last night (March 31st) if it remains on your server for some reason. Whether or not you wish to ignore it is your own choice.
  last edited: Wed, 29 Mar 2017 21:52:02 +1100  
I like it a lot!
What does the blue lines above the new posts mean? Some are thin, some are thick?

ok, thin line: new in the last 12h
thick line: Headline in the last 12h. But it's blue font on blue background :-)
Mario Vavti
But it's blue font on blue background

That should already be fixed in git. Might try a git pull and hard refresh...
That should already be fixed in git. Might try a git pull and hard refresh...

yepp, fixed after fresh git pull.
Mike Macgirvin
 High Range, Australia last edited: Tue, 28 Mar 2017 19:12:33 +1100  
Watching on the telly as some idiot in queensland decides that a category 4 cyclone and 260 kph winds making landfall is the perfect weather to pull out the longboard and go surfing..

Mike Macgirvin
 High Range, Australia 
If you don't like what you're doing, then don't do it.
-- Ray Bradbury
Dr. Tony B. Katz
makes sense to me.
Mike Macgirvin
 High Range, Australia 
God sent me on earth. He send me to do something, and nobody can stop me. If God want to stop me, then I stop. Man never can.
-- Bob Marley
Mike Macgirvin
 High Range, Australia 
Found this scrap of paper with a bunch of stuff scribbled on it.

What kind of stuff?

Well this is actually my first attempt to define zot and specifically how nomadic identity would work at the protocol level. It's now some five years later and we're doing it pretty much exactly like I scribbled way back then. Ignore the math. That was something else scribbled over the top of the zot definition. I'm hoping that longhand calculation wasn't very critical because it's uhm wrong.