cover photo

Mike Macgirvin

mike@macgirvin.com

Mario Vavti
  
I wonder what is the difference between a post and a card,
Mike Macgirvin
  
It doesn't federate, but it does allow interaction - (or at least it will tomorrow). So it's more of a workspace than a soapbox and more groupware than social net. And it's a feature so if you don't see any use for it, you can just leave it turned off.
Mike Macgirvin
  
Mostly of the important/critical bits are working now and I'm starting to amass a modest collection of project cards.
Mike Macgirvin
 High Range, Australia 
Imagine something like this with decentralised access control.

Sandstorm

Image/photo

Real-time collaborative web productivity suite behind the firewall.
Mario Vavti
  
You never heard of https://hubzilla.org did you?
Mike Macgirvin
 High Range, Australia 
Now I won't be able to drive without a smartphone. I don't bloody want a smartphone. They don't bloody work under metal roofs, unlike this antique Nokia clamshell which works anywhere.

NSW to be the first state to trial digital drivers' licences

Image/photo

The NSW Government is pushing ahead with plans to become the first state with digital drivers' licences.
Marshall Sutherland
  
Got a growing cell phone lobby going on there?
Mike Macgirvin
  
Not sure about that - but the government is highly interested in keeping up with the Joneses re: global surveillance. So anything they can do which lets them track and analyse people better is usually rubber stamped without question.
Marshall Sutherland
  
I just can't imagine how someone could abuse a GPS-enabled driver's license....
Mike Macgirvin
 High Range, Australia 
I will be bringing Zot nomadic identity to ActivityPub - just as I brought it to Diaspora and OStatus (you probably didn't know that). Other systems/platforms can choose to ignore it (as they currently do), but everything they require to process and deal with nomadic identity will be there for them to consume if they ever wish to join us in the 21st century.
Mike Macgirvin
  
They are very different - although I already implemented support for diaspora account migrations a month or two ago. That is an account "move". Ours is a "copy". But it's a first step. Move is easy. Copy is a lot harder.

Diaspora still doesn't provide an import of the data - which hopefully will happen this year or next. Ironically we've supported import of Diaspora account data files for a few years now - but it's probably broken as of the current 0.7 release since some of the data structures changed.
King Emir#
  
@Mike Macgirvin I'm really interested in the move of a diaspora account to hubzilla. how do I do this?
Mike Macgirvin
  
Just load their export file into our channel import page. We were not able to import content until the most recent Diaspora release because the only content that was in the files was your own posts with no comments or likes; and your own comments didn't have a GUID so we couldn't correlate them to real world posts. This has now been fixed in Diaspora so the tool needs to be modified to import the content now that it is supplied; and verify that the existing data formats haven't changed.

Anyway what is currently imported is the channel information, the profile, and all the connections. (The most important thing with migrating your data is keeping your identity and friends). It sends out a new friend request to everybody in the connection list, because that's the only way this could be done previously.  With the new Diaspora code we should be able to send an account_migration message and the connections should be transferred automatically.  I haven't yet worked on this because the pod I use as a test site hasn't yet upgraded, and I'm currently working on 26 other projects.
Mike Macgirvin
 High Range, Australia 
Accidentally left a tap on this morning whilst filling the water trough for the horses - and went off to work. 22,000 litres of water - gone. Ouch. #raindance
phellmes
  
Damn... but I hope the horses like their new swimming pool.
elmussol
  
As someone who carts a lot of water, I felt pain just reading that. I would be still crying now I think.
Mike Macgirvin
 High Range, Australia 
Cool. Hubzilla (and red)'s "profile things" map directly to ActivityPub. So "Bob likes Amy's beard" or "Amy likes Bob's shoes" translates directly into something in that network without requiring any special namespace or hacks. I was worried about that one. Now I'm down to the really unusual ones like the poke variants and mood variations and file activities. But I'll see what I can do..
Andrew Manning
  
I'm not totally surprised by that. Haven't you deliberately tried to adhere where possible to existing standards for a long time? Perhaps the surprise is that ActivityPub didn't completely reinvent the wheel? I remember asking you about ActivityStreams stuff a while back.

Practically speaking, I wouldn't hassle much over the poke and mood stuff, given that it seems very few people use those features. At the same time, I suspect you often include those kinds of things more as a proof of technical principle and as an example to developers who wish to implement something similar. Almost everything I've wanted to do in Hubzilla over the years already had an example somewhere waiting in the sprawling codebase.
arnaudj
 
arnaudj favourited a status by mike@macgirvin.com
Mike Macgirvin
 High Range, Australia 
So there's now the website blockadblock.com - dedicated to busting through adblockers.

[business opportunity]
I notice there is currently no registration for blockblockadblock.com.
maiyannah
 from Qvitter
@mike Since they use javascript it's pretty easy to get around their prevention method.
Mike Macgirvin
 High Range, Australia 
So now I've got HTTP Signatures (draft-cavage-http-signatures-07) working in ActivityPub. The bigger question is how to enforce them. I think the right thing to do is just indicate signing success or failure as we already do in Hubzilla but not actually block an unsigned (or even a failed signature) activity. That might be a config option, but we'll leave it turned off by default since it's anti-federation (and one of my bigger gripes about Diaspora).  

We should also probably block or indicate posts that are unsigned after receiving any successfully signed post since we then know they are capable of signing it - so if they suddenly don't it's likely to be a forgery.

Anyway, there are a few posts today that indicate Mastodon is pretty much ready to go with ActivityPub. So are we. I've tried to reply and work out some interop testing but I think I'm blocked pretty widely on that network and the messages have been lost in space.
Mike Macgirvin
  
For anybody who wants to mess with this - first make sure you're on current dev and stay current

If you're connecting to a channel that is multi-protocol capable, and you want to connect with that channel using a specific protocol; you can connect using the syntax

[protocol]web.address

Valid protocols are determined by what plugins you have installed, but can be one of 'zot', 'diaspora', 'ostatus', 'activitypub', or 'feed'.

ActivityPub does not use webfinger so you'll usually be connecting with the URL of the person's profile page. For Hubzilla channels it would be https://macgirvin.com/channel/nickname

Basic posts and comments are currently working. Most things that don't work in Diaspora won't work in ActivityPub either. There may be privacy and security issues until the dust settles, so if you're worried about this, please wait for an official release.
maiyannah
 from Qvitter
@mike Still think it's pretty stupid of AP not to use webfinger.
Mike Macgirvin
  
This was never about federation and compatibility, it has always been about control and monopolisation of the protocol space to discourage innovation and competition.

And that's why we're taking it back.
Mike Macgirvin
 High Range, Australia 
Seeing a teeny bit of blue haze in the Blue Mountains. Spring is definitely on its way, though we're still likely to get a few more frosts and "cold winds from hell".
Mike Macgirvin
 High Range, Australia 
loadaverage.org is back. It's only been down/migrating for what, a month (?)  or thereabouts.

Nomadic identity folks. It's not just a good idea. It's a bloody great idea.
Mike Macgirvin
 High Range, Australia last edited: Fri, 11 Aug 2017 13:19:40 +1000  
ActivityPub:
[master 8647648] pubcrawl: friending, approvals, posting and comments now working

[edit: also likes]
Mike Macgirvin
  
That's basic communication folks. Now we can move on to the fun stuff.
Mike Macgirvin
  
Image/photo
Mike Macgirvin
  
A lot of folks have rightly questioned why I'm so hot and cold on ActivityPub. It's horribly flawed. I mean absolutely miserably flawed. BUT - it's also designed as a walled garden, and I'm watching certain players who divided other free communities turn their attention and their divisive ways in that direction with an intent to dominate and divide like they've done elsewhere. I'm drawing a line in the sand. I smashed Diaspora's walls. I fully intend to do the same here. ActivityPub will be free and open to all. It will federate with other technologies. I might lose this battle, but I'm standing up for what's right and refusing to accept a W3C mandated walled garden.
Mike Macgirvin
 High Range, Australia 
First off, grabbed a #homebrew. Been one of those days. Pulled out the old resonator and changed the strings.

Image/photo

Was in the mood for some South American folk songs. And by "South American" I mean Mississippi and the Bayou country. Not to be confused with Andean folk songs (which require a different guitar). First up "I'll Fly away", a delta prison song. Then a rousing little boogie I wrote called "Stankie Sadie". May the blues be with you all.
Mike Macgirvin
 High Range, Australia 
There are a few more things that need to be sorted, and it ain't much; but we've got liftoff.  

Image/photo
Mike Macgirvin
 High Range, Australia 
HTTP Signatures are pretty much under control now. Friending works. Outbox collection is fetchable. Posting sort of works.

Moving forward....

HTTP/1.1 200 OK
Date: Wed, 09 Aug 2017 03:25:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Digest: SHA-256=8P+aLfepyDnYe5URaJhw1L4AQG2VyGwuJtmlKa4QVxY=
Signature: keyId="https://macgirvin.com/channel/hubzilla", algorithm="rsa-sha256", headers="content-type digest", signature="PnxYkZvAzj93ptZiS90zVUyBoFIyqwsGpJ6DCUCCLwkXDlmhkeo+YhZxscBvdg3RFYsapCCY8ePc+piOt1B+dzyxU++BqadD0GlmiCixZ7OmTJDktYkxygDJI+DTKZ812PIw4r4W7D1syelCLQJSM9i0knpR1quECYvBsV3OZDxtgEG9xVLhCajRgC1yedSlDO9NxCsVPtp0zuctSpgO8fTC6Tl4AuNPc9j86cc/iErE/mdjbe49Qww6HeCLlzSmJ8D9aLXxtm81UD+8OvdSeCmk1Bcq/mlsM8u08hOvbYI3CFZaw6s9uop1yL4BR9L20s3iSfUubc986nULB6GNykCvg/msUZ8BsODxIfsYarWGABMpNYCea6JhBzE5hp135iGAguqXnVdINozytlXSS4E9taKpIE2K8k/r3S8qGV/nyb+6+/oBvhxh6V9vHBdPBOZ/IHRD1Ep22Ze9OtV9d5JGTnmFalTgUV/yyLLwVRH18I5icWH9L20EAFm5+Ox5+okje72QBX2y9hF/1cDipewhH1mRB4UcMJkdrV1xV8weG+Wu0/0484DnqcbmbqlY5weCwLS7Fs0t8dLb9QkJDCLR3rGSTNuIC5bRmbbkwy8SWTwYop8PMZLDQruefEMvqOaHr52eqKrwMV6iVrcjFHweFMe5shfhPxqNKxYroaE="
Set-Cookie: PHPSESSID=YouWish; path=/; secure; HttpOnly
Transfer-Encoding: chunked
Content-Type: application/ld+json; profile="https://www.w3.org/ns/activitystreams"
Raymond Monret
  
Speaking of an agenda!
Mike Macgirvin
 High Range, Australia 
Something about Twitter style interactions turns most everybody on those networks into an Aunt Dorothy. You know - the one that can't stop talking for two seconds even though she has absolutely nothing to say. Luckily we've got connection filters and the affinity tool.
Carolus Rex
  
This.
Sean Tilley
  
I find myself torn between the two formats. On the one hand, microblogging seems to encourage saying whatever is on your mind, and the engagement of it increases the frequency of messages sent back and forth. Mastodon has been super fun to use for exactly that reason. When you say something particularly funny or insightful, the engagement feels like an endorphin rush as people reshare or respond to whatever you said. Unfortunately, this behavior can lead to some really toxic dynamics, and rampant pseudo-intellectual post-ironic hipster spiels.

Contrasting against "the fediverse" (OStatusWeb) the Federation is generally more pleasant. People explain themselves a little more effectively, and the emphasis seems to lean more towards conversation, rather than "spontaneuous feverish communication". Long-form content takes longer to write, there's more to articulate, and different conventions for formatting might be used.
Mike Macgirvin
 High Range, Australia 
We're off to see the blizzard...
At least this time it isn't yet another 'lizard of oz'.

'The Blizzard of Oz': It's a winter wonderland at Aussie snowfields

Image/photo

Australia's powder hounds rejoice after a weekend deluge of the white stuff — dubbed the Blizzard of Oz — creates a winter wonderland at Australia's snowfields.
Maria Karlsen
  
Image/photo
Mike Macgirvin
 High Range, Australia 
A couple of things became obvious trying to bolt http signatures onto activitypub.

1. The key_id pretty much has to be the actor URL
2. You can't proxy, relay, or forward anything that is signed. The best you can do is forward a pointer and let the destination fetch the original itself.

So it will work but you're going to suffer a performance hit on relayed activities. Magic-envelopes would be a much better way of doing this since you can package a magic-envelope (the signed data and signature) inside something else (like an activity). Linked Data Signatures could also do this, but as of today, cross platform LDS is vapourware; and likely to continue to be so for at least the next 1-3 years.
Mike Macgirvin
  
More specifically the actor URL of the *sender*, who may be a completely different entity than the actor who created the activity. And that's why #2 .
Mike Macgirvin
  
Anyway my current thinking (which could change tomorrow) is to support HTTPSig because that's likely to have general support - even though it's an inferior technology for this purpose. I'll also support salmon sigs for those who want better performance and have a distribution model based on relaying comments. Then we'll wait and see which way the wind blows but at least have something useful and functional while we sit around and blow soap bubbles and wait for LDS to be a thing.
Mike Macgirvin
 High Range, Australia 
I should have ActivityPub connecting/following working both directions now; or pretty close to it. Another day or three and we may be ready to start passing some text messages back and forth.

I'm reminded of the film "The Day After" back in the 80s -
This is Lawrence... is there anybody out there? Anybody at all ...