cover photo

Mike Macgirvin

mike@macgirvin.com

Mike Macgirvin
 High Range, Australia 
Celebrating El Día de la Batalla de Puebla; which will arrive in Puebla in about 45 minutes.
Mike Macgirvin
 High Range, Australia 
Sometimes everything will be going along nicely - and suddenly something in the news is there to remind of you of the short and tormented life of Jacques the fish

Bombay Sapphire gin recalled amid high-alcohol scare

Image/photo

Thousands of bottles of gin containing almost double the volume of alcohol listed on the label are recalled in Canada.
Mike Macgirvin
 High Range, Australia 
Some random thoughts on federation....

1. If federation was simply a matter of two groups of people using the same protocol (essentially a 'language') to communicate, the United States of America would still be part of the British Commonwealth. Language isn't the issue. Different groups of humans have both cultural and idealogical differences and haven't yet learned how to co-exist at a fundamental level - in fact over the last few years increased globalisation has resulted in even more fragmentation and wall building - if not violence and war. Expecting different cultures to co-exist by forcing the same language on everybody was attempted with disastrous results in both the US and Australia.  Expecting them not to carry these cultural and idealogical biases with them into the online world is a bit naive.  

2. I have a new solution to the paradox caused when you try to have both cross-platform federation and nomadic identity. Instead of trying to make nomadic identity look like it works cross-platform, I now think the ideal solution is to simply acknowledge that it doesn't and bake that into the code.

So if you're on one clone and you've got 12 connections and four of them are Diaspora and four of them are GNU-Social, you'll have 12 connections. If you go to another clone, you'll have 4 zot connections. The others will still be in your connection list but will be displayed under a new tab called (something like) "Unreachable from this site". They won't appear as mail recipients or be included in ACL selections. You won't get their posts or comments - even if your primary site that is connected to them is running. In order to make this work I'll have to actually remove code that tries to make it appear that nomadic identity and federation work together - because it doesn't. I tried to provide an "illusion" that it works but that's all it is - an illusion. We need to clearly delineate that it does not work and this is not a flaw of our platform. In order for federation to work, both parties need to make it work. You can't do it alone. Some changes need to happen on one side, some need to happen on the other.  Or it won't work.

3. The same philosophy applies to magic auth. When you create a protected resource using the ACL selector, you will only see connections which can authenticate to your server. You can still add foreign principals to privacy groups but it will have no effect for non-message resources (in the case of Diaspora or ActivityPub connections), and will not have any effect at all for GNU-Social connections. If they want to authenticate to zot resources, they'll have to learn how to authenticate to zot resources - then we'll add them back into the ACLs.

I think that's the only sane way out of this conflict.
Sean Tilley
 
I wish everything would adopt MagicAuth. It seriously fixes a piece of the UX puzzle, and it means that you don't have to federate absolutely everything.
Mike Macgirvin
 High Range, Australia 
{"access_token":"3944cc376002b483632e2310fe7da39475170bf8","expires_in":3600,"token_type":"Bearer","scope":null}

yay
Mike Macgirvin
  
That's an OAuth2/OpenIDConnect server (running under zot) providing an access token.
Sean Tilley
  
Wow! :D
Mike Macgirvin
 High Range, Australia 
And nobody is concerned that 300km above the planet's surface the temperature can suddenly jump to 3000 degrees C without any apparent warning or cause?

Alberta skywatchers document rare celestial phenomena — they call it 'Steve'

Image/photo

Meet Steve. He's tall, colourful and photogenic, and
up until recently, he'd been relatively anonymous.
Tobias
  
geez
Mike Macgirvin
 High Range, Australia 
Now we just need somebody to revive the Pistos fork and we'll have a whole army of zombie social network projects. Folks, many of these old projects were abandoned not because nobody liked them, but because the underlying platforms and architectures had major, major flaws and needed to be ripped apart and re-written basically from scratch (which is exactly what was done - the irreparably flawed architectures were discarded because they were - well "irreparably flawed"). Eventually all the zombie project maintainers and their "users" are going to have to come to terms with that.

Best of luck.
Adam Robertson
  
Interestingly, it was Thomas who persauded me to ditch Friendica and try RedMatrix. I am sad he did not continue with the project, as he was quite the advocate for a long time, and a colorful character...but then again, he offended people on a fairly regular basis. I think he enjoyed doing that.

I am talking like he has passed on. I keep forgetting I could just install that stupid Diaspora add-on and re-connect.
Einer von Vielen
  
@adam , Thomas seems to have an account on Friendika.
Adam Robertson
  
@Einer von Vielen   I thought that was where he was at..but I think I need the Diaspora plugin to access Friendica users?
Mike Macgirvin
 High Range, Australia 
Full client-side E2EE is now provided in red as a core functionality, though there's still a shortage of client-side scripts to do the actual encryption/decryption and submit the posts/mail; but that's all moving forward and will come in due course. This should eventually find its way to hubzilla and silence some of the privacy luddites. It's kind of like the built-in (JS) E2EE except that in this case Hubzilla isn't involved at all in the crypto - that's completely up to you. You'll just get a button to download the post/mail and what you do with it from there and whether you can decrypt it or not  is up to you and the other conversants. red/hubzilla would only be protecting the post and its associated meta-data in transit; which gives it a slight leg up on PGP/GPG over ESMTP which leaks metadata (sender/recipients) in plaintext. Haven't looked closely at encrypted XMPP but I highly suspect it also leaks envelope information - it's part of the protocol. In this case the metadata can only be inferred by using statistical traffic analysis of the servers involved in the communication and at best it would only be an educated guess (if both servers held a number of channels). Since you could post these things publicly and only those with matching tools can read them, even that becomes a rabbit hole.

If you can think of a flaw in this scenario (besides hitting the author over the head with a $5 wrench), feel free to bring it up for consideration.
Mike Macgirvin
 High Range, Australia 
It appears the voices of rational thinking are getting drowned out in the federated social web. Most folks here aren't seeing it because they're in the Hubzilla filter bubble. It's all about privacy. Mastodon is trying to implement it on top of OStatus (good luck with that). Hubzilla has been lambasted for even trying to provide privacy that isn't 100% perfect against state sponsored actors or rogue admins.

I'm tired of arguing with everybody so I won't. I'm going to talk about flying. If you get in an airplane, there's a chance you could crash. You could get shot down by rogue government agents, your pilot could go rogue, sometimes there are just accidents.

What do you do about this?

1) Outlaw flight.
2) Only allow folks to pilot themselves. This doesn't eliminate risk, but might help minimise damage and death. If you're not a pilot it actually increases the risk.
3) acknowledge that air flight presents risks and do your best to manage the risks.

It seems that most technologists when confronted with this same situation in regards to privacy choose #1 - outlaw it. A small handful believe #2 is the best solution. They won't even consider #3. Now think about what would happen if these same people were in charge of air flight.

Thank you for your time.
Mike Macgirvin
 High Range, Australia 
“Man suffers only because he takes seriously what the gods made for fun.”
― Alan W. Watts
Mike Macgirvin
 High Range, Australia 
I'll hush up my mug if you fill up my jug with that good ol' Mountain Dew.

Image/photo
Alexandre Hannud Abdo
  
:smile: :musical_score: :guitar:
Einer von Vielen
  
Image/photo
Mike Macgirvin
 High Range, Australia 
So now the US is using planning to use Australia as its land base for the coming showdown with North Korea. If you want to be known as a great country and hurl nukes at each other, at least be man enough to launch them from your own damn country. Using Australia as a human shield is really chicken shit.
Adam Robertson
  
Sorry, our president needs to raise his approval rating. You just happen to be handy.
Mike Macgirvin
  
He's welcome to go to the pub with me and listen to folks brag about stabbing seppos (yanks).
Mike Macgirvin
 High Range, Australia 

Christopher Allan Webber @cwebber

@maiyannah @bob Right.  Here's the impression I'm getting; let's see if we agree:

a) email-like "encrypted over ssl, addressed privately to the user but technically readable by the admins" is useful, as long as users are aware of that

b) but we'd like to support end to end encryption where the admin *doesn't* know your contents, but how to make that user friendly is a challenging (but worthwhile) space to explore.

Sound about right?



Encrypted content

Advisory Privacy

Mike Macgirvin
 High Range, Australia 
As long as I'm in a ranting mood, I'd like to mention Advisory Privacy, because it's something other projects love to throw in my face. Advisory Privacy basically means that every message contains the recipients or scope for that message, and if it's private and it's not addressed to you, you're not supposed to look at it - even if it arrives at your server.

The obvious question arises, "But if there's nothing actually preventing you from looking at it, it isn't really private - is it? You can just ignore the advisory."

Quite true.

A very vocal opponent of everything Hubzilla on another project recently wrote a scathing blog post on advisory privacy (right after we had an online dispute about something else - coincidence? I think not.) Anyway he rightly said that this mode was an atrocity and insecure and their project would never allow such a thing because they take pride in your security (while passing around hidden metadata in a way that exposes the metadata they're hiding and using encryption that's basically plaintext to any hacker and protecting private photos with random strings that can easily be seen by fuskers - but I digress). That's not the point. The point is that Hubzilla does have this mode available - we just don't use it. You can only trigger if you set your permissions to 'custom/expert mode' and only applies to exactly one of the 20 categories you can manually set limits for in expert mode. We actually don't use it even there to send private posts, but only to set a limit to how public things should be. Now I'm fine with people using insecure privacy if they are 'experts' and choose to do so. I'm not going to question their right to do whatever they want. But the fact is that unless you choose this expert mode, there's no way you're going to ever use advisory privacy, and our documentation strongly discourages it.

Anyway, here's the irony... advisory privacy is the de facto privacy mode for activitypub which several projects are being asked/bullied to adopt. It is also the new privacy mode under development at mastodon. There are no other mechanisms under consideration.
Haakon Meland Eriksen (Parlementum)
  last edited: Sat, 15 Apr 2017 19:58:42 +1000  
How many dimensions do we use to describe a privacy setting now? Four? Something like this - Scope/Context-Permission/Capability-Role-Person? It should be possible to compare and contrast our privacy settings with other solutions. I borrowed a bit from Moodle to high-light similar concepts like our Scope and their Context. However, these are not the same dimensions, there are just four(?) of them, e.g. Context in Moodle is tied to the surface area you have access to, either Portal-Category-Course-Activity while our Scope is tied to person, i.e. Only you-etc-to-Anybody on the Internet.

Edit: :facepalm . I see now Asset/Object/Thing/Context are the same, i.e. what you have access to.
Mike Macgirvin
 High Range, Australia 
Sorry for all the typos tonight, I'm on a tablet. Anyway it just dawned on me that an anniversary passed a few days ago. I traded city life and the stars and stripes for country life and the southern cross. Traded a culture of fear for a culture of mates and beers. It's been ten years.
elmussol
  
We passed ten years in Catalunya a couple of months ago. Though country life is a struggle, I'm not trading it either.
Raymond Monret
  
You forgot to mention all the wild and lethal animals without which life in Australia wouldn't really be life in Australia!
Mike Macgirvin
  
The lethal animals keep you on your toes and prevent you from ever becoming complacent. It's a good thing to not become complacent.
elmussol
  
However needs some training in spliff building if you ask me.
Seth Martin
  
Ya, that's way too loose, it's gonna run.
How to Federate the Social Web

Mike Macgirvin
 High Range, Australia 
So there are two web communication services and you want to federate them. Great. You're probably thinking "Let's just all use the same protocol." Easy.

You couldn't be further from the truth. Let me give you an example of what it takes and some of the things you need to consider and problems you *must* resolve to federate two different web communication systems.

We'll start with identity. Who are you communicating with? How do you find them? How do you connect with them? But let's step back to the top. What is an identity anyway?

Does the service use webfinger addresses?

Does it use URLs?

Can an identity be used on two different servers simultaneously?

Can an identity move? How?

Let's say it uses webfinger addresses. What characters are allowed in a username? What if these aren't all supported on your service? Or what if you allow more characters than are allowed on the other service? What do you do?

Are there length restrictions on the username? What are they? How do you resolve differences?

Does the service use "old webfinger" (host XRD) or "new webfinger" or something else?

Is everything you need to communicate with the person available in webfinger? (Highly unlikely.)

What other files or resource do you need to check to find all the information you need to communicate with them? How many of these resources do you need to check before you have enough information to continue?

Does the service allow http only or self-signed certs or any certs which are not "browser valid"? (This affects images and embedded content appearing in remote streams, as many browsers will either not display it or pop up a warning, or in some cases hundreds of warnings if your service is decentralised. It also affects whether you need to fall back to http if an https request fails, potentially doubling the number of lookup requests).

Does the service support privacy? What do you do if it doesn't and a member on your service tries to send a private message to them?

Does the service support private photos? How are these accessed? Are they fetched through an authenticated channel, or embedded? If they are embedded, what are the size restrictions on a message? Can the private photo fit in that size? Will it even be recognised? If authenticated, how do you authenticate exactly? Does this require a popup login box in the middle of your social stream? What if there are more than one of these in your stream? What if there are hundreds? What login do you use? Your own? Or some other login on a different system?

Does the system support private mail (DM)? Does this work from other services? What do you do if it doesn't?

Hashtags. Can they be one word or multiple words? If multiple, how does the service decide where the hashtag ends? Are there length restrictions? Character case restrictions? Character set restrictions? How do you resolve the differences? Are the hashtags linked on the outbound site or on the inbound site? (The latter tends to lead to large centralised servers because small sites are starved of hashtag content.)

Mentions. Same questions as hashtags. Can you mention a person with a webfinger address? What do you do if somebody in a private conversation mentions somebody not included in the conversation? Does this change the privacy?

What is the markup format used? Are there any hacks you need to add to this particular service to support their markup format?

What are the length limits of a post? (This was mentioned earlier w/r/t embedding photos, but now we're just talking about text.) How do you resolve differences in length limits? Are these discoverable? How exactly?

Is there a way to flag a post as adult or inappropriate?

Does the service provide groups/forums? How are these addressed? Can they be mentioned? How? Can they be private? How?

Does the service allow "wall-to-wall" posts? If not, are they able to recognise wall-to-wall posts created on another service or are the posts all incorrectly attributed to the same author?

Does the system support events? Are they timezone aware? Are these iCal enabled? If not, how do you convert iCal information so that it is not lost in federation?

Do they support emojis and/or emoticons? How are these designated? If emoticons are they converted on the sender or receiver side?

Can you retract a private mail message? How?

Can you retract a post? How?

Does the service support editing of posts? How?

Can you "expire" a post/comment? How?

Do comments to your posts require some service specific metadata such as signed XML fields in order for you to federate them to the other service? What if the comment author was on a system which does not federate with the other system and has no concept of requiring signed XML fields? What do you do?

Does the service support 'dislike'?

Does the service support likes of comments?

Tags in comments?

Mentions in comments? What happens to these?

Sub-comments? To what level? How do you collapse them if you service doesn't support the same number of levels?

Does the service support "apps"? What if it doesn't and the post only contains a single embedded app with no text? Do you send it?

Does the service provide a directory?

Can you request friendship/connection/follow from the profile page if non-authenticated? How?

Embedded content - what services are supported? Which are not supported? Can you embed a map? How? Is there a blacklist/whitelist? How do you know in advance if your embed will actually make it "intact" or not?

---

I came up with this list in under ten minutes based on real-world experience implementing federation between systems. I'm sure I could go for several more pages and still only scratch the surface of compatibility. So if you wish to provide service federation between two providers, these are all questions you need to ask and find answers for. "Just use Activitypub" or "Just use OStatus" isn't going to fix or answer any of these real-world examples.
JRandal
  
I was going to ask how long it took you to come up with this list. Wow.
Mike Macgirvin
  
I could go on for days, but at some point it would get nauseating to read. Probably crossed that line for some people already.
JRandal
  
I confess to scanning after about half-way through.
Mike Macgirvin
 High Range, Australia 
Whoa! STOP THE PRESSES!

Bet you never saw this one coming...

Barry Manilow reveals he is gay

Image/photo


Singer says he has been in a relationship with his manager since 1978, but kept it from fans for fear of disappointing them
Mike Macgirvin
 High Range, Australia 
For all of you conspiracy theorists out there...

Adolf Hitler Part 01 of 04

Image/photo

hitweb1.pdf — PDF document, 8,400 kB (8,601,655 bytes) - Administrative Policy Procedures - Anti-War - Bureau Personnel - Civil Rights - Counterterrorism - Foreign Counterintelligence- Frequently Requested - Fugitives - Gangs Extremist Groups - Gangster Era - Miscellaneous - Organizations - Organized Crime - Political Figures Events -...
Mike Macgirvin
  
Snopes calls it false, but it's still an interesting read and I find their rebuttal to be lacking a bit of their typical due diligence.
Mike Macgirvin
 High Range, Australia 
I reckon this should be an Australian Tourism poster.

Snake eats crocodile in a midnight feast with teeth

Image/photo

Two men driving across a Kimberley river crossing late at night find a large snake eating a crocodile.
In the Wind
  
Oh.. boy
Mike Macgirvin
 High Range, Australia 
Please delete my post from last night (March 31st) if it remains on your server for some reason. Whether or not you wish to ignore it is your own choice.