Conversation

Notices

1. Johann150 ⁂ :ipv6: :open_access: ☮ (johann150@genau.qwertqwefsday.eu)'s status on Friday, 16-Feb-2024 12:31:53 JST Johann150 ⁂ :ipv6: :open_access: ☮

   • arcanicanis

   the nature of an ecosystem when one software can steamroll in whatever direction it wants too unimpeded (because again: marketshare) and how this cripples the advancement of careful protocol development when much of it's "behind closed doors" of one vendor (at least to my understanding), outside of actual standards bodies and community-organized efforts-- @arcanicanis@were.social
   
   YES, THIS! Sums up my frustrations pretty well back from when Misskey was having federation issues with Peertube and Owncast because of HTTP Signatures.
   
   Just as a reminder, the version of HTTP signatures the elephant in the room uses (and thus makes everyone else use) is based on an RFC draft which is now "expired & archived".
   
   Also when I was looking up the name of the RFC draft again I found out that its successor RFC 9421 "HTTP Message Signatures" has been published this month. I hope someone in particular will be making some kind of move on that if you know what I mean. :gargamel:

   • arcanicanis (arcanicanis@were.social)'s status on Friday, 16-Feb-2024 12:31:46 JST arcanicanis

     in reply to

     • Haelwenn /элвэн/ :triskell:

     I think part of it just comes down to developers of each project having direct communication channels with each other, whether it’s poking each other over email, instant messaging, or direct messages; meanwhile kicking around topics in microblogging format (as something that can get buried to the timeline with everything else), sometimes makes it difficult. I do agree that SocialHub for whatever reason feels difficult to keep up with.

     Essentially with FEPs, it feels almost like something that should be treated like trying to get a bill through Congress. “Hey, I’ve got this new proposal, I’ve talked to X and Y project, and they seem onboard, can I count on your support too? Is there any feedback you have on this idea?”

     As for Mastodon: fuck it. Everyone else can continue advancing on together, and probably craft things in a “progressive enhancement” manner to augment new things, while Mastodon can act like the “Internet Explorer of the fedi” in it’s own little aimless corner. While the rest of us get to have: custom emote reactions, animation markup, search, post quoting, (now recently) post tipping, and whatever else comes next.

     Or with locking down fedi: have some opt-in “strict mode” (that would otherwise ‘break’ federation, if it wasn’t opt-in) that could be advertised in nodeinfo, like in similar nature to HSTS with web browsers regarding strict HTTPS use; or if an actor has keys listed for Object Integrity Proofs, to trust that mechanism only for proving something authentic as originating from that user, and skipping whatever insanity of HTTP Signatures, same-origin, or other mechanisms, etc.

   • Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 16-Feb-2024 12:31:50 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • arcanicanis
     @Johann150 @arcanicanis
     SocialHub for me is the kind of thing I nearly just stopped (I just get email on new subjects of particular topics) because there's no difference between stuff like "help, my implementation doesn't works" and stuff like "Here's a draft for a FEP".
     
     So it went back to people explicitly pinging Pleroma or seeing something in my fedi timeline. Which doesn't scale at all to the number of fedi implementations.
   • Johann150 ⁂ :ipv6: :open_access: ☮ (johann150@genau.qwertqwefsday.eu)'s status on Friday, 16-Feb-2024 12:31:51 JST Johann150 ⁂ :ipv6: :open_access: ☮

     in reply to

     • Haelwenn /элвэн/ :triskell:
     • arcanicanis

     @lanodan@queer.hacktivis.me @arcanicanis@were.social hmm i mean with having a single developer/user project pretty much and not even that much experience compared to some other people around here (probably including you), i don't have the expectation of influencing any kind of standard. but yeah that sounds kinda annoying.
     
     kinda similar situation with FEPs/socialhub.activitypub.rocks, I've kinda given up on them having any considerable impact, especially since mastodon doesn't seem to care about them at all, sometimes even doing yet another competing implementation of something that was already put into FEPs

   • Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 16-Feb-2024 12:31:52 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • arcanicanis
     @Johann150 @arcanicanis tbh I feel like the entire way standards are made is broken, including IETF which feels like the least worst one.
     
     Like the Fediverse has been using HTTP (Message) Signatures for more than half a decade and is probably by far the main user of it yet there's barely any communication between implementers and standards writers, and AFAIK there was no way to get something like a mailling-list with just http-signatures rather than the entire noise of the http-wg.
   • silverpill (silverpill@mitra.social)'s status on Friday, 16-Feb-2024 12:32:15 JST silverpill

     in reply to

     • Haelwenn /элвэн/ :triskell:
     • arcanicanis

     @arcanicanis @lanodan @Johann150

     >Essentially with FEPs, it feels almost like something that should be treated like trying to get a bill through Congress. “Hey, I’ve got this new proposal, I’ve talked to X and Y project, and they seem onboard, can I count on your support too? Is there any feedback you have on this idea?”

     I think this is a correct approach. Not sure about other authors, but for me each proposal is a mini-project, not something that you can write and forget about. Requires a lot of work, but this is exactly how standards in decentralized network should be developed.