Notices by Jeff Martin (cuchaz@gladtech.social), page 2

@silverpill @helge To be honest, I was never all that interested in DIDs. The idea that you have to ask some external service if the identity is valid or not was always a bit of a turn-off. Ideally, identities could show their own validity without the need to appeal to an external authority. At least, that's the approach I took with my Burger portable identities.

Last time I checked, I think all the DID methods were basically blockchains. Ugh. No thanks.

It's been a while since I looked, so maybe things have improved since then? Using a DHT might get you something a little more reasonable, but DHTs have their own problems.

@helge @silverpill Turns out, the hard part there is the lookup mechanism. Sure, say we make the URI something where there's no HTTP(s) server listening to it. Something like `randoproto:myPubKey`. Then you need some kind of service to translate that into a URL on an AP server.

But what service gets to do that translation? Right now AP basically depends on DNS as the translation service, except it's translating domains to IPs. But if we wanted to translate randoproto URIs all the way down to an IP and an HTTP path, we'd have to build something very DNS-like. That is, an authority that knows all the `myPubKey` values and their current domains. But asking an authority for permission to use your portable identity completely defeats the purpose of portable identities.

It's the entire concept of linking data with URIs that's the problem. The whole point of portable identities is that they exist, and can be used, independently of any linkages.

How might portable identities work with Mastodon?

https://metalsamurai.wordpress.com/2023/03/26/more-on-mastodon-and-portable-identities/

@MetalSamurai covers this in a blog post with a remarkably in-depth discussion of the challenges and consequences of trying to make it work.

It's a surprisingly hard problem with no easy solutions. Not because the problem is fundamentally hard. Because it's not. But because Mastodon, and ActivityPub, weren't really designed with portable identities in mind, and now we're painted into a corner where now this is pretty hard to achieve.

@silverpill also, wow. libp2p looks really great. But perhaps not ready for browsers yet.

@silverpill Java isn't quite the hurdle, so C++ isn't better there. The hurdle is asking users to install local software to do what looks like "visiting a website".

I'd like to build an app that has the same UX (or nearly the same) as visiting a website, but the servers are hosted on residential networks rather than in data centers. So I want to stick with vanilla browsers, but I can do as much magic on the server as is necessary. It ends up being a weird mix of classic client/server stuff, but also some newfangled P2P stuff.

So ideally, I want some kind of public overlay network that can do e.g. ICE, routing without static IPs, and is accessible from a vanilla browser. WebRTC seems promising here except it doesn't solve name-based (instead of IP-based) routing as far as I know. Maybe WebTransport will do it? I'll look into it, thanks!

@silverpill in case you're vaguely interested in this still, libp2p's support for browsers is a bit lacking, but they're done a lot more work on the rust side of things. I'm experimenting with building a (mostly) P2P network using some rust crates.

Tragically it looks like you can't get true P2P when all the peers are behind NAT, but having just one server on the public net trying to coordinate punching can get you pretty close.

Tragically this means I'll have to have my browser extension talk to a native process for now (ugh!), but at least I can use browser-to-native comms instead of SOCKS. Plus, there's hope the browser side of libp2p can evebtually catch up using things like WebRTC and maybe WebTransport too.

Anyway, thanks for the references!

@silverpill Finally actually did some research on these overlay networks. I2P looks great, but installing a Java app so your browser can access the network via local SOCKS proxy? Eeek. Bad UX there.

Honestly, Tor looks like the best option at the moment, especially with the Tor2Web relays. If I understand this correctly, those would let a totally vanilla browser access the overlay network with almost no configuration. Very nice!

Now I just wish someone could build a real overlay network client inside of a browser extension. No idea how you'd solve Firewalls and NAT punching there, and you'd have to use websockets (or WebRTC?), but it would be very nice UX for my case, since my app is a browser extension too.

@silverpill whoa, this is the first I'm hearing of I2P. Honestly, it looks awesome for a future project. Will add it to my research list.

@silverpill wait, Tor solves (or avoids) the static IP and/or NAT punching issues with home hosting?

That's very interesting... I never thought of Tor as a virtual Public network before, but now that I think about it for like ... a minute, of course it is.

I've been planning to use something like Yggdrasil (another vPn) for a project, but from the sound of this, Tor might get the job done too. I'll have to do some research.

Elephant help me, I'm actually releasing this thing! :toot: Folks, I present to you:

✨ End-to-end Encryption for Mastodon DMs ✨

#E2EE #Mastodon

https://codeberg.org/cuchazinteractive/Mastodon/src/branch/e2ee-4.0.2-dev/doc/e2ee

It's far from perfect (Far), but it's a start. I have no idea how people release mods for Mastodon because I've never seen one before. Forks, sure, but not mods. So I made something up. You can read all about it at the link above.

For now, I'm supporting Mastodon v4.0.2 and the Firefox browser. There's a browser extension in there, so browser support is tricky. It's a whole thing. I'm starting simple at first. Walk before you can run and all that, right?

Anyway, try it out. If you want. Or not, no judgement. But if you do, tell me how it went, will ya? I'm curious.

Maybe try it on a testing instance first though. I should probably set one of those up actually.

And If you try it out and run into trouble, send toots! :blobcatboophappy: I'll help out.

This is perhaps the biggest bikeshedding discussion for tabs vs spaces I've ever seen. Found in a GitHub issue for rustfmt:

https://github.com/rust-lang/style-team/issues/1

And it's utterly fascinating to me for some reason. :blobcat_thisisfine:

On the one side, the pro-spaces camp seems to like spaces because they can force viewers to view code exactly the way the author intended.

On the other side, the pro-tabs camp seems to like tabs because the viewer gets to choose how to view the code, not the author.

It's an irreconcilable difference. No wonder there isn't an answer that can make everyone happy.