Christopher Allan Webber firstname.lastname@example.org
Madison, United States
GNU MediaGoblin founder, former Creative Commons software engineer, python hacker, free software enthusiast, maker of weird drawings See: http://dustycloud.org/ (Any pronouns are okay.)
Good morning, pumpiverse
I'm sitting at TPAC in the room at which ActivityPub's fate will be decided!
Well okay, it's not quite that dramatic. Actually, the dramatic parts happen in two weeks. It looks like our transition to Candidate Recommendation will happen then. We're going to need "wide review" soon though... that means I'm going to call on you, dear readers, to help review the standards work we're working on!
Onwards and upwards! Here's hoping our last day at TPAC goes well... I'm optimistic :)
Just did a live demo of ActivityPub client to server stuff and server to server federation in front of a well populated room at TPAC and it WORKED THANK GOODNESS
"I need more hours," sighed @rhiaro. "I would use some of them for sleeping."
Claes Wallin (韋嘉誠) likes this.
Hanging out with friends csarven and @rhiaro doing some hacking in a hidden corner at TPAC.
Man, Lisbon is just broiling hot.
But I'm here for TPAC!
Hacking Pubstrate from my lodgings RN.
Cords, cords everywhere
And none of them connect to this port
seriously where did I put it
Got my ThinkPenguin mini computer, which I'm going to be using as my local network server/backup machine. It's pretty cute!
@EricxDu It's a bit expensive, close to $500. Which isn't so bad for a computer, but seems expensive for a mini-computer maybe. I had a hard time figuring out whatever else might be reasonably free software compatible and decided, "you know what? the thinkpenguin people do a good job, and this looks better than fretting over trying to figure out how to reduce the price and never setting up my backup machine again."
On "Someone is Learning to Take Down the Internet"
"Someone is Learning to Take Down the Internet" is an article by Bruce Schneier. And it sounds serious.
It sounds like it's the really big pieces of infrastructure being probed for vulnerabilities: the DNS system, ISPs, and SSL CA's.
Remember that most encrypted communication uses DNS and SSL CA's, which are both highly centralized systems. You only need to really compromise one "trusted" CA and MITM DNS, and you can do anything on almost all systems these days.
It would be different if we were using something "web of trust" like, but even the most popular ~decentralized systems in public use rely on what's in reality a lot of centralization.
So yeah, I think we're very vulnerable.I was thinking it was either for warfare or to disrupt civil unrest.
There's http://named-data.net/ which provides a new content centric set of network protocols that might be more robust to DDoS style attacks. (Since it replicates heavily accessed resources.)
Or at least self hosting video files should be safer with named data.
If the general message is "the Internet can be disrupted, especially by state actors, so just be aware of that", then OK, great, we all know that. But citing anonymous sources? That's just FUD.
Maybe the problem is real, but if companies won't talk about it, I really don't care if they get burned later. (Although it could suck if when they get burned the rest of us are burdened, too, and then I would care, but only about the damage to the rest of us, not the damage to them.)
Some Pubstrate and soci-el screenshots
Here's a Pubstrate screenshot, showing items in a feed. (It includes a little bit of a sappy micro-love-note. I was demo'ing to Morgan, sorry!) But the cool part is...
Here's a screenshot of soci-el, the emacs ActivityPub client I've been writing. The neat thing is that you see that on the right side, the
*soci-compose*buffers I composed the messages from (yes, it's using org-mode, yes I'm using comments to hackily handle the "headers" section). These were then sent across the wire using the ActivityPub protocol. On the left side you can see my outbox rendered, also pulled down through the ActivityPub API.
Alex Jordan shared this.Show all 6 replies
@Sean Tilley It could be, if you are brave, you can try it now. However, I recommend you wait a few weeks until I make a public release... there are huge gaps missing in the application, and there is no documentation. For example, there is no "registration" page; I load users into the database via the scheme REPL. That's not good external UX. ;) It's also probably harder to install, currently, if you're not using Guix, because of an obscure library (irregex) which isn't really needed, so I'll be removing soon.
It's close to a "download and try it" alpha, but not there quite yet. But the foundations are good. After my demonstrations at TPAC I'll work on making it into a package that others can try out.
I'm glad others are excited! :)
Finally cut el-get out of my .emacs'ing, and down to only 3 packages using emacs' package interface... everything else I'm pulling out of Guix. Great!
Claes Wallin (韋嘉誠) shared this.Show all 6 replies
@Christopher Allan Webber ah, okay. That makes a lot of sense.
WRT security, that's a very good point. I use different computers often enough that not having my package list under version control is something that's unsustainable, but you're totally right. (MELPA in particular didn't even do TLS for a long time, although that's thankfully not the case these days.) *sigh* I guess I should add "make ELPA have better security" to my endless TODO list :)
I've also never really regretted upgrading a package, even though I'm not even on MELPA Stable. How many packages do you use? (I'm sure it's more than me!) Or perhaps that's the wrong question - a better one might be, how many SLOC do you have in your .emacs that customize packages, and how complex are the customizations (e.g. just
setqor something more complicated)?
Less than 9 ActivityPub issues left as of this morning. Hope to get as close to 0 as I can today.
Rebalancing how the web is built
Great article by Manu Sporny, about how the W3C's current structure makes developing important new standards difficult and prioritizes large organizations among all else. It includes suggestions on how to move in a healthier direction.
Charles ☕ Stanhope likes this.
Pubstrate + soci-el + ActivityPub update for 2016-09-10
Following up from last week's update (well, plus a few days)... a lot has happened.
- Session stuff was put to use. Logins/logout now work.
- I wrote a configuration subsystem. You can now configure the application, and have the configuration validate against a spec. The configuration files are written in scheme, but pleasantly, there's a command line script which will generate a default config for you, with some infrastructure so that it will be a nice little wizard asking you questions later.
- Backported some stuff from Guile 2.1/2.2 so that if you're still using Guile 2.0, you can still redirect from relative links. (This was originally against the HTTP 1.1 spec, but in a revised version, it was relaxed.)
- Command line interface now supports multiple subcommands, used for config bootstrapping stuff mentioned above.
- Much, much refactoring.
- Wrote a full widget/form rendering library, a-la Python's WTForms, but without all the mutation.
- Added page to authorize clients.
- User outbox now renders as AS2 on a GET.
- Various improvements and bugfixes.
So 5 days ago, I hit the point where I needed to have a decent client to be testing things with. Prior to this I had just been using the guile REPL to do some crappy posting. I realized I wasn't capturing the experience of any kind of real use though, and I needed to demo a real client, so I started building one.
I really fought with myself over what I should build it in. Weighing the options, I initially decided a Pumpa-like interface in GTK2 would be the most generally demonstratable, and would allow me to leverage the Guile bindings I had already written. So I started writing that, but soon ran into problems... I spent about 4 hours trying to get GTK box packing to cooperate on the most trivial things and realized I wasn't having any fun. I was feeling depressed and full of doubt.
I kind of felt like, maybe an emacs client would be most fun for me. But that would mean reimplementing nearly all of the activitystreams handling code from Guile into Emacs Lisp. So I decided to take an evening to see if I could do it. Well, within a few hours I had nearly everything ported, and by the next day I had a generic methods written! I also made a mockup that felt compelling for an emacs interface, and was able to make use of that look... within a short period I had a working experimental rendering function, and shortly after that I managed to render another entry, this one borrowed from @rhiaro's blog (which exposes an AS2 version).
So, emacs client it is! I've been forging forward, and as of right now I can connect emacs to my localhost instance of Pubstrate and pull down and render my outbox. Horray!
I still need to be able to post things though. For the moment, I am thinking of taking the (hilarious?) route of being able to author content in org-mode (which will be rendered to HTML before being posted to the server).
In the meanwhile, I am also trying to wrap up all the ActivityPub issues I can, though I've been more focused on the software.
I feel like things are coming together, but I'm very afraid that even if I put in all my energy, I won't get things far along fast enough. I'm very stressed out because of this. I know some of you have said "it isn't worth your mental health", but maybe some deadlines, if they are important enough, are. Nonetheless my mental health is admittedly very poor right now... and my physical health isn't doing so great being in crunchtime either. If I step back and look at my productivity, it seems very good on its own. In put in context of a ticking clock, it feels like not enough.
Not long left till TPAC. Wish me luck.Show all 7 replies@email@example.com Is this the kind of TPAC you are talking about?
look at code "Oh god, I have to write a whole other utility to finish this and I forgot about that"
look in another file "Oh I wrote that utility a month ago and forgot about it. Thanks past self!"