sure this is all very bad for activitypub but this is truly amazing content
-
@promovicz @laurenshof It's "entertaining content" for sure, but what it also gets at is not just the technical side of things, but the social one, and how we are caught between both, and our systems are the output of the conflicts between technical goals and social dynamics.
@evan is my friend, and I'm not super proud of that exchange, because I lost patience publicly, because this is a sore issue for me. But of course, you tear things back, and Evan and I had a nice chat afterwards, and actually have hung out quite a bit before and since, and behind all of that, both of us were going through things in our personal lives.
And yet the decisions we make in these messy social dynamics influence the kinds of technical systems which in turn influence the kinds of social systems we can have!
@cwebber @promovicz @laurenshof I don't feel like things got that bad at all.
I continue to believe that verifying content when it's first read, rather than when it's first received, is a much more performant strategy. It causes a slight hit for the first reader, but it spreads out the stress on the remote server across time much better.
I also think trust metrics are good for networks.
I did promise you a blog post on the topic, though, @cwebber . I'll try to get that done next week!
-
@evan @laurenshof It’s probably quicker and less work to make a new protocol based on lessons learned than try to fix it.
You’ll have to adopt clients anyway to upgrades to the protocol. ¯\_(ツ)_/¯
@thomasfuchs @laurenshof You should do that!
-
@promovicz @laurenshof @evan It does worry me though, and there's a reason it's so personal to me. The lack of signing of messages and content-addressing have lead to serious issues that, while ATproto does worse than us on the aspects of power distribution, it does better in terms of content survivability and portability, and these are things I thought were important *all the way back in ActivityPub standardization*, but we couldn't get to yet.
There is no "technical problems vs social problems" dichotomy. Social situations influence technical design, and technical design informs the kinds of social systems that are possible. Protocol development is all of this, mass multiplied.
@cwebber @laurenshof @evan You are both working in a challenging space, and I respect that. Discussion is hard to avoid sometimes.
My dichotomy was just for illustration. About the rest, I mostly just agree, and hope that you and the community can figure out a good path forward. My vote tends towards “strong tech makes better social guarantees” or sth like that.
-
@promovicz @laurenshof @evan And for whatever it's worth, I think there are solutions to these things. EITHER ActivityPub or ATproto could incorporate the good ideas of the other and solve the parts the other lack.
And I can write down to do it. And I have, scattered across bits and pieces.
But it requires getting ecosystems to move, and it's very depressing trying to do that. I don't have the time in my life to sit through meetings trying to convince them that they need to solve the problem right now. So I just focus on building the directions I think matter.
I could write it all down though, and let everyone else do the fighting to make it happen, I suppose.
But I don't have power over the ATproto or ActivityPub worlds, really. The implementers of both do, and both have huge stakes and biases towards their own things, and investments in the directions they already are convinced they should go. I have a say, and an ability to critique, and people listen to me, but only sort of.
@cwebber @promovicz @laurenshof @evan it would be great to see a new protocol incorporating lessons learned from both, that concentrates on performance for users and keeps power and bandwidth use as low as possible
-
@laurenshof I think ActivityPub is inherently and irrevocably flawed due to a naive implementation and needs to be replaced with something that has performance and efficiency in mind (as a counterexample that handles performance at scale better, AT proto comes to mind; that one has its own issues but it does overall work a lot better)
@thomasfuchs @laurenshof ATProto is the result of corporate minded techbros, to produce yet another #DTBO #SocialMedia aiming at making people a product.
Thinking ATProto is anything else is deeply naive.
I'll yake ActivityPub with its *features* of no algorithm tracking me. Every tracker is a bad idea, every collection should be made a liability, so they stop seeing us as meta data cows.
Long live the #fediverse, free of #bluesky and ALL corporate walled gardens
-
@cwebber @laurenshof @evan You are both working in a challenging space, and I respect that. Discussion is hard to avoid sometimes.
My dichotomy was just for illustration. About the rest, I mostly just agree, and hope that you and the community can figure out a good path forward. My vote tends towards “strong tech makes better social guarantees” or sth like that.
@promovicz @cwebber @laurenshof Thanks for bringing the post to my attention! I missed it the first time around.
-
@promovicz @laurenshof @evan It does worry me though, and there's a reason it's so personal to me. The lack of signing of messages and content-addressing have lead to serious issues that, while ATproto does worse than us on the aspects of power distribution, it does better in terms of content survivability and portability, and these are things I thought were important *all the way back in ActivityPub standardization*, but we couldn't get to yet.
There is no "technical problems vs social problems" dichotomy. Social situations influence technical design, and technical design informs the kinds of social systems that are possible. Protocol development is all of this, mass multiplied.
@cwebber @promovicz @laurenshof @evan I think one of the problems we’ve had in general is that signing things is a bit of a nightmare. Not just from a non-repudiation perspective (ActivityPub is pretty crap at this - though workable workarounds sort of exist.. - but I doubt ATProto is much better) but from a revocation and propagation of outdated/deleted information perspective.
Why do we not sign things? Because we don’t have a revocation story and also because indirect relaying gives up all sorts of control. Why is ATProto a bit more flexible here? Because they gave up that control to begin with.
If the signatures had expiries (which as far as I remember, they don’t!) you could imagine a world where when you click the boost button on my post, you ask my server for a copy of the post that’s signed and carries a short lived signature and then you would relay the post alongside that signature; but then it turns out that one of your followers is on a server that I blocked and now my post is there and, as a general rule, the Fediverse has decided that this is unacceptable (despite being unenforcible in general!), mostly as a consequence of the fact that we don’t have any form of 3rd-party-enforcible reply controls (I wish we had that, maybe it’ll come as an evolution of Mastodon’s quote controls…)
(And yes, LD Signatures suck, but all signature formats suck in some way or another and signatures are a primitive that it really sucks to build things around. But that’s a whole separate discussion!)
-
sure this is all very bad for activitypub but this is truly amazing content
@laurenshof Gorbachev used to get really annoyed at Ronald Reagan for overusing the phrase "Trust, but verify".
-
@promovicz @laurenshof @evan And for whatever it's worth, I think there are solutions to these things. EITHER ActivityPub or ATproto could incorporate the good ideas of the other and solve the parts the other lack.
And I can write down to do it. And I have, scattered across bits and pieces.
But it requires getting ecosystems to move, and it's very depressing trying to do that. I don't have the time in my life to sit through meetings trying to convince them that they need to solve the problem right now. So I just focus on building the directions I think matter.
I could write it all down though, and let everyone else do the fighting to make it happen, I suppose.
But I don't have power over the ATproto or ActivityPub worlds, really. The implementers of both do, and both have huge stakes and biases towards their own things, and investments in the directions they already are convinced they should go. I have a say, and an ability to critique, and people listen to me, but only sort of.
@promovicz @laurenshof Really trying hard not to say anything too spicy after reading that exchange. Suffice it to say, I strongly agree with @cwebber
-
@cwebber @promovicz @laurenshof @evan I think one of the problems we’ve had in general is that signing things is a bit of a nightmare. Not just from a non-repudiation perspective (ActivityPub is pretty crap at this - though workable workarounds sort of exist.. - but I doubt ATProto is much better) but from a revocation and propagation of outdated/deleted information perspective.
Why do we not sign things? Because we don’t have a revocation story and also because indirect relaying gives up all sorts of control. Why is ATProto a bit more flexible here? Because they gave up that control to begin with.
If the signatures had expiries (which as far as I remember, they don’t!) you could imagine a world where when you click the boost button on my post, you ask my server for a copy of the post that’s signed and carries a short lived signature and then you would relay the post alongside that signature; but then it turns out that one of your followers is on a server that I blocked and now my post is there and, as a general rule, the Fediverse has decided that this is unacceptable (despite being unenforcible in general!), mostly as a consequence of the fact that we don’t have any form of 3rd-party-enforcible reply controls (I wish we had that, maybe it’ll come as an evolution of Mastodon’s quote controls…)
(And yes, LD Signatures suck, but all signature formats suck in some way or another and signatures are a primitive that it really sucks to build things around. But that’s a whole separate discussion!)
@erincandescent thanks for mentioning blocks! It's one of the reasons that the current best practice is not to include the content of the boosted object at all.
-
@promovicz @laurenshof It's "entertaining content" for sure, but what it also gets at is not just the technical side of things, but the social one, and how we are caught between both, and our systems are the output of the conflicts between technical goals and social dynamics.
@evan is my friend, and I'm not super proud of that exchange, because I lost patience publicly, because this is a sore issue for me. But of course, you tear things back, and Evan and I had a nice chat afterwards, and actually have hung out quite a bit before and since, and behind all of that, both of us were going through things in our personal lives.
And yet the decisions we make in these messy social dynamics influence the kinds of technical systems which in turn influence the kinds of social systems we can have!
@cwebber @promovicz @laurenshof @evan I think this whole exchange is a good look, honestly!
You appear frustrated, about a technical problem that is important to you (one that resonates with me!), you don’t fall back on any weird personal attacks, just get loud.
Evan takes it in step and responds nicely.
I could have gasped when i read Evan’s reply and it’s so nice. That’s not how internet exchanges work!
Anyway, this thread reads like real people having a heated and respectful discussion about stuff they feel strongly about. Well done.
-
@laurenshof
I have zero context for anything else but the saying's "Trust *but* verify"@funbreaker @laurenshof "Trust, then verify" is a direct reference to that saying.
-
@promovicz @laurenshof Really trying hard not to say anything too spicy after reading that exchange. Suffice it to say, I strongly agree with @cwebber
@lykso Duly noted!
-
@cwebber @promovicz @laurenshof @evan I think one of the problems we’ve had in general is that signing things is a bit of a nightmare. Not just from a non-repudiation perspective (ActivityPub is pretty crap at this - though workable workarounds sort of exist.. - but I doubt ATProto is much better) but from a revocation and propagation of outdated/deleted information perspective.
Why do we not sign things? Because we don’t have a revocation story and also because indirect relaying gives up all sorts of control. Why is ATProto a bit more flexible here? Because they gave up that control to begin with.
If the signatures had expiries (which as far as I remember, they don’t!) you could imagine a world where when you click the boost button on my post, you ask my server for a copy of the post that’s signed and carries a short lived signature and then you would relay the post alongside that signature; but then it turns out that one of your followers is on a server that I blocked and now my post is there and, as a general rule, the Fediverse has decided that this is unacceptable (despite being unenforcible in general!), mostly as a consequence of the fact that we don’t have any form of 3rd-party-enforcible reply controls (I wish we had that, maybe it’ll come as an evolution of Mastodon’s quote controls…)
(And yes, LD Signatures suck, but all signature formats suck in some way or another and signatures are a primitive that it really sucks to build things around. But that’s a whole separate discussion!)
Can you explain what you mean by expiring signature? Obviously the math doesn’t expire so I assume the idea is signing with some sort of ephemeral key that is not mathematically linked to your identity?
-
@cwebber @promovicz @laurenshof @evan I think this whole exchange is a good look, honestly!
You appear frustrated, about a technical problem that is important to you (one that resonates with me!), you don’t fall back on any weird personal attacks, just get loud.
Evan takes it in step and responds nicely.
I could have gasped when i read Evan’s reply and it’s so nice. That’s not how internet exchanges work!
Anyway, this thread reads like real people having a heated and respectful discussion about stuff they feel strongly about. Well done.
@anders Thanks, those are nice comments.
I should also note that I'm not averse to Christine's ideas around using digital signatures for verifying content. They can improve performance by short-circuiting some verification that would require fetching the content over HTTP.
I do disagree that they are the *only* way to improve that performance, and that it's worth breaking backwards compatibility of the network in order to enable digital signatures.
-
@promovicz @laurenshof It's "entertaining content" for sure, but what it also gets at is not just the technical side of things, but the social one, and how we are caught between both, and our systems are the output of the conflicts between technical goals and social dynamics.
@evan is my friend, and I'm not super proud of that exchange, because I lost patience publicly, because this is a sore issue for me. But of course, you tear things back, and Evan and I had a nice chat afterwards, and actually have hung out quite a bit before and since, and behind all of that, both of us were going through things in our personal lives.
And yet the decisions we make in these messy social dynamics influence the kinds of technical systems which in turn influence the kinds of social systems we can have!
Nah, I think you had the right to pop off a bit there. I'm no network engineer, but even I thought verifying upon first read was an insane take. In this age with agentic AI writing goddamn hit-pieces on people and how dangerous things are getting, security has to be a priority. Dis/misinformation is spreading at unprecedented rates, and I think a place like the decentralized web needs to do whatever it can to limit that spread if it wants to actually be a viable alternative/replacement.
-
@thomasfuchs @laurenshof ATProto is the result of corporate minded techbros, to produce yet another #DTBO #SocialMedia aiming at making people a product.
Thinking ATProto is anything else is deeply naive.
I'll yake ActivityPub with its *features* of no algorithm tracking me. Every tracker is a bad idea, every collection should be made a liability, so they stop seeing us as meta data cows.
Long live the #fediverse, free of #bluesky and ALL corporate walled gardens
@faraiwe @thomasfuchs @laurenshof i hope you're aware that activitypub is just as public as atproto and that there is nothing stopping someone from creating/running the "tracking algorithms" you claim atproto does by default on this network
-
@faraiwe @thomasfuchs @laurenshof i hope you're aware that activitypub is just as public as atproto and that there is nothing stopping someone from creating/running the "tracking algorithms" you claim atproto does by default on this network
@esm I hope you are aware that anything shoved down our throats by techbros is to be seen as toxic and harmful, to their exclusive gain, and aligning yourself with their interests is stupid to the point of suicidal.
Don't let me know.
-
@anders Thanks, those are nice comments.
I should also note that I'm not averse to Christine's ideas around using digital signatures for verifying content. They can improve performance by short-circuiting some verification that would require fetching the content over HTTP.
I do disagree that they are the *only* way to improve that performance, and that it's worth breaking backwards compatibility of the network in order to enable digital signatures.
@evan @anders @promovicz @laurenshof It doesn't need to break backwards compatibility tho
But anyway
Long conversation potentially
-
@laurenshof I didn't think it was that bad at all.
@evan As a newbie to the tech end of decentralized spaces, I’m curious as to why you don’t think it should be “verify, then trust” or other alternatives that don’t allow bad actors to get at people who are not tech-savvy.
