16:58:39 <RRSAgent> RRSAgent has joined #social
16:58:39 <RRSAgent> logging to http://www.w3.org/2017/06/20-social-irc
16:58:41 <trackbot> RRSAgent, make logs public
16:58:41 <Zakim> Zakim has joined #social
16:58:43 <trackbot> Zakim, this will be SOCL
16:58:43 <Zakim> ok, trackbot
16:58:44 <trackbot> Meeting: Social Web Working Group Teleconference
16:58:44 <trackbot> Date: 20 June 2017
17:00:41 <eprodrom> present+
17:00:43 <ben_thatmustbeme> present+
17:00:47 <sandro> cwebber2 ?   aaronpk ?
17:00:51 <sandro> present+
17:00:52 <ben_thatmustbeme> i am on, just as i said, through hurts
17:01:07 <ben_thatmustbeme> no problem
17:01:28 <eprodrom> We'll wait for people to join until 5 min past the hour
17:01:52 <ben_thatmustbeme> its not really worth it
17:01:59 <ben_thatmustbeme> I do it from the web
17:02:08 <ben_thatmustbeme> under firefox i never have an issue
17:02:09 <cwebber2> hi
17:02:13 <cwebber2> I'm dialing
17:02:14 <cwebber2> in
17:02:22 <ben_thatmustbeme> yes, on linux
17:02:52 <ben_thatmustbeme> it used to let you rename the callers, which was helpful when i was learning names
17:02:58 <ben_thatmustbeme> the web app doesn't let you do that any more
17:04:40 <ben_thatmustbeme> hah
17:04:53 <cwebber2> I could scribe during the non-AP parts
17:04:54 <ben_thatmustbeme> defaultscribenick:ben_thatmustbeme
17:05:56 <ben_thatmustbeme> yeah, i noticed that sandro
17:05:58 <ben_thatmustbeme> :/
17:06:34 <ben_thatmustbeme> yes
17:06:47 <cwebber2> present+
17:06:59 <ben_thatmustbeme> scribenick: ben_thatmustbeme
17:07:27 <ben_thatmustbeme> eprodrom: we have 4 on the call, its enough to have a call, but I don't want to do binding resolutions
17:07:40 <ben_thatmustbeme> .. cwebber2 are you in need of any?
17:07:55 <ben_thatmustbeme> cwebber2: its okay to not have a resolution, just need group input
17:08:13 <ben_thatmustbeme> eprodrom: i'd be ok with doing things like closing issues, i think thats fine
17:08:33 <ben_thatmustbeme> TOPIC: review of minutes from last week
17:08:45 <eprodrom> PROPOSAL accept https://www.w3.org/wiki/Socialwg/2017-06-13-minutes as minutes for 13 Jun 2017 meeting
17:08:50 <rhiaro> present+
17:08:57 <cwebber2> oh yay rhiaro
17:09:01 <eprodrom> PROPOSED: accept https://www.w3.org/wiki/Socialwg/2017-06-13-minutes as minutes for 13 Jun 2017 meeting
17:09:26 <cwebber2> +1
17:09:30 <ben_thatmustbeme> +1
17:09:34 <Loqi> woot
17:09:36 <eprodrom> +1
17:09:40 <sandro> +1
17:09:52 <eprodrom> RESOLVED: accept https://www.w3.org/wiki/Socialwg/2017-06-13-minutes as minutes for 13 Jun 2017 meeting
17:10:13 <ben_thatmustbeme> TOPIC: confirm next telcon
17:10:41 <ben_thatmustbeme> eprodrom: we are moving in to the summer months, so i'd like to have a meeting on the 27th, and then discuss if we are going to have an abbreviated schedule after that
17:10:48 <sandro> +1 meeting on 27t
17:10:51 <cwebber2> +1
17:10:55 <ben_thatmustbeme> <ben_thatmustbeme>+1
17:11:18 <ben_thatmustbeme> eprodrom: then I as chair, unilaterally say we are having a meeting next week
17:11:30 <ben_thatmustbeme> i think i owe tantek one, so I may chair that too
17:11:39 <ben_thatmustbeme> TOPIC: extension update
17:12:09 <ben_thatmustbeme> sandro: what i can say is that voting period ended friday, we don't know the official answer yet
17:12:37 <ben_thatmustbeme> sandro: we should find out tomorrow
17:12:47 <ben_thatmustbeme> eprodrom: well i'm glad that we are meeting next week then
17:12:54 <ben_thatmustbeme> TOPIC: activitypub
17:13:41 <ben_thatmustbeme> cwebber2: my estimate last week was that we would have the test suite up 2 weeks from then, and i hink i'm on track for that.  We have a number of new issues i'd like to discuss, they partly came up from mastodon being very active on their implementation right now
17:14:00 <cwebber2> https://github.com/w3c/activitypub/issues/233
17:14:00 <ben_thatmustbeme> ... we also have another implementation in progress by puckipedia, a dotnet implementation
17:14:00 <Loqi> [cwebber] #233 Move "do not overload" and "don't trust submitted content" to Security Considerations?
17:14:12 <ben_thatmustbeme> ... first lets look at issue 233
17:15:11 <ben_thatmustbeme> ... there are 2 parts, they are SHOULD so they should be in the test suite, but they are hard to test, but the feel like they should be part of the security consideration section things
17:15:27 <ben_thatmustbeme> eprodrom: for me the second one is clearly a security consideration
17:15:55 <ben_thatmustbeme> ... trusting client submitted content is an interesting way to get to it, but ...
17:16:13 <ben_thatmustbeme> cwebber2: yeah, the server should definitely should verify the embedded object
17:16:54 <ben_thatmustbeme> eprodrom: if cwebber2 submits "cwebber likes eprodrom's photo" that should be checked, but if its his own photo, thats probably okay
17:17:03 <ben_thatmustbeme> ... there is a balance to be struck there
17:17:13 <ben_thatmustbeme> ... but existance is definitely an issue
17:17:21 <ben_thatmustbeme> sandro: what about the date field?
17:17:35 <ben_thatmustbeme> eprodrom: thats an interesting one, we do a bunch of things like that in pump.io
17:17:37 <ben_thatmustbeme> q+
17:17:54 <ben_thatmustbeme> sandro: there is an issue on mastodon about bulk uploading posts
17:18:15 <ben_thatmustbeme> if they do that, then they are backdating things, so are they falsly claiming published date?
17:18:34 <ben_thatmustbeme> cwebber2: you could have an updated field, but i don't think that reflects the real meaning
17:18:45 <ben_thatmustbeme> eprodrom: in status.net and pump.io you mark it as a share.
17:18:57 <rhiaro> q+
17:19:07 <cwebber2> q+
17:19:13 <eprodrom> ack ben_thatmustbeme
17:19:17 <ben_thatmustbeme> <ben_thatmustbeme> getting back to what cwebber2 asked...
17:19:26 <ben_thatmustbeme> ... the first thing is not really testable
17:19:41 <ben_thatmustbeme> the second i feel, while security questions, is VERY testable
17:19:45 <ben_thatmustbeme> and i would argue should be tested
17:20:04 <rhiaro> q-
17:20:07 <ben_thatmustbeme> eprodrom: there is a lot in there that could be tested
17:20:17 <eprodrom> ack cwebber
17:20:25 <ben_thatmustbeme> ... do you accept something with an actor that is not the authenticated person
17:20:46 <ben_thatmustbeme> cwebber2: the second can be tested to some degree, maybe we should enumerate some ways in which it should be tested
17:20:57 <ben_thatmustbeme> <ben_thatmustbeme> even just a few tests is fine
17:21:01 <rhiaro> q+
17:21:43 <ben_thatmustbeme> cwebber2: it might be some things where it intentionally does leaves parts out and replaces it with its own data
17:21:55 <ben_thatmustbeme> ... i agree we could certainly do some tests
17:22:33 <ben_thatmustbeme> as to the exponential backoff is it security of is it just a note in the doc?
17:22:56 <ben_thatmustbeme> eprodrom: is there some other doc we could just reference?
17:23:20 <ben_thatmustbeme> sandro: the security consideration is that most restful apis force backoff
17:23:53 <ben_thatmustbeme> cwebber2: you can only force it to some degree, you could reject the requests, but you can still get ddos'ed
17:24:10 <ben_thatmustbeme> sandro: you should be able to handle a single dos though
17:25:09 <ben_thatmustbeme> ... i think there is an appropriate security consideration here though
17:25:10 <rhiaro> q?
17:25:16 <eprodrom> ack rhiaro
17:25:45 <ben_thatmustbeme> rhiaro: we don't need 100% automated test coverage, a test can be something as simple as having a checkbox and we take their word for it
17:26:13 <ben_thatmustbeme> cwebber2: that was the original way i was doing it, but i was getting some pushback from it being too prompty
17:26:45 <ben_thatmustbeme> rhiaro:  whatever the shortest way is
17:27:05 <ben_thatmustbeme> cwebber2: the former one i would like to ...
17:27:21 <ben_thatmustbeme> being rewritten as proposal
17:27:32 <eprodrom> PROPOSED: move section on exponential backoff to security considerations, section on trusting content to security consideration with tests to close https://github.com/w3c/activitypub/issues/233
17:27:33 <Loqi> [cwebber] #233 Move "do not overload" and "don't trust submitted content" to Security Considerations?
17:27:35 <cwebber2> +1
17:27:42 <sandro> +1
17:27:47 <rhiaro> +1
17:27:48 <eprodrom> +1
17:27:51 <ben_thatmustbeme> +1
17:28:06 <ben_thatmustbeme> is this a normative change?
17:28:17 <eprodrom> RESOLVED: move section on exponential backoff to security considerations, section on trusting content to security consideration with tests to close https://github.com/w3c/activitypub/issues/233
17:28:18 <Loqi> [cwebber] #233 Move "do not overload" and "don't trust submitted content" to Security Considerations?
17:28:44 <ben_thatmustbeme> cwebber2: it sounds like we have been agreeing that relaxing requirements is more ok than adding requirements
17:28:59 <ben_thatmustbeme> sandro: i don't think it matters either given our schedule
17:29:11 <ben_thatmustbeme> ... we can't go to PR next week since we don't have the test suite out
17:29:39 <ben_thatmustbeme> cwebber2: next one is , mastodon has been trying pretty hard to be respectful of what people are and aren't willing to see
17:29:41 <cwebber2> https://github.com/w3c/activitypub/issues/232 https://github.com/w3c/activitypub/issues/231
17:29:42 <Loqi> [cwebber] #232 Content Warnings
17:29:55 <ben_thatmustbeme> these two are interrellated
17:30:23 <saranix> my view on this is tags are appropriate
17:30:38 <ben_thatmustbeme> if you haven't seen it in mastodon, you see 'content warning  explicit", etc
17:30:44 <saranix> ... handling as tags
17:31:14 <ben_thatmustbeme> cwebber2: the way it is done now using the summary field
17:31:48 <sandro> q?
17:31:51 <ben_thatmustbeme> ... this is like reading a short blog post you see the shortened version of it, but expand to see the full version
17:31:54 <saranix> I agree with the comment that said that summary is meant for different screen realestate / UI concerns
17:32:14 <ben_thatmustbeme> cwebber2: i have a little bit of a concern that its a little bit of an abuse of that property
17:32:49 <ben_thatmustbeme> ... if you have those two distinct contexts, if two servers are using them in different ways, someone might see things that they hadn't intended to see
17:33:21 <ben_thatmustbeme> ... i had original envisioned it as a tag , but this works, but i think it still should be wrapped in another type
17:33:41 <sandro> q+
17:33:46 <ben_thatmustbeme> eprodrom: i don't understand why a tag or the context wouldn't work here
17:34:00 <ben_thatmustbeme> ... there is no need to have backward compatibility with ostatus
17:34:30 <ben_thatmustbeme> cwebber2: it does need to give a clear indication that it should not be exposed by default, so i think it should have its own type on the tag
17:34:46 <ben_thatmustbeme> ... i agree that it makes more sense to me at the moment to use a tag
17:35:00 <ben_thatmustbeme> .. i think it would be more useful to tag multiple things at once
17:35:27 <ben_thatmustbeme> if you lump them all in one big text box, you can lose them
17:35:43 <ben_thatmustbeme> sandro: a tag should default to being show, don't show, or prompt
17:36:09 <ben_thatmustbeme> eprodrom: that is between you and your user agent ..
17:36:43 <ben_thatmustbeme> ... the sender should not have to decide how the content is receieved
17:36:51 <ben_thatmustbeme> sandro: well thats what the tagging is
17:37:54 <ben_thatmustbeme> sandro: before my client has ever seen one of these tags, ...  the person who is inventing the tag, the creator would have to say 'when a server sees this for the first time' what do they do
17:37:54 <saranix> the tagging is semantic
17:38:34 <saranix> is that bad?
17:38:44 <saranix> sandro, is that bad?
17:38:53 <ben_thatmustbeme> sandro: while we are doing this, i want a 3rd option, that is an opt-in tags
17:39:42 <ben_thatmustbeme> sandro: what i want to be able to do is scribe meetings on mastodon, i am going to be posting 4-500 things in an hour, i don't want them to be prompted at all
17:39:50 <ben_thatmustbeme> cwebber2: that is quite a bit different
17:40:02 <ben_thatmustbeme> sandro: but it comes into the same implementation territory
17:40:30 <ben_thatmustbeme> eprodrom: the pump.io way of doing that is setting up a list and limiting it to only a specific audience
17:40:38 <ben_thatmustbeme> sandro: and thats something people can join later?
17:40:45 <ben_thatmustbeme> eprodrom: exactly
17:41:09 <ben_thatmustbeme> cwebber2: it could apply to more things than we initially thought about.
17:42:13 <ben_thatmustbeme> eprodrom: movie ratings, appropriate for children, trigger warnings, there is a lot that goes in to this area, and people do a lot of non-semantic stuff, like stuffing things in to the summary.  or people make the post much longer than the default wrap,  like "spoiler warning" then a bunch of extra lines, etc
17:42:34 <cwebber2> q?
17:42:42 <eprodrom> ack sandro
17:42:43 <ben_thatmustbeme> ... finding a good way to do this is good, is good to add
17:43:24 <ben_thatmustbeme> cwebber2: i am in favor of tags, but if we want to get others in to it, we should get  like Gargron and evenminto on the CG call and bring it up there
17:43:37 <ben_thatmustbeme> ... i'll try to get them on tomorrow or next week to discuss this
17:43:51 <eprodrom> tag, warning, freetext, id
17:43:57 <ben_thatmustbeme> eprodrom: ideally i'd like to see something where 'this is a tag' and a warning
17:44:27 <ben_thatmustbeme> ... either a url or some text that indicates what we are warning about
17:44:44 <ben_thatmustbeme> cwebber2: there are 2 issues related to this
17:44:48 <cwebber2> https://github.com/w3c/activitypub/issues/231
17:44:49 <Loqi> [cwebber] #231 "Sensitive Media" tag
17:44:53 <ben_thatmustbeme> ... that might be a good solution to one of them
17:45:16 <ben_thatmustbeme> ... i think there might be a good solution for this, a specific content warning one that is just 'NSFW'
17:45:16 <rhiaro> do they use nsfw on japanese mastodon?
17:45:33 <ben_thatmustbeme> maybe 'senative media' or something like that
17:46:15 <ben_thatmustbeme> cwebber2: people on mastodon don't want to use NSFW anymore
17:46:30 <ben_thatmustbeme> but a more accurate 'sensative media'
17:46:34 <ben_thatmustbeme> eprodrom: .... YES
17:47:07 <ben_thatmustbeme> eprodrom: so they don't want to use that term because for some people sex work is WORK,  but...
17:47:19 <cwebber2> https://github.com/w3c/activitypub/issues/231#issuecomment-309835489
17:47:20 <Loqi> [cwebber] We're thinking related to #232 there would be a common Content Warning type tag for sensitive media.
17:47:33 <cwebber2> q?
17:47:45 <ben_thatmustbeme> cwebber2: they seem pretty related to me, so using the same mechanism seems to make sense to me
17:48:37 <ben_thatmustbeme> eprodrom: where the concern comes from for me, is when we start dictating what people want to see, but its pretty useful to have that people will want to see different things
17:48:54 <ben_thatmustbeme> eprodrom: i wonder if just having a 'content warning' tag and then the other tags after that describe what it is
17:49:00 <ben_thatmustbeme> sandro: i don't see how that would work
17:49:43 <ben_thatmustbeme> eprodrom: if i had a post on 'stephen universe', i put in a tag of type content warning,
17:49:58 <ben_thatmustbeme> or  'here is the content warning' and here is the other tag related to it
17:50:15 <ben_thatmustbeme> sandro: i don't see how i could read that as a spoiler vs trigger warning, etc
17:50:45 <ben_thatmustbeme> eprodrom: going in to the ontology of what content makes people uncomfortable ...
17:50:58 <ben_thatmustbeme> cwebber2: i think there are 2 things beeing suggested
17:51:24 <ben_thatmustbeme> one is marking certain tags as content warning,
17:51:57 <ben_thatmustbeme> sandro: spoiler warnings are definitely a thing
17:52:36 <ben_thatmustbeme> cwebber2: you could still handle it all with eprodrom proposal
17:54:06 <ben_thatmustbeme> eprodrom: do you put up police tape or police tape that says quatentine, murder, etc
17:54:20 <ben_thatmustbeme> cwebber2: i feel like its good for this to go to the CG as well
17:54:43 <ben_thatmustbeme> sandro: and some hundreds of thousands of users may have opinions about it as well
17:55:19 <ben_thatmustbeme> cwebber2: plus changing people over who may not like it, they may have some complaints about it
17:55:30 <ben_thatmustbeme> sandro: exactly why i would want to add functionality
17:55:47 <ben_thatmustbeme> <ben_thatmustbeme> my hands can't take much more though
17:55:58 <cwebber2> https://github.com/swicg/general/issues/6
17:55:59 <Loqi> [Gargron] #6 Hashtag representation
17:56:07 <cwebber2> https://mastodon.social/users/Gargron/updates/3288643
17:56:09 <Loqi> [Eugen] @cwebber i had another concern: OStatus URIs of the type tag:example.com;12345;foobar are not represented in ActivityPub, but present in Mastodon. How to avoid duplicates between things Mastodon sees via AP vs what it sees via OStatus?
17:56:26 <ben_thatmustbeme> cwebber2: the basic question is 'how you represent tags'
17:56:40 <ben_thatmustbeme> ... what the id of a tag
17:56:54 <eprodrom> https://www.w3.org/TR/activitystreams-vocabulary/#microsyntaxes
17:56:56 <ben_thatmustbeme> ... does each server have its own tag id?
17:57:07 <cwebber2> tag:example.com;12345;foobar
17:57:14 <ben_thatmustbeme> ... the way ostatus does this, is there are tag status URIs
17:57:33 <ben_thatmustbeme> eprodrom: there is a big section on this in the AS2 vocab
17:58:35 <ben_thatmustbeme> eprodrom: it sounds like 'what are the identities' is the question
17:59:59 <ben_thatmustbeme> cwebber2: i'll bring this to the CG as well
18:00:18 <KevinMarks> KevinMarks has joined #social
18:00:28 <ben_thatmustbeme> sandro: is this 'aspect' part actually implemented yet?
18:00:36 <ben_thatmustbeme> cwebber2: i'm about to
18:00:47 <ben_thatmustbeme> sandro: they are very different from groups
18:00:57 <ben_thatmustbeme> cwebber2: they are just a collection of people
18:01:18 <ben_thatmustbeme> sandro: does that work if the server is down?
18:01:38 <ben_thatmustbeme> cwebber2: well, you can't do that with mailing lists
18:01:48 <ben_thatmustbeme> sandro: no, but you can with hashtags
18:02:26 <ben_thatmustbeme> ... its never going to be anything more than another twitter if there is context collapse
18:02:55 <ben_thatmustbeme> sandro: i don't want the person sending it to say who it goes to , but the subscriber has to opt in to it
18:03:07 <ben_thatmustbeme> eprodrom: i think you should probably write this up as an issue
18:03:21 <eprodrom> trackbot, end meeting
18:03:21 <trackbot> Zakim, list attendees
18:03:21 <Zakim> As of this point the attendees have been eprodrom, ben_thatmustbeme, sandro, cwebber, rhiaro
18:03:22 <ben_thatmustbeme> eprodrom: lets wrap this up
18:03:29 <cwebber2> ben_thatmustbeme++ for scribing YET AGAIN
18:03:29 <Loqi> ben_thatmustbeme has 74 karma in this channel (233 overall)
18:03:29 <trackbot> RRSAgent, please draft minutes
18:03:29 <RRSAgent> I have made the request to generate http://www.w3.org/2017/06/20-social-minutes.html trackbot
18:03:30 <trackbot> RRSAgent, bye
18:03:30 <RRSAgent> I see no action items