16:05:21 RRSAgent has joined #social 16:05:21 logging to http://www.w3.org/2017/05/05-social-irc 16:05:30 rrsagent, make logs public 16:05:32 scribenick: aaronpk 16:05:36 Zakim has joined #social 16:05:44 (done) 16:05:50 cwebber: we have kind of a loose agenda today but let's start with introductions 16:06:08 cwebber: co-chair of this group and editor of activitypub 16:06:34 aaronpk: co-chair of this group, editor of micropub, webmention and co-editor of websub 16:07:18 i'm good 16:07:18 ben_thatmustbeme: ben roberts, involved in indieweb, member of the Social WG 16:07:22 Ouch, sorry 16:07:42 dmitriz == codenamedmitri? 16:07:58 dmitriz: at MIT with sandro, one of the developers on Solid, interested in decentralized authentication 16:08:25 eknutson: I'm working on an activitypub microblog in javascript that will hopefully also be compatible with gnusocial and mastodon if we can figure out what compatible means 16:09:29 Gargron: I'm Eugen. I work on Mastodon, I live in Germany. 16:09:34 dmitriz_ has joined #social 16:09:42 geppy1: i'm working on microblogging using web annotations 16:10:02 KevinMarks: i'm part of the SWWG and indieweb, and helped design opensocial 16:10:41 maloki: i'm a project manager for mastodon, I like social stuff 16:10:59 masoud: I'm a scientist but generally interested in decentralized stuff 16:11:20 also if there is anyone who's on irc-only and would like to introduce yourself, I can relay for you 16:11:26 MMN-work: my name is Michael. I maintain GNUSocial and make sure it keeps working even with OS updates. 16:11:42 FrankMurphy has joined #social 16:11:47 cwebber: as some people may know, evanpro is co-chair of the Social WG 16:12:19 nightpool: i'm one of the moderators of a service based on mastodon, i'm interested in activitypub support in mastodon 16:12:40 sandro: I work for MIT and W3C, I'm the main W3C staff on social. i'm sandhawke online. I like to code in node.js 16:12:44 (s/a service/cybre.space/) 16:13:03 geppy has joined #social 16:13:42 cwebber: the social web community group (CG) is continuing the work of the working group (WG) 16:14:03 ... i work on activitypub, a client-to-server and server-to-server federation protocol 16:14:13 scribenick: aaronpk 16:14:17 scribenick: cwebber 16:14:25 https://github.com/w3c/activitypub 16:14:26 [w3c] activitypub 16:14:42 aaronpk: for those who don't know I'm workign on MicroPub, a client to server system, which is on the second to last stage of the formalization process 16:14:44 or spec at https://github.com/w3c/activitypub 16:14:45 [w3c] activitypub 16:15:00 q+ to talk about multistack 16:15:09 aaronpk: webmention is a w3c recommendation right now, it's used for doing cross-site comments, more or less an evolution of pingback but more tightly specified 16:15:28 I LOVED THE OLD NAME 16:15:30 aaronpk: the third spec I'm editing is websub, which is basically pubsubhubbub, with a few but few functional changes 16:15:45 I can't even say it... I just skip half of it 16:15:50 aaronpk: I should also add that one of the goals of this community group is to continue the work of these specs after this workign group chapter is over 16:15:57 Gargron: Pubsub my hub! 16:15:57 Gargron, non-native speakers tended to not love it 16:16:11 it sounded like you were summoning the dark lord 16:16:11 Sorry about that... I did the audio test before the call while my laptop was on a dock, but I took it off the dock so something must have gotten thrown off... Hi everyone, my background is a little unorthodox: I'm an attorney by trade (though one with a CS degree) specializing in technology matters and open source. I'm a lifelong techie and became interested in decentralized social networking because of Mastodon. Stumbled onto ActivityPub from there. 16:16:14 aaronpk: one is to develop and formalize extensions around these specs. Many of our specs are designed to be relatively small at what they describe, but are designed to be extensible 16:16:22 aaronpk: so that's we expect as apart of this cg 16:16:45 Gargron: PS, you can mute the mic (there's a mic icon in the toolbar in Mumble) so your keystrokes don't reach the audio level for broadcasting. .) 16:17:06 q? 16:17:11 FrankMurphy: :> <3 16:17:13 (or configure push-to-talk, https://tserverhq.com/clients/knowledgebase/100/How-to-setup-push-to-talk-in-Mumble.html ) 16:17:29 present+ 16:17:31 ack sandro 16:17:31 sandro, you wanted to talk about multistack 16:17:41 sandro: i wanted to explain one thing that may not be obvious 16:17:59 ... normally in the standards process you expect all the players to get together and come to conensus around one way 16:18:08 15th standard! :o 16:18:12 KevinMarks_ has joined #social 16:18:36 ... the WG found that pretty difficult, as everyone knows getting consensus is difficult, so we settled on a compromise. we allowed multiple approaches to be developed in the group to be able to make progress. 16:18:47 https://www.w3.org/TR/social-web-protocols/ 16:18:49 [Amy Guy] Social Web Protocols 16:18:50 https://www.w3.org/TR/social-web-protocols/ 16:18:52 [Amy Guy] Social Web Protocols 16:19:01 ... we don't know enough about the space to be able to make the right calls so we hope that having multiple specs instead of no specs will move things forward 16:19:19 ... the social web protocols document is an overview of the relationships between all the specs 16:19:30 q? 16:19:36 cwebber: the WG agreed that if we do extensions then this group would be the place to do it 16:19:53 cwebber: does anyone have questions about the working group and its relation to the community group? 16:19:54 just as a quick, 30,0000 foot view: micropub is more about client-to-server communication, right? 16:20:18 scribenick: cwebber 16:20:29 aaronpk: yes micropub is specifically about client to server 16:20:50 aaronpk: you'll notice a recurring theme about the specs I'm working on is they're very broken up into discrete parts 16:20:56 composable specs 16:21:03 aaronpk: federation and client to server are in separate parts 16:22:14 cwebber: activitypub by contrast bundles both C2S and S2S in the same document but you can implement one and not the other 16:23:02 https://www.w3.org/wiki/SocialCG/2017-05-05#Topics 16:23:02 you're gapping a lot 16:23:05 this section is a nice side-by-side comparison https://www.w3.org/TR/social-web-protocols/#how-do-the-specs-relate-to-each-other 16:23:20 note that it is entirely possible to do micropub for C2S and activitypub for S2S or activitypub for C2S and webmention or LDN for S2S, etc 16:23:22 KevinMarks: I think he's just pausing. .) 16:23:32 cwebber: feel free to queue up if you want to bring up any topic 16:23:38 hm, maybe it's my client 16:24:20 cwebber: one example of an extension would be mastodon's content warnings, so we could do that as an extension in activitypub and formalize how that works in this group 16:24:30 MMN-o has joined #social 16:24:45 nightpool: what are the specific extension points of activitystreams and activitypub? 16:25:04 cwebber: it can be the verbs, or any object or property. activitystreams uses JSON-LD to do its extensions 16:25:47 however one of the things we agreed on is if we have common extensions in activitystreams, then this group is allowed to define extensions to add to the JSONLD context so that people don't have to keep tacking on JSONLD contexts 16:26:08 that could be new verbs, new nouns, or extensions in activitypub for defining new behaviors and side effects 16:26:40 nightpool: 16:27:05 Q was 'what can we extend? is it just verbs?' 16:27:15 q? 16:27:17 q+ activitypub implementations and tests 16:27:23 ack geppy 16:27:43 +q 16:27:45 geppy: last time i checked in there were some tests in progress, but i haven't seen any implementations of activitypub, maybe i;m looking in the wrong place? 16:27:48 question was "just so I make sure I have this correctly, if I implement a linked set of extensions, I'm allowed to include a new context, and that works somewhat like an xml schema?" 16:27:55 aaronpk ^ 16:28:02 cwebber: there's a test suite in progress. we have an activitystreams report template. 16:28:09 (that was the followup for the question about extension points) 16:28:18 cwebber: it's my responsibility to get that up and is what i'll be working on for the next few weeks 16:28:36 sandro: do people have test suites they use for ostatus? 16:28:39 that could be repurposed? 16:29:01 MMN-o: we have tests for gnusocial but they haven't been updated in forever 16:29:07 o 16:29:08 ok 16:29:08 mostly they try and interoperate and grumble about it ;) 16:29:13 since they are ostatus it would be a huge rewrite to update for activitypub 16:29:28 q? 16:29:31 q+ do you need help with AP tests? 16:29:35 ack gargon 16:29:41 ack Gargon 16:29:57 ack Gargron 16:30:04 Gargron: there is a work in progress activitypub impelemntation in mastodon. it's read only right now, it exposes some objects through the JSON api 16:30:31 there is some effort to make that work for server-to-0server implementaiton. mastodon is not looking to implement client-to-server APIs since we're quite happy with how our own APIs work and the app ecosystem around it 16:31:00 Gargron: there is no one test suite people can use to test whether their software is compatible with OStatus. mastodon has its own test suite for compatibility with various specs like Salmon and PubSubHubbub 16:31:12 so tests like that could be written for activitypub as well 16:31:15 q+ to talk about tests 16:31:20 WebSub has a test suite that's being worked on afaik, which is a part of OStatus (in practice). 16:31:23 q+ websub.rocks 16:31:27 (meta question: is there a place where we can add topics for later that's less immediate then queuing? or should we just queue?) 16:31:46 Good, KevinMarks .) 16:31:47 q? 16:31:51 ack aaronpk 16:31:51 aaronpk, you wanted to talk about tests 16:32:20 q+ geppy to ask do you need help with AP tests? 16:32:21 q? 16:32:39 (geppy: your earlier one didn't go through for syntax reasons) 16:32:42 ack websub.rocks 16:32:45 KevinMarks_, were you queuing yourself? 16:32:45 ah 16:32:46 ok 16:32:52 scribenick: cwebber 16:32:57 I thought I was 16:33:02 aaronpk: these aren't tests that are like unit tests, more functional tests 16:33:13 (nightpool: thanks! I didn't realize I need to say "... to ...".) 16:33:42 aaronpk: you can see examples at webmention.rocks and micropub.rocks 16:33:47 (yeah, you can elide the person if you're queueing yourself, but you do need to say "to") 16:33:59 aaronpk: those are good examples of tools that people can use 16:34:07 q+ to clarify q syntax 16:34:21 KevinMarks_: what I meant to say is that websub.rocks is to test for conformance for mastodon gnu social etc 16:34:24 q? 16:34:24 KevinMarks_: websub.rocks is a way to test the websub implementation of mastodon and gnusocial which should already pass it 16:34:26 ack geppy 16:34:26 geppy, you wanted to ask do you need help with AP tests? 16:34:37 geppy: do you need help with the ap tests? 16:35:31 Shiny, thanks! 16:35:32 q? 16:35:34 ack sandro 16:35:34 sandro, you wanted to clarify q syntax 16:35:55 cwebber: yes, let's talk more after meeting (and it's in scheme) 16:36:08 +q websub.rocks, server authorization/trust 16:36:16 sandro: so you do "q+ to: foo" to remind yourself about a topic 16:36:20 (Oh, thanks for explaining q!) 16:36:27 q? 16:36:32 oops 16:36:40 queue= 16:36:49 https://toot.cat/users/cwebber/updates/21078 16:36:50 [[MOVED] Christopher Webber] Hey everyone! So the first call of the Social Web Incubator Community Group is at 4PM GMT this Friday, May 5th. I hope you can make it! https://www.w3.org/community/swicg/2017/05/01/social-web-incubator-community-group-kick-off-call/ This will be a... 16:36:53 Gargron: I'm reminded of websub.rocks which is an amazing resource 16:37:08 Gargron: it's not really a test you can add any account and it work 16:37:26 Gargron: The problem is that websub.rocks does not work for mastodon, which is mainly because the implementation of private status in mastodon 16:37:39 Gargron: the problem is if you have ??? only then is the push done to the server 16:37:53 Gargron: so status is done not only to anyone who subscribes, but this accidentally breaks websub.rocks 16:38:14 Gargron: so I have no problem doing this change 16:38:18 would be good for public statuses for subscription between services 16:38:38 Gargron: one problem with OStatus is nothing about reachability is not specified in the spec, so I had to invent my own xml tag, and no other software understood that tag 16:38:48 "if you have at least one authorized follower" for the ??? cwebber 16:38:52 Gargron: ActivityPub solves this 16:39:00 s/???/if you have at least one authorized follower 16:39:11 Gargron: but the problem still remains that the user has to be aware of what servers the status travels to 16:39:21 Gargron: because a rogue implementation can simply be modified to leak/reveal them 16:39:29 Gargron: so I'm bringing up that concern 16:39:29 q? 16:39:31 q+ 16:39:33 q+ to discuss public web content accessibility 16:39:35 ack cwebber 16:39:39 scribenick: aaronpk 16:39:44 q+ to talk about rogue implementations and private messages 16:40:27 cwebber: to clarify, rogue implementations can be modified to leak, if i sent something to mallory's server but she also runs it for 5 other people, she's CC'd on this, she can post it publicly. is that the problem you're taling about? 16:40:36 Gargron: yeah the server can decide to ignore any privacy settings 16:40:56 For the record, the specific question was about how subscription confirmation works 16:40:57 cwebber: in activitypub, each message is suppoes to go into individual people's inboxes. but yeah a badly written server could dump it into a public timeline or whatever 16:41:08 q- 16:41:09 email has this problem as well but email doesn't have public lists 16:41:18 it's an easier mistake to make when you have a public feed 16:41:32 my understanding is the only way to completely get around it is end to end encryption 16:41:44 Gargron: on the other hand, something related to trustworthiness of servers and conveying that 16:41:46 q+ 16:41:50 q+ to mention twitter history here 16:42:06 cwebber: not everyone is excited about the "web of trust" idea 16:42:08 q+ to mention standard TOS 16:42:11 q+ to clarify subscription question 16:42:22 yikes queue 16:42:31 this kind of ties in to anti-abuse tooling. it's something worth exploring. this is a topic in itself. 16:42:43 ack MMn-work 16:42:43 MMN-work, you wanted to discuss public web content accessibility 16:42:48 previously 16:42:50 https://indieweb.org/private 16:42:58 MMN-work: there's always the question of what's the threat model 16:43:23 ... given the OStatus problem of posts being not protected enough, the use cases are very different for privacy for public communication. 16:44:24 ... i'm not sure if it's within the scope of activitypub to discuss these things, since of course public discussions should be available like a URL can point to a resource that is a discussion. of course ostatus only covers this specific use case. activitypub addresses private messaging, but i dont think its within scope to say how to protect these messages to be redistributed. since they might be 16:44:26 redistributed by rogue people vs rogue admins. 16:44:27 ack dmitriz 16:44:51 dmitriz: one thing i noticed in a lot of these decentralized social specs is the spec starts with authenticaiton/authorization/access control are out of scope 16:44:59 so there's definitely a need to point implementers to some sort of solution 16:45:09 i think private messages are a serious problem that needf to be solved 16:45:24 one possible solution is end to end encryptioon and the PKI which comes with its own set of problems but does work 16:45:38 another solution that requires more standards is interoperable cross domain authentication and authorization 16:45:57 we have a version of that in the Solid project but it's RDF based and not necessarily applicable to the people here 16:46:25 but how this applies to private messages is if we agree on how to identify users across federated instances and how to express access control on a message we can have a higher level of protection than doing web of trust for servers 16:46:32 q? 16:46:41 ack KevinMarks_ 16:46:41 KevinMarks_, you wanted to mention twitter history here 16:46:59 KevinMarks_: one of the reasons twitter turned off their public stream is it was too complciated to maintain with a mix of public and private posts in the stream 16:47:19 the indieweb approach to this is to have a server person, but that means you trust the server admin in that case 16:47:29 i liked to the private posts experiments https://indieweb.org/private 16:47:32 not only does it not scale, it doesn't even make sense for non-technical users. 16:47:46 q+ to clarify the server per person 16:47:54 s/liked/linked 16:47:56 ack sandro 16:47:56 sandro, you wanted to mention standard TOS 16:48:11 sandro: there are some interesting technical problems that kevin and dmitri mentioned 16:48:12 +q to ask about scalability of per-person-distribution and ActivityPub's POV 16:48:13 +1 social problems 16:48:20 i'm interested in the legal/social problems of trusting server admins 16:48:32 there are 1000+ mastodon instances, and most of them seem to use the default terms of service 16:48:39 well, it depends on multiusers trysting admins - withknown does the same 16:48:39 i'm curious whether the admins even know they are using the default ToS 16:49:18 we could have a couple standard ToS like creative commons style, and you as an admin pick the one you want that you're willing to commit to your users 16:49:29 then users hasve a reaonsable legal/social level of expectation 16:49:35 eg https://teach.kqed.org/ has many users that trust kqed as admin 16:49:43 of course this doesn't stop bad actors but it sets the bar for what's legal and whats the expecation of appropraite behavior 16:49:55 ack nightpool 16:49:55 nightpool, you wanted to clarify subscription question 16:49:55 Agree with your observations on the ToS issue. Happy to lend my expertise on that front. 16:50:12 nightpool: to clarify around fthe original question. the question was about how mastodon currently concept of a "confirmed follow" 16:50:16 and it uses that to pre-vet servers 16:50:29 the idea was mastodon does somewhat solve this problem already 16:50:31 q+ 16:50:42 Salmon-- 16:50:42 salmon has -1 karma 16:50:56 q- 16:50:57 +q to: follow requests via salmon 16:51:03 +q to follow requests via salmon 16:51:05 ack aaronpk 16:51:05 aaronpk, you wanted to clarify the server per person 16:51:08 salmon++ 16:51:08 salmon has 0 karma 16:51:08 scribenick: cwebber 16:51:17 :P 16:51:20 "q- later" is a trick to move yourself to the end of the queue :-) 16:51:32 aaronpk: KevinMarks_ mentioned the indieweb approach of one server per person, but that's not exactly it, each user has one url 16:51:52 I was being uncelar, sorry 16:51:56 q to cwebber: Somewhat relatedly, is data portability within the scope of the ActivityPub spec? Textbook use case is a user wanting to take his content from one ActivityPub-compliant instance to another. 16:52:10 aaronpk: each person has a top level url, but might be a subdomain or suburl... the point is your user is a url, so you can have your own site, but it works with multiple users on sites. 16:52:14 FrankMurphy: could you q+? 16:52:20 q? 16:52:27 ack MMN-work 16:52:27 MMN-work, you wanted to ask about scalability of per-person-distribution and ActivityPub's POV 16:52:31 q+ to talk about future meetings -- seems like there's a lot to talk about -- how many weeks between meetings would you like, and how many minutes should the meetings be? 16:52:39 q+ to: antiabuse 16:52:46 MMN-work: regarding public posts, which are readable by anyone with the URL and private posts which require authentication 16:52:47 q+ to cwebber: Somewhat relatedly, is data portability within the scope of the ActivityPub spec? Textbook use case is a user wanting to take his content from one ActivityPub-compliant instance to another. 16:52:48 q- to: 16:52:53 q- antiabuse 16:53:04 q+ to talk about antiabuse 16:53:07 in gnusocial you distribute a post one time to one server, even though there are multiple users on that server 16:53:20 that's very efficient 16:53:31 but if you have a private account and distribute to 100 followers, i assume activitypub sends one per person? 16:53:39 websub works for public posts between servers; for private posts you would need to send one per subscriber 16:53:47 my question is whether activitypub addresses the distirbution issue for public/private posts 16:54:00 cwebber: we do have a separate endpoint users can set up for public endpoints 16:54:16 q? 16:54:19 ack Gargron 16:54:19 Gargron, you wanted to follow requests via salmon 16:54:20 servers can short-circuit to send to each individual person, so if 100 people share a public endpoint then you can send to that one endpoint to reach all 100 users 16:54:37 https://mastodon.social/@kevinmarks/4937649 16:54:39 [Kevin Marks] @lambadalambda @Ronkjeffries @KevinMarks which is why I made unmung.com/mastoview 16:54:40 Gargron: follow requests weren't difficult to implement because activitystreams already contained all the necessary verbs 16:54:53 the only missing part was specifying when a profile is "locked", thereby requiring authorization in the first place 16:55:11 you send a "request friend" group with the target as the person you want to follow 16:55:21 the server displays it as a follow request and the end user can reject or authorize it 16:55:38 it's either an authorize verb or reject verb, and it goes back via salmon to the requester 16:55:49 is this why remote follow takes 3 clicks? 16:55:54 q? 16:56:32 Gargron: the way public/private URLs work in mastodon is public posts have public URLs, but private posts don't. they always return 404 regardless of who accesses them unless they use authentication 16:56:56 the private posts are distributed one time when they are created using pubsubhubbub, and that's the only way the other servers receive that content. they can't access it later via public urls because there is no authentication mechanisms for servers to access that content later 16:57:09 https://botsin.space/users/quinn/updates/582 16:57:10 [quinn ❎] Why do I have to follow someone three times to follow them once? 16:57:16 ack sandro 16:57:16 sandro, you wanted to talk about future meetings -- seems like there's a lot to talk about -- how many weeks between meetings would you like, and how many minutes should the 16:57:19 ... meetings be? 16:57:22 sandro: we have 3 minutes left in this call 16:57:27 it's great having everyone on the call 16:57:27 oh, yikes, it was only an hour? 16:57:31 hahaha 16:57:38 awesome 16:57:43 Poll for next meeting time: http://doodle.com/poll/vvn2rn36ikgpx96b 16:58:14 2 (every 2 weeks) 16:58:20 1 120 16:58:22 maybe we can do a strawpoll in IRC, how often do you want to come to a meeting? 1-every week, 2- every 2 weeks. and how long would you want the calls to be? 16:58:26 1 120 16:58:30 I could do every 1 week if people find it helpful 16:58:35 1 / 120 16:58:36 do we have a mailing list or message board to have async discussions on this stuff? 16:58:43 1 60 or 2 120 16:58:52 1 / 60 or 2/120 16:58:53 2 120 16:58:59 I'll jus read the minutes, I probably don't have more time than 1/month .) 16:59:11 you can also leave messages here too 16:59:16 http://socialwg.indiewebcamp.com/irc/social/today 16:59:22 logs ^ 16:59:29 https://www.w3.org/wiki/SocialCG 16:59:43 1 week, 120 minutes 16:59:54 1 90 16:59:59 2/120 17:00:06 1^60 17:00:09 oops 17:00:10 1 60 17:00:12 1, * 17:00:15 2 60 17:00:23 8 / 600 17:00:25 :P 17:00:25 2w 60 17:00:26 1 90 is good actually. I think this meeting should probably go a little longer though 17:00:31 because it's a kickoff 17:01:21 Maybe it's popular because people want to get through all these "pent up" discussions :) 17:01:22 is the lack of mailing list / message board incidental, or intentional? 17:01:59 also as a "social" group, its good to use social methods 17:01:59 I think github works pretty well as async 17:02:05 re: mailing lists 17:02:21 github issues are pretty good for ML-type stuff 17:02:27 scribenick: cwebber 17:02:47 aaronpk: I think you covered most of it, mailing lists tend to drag out whereas github links tend to allow for resolutions; irc tends to be great when you have the logs 17:02:48 do we have a CG github repo? 17:02:50 star this: https://github.com/swicg/general 17:02:51 [swicg] general: General issue tracker for the group 17:02:54 aha 17:02:59 aaronpk: I'm not inclined to add another channel, mailing list free has worked great for indieweb 17:03:01 q? 17:03:46 +1 17:03:47 +1 17:03:47 proposed: 30 minute extension 17:03:48 +1 17:03:48 +1 17:03:49 +1 17:03:49 +1 17:03:50 +1 extend half an hour 17:03:51 -1 17:03:53 +1 17:03:55 +0.5 17:04:06 ack FrankMurphy 17:04:06 FrankMurphy, you wanted to cwebber: Somewhat relatedly, is data portability within the scope of the ActivityPub spec? Textbook use case is a user wanting to take his content from 17:04:07 (mic not working) is data portability within the scope of the ActivityPub spec? Textbook use case is a user wanting to take his content from one ActivityPub-compliant instance to another. 17:04:10 ... one ActivityPub-compliant instance to another. 17:04:40 PS. I'm not a customer with GitHub so if I were to start discussing issues I guess I'd have to relay it through others. But I also realise I'm probably not going to be the one taking on issues .) 17:04:41 https://socialwg.indiewebcamp.com/irc/social/today <-- logs 17:04:50 Having client-to-server in the spec gives it some amount of data portability, right? 17:04:53 cwebber: the spec doesn't say anything about data portability. it can be done in pump.io with a script that exports/imports everything. you could do the same in activitypub. what you'd want is to set up redirects. 17:05:12 +q to follower portability 17:05:48 aaronpk: Yes, but I started cleaning out accounts at proprietary disservices a couple of years ago. 17:05:54 q? 17:06:08 https://github.com/w3c/websub/issues/98 17:06:09 [kevinmarks] #98 Subscription migration is unclear 17:06:16 incidentally, cross-domain identity is a pre-requisite for being able to export/transfer your followers & contacts list 17:06:17 q? 17:06:25 ack Gargron 17:06:25 Gargron, you wanted to follower portability 17:06:46 https://github.com/tootsuite/mastodon/issues/177#issuecomment-292780728 17:06:46 [kevinmarks] The logical thing to 301 is the user's URL so systema.com/@usera 301s to 17:06:47 systemb.club/@userb (and the atom feed, obviously). This does rely on the 17:06:47 site being migrated from to co-operate, yes, but ti is less fiddly than 17:06:47 requiring a new webfinger call.... 17:06:59 Gargron: about follower portability. i've been looking into that. one of the main concerns was that if someone gained access to your account, if follower migration existing you could move followers to someone else which would basically be forever 17:07:00 yeah follower exfil is a big deal. 17:07:09 nothing else you can do on mastodon has such a destructive action 17:07:14 export & import is slightly different, though, than destructively “moving” followers 17:07:55 the other concern with moving followers (in ostatus), obviously this should be a salmon slap or a message in the feed, but the problem is there is no activitystreams verb or object to describe "moved" or "migrated" 17:08:03 another approach is to do some sort of redirect 17:08:12 but we want to do webfinger lookups as little as possible 17:08:17 then handle that account without doing additional networking 17:08:20 dmitriz: I guess export is just "download my activitystream" .) 17:08:33 recently we added a one-day cooldown for doing webfinger lookups because we found issues with people changing URLs on their servers 17:08:33 but specifically export for the followers list / contact book 17:08:41 (that's how data portability - but not identity moving - is done (when it works) in GNU social) 17:08:41 which meant that their accounts would be broken unless you do a second webfinger lookup 17:08:51 so now the next day it will do a second webfinger lookup to update the URLs 17:09:02 i'm not sure if doing http redirects is in the spec for webfinger or how it should be treated 17:09:13 Right now it's actually just follows on export. Not your posts. 17:09:18 the main problem i can foresee is in mastodon the assumption is the username and domain is a unique combination 17:09:21 globally unique? or unique per domain? 17:09:26 oh ok 17:09:27 changing it from one to another in the database çould lead to collisions 17:09:37 i'm open to suggestions and brainstorming on this part 17:09:44 q? 17:09:47 ack cwebber 17:09:47