The W3C going for brutal honesty here I see
Conversation
Notices
-
Embed this notice
Erin 💽 (erincandescent@queer.af)'s status on Friday, 03-Nov-2023 07:37:48 JST 
Erin 💽
- clacke likes this.
-
Embed this notice
Erin 💽 (erincandescent@queer.af)'s status on Friday, 03-Nov-2023 07:37:45 JST
Erin 💽
Other specifications which could use a "this spec is for masochists" admonition include
- JSON-LD
- SIP
- C++
- Every single document to ever come out of the 3GPP
Haelwenn /элвэн/ :triskell: and clacke like this. -
Embed this notice
Erin 💽 (erincandescent@queer.af)'s status on Friday, 03-Nov-2023 07:37:47 JST
Erin 💽
Reasons I regret ActivityStreams2 (and hence ActivityPub) being based upon JSON-LD include
- JSON-LD is too complicated
- It brings Linked Data Signatures into the picture, which require you to read this document, which admits its for masochists
(Probably don't do Linked Data Signatures. Most implementations get by fine without them)
clacke likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 03-Nov-2023 07:45:28 JST 
Haelwenn /элвэн/ :triskell:
@erincandescent And LD Signatures are also way too dangerous for AS2 intended usage.
Why would you want signatures of social network messages to be *archivable* by design? NSA much?
Only thing that needs to be there is in-transit signatures that by design are only valid for a certain timeframe, so something like HTTP Signatures (I wish HTTPS client certificates would work, but reverse proxies break this). -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 03-Nov-2023 07:47:15 JST
Haelwenn /элвэн/ :triskell:
@erincandescent Also: SOAP and anything based on it.
(In fact SOAP is why I often mistake the S of SIP for Simple, instead of Session) -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 03-Nov-2023 07:53:06 JST
Haelwenn /элвэн/ :triskell:
@erincandescent Yeah that would be less dangerous, but you'd end up having to maintain two systems, one of which requires you to implement pain (canonical binary representation of JSON), and I'm not sure if there's any alternatives to doing that. -
Embed this notice
Erin 💽 (erincandescent@queer.af)'s status on Friday, 03-Nov-2023 07:53:07 JST
Erin 💽
@lanodan I kinda see a use for signing activities so when I reply to this post, your server can relay the creation of my reply (of course the contents of the post needn't be signed, so you refetch that)
but tbh it would be much better if servers just took receipt of a bare URL (or activity with ID out of scope of the HTTP sig) in the inbox as an indicator that they should go and fetch from origin
-
Embed this notice
Erin 💽 (erincandescent@queer.af)'s status on Friday, 03-Nov-2023 07:54:06 JST
Erin 💽
@lanodan I think SOAP's kinda cute in some regards but XML is totally the wrong carrier for RPC
(WSDL is actually a good idea, very poorly implemented. And the SOAPAction header is actually, IMO, sort of the missing piece of the RPC-over-HTTP puzzle)
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 03-Nov-2023 08:03:40 JST
Haelwenn /элвэн/ :triskell:
@erincandescent I'm not sure HTTP is the right transport for most usage of RPCs though.
At least I've done JSON-RPC like systems but over TCP or WebSocket (depending on the implementations), and I think it's a pretty good way of doing RPC, specially if what you have is typically long-lived (so the opposite of HTTP being quite fire-and-forget with a bit of keep-alive). -
Embed this notice
Erin 💽 (erincandescent@queer.af)'s status on Friday, 03-Nov-2023 08:04:28 JST
Erin 💽
@lanodan oh im not thinking of anything complex here
Just when receiving a POST into the inbox with a HTTP Signature which isn't same-origin with the activity being posted, rather than discarding the activity one should re-fetch it from origin because it might be outbox forwarded
(of course this only works if the activity has a dereferencable URI)
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Erin 💽 (erincandescent@queer.af)'s status on Friday, 03-Nov-2023 08:37:29 JST
Erin 💽
@lanodan its not perfect but it works quite well, and for lots of systems the statelessness is a feature (you should do HTTP/2 with connection pooling though)
But one problem, IMO, is that you end up mixing up object identity and method in your path
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Gérard Mentor (gugurumbe@mastouille.fr)'s status on Friday, 03-Nov-2023 15:46:34 JST 
Gérard Mentor
@erincandescent @lanodan About the bare URL things, I asked a similar question to public-solid, and Melvin Carvalho replied to me:
There was actually a system like this about 15 years ago called ripple, I'll see if i can find some links to it.
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Laurie Voss (seldo@alpaca.gold)'s status on Friday, 03-Nov-2023 15:55:55 JST 
Laurie Voss
@erincandescent Venn diagram of those two is a bullseye.
clacke likes this. -
Embed this notice
Erin 💽 (erincandescent@queer.af)'s status on Friday, 03-Nov-2023 15:56:05 JST
Erin 💽
@chris we run glitch-soc
clacke likes this. -
Embed this notice
Chris Alemany🇺🇦🇨🇦🇪🇸 (chris@mstdn.chrisalemany.ca)'s status on Friday, 03-Nov-2023 15:56:06 JST 
Chris Alemany🇺🇦🇨🇦🇪🇸
@erincandescent aside: How did you create that beautiful properly formed linked text in your post!?
All GNU social JP content and data are available under the