the nature of an ecosystem when one software can steamroll in whatever direction it wants too unimpeded (because again: marketshare) and how this cripples the advancement of careful protocol development when much of it's "behind closed doors" of one vendor (at least to my understanding), outside of actual standards bodies and community-organized efforts-- @arcanicanis@were.social
YES, THIS! Sums up my frustrations pretty well back from when Misskey was having federation issues with Peertube and Owncast because of HTTP Signatures.
Just as a reminder, the version of HTTP signatures the elephant in the room uses (and thus makes everyone else use) is based on an RFC draft which is now "expired & archived".
Also when I was looking up the name of the RFC draft again I found out that its successor RFC 9421 "HTTP Message Signatures" has been published this month. I hope someone in particular will be making some kind of move on that if you know what I mean. :gargamel:
Conversation
Notices
-
Embed this notice
johann150@genau.qwertqwefsday.eu's status on Friday, 16-Feb-2024 05:20:00 JST 
Johann150
- Haelwenn /элвэн/ :triskell: likes this.
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 16-Feb-2024 05:32:08 JST 
Haelwenn /элвэн/ :triskell:
@Johann150 @arcanicanis tbh I feel like the entire way standards are made is broken, including IETF which feels like the least worst one.
Like the Fediverse has been using HTTP (Message) Signatures for more than half a decade and is probably by far the main user of it yet there's barely any communication between implementers and standards writers, and AFAIK there was no way to get something like a mailling-list with just http-signatures rather than the entire noise of the http-wg. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 16-Feb-2024 05:44:06 JST
Haelwenn /элвэн/ :triskell:
@Johann150 @arcanicanis
SocialHub for me is the kind of thing I nearly just stopped (I just get email on new subjects of particular topics) because there's no difference between stuff like "help, my implementation doesn't works" and stuff like "Here's a draft for a FEP".
So it went back to people explicitly pinging Pleroma or seeing something in my fedi timeline. Which doesn't scale at all to the number of fedi implementations. -
Embed this notice
johann150@genau.qwertqwefsday.eu's status on Friday, 16-Feb-2024 05:44:07 JST
Johann150
@lanodan@queer.hacktivis.me @arcanicanis@were.social hmm i mean with having a single developer/user project pretty much and not even that much experience compared to some other people around here (probably including you), i don't have the expectation of influencing any kind of standard. but yeah that sounds kinda annoying.
kinda similar situation with FEPs/socialhub.activitypub.rocks, I've kinda given up on them having any considerable impact, especially since mastodon doesn't seem to care about them at all, sometimes even doing yet another competing implementation of something that was already put into FEPs -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 16-Feb-2024 06:03:00 JST
Haelwenn /элвэн/ :triskell:
@erincandescent @Johann150 Well at the same time it meant that most fedi implementers never ~joined, specially because it's W3C and most of us aren't corporations (and wasn't really known that you could somewhat just join SocialWG).
It couldn't have been more obscure, meaning there was basically no signal.
Meanwhile all software developers know that you're supposed to split chatrooms/mailing-lists/trackers between -support and -dev (and possibly chatter), because -dev is the one where you need to read ~everything and -support you can just glance at it. -
Embed this notice
Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Friday, 16-Feb-2024 06:03:02 JST 
Erin 💽✨
@lanodan @Johann150 The worst thing about SocialWG was all the factions
The best thing about SocialWG was that it was a closed working group, keeping noise down.
Something like that is really missing (of course, with note that assembling such a thing is hard given the amount of beef that exists between various implementers!)
-
Embed this notice
Glitch (glitch@pl.glitch.pm)'s status on Friday, 16-Feb-2024 06:04:40 JST 
Glitch
@Johann150 @lanodan @arcanicanis I think a lot of it comes down to the fact that it's really difficult to "predesign" a standard before you have a fully working product too.
Even putting aside the politics that always rear their ugly head when it comes to defining standards, I can speak from experience that one thing no standard (that isn't a frankenstein backport of implementations) survives is contact with reality. You're always going to find some obscure edgecase or issue you weren't aware of during standard design.
A lot of the really old web standards have clear roots back when it was only universities (so much smaller and easier to communicate these things), and even there you can find issues with how there were exciting new issues when a general audience got involved. (See: the complete disaster of handling email spam, the failure of domain WHOIS records until literal laws had to step in to fix things.)Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Friday, 16-Feb-2024 06:11:05 JST
Erin 💽✨
@lanodan @Johann150 No argument that the SocialWG’s joining process sucked, because W3C. Though when it started we tried to invite someone from every one of the big projects of the day
(The response we near-universally got was “we like our protocol and will be sticking with it”)
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
arcanicanis (arcanicanis@were.social)'s status on Friday, 16-Feb-2024 12:32:31 JST 
arcanicanis
I think part of it just comes down to developers of each project having direct communication channels with each other, whether it’s poking each other over email, instant messaging, or direct messages; meanwhile kicking around topics in microblogging format (as something that can get buried to the timeline with everything else), sometimes makes it difficult. I do agree that SocialHub for whatever reason feels difficult to keep up with.
Essentially with FEPs, it feels almost like something that should be treated like trying to get a bill through Congress. “Hey, I’ve got this new proposal, I’ve talked to X and Y project, and they seem onboard, can I count on your support too? Is there any feedback you have on this idea?”
As for Mastodon: fuck it. Everyone else can continue advancing on together, and probably craft things in a “progressive enhancement” manner to augment new things, while Mastodon can act like the “Internet Explorer of the fedi” in it’s own little aimless corner. While the rest of us get to have: custom emote reactions, animation markup, search, post quoting, (now recently) post tipping, and whatever else comes next.
Or with locking down fedi: have some opt-in “strict mode” (that would otherwise ‘break’ federation, if it wasn’t opt-in) that could be advertised in nodeinfo, like in similar nature to HSTS with web browsers regarding strict HTTPS use; or if an actor has keys listed for Object Integrity Proofs, to trust that mechanism only for proving something authentic as originating from that user, and skipping whatever insanity of HTTP Signatures, same-origin, or other mechanisms, etc.
Haelwenn /элвэн/ :triskell: likes this.
All GNU social JP content and data are available under the