Conversation

Notices

1. Embed this notice
   Christine Lemmer-Webber (cwebber@social.coop)'s status on Friday, 20-Feb-2026 03:55:33 JST Christine Lemmer-Webber

   • 洪 民憙 (Hong Minhee)

   @kopper @hongminhee As the person probably most responsible for making sure json-ld stayed in the spec (two reasons: because it was the only extensibility answer we had, and because we were trying hard to retain interoperability with the linked data people, which ultimately did not matter), I agree with you. I do ultimately regret not having a simpler solution than json-ld, especially because it greatly hurt our ability to sign messages, which has considerable effect on the ecosystem.

   Mea culpa :\

   I do think it's fixable. I'd be interested in joining a conversation about how to fix it.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 04:08:34 JST Evan Prodromou

     in reply to

     • 洪 民憙 (Hong Minhee)

     @cwebber @kopper @hongminhee

     I would be strongly opposed to any effort to remove JSON-LD from AS2. We use it for a lot of extensions. Every AP server uses the Security vocabulary for public keys.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 04:08:35 JST Evan Prodromou

     in reply to

     • 洪 民憙 (Hong Minhee)

     @cwebber @kopper @hongminhee I think you are misremembering, Christine. We started the WG off with AS2 being based on JSON-LD, and I don't think we ever considered removing it.

     I definitely don't think it was a decision you made on your own. I'm not sure how you would, since you edited AP and not AS2 Core or Vocabulary.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 04:11:28 JST Evan Prodromou

     in reply to

     • 洪 民憙 (Hong Minhee)

     @cwebber @kopper @hongminhee It would be a huge backwards-incompatible change for almost zero benefit. People would still make mistakes in their ActivityPub implementations (sorry, Minhee, but that's life on an open network). We'd need to adopt another mechanism for defining extensions, and guess what? People are going to make mistakes with that, too.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 04:14:45 JST Evan Prodromou

     in reply to

     • 洪 民憙 (Hong Minhee)

     @cwebber @kopper @hongminhee The biggest downside to JSON-LD, it seems, is that it lets most developers treat AS2 as if it's plain old JSON. That was by design. People sometimes mess it up, but most JSON-LD parsers are pretty tolerant.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 05:24:51 JST Evan Prodromou

     in reply to

     • Vivien (toujours dans le déni)
     • 洪 民憙 (Hong Minhee)

     @gugurumbe @cwebber @kopper @hongminhee AS2 requires compacted JSON-LD.

   • Embed this notice
     Vivien (toujours dans le déni) (gugurumbe@mastouille.fr)'s status on Friday, 20-Feb-2026 05:24:52 JST Vivien (toujours dans le déni)

     in reply to

     • Evan Prodromou
     • 洪 民憙 (Hong Minhee)

     @evan @cwebber @kopper @hongminhee Couldn’t we agree to standardize on expanded json-ld? We would not need any json-ld processor, we would not need to fetch or cache any context. There would be no way to shadow properties.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 05:25:53 JST Evan Prodromou

     in reply to

     • Vivien (toujours dans le déni)
     • 洪 民憙 (Hong Minhee)

     There is no data format we can choose to eliminate programmer errors in online protocols. That's a quixotic aim.

     @gugurumbe @cwebber @kopper @hongminhee

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 05:48:36 JST Evan Prodromou

     in reply to

     • Vivien (toujours dans le déni)

     @gugurumbe @kopper I don't think that's the model of ActivityPub. It's made to allow reading remote objects.

     Most implementations pre-load or compile in the external contexts. I agree, it's a big performance hit to load context URLs at runtime.

   • Embed this notice
     Vivien (toujours dans le déni) (gugurumbe@mastouille.fr)'s status on Friday, 20-Feb-2026 05:48:38 JST Vivien (toujours dans le déni)

     in reply to

     • Evan Prodromou

     @evan @kopper mentioned the async problem; if there’s no external contexts to fetch, then the recieving server can explicitly reject the request if it is incorrect.

   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Friday, 20-Feb-2026 05:53:14 JST Christine Lemmer-Webber

     in reply to

     • Evan Prodromou
     • 洪 民憙 (Hong Minhee)

     @evan @kopper @hongminhee The problem is that signing json-ld is extremely hard, because effectively you have to turn to the RDF graph normalization algorithm, which has extremely expensive compute times. The lack of signatures means that when I boost peoples' posts, it takes down their instance, since effectively *every* distributed post on the network doesn't actually get accepted as-is, users dial-back to check its contents.

     Which, at that point, we might as well not distribute the contents at all when we post to inboxes! We could just publish with the object of the activity being the object's id uri

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 06:15:34 JST Evan Prodromou

     in reply to

     • 洪 民憙 (Hong Minhee)

     @cwebber @kopper @hongminhee I talk about this in my book. Unless the receiving user is online at the time the server receives the Announce, it's ridiculous to fetch the content immediately. Receiving servers should pause a random number of minutes and then fetch the content. It avoids the thundering herd problem.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 06:24:40 JST Evan Prodromou

     in reply to

     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @patmikemid I call it trust, then verify. Usually caching the data with a ttl of a short number of minutes is enough.

     @cwebber @kopper @hongminhee

   • Embed this notice
     You S Blues (patmikemid@sfba.social)'s status on Friday, 20-Feb-2026 06:24:41 JST You S Blues

     in reply to

     • Evan Prodromou
     • 洪 民憙 (Hong Minhee)

     @evan @cwebber @kopper @hongminhee I think that is a better algorithm than a brain dead exponential back off. Perhaps put the two together.

   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Friday, 20-Feb-2026 08:42:32 JST Christine Lemmer-Webber

     in reply to

     • Evan Prodromou
     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @evan @patmikemid @kopper @hongminhee Trust *then* verify?! That means accepting windows of impersonation attacks necessarily then, right...?!

   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Friday, 20-Feb-2026 08:42:57 JST Christine Lemmer-Webber

     in reply to

     •  The Video Toaster :solar:
     • Evan Prodromou
     • 洪 民憙 (Hong Minhee)

     @evan @kopper @hongminhee But that means either:

     - Users don't get to see content that has been federated to them for *minutes*
     - Unless we show unverified messages, allowing for windows of impersonation attacks, in which substantial reputational damage can be done!

     And also:

     - Whenever I boost several of @vv's posts, her server can be down *for a while*. Random delays can help reduce load but not as substantially as signature verification
     - This has to be done for both the activity *and* the object
     - And there's no reason to include either the activity or the object if you care about not risking impersonation attacks, because you might as well just send {"@id": "https://example.org/post/12345/"}

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 08:46:44 JST Evan Prodromou

     in reply to

     • infinite love ⴳ
     • Vivien (toujours dans le déni)
     • 洪 民憙 (Hong Minhee)

     @trwnh i was replying to a post that wanted all expanded terms.

     @gugurumbe @cwebber @kopper @hongminhee

   • Embed this notice
     infinite love ⴳ (trwnh@mastodon.social)'s status on Friday, 20-Feb-2026 08:46:45 JST infinite love ⴳ

     in reply to

     • Evan Prodromou
     • Vivien (toujours dans le déni)
     • 洪 民憙 (Hong Minhee)

     @evan @gugurumbe @cwebber @kopper @hongminhee only for terms defined in AS2, though?

     if the activitystreams context is missing in an application/activity+json document, then you MUST assume/inject it. this means you can't redefine "actor" to mean "actor in a movie".

     otherwise, you don't have to augment the context with anything else. "https://w3id.org/security#publicKey" is a valid property name. the proposal is to not augment the normative context where possible. no parsing context if there is no context

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 08:48:44 JST Evan Prodromou

     in reply to

     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @cwebber yes. Like I said, very low risk. If you want to be absolutely safe, wait until your first user reads the content before verifying it. It's usually not immediate. Most users aren't online. (TM)
     
     @patmikemid @kopper @hongminhee

   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Friday, 20-Feb-2026 08:48:49 JST Christine Lemmer-Webber

     in reply to

     • Evan Prodromou
     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @evan @patmikemid @kopper @hongminhee I would consider myself a user which, when at her computer, is in a state we might call "terminally online"

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 08:49:24 JST Evan Prodromou

     in reply to

     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @cwebber lucky you, you get all the first deliveries!

     @patmikemid @kopper @hongminhee

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 09:08:01 JST Evan Prodromou

     in reply to

     • aeva
     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @aeva the thundering herd?

     @cwebber @patmikemid @kopper @hongminhee

   • Embed this notice
     aeva (aeva@mastodon.gamedev.place)'s status on Friday, 20-Feb-2026 09:08:02 JST aeva

     in reply to

     • Evan Prodromou
     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @evan @cwebber @patmikemid @kopper @hongminhee *sheepishly raises hand* why not standardize what everyone ended up doing instead since that seems to be faster *ducks*

   • Embed this notice
     🫧 socialcoding.. (smallcircles@social.coop)'s status on Friday, 20-Feb-2026 09:20:49 JST 🫧 socialcoding..

     in reply to

     • Evan Prodromou
     • 洪 民憙 (Hong Minhee)

     @cwebber @evan @kopper @hongminhee

     I may be naive and am not an expert here, but in my musings on a protosocial AP extension I imagined a clean separation of "message bus" where you'd want closed-world predictable msg formats defined by some schema (perhaps JSON Schema or LinkML). These msgs would JSON-LD formatted but validated as plain JSON.

     And then there would be the linked data side of the equation, where a semantic web is shaping up that is parsed with the whole set of open standards that exists here, but separate of the message bus. This is then a hypermedia, HTTP web-as-intended side. Open world and follow your nose, for those who want that, or minimum profile for the JSON-only folks.

     It occurs to me these require separate/different extension mechanisms, guidelines and best-practices. The linked data part lends itself well for content and knowledge presentation, media publishing. While the msg bus gives me event driven architecture and modeling business logic / msg exchange.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 09:21:02 JST Evan Prodromou

     in reply to

     @cwebber some last thoughts on digital signatures for solving the thundering herd problem:

     Unless the author's signing key is saturated in the network, you're going to have a thundering herd for the key, anyways. It's just pushing the problem down the line.

   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Friday, 20-Feb-2026 09:21:49 JST Christine Lemmer-Webber

     in reply to

     • Evan Prodromou

     @evan If it's a popular author, which most commonly is the type who causes the thundering herd, then the chances the key is cached is very high!

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 09:22:28 JST Evan Prodromou

     in reply to

     @cwebber

     If you don't think waiting until the first user loads the content to verify the content is an acceptable risk, there are still other solutions. One I like is using a content-addressed shared cache for public data, like IPFS. We have `alsoKnownAs` as a nice way to include this URI.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 09:27:00 JST Evan Prodromou

     in reply to

     @cwebber I think the use case you mentioned was an author with a small following getting boosted by one with a large following.

     Regardless, even if the caching level is 90%, you're still doing a bit percentage of the original herd.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 09:30:12 JST Evan Prodromou

     in reply to

     @cwebber yes.

   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Friday, 20-Feb-2026 09:30:13 JST Christine Lemmer-Webber

     in reply to

     • Evan Prodromou

     @evan ESPECIALLY if it's on something like IPFS, you need signatures, because there's no "see if it's on this instance" to speak of as a trust step!!!!

     Am I am losing my mind over here

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 09:30:37 JST Evan Prodromou

     in reply to

     @cwebber it's ok if you don't get it. You don't have to use it. There are other ways to handle the thundering herd, like shared caches.

   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Friday, 20-Feb-2026 09:30:38 JST Christine Lemmer-Webber

     in reply to

     • Evan Prodromou
     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @evan @patmikemid @kopper @hongminhee I'm sorry hold on Evan I'm sorry but it's NOT very low risk. That's a COMPLETE misunderstanding of the information landscape we are currently in.

     Trust THEN verify?!?! Trust AND THEN verify?!?!!?!?!?!?

     "A random several minutes" until we know whether or not the content delivered authentically is from said actor...

     Even ONE minute is enough for someone to read, and believe, something false, and to reply, or to *take action*. Or to boost a post, which is then distributed across the fediverse, and then seen by a bunch of other nodes which also have not yet verified?

     Trust AND THEN verify doesn't make sense!!!

     AAAAAA I am losing my marbles over this one

   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Friday, 20-Feb-2026 09:37:06 JST Christine Lemmer-Webber

     in reply to

     • Evan Prodromou
     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @evan @patmikemid @kopper @hongminhee Okay, sorry for blowing up in public, this is a heated issue for me, and something I strongly regret us not just shipping an answer for, and something I have been troubled by for what's now, well, a decade. But I should have taken this to DMs rather than blowing up in public. Mea culpa.

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Friday, 20-Feb-2026 10:47:04 JST Evan Prodromou

     in reply to

     • aeva
     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @aeva what

     @cwebber @patmikemid @kopper @hongminhee

   • Embed this notice
     aeva (aeva@mastodon.gamedev.place)'s status on Friday, 20-Feb-2026 10:47:06 JST aeva

     in reply to

     • Evan Prodromou
     • You S Blues
     • 洪 民憙 (Hong Minhee)

     @evan @cwebber @patmikemid @kopper @hongminhee the json ld thing