Notices by arcanicanis (arcanicanis@were.social)

Random thought: saw the mention of Isso, for a commenting system that can be used on static websites. Had the idea of something similar with ActivityPub instead, but then thought further of something where you could have something essentially proxy and transform content from a static website (given some URL pattern of which pages should be included/exempt, and where to extract content from).

Ergo, you could have some blog or other personal website, that could even be static, while having some secondary service that can transform it to ActivityPub, Nostr, or other representations, and serve an embedded (and moderated) comments section, without needing the content to originally be inside of some natively ActivityPub-based (or extended) platform.

Hell, even stepping even further: maybe could do it for an art gallery system too, that could do automatic cross-posting.

I wonder if it'd be practical of some counter-technology of feeding posts through an LLM first, to "normalize" it to some more deterministic, less-distinct way of sentence structure and word choice. Though of course I'm sure that would make interaction a little more bland.

At the same time though, I have been able to mentally correlate alts of some people on my own, in just a casual effort, regardless of how many name changes some people do.

It's just so thoroughly, resoundingly demoralizing how normies keep taking the bait of centralized VC-funded platforms. Once one ship starts to sink, they crowd to the next one that appears on the horizon, like rats, just ever-continuing this cycle, and never learn.

In the time that I've been on the internet, just to keep up with "where everyone's at", I've been on: ICQ, AIM, Yahoo Messenger, MSN/Live Messenger, Google Talk/Hangouts, Skype, Facebook Messenger, Telegram, Wire, Signal, Discord, Guilded, and many several others, and the cycle just keeps repeating, just to re-skin much of the same concepts over and over again, with relatively minor variations.

I am so damn tired and have gradually dumped virtually all the above at this point (recently deleted Discord in November, deleted Telegram ~2 years before that, deleted Facebook ~10 years ago, etc).

This may come as a shock to viewers, but when I've dumped prior platforms, some friends have followed over to the alternatives (of those that weren't already there), such as XMPP.

Mentionably, also, nearly everyone has Steam in common, and Steam has actually made the voice calling system reasonably usable, and has a decent 'group' system, that's also filled the gap. For my more neckbeard-y friends, Mumble has continued to work too.

Nonetheless, in all of this, I guess there's another opportunistically new centralized VC-funded platform, that people are trying to crowd-wrangle people to next. I don't even know if some of this crap is some sort of set-up, if these influencers get kickbacks, or if people are just this retarded to keep repeating this cycle.

When I registered on Discord, about a decade ago, I already regretted it. Despite being yet another WebRTC application, that could be used in a browser, they still arbitrary forced people to install an Electron-wrapped version anyway by artificially walling off features you could do in a browser anyway (e.g. screenshare and others).

There was plenty of phobia about it watching all your running processes, but it still got adopted anyway. There's the warehousing of all your data, all your connection history since inception of your account, all your device metrics at every single individual interaction and thing you clicked on, perpetually tagged and catalogued, and much of that ran through neural nets to profile and categorize you, but still people cling to it anyway.

Now the cycle repeats again.

@silverpill Possibly to your interest, if you haven't seen it already: https://autocrypt2.org Apparently only 25 pages long, with seemingly clear and specific steps and some code examples (at least in cursory skimming): https://datatracker.ietf.org/doc/draft-autocrypt-openpgp-v2-cert/

My first ActivityPub project was very literally just wasting my time solely on trying to make a JSON-LD-first ActivityPub library to try to abstract away it from the library consumer (within reason), back around the time before ActivityPub had reached W3C Recommedation status.

I would have saved myself some amount of months by just having not get snagged into that trap, and could have instead actually shipped a usable implementation back then.

Everyone else that actually shipped an ActivityPub implementation in the beginning were the ones that treated it solely as static JSON.

I'm not saying JSON-LD is hard, nor difficult to understand (and there are some niche projects where I do want to use it)---some of it's probably even an upgrade from similar things in the XML world, but it piles on more overhead that everything has to be expanded, checked against context, just to handle different representations, all while you'll still invariably have to interop with implementations that treat it as static JSON anyway.

I keep building a pile of side-projects, and I'm sure that probably dries people's patience/hopes on earlier projects getting done (but I definitely will return to doing more ActivityPub and XMPP stuff again soon).

I guess I have a clearer set of ideas and design choices to make something more worthwhile to compete, for one niche that needs to be filled, and finding a decent middle-ground in expectations. Here's the design constraints/ideas I have:

• Some video/voice conference system, reachable by some URL permalink, as a WebRTC web application, but intended for social/gaming use (not a formal 'professional' presenter-led conference system)
• Real-time chat would be completely ephemeral and there would be no concern about enforcing log retention at all (maybe past 60 messages at most)
• Instead, when there isn't a call, the same URL would serve as effectively a "sticky note board" where folks within the group would leave comments of when the next hangout is, or for folks to leave comments of not being able to make it next time, or that they'll be a little late, etc
• Could also have basic polls or go in deeper extremes like offering a 'mutual date/time planning' calendar system (timezone aware), for planning the next meetup time
• It would NOT intend to be another thing to add to the list of applications you keep open 24/7, and would by design be something you'd intend on peeking in at on occasion, usually where some reoccurring event/hangout/meetup is the foundation to a group
• This could also serve in auxiliary function to things like tabletop sessions (or VTTs, like Foundry) and alike too
• Or completely absent of using the video/voice call system, could be for in-person meetups also (and still provide a platform that someone could 'conference in')
• There could be an out-of-band notification system (email, instant message, etc), to ping about announcements or provide reminders, but meant to be infrequent and not spam your inbox

This is to avoid creating another catch-all, please-all, multi-purpose do-everything chat system that nags your attention and expects you to "just install the app" to maintain functional usefulness of it.

And more importantly to help keep folks together, to actually be doing stuff together, and not adding to the pile of messenger crap they have to 'maintain' attention on.

Would there be anything else worth adding, or existing ideas to refine further?

Here's some test fixtures you can play with:

https://arcanican.is/fedi/tests/25/timestamp-good

https://arcanican.is/fedi/tests/25/timestamp-bad

Try manually pulling each URL using the 'search' of your instance. First should work, the second is the date you describe. The latter fails on Pleroma apparently, as @sun had mentioned.

I also have a query tool at: https://arcanican.is/tools/activitypub.php

I guess by which context (server/client)?

At least from what I remember, most things are pretty tolerant. Sometimes shown in the order it was discovered in (at least in a timeline).

You can always toy experimentally with this by just static files of the JSON-LD context, as long as the correct media type is served. Mastodon (out of all other implementations) just tends to be the most fickle, expecting WebFinger resolution and a few other prerequisites (in terms of "test labbing" with static JSON files), while most others just simply need a resolvable actor object.

I have a different tilt on this subject, but I'll address the foreground points first:

• Yes, FOSS is just as prone to supply chain attacks as proprietary software is, though I argue you still have more transparency than a proprietary project
• OpenSSL had very plenty of folks arguing the project was an unmanageable mess (for all the #ifdefs everywhere; sometimes even nested by several levels) long before Heartbleed, just nobody bothered to back any alternatives, I assume just because nobody'd back something "not as popular" as OpenSSL?
• I hold plenty of spite with some of the PR around Signal, as well as sentiments by Moxie Marlinspike, or even the latest "but we 'NEED!' AWS, why can't people understand this..." cope post; but that's probably a separate dissertation entirely.
• I have annoyances with the Signal client itself, of how rapidly they shove out updates (I assume bumping library versions, etc), that I doubt I'd have the patience to keep up, if I wanted to pull the fools game of completely picking it apart (and I doubt anyone defending it has audited it for themself).

I just prefer small, minimalist solutions, and where libs are only imported unless absolutely necessary, and where there's not more risk in creating an ad-hoc in-house counterpart (e.g. I probably wouldn't trust myself to safely implement ECDSA sign/verify myself, maybe)

Culturally the parts that piss me off with open source and free software (but not anything to make me forego or stop supporting it):

• It's almost all about "free as in [free] beer" now, people generally don't care about the "freedom" part in it anymore. Corporate influences are also obviously trying to steer people away from free software licenses too.
• A lot of big projects now are just effectively as indistinguishable from proprietary software in terms of modability. Even sh't web applications like Mastodon, as far as I understand, require a rebuild of the software just to change a favicon even, and sometimes made very specifically to prevent you from making deviations.
• Much of it's in corporate style development practices, of such class-heavy design patterns, like the design patterns you'd use to dumb something down enough to throw at an army of code monkeys to chug through writing, rather than something focusing more succinctness, minimalism, etc.
• The "I'm going to shut off my brain, and import any lib, that solves my problem, without having to exert brain power". Queue the memes of someone importing a Nodejs module to uppercase/lowercase-transform text. This is the crap that exacerbates sourcing attacks, as aforementioned. It's even hilarious when people import something for a role, having zero idea of the capabilities of said thing. Wait a minute, you say Markdown supports inline arbitrary HTML? Surprise! You now probably have an XSS vulnerability you weren't expecting, because you didn't read the freaking tin.
• The weird sort of monoculture that people try to force. People will actively try to talk you down over making a competing open source project, because "Z exists, it's already 'good enough', why are you bothering?" Same also with the herd mentality of people only clinging to whatever is "the most popular", viewing anyone that uses something else as weird, even if there's a broad divide where alternatives carry far more meritocratic value than the "most popular" option.

BUT MOST IMPORTANTLY ABOVE ALL:

How utterly, thoroughly, lazy and apathetic people are now to just writing any code at all (outside of career), and all the people that are so eager to be backseat project managers who probably have barely even written any code at all.

The bar is so, SO low for anyone to start poking around with software development, but they don't.

People may complain about some project lacking a feature or functionality, or some way to do something different, but they will NEVER ever take any actionable effort to actually doing anything. They've uttered it, they've snapped their fingers at someone, and that's all the exertion they will do, ever.

A high school aged kid in present time could trivially make a Discord replacement with video/voice WebRTC calling, with all the resources and existing backend tools that exists, pieced together, with a little bit of code glue here and there, but people don't. You might see one or two projects pop up (a la Revolt, etc), but everyone will just be sideliners, observing from the outside, but never take action themselves, but always armchair critique instead.

I don't know if it's just the constant supply of all these VC startups with introductory "free" offers, that have made people so grossly entitled, to just sit back and expect everything to just 'appear' for them, with no effort, but it's depressing how unwilling people are to MAKE things anymore. e.g. I can find plenty of chats with protocol discussion, but no action on implementation, almost ever.

I'll probably draft something then, post it for something to sit around for 2-3 weeks for comment, and if no complaints, "formally" submit as a FEP draft then.

@silverpill Are there any FEPs for object expiry? Had some ideas recently, while also peeking at Nostr, which has their counterpart: https://nostr-nips.com/nip-40

There would be no expectation as some privacy/'security' feature, as it would be MAY rather than SHALL, and generally just to keep databases from permanently storing superfluous ephemeral events. This would be in scope primarily with servers and not so much with affecting client behavior.

This specifically would be ideal for things of short-term or instant messaging contexts with ActivityPub; perhaps also outlining some recommended defaults. e.g. instant messages that have an expiry of 30 days, music/game scrobbling events of a 5 day expiry, etc.

Nonetheless it would help cut down clutter and make it less painful for using ActivityPub as a transport for ephemeral content too.

Speaking of Wacom and mice: I'm still idly curious why nobody's bothered to make a "pressure-sensitive" mouse (e.g. with soft actuation, and the pressure would be measured like pen tablet input), for cases where breaking out a drawing tablet might be excessive (e.g. some Blender sculpting tasks). I wouldn't be surprised if Wacom (or somebody) sits on a weird patent for something like that.

I think part of that could also be because of some of the earlier stuff might have been by folks more familiarized in publishing, given a lot of the pre-internet fandom stuff was actually through "zine" culture, of folks sending in their artwork (by physical mail), someone compiling the submissions into a publication, and publishing essentially an art-centric indie magazine. But of course, a lot of that's far before my time.

Had to update a few things

I'm pretty certain my XMPP server has far more uptime than Discord has had, my fedi server has more uptime than X has had, and my self-hosted email more than O365/Azure has had, all by just not using Cloudflare and just running on a basic VPS.

Retvrn, with SerenityOS

That could be an interesting concept/trend: hosting providers where the users of a hosted service could just directly donate towards the provider (on behalf of the hosting customer), while having some mechanism for attestation on-platform that they were the donor of said funds.

I was recently contemplating ways to get a person's "currently playing" info (given there's no local API to query that directly from the Steam client, for example), then it crossed my mind that a Steam game's AppId might be passed through launch arguments, and apparently that's the case (for example, ATLYSS):

Then I was having a concern of whether I'd have to query third-party platforms (e.g. SteamDB), just to infer the info about a game, from just it's AppId, but I guess there's actually an open, unauthenticated JSON API to query that data directly from Steam: https://store.steampowered.com/api/appdetails?appids=2768430

So as it stands, it wouldn't take much for a person to write a plugin to whatever XMPP (or etc) client, to push out that data, for those that want that visible.

Meanwhile, for open source launchers (e.g. Lutris), I'm sure someone could probably devise some userspace D-Bus API or something that a person could push that info locally (versus having to infer it off of running processes and their args).

Just doing some restructuring and refinement of my personal website thing, and got around to writing out one article I've been meaning to for a while now: https://arcanican.is/blog/2025/toxic.php

Great, the "non profit" ICANN is opening up another gTLD expansion in 2026, for companies to buy "bid" more new TLDs for possibly a couple million dollars each (if I'm not grossly misunderstanding or skimreading it).

https://newgtldprogram.icann.org/en/application-rounds/round2/agb

https://newgtldprogram.icann.org/en/application-rounds/round2