ShittyKopper
@ShittyKopper@lemmy.blahaj.zone
"reddit refugee" i guess? i mean -- i was on masto under a few different aliases over time as well so i'm not a stranger to fedi, it's just that i'm boring and that's my only personality trait on here
they/them
- Comment on Are there any guides, tutorials, or documentation for how to start building fediverse apps? 2 weeks ago:
not much beyond “look at what other apps you’re trying to interoperate with output and try to reverse engineer your way through”. reading through the sources of other apps may be a good idea.
some links that may get you started:
- flak.tedunangst.com/…/ActivityPub-as-it-has-been-…
- www.w3.org/community/…/CG-FINAL-apwf-20240608/
- swicg.github.io/activitypub-http-signature/
- seb.jambor.dev/posts/understanding-activitypub/
- tinysubversions.com/notes/reading-activitypub/
and depending on which ecosystem you’re targeting:
counter intuitively, avoid reading the specs if you’re looking to federate with existing software. the official specs are… extremely lacking beyond giving you the bullets to shoot yourself in the foot with (half of it goes unused in the real world, things like “how do i know this activity is sent by the person it claims to be” is completely undefined (hint: everyone has more or less settled on http signatures). once you get something federating, you can then look in the specs in an attempt to learn the concepts in depth, but writing code following the specs will result in code that simply won’t federate.
- Comment on The Fediverse is Inefficient (but that's a good trade-off) 2 weeks ago:
Eh, I’d make the argument the fediverse is overly inefficient, way more than it has to be. (But that doesn’t seem to be the actual point of the post, instead rehashing the same “distribution = good” thing without bringing anything new to the table)
Here are just a few things that could be fixed without needing to centralize fedi:
- A vast majority of instance software will store all old remote data (that could easily be re-fetched when needed) permanently, even if nobody has seen it in years.
- If your’re lucky enough to be on instance software that backfills replies (GoToSocial, Iceshrimp.NET as of a few days ago, Mastodon in an extremely limited capacity), it will be done slowly and recursively, when much better alternatives that don’t need to deal with easy-to-get-wrong recursion handing are possible. (There is work going on to improve this, but it may take a while for it to land on enough instance software to make a difference)
- The obvious thing everyone harps on: Abysmal media caching defaults.
- No batching of activities. And relatedly, all sent activities are individually re-signed for each instance on each delivery (to be fair, handling this in a privacy preserving way is hard)
- No batching of fetches.
- RSA, just to make the above signature situation even worse
- Mastodon. Just in general. It’s by far the most heavyweight fedi software I know of, running on a synchronous and poorly threaded tech stack that’s is not very adequate to the fairly IO bound (when not using authorized fetch) and very concurrent AP use case. Running Mastodon for anything beyond <500 active users is extremely overkill and you’d likely be suited with better instance software if you don’t need any of the features that are Mastodon exclusive (which there aren’t that much of).
- Pleroma database rot, an exemplar of why the C2S advocates’ model of “store the raw JSON for everything” is a terrible idea (thankfully this hasn’t taken off enough to be important)
- Comment on The Fediverse is Inefficient (but that's a good trade-off) 2 weeks ago:
I mean, I’d say that all instances copying media by default, to be stored forever, is kind of unnecessary. (And as far as I’m aware Mastodon is the only one configured like this by default anyway)
The largest instances? Sure. I’d say they have an obligation to not DoS smaller instances by simply hotlinking or proxying without any kind of cache. But smaller ones can get away with short lived middleware-level caches, and single user ones can often get away with hotlinking (oh boo hoo your firewalled IPv4 behind enough CGNATs to block any incoming connections got exposed)
One idea I’ve seen floated around is to have some sort of cooperative CDN for instances. Let’s say four or five relatively kindred instances, make a commitment to last and pool their resources to maintain a joint CDN from from which they’ll get their “media federation” from. This would reduce costs and issues a lot, since by the very nature of the fediverse, if everyone builds their own caches most of those caches are going to be hosting most of the same content. Basically: deduplication, but the poor man’s version.
jortage.com already exists, and the code behind is open.
- Comment on How are Misskey and its forks doing? 2 weeks ago:
All other devs jumped ship. I think both Iceshrimp and Sharkey were launched by former Firefish devs (at least one of them was, Iceshrimp being a former hard fork of Firefish which was quickly rebased into a more up-to-date Misskey soft fork
Iceshrimp (Misskey fork) did not rebase their version of Misskey. They’re still based on the same Misskey v12 era code from Firefish and there’s no interest in significantly updating the JS version (as it’d make migration harder) now that the rewrite is well underway and (in my potentially biased opinion) quite promising.
[…] This is far from done which means it’s even farther from being daily-driveable.
If you’re on a single-user instance, and can limit yourself to apps targeting the Mastodon API, it’s quite usable. The web frontend still needs a fair chunk of work, and moderation tooling required for larger instances are still not there yet. (But there’s enough to fend off spam)
Iceshrimp was designed for stability which is also why a number of Firefish features had been kicked out. It itself is on maintenance for as long as it will continue to exist, which won’t be that long.
The only features kicked out were, from what I remember, post imports (which were broken and leaked DMs (Sharkey’s on the other hand should work fine, as their implementation is unrelated to the Firefish one)), and the centered view in the web front-end.
Sharkey used to be the king of features, but at the cost of reliability. Especially Sharkey’s Mastodon API implementation is infamously bad. The Sharkey community has been waiting for someone to step up and develop a completely new Mastodon API implementation for Sharkey for I don’t know how long.
Sharkey’s Mastodon API was I believe more or less a direct port of the old Firefish one, which got replaced with the implementation from Iceshrimp some time after Firefish was handed off to Naskya (which may just be the only Mastodon API implementation on Misskey-based software that actually works). And, yeah, it’s not in a pretty state right now.
Also, the Sharkey devs lost a whole lot of community support when they collected donations for a server for Sharkey purposes and then took the money to set up a Minecraft server. Make of that what you want.
This is way too much of an oversimplification that I would plain remove this claim altogether. All I can say is that Sharkey/transfem.social has had a change of ownership and things are more or less resolved now.
And then there’s CherryPick. AFAIK, it’s a Japan-based Sharkey soft-fork in which a whole lot of Misskey and Sharkey issues have been fixed; don’t ask me for details, I only know this stuff from hearsay. Basically, CherryPick is Sharkey in good. Or in better.
CherryPick is older than Sharkey, and Korean (from what I know, anyway)
- Comment on The two most upvoted comments on any Lemmy instance are on Feddit.dk, but you won't see them on your own instance 2 months ago:
But these features were totally non-standard extensions right? You
that’s the thing, everything in activitypub is a non-standard extension. hashtags are an extension. post visibility the way it’s commonly done is an extension (more like a convention in that it doesn’t introduce anything new, but still not written down anywhere official), the concept of an un-locked account is a convention (and the marker that marks an account as locked is an extension). pinned posts, marking images as sensitive, they’re all extensions
(surprisingly, this is the second time i’m writing this exact thing today)
It’s weird but it almost feels like the fediverse needs a benevolent dictator to kind of get an overview and set a clearer direction, when it comes to the standards.
this has historically been mastodon. and they have put themselves in such a place that anything they do not approve of gets seen as a “nonstandard extension” and anything they see gets seen as a part of the standard. see the above reply.
- Comment on The two most upvoted comments on any Lemmy instance are on Feddit.dk, but you won't see them on your own instance 2 months ago:
this issue is a blocker for mastodon not supporting filtering remote posts by words (which would’ve helped with many spam attacks, which the pleroma family supported just fine for a WHILE via MRF, and more recently misskey has added support for)
if you go to socialhub you’ll find MANY threads of reasonable ideas that are in json-ld representation bikeshed hell as people unnecessarily debate over which exact json-ld representation of the same exact data is the most correctest. the most infuriating recent one i have seen is the emoji reaction fep discussion and FEP-fb2a: Actor metadata both of which does this bullshit ON FEATURES ACTIVELY FEDERATING RIGHT NOW, where changing it would BREAK BACKWARDS COMPATIBILITY
- Comment on The two most upvoted comments on any Lemmy instance are on Feddit.dk, but you won't see them on your own instance 2 months ago:
Yeah, that is a shortcoming of the protocol. But it’s necessary in order to be secure until things improve (and given this is AP, that’s gonna be a while. People seem to love bikeshedding in circles instead of doing actual work)
- Comment on The two most upvoted comments on any Lemmy instance are on Feddit.dk, but you won't see them on your own instance 2 months ago:
Instead of sending the entire object embedded in the activity the secure way would be to only the URI instead. This is permitted by JSON-LD.
In the receiving side, if the object is untrusted (i.e. if it isn’t signed or if it’s from a separate authority from the parent object containing it) it should be thrown away and the id should be fetched from the remote instance directly. This is completely an oversight on Lemmy’s implementation and not a protocol problem.
- Comment on The two most upvoted comments on any Lemmy instance are on Feddit.dk, but you won't see them on your own instance 2 months ago:
I seriously doubt Lemmy currently does any validation whatsoever. There were communities using this blatant security issue for non-malicious purposes (see endlesstalk.org/c/tails@lemmon.website, which re-wrote posts from people (which is only possible if the posts weren’t validated)).
There is a way to re-share and validate remote activities, either through LD signatures (ew, JSON-LD processing :vomit:) (which only Mastodon and Misskey implement) or the newfangled FEP-8b32 Object Integrity Proofs (which nobody relevant on the microblogging space implements).
- Comment on A general fediverse client app, supporting multiple content types? (mastodon, lemmy, peertube, etc) 2 months ago:
Yep, all this ^^^
This is also one of the reasons why I believe ActivityPub client-to-server failed and will likely never gain much traction. It either needs every single client to re-implement all the features it wants from scratch, or the entire ecosystem needs to be dumbed down to fit a single mold. Leave all the unique functionality in “uncommon” software like (streams) and friends, even software like Lemmy or PeerTube would likely be extremely difficult to build in a world where client-to-server actually became a thing.
The only way I can see C2S actually taking off is as IPC between an “app server” (which would be the equivalent of Mastodon or Lemmy or (streams)) and a “federation server” which is just a dumb pipe that distributes and receives objects and activities, and even that has it’s fair share of concerns, both around efficiency and the same “dumbing down” problem.
- Comment on No dedicated community/magazine for Fediverse memes? 2 months ago:
most people on lemmy do not understand the tradeoffs both activitypub and it’s implementors do, as evidenced by this exact community we’re in, these. memes wouldn’t gain any traction even if they were funny to their intended audience (which i have doubts on if it’s possible to do but idk i’m not creative enough)
- Comment on No dedicated community/magazine for Fediverse memes? 2 months ago:
id argue none of those are fun topics you can joke about but “memes as a form of outrage” (aside from, like, two) which is already a problem (see all the political memes on any of the meme communities for countless examples) we do not need to encourage imo
- Comment on No dedicated community/magazine for Fediverse memes? 2 months ago:
to be fair there isn’t that much about the fedi in general that you can meme about. the closes you can get are in jokes but:
a) lemmy doesnt have them because this place is uncreative and only serves as a dumping ground from memes from other places when they aren’t bickering about politics
b) in jokes of different parts of fedi do not translate well just because they share a protocol, given the extremely little overlap on people here
c) they’re not really “fediverse memes” just because they happened in the fediverse, are they - Comment on 2 months ago:
iirc mastodon was implementing smithereen’s flavor of groups. no idea if they ended up changing course or anything (not following masto dev tok closely) but the way they work is fundamentally different from how Lemmy and compatible groups work
- Comment on 2 months ago:
from what i can tell (from the work in progress pull request) mastodons group implementation explicitly does not aim for compatibility with lemmy
other than that, i agree on activitypub being crap in terms of making interoperability easy
- Comment on Is Firefish gone for good now? Many of the links I had saved are redirecting to other stuff now 2 months ago:
the specs are so open ended that i doubt real interoperability will ever happen. you can break interoperability with basically every other current software out there and still be compliant with the specs
- Comment on Is Firefish gone for good now? Many of the links I had saved are redirecting to other stuff now 2 months ago:
that post will have been a text post, not a link (those are likely broken now, and certainly were broken a year ago due to a bug in the misskey 12 codebase inherited by firefish and forks. modern versions of misskey just fixed that a couple months ago)
the username thing does not completely break federation, but it will randomly confuse instances. there’s a 50/50 chance whether an instance will get the correct user it asks or not, and once an instance resolves a user once it’ll have a similar 50/50 chance for each profile update (icon change, sidebar change, etc.). of course, if there’s no conflicting user for a community (or vice versa) then federation will be fine.
- Comment on Is Firefish gone for good now? Many of the links I had saved are redirecting to other stuff now 2 months ago:
oh no that’s not a new change afaik it was always like this
- Comment on Is Firefish gone for good now? Many of the links I had saved are redirecting to other stuff now 2 months ago:
I also wish there was an app that let me browse/post/comment on Lemmy using a Firefish/Iceshrimp account so I could theoretically consolidate accounts.
that’ll be difficult. Lemmy killed interoperability when they first decided that users and groups could share the same username, and now itd be a breaking change in order to solve this on Lemmy’s end.
each software willing to federate with Lemmy correctly needs to be modified to handle multiple “users” having the exact same username, and i suspect most have more important priorities to tackle before getting to that
- Comment on Is Firefish gone for good now? Many of the links I had saved are redirecting to other stuff now 2 months ago:
It was never unusable beyond the stability issues large instances (from 1k to howevermany people ff.social had) had. For smaller instances it worked fine and continues to do so. The issues with large servers were the result of it being based on an ancient codebase (Misskey v12) and the issues with ff.social were specifically caused by throwing everything at the wall to try to duct-tape that ancient codebase to function (ScyllaDB was the nail in the coffin i believe…?)
Firefish itself is still going (see firefish.dev), there are forks like Iceshrimp which reigned in the issues enough for existing servers to not fall over every few seconds (iirc all both the infosec.exchange hosted Firefish instances migrated over which caused the main issues to be found and fixed). I wouldn’t be surprised if “Modern” Firefish took the most important changes over from Iceshrimp (the devs are friendly, and the Mastodon API implementation and some security fixes were shared between both)
If you want something a bit lighter, Misskey itself is still ongoing, and there are forks like Sharkey that do some of the modifications Firefish and similar forks did to tailor it towards a non-Japanese audience.
(And Iceshrimp.NET is a project worth keeping an eye on, which aims to get rid of the technical debt of the Misskey codebase by completely rewriting it, but is not ready for much more than a single user instance just yet considering it’s been a thing for just about a year)
- Comment on Is Firefish gone for good now? Many of the links I had saved are redirecting to other stuff now 2 months ago:
Iceshrimp is a fork, yes, but Iceshrimp.NET (the repo you’re linking to) is not, and a complete rewrite unassociated with any Firefish or Misskey code beyond keeping the database schema (for easier migrations).
- Comment on Is Firefish gone for good now? Many of the links I had saved are redirecting to other stuff now 2 months ago:
No. They changed hands after the original developer decided to leave for good (and start some crypto scheme AFAIK went nowhere). The repos are now at firefish.dev, and no official flagship exists (which IMO is the right way to develop a fedi software)
- Comment on People say Mastodon migration is better than Lemmy's, but their documentation says "Mastodon currently does not support importing posts or media due to technical limitations", am I missing something? 2 months ago:
Mastodon moves also take your following with you. You’ll still have to reimport followers, but you don’t lose your ““audience””.
There are software out there (Sharkey for microblogging (Firefish also had it but theirs was broken and leaked DMs), PixelFed for images from Instagram specifically) that allow some form of post imports, but these are only brand new posts that happen to have the same content as the old ones, and not “replacing the author of a post”.
There are work going on regarding nomadic identity and more seamless account migrations across instances, but hell will freeze over before any of the mainstream fedi software implement anything close to that, mainly due to how significant of a conceptual change that is.
- Comment on Last Week in Fediverse – ep 74 4 months ago:
small correction: the post that displays the instance you’re on (void.rehab/notes/9umvfd1lgoulvm0j) won’t work with “'regular” iceshrimp. it depends on an extra patch added to the version on void.rehab to function.
- Comment on Introducing ink.key, a fediverse music collective/net label. 4 months ago:
After seeing a team of fedi software developers drop their Matrix bridge to their Discord after the total lack of moderation tooling resulted in an extremely transphobic spam wave, I for one am not surprised.
Another team also dropped Matrix, but went for Zulip instead, which is also open, but more collaboration oriented a la Slack rather than community oriented like Discord, which probably would not fit what the group in the OP is looking for.
- Comment on Hel lo tim 6 months ago:
epic megapost Image
- Comment on 8 months ago:
it’s called microblogging
- Comment on 9 months ago:
how many times did you edit that post per chance? Lemmy seems to boost edited posts for some odd reason
- Comment on Leaving the bidet on "feminine" mode is the female equivalent of leaving the toilet seat up. 9 months ago:
alternatively: why are you linking to an image at all and not just making a text post
- Comment on How I cannot be worry?? 10 months ago:
I wish I was in the us lol