Goofed Home

Here’s an interesting thought experiment.

Way back in the 1980s and 90s, Usenet was a sorta-federated discussion forum (using the NNTP protocol) that was very popular. It still exists and is distributing 400 million messages each day (mostly spam and trash as far as I can tell). Hard numbers are difficult to come by but it seems like Usenet is capable of significantly higher throughput. Why is that?

The big thing holding ActivityPub back is the fan-out. You know the story - someone with 50,000 followers causes their instance to send up to 50,000 HTTP POSTs every time they click the little spinny star or reply to something.

It’s basically a hub-and-spoke network topology. Except everyone takes turns being the hub, ideally, but not much in practice. And in this topology, the hubs are where the strain and bottlenecks are.

Back in the 1980s they had computers literally 1000 times slower than ours and network links to match. So how did they do this? With a peer to peer network topology! When a new post is made, they don’t send it to everyone they just send it to a handful of other servers. Those servers in turn forward the post on to a handful of other peers, and so on, until the whole network receives the post. No individual server is a single point of failure and none has to bear the full brunt of orchestrating it all.

Let’s do a picture. A creates a post and sends it to B and D.

A ─ B ─ C  
 \      /  
   ─ D ─  

B sends it on to C.

Meanwhile D sends it on the C also but C already has it so does nothing more. IRL this would be a much larger mesh. Who peers with who can be a mixture of manual selection and random spiciness.

Posts can arrive out of order so each server would need to wait until the dependencies between posts are resolved before making them available to clients. That’s a bit tricky.

In the ActivityPub-over-NNTP idea, each NNTP post would be a thin wrapper around a data structure containing the HTTP headers (with signature and digest) and JSON that a normal HTTP POSTed Activity would have. Servers would use NNTP to distribute the activities and upon receiving one they’d POST it to their own /inbox to run the usual ActivityPub processing that their AP instance does.

{  
  "headers": {  
    "Signature": "...",  
    "Digest": "...",  
    "Date": "..."  
  },  
  "activity": { ... normal ActivityPub JSON ... }  
}  

In this way there is no need to rewrite ActivityPub semantics as only the transport layer changes. Our existing inbox logic remains intact.

NNTP comes with a lot of historical baggage so we’d probably need to evolve the protocol a bit. Maybe use HTTP requests (even http2 streams?) instead of the original line-oriented text protocol using raw TCP sockets. But you get the idea.

Thoughts?

Yes, I think that’s part of NNTP already. Each post has a list of the servers it has traveled through so when considering where to forward the post on to a server can check if it’s already been there. That would help somewhat but still there would be quite a few times when a server discards posts.

I haven’t gotten deep enough into this yet but I’m sure there have been protocol improvements since NNTP that address this. Gossip protocols have been experimented with since the early 2000s. For example, rather than servers saying to others “I have this post, do you want it?” they might say “the most recent post I have in the fediverse@lemmy.world community is #5” and another server which only has posts #1 and #2 would respond “cool, give me posts #3, #4 and #5”.

Good point.

@i The thing is that it’s really not useful to define super generic terms that are not even pointing to existing implementations, and could have any semantics.

We need a report about what is actually used, and exactly how.

@silverpill @i That is very cool and I don’t know how I haven’t seen it before; it kinda invalidates part of the nlnet funding ideas that I wanted to apply for :)

@Profpatsch @i It is an invaluable tool, and has so much potential, but the development is kind of slow.

Perhaps you can apply as a contributor?

I’ll be totally honest and say that I don’t trust Evan (for reasons I’m not getting into), and I’m not sure why we need “hashtags with extra steps,” but I’d like to get opinions from people who are smarter than I am about this stuff.

Hashtags-as-a-service isnt new thinking, but tags.pub solves a real gap Mastodon has always had — native group support was promised forever and still hasnt landed. The problem is hashtags fragment across instances. Tags.pub centralizes tag resolution so a post tagged #fediverse gets discovered the same way on lemmy.world or a small microblog. Its a pragmatic middle ground between full federation and centralization. Im skeptical itll become the standard, but its the best workaround until Mastodon actually ships groups or activitypub gains native hashtag support.

I don’t know. Last I saw was a PR languishing for years.

Announcing Mitra Mini v0.1.0

Mitra Mini is an ActivityPub client that implements nomadic identity. It has become stable enough that I decided to cut the first release.

The basic features have been implemented: posts, reposts, likes. For more information, check the project's readme:

https://codeberg.org/silverpill/minimitra

It all started nearly four years ago with a vague idea that linking cryptographic keys to #ActivityPub actors could unlock decentralized identity in Fediverse. Eventually, the solution was discovered, and implemented by several projects, but these implementations were servers, not clients. Now there is finally a client, and the design has been proven to work well.

#NomadicIdentity

Congrats!

Thank you @rimu !

@silverpill @liaizon Which, fine, all resources from other places need to be restricted to prevent DoS attacks anyway.

New post: Can we have a more “social” media?

https://profpatsch.de/essays/a-more-social-media

On advertising, the Fediverse, and what a more human social web could look like.

Special mentions: @smallcircles, @phnt, @happy-programming

#fediverse #activitypub #socialmedia

@Profpatsch You need to create a new signature because the request target is changing. It is a part of a signature base, so the initial signature becomes invalid when the client follows a redirect.

@liaizon

@Profpatsch @liaizon The guide recommends limiting the response size, to prevent DoS.

I also found this in your SECURITY.md:

https://codeberg.org/Profpatsch/Profpatsch/src/commit/249aa389a2023814b328af8fc795750fd28d995d/users/Profpatsch/activitypub-go/security.md#response-body-size-limits

@julian @Edent dansup? No, it is not his site.

@technical-discussion @julian @Edent @silverpill I think it is @melvincarvalho

@django @technical-discussion @julian @Edent @silverpill yes socialdocs is something i help look after. Anything needed?

Hello Fediverse,

I would like to receive some feedback on this idea I have been kicking around, and see if others might be interested in contributing. I have a basic prototype that proves out most of the technology, but not much beyond that.

The basic general description is an Iroh based identity layer for the open web. This platform would serve three primary functions:

1. Preserve and consolidate social graph data in an encrypted local storage vault, allowing for import, display, and management of media and posts from both walled garden platforms and open platforms.
   
2. A “universal translator” across open platforms, allowing for seamless connection between activitypub, AT protocol, and rss subscriptions. You are able to link mastodon, Lemmy, pixelfed, loops, and blusky accounts and your legacy social media imports can also generate RSS subscription feeds for your previous Instagram or YouTube (among other platforms) subscriptions, with all this content showing up in a single filterable fleed.
3. Identities can be linked to any unique URL, using an umbrella DID. That URL can be any location the user chooses, including an indieweb page, a spacehey.com profile, or any other site the user controls and is able to host the corresponding DID document for cross platform identification.

There are many more details and features I have in mind that this architecture could facilitate, but this is the overarching basics of what I had in mind. I am very open to critique or analysis of this architecture, potential issues and limitations, as well as ideas for modification.

I would also welcome collaborators and contributors if there is interest, and I can open up the project for whoever may be interested. Let me know!

Forte and tootik use FEP-ef61 with server-managed keys. I am working on an application where keys are stored on the client side: minimitra. This is probably closer to your idea.

Do you want to use iroh for transport, or for identity?

Iroh was more of the p2p transport layer, but it is what facilitates the authentication through DID to the local vault. The work you linked is very relevant and will be definitely be of use!