@boris@cosocial.ca
@boris@cosocial.ca avatar

boris

@boris@cosocial.ca

Open Source. Community. Decentralized Web. Co-op and Collective action.

Board Member #CoSocialCa https://cosocial.ca/@coop

Vancouver DWeb Node https://dwebyvr.org #DWebYVR

Building the Everywhere Computer with the Fission team https://fission.social/@everywherecomputer

Likes to cook & eat #FoodWiki

Header image is view from the causeway over Deep Bay on #BowenIsland looking towards Horseshoe Bay / Sea to Sky Highway.

#EastVan #Vancouver #BC #Canada #searchable #coop

This profile is from a federated server and may be incomplete. Browse more on the original instance.

boris, to random
@boris@cosocial.ca avatar

I’m heading to the Oregon coast for a getaway.

Reading, beach walks, some drives along the coast, maybe some forest walks.

Got any recommendations for the area? Will be staying in Lincoln City, but have a car rented.

boris, to random
@boris@cosocial.ca avatar

I now have the power to make my own espresso tonics in the office. Dangerous!

luis_in_brief, to random
@luis_in_brief@social.coop avatar

Had a conversation two weeks ago with a member of the Navajo tribe who very solidly dropped her mic by telling me that the goal of southwestern tribes for gathering data about water was not efficiency, but usage. It was a good firm slap to my assumptions.

Hopefully I handled it better than these people:
https://social.ridetrans.it/@owen/112087429501002171

boris,
@boris@cosocial.ca avatar

@luis_in_brief many of us in are cheering for these indigenous nation developments.

But as per usual, lots of NIMBYs.

boris, to art
@boris@cosocial.ca avatar

My partner Rachael just added her Multi Family Dream Home to her portfolio

https://rachaelashe.com/paperart/multi-family-dream-home

It's up at Walrus Design on Cambie Street as part of the Be Longing show until the end of March if you'd like to go see it in person, details on the exhibit here https://rachaelashe.com/news/exhibition-be-longing

boris, to random
@boris@cosocial.ca avatar

Today is my birthday.

This picture is from 49 years ago. 1975, summer, Eagle Cliff Beach on Bowen Island. That’s me being held by my mom.

devnull, (edited ) to random
@devnull@crag.social avatar

On multiple occasions I've listened to instance admins speak about high S3 costs. The sheer amount of data absolutely balloons the more activity your server sees, I get it.

What I don't get is whether there's some unknown fedi ethical reason everybody insists on setting up an S3 cache (followed immediately by complaining about it).

Y'all want to know what the rest of the web does? Hosts their own uploaded media, and links out to the rest...

boris,
@boris@cosocial.ca avatar

@devnull the convention is to not load hotlinked images.

So when a server (I’ll use Mastodon as my example) has member accounts who follow a remote account, it takes on the cost of eg caching media for all of its local members.

Rather than putting 100% of the load on the remote server.

This means a small server can have many followers, and the bigger server can do the caching.

Let me tackle setup in my next post.

boris,
@boris@cosocial.ca avatar

@devnull Why S3 + CDN?

Hmm. Well vs what?

We go through 2TB of cached media per month on our server, on S3. Provisioning a 2TB physical (or probably 4TB) would be way more expensive.

We have about 120 members, whose local store of uploaded media is at ~150GB after a year

We have Cloudfront CDN in front of that, because running CF is way cheaper than egress charges.

VPS is on digital ocean.

We’re doing some exploring around bare metal.

jacob, to random
@jacob@jacobian.org avatar

I'm now jacobian.01 on Signal, woop woop. Thanks to @glyph for the tip of installing the desktop beta and letting me swoop a good username :)

boris,
@boris@cosocial.ca avatar

@jacob @glyph I still think committing to these as stable usernames is a bad idea and not the intent.

https://cosocial.ca/@boris/111965936527495404 and follow up post has technical details.

Even the Signal server doesn’t know your username.

Jeremiah, to random
@Jeremiah@alpaca.gold avatar

Signal user name landrush guide for iPhone users: get the macOS beta app, link it, tap on your profile photo in lower left, and then you can pick your username and 2-digit number.

https://mastodon.world/@signalapp/111965175189276824

boris,
@boris@cosocial.ca avatar

@misc @Jeremiah @tchambers it would be best if we didn’t treat it as a land rush.

https://cosocial.ca/@boris/111965936527495404

And follow up post links to Signal wiki

timbray, to Signal
@timbray@cosocial.ca avatar

Joined the Signal username land grab, got the usual handle. Question arises: Best practices on posting/sharing. At the moment you have to know my phone # to Signal me, but that’s very easy to figure out. So, initially inclined to just post the username. Hmmmmmm…

boris,
@boris@cosocial.ca avatar

@timbray it’s meant to be changed. Specifically don’t think about it as a handle https://signal.org/blog/phone-number-privacy-usernames/

> “Usernames in Signal are designed to be easily changeable. For example, you can make a username to connect with people at a conference or to plan a group trip. Then, when it’s over, change it if you want to.”

sean, to random
@sean@scoat.es avatar

Google Maps is now on google.com/maps instead of maps.google.com/ .

Cynical-me has to wonder if this is related to their cookie siloing market capture play…

boris,
@boris@cosocial.ca avatar

@sean yes. This has been covered and is exactly why.

boris,
@boris@cosocial.ca avatar

@sean did a quick search and found this article. It’s been years now https://dovydas.com/blog/why-doesnt-google-maps-use-its-own-subdomain/

maegul, to lemmy
@maegul@hachyderm.io avatar

wants to have private communities!

See https://lemmy.ml/post/12014733

> Private spaces are a fundamental aspect of human communication. They allow discussing sensitive topics without interruption from outsiders. Supporting private communities in Lemmy gives a major new use case for talking among friends or within organizations. This use case is currently not covered by major Fediverse projects.

Novel for the it seems.

boris,
@boris@cosocial.ca avatar

@maegul “groups” that has been talked about as a general shared spec has that as a use case.

Making that work across systems would be most powerful but also hard to coordinate.

boris, to random
@boris@cosocial.ca avatar

There’s quite a few people saying truly horribly things about Ryan Barrett, developer of Bridgy, who builds bridges between many different protocols, including now between ActivityPub and ATProtocol, the latter being what Bluesky runs.

I don’t fight about protocols on this account, but you can read my explanation on how to think about “bridge instances” on my other account.

https://toolsforthought.social/@boris/111922137223915413

boris, to random
@boris@cosocial.ca avatar

@timbray found this pretty thorough takedown of C2PA that you might be interested in https://www.hackerfactor.com/blog/index.php?/archives/1010-C2PAs-Butterfly-Effect.html

boris,
@boris@cosocial.ca avatar

@timbray right.

That was kind of my sense “you can mess with data around images all the time”.

So? That’s kind of the point of C2PA.

boris,
@boris@cosocial.ca avatar

@timbray yes that is what I meant to express with that - agreement that a provenance chain CAN be proven ;)

jacob, to random
@jacob@jacobian.org avatar

“We believe that open source should be sustainable and open source maintainers should get paid!”

Maintainer: introduces commercial features
“Not like that”

Maintainer: works for a large tech co
“Not like that”

Maintainer: takes investment
“Not like that”

boris,
@boris@cosocial.ca avatar

@jacob “small caps” open source yaaaassss

Also: so tiring to have this discussion with any sort of nuance.

I’ve been trying out “fair licenses” but it’s not big tent enough.

I got told recently that OSI approved™️ is not good enough. We live in fallen times, and the Golden Age GPL would lead us back to salvation.

Maybe I’ll try a Venn diagram 😅

boris,
@boris@cosocial.ca avatar

@strypey @jacob no, I mean non-commercial like Big Time where big companies pay. Which seems very fair.

https://bigtimelicense.com/versions/2.0.2

Also: welcome to my blocks!

danny, to random
@danny@mastodon.spesh.com avatar

Because I live in the strange intersectional space where I can simultaneously be pining for fosdem and willing to stay in the US and fork over for a Apple Vision Pro, here's my first weekend impressions of the latter:

boris,
@boris@cosocial.ca avatar

@danny

Thanks for the update!

What we don’t have in OSS land is systems thinking design of entire UX stacks.

All of iOS and MacOS has been working towards this floating in UI they knew was coming for about 8 years. eg Widgets, multi device control, etc

So the question as always is how to loosely coordinate and support long term protocol and design research?

Amusingly, the Wayland / X car crash may mean that some things leap forward in this particular area.

blog, (edited ) to fediverse
@blog@shkspr.mobi avatar

A (tiny, incomplete, single user, write-only) ActivityPub server in PHP
https://shkspr.mobi/blog/2024/02/a-tiny-incomplete-single-user-write-only-activitypub-server-in-php/

I've written an ActivityPub server which . That's all it does. It won't record favourites or reposts. There's no support for following other accounts or receiving replies. It cannot delete or update posts nor can it verify signatures. It doesn't have a database or any storage beyond flat files.

But it will happily send messages and allow itself to be followed.

This shows that it is totally possible to broadcast fully-featured ActivityPub messages to the Fediverse with minimal coding skills and modest resources.

Why

I wanted to create a service a bit like FourSquare. For this, I needed an ActivityPub server which allows posting geotagged locations to the Fediverse.

I didn't want to install a fully-featured server with lots of complex parts. So I (foolishly) decided to write my own. I had a lot of trouble with HTTP Signatures. Because they are cursed and I cannot read documentation. But mostly the cursed thing.

How

Creating a minimum viable Mastodon instance can be done with half a dozen static files. That gets you an account that people can see. They can't follow it or receive any posts though.

I wanted to use PHP to build an interactive server. PHP is supported everywhere and is simple to deploy. Luckily, Robb Knight has written an excellent tutorial, so I ripped off his code and rewrote it for Symfony.

The structure is relatively straightforward.

  • /.well-known/webfinger is a static file which gives information about where to find details of the account.
  • /[username] is a static file which has the user's metadata, public key, and links to avatar images.
  • /following and /followers are also static files which say how many users are being followed / are following.
  • /posts/[GUID] a directory with JSON files saved to disk - each ones contains the published ActivityPub note.
  • /photos/ is a directory with any uploaded media in it.
  • /outbox is a list of all the posts which have been published.
  • /inbox is an external API endpoint. An ActivityPub server sends it a follow request, the endpoint then POSTs a cryptographically signed Accept message to the follower's inbox. The follower's inbox address is saved to disk.
  • /logs is a listing of all the messages received by the inbox.
  • /new is a password protected page which lets you write a message. This is then sent to...
  • /send is an internal API endpoint. It constructs an ActivityPub note, with attached location metadata, and POSTs it to each follower's inbox with a cryptographic signature.

That's it.

The front-end grabs my phone's geolocation and shows the 25 nearest places within 100 metres. One click and the page posts to the /send endpoint which then publishes a message saying I'm checked in. It is also possible to attach to the post a short message and a single photo with alt text.

There's no database. Posts are saved as JSON documents. Images are uploaded to a directory. It is single-user, so there is no account management.

What Works

  • Users can find the account.
  • Users can follow the account and receive updates.
  • Posts contain geotag metadata.
  • Posts contain a description of the place.
  • Posts contain an OSM link to the place.
  • Posts contain a custom message.
  • Posts autolink (sort of).
  • Posts can have an image attached to them.
  • Messages to the inbox are recorded (but not yet integrated).

ToDo

  • My account only has a few dozen followers, some of whom share the same sever. Even with cURL multi handle, it takes time to post to several servers.
  • It posts plain text. It doesn't autolink websites
  • Hashtags are linked when viewed remotely, but they don't go anywhere locally.
  • There's no language selection - it is hard-coded to English.
  • The outbox isn't paginated.
  • The UI looks crap - but it is only me using it.
  • There's only a basic front-page showing a map of all my check-ins.
  • Replies are logged, but there's no easy way to see them.
  • Doesn't show any metadata about the place being checked-in to. It could use the item's website (if any) or hashtags for the type of amenity it is.
  • No way to handle being unfollowed.
  • No way to remove servers which have died.
  • Probably lots more.

Other Resources

I found these resources helpful while creating this project:

What's Next?

I've raised an issue on Mastodon to see if they can support showing locations in posts. Hopefully, one day, they'll allow adding locations and then I can shut this down.

The code needs tidying up - it is very much a scratch-my-own-itch development. Probably riddled with bugs and security holes.

World domination?

Where

You can laugh at my code on GitHub.

You can look at my check-ins on a map.

You can follow my location on the Fediverse at @edent_location@location.edent.tel

https://shkspr.mobi/blog/2024/02/a-tiny-incomplete-single-user-write-only-activitypub-server-in-php/

boris,
@boris@cosocial.ca avatar

@Edent @blaine @blog I think we can interop through a form of cross posting.

Effectively, shove stuff down into a “Note” representation for Mastodon and other protocols that mostly understand microblogging.

But also emit “Place” or “Checkin” or whatever nouns for systems that can understand that natively.

And of course that’s just for servers. Clients can evolve more quickly and understand / display different nouns.

boris,
@boris@cosocial.ca avatar

@blaine @Edent @blog yes / no.

It’s not the best example because that’s just a standard Note noun again. A Recipe noun is a better example to think through.

I can’t “reply” as my FoodWiki which is the too many accounts problem again.

Somewhere in here we end up with Jaiku ;)

boris, to random
@boris@cosocial.ca avatar

OK! Looks like @cowg first episode auto-published as scheduled this morning. Woo hoo!

Posts are authored in Markdown and show as rich text (see screenshot for what this looks like in Mastodon web interface)

Still learning, looks like posts can't be edited.

https://podcasts.cosocial.ca/@cowg/posts/4a6790c5-68fd-475e-8267-a0c274634183

virtuous_sloth, to random
@virtuous_sloth@cosocial.ca avatar

Hey @coop, has anyone seen anything like this?

I decided to see what Googling my handle would return and after hitting a few on our server I got this URL which seems to be an imperfect mirror of my profile here.

https://atomicpoet.org/users/$AUnO2tvWcP1nsQHDRg

boris,
@boris@cosocial.ca avatar

@virtuous_sloth anyone that follows you, their server potentially caches some of your posts on their server

Depending on the server cache settings, it will cache your posts local to their server.

Our own servers cache for 7 days? @mick there's a difference between media and posts I think?

That other server a Pleroma install, a different but compatible ActivityPub microblogging server

@coop

boris,
@boris@cosocial.ca avatar

@virtuous_sloth

Here's an example link of me on another server https://cosocial.ca/deck/@boris@toolsforthought.social

If you're logged into CoSocial, that will load my profile and you can browse the whole thing.

If you're not logged in, it should redirect to the remote profile (try it in an incognito browser window)

I guess Pleroma doesn't do that, but it SHOULD, precisely because of the indexing thing.

@mick @coop

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • ethstaker
  • thenastyranch
  • ngwrru68w68
  • magazineikmin
  • khanakhh
  • rosin
  • mdbf
  • Youngstown
  • slotface
  • everett
  • cubers
  • kavyap
  • DreamBathrooms
  • provamag3
  • InstantRegret
  • Durango
  • normalnudes
  • osvaldo12
  • tacticalgear
  • cisconetworking
  • Leos
  • GTA5RPClips
  • modclub
  • anitta
  • tester
  • megavids
  • lostlight
  • All magazines