
ActivityPub Could Be the Future - Kye
https://kyefox.com/2020/04/09/activitypub-could-be-the-future/
======
rapnie
A lot of negativity in this thread. Not earned, imho.

I see Mastodon being mentioned a lot (and sometimes Pleroma) as if that is the
only application to access the fediverse.

ActivityPub is still in early stages of adoption. It is great that these apps
have proven themselves in production (with a couple million users) based on a
v1.0 of the spec where intentially a lot of things were left out, like authz,
account discovery, search, etc.

Right now, based on experience and with a good base of knowledgeable AP devs,
the spec is evolving. With its flexibility and JSON-LD at its base federated
applications can be created for any number of domains.

And this is happening. Almost every week there are new project announcements
that adopt AP in some way. They will not all federate with Mastodon from the
start, and there are many challenges to be tackled to make a seamless
fediverse integration smooth sailing.

Here is a good AP project watchlist:
[https://git.feneas.org/feneas/fediverse/-/wikis/watchlist-
fo...](https://git.feneas.org/feneas/fediverse/-/wikis/watchlist-for-
activitypub-apps)

There is an online AP conf in October for those interested:
[https://conf.activitypub.rocks/#home](https://conf.activitypub.rocks/#home)

For questions you can go to these forums:

[https://socialhub.activitypub.rocks/](https://socialhub.activitypub.rocks/)

[https://talk.feneas.org/](https://talk.feneas.org/)

~~~
thejohnconway
As someone who has tried to implement ActivityPub (for my personal site), I
think the negativity is largely justified.

In my opinion, ActivityPub is way too complicated, and federating is just too
hard to do for smaller projects. You mention that there are many new projects
– this has been the case for a while. Last time I looked, nearly all of them
had failed/stopped/paused before actually getting federation working. The test
suite is down, and has been for at least a year:

[https://test.activitypub.rocks](https://test.activitypub.rocks)

I think that ActivityPub should have started out far simpler, and it should
have been in reach of hobbyist developers. Something probably closer to RSS,
with verify-from-source rather than cryptographically signed posts.

Just my experience, obviously. I would love to be able to write and run my own
little Twitter-like instance that people can subscribe to, but I can't because
ActivityPub was too difficult for me to get working.

~~~
gargron
Do you want something that works well for millions of real users or do you
want something that's simple to implement for hobbyist developers? I
personally don't even think that ActivityPub is that difficult to implement,
I've written a tutorial [1] on it, but it seems like a misguided goal to me to
prefer simplicity over other factors like fitness for a particular purpose.

[1]: [https://blog.joinmastodon.org/2018/06/how-to-implement-a-
bas...](https://blog.joinmastodon.org/2018/06/how-to-implement-a-basic-
activitypub-server/) [https://blog.joinmastodon.org/2018/07/how-to-make-
friends-an...](https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-
verify-requests/)

~~~
thejohnconway
Hi Gargron, ideally I want both, obviously! I like Mastodon, as open source
software that can federate with other instances, it's very neat. I'm just
disappointed that the federation specification is too hard for me to get
working, and that appears to be the case for other people as well, given how
many fail to implement it.

I did follow your tutorials, by the way, but I got stuck on certain things
(cryptographic signing being the main one I remember), couldn't test them
easily with the test suite being down, and gave up eventually.

Am I too stupid? Probably. But I can imagine a spec that gives me practically
everything I want in a decentralised Twitter replacement being almost as
simple as RSS or JSONfeed for example, which took me a few hours to implement.

------
dependenttypes
My issue with ActivityPub is that it is yet another overengineered
specification by w3c that somehow despite being a bloated mess manages to miss
important features (such as end-to-end encryption for DMs or end-to-end
authentication, now you can have admins forging posts in the names of their
users and/or reading their DMs, which is not that big of a threat for the
average person when you are in a big semi-serious platform like twitter but it
is when your admin is some random dude online). In addition it depends on
stuff that are universally despised, such as JSON-LD, and it forces federation
down your throat (you can't use it in a distributed way like bittorrent for
example, your user is binded to the domain name of your instance).

~~~
rapnie
I think you are off the mark and reposted an article explaining how the spec
should be interpreted [0].

If the spec had added auth, authz, e2ee and such, then it had been
overengineered. They were left out intentionally because of the complexity
involved in decentralized environments. Something a bunch of other specs-in-
the-making are struggling with for years. And things that may be adopted in
vNext versions of AP.

There is nothing as far as I know that precludes AP from being used in pure
p2p applications, other than that p2p software in general knows more
challenges than federated ones.

And the spec is written such that any dev can treat the message format as
plain JSON. They only need to add a fixed @context property, so it can be
processed as JSON-LD by those who want to use the additional power that
offers.

[0]
[https://news.ycombinator.com/item?id=23857644](https://news.ycombinator.com/item?id=23857644)

------
fiddlerwoaroof
One thing that sort of annoys me about ActivityPub is that, as far as I can
tell, there's no good way to have a statically generated ActivityPub feed that
can be followed by Mastodon users

~~~
berkes
I'm not familiar enough with the intricacies of your case, but it certainly is
possible.

E.g.
[https://github.com/ufosc/TheIsolator](https://github.com/ufosc/TheIsolator)
is a way to publish your static site updates, on deploy, to your AP followers.
I've seen similar tools/attempts for Hugo and Cobalt.

~~~
PersonalOps
I came here looking for a way to do exactly this, but it looks like
Thelsolator is unfinished with the Go code only printing "Hello World!"

~~~
berkes
Are you referring to [https://codeberg.org/jlelse/hugo-
activitystreams](https://codeberg.org/jlelse/hugo-activitystreams) for "Go"?
Description here: [https://jlelse.blog/dev/activitystreams-
hugo/](https://jlelse.blog/dev/activitystreams-hugo/).

I have no experience with this but I have experimented with TheIsolator for my
jekyll blog. Its simplicity appeals to me.

------
corty
Mastodon is a foam of filter bubbles. If the rest of the ActivityPubIverse
looks like that it will be even worse than Twitter or Facebook in the bubble-
induced problems.

~~~
bastawhiz
Is your complaint that federated social media has needed to block content such
that it's now worse than non-federated social media? Wasn't the promise of
federated social media to solve (at least in part) this very problem?

~~~
posguy
OP is complaining in part about the instance blocks (eg: most instances block
FreeSpeechExtremist.com and instances that carry child porn) and users
blocking other users across instances.

If these tools were not available, most instances would be overwhelmed with a
firehose of garbage content.

~~~
bastawhiz
Isn't that objectively a good thing? The whole point of federation is to give
each instance control over what is allowed and is not allowed. Surely the root
of the complaint cannot be "everyone must consume and accept all content,"
because anyone can already create their own instance if they feel they're
being limited? Or is it more simply "I'm not allowed to spread my views in
places where they're unwelcome"? The latter is a complaint about human nature,
not about the technology.

~~~
lmm
We were sold on the promise of each _user_ having control over what they see.
In practice it's become like the bad old days of the usenet cabal: the network
is run by a club who dodge accountability by having no official power, but if
they don't like you then no-one will peer with you, so de facto everyone has
to use their servers and follow their rules.

~~~
sudosysgen
But you can just roll your own private server, and presumably no one will have
the time to ban you. The barrier to entry is much much lower.

~~~
lmm
> But you can just roll your own private server

You can run your own private island, but if you want to be "part of the
fediverse" then you need to peer with servers in the main network, right?
Which means tyranny-of-structurelessness organisational politics, because each
admin gets to make their own rules about who they peer with, and so if there
are disagreements in the network then you have to pick a side.

~~~
herio
> You can run your own private island, but if you want to be "part of the
> fediverse" then you need to peer with servers in the main network, right?
> Which means tyranny-of-structurelessness organisational politics, because
> each admin gets to make their own rules about who they peer with, and so if
> there are disagreements in the network then you have to pick a side.

Sounds like normal human interaction to me. This is a feature, not a bug as
far as I'm concerned.

~~~
lmm
True enough, but in the same way that mob rule is the normal human interaction
pattern and a right to free speech or a fair trial is an unnatural exception.

------
dpc_pw
No it won't. All these federated protocols are doomed to die out of spam,
centralization, censorship churn.

People really have to watch what Urbit is doing and understand why. Anything
less is insufficient.

~~~
olah_1
ActivityPub isn’t great, but anything is going to look bad when compared to a
utopian pipe dream.

Im looking forward to a better comparison in Q4 or Q1 2021 when Urbit is more
usable for regular people though. As of now, I don’t suspect that anyone will
pay $10 for a VPS and $5 for (reliable) star service.

It should be noted that when I critiqued ActivityPub here a couple months ago,
a main developer of the spec was very supportive and already on top of the
improvements that I was hoping for (such as being less reliant on servers,
more true decentralization, etc)

~~~
dpc_pw
It's not a pipe dream. I'm using Urbit on a daily basis, and this year I'm
having a blast with it - in particular because of high barrier to entry, the
conversations there are really great with the most geeky and motivated people.

Lots of features are there, it got faster, more stable.

There's no need to pay for anything. Urbit planets are usable from desktop,
and don't really need to be turned on all the time. Urbit should have no
problem eventually running from a phone, which is like 99% online device for
me anyway.

Federation of services running on Unix machines is just not going to work.
That's how Internet used to work, and it was not practical so it degenerated
into what we have right now.

~~~
olah_1
Full disclosure I have been on Urbit (probably talked to people for 3 hours in
total and spent 12 hours total setting it up and tinkering with Hoon).

Great conversations with interesting people has exactly zero bearing on the
quality of the project. I have had great conversations on IRC.

You do need to pay for a planet of course (because of the “skin in the game”
concept that urbit people are obsessed with). But I’m speaking of paying for
Star service though. Yes, stars are free now, but the whole point of Stars is
that they will not be free. Otherwise they will serve you ads or do some other
things to be sustainable. And in my experience, stars should be a paid service
even today, because the connections are so unreliable that it is just beyond
frustrating.

If Urbit is a toy, it’s a really good one. If it’s a tool for communication,
it’s terrible and you’re better off with literally anything else. I mean, it
doesn’t even have notifications so idk how it’s useful for a communication
today.

That’s why I’m saying to just wait til Q4 or Q1 and see where it’s at.

Why are you poo pooing federation when Urbit is a federation of Stars? What
are you even saying? Every decentralized mesh network today still requires a
federation of relay servers. Unless you’re talking about going around the
whole networking stack as it is today. But in that case, nobody would need
federation and Urbit wouldn’t be the only solution for that either.

My comment is overly long already, but I feel compelled to also say that Urbit
is bad for privacy today as well.

~~~
dpc_pw
> Why are you poo pooing federation when Urbit is a federation of Stars?

Because I own my own identity, and can move it to another star quite
seamlessly without losing my ID and all connections I've made. And I'm not a
second class citizen in the system because of that.

With Federated protocols I can create my own instance, sure. Then I do own my
identity, at the cost of all the administrative overhead and being a second
class participant. Spam and abuse are an unsolved problem at the core of the
legacy Internet and all these federated protocols can't do anything about it.

If I own an instance I have to deal with it (spam and other abuse) myself, and
constantly fight the fact that other people think I might be a potential
abuser myself, which puts people on minor-instances at a disadvantage.

So natural economic and social forces constantly push the system to centralize
and that's exactly what we're seeing with everything on the Internet.

~~~
olah_1
Decentralized Identifiers / accounts are being added to every federated spec
that I know of. So I think everyone is aware of the issue there.

Regarding spam and abuse, what deters that on Urbit? The cost of a planet?
Planets are only as valuable as the Social capital that they’ve built up. If a
planet has no mutual “friends” with me, I’m not trusting that planet, period.

~~~
dpc_pw
The planet starts with a value you paid for it. Which makes the owners at
least start with some skin in the game.

I'm looking forward to see how decentralized identifiers will work in
practice. It's a step in the right direction, though I don't think it will be
enough on its own.

~~~
olah_1
The real spam prevention will always go back to reputation and web of trust.
Even people writing for urbit understand this. The idea that $10 solves
everything is silly. Ultimately the $10 thing (and even the limit to the
number of planets) is impotent in the face of natural reputation.

> By convention, booted addresses are expected to have some existing
> reputation outside of their name alone, since they’ve been used on the
> network. Reputation, good and bad, comes in many forms. Did the address
> operate any useful infrastructure? Did it get placed on any blacklists for
> spam or abuse? Did it simply send and receive messages? The ability to
> programatically track reputation is still in its infancy, but we expect the
> tooling to develop as urbit grows.

[https://urbit.org/blog/value-of-address-space-
pt3/](https://urbit.org/blog/value-of-address-space-pt3/)

This is to say that you do not need limited address space or even a cost
barrier to have spam prevention.

------
simula67
It is not possible to have a decentralized meeting place. Meeting places are
supposed to be centralized, that is their point.

Many people say that they should consider Mastodon like email, but even then,
there must be a forum where people need to meet in order to find like minded
people and collect their email addresses. The moment such a forum develops,
powerful people whose power is threatened by the meeting of such people will
attack and destroy these meeting places. This will stop dissidents from
getting their message out.

It was just a happy accident that town squares (where people were forced to
come in order to buy and sell things) were owned by the government. Therefore
a restriction on the government to stop it from restricting people to voice
new ideas would mean that people would be exposed to new ideas. In this way,
people were "forced" to consider new ideas or starve (If you did not go into
the marketplace - which hosted the town square, you may starve as you could
not get tomatoes or whatever. But if you did go, you will have to hear new
ideas).

Today the town squares are Twitter, Facebook etc which are privately owned. If
you cannot be on Twitter, Facebook etc you are screaming into the void. No one
will hear your ideas. This will make the world less dynamic and less
responsive to changing situations.

We are screwed.

~~~
forgotmypw17
I'm working on a project which attemps to address this issue.

It uses a portable storage format to allow you to move user profiles, threads,
and entire communities wholesale, between servers, as well as keeping them
synchronized.

To use the town square metaphor, it's like meeting up downtown, but then
inviting everyone to relocate to your place. (Except for the rude bigot and
the annoying MLM promoter.)

------
rsa25519
A good rule of thumb: Centralization has the optimal best-case.
Decentralization has the optimal worst-case.

For example, Bitcoin, while robust and reliable, is slow. Discord, while
sometimes down, is generally fast and featureful.

~~~
alwillis
_For example, Bitcoin, while robust and reliable, is slow._

For normal, everyday transactions, the Lightning Network is what people use,
where transactions take only seconds:
[https://medium.com/@The1Brand7/lightning-
faq-67bd2b957d70](https://medium.com/@The1Brand7/lightning-faq-67bd2b957d70)

------
0xy
>As I write this, Facebook has just lost 25% of its share price on the
announcement that it expects weak growth.

Facebook is less than 5% down from its all time high.

Separately, if I'm understanding Mastodon right then it's worse than
centralization. In my experience, admins and moderators of smaller communities
(subreddits and Discord channels) are substantially worse than centralized
rule enforcement.

People get banned from subreddits without even posting in them. Massive
censorship is common as well. For example, during the Pulse nightclub shooting
the news was totally absent on reddit's frontpage due to widescale censorship
in multiple major subreddits. It was prominent on both Twitter and Facebook
though.

~~~
yborg
>I don't use X, but I'm now going to tell you why X is shit based on "my
experience" with something totally different

You don't like the mod policies of a Mastodon instance, you find another one.
You don't like the mod policies of a centralized platform, you're off the
platform entirely. You can view the vast majority of the Fediverse feed,
including poorly-peered domains by being on 2 or 3 instances.

~~~
0xy
(censorship practices of centralized platform mod team) < (average censorship
practice of some power hungry mod in a small community)

This has always been true everywhere.

