IRC log of social on 2024-03-01

Timestamps are in UTC.

18:03:59 [RRSAgent]
RRSAgent has joined #social
18:04:04 [RRSAgent]
logging to https://www.w3.org/2024/03/01-social-irc
18:04:04 [Zakim]
RRSAgent, make logs Public
18:04:05 [Zakim]
please title this meeting ("meeting: ..."), tantek
18:04:09 [tantek]
Meeting: Social CG
18:06:41 [eprodrom]
eprodrom has joined #social
18:07:01 [tantek]
present+
18:07:04 [tantek]
present+ eprodrom
18:07:05 [thisismissem]
thisismissem has joined #social
18:07:09 [tantek]
present+ thisismissem
18:07:09 [eprodrom]
scribe: eprodrom
18:07:18 [dmitriz]
dmitriz has joined #social
18:07:23 [ckolderup]
present+
18:07:27 [tantek]
present+ snarfed
18:07:43 [tantek]
Topic: Introductions
18:07:51 [eprodrom]
andy piper: self-introduction. Member of multiple Open Source organizations and a member of various teams, working with Mastodon and IFTAS.
18:08:26 [eprodrom]
reilly: Reilly Spitzfaden, interested in Fediverse, audio engineer
18:08:35 [Shauna]
Shauna has joined #social
18:09:28 [eprodrom]
tantek: IndyWebCamp Brighton will be March 9-10. Still tickets available. Great for locals. People doing hacking and sessions on all kinds of things.
18:09:41 [tantek]
https://indieweb.org/2024/Brighton
18:10:14 [tantek]
Tickets complimentary
18:11:14 [eprodrom]
johannes ernst: fediforum coming up March 19-20. 10 demos. Show-and-tell and unconference.
18:13:04 [eprodrom]
Topic: Meetings
18:13:17 [eprodrom]
dmitriz: we're on monthly CG meetings
18:13:25 [eprodrom]
eprodrom: in calendar, will happen automatically
18:13:38 [tantek]
present+ dmitriz
18:13:42 [tantek]
Chair: dmitriz
18:14:01 [eprodrom]
emelia smith: can we link from the home page?
18:14:04 [eprodrom]
dmitriz: yes
18:14:11 [eprodrom]
Topic: Issue triage meetings
18:14:25 [eprodrom]
dmitriz: issue triage is happening on a regular basis
18:16:35 [eprodrom]
eprodrom: is it worthwhile for other task forces to use issue triage time?
18:17:00 [eprodrom]
emelia: minutes and agenda?
18:17:04 [eprodrom]
eprodrom: yes
18:17:37 [eprodrom]
Topic: main specs
18:17:53 [eprodrom]
dmitriz: work has started on editor's drafts for AS2 and AP
18:20:59 [eprodrom]
dmitriz: route for normative changes
18:21:10 [eprodrom]
eprodrom: issues -> errata -> editor's draft
18:23:02 [tantek]
scribe+
18:23:19 [tantek]
eprodrom: this kind of implementers guide belongs in the ActivityPub primer on the wiki: https://www.w3.org/wiki/ActivityPub/Primer
18:23:30 [tantek]
eprodrom: we should link from the spec to the primer
18:24:02 [tantek]
eprodrom: all the pages in the primer are available for anyone with a W3C account to edit, will follow-up and confirm
18:24:21 [tantek]
scribe-
18:26:12 [eprodrom]
dmitriz: good idea to move wiki content into GitHub?
18:27:03 [eprodrom]
emelia: GitHub discussions or other issues?
18:27:18 [eprodrom]
tantek: questions page? Other way for people to connect?
18:28:16 [eprodrom]
johannes: lots of discussions in Matrix group, also
18:28:51 [tantek]
s/questions page/Questions page inside the Primer? perhaps eprodrom can create a Questions page inside Primer as a starting point to point people to
18:29:03 [tantek]
e.g. https://www.w3.org/wiki/ActivityPub/Primer/Questions
18:29:38 [eprodrom]
johannes: worthwhile to talk about usability, other flows, etc.
18:29:44 [eprodrom]
johannes: need a roadmap
18:30:42 [eprodrom]
emelia: iftas is working on DSA guidance for instance operators
18:31:16 [eprodrom]
emelia: DSA is digital services act, EU legislation for online services responsibilities
18:31:56 [eprodrom]
emelia: most instances fall under small, micro businesses
18:32:54 [eprodrom]
Topic: report out from task forces
18:33:09 [snarfed]
https://github.com/swicg/activitypub-http-signature/issues/26
18:33:33 [eprodrom]
ryanbarrett: working on HTTP signatures. Tentative outline, initial text, ~1/3-1/2 of report.
18:33:37 [angelo]
angelo has joined #social
18:33:45 [eprodrom]
ryanbarrett: can incorporate other work from FEPs.
18:33:56 [eprodrom]
ryanbarrett: please review.
18:34:11 [reillypascal_]
reillypascal_ has joined #social
18:34:12 [eprodrom]
emelia: note that outline does not include disparity on versions.
18:34:26 [angelo]
present+
18:34:32 [eprodrom]
emelia: upgrade on roadmap?
18:35:04 [eprodrom]
ryanbarrett: some notes on how HTTP signature works now, will consider how others use it.
18:35:54 [eprodrom]
aarongrey: would like to see alongside spec, want to see working implementations. Minimal implementations for testing. Example infrastructure that people can build from.
18:36:55 [eprodrom]
aarongrey: would give some examples for working with.
18:37:45 [eprodrom]
emelia: some implementations working on modular work.
18:38:12 [eprodrom]
dmitriz: good idea for an issue!
18:39:17 [eprodrom]
emelia: what is the next step to get to the next version?
18:39:26 [eprodrom]
ryanb: will open an issue for how to do this
18:40:03 [tantek]
scribe+
18:40:22 [tantek]
eprodrom: working on A) WebFinger ActivityPub report
18:40:45 [tantek]
eprodrom: repository here: https://github.com/swicg/activitypub-webfinger/
18:40:59 [tantek]
eprodrom: A has done an amazing amount of work
18:41:18 [tantek]
eprodrom: zeroth draft of the document published at: https://swicg.github.io/activitypub-webfinger/
18:41:52 [tantek]
eprodrom: great time to be getting feedback on this document
18:42:10 [tantek]
eprodrom: if there is anything hard to understand or follow or technically erroneous, it would be very helpful to hear that
18:42:24 [tantek]
eprodrom: by the next meeting I would like to take this from zeroth draft to a Draft Report for the CG
18:42:42 [tantek]
present+ j12t
18:43:08 [tantek]
eprodrom: I am also editing the Extensions Policy report: https://swicg.github.io/extensions-policy/
18:43:38 [tantek]
eprodrom: it's an important part of how we make the AP ecosystem a growing expanding ecosystem that covers new ways of social interaction
18:44:02 [tantek]
eprodrom: this has been published last week as an official Draft Report of the CG as agreed at the last meeting
18:44:11 [tantek]
eprodrom: good time for us to be putting some of this into practice
18:44:25 [tantek]
eprodrom: it would be good to step through this process with a widely used extension
18:44:38 [tantek]
eprodrom: there are a few popular extensions like the Security Vocabulary that might be good candidates here
18:44:54 [tantek]
eprodrom: if you have time, this is also an area to please collect some issues on this draft before we go to something final
18:45:00 [tantek]
eprodrom: one part of this policy is about versioning
18:45:25 [tantek]
eprodrom: one of the things we have tried to do with ActivityStreams context is have the tip of our version history at the W3C context document
18:45:47 [tantek]
eprodrom: but in situations where it is important to maintain an exact version of the document, we also have a version history listing, so you can say this document uses exactly this context
18:45:54 [tantek]
eprodrom: we have main links and also version links
18:46:17 [tantek]
eprodrom: we have made changes in the context since the last time we published a version
18:46:34 [tantek]
eprodrom: the current version we have listed in our version history is 1.10
18:47:01 [tantek]
eprodrom: I did a diff, I think it was A who brought it up, we have added the vCard namespace to the main context document and alsoKnownAs term
18:47:07 [tantek]
eprodrom: since the 1.10 was published
18:47:19 [tantek]
eprodrom: I propose to the group that we publish a v1.11 that is at the current state
18:47:33 [tantek]
eprodrom: that would also give us a chance to put in practice the versioning policy
18:48:16 [tantek]
eprodrom: PROPOSAL: publish version 1.11 of Activity Streams 2.0 context document based on current state of the context document.
18:48:26 [tantek]
dmitriz: let's give a second to talk about it before we vote
18:48:34 [tantek]
present+ emelia
18:49:03 [tantek]
emelia: my question is about the extensions policy, my question is about backwards compatibility. are future versions required to be backwards compatible?
18:49:29 [tantek]
eprodrom: I think that the document as described is additive, append-only structure. It does not describe a mechanism for updating or replacing terms within the existing context.
18:49:48 [tantek]
eprodrom: That is an important part, I'm going to open a ticket to note append-only backwards compatibility.
18:50:08 [tantek]
dmitriz: let's vote on the proposal
18:50:23 [eprodrom]
+1
18:50:24 [ckolderup]
+1
18:50:31 [thisismissem]
+1
18:50:35 [dmitriz]
+1
18:50:38 [snarfed]
+1
18:50:38 [tantek]
+1
18:50:51 [thisismissem]
plh: abstain
18:51:00 [tantek]
dmitriz: seeing a bunch of +1s, no -1s or 0s yet
18:51:04 [thisismissem]
bob wyman: +1
18:51:12 [tantek]
dmitriz: no objections, proposal passed
18:51:23 [tantek]
RESOLVED: publish version 1.11 of Activity Streams 2.0 context document based on current state of the context document.
18:51:50 [tantek]
thisismissem: would this be related to the licensing changes?
18:51:54 [tantek]
eprodrom: not directly related
18:52:02 [tantek]
dmitriz: yes we should do it, not necessary to be at the same time
18:52:13 [tantek]
s/emelia:/thisismissem:
18:52:24 [tantek]
scribe-
18:53:22 [tantek]
scribe+
18:53:25 [tantek]
topic: Spam attack
18:53:39 [tantek]
eprodrom: spam attack on the fediverse, mostly direct messages directed at individuals
18:53:55 [tantek]
eprodrom: looks like some kind of discord between different groups, using the fediverse as a battlefield
18:54:03 [tantek]
eprodrom: lot of work going on with dealing with this large issue
18:54:12 [tantek]
eprodrom: wanted to make sure we had a discussion here about it
18:54:39 [tantek]
thisismissem: it wasn't commercial, it was two hacking groups of kids / teenagers. one from one discord server, another from another discord server
18:54:52 [tantek]
thisismissem: the link in the spam was to the target discord to get taken down
18:55:11 [tantek]
thisismissem: we have taken away some of the heat from ActivityPub platforms. did an interview with TechCrunch
18:55:28 [tantek]
thisismissem: this is not a Mastodon platform, this is a problem with Discord in Japan allowing the kids to do hacking activity
18:55:43 [tantek]
thisismissem: a reasonably well organized group of teenagers, potentially with an adult involved
18:56:10 [tantek]
thisismissem: it was reported to Discord, specifically to their Child Abuse Department and they went "meh, not our problem because you're not a parent of any of the teenagers involved"
18:56:31 [tantek]
thisismissem: this attack leveraged outdated instances, those with open registration, then automated processes to create accounts, and send the spam
18:56:55 [tantek]
thisismissem: normally we see one instance attacked. in the case of these Japanese kids, literally 100s of servers at a time sending out the same spam.
18:57:07 [tantek]
thisismissem: so our strategy for mitigation was very different than just one instance
18:57:19 [tantek]
thisismissem: it was actually a much more sustained spam attack than what we've ever seen before
18:57:34 [tantek]
thisismissem: possibly highlights a very fatal flaw in our current open federation model that we have
18:57:55 [tantek]
thisismissem: the other thing is that Japanese police are involved. there are criminal prosecutions involved for those involved with the spam wave
18:58:22 [tantek]
j12t: if it were an actual commercial attack rather than just teenagers, do we know what the plan is?
18:58:42 [tantek]
thisismissem: I linked to a paper that was published that explores a bunch of the more sophisticated threats to the fediverse
18:59:19 [thisismissem]
https://www.tsjournal.org/index.php/jots/article/view/171
18:59:22 [tantek]
eprodrom: this is different from our current moderation based on server and account
18:59:26 [tantek]
eprodrom: not on content
18:59:39 [tantek]
eprodrom: there was no shifting of content or keyword mashing.
18:59:56 [tantek]
eprodrom: it would have been tractable with Bayesian approaches
19:00:15 [tantek]
eprodrom: we have some technical barriers to using these techniques. we need to be considering how to incorporate these techniques into our systems
19:00:40 [tantek]
dmitriz: we are at time, need to pause here, final comment thisismissem?
19:01:07 [tantek]
thisismissem: when we blocked hashtags, they adapted the spam and removed the hashtags. when we blocked images, they removed the images and started mentioning a bunch of useres. it did evolve
19:01:13 [tantek]
dmitriz: let's continue the conversation offline
19:01:22 [tantek]
dmitriz: see you all the first Friday in April, April 5th
19:01:34 [tantek]
Zakim, end meeting
19:01:35 [Zakim]
As of this point the attendees have been tantek, eprodrom, thisismissem, ckolderup, snarfed, dmitriz, angelo, j12t, emelia
19:01:37 [Zakim]
RRSAgent, please draft minutes
19:01:38 [RRSAgent]
I have made the request to generate https://www.w3.org/2024/03/01-social-minutes.html Zakim
19:01:46 [Zakim]
I am happy to have been of service, tantek; please remember to excuse RRSAgent. Goodbye
19:01:46 [Zakim]
Zakim has left #social
19:02:11 [thisismissem]
IFTAS Matrix: https://matrix.to/#/#space:matrix.iftas.org
19:03:31 [RRSAgent]
I have made the request to generate https://www.w3.org/2024/03/01-social-minutes.html tantek
19:04:17 [tantek]
dmitriz++ for chairing
19:04:17 [Loqi]
dmitriz has 2 karma over the last year
19:17:35 [thisismissem]
on misunderstandings of ActivityPub, this is one of the examples I saw going around: claims that activitypub is *push only*, which is factually incorrect (my response): https://hachyderm.io/@thisismissem/112017863938169538
19:20:40 [thisismissem]
Also, a link about the TechCrunch interview https://techcrunch.com/2024/02/21/discord-took-no-action-against-server-that-coordinated-costly-mastodon-spam-attacks/
19:21:28 [RRSAgent]
I have made the request to generate https://www.w3.org/2024/03/01-social-minutes.html tantek
19:22:05 [thisismissem]
tl;dr is that I specifically point out that another platform (a billion dollar company) failing to moderate had economic and quality of service impacts for the fediverse, and also that to better solve these problems we need more funding
22:13:42 [dmitriz]
dmitriz has joined #social