Meeting minutes
Introductions
andy piper: self-introduction. Member of multiple Open Source organizations and a member of various teams, working with Mastodon and IFTAS.
reilly: Reilly Spitzfaden, interested in Fediverse, audio engineer
tantek: IndyWebCamp Brighton will be March 9-10. Still tickets available. Great for locals. People doing hacking and sessions on all kinds of things.
<tantek> https://
<tantek> Tickets complimentary
johannes ernst: fediforum coming up March 19-20. 10 demos. Show-and-tell and unconference.
Meetings
dmitriz: we're on monthly CG meetings
eprodrom: in calendar, will happen automatically
emelia smith: can we link from the home page?
dmitriz: yes
Issue triage meetings
dmitriz: issue triage is happening on a regular basis
eprodrom: is it worthwhile for other task forces to use issue triage time?
emelia: minutes and agenda?
eprodrom: yes
main specs
dmitriz: work has started on editor's drafts for AS2 and AP
dmitriz: route for normative changes
eprodrom: issues -> errata -> editor's draft
eprodrom: this kind of implementers guide belongs in the ActivityPub primer on the wiki: https://
eprodrom: we should link from the spec to the primer
eprodrom: all the pages in the primer are available for anyone with a W3C account to edit, will follow-up and confirm
dmitriz: good idea to move wiki content into GitHub?
emelia: GitHub discussions or other issues?
tantek: Questions page inside the Primer? perhaps eprodrom can create a Questions page inside Primer as a starting point to point people to? Other way for people to connect?
johannes: lots of discussions in Matrix group, also
<tantek> e.g. https://
johannes: worthwhile to talk about usability, other flows, etc.
johannes: need a roadmap
emelia: iftas is working on DSA guidance for instance operators
emelia: DSA is digital services act, EU legislation for online services responsibilities
emelia: most instances fall under small, micro businesses
report out from task forces
<snarfed> swicg/
ryanbarrett: working on HTTP signatures. Tentative outline, initial text, ~1/3-1/2 of report.
ryanbarrett: can incorporate other work from FEPs.
ryanbarrett: please review.
emelia: note that outline does not include disparity on versions.
emelia: upgrade on roadmap?
ryanbarrett: some notes on how HTTP signature works now, will consider how others use it.
aarongrey: would like to see alongside spec, want to see working implementations. Minimal implementations for testing. Example infrastructure that people can build from.
aarongrey: would give some examples for working with.
emelia: some implementations working on modular work.
dmitriz: good idea for an issue!
emelia: what is the next step to get to the next version?
ryanb: will open an issue for how to do this
eprodrom: working on A) WebFinger ActivityPub report
eprodrom: repository here: swicg/
eprodrom: A has done an amazing amount of work
eprodrom: zeroth draft of the document published at: https://
eprodrom: great time to be getting feedback on this document
eprodrom: if there is anything hard to understand or follow or technically erroneous, it would be very helpful to hear that
eprodrom: by the next meeting I would like to take this from zeroth draft to a Draft Report for the CG
eprodrom: I am also editing the Extensions Policy report: https://
eprodrom: it's an important part of how we make the AP ecosystem a growing expanding ecosystem that covers new ways of social interaction
eprodrom: this has been published last week as an official Draft Report of the CG as agreed at the last meeting
eprodrom: good time for us to be putting some of this into practice
eprodrom: it would be good to step through this process with a widely used extension
eprodrom: there are a few popular extensions like the Security Vocabulary that might be good candidates here
eprodrom: if you have time, this is also an area to please collect some issues on this draft before we go to something final
eprodrom: one part of this policy is about versioning
eprodrom: one of the things we have tried to do with ActivityStreams context is have the tip of our version history at the W3C context document
eprodrom: but in situations where it is important to maintain an exact version of the document, we also have a version history listing, so you can say this document uses exactly this context
eprodrom: we have main links and also version links
eprodrom: we have made changes in the context since the last time we published a version
eprodrom: the current version we have listed in our version history is 1.10
eprodrom: I did a diff, I think it was A who brought it up, we have added the vCard namespace to the main context document and alsoKnownAs term
eprodrom: since the 1.10 was published
eprodrom: I propose to the group that we publish a v1.11 that is at the current state
eprodrom: that would also give us a chance to put in practice the versioning policy
eprodrom: PROPOSAL: publish version 1.11 of Activity Streams 2.0 context document based on current state of the context document.
dmitriz: let's give a second to talk about it before we vote
thisismissem: my question is about the extensions policy, my question is about backwards compatibility. are future versions required to be backwards compatible?
eprodrom: I think that the document as described is additive, append-only structure. It does not describe a mechanism for updating or replacing terms within the existing context.
eprodrom: That is an important part, I'm going to open a ticket to note append-only backwards compatibility.
dmitriz: let's vote on the proposal
+1
<ckolderup> +1
<thisismissem> +1
<dmitriz> +1
<snarfed> +1
+1
<thisismissem> plh: abstain
dmitriz: seeing a bunch of +1s, no -1s or 0s yet
<thisismissem> bob wyman: +1
dmitriz: no objections, proposal passed
RESOLUTION: publish version 1.11 of Activity Streams 2.0 context document based on current state of the context document.
thisismissem: would this be related to the licensing changes?
eprodrom: not directly related
dmitriz: yes we should do it, not necessary to be at the same time
Spam attack
eprodrom: spam attack on the fediverse, mostly direct messages directed at individuals
eprodrom: looks like some kind of discord between different groups, using the fediverse as a battlefield
eprodrom: lot of work going on with dealing with this large issue
eprodrom: wanted to make sure we had a discussion here about it
thisismissem: it wasn't commercial, it was two hacking groups of kids / teenagers. one from one discord server, another from another discord server
thisismissem: the link in the spam was to the target discord to get taken down
thisismissem: we have taken away some of the heat from ActivityPub platforms. did an interview with TechCrunch
thisismissem: this is not a Mastodon platform, this is a problem with Discord in Japan allowing the kids to do hacking activity
thisismissem: a reasonably well organized group of teenagers, potentially with an adult involved
thisismissem: it was reported to Discord, specifically to their Child Abuse Department and they went "meh, not our problem because you're not a parent of any of the teenagers involved"
thisismissem: this attack leveraged outdated instances, those with open registration, then automated processes to create accounts, and send the spam
thisismissem: normally we see one instance attacked. in the case of these Japanese kids, literally 100s of servers at a time sending out the same spam.
thisismissem: so our strategy for mitigation was very different than just one instance
thisismissem: it was actually a much more sustained spam attack than what we've ever seen before
thisismissem: possibly highlights a very fatal flaw in our current open federation model that we have
thisismissem: the other thing is that Japanese police are involved. there are criminal prosecutions involved for those involved with the spam wave
j12t: if it were an actual commercial attack rather than just teenagers, do we know what the plan is?
thisismissem: I linked to a paper that was published that explores a bunch of the more sophisticated threats to the fediverse
<thisismissem> https://
eprodrom: this is different from our current moderation based on server and account
eprodrom: not on content
eprodrom: there was no shifting of content or keyword mashing.
eprodrom: it would have been tractable with Bayesian approaches
eprodrom: we have some technical barriers to using these techniques. we need to be considering how to incorporate these techniques into our systems
dmitriz: we are at time, need to pause here, final comment thisismissem?
thisismissem: when we blocked hashtags, they adapted the spam and removed the hashtags. when we blocked images, they removed the images and started mentioning a bunch of useres. it did evolve
dmitriz: let's continue the conversation offline
dmitriz: see you all the first Friday in April, April 5th
<thisismissem> IFTAS Matrix: https://
dmitriz++ for chairing
<Loqi> dmitriz has 2 karma over the last year
<thisismissem> on misunderstandings of ActivityPub, this is one of the examples I saw going around: claims that activitypub is *push only*, which is factually incorrect (my response): https://
<thisismissem> Also, a link about the TechCrunch interview https://