Meetup. And I’d like to see nostr make a reddit clone. I love lemmy, I don’t love my identity being tied to an instance. A platform based on nostr’s protocol would solve that.
A lot of the ideas presented on this thread are less applications for federation and more applications for blockchain of some kind. For example, wikipedia or uber eats replacement. Before you blindly downvote me for this suggestion, let me explain why.
In federation, you have servers which talk to each other. Users own their own accounts and there are multiple repositories of information. Lemmy is a repository of links and comments, each lemmy instance has its own repository. Mastodon is a repository of tweets, replies, and DMs. This works great. Everybody makes their own repository of information, and users can subscribe to any repository they like. They can also, via federation, access other repositories and “pull” or “push” data to them. That last sentence is the magic of federation you don’t get on platforms like Facebook. ActivityPub and federated platforms solve this problem of provider lock-in, at least partially.
This fediverse is not great when you need to establish a single repository of information that everybody in the network uses and is in sync for all users. Because it has no mechanism to arrive at consensus as to what should go into that authoritative repository. Even if all participants can be relied to act honorably (something the internet rarely provides), there will be disagreements about what should go into that repository. Edits may come in at different times, how do we resolve which edit goes “first”? Because it may make the second edit irrelevant, etc. Federation can’t solve this problem. ActivityPub can’t solve it and Nostr can’t solve it. But…
This is the exact problem blockchains solve: how can you establish a centralized repository of information (ledger) and administer it in a decentralized, P2P way where you can’t trust all participants to honestly participate? You cannot develop P2P systems which maintain a centralized repository of information without blockchain because no other P2P system has been able to solve this problem. There is no other mechanism of arriving at consensus and prevent sybil attacks.
Wikipedia? Centralized repository of information. Uber eats? Centralized repository of foods available, drivers, customers, and orders. eBay? same. And by the very nature of blockchains, they can also have an economic layer built into them which provides a means of exchange among participants. Useful for an eBay replacement, maybe less useful for a wikipedia replacement. Those means of exchange (“tokens”) can be used not just for transfer of funds, but also for things like building/scoring user reputation and incentivizing specific behaviors, especially if you want to incentivize behavior that is contrary to a user’s normal economic interest, such as providing a subsidy for restaurants on Uber who use more expensive, but more sustainable food packaging.
The non-P2P solution is to trust the administration of this centralized repository to a trusted authority. We trust wikipedia to administer articles and decide what ultimately goes in them. That system works fine for wikipedia, I’m not convinced we need a decentralized version.
There are many blockchains with various technical attributes which may work better or worse for solving these problems. They may use proof-of-work, proof-of-stake, etc. Some are more decentralized than others and have features like censorship resistance, privacy, smart contract, etc. But they solve this exact problem.
Isn’t the point of blockchain that it’s immutable? What about people who want to delete their own stuff? Or even mods or admins that have to delete stuff for legal reasons?
Immutability is not bad, there are some situations you want immutability. For example, to secure voting systems, you may want to be able to write on the chain that “precinct 156 reported votes x/y/z in this quantity” so that if anybody comes along and tampers with those numbers later on, you can point to the chain and say “no see, actually, these are the real original numbers that the precinct published”. The precinct could lie about their numbers of course and publish bad numbers to the chain, blockchain doesn’t protect against that (unless the votes themselves are recorded on the chain by the individual voter), but the blockchain protects against those numbers changing in the future or another party incorrectly claiming they are a/b/c when they are actually x/y/z. That’s a situation where immutability helps. Same with financial transactions. If you sent somebody money, you want a record of that (a receipt) if they later claim you never sent it to them. Examples of records which have a high degree of immutability that people use in everyday life are: court records, census data, house deeds, etc.
Blockchains usually have some degree of immutability but from a technical perspective they don’t necessarily have to. If we’re talking about data storage, you don’t have to store the data itself on the chain, the chain data can just “point to” off-chain data which you can take down or modify at will.
An example of a scenario where this could work is: you have a blockchain for coordinating the sharing of medical information between different parties. You, as a user, have an account on this blockchain. The only data stored on chain is a list of parties and who you have authorized to receive your medical data along with a pointer to a file storage system like Amazon AWS which contains your medical data in encrypted format. You can add or revoke authorization at any time by changing how that data is encrypted. Whoever you gave authorization to prior may have made a copy of the data at that point in time, but you can block them from accessing new data you put out. When Amazon AWS gets a request to transfer a copy of your data to a new party, they can check the blockchain to see if that party is authorized to receive it.
The benefit of such a system would be that:
Your medical records are yours and stored in your own data storage system over which you have complete control.
You can choose to share it with parties like insurance providers or researchers who need large medical data sets to comb through.
You could set this control at a very granular level or grant access to all your data.
Your data becomes portable between insurance providers and your insurance provider can’t make your life difficult by refusing to export data to your new one.
That’s useful for “real life” data, so to speak, stuff that should be immutable, save for a few occasions, like correcting errors; but my question was geared towards internet content. Taking your example of Wikipedia, if the service suffers from a wave of trolls, as it exists today, it can roll back the changes. With a blockchain? That’s significantly harder, especially if useful edits happened in the meantime.
There’s also this problem:
you don’t have to store the data itself on the chain, the chain data can just “point to” off-chain data which you can take down or modify at will.
Supposing this Wiki doesn’t store any of the content, then the endpoints become the targets, which beats the whole purpose of the blockchain resilience/immutability. An endpoint that can’t be reached is useless, one that has been compromised is even worse. You can trust the blockchain, but not the endpoint. And if the endpoint is where the “real stuff” is at anyway, why even bother with a blockchain?
Taking your example of Wikipedia, if the service suffers from a wave of trolls, as it exists today, it can roll back the changes. With a blockchain? That’s significantly harder, especially if useful edits happened in the meantime.
I’m not convinced we need a Wikipedia that runs on blockchain, but for the sake of it being an interesting question, I’ll answer it. Firstly, having a revision history is not bad. If you go to any wikipedia page, you can see most of the edits made, even those made by trolls, and the moderation decisions around those edits. This is good for transparency. When a user visits wikipedia, they see the “authoritative version” of that page, but the revision history is available to them if they want to read it. So with blockchain, you can roll back changes by changing which set of data is the “authoritative version” and you can have revision history, they are both important features.
There are a few types of data that are so harmful we can’t have them, even in the revision history. For this kind of problem, we reduce immutability (as referenced before by using pointers instead of storing data on-chain), or we can prevent that data from being put into the chain in the first place. An example of a way to do this is to require that every new block (every revision to a wikipedia page) be approved by a set of users who have reputation >x. Maybe that means a moderator has to sign off, or 10 regular users with at least one approved edit, you can set the threshold however you like and assign reputation however you’d like. As a user’s reputation is recorded on the blockchain, any node can easily verify their reputation amount.
Supposing this Wiki doesn’t store any of the content, then the endpoints become the targets, which beats the whole purpose of the blockchain resilience/immutability. An endpoint that can’t be reached is useless, one that has been compromised is even worse. You can trust the blockchain, but not the endpoint. And if the endpoint is where the “real stuff” is at anyway, why even bother with a blockchain?
The purpose of the blockchain in this wikipedia example is to:
Establish a single authoritative version of wikipedia that the entire globe can see and submit edits to (unlike a federated version where you have multiple versions of wikipedia hosted different places). This is “single authoritative copy administered by people you can’t trust to be good actors” is the essential problem blockchain solves.
Censorship resistance or resistance to “attackers” may not be an important thing for a wikipedia clone. Resistance to attack depends on your threat model, who the attackers are, what kind of resources they have, how you can resist those attacks, etc. Right now, Wikipedia is a single centralized entity and has done quite a good job at resisting attacks aimed to force them to make editorial decisions they don’t want to (mostly because of their reliance on the protections provided by the US legal system. If that system collapsed for some reason, their attack resistance might drop significantly). So if we clone wikipedia and make it decentralized, I think one could increase that security, but I’m not convinced that’s needed in the first place.
It doesn’t matter if the data is ultimately stored at some endpoint, the blockchain is less about storage of data and more about arranging the data in order and establishing a single authoritative copy. It’s the medium through with users administer the data.
“You can’t trust the endpoint”, this is true but maybe not in a way that matters. It’s true that the endpoint can send you bad information, but you can verify if the information is good or bad based on a cryptographic hash from the blockchain. Endpoints can have a reputational score on-chain and if they aren’t doing their job properly, they can cease being used as an endpoint at all. There could be multiple endpoints for any given piece of data for redundancy and to protect against a scenario where an end point, maliciously or not, becomes unreliable. Also, there are decentralized data storage options out there with varying degrees of usefulness for this application: torrents, IPFS, Filecoin, jstor, etc.
Whether it’s impossible is up for debate. Deleting your data from any social media or google-like platform is pretty much impossible. Deleting your old blogger that hasn’t been archived in any manner, perfectly doable.
There’s also the blatantly illegal stuff that is removed from the wider net whenever it’s found, like child abuse stuff. Imagine that kind of thing being available “forever” in a blockchain.
I meant in the sense that if someone got a copy while it was up, then it’s not really gone. Even if the statists try to exterminate all copies, they will probably fail.
After all, even the pirate bay is still reachable in the clearnet. There is stilln a long way to go before they can really stamp out thoughtcrime.
It looks like they really wanted to get both frames in one picture, so they did the obvious thing…load one frame on your phone, another frame on your partners, and then take your 2007 flip phone out of the drawer and use that to take a picture of both of them.
Side note: why is it SO HARD to put two images together into one image file on a smartphone? There are multiple apps that want $1.99/mo for the privilege of making a collage, Instagram Layout has been broken for years now, and the first party solutions (particularly Google Photos) are overengineered in some big ways (like not allowing you to make a collage without some kind of border) and underengineered in others (like not allowing you to choose an image from a search, make a different search, and then choose another image). And as far as I can tell the only way to actually put one image on top of another is to use Double Exposure on Snapseed.
We’ve had this problem solved on Windows for literally my entire life, and I’m pushing 40. So why can’t we figure out basic, no frills raster editing on mobile? I’m not even talking about layers (though, yes please). I’m talking about pretty much anything other than a filter.
I mean that. I’m not being sarcastic. I love that idea. I just don’t have the capacity for something like that; I just want something built in to Android.
The answer is that app stores are designed to rake users over the coals for all the money they can. Part of the reason I have never made my phone the center of my computing. It’s too expensive and crap of an experience. I have just always made a habit of carrying around my laptop almost everywhere. I have an old phone (now PinePhone) for calls, texts, music, basic web browsing and internet tethering for the laptop.
Right, but you could say that about…anything. And there are FOSS solutions on FDroid and even the Play Store for a ton of other problems, so why not image editing?
I suppose I hadn’t considered nor know much about slideloaded solutions as my previous phone was an iPhone 5c. It was a handmedown from my parents.
I don’t really like the lack of hardware support on the Android side (parts availability). Not exactly like it’s much better on the iPhone side either. So I went with the PinePhone. Linux on there is very barebones but at least the parts are available. If I am going to use my phone in a barebones manner then why buy in to an expensive fixed life device?
Not exactly a knowledgeable user. Just another user frustrated by the subscription/throwaway economy. I realize this wasn’t really a relevant answer to your question but more how I adapted to the worthless app store.
BTW, one of the few apps I did purchase was 1Password. $60 for the Mac app and $40 for the iOS app. So $100 all in all. Those ass hats switched to subscription only the very next version citing we need funds to further develop the security. That plus a couple other examples is why I gave up on paid proprietary software on both devices. I’m full force trying to find FOSS solutions instead. Not that many exist for mobile or even desktop as you have also discovered.
I don’t generally have a problem paying for an app, it’s the subscription model I hate. And because of business practices outside the FOSS world, it seems like FOSS is the only place to get anything reasonable.
My Samsung does it very easily with decent customization options in Gallery (and has for at least two phones). What phone are you using that can’t? I agree the collage feature in Google photos is lame.
Gotcha! I’ve stuck with Samsung because they make a phone that will fit in the pathetic excuse that is women’s pants pockets. My husband tried to get me to switch to the Pixel but it was too big.
Pocket extensions are a great beginner’s sewing project, nobody can see your pockets in most pants so it doesn’t matter if your stitches are uneven. A basic sewing kit is all you need, you don’t even need a sewing machine.
HOWEVER, it doesn’t mean it wouldn’t actually work. Google Play store just started doing this crap based on target API version. Due to that I often search Google for apps, check results from Play Store, and try getting an APK somewhere if I find app that looks interesting. The risk of that is obvious, just like with mod apks.
Edit: In case you trust me (which you really shouldn’t as I am just a stranger), I used this APK extractor: F-Droid linkGithub link
And uploaded the APK here: d.kuku.lu/ss3xcf7fe VirusTotal report shows the hash matches already checked Joint Pics_1.2.0_Apkpure.apk so it seems unmodified by the APK extractor (well, that’s what it said before my checks anyway as it uses filename from last previous check). It also came out clean, but that’s not 100% to be trusted, as usual.
You say “gallery,” but do you mean “Google Photos?” And if so, did you miss the part where I said that exists but is weirdly both over- and underbuilt?
I don't think the fediverse needs more platform alternatives.
What I really think we need is a way for people to use one fediverse account to log into different interfaces, so people can try out a new app / interface without starting a new account. Many apps can do this, but web apps generally cannot, they're generally tied to an instance.
This requires having an identity that is separate from an instance. This is what nostr does and why I prefer it over mastodon. It also means if your mastodon or lemmy instance closes up shop, you don’t lose your post history, DMs, followers, etc.
If you are talking about something like openauth (where you sign into some random website using your Google account) yes, but your base identity is still tied to Google. So if Google goes down, you lose your google account, and you also lose your account at every other website you logged in to using your google account.
If you are meaning transfer your account from google to say office365, this is possible but there’s a few problems:
If your instance shuts down without doing this, you lose everything
How does your instance choose which instance to transfer it to? What if users don’t like that choice?
Transferring means sharing your login credentials with the new instance.
Your “username” that you share and post online for people to follow you has changed. It’s no longer user@instance but user@newinstance. Some kind of a redirect could be setup I suppose.
Some of these problems are solvable with some changes to the AP code. Some of them are not, at least not without a rewrite of the entire AP structure. Nostr sidesteps all these issues by simply not having your username tied to an instance in the first place.
If you are talking about something like openauth (where you sign into some random website using your Google account) yes, but your base identity is still tied to Google. So if Google goes down, you lose your google account, and you also lose your account at every other website you logged in to using your google account.
Yeah, essentially that. The back-up plan in case your instance goes down is a separate issue, my main plan is just that users shouldn't need a new account for each fediverse application they want to try, considering one account is already able to make any kind of post.
You could have one instance offer more than one platform, though, and you can already use multiple frontends with whatever instance you’re on. Kbin, which you’re on, actually tries to do the Swiss army knife thing IIRC.
You can log into a pixelfed app on android with a mastodon account. Why can't you log into a pixelfed web frontend with a mastodon account? What law of physics makes that impossible?
It doesn’t even sound like they securely bring over the password, which presents a little bit of a phishing threat if people are re-entering their Mastodon password into third party apps like this one.
Edit: Yup, here’s a video/gif. I’d do a federated link but I’m not sure Lemmy supports that yet.
You could totally copy someone else’s Mastodon this way, so that’s fun.
It would still be a separate account, but yes, seamless migration to a new instance could be a thing. There’s scripts for it already. OPs suggestion that you can just move between instances with the same account isn’t how the fediverse works.
If you just want to been on Pixelfed and Mastodon, your instance giving access to both would be the cleanest, best way.
Ah, sorry. Didn’t notice, there’s a few people talking to me.
Yes, it’s not a thing that could work. If you had some centralised way to handle accounts it wouldn’t be federated anymore. It would be another (semi-)walled garden or some kind of blockchain-ish thing, but either way it wouldn’t be ActivityPub-complient.
What does that mean? When you post, who’s server’s outbox do you post from? Inboxes and outboxes by server are a central part of the standard.
You can copy over a user, and make another similar account (like pixelfed), or you can do stuff on that server from another federated server, but at the end of the day you’re not on the same account on different servers.
Unless you changed activitypub, right?
Sure. It’d be a pretty huge departure, though. To a weird degree, like Coca Cola leaving the beverage business becoming a tire company.
If you wanted to make a new protocol, you could go beyond federation and have a fully decentralised system where everything happens on arbitrarily many servers in parallel, but that would be a lot of work and probably data-heavy before any users walk through the door.
What does that mean? When you post, who’s server’s outbox do you post from? Inboxes and outboxes by server are a central part of the standard.
The server my account is stored on.
or any other, I don't give a shit, I'm not sure why this would make a difference, but that seems like the obvious answer to me.
You can copy over a user, and make another similar account (like pixelfed), or you can do stuff on that server from another federated server, but at the end of the day you’re not on the same account on different servers.
I don't know why the current pixelfed app needs to make a separate account.
I gather it finds that solution most convenient, as it means the fewest interactions with the Mastodon server, and there's currently no straightforward for the current pixelfed app to establish a secure long-term session with a non-pixelfed server. I understand that it currently does make a separate account.
I don't understand why it is inconceivable for the activitypub protocol to support such communication. eMail has multiple standards that let me log into Thunderbird from non-Thunderbird email servers.
Sure. It’d be a pretty huge departure, though. To a weird degree, like Coca-Cola leaving the beverage business becoming a tire company.
If you wanted to make a new protocol, you could go beyond federation and have a fully decentralised system where everything happens on arbitrarily many servers in parallel, but that would be a lot of work and probably data-heavy before any users walk through the door.
I feel like you're describing something I'm not calling for. I'm not calling for accounts to be mirrored to multiple servers. I'm calling for a system where client applications can access different servers without copying accounts to a more familiar server.
And I feel like I’ve explained in as much depth as I can quickly what the problem is. I’ll pass the ball over into your court now. Propose an architecture that can do this, prove me wrong.
Like, if you have specific questions I’m here, but it would be a waste of both our time to go “no, you can’t; yes you can” back and forth.
I'm not saying "yes, you currently can do this with the activitypub protocol as it is," I'm saying this feature could be added to activitypub, and I've made specific references to protocols like POP and IMAP that handle logging into email servers from various client applications. I'm not going to code it myself, I'm an attorney, but I do know enough about computer science to know that there is no computabilty issue with my proposal, and that you dislike it primarily because you don't currently have an idea for implementing it, which is not my concern at all.
It’s not just computability, networks are involved. If this was all on one machine, you’re right, there’s no reason you couldn’t change it, but there’s delays and information losses and even bad actors involved. To deal with this, ActivityPub assumes users are confined to servers at the very core of it’s concept.
I’m not an attorney, but I know enough about the law - or at least policy - to attempt an analogy. It’s like a legislator trying to add a requirement that all corporations are fiduciaries to their clients. Fiduciaries exist, and work. They couldn’t work like that, though, because a market economy assumes a certain amount of pursuit of self-interest. How the hell would a corporation handle all the conflicts of interest that would arise? What happens when they inevitably misunderstand what the interest of a client is? What about when there’s multiple parties fulfilling different functions in the same project, but who may have competing interests?
You could try and make a non-market system where production is handled by fiduciaries, and you could even call it “capitalism 2.0”, but it wouldn’t really be capitalism anymore - that would be the blockchain thing. I don’t know what the Pixelfed approach would be equivalent to, but it’s basically mimicking the functionality of the feature (fiduciary duties) without actually implementing them. Maybe just really strong consumer protection regulations.
To be clear, market principles are ActivityPub here. If I’m imposing funny ideas about law, no offense, but we’re even. The takeaway is that decentralisation makes things a lot more nuanced than they ever are on a machine you fully control.
It’s entirely technically possible. Apps already use third party identity providers all the time, you just need federated apps to support OAuth both for signing in on the client and as a backend identity provider, and standardize how federated apps return user info that would be common to any federated app (usernames, saved / liked posts, subscribed feeds, stuff common to the ActivityPub spec).
You could use the same credentials to open a new account on another instance, sure, I guess. You still have to create another user on the new platform with their own ActivityPub inbox and so on.
I guess to a non-technical user that might seem like the same thing, but then again so would your home instance allowing you to view other platforms. The second one would be way cleaner and easier on instance maintainers.
federated linkedin would be baller and would take so much pain out of the job application process, and i never even thought of that before. yeah, of course its still ran by filthy capitalists, but it would save a ton of time for job applications
Boorus ought to be halfway there. They’re content-centric and high-bandwidth, they tend to have a theme, and they live or die by worthwhile tagging. But they’re not a feed, the way most federated platforms have been. They are not social media in any sense. They’re image hosts, minus any the incentive to create attention-sucking antipatterns.
Maybe with a more unified user experience - and ideally some P2P elements to make hosting cheaper and sturdier - we could fucking finally have a place that just hosts drawings. We’re a quarter of the way into the twenty-first century and it is absurd that every gallery site has some arbitrary limits on what content is too weird.
Tumblr used to be the exception, until Apple destroyed them. Bastards.
lemmy.ml
Oldest