evan

@[email protected]
19 Followers
0 Following
201 Posts

He/him. Board member at CoSocial.ca.

Research Director, Social Web Foundation.

Director of Open Technology at Open Earth Foundation (OEF).

Author of "ActivityPub: Programming for the Social Web" from O'Reilly Media.

Founder of Wikitravel, StatusNet, identi.ca, Fuzzy.ai.

Creator of pump.io. Co-creator of GNU social.

Co-chair of the Social Web Working Group at W3C. Co-author of ActivityStreams 2.0. Co-author of ActivityPub. Co-author of OStatus.

Grad student in CS at Georgia Tech.

In Montreal, from San Francisco. Greek, Arab, American, Canadian, cook, gardener, runner, dad, husband.

evanMar 13

Is it OK to discuss software that was developed with the assistance of AI/LLMs on ActivityPub.space? For example:

  • The developer used an LLM for research
  • LLM code scanning for bug fixes
  • LLM PR review
  • LLM code generation (CoPilot tab completion or other)
  • Coding agent wrote entire features or whole app
evanFeb 18

ActivityPub Social API Hackathon

It's well-known that we love the ActivityPub API at the Social Web Foundation.

I think it would be great for our community to have an ActivityPub API hackathon sometime this year -- hopefully this summer. Hackathons are a great way to engage a lot of developers really quickly. They also are a great way to test that an API has enough power to get people from zero to working app in a day or a weekend.

I see a few great times to do this:

https://activitypub.space/post/1220

Social Web Foundation is Betting Big on Client-to-Server API

Nonprofit organization Social Web Foundation is quietly focused on building tools, libraries, and prototypes to demonstrate what ActivityPub C2S could do.

We Distribute
Show threadevanJan 11

@[email protected]

I'd suggest that there are two parties that should get to decide what is a good or bad client:

  • The ActivityPub user who uses the client.
  • The administrator of the server that the ActivityPub user uses.

    • I think there's a third group, which is other admins, developers, and users, who share similar values with the user and the admin. They may have information to share with the user and/or admin.

    I don't think these values are universal, so I don't think we need a universal reputation. But I can give what I think are bad things for an API client to do.

    • Generating activities on behalf of the user that don't match the user's express or implied intentions. For example, if the user logs into a client app, and it posts a public message, "I think this client app is the best and everyone should try it!"
    • Extracting the user's data for reasons that the user wasn't informed of. For example, a client app that copies all your private messages to cloud backup controlled by the app developer.
    • Abusing public or private resources, even if the user intends to abuse. For example, a client app for spamming, or a client app for brigading.

    I think there are a few signals that could identify what I would call "bad" clients:

    • User complaints would be the biggest
    • Complaints from other users about the user's behaviour when using the app
    • Security researcher reports
    evanJan 10

    ActivityPub API Client Reputation

    For the ActivityPub API Task Force, I started an issue to discuss OAuth client reputation systems.

    A reputation system tracks which OAuth clients are known good, known bad, or unknown. Servers could use this information to limit what clients can do. For example, a server could prevent users from logging in with a known bad client.

    The reputation could be based on human curation and review, or on automated collection of evidence from historical behaviour of the client.

    https://activitypub.space/post/856

    GitHub - swicg/activitypub-api: ActivityPub API Task Force repository.

    ActivityPub API Task Force repository. Contribute to swicg/activitypub-api development by creating an account on GitHub.

    GitHub
    evanJan 10

    Using the ActivityPub API for cross-server interactions

    This topic came up yesterday during the SocialCG meeting. I think it's really interesting as a way to interact naturally with remote servers; see Cross-server Interactions in ActivityPub for a description of how it can work.

    There was some discussion during the call, so I started an issue in the ActivityPub API task force issue list: Using the ActivityPub API for cross-server interactions.

    https://activitypub.space/post/854

    Cross-server Interactions in ActivityPub

    So, Richard McManus asked me about how ActivityPub supports cross-server usage. As an example use case, let’s say a user with the account [email protected] wants to comment on a photo by di…

    Evan Prodromou's Blog
    evanNov 9

    OAuth 2.0 standards support in Mastodon

    So, as far as I can tell, Mastodon supports:

    It doesn't seem to support:

    It instead uses a proprietary endpoint.

    @thisismissem is that about right? Is there work underway to support CIMD (preferred) or dynamic registration (less good but a more established standard)?

    https://activitypub.space/post/564

    OAuth - Mastodon documentation

    An open standard for token-based authentication and authorization on the Internet

    evanOct 24

    What if we had a P4 for ActivityPub?

    P4 is a system-independent programming language for network devices like switches and routers. It lets developers define device behaviour like forwarding packets, quality of service, and traffic shaping. It's event-based; it defines what the device should do as it receives packets on a network interface.

    What if we had a similar language for ActivityPub servers? You could define rules for what to do when different Activity objects hit an inbox.

    https://activitypub.space/post/449

    P4 (programming language) - Wikipedia

    Show threadevanOct 22

    Dagnabbit. Here's a comment from 11 years ago on this topic!

    https://github.com/w3c/activitystreams/issues/20#issuecomment-58034202

    reverse link relations (inverse properties) · Issue #20 · w3c/activitystreams

    currently schema.org tries to address challenges related microdata not having proper support for inverse properties: https://www.w3.org/wiki/WebSchemas/InverseProperties JSON-LD and RDFa support it...

    GitHub
    evanOct 21
    ... I just have to say how much I am enjoying the NodeBB user interface. This is a really pleasant piece of software, and it seems to Just Work on the Fediverse.
    evanOct 20

    One of the user stories for the ActivityPub API task force is to enable real-time updates for clients.

    https://github.com/swicg/activitypub-api/issues/9

    To help with this, I added a draft specification for server-sent events:

    https://swicg.github.io/activitypub-api/sse

    If you're interested, please review and provide comments on the GitHub issue. I'd like to start a reference implementation soon.

    Push delivery · Issue #9 · swicg/activitypub-api

    "As an ActivityPub user, I want data pushed from the server to my client device, so I don't have to reload a collection just to see if there's anything new."

    GitHub