Crisis averted, #GitLab reopened the epic on #ActivityPub / #ForgeFed implementation. :)

They made it clear, though, that they're not going to do it themselves in any foreseeable future, their "current focus isn't in this area", so it's up to the community to implement it. As I mentioned in the issue, I won't be able to come back to it until I'm done bootstraping the business I'm working on, so anyone who wants to see it done faster should feel free to jump in.

https://gitlab.com/groups/gitlab-org/-/epics/11247#note_2603598572

I now have more visibility on my job situation and how it will affect my work on ActivityPub and GitLab.

I've joined this week Upstream Tech (thanks @mrshll !), where I'm going to be working on dataviz for an environmental product, how cool is that? Especially given how art has became a hobby for me those last few years (through drawing, painting and sculpting), I finally get an opportunity to use those new skills in my dev work, that's awesome.

The good news for those following my AP work: for arcane administrative reasons linked to my business structure, this is a half time job. I'm going to work full time on a mission, then take the same time off, so lot of time for AP! I'm looking for ways to work full time, but at least my AP work won't be slowed down as much as I feared, for now.

On that front, I'm waiting for the code review of the very last MR implementing our first AP actor! Next step : HTTP signature, for compatibility with Mastodon. That one is going to be challenging!

Wow, a #RFC just popped up to standardize hiding IP address to #HTTP servers, named Oblivious HTTP : https://www.rfc-editor.org/rfc/rfc9458.html

It uses a relay (so similar to VPNs or Tor), and asymmetrical cryptography to encrypt the final request to the server (so no man in the middle, even when no HTTPS).

It has some limitations though, mainly that, if I understand correctly, the HTTP server needs to be aware of the protocol and implement it, and also, it's saying it can't relay cookies? (that would be a severe limitation, meaning no using it for a website where you're logged in). I'm unsure if they say cookies can't be used, or using cookies negates the benefits (one of their goal being to make subsequent requests not identifiable). Tor still seems like the best choice for #privacy , but it's nice to see the matter being worked on by the #IETF

Also worth noting that the authors are from Mozilla and Cloudflare.

EDIT: thanks everyone, I'm not looking anymore. :)

Hi everyone 👋 I'm available for hire for a full remote position!

I'm a webdeveloper with 15 years of experience (Ruby on Rails, Go, client side Javascript, Linux), I'm used to build features from brainstorming to release - back, front and infra. You can see my LinkedIn profile in my bio for details on my career.

I'm open to various kind of work:

- As an employee for a position in France.

- As a freelancer for anywhere in the world. I bill 300€ per full day, but it needs to be at most a 6 months mission (or half time all year round) : my business structure limits me to 36k€ revenue per year by law.

- As a founding engineer. Want to start a business but don't have the kind of money needed to hire a CTO/funding engineer? Let's talk. I helped bootstraping 2 successful business already (Le Collectionist and Ici Présent!), the next one could be yours! I don't work only for shares, though, there needs to be some sort of monthly income.

So, how is #ActivityPub implementation in #GitLab going? Steadily, if a bit slowly!

In the last four months, we've been working on implementing the first ActivityPub actor, the one allowing to subscribe to projects releases. The ActivityPub part is already written, but there will still be a couple month before it's fully merged. Turns out that the most time consuming part is code review : there is no dedicated team to this (but there is a dedicated developer assisting me, thanks Patrick!), so people reviewing code discover ActivityPub at the time they have to review it (and, by the way, it's incredible how they get out of their way to help a contributor on such a complex subject, they rock). For that reason, we have to make smaller than usual merge requests, splitting the feature as much as possible, and then some again, to make it as easy to understand as possible. And even then it usually takes about a month to get one chunk merged. (more in thread)