Conversation
Notices
-
This is how !gs !gnusocial now works
An #OStatus server produces an #Atom feed of status-update messages, which are pushed to subscribers using #PubSubHubbub. Replies to status updates are sent using the #Salmon protocol, while the other features of microblogging, such as follower/following relationships are implemented as #ActivityStreams
Is this the future?
An #OStatus server produces an #Atom feed of X, which are pushed to subscribers using #PubSubHubbub. Replies/Comments/X to X are sent using the #Salmon protocol, while the other features such as follower/following/buying/staying relationships are implemented as #ActivityStreams
Change X for any thing you or your group of friends would like to share with others. This will let us go from a status-centered sharing system to a general-purpose one.
We love this idea and sincerely believe that the feature is in this way :-D
cc @mattl @mmn @knuthollund @aroque @lnxw48
!gscamp !fediverse
- MMN-o ✅⃠ repeated this.
-
I don't think one should be very prophetic about which specific standards and formats are used, but yes - federation and distribution is the future. If !ostatus lives on or if something else swoops in and takes over is for the future to tell :)
-
@andresinmp Direct Messages currently don't federate in !GNUsocial. If we're going to adapt to #Diaspora's flavour of !ostatus we will get encrypted transfer of private messages between nodes. That does not necessarily mean they are protected though - only trust that if you trust the admins on both nodes. .)
-
Has #zot been peer reviewed by experienced cryptographers and security specialists yet? I had some glances on the protocol spec but didn't feel very comfortable. But I'm not a security or cryptography specialist either, just a paranoid conservatist.
-
@mmn i don't know, but i've asked the question: https://indy.im/url/5765266
-
@diegogz Do what with LibreJS code? I think javascript is a horrible language and even worse when used in web browsers.
-
@sergiodj Gnome Shell etc. uses javascript, afaik without random remote connection capabilities and untrusted eval() executions. That is more ok than sneaky stalking, remote resource fetching and behavioral analysis with unverified code transferred over http which is highly susceptible to MITM attacks ;)
-
@diegogz Never trust javascript todo crypto. How about actual applications? You know, underneith your browser you've got a _real_ operating system...
-
@r7 I am looking in dismay at the thread you started over there on !redmatrix. I am probably unaware of …
-
@aroque Yeah, Mike can get pretty protective about his babies and seems to have a short way to rant mode. You should have seen his GPL rant.
-
@aroque I think @mike holds a grudge to previous #StatusNet dev team. Apparently they had strifes. I think they're doing good work with #RedMatrix for a different use-case than for !gnusocial. There are different kinds of secure, private etc. and there is some overlap but our implementations are not necessarily trying to solve the same problem.
I have several times commented on the non-privateness of !GNUsocial and that to protect one's identity - other measures must be used (pseudonym profile, onion routing etc.). #RedMatrix is very pronounced on how it's protecting all of these things and I'm just not sure how well-grounded those statements are.
As I said, I'm not saying anything about @mike's et. al implementation. I am just a paranoid conservatist.
-
@r7 I'm not sure what you mean would be a showstopper. I was just pointing out that crypto in the web browser cannot be trusted because you cannot trust the messenger (I have no reason to believe that the server sends me a valid implementation).
-
The "grudge" comment was based on @mike's comment in the question thread, https://social.umeahackerspace.se/url/29117
"I just find it hilarious that we get so much critique from statusnet/gnusocial". I've got essentially nothing to do with the previous developers ;)
My uncertainty stems from the fact that there's - afaik - no client side encryption (and if there was, it'd have to be in untrustworthy Javascript). If I log in to "any server in the matrix" and thus get a message delivered from my "home hub" via a distributed storage model, the server I log in to will also take part of the message etc.
It is not safe, without rigorous client security, to log in on random servers regardless of the transport security. But I haven't a clue whether this is considered fixed or not in #RedMatrix, so I can't say anything about it. Which is also why I think it'd be nice with a third party security review.
-
@manuel@lamatriz.org Thank you for a very interesting view on GNU Social federation and its usage. The article reminded me "Security through obscurity" approach :-) but anyway I could look at GNU Social limitations at another angle...
http://english.lasindias.com/gnu-social-federation-against-the-social-model-twitter
@andresinmp@loadaverage.org