Indieweb vs. Fediverse

Indieweb

You get someone’s profile URL, example.com/bob. You put that URL into a browser, and it shows you a human-readable profile which also contains machine-parseable data. You add the URL to your feed reader, and it subscribes to their posts with full attribution. The content is presented in your feed reader in a freeform way which allows a high degree of expressiveness, and it’s easy to go to the original post in case there’s some missing nuance or visual context.

All subsequent interactions are either directly between you and the person in question, or are webmentions which only get seen by your direct subscribers if you put them in your public feed.

Fediverse

You get someone’s address, @bob@example.com. You put that into your web browser, and you get a warning that says, “You are about to log in to the site ‘example.com’ with the username ‘%40bob’, but the website does not require authentication. This may be an attempt to trick you. Is ‘example.com’ the site you want to visit?” You back out of the error message and try to manually reformat the address. example.com/bob? 404. Maybe it’s example.com/@bob? That doesn’t work either. You read a tutorial on Webfinger addresses and learn that you can load their “resource profile” by going to example.com/.well-known/webfinger?resource=acct:bob@example.com. So you put that into your web browser, which then downloads a blob of JSON text. Buried in it is the URL example.com/user/bob. Finally, progress.

Now to follow them. You try putting the user address into your feed reader. Error. You try putting the profile URL into your feed reader. Error. You see a “Follow bob” button. It brings up a “remote follow” page which requires you to put in your own Fediverse username. You think you have a Mastodon account, so you try putting that in. It starts to initiate a weird three-way handshake, but fails.

You go back to your Mastodon instance and try searching on @bob@example.com. Nothing comes up. You try to figure out why. No users from example.com appear. You search through both your instance’s and example.com’s blocklists, which are hidden deep in their respective “about this instance” pages. It turns out that five years ago one admin on one server said something mean to an admin on a completely different server and that led to a widespread level of discourse that resulted in a bunch of instances blocking each other, and others joining in solidarity.

Finally you dig up an Atom feed for the user via finding a HOWTO that someone wrote seven years ago. The feed shows no posts, because the instance admin decided to disable Atom because it allowed blocked people to still follow the person who blocked them and they don’t understand Internet privacy. But it turns out it wouldn’t have mattered because this particular instance is set up so that the only way that posts appear on other peoples' timelines is by push notification.

You give up and get an account on their instance so that you can participate in the conversation. Now you have another instance to check all the time. 90% of your notifications are random spambots following you. The other 10% are you either getting tagged into random conversations by mistake, or some random person on another instance replying to something you said totally out of context and attacking you for their interpretation of a thing that had nothing to do with anything you were talking about. They get downright abusive, so you report the user. It turns out that the abusive user is also one of the admins of that instance so the report just goes to them anyway. They start posting anime memes about you. Your blocklist grows exponentially.

Finally you find some thoughtful long-form content. All of the posts are displayed in the form of a block of unformatted text followed by up to four badly-cropped images; no images can be inline, and even basic text options like bold and italics are unavailable, and web links either only appear as bare URLs, or aren’t obviously links because your instance’s stylesheet removes all formatting from them. You try to see a post in its original context, and it takes you to your instance’s view of their profile, which looks the same. You finally figure out that you can click on the date and that shows you the post on their public timeline. It looks the same, except now there’s no widget to let you automatically unfurl every CWed post in the thread for some reason like there was on your instance’s local view. But the instance’s local view is missing the first half of the thread because it happened before you subscribed to them.

One month later your timeline gets flooded with random unordered posts from 3 years ago because some forgotten instance’s Sidekiq queue suddenly got unjammed.

Planet Planet

On IndieWeb chat, a question recently came up, namely the origin of the term “planet” when it comes to a news-aggregating site. I was a little sad to see that nobody else in the chat remembered!

Back in the day, there was a website, Planet Quake, which was a hand-curated collection of all the news about the game Quake. This led to a bunch of other gaming-related “planet” sites (such as Planet Dreamcast), and then the company behind it, CriticalMass Communications, eventually got into other areas of reporting. Eventually they sold to GameSpy, which in turn eventually got bought out by IGN1.

At some point, a couple of other sites emerged with the name “planet” as what I believe was a tongue-in-cheek reference to the “planet” gaming sites. Planet Debian is the first one I remember seeing but I have no idea if it was the first to exist. Many of these sites were built using auto-aggregation from the then-new RSS protocol. This joke ended up spreading pretty far and wide and at one point there was even a “planet planet” to keep track of all the planets2 (although it seems to have gone down sometime in 2017).

A fun side note, Something Awful was originally a spinoff of Planet Quake; at the time Lowtax claimed it was because of a “falling out” but that may have been an attempt at satire. In retrospect, he might have named it “Planet Awful!”

Private, friends-only, IndieWeb stuff

Yesterday I participated in the IndieWeb sensitive data pop-up, or at least the first half of it (I had to disappear for my refrigerator delivery). It was really great to have some further discussion about what people want out of this stuff and how we’re all going to agree to get it.

Authentication stuff

One of the biggest pain points that keeps on coming up is there being no support for people to be able to get private posts without having to log in or be notified about them in side channels. Lots of people are doing things like making pages with unguessable URLs and then doing side-channel notification, but that’s unwieldy; fewer folks are doing things with actual login mechanisms.

Read more…

webmention.js 0.4.0

I’ve just released v0.4.0 of webmention.js, which adds the ability to coalesce comment-type responses into the “reactions” section. I’d been considering it for a while but finally got the impetus to add it during today’s Respectful Responses IndieWeb session.

This change shouldn’t break current users of webmention.js, as it’s an opt-in configuration value.

As an aside, I really need to get around to making an actual site for PlaidWeb, so I have somewhere to put non-Publ discussion and release announcements.

Distributed toxicity and the IndieWeb

This tweet has been making the rounds in IndieWeb spaces, and reflects a thing I’ve been thinking about on and off lately for obvious reasons:

I’ve seen several other related sentiments lately; with a certain prominent politician being deplatformed from all of the mainstream social media platforms, and all of the platforms that accept him being in turn shut down or otherwise made ineffective, people have been (quite reasonably!) wondering what happens if he ends up starting up his own IndieWeb site, and causes a resurgence in self-hosted or otherwise privately-run, single-author blogs.

Read more…

Incremental progress

Lately I’ve been seeing a lot of criticism about the IndieWeb movement based on the notion that everything that comes out of it is biased towards people with technology privilege; that it’s all well and good for people who know how to run a website to build their own thing, but that the vast majority of the Internet is made up of people who’d have nowhere to begin. And that it follows that the IndieWeb movement is inherently flawed.

I agree with the issues of tech privilege and access, but I disagree with the conclusions.

Read more…

Two PSAs regarding IndieAuth

IndieAuth is starting to get some traction in the greater Internet space, which is really cool! I’m glad to see a protocol finally emerging around distributed/federated identity, managing to get some traction where OpenID more or less failed (despite a few hangers-on still supporting it).

There are two issues that implementers of IndieAuth clients (i.e. websites which use IndieAuth for authentication) and endpoints (i.e. the things which do the actual authentication) should be aware of.

Read more…

Stuff about webmention

Marty wrote a great, thoughtful essay about some of the problems with webmention right now, and I agree with it.

One of the many problems that’s emerging with webmention is it’s turned into a sort of Swiss army knife of notifications; the IndieWeb uses it not just to send responses to folks, but also for things like publishing to Bridgy Fed or syndicating content to content aggregators. It’s the basis of how notes work. It’s up to the recipient to try to disambiguate the meaning based on context and post-type discovery, and what things are can change over time, sometimes in unpredictable ways that fall apart.

Read more…

Access token grants for feed readers

This year IndieWeb Summit was canceled1, and some pretty good conversations took place. As usual my biggest interest was in doing authenticated, secure sharing of private posts, which has been a huge focus in how I’ve been building Publ.

I wasn’t really able to participate in any of the development stuff (as I’m still in quite a lot of pain due to whatever the hell is going on with my chronic pain stuff interacting with whatever the hell has been going on with my shoulder for the past month), but I did join in on the ending of a discussion/dev session about AutoAuth.

Read more…

IndieWebCamp 2020, now online

📅 RSVP: yes

I’m planning on attending IndieWebCamp West 2020, an online version of IndieWeb Summit that was originally going to be in Portland in just a few weeks. For anyone who’s interested in working towards an open, personal web, this is a pretty good place to do it.

An observation

I used to get a pretty steady stream of offers for “featured guest posts” on my website, but then that tapered off, and I figured it was just because those spammers found something better to do for their SEO. But that was also around when I stopped posting to my own site regularly and was mostly blogging on Tumblr or posting to Twitter.

But ever since I moved back to this site as my primary posting destination, the emails have started to come back, which makes me think they never really left – they just stopped asking me.

It’s weirdly validating, in a way.

I mean, I’m still not going to accept any of their offers (this is my site, not some random free-for-all, dangit!) but it’s nice to be wanted all the same.

(That said I do post guest art, so if you want to get something featured on this site, draw a picture of one of my characters. I’m pretty easy to please in that regard.)

wellp

That ended up not going very well.

It’s still a good to-do list of stuff I want to do, but making comics, working on AR stuff, and generally being in pain/depression while also figuring out my ADHD meds has taken a lot more out of me than I expected.

Really gotta stop being overly ambitious.

I’m warming up to ActivityPub

While Publ is still going to be an IndieWeb-first platform (simply because it’s so much easier to integrate – having modular Lego bricks and a pick-and-choose functionality set that is as simple as adding it to one’s HTML templates is a very compelling approach), I’ve had some good discussions regarding ActivityPub lately and it’s starting to seem a bit more possible to add that as an add-on for Publ.

Read more…

webmention.js updated

The fact that yesterday’s intent post ended up changing URLs (because I’d inadvertently titled it for 2020 instead of 2019) made it so that it made sense to finally add support for multiple incoming webmention target URLs. So I added this to webmention.js, and also to the sample beesbuzz.biz templates. So now I can slurp up arbitrarily many target URLs' mentions on any given page.

Incidentally, yesterday I ended up releasing a new version of Pushl which also has to do with URL updates. Gee, I wonder why these things both came up in such close proximity.

So anyway this is two IndieWeb-focused things in as many days and they aren’t even things I was intending to work on. But low-hanging fruit is just as tasty.

My IndieWeb Challenge 2019 aspirations

The IndieWeb community has an annual daily improvement challenge. Jacky posted his aspirations so I figured I’d post some of mine too.

I don’t plan on actually releasing everything every day (speaking of which I’m glad Novembeat 2019 is finally over with, holy heck!) but I definitely have things I want to get done this month.

Read more…

WebSub support update

Almost exactly one year ago, I wrote about the state of WebSub support in feed readers. I’ve noticed a few incoming mentions from folks citing it as definitive (when that was never my intention), and so I decided to check to see if things have changed. I’m happy to say that it has!

Read more…

Re: Why Publ won’t support magic auth links

In response to a Publ blog post, Kicks Condor writes:

One question, though—could the Atom feed list rel alternate versions of the feed? (That would have type application/atom+xml?) It also seems like rel self could have the non-authenticated version of the feed. It doesn’t make sense for credentials to be in that URL. These are possibly naive suggestions—apologies, if so. Again, fantastic write-up!

The problem is that it’s up to the sharing news reader to know which URL to use for the sharing, and there’s no way to control what URL the reader happens to use. I know that Feed On Feeds will use the URL for the actual subscription (since that’s the only source URL it tracks in the first place), and who knows what other readers with sharing features will do!

And changing the rel="self" URL has a different problem – some readers (again, such as Feed On Feeds) treat that as the canonical URL and will update their subscriptions to point to that URL instead, so setting rel="self" to the unauthenticated feed means most users will be unable to remain logged in.

Basically, it’s a tricky issue that has no right answer with the Atom spec as it currently exists. So if some other mechanism has to be designed, it might as well be done in a safe, unambiguous way from the beginning. If some other use case for magic auth links comes up I’ll reconsider implementing them, but at least for friends-only subscription access, the privacy risks are simply not worth it.

Some template changes

I’ve changed my site templates a bit more, to make CWs work a bit better. In particular, now entries which have a CW will also hide the text behind a <details> on the page (for example), and similarly I’ve hidden CWed images on individual comic pages (for example). Comic images will also (finally!) be blurred in the OpenGraph tags, as well, after one too many “oops"es when posting links to Slack demonstrating how my CWs work.

I’ve also improved compatibility with Bridgy Fed and with the way that webmention microformats are supposed to work in the first place, per a conversation in which I learned that I wasn’t actually using reply types correctly. (You may have noticed a bunch more micro-posts on the chatter section as a result of me fixing this as well. I also need to finally implement a thing so I can properly filter that stuff out of the little "latest posts” box on the main page!)

The sample templates repository has been updated, accordingly.

As always, thanks to the various IndieWeb folks, especially Ryan and Kevin for setting me straight on this issue.

Edit: It didn’t take me very long to implement the Publ feature change. I went ahead and cleaned up a bunch of query generator code while I was at it. Also I think I found a bug in PonyORM. Nope, I think I was just being hopelessly optimistic about a thing.

You can now use IndieAuth to login to this site

I’ve released a new version of Authl that has direct login support for IndieAuth. Also as of v0.1.6 it supports discovery via WebFinger, which should at least have Ryan a lot happier.

If you don’t know what any of the above means, this update probably doesn’t matter to you. 🙃