Leveraging JSON-LD compound typing for behavioural hinting in ActivityPub

Oct 2, 2019
ActivityStreams provides for a multitude of different actor and object types, which ActivityPub capitalizes on effectively. However, neither ActivityPub nor ActivityStreams provide a method for hinting how a given actor or object should be interpreted in the vocabulary. The purpose of this blog post is to document how the litepub community intends to provide behavioural hinting in ActivityPub, as well as demonstrate an edge case where behavioural hinting is useful.

Introducing LVis: a programmable audio visualizer

Sep 19, 2019
One of my areas of interest in multimedia coding has always been writing audio visualizers. Audio visualizers are software which take audio data as input, run various equations on it and use the results of those equations to render visuals. You may remember from your childhood using WinAmp to listen to music.

libreplayer: toward a generic interface for replayer cores and music players

Sep 8, 2019
I’ve been taking a break from focusing on fediverse development for the past couple of weeks — I’ve done some things, but it’s not my focus right now because I’m waiting for Pleroma’s develop tree to stabilize enough to branch it for the 1.1 stable releases. So, I’ve been doing some multimedia coding instead.

Federation – what flows where, and why?

Jul 13, 2019
With all of the recent hullabaloo with Gab, and then, today Kiwi Farms joining the fediverse, there has been a lot of people asking questions about how data flows in the fediverse and what exposure they actually have. I’m not really particularly a fan of either of those websites, but that’s beside the point.

What is OCAP and why should I care?

Jun 28, 2019
OCAP refers to Object CAPabilities. Object Capabilities are one of many possible ways to achieve capability-based security. OAuth Bearer Tokens, for example, are an example of an OCAP-style implementation. In this context, OCAP refers to an adaptation of ActivityPub which utilizes capability tokens. But why should we care about OCAP? OCAP is a more flexible approach that allows for more efficient federation (considerably reduced cryptography overhead!

Software Does Not Make A Product

Apr 28, 2019
Some fediverse developers approach project management from the philosophy that they are building a product in it’s own right instead of a tool. But does that approach really make sense for the fediverse? It’s that time again, patches have been presented which improve Mastodon’s compatibility with the rest of the fediverse.

What would ActivityPub look like with capability-based security, anyway?

Jan 18, 2019
This is the third article in a series of articles about ActivityPub detailing the challenges of building a trustworthy, secure implementation of the protocol stack. In this case, it also does a significant technical deep dive into informally specifying a set of protocol extensions to ActivityPub. Formal specification of these extensions will be done in the Litepub working group, and will likely see some amount of change, so this blog entry should be considered non-normative in it’s entirety.

ActivityPub: the present state, or why saving the 'worse is better' virus is both possible and important

Jan 10, 2019
This is the second article in a series that will be a fairly critical review of ActivityPub from a trust & safety perspective. Stay tuned for more. In our previous episode, I laid out some personal observations about implementing an AP stack from scratch over the past year. When we started this arduous task, there were only three other AP implementations in progress: Mastodon, Kroeg and PubCrawl (the AP transport for Hubzilla), so it has been a pretty significant journey.

ActivityPub: The “Worse Is Better” Approach to Federated Social Networking

Jan 7, 2019
This is the first article in a series that will be a fairly critical review of ActivityPub from a trust & safety perspective. Stay tuned for more. In the modern day, myself and many other developers working on libre software have been exposed to a protocol design philosophy that emphasizes safety and correctness.

The Case For Blind Key Rotation

Dec 30, 2018
ActivityPub uses cryptographic signatures, mainly for the purpose of authenticating messages. This is largely for the purpose of spoofing prevention, but as any observant person would understand, digital signatures carry strong forensic value. Unfortunately, while ActivityPub uses cryptographic signatures, the types of cryptographic signatures to use have been left unspecified. This has lead to various implementations having to choose on their own which signature types to use.