Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Notices by Mike Macgirvin (mike@macgirvin.com), page 8

  1. Mike Macgirvin (mike@macgirvin.com)'s status on Tuesday, 05-Sep-2017 22:30:59 EDT Mike Macgirvin Mike Macgirvin
    Mike Macgirvin wrote the following card Tue, 05 Sep 2017 11:55:25 +1000
    Zot VI
    Zot has been in use continually for over five years, with only a handful of minor upgrades. Most of these involved extending the cryptography mechanisms to allow negotiation and deprecate older/insecure algorithms.

    During this time. there have been a many changes in the external landscape and there are now some better ways of doing things which didn't exist in a stable form when zot was created. The goal of Zot VI is to bring the protocol in line with some of these changes. As an example we can now provide server-to-server authentication by making use of HTTP Signatures. There are a couple of other places in the protocol where we can reduce the complexity of interactions by using the same technology (increasing efficiency). As a side effect the entire protocol and message flow will be simplified and easier to integrate with external services.

    The proposed delivery method for this work is to expose it through a protocol plugin, (just like the other protocol plugins) and ultimately remove communication protocol implementations from core code. As Zot VI will not be directly compatible with zot, this allows a migration path; and servers will be able to support both.


    • Refactor zot-finger
    • Refactor Delivery
    • Refactor magic-auth
    • Refactor Directory Services
    • move to plugin
    • Release timeline
    In conversation Tuesday, 05-Sep-2017 22:30:59 EDT from macgirvin.com permalink
  2. Mike Macgirvin (mike@macgirvin.com)'s status on Tuesday, 05-Sep-2017 07:32:34 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    Sigh...
    In conversation Tuesday, 05-Sep-2017 07:32:34 EDT from hub.somaton.com permalink
  3. Mike Macgirvin (mike@macgirvin.com)'s status on Tuesday, 05-Sep-2017 06:54:41 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    Now it seems to have spilled over into sector 6.
    In conversation Tuesday, 05-Sep-2017 06:54:41 EDT from macgirvin.com permalink
  4. Mike Macgirvin (mike@macgirvin.com)'s status on Monday, 04-Sep-2017 23:59:33 EDT Mike Macgirvin Mike Macgirvin


    David Hasselhoff - Hooked on a Feeling
    by Haraldur Óskarsson on YouTube
    In conversation Monday, 04-Sep-2017 23:59:33 EDT from macgirvin.com permalink
  5. Mike Macgirvin (mike@macgirvin.com)'s status on Monday, 04-Sep-2017 22:32:54 EDT Mike Macgirvin Mike Macgirvin
    Hooboy, what a shitfight over in sectors 3 and 7.  

    In conversation Monday, 04-Sep-2017 22:32:54 EDT from macgirvin.com permalink
  6. Mike Macgirvin (mike@macgirvin.com)'s status on Sunday, 03-Sep-2017 16:28:08 EDT Mike Macgirvin Mike Macgirvin
    • Eugen
    @Gargron @cwebber - the only thing with an actual RFC behind it when OStatus was born was atom. Salmon, webfinger, pubsubhubbub and activitystreams were all "proposals" of some type; and those that have since been standardised have done so in a radically different form (ActivityStreams and Webfinger were both standardised as json and only vaguely resemble the old XML specs). What made these things "standard" for OStatus was apparently the fact that they were proposed at one time for the OpenSocial initiative and many were in use at Google (which dropped all of them when G+ was born).
    In conversation Sunday, 03-Sep-2017 16:28:08 EDT from macgirvin.com permalink
  7. Mike Macgirvin (mike@macgirvin.com)'s status on Sunday, 03-Sep-2017 04:26:59 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    At least you understand the implications of what we're doing. I think it's lost on a lot of people.

    Ironically hubzilla integrates fairly well with KDE since the K web browsers and DAV services share a cookie file. So magic auth works with DAV. Gnome does things a bit differently and it isn't as seamless.

    This new capability makes integration with these kinds of services a *lot* easier. You no longer require a zot infrastructure to access private web objects. All you need is your private key.

    I wasn't even looking at integration at these layers, but at a much lower level - by tying it to the OS through PAM. But perhaps that's the direction we should be moving - upwards to the application layer.
    In conversation Sunday, 03-Sep-2017 04:26:59 EDT from macgirvin.com permalink
  8. Mike Macgirvin (mike@macgirvin.com)'s status on Sunday, 03-Sep-2017 03:42:11 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    That sounds super interesting, Mike.

    One of the first things that comes to mind is standalone or mobile apps which access some facet of Hubzilla, like photos or file browsing.


    I have been idly wondering about integrations recently, and have been extremely interested in what level of OS integration could be provided. In theory, Hubzilla could be set up as a Gnome Online Accounts (GOA) provider. GOA is kind of reminiscent of how Apple does integrations for social networks, storage platforms, instant messaging, etc, except of course it's free software.

    What would be particularly interesting, from my point of view, would be to integrate Hubzilla tightly with a desktop Linux environment. This could include:

    • Cloud Storage (like DropBox or Google Drive)
    • Stream (Corebird-like status app.)
    • Contact Sync
    • Notifications
    • Calendar Sync
    • Notes
    • Photos
    • Events
    • Messages


    Some of these things already work, since Hubzilla uses DAV. Effectively, you could have a drop-in replacement for iCloud, allowing Hubzilla to act as their main data provider for devices and individual applications.
    In conversation Sunday, 03-Sep-2017 03:42:11 EDT from deadsuperhero.com permalink
  9. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 19:06:31 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    I could use some sketching and Alice, Bob and Charly to fully understand the implications but I grasp it more now, thanks!
    In conversation Friday, 01-Sep-2017 19:06:31 EDT from hub100.retmesagxo.net permalink
  10. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 16:49:28 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    Andrew has it. The 'server-to-server' is basically to distinguish it from zot magic-auth which requires a browser (a client) and uses cookies and server-to-server communication to link those cookies across domains. Signature auth cannot (yet) be done in the browser so you need to use an app that can do the backend auth (server to server) on your behalf.  This app has a copy of your private key. So it can authenticate and/or authorize you anywhere in the network. But the 'server' in this case could be your pocket phone or desktop.

    Immediately, we are using a not very elegant means of syncing files across clones. It's secure enough for the job, but this new mechanism makes it easy peasy. The other immediate application is to provide caldav services to your hubzilla calendar, without requiring you to store the password to your current server on your current server in a way that's reversible. I tried several ways of solving this problem, but they all had issues. This one works. I'll be moving forward with both of these in the near future.

    I'm hoping that others will start getting excited about the possibilities this opens and start taking it in new directions because it really is a game changer. We have an infrastructure that can make use of it today so the hard work is done, but a few little extras could blow this wide open and provide private decentralised services that nobody has even thought about yet because nobody has ever had this capability before.
    In conversation Friday, 01-Sep-2017 16:49:28 EDT from macgirvin.com permalink
  11. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 13:52:07 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    So it isn't clear to me why it is called "server-to-server" if there is now one server involved instead of two previously?
    In conversation Friday, 01-Sep-2017 13:52:07 EDT from hub100.retmesagxo.net permalink
  12. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 10:16:07 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    I semi-understand things virtual, but this sounds exciting.
    In conversation Friday, 01-Sep-2017 10:16:07 EDT from cats.pm permalink
  13. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 10:00:02 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    Without having access to the code right now, I'm guessing that you are downloading your private key to the client app, which then sends a signature using this key when requesting data from remote hubs. This signature is sufficient to verify your identity and thus determine what data you have permission to access. Is that close?
    In conversation Friday, 01-Sep-2017 10:00:02 EDT from grid.reticu.li permalink
  14. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 08:38:29 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    We currently use a login session somewhere in the hubzilla network to verify your identity. If you visit a new site they need to refer back to your login site to verify your identity and transfer your browser session.

    With the server-to-server or API authentication method, you eliminate the need for a login server. You can authenticate directly from an application to any node in the network without a password.
    In conversation Friday, 01-Sep-2017 08:38:29 EDT from macgirvin.com permalink
  15. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 08:23:59 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    How is server-to-server magic auth different from current remote login ?
    In conversation Friday, 01-Sep-2017 08:23:59 EDT from hub100.retmesagxo.net permalink
  16. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 08:10:09 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    And writing such an app could theoretically take an hour or two. You're just making JSON requests and displaying the results. That's it. You could spend a week on the UI and still shock and awe people with your programming skills.
    In conversation Friday, 01-Sep-2017 08:10:09 EDT from macgirvin.com permalink
  17. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 07:55:37 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    One of the first things that comes to mind is standalone or mobile apps which access some facet of Hubzilla, like photos or file browsing. So you could create a media browser for the entire network that lets you see any photos or videos you are allowed to see. This isn't restricted to Hubzilla members. You could give the same app to a Diaspora or GNU-Social member and it would work the same - they could see a different set of files depending on who they are connected with and what they are allowed to see. A hubzilla member is only involved in creating the permissions. Anybody in the universe can then be in the access list. The only requirement is that they have a private key to sign the requests and this could be provided by their own social networking software or created automatically and downloaded to the app. Or they can generate their own key and use that. It's magic-auth on steroids.
    In conversation Friday, 01-Sep-2017 07:55:37 EDT from macgirvin.com permalink
  18. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 06:57:54 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    Sounds exciting! What's one of your ideas for apps/integration?
    In conversation Friday, 01-Sep-2017 06:57:54 EDT from grid.reticu.li permalink
  19. Mike Macgirvin (mike@macgirvin.com)'s status on Friday, 01-Sep-2017 01:17:43 EDT Mike Macgirvin Mike Macgirvin
    I've got server-to-server magic-auth and API magic-auth working. You probably won't be able to appreciate what this means until you start seeing magic zot apps and integrations that you never thought possible. I've got a few of these in mind already. It sort of means you can access anything that's visible to you anywhere in zotland from any device anywhere. And not just you. Any of your friends from any other network can access anything that's visible to them in all of zotland from any device anywhere.
    In conversation Friday, 01-Sep-2017 01:17:43 EDT from macgirvin.com permalink
  20. Mike Macgirvin (mike@macgirvin.com)'s status on Thursday, 31-Aug-2017 20:48:02 EDT Mike Macgirvin Mike Macgirvin
    in reply to
    All that stuff about BlaBlaNet and now it's totally offline as far as I can tell.
    In conversation Thursday, 31-Aug-2017 20:48:02 EDT from grid.reticu.li permalink
  • After
  • Before
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.