FBXL Social

I am reading the architecture outline. First impression is that it seems quite complicated. The topology looks a lot like the fediverse but everything is a Merkle tree and identity is tied to something that looks a lot like a blockchain.

@Gargron I wonder why there's no federated "microblogging" protocol where users simply subscribe to a public key, and see new messages (+user info) in their feed for any new post which arrives to their server which is signed with the corresponding private key...

I am no expert, but why does decentralized messaging have to be any more complicated? It don't understand the purpose of those added complexities in ADX, etc.

@gargron The fact that it's MIT not (A)GPL, forge on Microsoft-owned GitHub, and not ActivityPub-compatible tells me all I need to know that user freedoms weren't the goal.

@toastal @Gargron I've used GitHub for years before Microshit bought it, and because I want my work to be seen, I'm keeping it up there. I started trying to use GitLab primarily because it had free private repositories (which tbh I don't need) but it seems somewhat underfunded.
I do have a Codeberg now which if I do anything fedi-related in the future it'll be done there.
Not posting them because my irl name is attached to them 🙃

@fleshroots @toastal @Gargron

is the right place to be, being a forge, and with a number of different projects collaborating to federate and democratize Code Forges, like @forgefriends, and the @gitea project itself.

If interested, there's a shared matrix room at: https://matrix.to/#/#general-forgefed:matrix.batsense.net

@Gargron Pardon my non-know-how, but what's a Merkle tree?

@trishalynn @gargron Essentially a tree where each node includes a hash of its children. Useful if you want to look up a small piece of a big structure while verifying its integrity.

@jay @trishalynn Yep! We use a Merkle tree implementation for Certificate Transparency. It's clever and a great match for certain specific problems. But there are tradeoffs: complexity, and a painful amount of computation once you're at large scale.

@jrenken @jay @trishalynn

Likely shows the influence of Paul Frazee who joined Bluesky as protocol engineer, formerly of Beaker Browser and DAT project, which is now Hypercore protocol.


My perspective is that of an implementer, not a protocol designer. It does seem overcomplicated for benefits that I would consider neglible. I disagree the most with depending on a "DID Consortium" to be able to participate in the network...

@humanetech @fleshroots Federated Git has me quite intrigued, I won't lie

@toastal @fleshroots

Well, federated code forges to be more precise. So all the add-on stuff that , with help of countless vendors having native GH support, tries to lock us into on their own platform.

@toastal @fleshroots

So by extension many other different but related devtools might be federated as well :D

@toastal @fleshroots

Example: You use Github Projects. Another person wants to use Trello.

That means you either choose one or the other, or have an ongoing copy/paste operation going on.

Enter federation.. no longer. Everyone just uses their tool of choice.

@humanetech @toastal @fleshroots I get a real kick out of seeing "Sorry for the downtime guys!" posts federated over to my websites. It's like... "Don't worry about it, I was fine!" haha

@Gargron Touche. The role of the consortium needs to be explained in a lot more detail. Who is part of it? Can they delete users?

@Gargron I'm baffled that they (and you, come to that) still use webfinger instead of profile URLs

@Gargron any time I see an overly complicated architecture I once again wish there was more emphasis on energy footprint and in general.

@fleshroots @toastal @humanetech interesting, KanBan style board software is one of the possible applications I’ve been thinking would be great to see implemented with ActivityPub, to move beyond the blogging type applications we have so far

@Gargron Can't we all just use the appropriate data structure?

(blockchain bros to my block list)

@fleshroots Yeah, the Codeberg / Gitea situations are really coming around! I've been on another alternative, Sourcehut, the last year and there's features I want on both platforms that it's hard to pick one and be completely satisfied.

While the email-based structure is good, it seems a bridge too far for many committers which hurts Sourcehut, but Sourcehut has CI and an IRC bouncer. I really wish they supported AsciiDoc like Codeberg as well since Markdown is too limiting for 'good enough' documentation.

@toastal @fleshroots TIL Codeberg (gitea?) supports asciidoc. That's cool.

@toastal @Gargron AGPL would prevent commercial companies from hosting post indexes / aggregators.

ActivityPub can certainly be made to pull data from ADX, but seems incompatible with some of their goals

@xutz @Gargron @toastal AGPL would prevent hosting proprietary post indexes / aggregators that derived from the AGPL code, is the accurate statement.

That's a far narrower statement than yours.

@Gargron the Ad in Adx stands for... Ad

I might be wrong but I thought that was how Hubzilla's nomadic identity worked.

@Gargron At least they can delete content by rewriting the Merkle tree. So it is not fully immutable crypto-bro stuff.

It is a per user Merkle tree, so it feels more like git than a unified blockchain.

But the difference between git (that I like) and blockchain (that I dislike) is quite fuzzy.

@clay Instead of DNS it's tied to an append-only log controlled by some "consortium", details for that are not written out yet but I generally do not like the idea of needing anyone's permission or approval to self-host.

Understandable that the CAR file is useful for portability, but it seems like an awful way to store and work with data. If I want to see my notifications tab, what is the software supposed to do, read through the entire merkle tree of every known user?

@clay That brings me to another issue. ADX only ever talks about users writing to their own repositories. Understandable when you are making a standalone post. But if you are sending something *to* someone... No inbox mechanic is mentioned. I've looked through the sample code: To follow someone, they create a follow activity in their own repository. Not clear how the other user is supposed to even see this, and this implies that there is no way to approve/reject followers.

@clay In general, it seems like it's intended as a public-only protocol, as I see no mechanism for any access control like "send this only to my followers and not the whole world" and everything is in the merkle tree that anyone can traverse. Even if data itself was outside the tree (which is not what is currently described), it means you can't have plausible deniability about whether you have posted something.

@clay Equally, if we bring up Cancel Culture, my impression is that once you've posted something, people can prove that you posted it even after you delete it, since it's self-authenticating data.

@Hyolobrika i dont get the comment aboit pleromae?

@clay The difference is that a fediverse indexing service refusing to 'forget' something would be holding on to a piece of JSON that contains references to a resource hosted somewhere else, and if that place refuses to serve the same JSON, there is little to prove that it wasn't fabricated in the first place. That is plausible deniability. Though the fediverse has self-authenticating data too (Linked Data Signatures) they are optional and we use them for public posts only.

@clay Signature verification uses public keys (otherwise it wouldn't work). Private key can sign, public key can be used to verify.

@clay I quite seriously doubt the performance of IPFS libraries reading/writing to a merkle tree compared to any relational database. I imagine in practice, relational databases would still need to be used for most everything, with the merkle tree format as an outside compatibility layer. But what does it offer that a paginable ActivityPub outbox collection doesn't? Not a lot, as far as I can tell.