robryk @robryk@qoto.org

Does #Mastodon implement #ActivityPub client-server API?

I do what https://www.w3.org/TR/activitypub/#client-to-server-interactions tells me to:
- I look up my own Actor object and look up its outbox (qoto.org/users/robryk/outbox in my case),
- I send a POST with appropriate 'Authorization: Bearer ...' header,

and then I get 404 (GETs on that URL do succeed and show a collection).

Is client-server activitypub something that is ~ever implemented?

@zabet @arcatech

> Why did it say meta racism instead of letting me see your post at first?

https://docs.joinmastodon.org/user/posting/#cw describes this feature

@brandur

> They cannot be (...) sterilized (...).

Do you know why? I'd naively expect that exposing them to a few tens of Gy of gamma radiation would sterilise them and won't change anything noticeable.

@niconiconi What is this a screencap of?

@lrhodes That suggests that blocking messages from all new accounts on a large server (new == previously unseen) instead of blocking all messages from the instance might help.

@luckytran What is 'transmission level' in this context? The linked paper just talks about it as if it was obvious what it meant. (I don't know if it's local per-capita rate of new cases, or local log-growth of the rate of new cases, or something else.)

Also, the UI gets screwy (see video).

#floatingpoint issues

Heh, if you fly away far enough, the sun goes supernova significantly later (at least a minute after it eats the Interloper). I guess (based on the map being screwy: e.g. Interloper appears well off its indicated orbit) that there's a floating point accuracy problem there.

@Foone RAM?

@js@mstdn.io @delroth

D'oh. Forgot that autovacuum exists (there used to be something that made manual non-FULL vacuums sensible, but that might have been in some very specific situation~).

> When I did the VACUUM FULL though, that shrank it by more than half.

Oh, that makes me somewhat surprised.

I wonder whether pgsql plans to ever have vacuum full be non-locking (which should be doable if tombstones are a thing).

@js@mstdn.io @delroth In case you're not aware: non-FULL VACUUM makes some unused space available for usage
_by pgsql_. So, running that will not decrease file sizes and whatnot, but will decrease future growth.

I don't know how much space is not freeable in that way by non-FULL VACUUM though.

@js@mstdn.io Do you mean only the backing sql database, or all storage altogether (incl. media and possibly some other sundry things)? Everything-but-database takes ~15GB for @delroth's single-user instance.

(Note that you can not cache any remote media at all; it will at most incur a delay when viewing that media.)

@whvholst @jrm4

> cryptography is never perfect or eternal, so the data is being processed in X.

Does this mean that my ISP processes all the data I exchange with any website?

> Whoever holds the key can presumably decrypt it

Whoever has the key *and the data*. Compare the case of "X stores data in plaintext" vs "X encrypts with a key that everyone knows and stores the ciphertext". Doing the latter instead of the former doesn't change who can access the data in any way.

I think they get weird even without personal data that's public.

@whvholst @jrm4

Thanks.

I'm curious if you think that the software update scenario is similar to 1 or not.

I find your interpretation of scenario 2 weird and I can't really build a model that produces it. Let's imagine that I store some data in location X, but additionally encrypt it before storing with a key that's totally public. ISTM that this interpretation of scenario 2 forces us to claim that the data resides then everywhere. Am I missing something?

@whvholst @jrm4

One more example:
- data is on a machine in Ireland, which receives automated software updates from a machine in US.

@whvholst @jrm4

What does "held in" mean?

Motivating examples:
- there's a machine in Ireland that contains the data and happily provides it on request to a machine in US,
- data in encrypted form is in X, and the key is in Y,
- we've split the data into two so that XOR of the two pieces yields the original data, and each of the pieces alone is random.

@whvholst @jrm4

Where did I see you say it's not the yardstick:
> Ordinary course of business is not a relevant criterium here.

Where did I think you described it as the yardstick: you talk about purposes of data usage and ways existing data is used. Well, if data is accessible from someplace, it _can_ be used for any purpose. We're relying on the company doing its business in the way it claims to/intends to to ensure that it's used only for some purposes and made accessible only from some additional places. IOW, technical controls do not understand "purpose" so can't filter on that, even in principle.

@grrrr_shark A similar situation that this reminded me of: A (kind and most certainly not entitled) coworker has told me recently that they find ticket inspectors on public transit _and_ policy to be unreasonable sticklers to the rule (in case of police: even at the expense of the thing that the rule is expected to protect). His examples gave me the same impression.

The thing is that his experience was wildly different from mine (at least as far as tickets go; I had ~no interaction with police): I did manage to mess up tickets in public transit ~4 times over the ~8 years I am here, including once simply losing the ticket. I expected to be fined at least in half the cases, but was never fined (either got the way I messed explained, or got asked to buy another ticket when I simply lost it).

We tried to figure out what could have caused the difference, and came up empty. We're both men (he's significantly older than me). We both speak German as a third language (and mine's poorer than his). I would consider his baseline kindness and respect for random fellow humans to be slightly higher than mine. Neither of us expected any of these differences to cause people to treat me better, so this was either just luck, or something that neither of us could notice.

@whvholst @jrm4

I'm confused. You described why ordinary course of business if the yardstick you want to measure it by, and then said it's not.

By ordinary course of business I meant making e.g. assumptions that no (or insufficiently many) malicious insiders exist. Did you understand it in some other way?

@jrm4 @whvholst

I thought the original reason for this decision was some sort of "can our data be accessed from out-of-EU" sort of thing. If so, I'd wager that whatever agreement there doesn't specify that with enough precision to actually have that effect. (OTOH I do believe that the agreement is probably good enough to ensure that _in the ordinary course of business_ that data will not be accessed from out-of-EU-or-some-similar-notion).