> the average ear won't care. (...) will be available for a fraction of the cost without the licensing fees. (...) be ready to see it popping up everywhere
And you wonder why people are cynical? Do you really think that the best answer to solve IP law and the blandness of pop-music is by making it so cheap that we make it available to everyone?
> But, there are massive use cases where that type emotional connection is not necessary (...) game & movie soundtracks, in waiting areas, tv shows
What will be the point of watching a movie or TV show, then? What will be the point of making one?
> And you wonder why people are cynical? Do you really think that the best answer to solve IP law and the blandness of pop-music is by making it so cheap that we make it available to everyone?
Did I say I'm advocating for this future? I'm simply stating an observation, and a likely outcome based on plenty of precedent of similar behavior in industry.
> What will be the point of watching a movie or TV show, then? What will be the point of making one?
I'm sure Michael Bay would consider what he does to be artistic expression; whilst others would say it's a semi-shameless money-grab. Half joking, don't take me too seriously.
If you are not advocating for this future and you think this type of material progress is not something that we should take as positive, then you are being as cynical as me or anyone else.
> Having a good Twitter/social media presence will become a compulsory pre-condition. The company owned channels (like websites, email lists or apps) where you have direct access to customers will become key demand generation pipelines.
The ability to control their own media presence is what still makes me believe that ActivityPub has a future, but it depends on companies and marketers realizing that they need to be proactive about it; instead of just sitting on their hands and chasing the audiences wherever they think they are going.
I think that most marketers are aware that controlling your own mailing list is important; this is why so many of them post on every platform, have podcasts, and try to get you to sign up for their newsletter.
The issue with federated projects is that they lack the content to attract users and they lack the users to generate content.
> The issue with federated projects is that they lack the content to attract users and they lack the users to generate content.
This is why I wrote "it depends on companies and marketers realizing that they need to be proactive about it".
It costs next to nothing to set up a server and configure a bot that mirrors your twitter posts to the Fediverse. If they done just that, they'd be solving their end of the chicken-and-egg problem, and all they would need then is some patience and treat it as a Pascal Wager, where every round of "Here's something stupid that Musk did today" would be a change for them to convert the users to their preferred network, or to just maintain the status quo.
I think you’re overestimating how many of these promoters could figure out how to set up a server by themselves. Most of the ones who can will just stick with the proven technology (email).
I want the technology to work out, I just don’t see it happening anytime soon. Think of Linux and Firefox; both have been best in category products for years, but neither one has an appreciable market share.
> how many of these promoters could figure out how to set up a server by themselves
I am not talking about setting up a server by themselves.
Managed hosting is a thing. People can get their own media presence without any technical expertise for less than $40/year. (https://communick.com/services/takahe) I am just talking about getting them being curious enough to find a service provider that can do it for them.
And you know what would be even cheaper (in the medium/long term) than the IT in-house or outsourcing to commercial SaaS? If the company took 10-20% of their budget to sponsor the development of FOSS alternatives.
I thought I had it (mostly) solved with fediverser: users would go to one place, sign up with OAuth to the service they wanted to leave (Reddit, Twitter...) and the system would behind the scenes create an account on any of the participating instances. In doing so, it could leverage the user existing information (subreddits subscribed, users followed on Twitter) and find the corresponding subreddits/users that are already registered.
Turns out the biggest challenge was not in getting users, but in convincing admins to join the network. Instances with open registrations are already dealing with spammer accounts, and none of them was excited about the idea of this extra vector for having unvetted users on their services.
This doesn't mean that centralized services are safe, though. I am reasonably convinced that we can have "social media" that is less focused on "platforms" and more like what we (used to) have with web: companies and institutions owning their presence by running ActivityPub "servers" on their own ___domain, and a hotch-potch of community/commercial servers to serve the users who want "basic access".
But to get there, we need to stop thinking that the way to get rid of Facebook/Twitter/Reddit/Instagram/YouTube is by taking their templates and tacking "but federated!", and we need to really come up with a killer app on ActivityPub (or Solid, or Linked Data, or ActivityPods) to disrupt the whole thing entirely.
> Turns out the biggest challenge was not in getting users, but in convincing admins to join the network
The incentives for homeserver admins are extremely perverted and it's why the Mastodon network in particular is so dominated by ideological cliques.
Running a homeserver is thankless, laborious, and expensive, and the costs go up with each user. There's no money for it, so admins have to be compensated another way. Either they get off on the power, or have an ideological axe to grind and thus moral compensation, or they are altruistic and eventually burn out when they are subjected to the abuse of the job.
The financial story has to be solved. Admins must be paid to run services or the services get distorted to compensate them some other way.
I might be wrong, but I think that my instance was the first to provide accounts only to paying subscribers, and even today there are only 2 others like mine.
This is an issue with Mastodon (and most of other software that implements only the push-based processing of inbox), but there is nothing on ActivityPub that prevents a client to directly read the actor's outbox.
As a matter of fact, I am working on a fork of a elk right now that is meant to function as a pull-based reader of AP data, so pretty soon you will be able to have your SSG generate an outbox for you and I would get all updates, boost it, etc
> if I'm writing to a blog or a microblog I just don't really care who follows me or even who reads it.
- if you want to have comments or backtracks, you can do it with ActivityPub without having people signing up to your site (directly or through some OAuth system)
- If you want to mitigate spam, you can set up your AP blog to only accept messages on the inbox from actors who you whitelist.
- You could have your own Substack where you only send the updates to actors who are paying subscribers.
> if you want to have comments or backtracks, you can do it with ActivityPub without having people signing up to your site (directly or through some OAuth system)
You can do the same thing with RSS+We mention, which is a way simpler stack and predates ActivityPub by years
Webmentions are a spammer's wet dream. There is a reason they were adopted only by the Indieweb crowd.
Anyway, my point was less "ActivityPub can do everything people can do with RSS" and more "having a mechanism to for bidirectional authenticated messages opens up the possibility of new applications".
The real interesting part will happen when/if more developers realize that ActivityPub can do more than "federated versions of popular social media platforms".
I might be misunderstanding what you're saying here. How is ActivityPub more authenticated than Webmention? WM requires the poster to host their content on a website. This is exactly what the AP spec says to do. Now, since the spec was published, most AP implementations also support HTTP signatures[0], but this doesn't provide additional guarantees that you can't get with WM. The authentication is still tied to a URL.
As far as spamming goes, I don't see how WM is any worse than AP. In both protocols your only options are passlists and/or blocklists.
[0]: And an old version that doesn't have an official spec. ActivityPub's issues with spec stagnation and de facto standards is a whole other thing.
I haven't dug into these, so apologies for the naive question, but for a multi-tenant service like WordPress.com, can you effectively limit which WordPress blogs can WebMention you? If the allowlist is formed on the ___domain, this seems limiting.
Perhaps more advanced URL regex can achieve more fine-grained control but I do still see advantages in pubkey auth (especially if people want to move their content.)
Still, I do find myself wishing for a lighterweight-than-ActivityPub middleground.
You're right, in default configurations ActivityPub definitely has an advantage here, since HTTPsigs are tied to users, not instances, which gives finer grained blocking. I'm not aware of anything like this for Webmention.
I suspect this is because WM is used far less than AP. It also grew out of a community (IndieWeb) where having your own ___domain is a core tenet.
I think something like Mastodon could work with WM though, since all URLs hang off of user URLs, so you could block by URL prefix, ie "block https://example.com/user1/*".
Webmention receivers can filter on whatever parts of a URL they want to. Maybe a WordPress implementation limits this to the ___domain? But as far as the spec goes, the receiver just gets a `source` parameter that's a URL. They can then decide to allow that (based on the ___domain, or any other characteristic they want) and at that point they check that URL to see if the document there contains the link that it's supposed to.
Spammers would have to host a page (permanently) that links to your post, and even then they don't get to control what (if anything) from that page gets displayed on your site.
I guess one danger is that they only serve the page that contains your link to the webmention-validating request. That way they get a backlink but don't have to keep a public outgoing link. They'd have to know that a given request is that validation though, and I'm not sure that'd be very easy.
The OP here specifically wasn't including any auth features, which I was pretty sure would mean backtracks and comments aren't supported but maybe that's wring. It is possible with ActivityPub, but I'd personally be hesitant to run my own OAuth server just for a microblog.
Regardless, my underlying point really is about what I expect of a microblog. If I'm hosting it myself I just want it to be my little corner of the internet, not a full fledged social media site that I have to maintain. That doesn't mean I'm right or that others don't expect more.
> If I'm hosting it myself I just want it to be my little corner of the internet, not a full fledged social media site that I have to maintain.
I think the problem is that OP is focused on developing a framework for AP, and he is dogfooding it by developing an application that other people can understand without too many new concepts.
I'm halfway there with Communick. I started with the focus on providing hosting for social media and messaging platforms, so I had to find my way around setting up LDAP for SSO, provisioning of object storage for separate services, etc.
But the most interest thing is that in the process I also wanted to remove my dependency on the other centralized SaaS, so I ended up setting up my own git repository (gitea), my own CI (woodpecker), my own project management tool (Taiga), my own knowledge-base/data sharing tool (Baserow).
On the one hand, I agree with you and think it could be a great business opportunity. On the other, the whole thing is so easy to be completely commoditized that I don't see a practical path to profitability. If I go to investors with the idea, they will say (rightly so) that there is no easy way to establish a competitive advantage. If I bootstrap (like I have been doing with Communick) I can not be fast enough to do both customer acquisitation and development.
> What is important that there is one company you can go to who does all of that for you.
This is what gets us in this mess in the first place.
> Running a government institution and having 20 different vendors to make your basic IT system work is a nightmare.
Then scale down the bureaucracy and bring back the decision-making power down to the leaf nodes. Have each institution working as a "microservice" which is responsible only for defining the interfaces on how to interact with them, but leave the internal implementation completely up to the department. You can of course have some collaborative structure where these departments can use as a reference guide, but they are completely free to override those decisions when it best suits them.
God, the idea of microservices for humans is nightmare time. I work for a company that runs micorservices, and I can say I've spent days attempting to get everything running on my dev system. One upgrade and I can watch my whole day/week disappear into config hell.
I can't imagine how hard it would be to do this with people. Each working with their own little bubble.
Just the other week someone decided that an api needed a tweak, so they adjusted the code and the tests, but missed one external system. Took 4 days to fix, because we couldn't figure out what had changed. And the team who owned the external system wasn't around.
People as microservices.. no just no.
> the idea of microservices for humans is nightmare time.
Works for supermarkets, department stores etc. Companies employ too much red tape in their acquisition processes.
I’ve seen organisations pay way over the going rate for cloud services by insisting on a bidding process and talking to salespeople, when they could have just purchased direct from the console.
If doing your own work requires you to "get everything running on your dev system", are you really working on a service-oriented architecture or was it that your company decided to board the bandwagon and botched the execution?
> Then scale down the bureaucracy and bring back the decision-making power down to the leaf nodes. Have each institution working as a "microservice" which is responsible only for defining the interfaces on how to interact with them, but leave the internal implementation completely up to the department. You can of course have some collaborative structure where these departments can use as a reference guide, but they are completely free to override those decisions when it best suits them.
Dear god no. That's how you end up with contracts assigned to "Joe's Nephew Software Design" that don't just smell but reek of nepotism (although I will admit, the "big bodyshops" aka Accenture and friends aren't much better), neverending GDPR et al. compliance issues, and massive employee overhead in training and onboarding costs when every local government does its own shit and economies of scale can't be leveraged.
Also, even assuming "Joe's Nephew Software Design" manages to complete the DMV software on time and in budget... who's guaranteeing that in 10 or 20 years Joe's Nephew will still be around to provide updates? It's (way) easier and cheaper to do continuous maintenance when there are lots of clients to fund upkeep, compared to just one.
> the "big bodyshops" aka Accenture and friends aren't much better.
You said it yourself. Corruption and abuse of power will always exist. But if I had to choose between the invisible corruption of faceless bureaucrats enabling cronies or the local crook who will try to put his finger on the pie, I will take the local crook every time. At the very least, I can get a bunch of people and bang on their doors with some pitchforks.
> who's guaranteeing that in 10 or 20 years Joe's Nephew will still be around to provide updates?
We are taking about a scenario where open source is the norm and the stakes for each individual project are lower. "off-the-shelf" components would be the norm. Whatever customization or improvements done by the departments would also be released as FOSS.
> At the very least, I can get a bunch of people and bang on their doors with some pitchforks.
For that, you gotta hear about the issue first. Local reporting is all but dead, and the few local journalists that remain and have the expertise and time to do investigative pieces on local money wastes are way more easily silenced by SLAPP lawsuits and political pressure (up to and including death threats) than something like, say, the New York Times.
But if we are talking about local services and the governance of projects at the municipal/county level, you won't need to wait for reporters. You will quickly see and experience the mismanagement of resources.
Any Christian fundamentalist who advocates for its religion to become law is a bad Christian who never understood the lesson behind "Render unto Caesar...".
Now, contrast with Islamic teachings. Not every Muslim will advocate for Sharia, but there is a non-negligible part of them (leadership included) who think that not advocating for Sharia is a sin.
What’s the contrast? In both cases, there are good people who understand that their religion restricts them, not others, and there are bad people who think the government should enforce their religion.
What part of Christianity actively promotes it? There’s that one line, which meaning is debated, in a book full of stories about religious governments.
In any case, I only care about the practicalities. In terms of what they try to achieve, there’s no real difference between the Christian and Muslim dominionists.
The word "direct" is carrying an awful lot of weight in that sentence. The Catholic Church (as well as the Protestant and others) are very responsible for, or at least implicated in, many horrible things in the last few hundred years alone:
- signed off on the slave trade for hundreds of years (even gave excuses about how that was God's will)
- during World War II they promised to hide many Jewish children, only to subsequently steal them from their parents arguing that "they are now Christian, it would be a sin to give them to Jews"
- the inquisitions
- were the justification for so many wars (conversion by the sword)
- have long been a tool of repressive governments, arguing that it fell under "obey your father"
- in the U.S. many churches, including the Catholic Church have preached that voting for one party (Democrats) is a sin (often about abortion, but other topics have been raised)
In general, the Church's political power has waned over the last 500 years or so, but there are an awful lot of calls from Republicans saying that this is where we have gone wrong.
One only look to the political donations of Opes Dei (Catholic branch dedicated to getting Cristian influence over the "Lay" sphere) to see them as major power players today. The Heritage Foundation (main writers of Project 2025) are intimately bound with the organization. And Chief Justice Roberts is also associated.
So they may not be "direct" rulers, they are major power players.
> So they may not be "direct" rulers, they are major power players.
So are all the other countless media companies, tech corporations, Hollywood, labor unions, pharma companies, academia...
From this list, which one do you think is more intertwined with Government affairs? The Catholic Church or Amazon? The Mormons or Blueshield? Seventh Day Adventists or Disney? The Baptists or General Motors? The Anglicans or FOX News?
Even those "running the place" are doing it within the democratic system established and managed by the State. You can try to twist as hard you can, but to think that the US has become some form of Theocracy is absurd.
I am not going to argue that the democratic institutions are not under attack, but I am arguing that there is no key religious figure remotely close to take power and become the head of State, at any level whatsoever.
So, let's get back to question I posted before: which of the religious leaders have more control over the head of State than any of Big Tech CEOs? Which congregation in Florida has as much political pull (regardless of direction) as Disney?
> We're almost at a point where the current generation of programmers wasn't even programming when that happened
I've been programming with Python since 2006, I think most of the systems were based on 2.4 at the time. I've been one of those who switched to Python 3 somewhat late, waiting for some major libraries to ship python 3 packages - celery and Twisted were one of the biggest holdouts - so I remember that the first project where all my dependencies were ready for python 3 was around 2015.
This is to say: even seasoned developers who were conservative around the migration have spent more time working with Python 3 than Python 2. There simply is no reason anymore to be talking about python 2.
The last time I touched a large Py2 project was in 2018 when I ported it to Py3. So, I have 18 years of Py2, probably 6 years of overlap, and 7 years of pure Py3. That means I still have a lot more Py2 than Py3 time.
Buuuttt, I'm so over the transition. It’s ancient now and I agree that we can stop fretting about it.
And you wonder why people are cynical? Do you really think that the best answer to solve IP law and the blandness of pop-music is by making it so cheap that we make it available to everyone?
> But, there are massive use cases where that type emotional connection is not necessary (...) game & movie soundtracks, in waiting areas, tv shows
What will be the point of watching a movie or TV show, then? What will be the point of making one?
reply