I just added what I think is the coolest part to OcapPub... the "Composition" section! This especially shows off how cool ocap design is: Alyssa schedules a backup of her file to run twice a day, and yet the job scheduler which runs the backup has neither access to read the file nor write anything else to the backup service!

I remember when I first realized you could do this kind of advanced stuff with ocaps and that it was *dead simple*, my mind was *blown*. I hope other people find it as interesting.

Show thread

v1: normal programming, without side effects
function helloWorld() {
return "Hello World";

v2: normal programming, with argument passing
function helloWorld(printLn) {
printLn("Hello World");

v3: Same as v2, but no extra argument, because printLn access is "handed to" the module

v4: https://some-ocaps.example/obj/b9wSO6f7F31yz50VWNXRchjpT8BaADPygiVROoqKaw (renders a page that says "hello world")

v5: same thing but with an activitystreams object

@deejoe I feel like that OcapPub goes into detail if you want more.

Personally, my favorite intro was reading


I guess my take-away is that there remains something of an opportunity in this space.

@deejoe Yes, I think nobody's given the world's easiest intro to ocaps; it hasn't yet been written.

But we tried pretty hard; here's an episode where we give some intros to the concepts on @librelounge

@cwebber @librelounge

aha. That might have what I need.

Will see if I can find an owl there later :-)


@cwebber I just want you to know that I find this *fascinating*, as someone with zero experience in software development and no formal computer science training.

I'd started thinking about the mechanisms people have to control interactions on Mastodon in particular back when there was a proposed change to inform people when they were being blocked--I also was reading about ACLs vs. capabilities in secure operating systems for some reason or other--and I'd just gotten what I assumed was the ridiculous idea "what if we had capabilities for social media?" When I stumbled across the relevant LibreLounge episode.

More personally, and I'm probably reaching with this bit, ocap stuff that gives people finer-grained control over decentralized online interactions fits perfectly with the anarchist values (in the "maximizing individual autonomy by facilitating cooperation and vice versa" sense) I'm trying to examine computing with when I'm on here.

@cwebber hmm, I still have to come up with an actual use case for attenuation in ActivityPub

Also, I can see a few issues with proxying in the context of AP:
- End-to-end reliability now depends on a chain of proxies
- The proxy is in a much better position to perform replay attacks
- The proxy could also decide to selectively block transmission for certain kind of information, not agreed upon previously by the person who has been given the capability

@cwebber more generally, using proxies for attenuation is incompatible with End-to-end encryption and gives a lot of power to the proxy

@Thib These are good criticisms and will be better addressed once I introduce the True Names and public profiles section :)

@Thib We can put *a portion of it* this way:

"What do I believe this is a proxy of?"

"Does the thing I am proxying to believe this is a secure channel for me to make communications to it?"

@Thib And maybe, adding to that:

"Does the thing I am proxying to believe this is a reliably-available channel for me to make communications to it?"

@Thib Would answering those questions help your concerns?

I appreciate this feedback, btw!

@cwebber yes, I guess so, but I can't really see how those could be answered by anything else than “no”

@Thib Well then, I guess you have to wait for my next couple of updates :)

@Thib I realize I am introducing a lot of concepts, layer by layer. It is part of the reason OcapPub is so long.

We can see that in the examples I gave, Alyssa's friends had no reason to believe these capabilities were for anything other than what she said it was, because that was their trust assumptions from the beginning. If they trust Alyssa, and they heard it from Alyssa, that's fine. Similarly, the chronjob scheduler doesn't care.

We'll need better for talking to many AP actors.

@cwebber I guess how important those assumptions depend on the exact use case behind the proxy, and I can't really think of a use case for attenuation in AP yet

@Thib I hear you; reserve judgements till after the the True Names section comes out. :)

@Thib Also the episode of @librelounge that's coming out next (probably Friday?) should help, too.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!