Tag Archives: StatusNet

GNU Social now supports WebFinger (RFC7033)

So, (slightly more than) another week has passed and GNU Social has received a couple of stability and feature updates. Nothing very visible for the end-user, but administrators may appreciate it. Going chronologically through the shortlog:

First I did some minor fixes, mostly language and specifications to make more clear that we’re working in the GNU Social software. This includes removing some StatusNet names here and there, specifying our system requirements (PHP5.3) and preferring a local url shortener to a remotely hosted one (privacy issue). The “8 chars was too little” apprehends queue handlers which in the future may use longer frame-identifiers (more declarative names).

b62ac25 PHP 5.3 dependency declared in INSTALL file
f009499 minor fixes and cleanups in the scripts directory
4c6803a GNUSOCIAL is the new defined indicator
c906ab1 8 chars was too little, 32 should be enough.
c3001ff url shortening fixes for api config and not ur1.ca
792e1ae StatusNet_HTTPResponse now prefixed with GNUSocial_
a35344e instanceof instead of is_a is faster (thanks quix0r)

One goal I have with code updates are making better use of OOP, object oriented programming. It results in prettier code, which is easier to read and harder to get wrong (what with proper typing and all that). One part in this was clearing up a remnant of old times, the ‘subs.php’, and implement the same functions in the Subscription class.

There were small problems during the execution of this patch, but it was fixed in the following commits. Among these fixes were the introduction of Managed_DataObject::listFind, which instead of an array returns the actual multiple matches in an extended DB_DataObject class.

93e878d Make better use of Subscription class
39f21d6 New Managed_DataObject retrieval: listFind
6330608 Subscription "get by" functions now don't use ArrayWrappers

Proper exception handling is also a neat thing. So I introduced the ‘MethodNotFoundException’ which is thrown whenever a class hasnot implemented a function. Usually that’s handled through abstract classes and class interfaces, but abstract declarations are apparently not allowed for static functions. So instead they throw the mentioned exception. Then there was also some regression and neatness fixing to do, where the regression was related to javascript functionality.

50e611a Shouldn't define static classes as abstract.
f711f9e Fixed regression in bookmark.js that caused double-submits (jquery 2.x stuff)
5f1fea1 FavorAction upgraded to extend FormAction
e9f2a18 Wrong call signature used for Event::handle
4ca1c10 IMPORTANT: 'GNUSOCIAL' defined, or daemons wouldn't work
8205c56 Stylesheet event now removed of StatusNet-remnants
9d3abc3 $_PEAR now defined globally as new PEAR, so no static calls are made
4015a58 Sometimes there's no text content, so pad the array (thanks mrvdb)

We now support PHP5.5, at least after the following series of patches. 5.5 makes sure that PHP is not a _pure_ steaming pile of dung anymore. So I had to clear up some old programming mistakes that didn’t convert types and shut down data streams properly.

In the middle of all of this, I took the chance to update some PHP libraries too because stuff like OpenID wasn’t PHP 5.5 compatible.

1744fec Array to string conversion in queuemanager logger
1c6f9df PHP5.5 fix: Better use of startXML for Action classes (mostly AJAX)
f268c3f Completing extra-element-without-text patch from 4015a58d1cfaa257fcf2b01aa6b1c9daa268c997
f01c478 htmLawed extlib updated
49b7559 Updating Janrain OpenID auth library
f7719b5 phpseclib extlib updated from phpseclib.sf.net
64df40e Filling in missing endHTML calls for Action AJAX
3ffe0e4 Added queue daemon notice about disabled forking functions
e9cc87f Updated some of the INSTALL documentation

A problem regarding URL shortening I noticed – if allowed notice length is infinite, then we ALWAYS shorten links (because two config settings were compared, where ‘0’ meant entirely different things).

858d9cc maxNoticeLength test for url-shortening failed on maxContent==0

Some minor problems I managed to introduce earlier were fixed here. Also, I applied several patches by Joshua Judson Rosen (rozzin). Thank you for these (one year old) patches!

80c6af0 Uncaught exception when no subscribers/subscriptions in ProfileList
633191d Making sure scripts and tests check for GNUSOCIAL defined (instead of STATUSNET)
981295f Autocomplete action must exist on user registration
562d5bc Remove bad common_path() call in context of cssLink().
8e5d58f Make paging work correctly in the user-directory even with the default filter set (i.e.: `all' = `no filter', so intrepret `filter=all' as `no filter').
9844ec7 Make the ForceGroup plugin work consistently for notices from remote users.
9085880 Allow the hostmeta to indirect from one domain to another. e.g.: rozzin@hackerposse.com => rozzin@status.hackerposse.com.
8e53eb2 Correct a logic-inverting typo in handling of replies to group-posts. The typo causes a tautology, which makes replies to group-posts always (or almost-always) go to the group(s). cf. http://status.net/open-source/issues/3638
44f7ad6 Correctly distribute notices from remote posters through local groups to remote group-members via OStatus. Allow the OStatus queue-handler to handle all posts, and give it the smarts required to make correct decisions about whether it should or shouldn't relay notices over OStatus. cf. http://status.net/open-source/issues/3540

…and now to the big implementation of the week – WebFinger. GNU Social now properly supports, I believe, RFC7033. Plus of course the former RFC6415 (Web Host Metadata), which StatusNet supports (but only XRD format). GNU Social supports both with both JSON and XML resource descriptors (JRD and XRD). It was followed-up by some regression fixes which were caught rather quickly thanks to debugging with postblue who tracks the master branch.

What WebFinger does is simplify and standardise metadata retrieval for users, websites, devices etc. using unique URIs – such as acct:mmn@social.umeahackerspace.se or https://social.umeahackerspace.se/mmn. What we don’t do is make use of the ‘rel’ parameters. Yet.

This also removed the previously available StatusNet hack ‘xrd.php’, replacing it with the PEAR XML_XRD library. We could probably also use Net_WebFinger for lookups, but so far no one has contributed RFC7033-compatible changes to it. It means more lines of code, but less maintenance. Code reuse is awesome.

As a bonus, or rather instead of implementing Quitter’s API changes, I pushed some Avatar class fixes. These simplify a lot of the code, as can be seen in commit b0dfc70 which replaces multiple get-avatar-check-if-it-is-there-and-get-the-url-otherwise-get-the-default-avatar-url (+ I could get rid of Twitter-specific hacks that returned 73×73 sized avatars when they sometimes should’ve been 96×96 pixels).

a0e107f Implemented WebFinger and replaced our XRD with PEAR XML_XRD
a23c4aa Avatar resizing improvements and better code reuse
24e0535 Fix regression from WebFinger update for singleuser sites
cced063 Fixed regression in latest Avatar fixes
a7e7484 Fixed regression in OStatus sub from WebFinger/XML_XRD update
b0dfc70 Properly unlink all old avatars when deleting/uploading a new

Then I made some minor fixes to avoid filling up the avatar directory over time, and spamming the PHP error log with unnecessary notices.

1d46ca4 PHP Notice:  Undefined variable: logo
3e15bab PHP Notice:  Trying to get property of non-object

And lastly, I just now fixed a problem with a new behaviour in lib/plugin.php where all the Plugin extended classes (i.e. all plugins) automatically load files from their directory if they match desired class names. During WebFinger updates I introduced (for the LRDD methods) a snippet of code that replaces ‘_’ with ‘/’ so we can have a better directory structure for plugins which act like the LRDD plugin.

ba5e901 Plugin onAutoload replaces _ with / in lib paths, this renames some classes.

Thanks for reading. Now go federate!

Next week in GNU Social

I’ll post my little todo-list for the coming week’s development of GNU Social here:

  • Proper WebFinger support (draft 18). Preferrably both JRD and XRD style.
  • Add a Profile_prefs class, to avoid separate tables for every plugin’s preferences.
  • Implement qvitter’s API improvements

If I have time I’d also like to do:

  • Generic Avatar size retrieval (generate + cache on demand)
  • Notice retrieval interface through WebFinger.
  • Implement parent retrieval for orphaned posts.

Parent retrieval would of course not work until others also upgrade to GNU Social from StatusNet, or patch their installations with that specific functionality. However, considering the amount of broken conversations that comes with more federated users I think it’s very desirable.

First month of GNU Social fixes

In August I began the commit spree on the temporary GNU Social ‘master’ branch over at Gitorious. Temporary because the repository will likely in the future be under the ‘social’ project on that site.

Erkan recently asked for a roadmap of GNU Social development, but unfortunately I’m right now just going to give the next best thing – a summary of what’s been done the latest month. Starting after Evan’s currently last StatusNet commit at Tuesday July 16 2013, 2a70ed2: Merge branch '1.1.x', it was merged into the stone-age stuff of previous GNU Social code from 2010… and new development began. This is the story of our commits from 2013-08-12 to 2013-09-17.

First up, updating some libraries

I guess noone had dared touch the old piece of legacy PHP code that’s called “DB”, i.e. the ancient database abstraction layer StatusNet uses (and doesn’t really get used properly as there are many manual SQL queries in the code still). I didn’t dare do this either, but updates are always nice. So the first essential commit was updating the external library DB to its latest version:

7d8e199 Update to DB_DataObject 1.11.2

There was the idea to migrate everything to MDB2, which would still be able to handle the DataObject classes. However, since it still wouldn’t take care of the biggest problem – functions that are internally called by static methods but aren’t declared static – I figured it wasn’t worth the hassle. And the OpenID plugin supposedly would need lots of work… Anyway, if there’s anything we should do (besides drop PHP!) it’s to migrate over to PDO.

Long-standing merge requests

Then there was work to integrate some fixes from the list of merge requests and such which had not been taken into StatusNet master yet:

3ad3535 Merge commit 'refs/merge-requests/230' of git://gitorious.org/statusnet/mainline into merge-requests/230
ea837ce added missing return statement after showForm call
f433f7c if parameters are not 0, null then limit will be PROFILES_PER_PAGE
56cfd2b comparing a url scheme should be done case insensitively
1095f7a new plugin to check, store and migrate password hashes to crypt()
2e8b729 Issue 3636 request clarity for users without validated emails on instances with RequireValidatedEmail active
7eecd93 _m function for translation seems to be what we use
e47d9ad Added author name to modified file
d6cf6e8 letting the noticeform at the top show, to fix broken reply button javascript
bd60ab2 fix typo on provider_url
f11d157 visual presentation of group's homepage href was its local stream url
20bad68 Added SSL option to web and cli installers
38ac5a7 Automatic memcache support enabler for config
542f00f printf tries to evaluate "%" in paths, echo does not

This felt like a relief for me personally, having written some of those myself. Several other good people had submitted merge requests as well which were taken care of in this round. All the details are in the commit log.

One big problem for new users was also the extreme sluggishness that arises from such a huge, dynamic piece of software as StatusNet. So we automatically enabled Memcache detection if PHP has the module. It requires the administrator to run a local memcache server, but at least no further configuration has to be done after ‘apt-get install memcached’.

What makes GNU Social GNU Social?

And so it became time for a distinction that separates GNU Social from StatusNet somewhat. Something which bothered me in every fresh install I ever made, too:

794163c Default to NOT ask for current location for new users

Privacy. At least we shouldn’t stalk fresh users by asking them where they live everytime they try to post stuff! Another privacy change had already been made (20bad68 regarding SSL-on-install), but this was the first that would immediately affect user experience. SSL improvements were made later as well (commit 81a357e), where a site configured as SSL ‘sometimes’ would never redirect users to http://.

Major overhaul of dataobjects

In a couple of steps to reduce code redundancy and ease future migration to better DB abstraction layers, many of the following commits were directed at the ‘classes/’ directory, finally taking some of the dataobjects to inherit “Managed_DataObject”. Which means that everything from caching to specifying data structure becomes much easier not to say more flexible.

0cb5b6f No need for newline when running 'echo'
3394efc staticGet is a static function
d115cdd Managed_DataObject gets dynamic class detection for staticGet
1a9a8ea staticGet for sub-Managed_DataObject classes now calls parent
6c4c431 Plugins with classes that extend Managed_DataObject get better code reuse
c36608b Some statically called functions in plugins now declared statically
e95f77d Updating all Memcached_DataObject extended classes to Managed_DataObject
2a4dc77 The overloaded DB_DataObject function staticGet is now called getKV
ade2bdc Bookmark class now has schemaDef (for Managed_DataObject)
1710a61 Magicsig class now Managed_DataObject with nicer schemaDef
861e838 pkeyGet is now static and more similar to getKV
3ce5631 Memcached_DataObject::multicache is now properly defined static
7e4718a IMPORTANT - fixed Magicsig to properly overload getKV (prev. staticGet)
761a849 Added shared default plugin list between profiles
923f16a Properly definingStatusNet class static functions with 'static'
97ce71e Managed_DataObject now has listGet for all classes
0785cc2 Don't use DB_DataObject::factory (statically at least)
d5f82bb Class wasn't used anywhere, and file contained wrong class
e40044e Further static declarations of functions
6f4c572 Unnecessary UTF-8 declaration for database
b1465a7 We can now do late static binding (PHP >= 5.3)
3a7261f IMPORTANT: Making prev. Memcached_DataObject working again with schemaDef
66997f2 OStatus classes now has modern schemaDef
0bbcfa7 IMPORTANT - fixed HubSub to properly fetch primary keys
4fab7a9 GNU Social extensions fixes (please read note)
40fe10e Woops, forgot auto_increment (comes with 'serial')
b6cfcfb More info for a proper, fancy-url lighttpd setup

…and during this time the code was broken several times. Part of the fixes also included depending on PHP >= 5.3, which means we can rely on much better object orientation and snazzier functionality (such as late static binding). Unfortunately several problems still exist internally in the DB abstraction layer, where it calls its own non-statically defined functions with static methods. So the ‘PHP Strict Standards’ warning bells keep going off all the time – and still do even after all of the commits in this post.

One important thing that changed during these commits however was the Memcached/Managed_DataObject API, where instead of calling the DB_DataObject function staticGet (which wasn’t static!) it has been renamed getKV (for getKeyValue). Some other related data-fetching functions were also renamed and changed throughout the codebase.

Code reuse is a good thing, viva la OOP!

Then there was a big one. Standardising the way class files are autoloaded, which had already been kinda-maybe-half-made in previous StatusNet code, I went through a lot of the code for plugins and could remove tons of lines of code with statically assigned ‘include_once’ lines. Instead it is all generally handled in the Plugin parent class for the event onAutoload. Many files were moved and renamed in the course of this commit, as they all would fit the same pattern, which can be seen in lib/plugin.php.

de55d8f plugins onAutoload now only overloads if necessary (extlibs etc.)

And then some more cleanup and fixing

More merge requests and general fixes that had been noticed while digging around in the code were implemented.

cb94a29 Syntax error in XMPP config example
fac7371 pivotGet moved into Managed_DataObject
b3e61ce Stronger typing, require array where param array
79e3acf Moved multiGet into Managed_DataObject
f042eea removing empty "planned" GNU Social plugins
07ca304 Changes to GNUsocial plugins
bd24ab6 Fixed comment description in STS plugin
47eb3cf db/core.php lacked User_username (Issue 3299)

And some new parent classes

When working on Free & Social, I rewrote some major parts of the code. A lot of it isn’t quite finished yet (like the theme engine migration), but many bits and pieces can be put back in to GNU Social. Like the fact that just about every Action where one interacts with a form can inherit, and standardise to, a ‘FormAction’ class:

8d57fb7 Added a FormAction extension
cfa699e NewgroupAction converted to extend FormAction
83000f6 Proper definition of $args array in NewgroupAction->prepare
c735a83 Conforming to code layout
0612e5e NewnoticeAction converted to extend FormAction
89b1066 IMPORTANT: parent::handlePost() in NewnoticeAction
e5e3aeb newmessage (and Message class) fixed for FormAction
f0e967f needLogin renamed checkLogin and made a property
b2a0aa2 NewapplicationAction converted to FormAction
c5bf6cb Using a bit more of $this->scoped (Action parent class)

As you can see I migrated a couple of actions as well, but many still need work. And an introduction of a SettingsAction parent class would also be very good!

Tidying up, cleaning and implementing merge request

Back to house cleaning. Some code improvements were made where little effort was needed. Strict typing is very important if one doesn’t enjoy headaches while reading and debugging code. So some of that was introduced (and a little bit more would come later):

747fe9d Tidying up getUser calls to profiles and some events
a9c4bcd Removing unnecessary require_once lines (autoload!)
99312c8 Declaring some more static functions properly
81a357e Putting in functionality so that sites with the "Sometimes" SSL setting allow for users with plugins such as HTTPSEVERYWHERE who wish to use HTTPS to do so without having errors pop up. Specifically this references this issue: http://status.net/open-source/issues/3855#comment-48988.
ade8c69 Twitter cards implementation. Currently only supports 'photo' cards.
f0d86cd Add 'twitter:title' meta tag support.

jbfavre’s Twitter updates were also implemented. I actually haven’t tested these, but jbfavre is a good person whom we can all trust.

The Big JQuery Update

Yes, the web uses Javascript incredibly much today. And unfortunately GNU Social currently even depends on it for full functionality. That’s something I wish to change, to avoid a dependency on automatically executing programs in the browser. But it can undoubtedly increase usability. So updating JQuery to its latest version was next on the todo list:

1eead02 Changed bind() and unbind() to on() and off(). Shortcut for (document).ready().
6fa9062 Changed bind() and live() to on(). Changed .attr() to .prop() for checked and disabled. Shortcut for (document).ready(). This is the first attempt to convert live() elements to on() according to http://api.jquery.com/live/.
af4f2a1 Changed .attr() to .prop() for checked and disabled. Removed "style" removal which I assume was tied to opacity setting on line 9. Replaced "style" setting via attr() on line 12 with css().
1757a65 Shortcut for (document).ready(). Changed .attr() to .prop() for checked and disabled.
3efa107 json2 extlib updated to 2013-05-26 version
a56ad2c Updated jquery extlib to v2.0.3
a4d04d2 Fixed regression from util.js updates + syntax cleanup
3858897 farbtastic removed along with userdesign stuff
dfa1b15 Changing js .live calls to .on for jquery 2.x
438685b jquery javascript was moved to js/extlib
2da9288 jquery-ui updated and moved to js/extlib
56ebe91 jquery form updated and moved to js/extlib
4f065d6 Removed jOverlay as it's outdated and not referenced
0731207 updated jquery-infieldlabel from 0.1.2 to 0.2.1
31bace8 updated and moved jquery-jcrop (no longer .min.js)
3604924 updated and moved jquery-cookie
11f4363 Fixed regression from jquery-cookie update
6de3fc0 jquery 2.x update related fix (.die no longer defined)
5e24600 Minified javascripts are evil! Human readable source, please!
1775fce Added new config for lighttpd.conf that worked on my 1.28 setup.
4822965 Event::handle only takes array $args
83b8523 Events on user registrations now strictly typed
d480ed4 Gravatar pretty much equals disregarding privacy
8935a2f Autocomplete migrated to jquery-ui autocomplete
8140c4f Bad call to joinAdd in Profile.php

It seems to have worked well for me, at least! I believe many of these commits can be imported without any of the previously listed ones, as they should only touch javascript files and some small portions of fairly static code. A modern JQuery library can help a lot to make GNU Social clientside development interesting for more people!

Some of the commits in the latest list are unrelated to JQuery updates (essentially all of the last ones except 8935a2f), but are instead part of tidying up and making the code stricter and less redundant. Many scripts are even thrown away, as they were never referenced anywhere in the code (such as farbtastic and jOverlay).

My favorite commit was “5e24600 Minified javascripts are evil! Human readable source, please!”. In the future we should also have a closer look at LibreJS for compatibility and compliance!

NOTE: A regression was made in jquery 2.x fixes, so please cherry-pick commit f711f9ee7551ac0fe59f1cdc5a375d4825d93e3c too if you’re annoyed with double-submitting favor forms and such ;)

…I leave it to the future to come up with a roadmap for the future :)

Utveckling av “fedsocweb” både stagnerar och frodas

Jag har som bekant ett projekt aktivt med stöd från Internetfonden. Målet är att förbättra den existerande mjukvaran StatusNet, en fri mjukvara för federerade sociala nätverk – eller “federated social web” (fedsocweb). Källkoden jag publicerar går självklart att läsa och projektets resultat går förstås även att använda.

Tillgängliga, liknande mjukvaror

Mycket har hänt sedan jag påbörjade projektet, i detta inlägg ska jag fokusera kring de alternativa mjukvaror som finns inom fedsocweb.

Min utgångspunkt har varit StatusNet, som i mina ögon har en väldigt stor kodbas (228k rader faktiskt kod) som helt enkelt inte är särskilt smidig att uppdatera och bygga vidare på. Det är tydligt att mycket kod hänger kvar “från förr” och orsakar en del kompatibilitetsproblem och huvudvärk när man försöker skapa ny funktionalitet – och inte minst när man försöker standardisera och effektivisera koden.

Sedan november förra året, då jag tog mina första stapplande steg i kodstrukturen för detta stora projekt så har jag försökt bidra med buggfixar och har fått en del av dessa beviljade. Många fler har inte antagits, mestadels eftersom StatusNets huvudutvecklare arbetar på ett annat projekt, Pump.io. Detta nya projekt bygger även det på s.k. “ActivityStreams” och ska implementera OStatus fullt ut, fast i en mindre tungrodd infrastruktur på serversidan. I ett försök att “göra om göra rätt” kanske, men jag har inte hakat på det just det spåret.

Denna stagnation i utvecklingskraft på sociala federerade nätverk är inte unikt för StatusNet. Diaspora* verkar ha fått slut på sitt kapital och riktar in sig på en mer tumblr-remix-aktig satsning än Diaspora-projektets ursprungliga “Facebookdödande” inriktning. Deras nya projekt är helt enkelt nischat för specifika typer av användare och Diaspora* lämnades över “till communityn” i ett mycket ofärdigt skick, om än behändigare kodstruktur än exempelvis StatusNet.

Dessa två plattformer, StatusNet och Diaspora*, har varit de största att dominera sfären av federerad social media. En hittills mer lågmäld spelare har varit Friendica som har varit mer av en satsning på att binda samman separata nätverk för privat bruk än att fungera som en federerad plattform i sig. Sedan StatusNets utveckling stagnerade strax efter sommaren 2011 verkar mycket intresse från bidragande utvecklare ha gått över till Friendica istället. Tyvärr har Friendica en ännu större kodbas än StatusNet (>500k rader kod, mer än dubbelt så stor).

Mycket kod gör projekt jobbiga att sätta sig in i, underhålla och utveckla. Vilket är tre oerhört viktiga egenskaper att bibehålla för projekt med fri mjukvara. Ju högre tröskel in i utvecklingen, desto färre kommer att hjälpa till. Fokus borde alltså ligga på att underhålla lätta, smidiga kodbaser som gör vad de ska på ett enkelt sätt. Mitt mål har därför varit att kapa och meka i StatusNet för att underlätta underhåll. Ett direkt resultat i början var det enkla måttet på antal rader kod men sedan dess även utbyggbarhet och standardisering.

Att mäta resultaten

Jag passade på att nyttja kod-och-projekt-analysatorn på Ohloh för Free & Social, vilket inkluderar all historik från StatusNet (som också finns där). Det syns tydligt när jag började skära som hårdast, i månadsskiftet juni-juli 2012, där 70,000 rader så gott som onödig kod togs bort. Sedan dess har utveckling skett för att separera utseende från funktion, vilket i det stora hela inte lagt till särskilt mycket kod alls. Strax är jag dessutom redo att radera väldigt mycket kod som för tillfället endast ligger kvar som “fallback” om min kod inte täcker upp ett visst användningsområde.

Målet är att kunna byta ut den kod som är skriven i PHP mot något helt valfritt, modul för modul. Det ska bli lättare att köra sin egen StatusNet-instans, eller vilken mjukvara man vill, för att kommunicera federerat med OStatus-protokollet (och även andra förstås).

Det jag inte gjort hittills är att paketera Free & Social-forken för enklare installation på slumpmässiga datorer. Detta kommer när man inte längre behöver paketera hela frontend-motorn med allt vad det innebär för människor som t.ex. vill ha en installation man endast interagerar med via API och tredjepartsklienter.

Projektet tar absolut mer tid än jag hade förväntat mig. Fast då resulterar det även i en mycket större förbättring än vad jag först hade tänkt mig.

Conversations in “social” media (and why OStatus rocks)

So, what’s more social than having a conversation? Two or more participants in an exchange of words or acts that relate to a common subject. It’s called communication and as human beings we have a natural born talent for maintaining several subjects in our mind at once.

The conversation is very important for humans and our social life. We not only want to interact with others – we want to understand the context of a conversation we’re not immediatly being a part of. Be it a political debate, people on the street passing by or when reading posts on an internet forum. Quotations are a great example of how maintaining the intended context is important, as many phrases have multiple interpretations. With the age of books, physically printed literature, keeping the context has been a hard task – but with computers, the internet and hypertext on the world wide web it is no longer difficult.

So one may wonder why websites that are portrayed as “social” are so bad at presenting communication. Lately we have started seeing one-level threads that contain comments and mentions in the “social media”. Not much more than bulletin board systems did during the ’70s and ’80s. The visual representations, event the metadata, of these digitally stored conversations are limited to relatively short bursts of chaotic chatter in the realtime-adapted webservices. Not a very socially sustainable style of communication.

The two major players in the area of asocial media services in Europe and the US are Facebook and Twitter. Both fail to respect human conversation in their own particular way:

  • Facebook has a single-thread style conversation. A user initiates this with a post or link. This notation may be quite long and occasionally sparks an intense debate. However, any replies that are made are only linked to the original post.
    Should a thread get multiple conversation participants that reply on several invisible subthreads it doesn’t take long before it is too chaotic to follow. Even for a trained robot or human being.
  • Twitter conversations are built on reply-to notifications. An original tweet, limited to 140 characters, can often gain attention and be subject to discussions. Any replies to this post will be required to contain a multi-character mention (@username) of the user replying to, while still being subject to a character limit.
    Assuming, contrary to experience, that a 140 char-limit is enough the available characters are quickly reduced with conversation participant, effectively disorienting any third-party that tries to follow up.
    To make matters worse there’s not even a method of linking tweet follow-ups in metadata, which has caused some clients to add any “>>”-like signature to indicate humans to continue reading in the next tweet.

Compare it to mailing lists. Any mailing list or e-mail client can handle threads, replies, carbon-copies and even blind carbon copies since decades ago. That’s like space-age technology compared to the asocial media services’ scrapbooking kit which even lacks a proper glue.

Google+ also uses the single-thread style. There are of course also many other services out there, even some of which have learned from (or even incorporate) mailing lists. Usenet for example should reasonably be an early example of an open social media, lacking only a flashy front-end, a marketing department and better anti-spam measures to be successful.

WordPress is probably the best example of a social web media and sports appealing multi-threaded comments with proper computer-readable markup. However, WordPress currently lacks integrated federation. It’s more of a social oasis, where you park your camel and talk for a while before you head off to the next water hole. Besides, that structure is better used for the topic of a discussion rather than the place of a discussion.

So welcome OStatus, the federated social web protocol. Its main implementation, the software StatusNet (see it in action on identi.ca or freesocial.org), already does threading and proper in-context metadata. It has the backbone for cross-domain notifications and replying without clogging the post with the @-mentions. As opposed to WordPress, the social bit is integrated both up- and downstream so feeds you subscribe to get pushed into your timeline and from there you can post comments upstream and interact with replies.

The OStatus protocol is open and free for anyone to use, works across domain-names and gives you control over what you share, how your data flows and especially where it is stored. You’d never give up control of your “real” social life to someone else – so why give up the digital representation of it? OStatus is an easy solution to maintaining this control.

So if one wants a true social media service, I think it is important to choose one that is not only open and free as in speech but also compatible with how humans really interact with each others. A system that not only respects the user by keeping the user in control, but also something that understands our social interactions – where conversations are a very important part.

The social web is nothing but communication anyway, so why not make sense out of it and keep its context open, transparent and clear?

Konstiga krav på URs Programchef-kampanj

Nu är jag sådär jobbig igen och mailar till svenska, relativt publika företag som premierar amerikanskägda privata företag med en lång historia av privatlivsintrång och skamlig hantering av personuppgifter.

Det gäller denna gång Utbildningsradion, UR, som driver en Programchef-kampanj. Den välkomnande texten på sidan för kampanjen är:

Nu kan du göra ett av våra program till ditt! Det enda som krävs är ett Facebook- eller Twitterkonto. Börja med att söka upp ett program, utifrån ämnen som intresserar dig. (Eller låt oss leta åt dig – utifrån din Facebook-profil kan vi ge förslag på passande program.)

Kampanjen handlar om att hitta människor vars intressen passar särskilda program och därigenom kanske kan sprida kunskap om dess existens till nya människor runtom i Sverige. En mycket god idé och självklart intressant eftersom mer kunskap åt fler är en bra sak!

Jag blir dock mycket förvånad av att de _kräver_ att man har ett användarkonto hos antingen Facebook eller Twitter. Mig veterligen så är det endast c:a 50% av befolkningen i Sverige som ö.h.t. _har_ ett Facebook-konto (och betydligt färre med Twitter). Av de som sedan har ett konto på sidan är det långt ifrån alla som faktiskt _använder_ det. Alltså har man från URs sida effektivt begränsat sin spridning av kampanjen till mindre än halva befolkningen. Way to go.

Hej, jag tyckte Programchef-kampanjen verkade väldigt intressant. Dock har jag svårt för att bli kund/produkt hos ett privatägt amerikanskt företag som förbehåller sig rätten att sälja och vidareupplåta information om mig, mina vänner, mina vanor och mina intressen till tredjepart i reklamsyfte.

Så skulle det gå att “bli programchef” utan ovanstående grova intrång i privatlivet gjorda av företag som inte ens kontrolleras av svensk lagstiftning? Typ med OpenID eller en helt vanlig e-postadress.

En sak jag särskilt reagerar på med detta är att ni försöker nå ut till så många som möjligt (alla) med denna kampanj. Det är mig veterligen bara ungefär hälften av Sveriges befolkning som faktiskt _har_ ett Facebook-konto. Och av dessa är det långt ifrån alla som faktiskt använder det! Gällande Twitter är det ännu färre som nyttjar tjänsten.

OpenID och vanlig e-post är inte domändiskriminerande och kräver inte att man går med på något användaravtal hos något obskyrt utländskt bolag med mycket dubiösa karaktärer i styrelserna. Om det går att anpassa sidan för detta är det min övertygelse att man får ett större genomslag än med det exkluderande Facebook/Twitter-kravet.

OpenID är mycket snarlikt både Facebook-inloggning och Twitter-inloggning rent programmeringsmässigt. Den enda skillnaden är att OpenID inte bryr sig om vilken domän du kommer från. Du behöver alltså inte bli kund/produkt hos ett vinstdrivande företag utan kan upprätthålla dina privata data och din onlinepersonlighet helt inom din egen kontroll, eller förlägga det på någon du litar på.

Vidare får man även exempelvis OpenID-inloggning genom registrering på ex. de flesta StatusNet-instanser där ute, dvs ett federerat socialt nätverk där man kan kontrollera sin egen information utan att opålitliga typer som Mark Zuckerberg kan luska i ens privatliv – eller sälja vidare det till slumpade annonsföretag för en spottstyver. Leve Free & Social och leve OpenID!

Att leta buggar och grejer

Jag försöker som bekant utveckla och förbättra mjukvaran StatusNet i syfte att göra den mer lättanvänd, bättre integrerad med slutna tjänster (för att hjälpa migrering till öppna nätverk) och inte minst förbättra och förnya funktionalitet. Min slafsiga test-utveckling av Free & Social-instansen kan man följa på Gitorious för närvarande, i framtiden kommer jag även att publicera kod och projekt på GitHub.

Ett par utmaningar för min del är bl.a. att detta är den största mjukvaran jag arbetat med hittills, dvs flest rader av kod i projektet. Således tar det ett tag att sätta sig in allt. Dock känns det som att de senaste månaderna har inneburit stora steg för att förstå strukturen tillräckligt för att kunna modifiera kärnfunktionalitet i StatusNet.

Den största delen av min utveckling hittills, sedan jag sökte stöd för projektet i februari, har varit för pluginet “FacebookBridge” där min version för närvarande slurpar i sig det mest relevanta från anslutna användares “home timelines”. Inlägg, användarprofiler och bildbilagor importeras till större delen, men eftersom Facebook verkar ha sjuttielva olika TYPER av bilagor och liknande kommer det behövas mer arbete på den fronten.

Twitter finns det redan ett närmast komplett stöd, där har jag mest skrivit buggfixar så att användarupplevelsen är mer konsekvent samt att StatusNet 1.1.0 fortfarande har ett par buggar. Inte minst har jag snyggat till kod, men sådana patchar är svåra att få med i originalmjukvaran, varför jag egentligen borde fokusera mest på småfixar snarare än större omskrivningar.

Men så kommer man förstås till den stora problematiken med detta projekt, att dessa slutna användarsidor verkligen försöker stänga ute sådana projekt som StatusNet från att nyttja informationen. Jag tror det endast är en tidsfråga innan t.ex. Twitter stänger av sitt API för 3:e-partsklienter (om de inte betalar för sig) och dylikt.

Jag välkomnar varmt fler att testa StatusNet och försöka locka över användare till ett öppet och decentraliserat socialt nätverk. Dock kommer det framöver att behövas ett bättre lockningsrop, som även ickeprogrammerare kan uppskatta. Hur förklarar man bäst varför det är bra att kontrollera sin egen information och decentralisera infrastruktur? Inte ens majoriteten inom Piratpartiet och Ung Pirat förstår ju poängen och fortsätter gladeligen att bruka de enorma, slutna nätverken i direkt motsats till den politiska ideologin.

Internetfonden ger stipendie till StatusNet Sverige

Jag har tillsammans med Umeå Hackerspace gett mig in på att utveckla den fria mjukvaran StatusNet. Beskrivning av projektet finns hos Internetfonden. Ni kan även lyssna på ett radioinslag i P4 Västerbotten med mig pratandes om fritt flöde av information på nätet:


20120611 – P4 Västerbotten – Internetfonden stöder StatusNet Sverige

För att möjliggöra decentraliserad sociala media har OStatus-protokollet utvecklats och implementerats i AGPLv3-form genom mjukvaran StatusNet. Det är med detta i grunden som StatusNet Sverige vill bidra till en fri, decentraliserad communityplattform för att göra det användarvänligt, tilltalande och allra mest sömlöst att migrera.

Projektledaren ska i samarbete med Umeå Hackerspace buggrapportera, laga buggar, förbättra användarvänligheten i StatusNet samt skriva ny funktionalitet. Arbetet sker i en egenkontrollerad upplaga av StatusNet-källkoden, men aktiv kommunikation och syncning kommer att ske tillsammans med StatusNet Inc, ett litet utländskt företag som idag är de huvudsakligen drivande.

Målet är att 2013 ha en mjukvaruversion av StatusNet som dels har egen valbar funktionalitet motsvarar slutna communitys mest populära funktionaliteter samt att det även ska vara lätt att migrera till för nybörjare. En ännu djupare integration med andra communitys API:er ska också utvecklas, där StatusNet Sveriges mjukvara i praktiken går att använda som en klient mot de slutna sidorna samtidigt som man är en nod i ett decentraliserat globalt OStatus-community.

Om man vill börja experimentera och testa StatusNet kan jag rekommendera huvudutvecklarens egna instans identi.ca samt den jag driver med hjälp av Piratpartiet, Free & Social.

Vi kommer att hålla i hacknights hos Umeå Hackerspace där vi letar buggar, mekar och trixar för att skapa en bättre och mer lättanvänd mjukvara utifrån StatusNet med ny och förbättrad funktionalitet.

HTTPS sites going missing in the Internet Archive?

The Wayback Machine is a wonderful piece of technology. What it does is scrape sites on the internet and store the history of the publically available internet. It’s a very important task in this ever-changing environment.

However I’ve noticed just now – though I may just have been unlucky – that HTTPS sites, i.e. sites using SSL encryption, are not archived. I noticed this because I wanted to archive the site Free & Social – a StatusNet instance that the Swedish Pirate Party runs. So I posted a message on their forum, hoping to clarify whether this is a feature or a bug:

I’ve tried searching on the web and checking the FAQ, but I couldn’t seem to find an answer to why SSL sites don’t work with the Wayback Machine.

With more and more sites using https, everything from personal blogs to just about any site with a login, it would be a shame that the Internet Archive could not fetch these. Is there a technical difficulty that must be managed, or other reasoning behind this?

If I’m just mistaken and the https sites I’ve tried have malfunctioned for other reasons, I apologize. But from what I can see, a large (and growing) part of the internet is unfortunately not part of this mission as long as only HTTP connections get crawled.

I’m thinking maybe they don’t crawl SSL sites for some odd reason, like identity verification and so. Something like they can’t serve the site “properly” afterwards, or maybe arguing SSL sites are more secret. But I would argue that SSL sites are only SSL because cleartext transmissions are too easy to manipulate – the content is indistinguishable.

Making network infrastructure a higher priority

In the midst of the “calm” of media outlets regarding the North African revolutions, despite their ongoing civil war and immense revolutionary progress, I find an article about a Georgian woman now dubbed “the spade-hacker”.

“It was a 75-year-old woman who was digging for copper in the ground so that she could sell it for scrap,” said a spokesman for Georgia’s interior ministry said yesterday.

The Spade-Hacker, merely interested in finding scrap copper, accidentally cut off the internet infrastructure for internet services to the neighbouring country Armenia. Apparently 90% of the Armenian internet traffic is routed through Georgia.

The cable is owned by the Georgian railway network. It is heavily protected, but landslides or heavy rain may have exposed it to scavengers.

Not only do I find the fact that 90% of traffic is routed through a single fiber-optic trench highly unreliable. It also pops to mind that this cable very well might be damaged for just about any reason, meaning it should receive much more maintenance attention.

Given that Georgia is still under certain military and social pressure from Russia, all my reasoning regarding unreliable and unmaintained cables lead to the fact that should anyone want to cut communications – all you need is a spade. This of course emphasizes the risk of anyone with bad intentions to severely hurt a nation’s ability to reach out to the world. Adding the use of centralised, external services such as Twitter (as opposed to for example StatusNet), there are no easy, good – commonly used – ways to communicate within the country either.

Naturally there are other ways of communicating than by the internet. Hamradio has been suggested several times and tried by the Telecomix net activists to varying degrees of success. But as evidenced in the riots of Tunisia, Egypt, Libya, Bahrain, etc. etc. those aren’t the ways people are used to communicating with. Thus, to ensure democratic discussion among other things, the contemporary ways of communicating must be highly prioritized as important infrastructure.

Just like a highway, the internet backbone must be taken care of and developed. More users, higher bandwidth, requires better redundancy and better reliability in the core networks. Unlike the taken-for-granted highways however, we’re not driving trucks – but exchanging information. Some argue the latter to be more important in a healthy and modern nation.

Gunilla Carlsson, Sweden's minister for International Development Cooperation, has promised to support net activists - "the new fighters for democracy".

I don’t care if we solve it as a humanitarian or political dilemma, but supporting lesser developed nations with important communcation infrastructure is becoming a more and more important issue. Fortunately Sweden has uttered intentions (and decided?) on supplying assistance for “net activists”. Though of course we should not entirely trust Sweden, considering how the government is interested in not only eavesdropping on just about anyone’s communication but also tracking every single citizen and their communication habits. Even though lately a minority in the Swedish government managed to postpone the implementation of the EU data retention directive.

For more reading on Sweden’s idea of support for net activism, our minister for “International Development Cooperation” Gunilla Carlsson has written an article discussing the subject: Nätaktivister är nya demokratikämparna (“Net activists are the new fighters for democracy”). Piratpartiet has also been active in swarming up ideas for the assistance initiative.

Let’s hope something good out comes out of this, regardless of our lack of trust in politicians. We can, given the right planning and support, make it impossible to block communication in the near future. At least on a whole, using redundant infrastructure, various technologies and of course teaching as many as possible how to uphold what has been constructed. Which is only possible if what we build is free, open and standardised.