I knew you were a freeze peach activist

I've been thinking about this a lot lately! Site creation should be accessible to non-devs! And it also shouldn't be a chore to developers. Themes and widgets can be fun to make, but they take too much time. How can we make the browser be an output multiplier?

I've been poking at a themes concept and I think it's starting to work. https://twitter.com/pfrazee/status/1158112442632871936. It's a somewhat natural tool to introduce for site creation... Beaker borders on being Wordpress or Gatsby, shouldn't there be a theming system? So that's where I'm iterating right now.

I think the p2p web is about accessible creation. How can entire web applications be convenient for end-users to create? It's important to non-devs so they're empowered; it's important to devs so they can work on real things instead of the same stuff repeatdly; and it's important to decentralization because it moves us away from big cloud deployments that handle everything.

Hey really sorry to hear that ranger, goes out to you

Just the standard pain points around multi-device and collaboration. I figure WYSIWYG and GUI-based construction are a long-term goal that we hit when we're trying to expand the audience.

Been iterating a lot on ease-of-authoring lately (https://twitter.com/pfrazee/status/1155221334106017792). On top of convenient editor tooling, I'm really interested in composing the UI so that people can get a lot out of value from very little work.

One of the simplest tools for that could be a "theme" setting which injects css and js onto the page, grease-monkey style. You author unstyled html/markdown, pick a theme for your site or page, and you're set: the browser imports css & js from the theme dat. With web-components declaring new HTML tags, you'll even be able to get widgets imported from the themes. <paulstheme-recent-blogposts>, that sort of thing.

Sure --

I felt it was a real chance to build meaningful connections. The daytimes were familiar for dweb summits - lots of interesting sessions and talks and discussions. The camp fires at night were a cheerful setting for getting to know people. Having everybody in one space for the full weekend meant there were a lot more random chances for conversations, and usually those were my favorite; stuff like walking to & from my tent with Ben and DC while talking about mission, or an hour where I sat in the registration tent with Ross Schulman and the Archive interns and joked about total nonsense. I felt like I came away with new friendships, which is not something you get to say very often.

Sure thing, happy to

Tell us something unexpected that was awesome! Just how much fun it was.
Did you drink tea? What was the flavour? Coffee!!
Are you new to SSB, how do you find it so far? So is it about butts that scuttle? Or is it about the butts of scuttlers?
Did you discover some new project there that excited you? Tell us more! I think holochain is really interesting and it was great to hear more about it.
What made you laugh? laughed a lot with @zelf :upside_down_face: playing ultimate rock-paper-scissors was a total blast and very funny
How were the chilly summer evenings on the tents? I brought extra blankets, the worst part was I couldnt wear the blanket through the day (soooo chilly)
Was it your first time camping? Did you like it? First time since my family had the camping trip from hell when I was 12. But that's another story.

<3

I will!!! I think we're going to just need to start our own dweb gala, cowboy hats and boots mandatory (bc it'll be in texas yall)

Heyy it was awesome to see everybody at dweb camp

Looks like it's going to be a Rush night

Yeah we need to steal that in the dat world. Maybe apps can hook into the swarming system

Oh neat! Wish I could be there. I hope it goes great! Is there a tweet I can boost?

Hey all I'm back into the buttz

Not much to share atm. I'm working on some beaker specs and I recently wrote an article titled why bother with p2p when you still need to guarantee uptime.

IPFS's "nested URL" scheme was also a problem.

Beaker will get better.

Hey wow these docs are amazing! https://ssbc.github.io/scuttlebutt-protocol-guide/index.html Nice nice work, really impressed. Congrats to everyone involved. Tara and I are inspired for our own docs work coming up.

I love the hermies variation icon in the header too

@nanomonkey you could do that in jsonlz. Youd just name the schema the hash. Or you could put it as an added attribute on the vocab object ("hash" perhaps)

Yeah, I think when it comes to identifying schemas, the only universally reliable technique is to use duck-typing. That's your baseline. However if you can get apps to agree on some metadata schemas to self-describe, then you get a slightly simpler process. That's one of the things that JSON-LD does, but I don't think it's very ergonomic for JS devs, so now I'm trying this alternative JSON-LZ. (SSB does this with the type field too but I think layering on JSON-LZ could be helpful and would work well.)

For your usecase, it'd help to have all of those teams agree on a metadata to identify schemas, but if not you'll need to munge off of duck typing.

The one other thing I'm trying to do, other than making munging simpler and have a nicer metadata schema than JSON-LD, is create a tool for identifying when lack of full support would create errors. https://github.com/pfrazee/json-lz/blob/master/DESIGN.md#well-defined-fallback-behaviors

@bobhaugen Here's what I've got on the design question right now: https://github.com/pfrazee/json-lz/blob/master/DESIGN.md. The project I'm trying (that repo) may not work out but we'll see, WIP.

Still working on the "handling schemas from multiple sources" question. I found a really superb article about how to approach this question, and I'm using it for inspiration: Don't Make Me Think (About Linked Data)

When God wants to punish you he makes you listen to yourself in a podcast

I appreciate it @Chris ! Tara does too. I'm really excited to get into the docs again. I think we can make things even clearer than before.

Bad day for the crypto currency markets

@andrestaltz we're in agreement. My goal is to make development more fun and to only create solutions that devs are excited to use. This is my last post on that issue.

Actually it's not like schema features are apps. It's like they're APIs. A schema is like the API to a function call that happens when another app reads the file. (It's a very async call.)

Schema design is API design?

Awesome @Chris glad you had a good experience. We're hacking on 0.8 now and really excited to keep improving the DX and capabilities.

It's been interesting to revisit this! Everybody's making great observations.

Here are some my current takeaways:

• Fallback behavior. The most fallest backest is to show json. Showing nothing can cause chaos but not everybody wants to see json, so that's a tradeoff. Perhaps it's worth exploring some conventional fields for what to show when nothing works.
• Developer ergonomics. The DX is more important than "doing it right." Devs are going to do what they want. You can't force them to use something (like JSON-LD) so at best you can make sure the tools are good enough that they want to use it, and then make sure you tolerate chaos. (Robustness principle, also Worse is Better)
• No universals. Most of these decisions will end up being app-specific, and dominated by the apps in use.
• ...but Schema features are "app." I'm still thinking about a "requires feature" field, which devs could use to tell another client, "if you dont support this extension Im adding, please go to one of the fallback behaviors." Right now we have somebody in Rotonde trying to implement private-group posts, and they can't get Fritter not to show those posts on the feed. That's a similar problem to what we had in Patchwork when we rolled out channels. Rotonde needs a way to tell Fritter, "if you dont know what groups are, just dont render this please." And it'd be interesting for that to be configurable -- "please use the 'raw json' fallback if you dont support this."

So at this point, I'm talking to the ActivityStreams crowd (Mastadon and W3C Social WG) and theyre very hyped about their vocab and the potential for a compatible p2p world, so I'm trying to evaluate that.

I would be happy to change my tune, but I'd like to see an app where the killer feature is the schemas.

@dominic that's definitely the question here. Will these vocabs make devs happy (oh look at all the cool types I can use) or annoyed (how do I use this, ugh it doesnt do what I need). Tough call.

Consensus is a funny thing here because it's variable. There's definitely some minimum of agreement required for apps to interoperate, but that minimum depends on each app, and that's where the discussion gets complex. If we're going to enable decentralized development, we have to support experiments and extensions, and create predictable results for everybody involved. It's tough, maybe impossible to do perfectly, but that's where my idea of declaring dependencies of feature-support within the schema is rooted (the requires attribute). When you imagine JSON records as documents, then you can see a parallel to HTML pages and how they sometimes do feature-detection ... so there's kind-of/sort-of precedent.

JSON-LD (JLD) is a solution about specificity more than agreement -- how can we make sure our attributes don't collide? In a way that makes it super amenable to non-consensus, because it's enabling everybody to do their own thing safely.

My problem with JLD is usability. I haven't seen any JLD APIs that make me go "ah yes that's easy to work with" much less one that makes me say "ah yes that's fun!" And I only want to use fun APIs. If we can solve that, and we can also make publishing namespace documents fun, then I'm on board.

@reconbot content-addressable is an interesting idea but it's very ugly in the code

@andrestaltz that's such a tough call. I like being able to see the JSON but I think if devs could reliably predict, and therefore choose from, approaches that would cause their message to hide if not supported, they could make good enough decisions that a hidden message wouldn't be disasterous. In practice, I think devs will go out of their way to avoid totally hidden messages -- and will rely on generic attributes to make sure something can be rendered.

Yeah! Thankfully Tara and I are working full time.

We are looking for funding, and we definitely want folks to build apps, but only if they feel compelled to. It's still pretty hard work because we haven't put together really superb guides.

Our long term sustainability plan is to (eventually) scale up hashbase and also sell home servers with a hashbase stack bundled. Hashbase is self-deployable so we'd be selling convenient deployments for folks.

(For those who dont know, Hashbase is similar to SSB's pubs. It's a dat rehosting service that gives you reliable uptime and -- someday -- more disk space for backups, and perhaps more. https://hashbase.io)

How is the SSB world handling message-schema compatibility these days? How, for instance, would an app add a new feature to the post messages like channels (if it didnt already exist)?

We've begun to discuss this for the Fritter/Rotonde world. We've got a couple JSON-LD/ActivityPub stakeholders this time around, to make things interesting. https://github.com/beakerbrowser/beaker/issues/820

Heya @mix!

Lots of different priorities on the roadmap:

• Release Beaker 0.8. This should fix some usability that we feel the current release has. It's taken us a while to release for a couple reasons I'll explain below.
• Develope the applications stack. More on this below too.
• Revamp our docs so that hackers can figure everything out more quickly.
• Keep developing demo applications so that we can test the application stack. This is what Fritter is about. A few folks are using it and we don't know what the endgame is, but the main purpose is help us move the stack forward.
• Increment Hashbase's features a bit. Hashbase isn't our top priority, but two things we want to nail are custom domains and encouraging people to self-deploy.
• Brave Dat plugin.
• Switch Beaker from Electron to Muon to improve our sandboxing & security.
• Dat improvements. Improve the reliability of the Dat protocol (we've started work on integration tests) and roll out multi-writer support.

We spent the last 6 months figuring out what Beaker 0.8 should do. We kicked around a lot of ideas. At least 2 months went toward prototyping dead-ends but that taught us a lot about how to build apps on Dat. What we're releasing won't be a big surprise, but it'll hopefully be a much more refined experience than 0.7 is.

Our strategy is to make Beaker & Dat really enjoyable for hackers. We think a big opportunity is that Beaker/Dat can support 100% open-source Web apps with no devops. Eventually we want it so you can sit down at an app, open up the code, and just start hacking on it. We're looking at new approaches to Web security (like JS is disabled by default) and wondering whether more strict rules are actually liberating because we don't have to operate from the lowest common denominator of trust. And, we're beginning to look at compositional tools, including userland plugins, automatic loading of "viewer apps" when you visit Dat sites with no HTML, and ways to share user-profile Dats between apps in order to share datasets.

WebDB was a pretty solid step forward for the app stack. The internal fritter API, which should look a little familiar to SSB folk(!), was built on WebDB. Basically, WebDB is an indexer that uses indexeddb, so each app is currently building and syncing its own indexes. Works well for flexibility, but it's not very efficient with user's disk space. It'll do for now! Our next step for the stack is to make sure we wring as much value as possible out of Dat and the "pull only" architecture. Simultaneously, I've been exploring hosted crypto contracts (can we get trustless services without PoW?) and also reading up on federated systems like SOLID and ActivityPub.

So, that's about it.

So does that caveat just mean it does not define how it affects the state of the server's backend file system?

Correct. The spec tells server-developers about various aspects of PUT. In general, PUT should be idempotent. -- ...

Oh geez, I just realized I said "idempotency of GET" in that blogpost, but that's not right. GET isn't idempotent, it's uneffectful. PUT is idempotent. Oh boy that makes me look silly. I'll need to fix that. Back to the conversation.

... -- PUT should be idempotent, but the spec doesn't say whether the resource should be republished "as given" at the target URL, which is what a filesystem would do. Many services accept the content of the PUT and then affect a variety of changes to the service state, and that doesn't need to include republishing the content of the PUT at the target URL.

So is SOLID refining PUT?

They're creating specs for generic server behaviors.

SOLID's API is specced here: https://github.com/solid/solid-spec/blob/master/api-rest.md#creating-content. It's the same basic premise as WebDAV, a spec for server behaviors, just less ugly (hopefully) than WebDAV.

@bobhaugen The semantics of PUTs are fairly well-scoped but they fall short of being universally defined. Here's the rub:

HTTP/1.1 does not define how a PUT method affects the state of an origin server.

To give the universal "dumb storage" behavior, the PUT would need to be guaranteed to put the file to the given location. There were attempts to get that, eg with WebDAV as Joey says, but it didn't pan out.

It relates to Dat because Dat is a universal dumb Web filesystem like I want. Coincidentally, SOLID is doing that too, using HTTPS.

Whew I updated Patchwork and it's working again I had a period where things werent loading.

I would be interested to see whether alternative, domain-specific rendering engines could create better performance. I'm also curious what would happen with webasm + webgl renderers, but I'm pretty sure that's still going to be slow because both use untrusted code execution, so there's overhead of the protection mechanisms. I doubt you'll do faster than native HTML engines with untrusted code. Would love to be wrong.

We're trying an alternative web app model in Beaker with Dat (gif and related spec) and it's both more secure than the Web service model, and more user-friendly, since it shares the same character of SSB of putting all source on the user machine. I don't think it takes that much to save the Web, I think most of the ideas are already captured by the SSB world. Performance can be better, but the core toolset is a promiscuous application platform, and that's pretty good. Some p2p tech will fix her right up.

Just one observation to add: I have a theory that we can move ads from individual pieces of content to entire content channels, and that might make a difference for the mindset and the kind of content created.

I wrote a little more on twitter and threw in some crypto currency burns https://twitter.com/pfrazee/status/911654842162192384

pray for me folks.

(1 like = 1 pray)

@joshuavial one thing we tried really early on in Patchwork was user-created ads. We literally had ad-space that people you follow could fill. And then you saw who put the ad there. I put it in as a half-joke and took it out later, but now I kind of think it's a fun idea -- especially if end-users can opt out of individual ads, or mute people, or opt out of the ad space altogether. You could call it "Flyers" and use it both for paid placements or event just to tell your friends about something (like a party coming up)

@mix I agree, I think quality matters a whole lot. I have a natural aversion to the word "ad" because of what it's historically meant. We might need a new word. One version I am comfortable with is sponsorships / backers.

Ok I've got another thought about software & content econ and it involves blaming Google and Facebook so it should be fun.

Google and Facebook are aggregators. They commoditize content, but they don't pay for the content, which is kind of fucked up when you consider that they make all their money putting ads up in their aggregators for other people's content. I always figured Kim Dot Com was skeezy for doing that with Megauploads, and now Im not sure FB and Google are much better.

Why can't creators monetize their content on the Web? I dislike ads as much as the next person, but clearly ads are a meaningful revenue model, because Alphabet brought in $90bn in 2016, and Facebook brought in $27 bn. How fun for them.

Now suppose we found a way to send a little fire back at them. Suppose we succeed with the dweb. Because applications would become open source and user-modifiable, perhaps the aggregators themselves could become commoditized. This is hypothetical, but let's consider it:

Any ads you place, the users will just strip out. Or, there'd be so much competition at the aggregator level, that the ad-free options would beat the ad-based ones. So (in theory) there'd be no reliable way for the aggregators to place ads on content they don't own. Users now choose when they're going to allow ads.

What happens next? Well, the demand for advertising (by advertisers) never really goes away. So perhaps it'll focus on the other existing channels than the aggregators, like sponsorships (see: Open Collective, Patreon) or sponsored content (see: any content channel ever). Perhaps users find a palatable form of ads, so long as they come from people they follow. "Oh, this ad was from @andrestaltz and it was for fidget spinners, gross, unfollowing." (Just kidding andre, I love fidget spinners.)

So, if that were to happen, I suppose the content channels would become more important again. There'd no longer be an aggregator that can cheat the user by controlling content placement. If you want to get your marketing material out there, you have to find people that users who have willingly followed or subscribed. What are the odds that the ad money would start flowing back to content creators, then?

They say you can't sell software on the Web, but I wonder if things like Patreon and Open Collective are proving that wrong.

Oh I was actually thinking in terms of contract work on the Web (my day job) which tends to be marketing, content, and e-commerce sites for traditionally nontechnical companies. There's plenty of paying work there but it's a total bore. So my fantasy is that consumer -- or also business -- software would go into play for contract workers like me if they weren't dominated by single companies that control them from top to bottom.

Though I think the dream is to write code speculatively and get paid after. Implementing other people's ideas is always less fun.

Here’s a thought. If dweb works out and everything were open source and open architecture, maybe there’d be more paying work to write code for consumer apps, which are more fun to write anyway. New apps, and also patches or plugins to existing apps.

Eh sorry. I can't say what those are without digging in, and I've got too much on my plate already

An open network in the long run should actually have a better experience than centralized networks, because it leaves everybody free to contribute, so there can be more ideas implemented, and more usecases solved.

There's no niche idea too small for an open network.

Some (probably obvious) observations. At the protocol level, Dat and SSB share quite a lot. Dat and IPFS share quite a lot too. But SSB and IPFS share relatively little. (Somebody should make that venn diagram.)

If SSB were to adopt a singleton discovery network then the most significant difference from Dat would be the focus on the log vs files. SSB focuses on the log, while Dat focuses on the files. Dat's internal log can be used by itself, but that's not the "primary" pattern. Likewise, SSB supports blobs.

The current patterns for consuming application data is

• for SSB: https://github.com/flumedb/flumedb
• for Dat: https://github.com/beakerbrowser/injestdb

We're deploying injest inside of beaker now, and that's led to this module, https://github.com/beakerbrowser/beaker-profiles-api, which isn't very well documented yet (sorry) but should look pretty familiar to anybody in the SSB world.

I havn't been able to find out if you share something using dat by sending the secret link over a different channel, say email, does that make make the secret public or not.

If you possess the dat URL, you can read its content. Otherwise, the content is hidden from you (on the network). It is similar to an unlisted gist, or a google docs share link, but without a third-party.

And if not, how does it work, given its a DHT?

Dat hides the identifying content from the discovery network. Instead of polling for the link, it polls for a hash of the link. Then, the actual transfer is encrypted to keep it secret.

I'll put together a design doc when I get back to VMS again. I'm going to let it sit a bit while I ship the next version of beaker.

@andrestaltz oh I didnt read about fair-analytics clearly enough. I still think my point 1 holds. VMS's mainly for stopping people from lying about data state.

@andrestaltz That's an interesting idea though 1) analytics has a lot of writes and this adds overhead to those writes, and 2) we can't audit against where data is sent

@dominic Yeah it's a straightforward use of a crypto log. https://github.com/pfrazee/libvms/blob/master/lib/vm.js#L120 Basically we just log all the calls in a dat hypercore (log). Then that log gets replicated out to an auditor and should be hard to lie about as a result. The other magic is replaying the log in a local VM to make sure the script code is actually being run.

Another element, not yet implemented-- I want to have the RPC calls be signed by an EC keypair, and then use the pubkey as the ID. Need a crypto guru to help me get that right, though. Something something replay attacks.

Needs a padlock with green tick logo ;) or what about a weird variant like a lock that is also a smily, or lock wearing sunglasses?

I like it. The user DB idea is pretty interesting too.

I put together a site for nodevms: https://nodevms.com/

NodeVMS is a server which provides external auditability of its state and behaviors using secure ledgers.

# Run auditable services
$ nodevms exec ./backend-script.js

# Run commands on a remote service
$ nodevms repl localhost:5555

# Audit the state and history of a service
$ nodevms verify localhost:5555

VMS uses Dat’s secure ledger and files distribution to publish transactions and service state in a public, unforgeable format. Clients can then download, replay, audit, and compare the state of the service to ensure the declared code is being executed correctly.

Check out keyserver.js. It's just 100 lines!

New project: https://github.com/beakerbrowser/injestdb
Accompanying tweet storm: https://twitter.com/pfrazee/status/892442105964113921

Is a database abstraction on top of dat, for beaker apps. Similar raison d'etre as flumedb, but a more rigid execution

Oh awesome, let them know I'm happy to help in any way

@win.mix no my MIVM proposal is server software, whereas brickhouse was clientside. (The brickhouse ideas, for me, led to beaker.)

@andrestaltz correct

The bot could be some non-human ssb account (pub maybe) that publishes messages based on some rules, in reaction (or not) to other ssb messages. The bot's state is a big array reduce of its log.

@andrestaltz that's fairly accurate. I'd like to have live endpoints so that I can get transactional acks.

For use cases like an airbnb, it's still kind of centralized (around the airbnb-bot owner), with the added benefit that anyone can copy (fork) the entire log of that bot and continue from there onwards.

The two centralizers would be the contract owner and the host VM. To deal with the former, you could "disown" a contract by reducing your permissions as the owner. I'm not sure whether the latter has much impact other than who is responsible for contract uptime.

I find it hard to see how would this be different or better than just deducing state client-side ... how is that better than Alice simply running reduce on all state transitions that she and Bob committed? In other words, what value is a Host providing if peers already have verifiable logs?

The value is in providing strict consensus at a live endpoint, without sacrificing auditability or user-authority (via signing keys). Strict consensus makes transactional guarantees possible, as well as broader constraints on state. For instance: with SC you can enforce a uniqueness constraint on something like a primary key.

Client-only can't provide strict consensus past a certain scale; to do it at small scale, they could use leader election. Arguably the blockchains cant scale either, thus this proposal.

There is a ton we can do without strict consensus (obviously!) so with this I'm just exploring, you know, could we get all the toys we want?

Wrote up an idea this morning for running smart contracts on node, using verifiable logs (Dat or SSB would work) instead of blockchains with PoW. https://gist.github.com/pfrazee/bf13db9dea21936af320c512811c2a2b

My profile still works!

nice

https://www.thunderclap.it that's kind of clever/fun

Oh man, sorry for being so AWOL everybody. I've been heads-down on Beaker like crazy.

I just got a chance to see https://git-ssb.celehner.com/. That is super cool @cel

@dominic ok I'll bump that priority, then

Patchwork is still getting love from @cel and others. I felt like Patchwork was stable enough, and I was ready to focus on platform and tooling. At some point, Patchwork may get a port to Beaker, once there's an SSB protocol plugin.

First version of Beaker Browser is out

video
blog post
repo

@cryptix not yet. I need a document-distribution protocol first. Dat's a better fit for that

@substack great, Im going to use this in beaker for the dat protocol

probably the standard js one, would work

Specifically, self driving cars that you paid for with bitcoin. Presumably, once a car had saved enough bitcoin, it would purchase another car, i.e. have a baby.

@dominic that is one of the most interesting ideas I've heard in a while

To address the devaluation of labor by globalization and robotics, we need a strong downward pressure on cost-of-living (housing, food, higher education, and medicine).

I'd be interested to know how inefficient the housing market is; if you provided perfect supply and reduced the costs of housing down to maintenance, labor, and materials, what would rent / ownership cost?

(Mondays in my time.)

Also, the 29th with be a meetup for me

A: That time works
B: Cant do mondays

@mixmix @cel the dmg for 2.8.4 is uploaded

maybe you could make a DHT out of trusted peers

That seems promising to me

for me

Wed/Thurs ?

same. if tuesday is no good (this week or all weeks) let us know

that sounds good to me

beaker can now load dat sites with dns entries. Do a dig on the url's txt record to see what's up:

I'll hit that real quick

ok when would yall like to meet? I can generally do the same time, different day, on any day

@dominic I can't verify if his claims are true, but really I see this helping with pairing devices on a lan

Shiiiit guys, I joined a city sports league that plays on monday nights. I flaked on having us reschedule these calls.

Terrible timing, bc there's lots to share. If I get back during the call today, I'll join. Otherwise, maybe we can do a second call in the week?

oh bummer, yeah

@dominic hey have you ever heard of PAKE algorithms? https://github.com/warner/magic-wormhole

The wormhole tool uses PAKE "Password-Authenticated Key Exchange", a family of cryptographic algorithms that uses a short low-entropy password to establish a strong high-entropy shared key.

His slides link, at the top, gives a fast explanation. If this is right, would be great for pairing devices on LANs, or sharing links on conf slides. (Any time you need to dictate a key visually/orally.)

good

sounds godo

same!

Brave's code is unbelievably bloated
I've been working on https://github.com/pfraze/beaker lately

I dig the ui. Reminds me of old xerox stuff

Sorry this is late, I was out of town and without wifi for the wekend.

Regular meeting 8pm/9pm monday, 1pm tuesday

@dominic @mixmix @cel

Actually we're pretty global, but all are free to join. We use Mumble, at celehner.com:64738

actually, some of the webkit vendor prefixes are in the html5 specs now

Regular meeting 8pm/9pm monday, 1pm tuesday

@dominic @mixmix @cel

yep

It's pretty slow

Event hooks, as in the normal event pattern, and core APIs, as in Atom/WP/etc give an API for manipulating the environment, which can include interacting with plugins.

I don't want to rain on your parade, but you did ask for feedback!

yeah all of alan kays talks are good watching

A flattering mistake

it composes well, but it's a leap to get into, and I can imagine it getting super hairy

That's my take on it also. I wouldnt want a learning curve for the patterns of a plugin system. I'd just want well-documented and predictable APIs.

debian is 2.8.1, which is latest

You may be seeing the leftnav items expanded for the first time

I dont like the idea of using dependency injection, decorators, or code-composition to do plugins. The plugin systems that I have seen work (WordPress, Atom) use event hooks and core engine APIs, which are direct and obvious. Clever isnt good for software ecosystems.

Regular meeting tomorrow, 8pm/9pm monday, 1pm tuesday

@dominic @mixmix

@cel already said he cant make it, but if he can, great!

I see both

you cant be for and against standards at the same time

I was thinking like application/x-sha256 but now I'm seeing x- is deprecated. You might just use text/plain. If there's not already a hash mimetype, it may be because hashes arent considered the right thing for a mimetype. AFAIK mimetypes typically deal with the structure/format of the data, so that it can be correctly parsed, but it does not set the internal meaning. But shrug could be wrong

I just googled and didnt find anything. If it's not a standardized mimetype then you can use the extension format

I think I've seen one around, but I dont recall where.

Not my favorite but I guess I'm ok with it.

I might actually prefer having a list of config options that get sucked out of the params, if present. So if you use --port that is always considered config.

That's all so ugly

@cryptix some code is factored out, but it'll take more work than I can offer right now. Somebody else would need to champion porthole

:\ issue filed

thanks for the report... we've been getting these lately during json stringify, but this is slightly different

Regular call tomorrow, 8pm/9pm monday, 1pm tuesday

@dominic @mixmix @cel

Update your deps, this should have been fixed in patchkit-post-composer 1.0.2

Authentication (from Greek: αὐθεντικός authentikos, "real, genuine", from αὐθέντης authentes, "author")

http://infinit.sh/ looks pretty cool

ditto, ansuz

Very jealous, I'd love to do that

Yeah this has been happening. It looks like it's from objects that are too large to stringify

@dominic I'll try to be home around the same time we usually do our monday/tuesday calls. I might be earlier. I'll just idle in mumble

How do you see the intros working? Manual contact-sharing could be tedious. I feel like, part of the motivation for a public web-of-trust is to accomplish contact-sharing in an automated way.

for an unsolicited message, we could have something that works somewhat like an invite code

Capabilities are still fairly manual. Again my thinking is, what good is a WoT if it cant be used to automate things like intros? I'm imagining seeing the profile for your target recipient, with lots of collected proofs, and then saying "well now what?"

why would someone want to be a gate-keeper? what is their motivation?

I see this making sense as part of a mailing list or user group. The admins would be motivated to maintain a good community. A coincidental function of the list/group would then be as gatekeeper for introducing the members to each other.

Thinking through some options. Let's say we implement a pub api for accepting "friend" requests, or any kind of unsolicited push-message. How do we prevent spam?

The equivalent to present-day patchwork would be to look for a foaf connection; if the sender is a friend of a friend of the recipient, that's allowed.

Another solution would be to look for a minimum number of identity proofs for the sender from the pub's network. That's basically what Facebook did when it required a .edu email. It sets a higher barrier. If you also publish for flags for spam behavior, you can stop bad actors pretty quickly.

Another idea, you might appoint "gate-keepers." This is similar to foaf. A user could declare some specific user(s) to be their gate-keeper, and you have to get approval from the keeper to be whitelisted. The idea would be for communities to publicly share gate-keepers, so that somebody entering into a social circle can get approval.

And, there's also the gmail solution, to apply graph analysis on a whole bunch of aggregated signals, which... let's assume is too computationally expensive for wide deployment.

A combination of foaf and gatekeeping seems interesting to me, though Im not sure how foaf works without follows being published. (maybe some other signal.) Gatekeeping might be integrated into discussion groups. That way there's a sort of social-setting within which somebody can get an intro, and there's also a social group that holds bad behavior accountable.

There's probably an easier solution than creating virtual IPs. Write a proxy app to sit on port 80, and have it forward based on the hostname used, and add /etc/host entries for each app.

(Without the virtual IP -- if you run on localhost -- then you end up needing the port, because you cant use port 80 more than once. So, without vagrant, on just localhost, it would be "dev.msdf.org:12345".)

I just noticed that vagrant (Im guessing via virtualbox) is able to allocate virtual IP addresses, and then update your hosts file, so that you can get web apps at custom domains, without having to stick on the port. For instance, "dev.msdf.org" is my current client's URL, and that just maps to the vagrant instance...

which makes me wonder... if this could be used to have localhost web apps without putting a port in there?

@dominic so here's the question that Im on right now --

I like the idea of not publishing follows. But, if we do that, what's the process for getting two people in contact with each other?

We can create invite codes with special caps to do twoway follows, like we discussed on the call, but that means that you have to invite each contact manually. A user-directory, in that case, isn't fully useful. I can find your contact info there, but I still need a sidechannel to contact you and ask for the invite.

The way patchwork does now, with follows published, and FoaFs replicated, there's an implicit introduction-by-foaf protocol. You see when youve been followed, and then can follow back.

Im wondering if we could do a protocol for unsolicited "friend" requests that let's you contact the user's pub and leave your contact info.

ev, sometimes that happens from old node modules. Try nuking the npm_modules in patchwork and doing a fresh npm install

geez

@mixmix we missed you!

Here's what we discussed:

Focusing on the security properties of SSB and the Web of Trust.

• Private follows: it's not always desirable to broadcast your contact list. And, follows are a relatively weak identity proof. We're going to investigate a system that keeps follows private.
• Unrevealing replication: related to that, dominic has a scheme for replication which doesnt reveal who you asked for unless the receiving peer has the feed you requested
• Identity proofs/verifications: instead of follows, we can create stronger identity proofs which mainly revolve around transmitting the proofs through other mediums (email, twitter, chat).
• User invites: a code you can send to somebody that lets them follow you, and you follow them, in one go. Bonus: it can be used to create an identity proof for the new user.
• Merge userland plugins pr
• Merge ssb-blobs pr
• Code for local onboarding: we can use a easy-to-speak code on LANs to add contacts via wifi.
• Pub "application": it may be time to factor out some of the automated behaviors in scuttlebot into a pub app, because the end-user device behaviors are going to start to diverge.

Dominic and I are going to be doing some work on the Web of Trust and general onboarding for ssbmail. I bought tickets to the Decentralized Web Conf, and hopefully dominic and cel will get tickets too. We're going to try to prep the ssbmail app for that conference.

Often having stack exhaustion is from runaway recursion, but this is occurring inside of json stringify, and there's not a recursive pattern in the stack.

I think this could actually be because the object is too large

No, just that patchwork doesnt have any utility for it

Nah it doesnt affect visibility. It's just for the warm fuzzies

That's an interesting perspective, yeah. Im curious, all things equal, would you take away the dig button and go totally number free?

Weekly call tomorrow, 8pm/9pm monday, 1pm tuesday

cc @dominic @mixmix @cel

I agree. Im experimenting with some changes, that I'll show in a bit

are you retiring the laptop that formerly controlled this account?

If so, just copy the entire ~/.ssb folder, and then rename the folder (on the old machine) to ensure you dont accidentally reuse it

The keys are ordered. If you put(1,'foo'), put(2,'baz'), put(3,'bar'), and do a readStream on the db, you'll get 'foo', 'baz', 'bar' out

Nah it's cool!

ok

yeah. Probably shouldnt

Is everybody good for a meeting tomorrow, 8pm/9pm monday, 1pm tuesday?

cc @dominic @mixmix @cel

They're talking about scaling up the database by spreading it across a bunch of machines. We haven't done any work on that, since the project scope (atm) is to run on user devices.

If you wanted to do this, I'd suggest feeding data from the ssb logs into another distributed database.

Our approach is based on a guaranteed wait time provided through the TEE.

Another function, say “CheckTimer” verifies that the timer was created by the TEE and, if it has expired, creates an attestation that can be used to verify that validator did, in fact, wait the allotted time before claiming the leadership role.

They dont explain what their algorithm is, other than calling it "proof of processor,” and sort of hinting that it's less costly than proof-of-work. Googling that gives nothing. Is it possible they just added some dedicated hardware for hash-mining to their chip?

@dust @mixmix I agree with both of you, and @dust I agree about needing enclosed spaces. I forked patchwork into https://github.com/pfraze/mx (dont try to run it yet). I want to see what a default-private/default-small mindset does for us.

It turned out to be the damping factor's addition needed the /4, which is why, if damping was 1, there'd be no problem. Updated:

for (var k in PR) {
  PR[k] = (1-d)/4 + (d*calc(k))
}

Without the /4, I tried different d values and, after 1000 iterations, checked what they added up to. It was interesting:

• d=0.9, total=4
• d=0.99, total=3.99987
• d=0.999, total=2.89691
• d=0.9999, total=1.28550

But then, with d=0.9999, I did 1000000 iterations, and got 3.999999999999475

@dominic hey, what's wrong with my mini pagerank script? If I set d=1, then the result comes out with all ranks adding up to 1. But, when d=.85, the ranks add up to 4ish.

I'd expect them to add up to 1, since the rank is meant to be a probability distribution

no but he left some people inkapacitated

Yeah, not worth a new version (yet)

Great! Would love to talk with them.

Modularization is mostly . I'm now seeing what it's like to use the components in other projects. Some of them are easy to reuse, some arent, but we're definitely in the right direction.

Current installer: https://github.com/ssbc/patchwork-electron/releases/tag/v2.7.0

Unfortunately no

great summarized history and criticism of RPC https://christophermeiklejohn.com/pl/2016/04/12/rpc.html cc @dominic

@mixmix @dominic yall need to get your octopi under control over there

yeah, when you get >60 messages it can get up to the 3 second range

Yeah Ive been noticing some performance hitches. The long conversations have always been slow to load. Everything else is temperamental.

@dominic the profit-obligation is emergent, not regulatory. Fiduciary duty only requires that you protect somebody else's interests. It's designed to keep the executives from funneling assets out of the company.

Profit-maximization happens because people want to be a winner, and shareholders doubly so. Shareholders drive executive behavior either through direct structural action or by manipulating stock value. In public companies, the ownership is purely market-driven, and so you get an especially indifferent and greedy mob pushing the executives.

IMO a privately-held company has fewer people to convince of do-goodery, and, because of the more static political structure, is more likely to do long-term thinking. The best-case scenario is not to create emergent good, but to minimize emergent evil. But, having done so, you'll be left trusting individuals to make good choices.

Sorry man. Not really sure what else we couldve done there

Yes, I agree it should be private

sure

@0xxff yeah, we're looking at making Patchwork a plugin to Scuttlebot, and then sbot's the thing you install. Projects that arent sbot plugins, that depend on it, will need to ask users to install sbot as a setup step. Then, they'll RPC to it like a typical DB

dont worry, we'll add compaction to the protocol someday!

We're on it, elsehow. I'm going to bump it into the next sprint (which starts tomorrow).

sunday funday https://www.youtube.com/watch?v=7fugVGRFqe0

Regular meeting, 8pm/9pm monday, 1pm tuesday

cc @dominic @mixmix @cel

Hah probably not very

all of the ssbc.github.io docs are going to be taken down

I can factor out mentions

I always liked this story because it felt so distinctly of its time. I'm not sure if it's true, but they did often joke about how the dog would get lose, and my great-grandfather would have to walk around the neighborhood yelling "Damnit."

My grandmother used to tell us this story about her pet dog.

One day, after a lot of begging, my great-grandmother took my grandmother to a shelter, and they brought home a chocolate lab. This would be nice, except they forgot to consult my great-grandfather first.

When he came home and saw it (so the story goes) he yelled "Damnit, another dog."

And that's how Damnit, the dog, was named.

I think I'd like to be there for that, actually

Combined with a bad code assumption. Issue filed: https://github.com/ssbc/patchwork/issues/364

Ok. No special log, no.

@null_radix you sound like an austinite

Welcome to the community!

Ouch, sorry.

Yeah please do open an issue. Maybe we have some resource (a file, a socket) that's not getting closed.

Just to check: are you sure Patchwork was fully closed, and not just in the background? It's supposed to follow the OSX pattern where the backend can stay active, even if there are no windows open.

time for that patchwork pivot

hex sticker of the month club

well then!

Not that organization couldnt be improved, but I do explain this in detail at https://github.com/pfraze/ssb-kvdb#reserved-keys, immediately after the Namespaces section.

To be honest, I don't think this is a very good design because it creates edgecases

I've got mixed feelings about it as well. (Do a ctrl+f for "dissent welcome" to see the decisions that I'm -ish about; this is one of them.)

If we do want to abandon the legacy pattern, that would get rid of this. User profiles probably wouldn't be able to use kvdb directly until some time has passed, but that's ok.

Saboteur // RJD2

Nah I dont think there's a tool that could hit that. JS' lack of explicit types make it hard to do the static analysis that could catch a bad method-call, like in this bug.

AFAIK the only thing that works is runtime analysis -- aka run the code, and stack dump when you hit the error -- aka test suites with coverage metrics.

(scroll past the namespace section, there's some new stuff after it)

@dominic ok I expanded a lot on the messages and other details: https://github.com/pfraze/ssb-kvdb#relation-to-ssb-messages

There are a couple spots I put "dissent welcome" because it is

How screwed up is it, that typos crash computers.

@keks I do think sbot userland plugins will trivialize this

The only real difference between IPFS blobs and SSB blobs is that Scuttlebot automatically downloads SSB blobs, and it doesnt do that for IPFS.

But that's just 8 lines of logic in the blobs plugin

So an ssb-ipfs-blobs plugin would be simple to write, and it could follow the same logic, or do something more refined.

It gets a little more complex if we want to unify blob-lookup behind one API. If we want sbot.blobs.get to support many protocols, then we'll just need a way for plugins to register their schemes.

yeah, that's why I really think a custom cli app (that gets more attention) would be a good idea

Updated @slip.space

I think this is premature. Being mindful of non-english speakers is important, but we have a lot of important TODOs. Unless there's a community that's dying for a translation right now, I wouldn't prioritize this.

It's just a matter of integration. Any other protocol we support has to have that software installed. If you dont have that software, you cant get that blob. And, each software stack takes resources. I'd rather use @mafintosh's file-syncing stack (hyperdrive / dat) because it's more modular and tries to solve fewer problems -- so it has less overlap with SSB.

Yeah it's because our CLI notation doesn't support the parameters of private.publish. I dont think stdin would solve it, either.

We could create an alternate parameter signature that works better with the cli. Such as:

private.publish({ recps: [...], msg: { ... })

so then you could do

sbot private.publish --recps.0 @asdf --recps.1 @fdsa --msg.type post --msg.text hi!

If I understood it correctly, then there's a typo above in getting of todos

No not quite. In the example you copied, the todoList object is not a message, it's a KV "document" object. That's an abstraction over ssb messages. The messages are combined to create the KV documents.

when can I install this?

There's no code written yet, but I'll let you know

I'm wondering if this is accessible enough to be the first database that we teach students

You could, though this is pretty experimental tech to give beginners. PouchDB might be safer.

do you think you could fake relational database type behaviour with namespacing?

Maybe someday!

Looks like @dominic finally smashed that read.abort bug.

It's really an aphorism about planning, not a statement of purpose.

An interesting anecdote about logistics --
Napoleon's defeat in Russia was logistical. France typically would support its army by looting food as it moved. During the invasion, Russia responded to this by burning down their own crops and cities before the French arrived. It was extremely effective. By the time France made a final push to Moscow, they were losing 6000 men a day to starvation and disease. When they reached Moscow, Russia burned it down too, and regrouped outside of its limits. France realized it couldn't defend the position, and had to retreat on the same path it came from: the path without food. By the end of the campaign, the French had lost 480,000 of their initial 500k in the Grand Armee. That's 48 for every 50 men, most without firing a shot.

Anyway, there's no reason I brought up the phrase, I just came across it and liked it

is this always about a link? or can the key be anything?

Anything

I see the namespace name is also the key of the key? type: 'about', about: link?

Yes.

Does this create the same patterns that patchwork messages use?

Yes, the same pattern that type: about and contact use. It'll be backward compatable with them.

I think I'd like to see a spec/schema for the sort of messages it creates, higher in the readme.

I could add more detail

Old military saying: Strategy Is For Amateurs. Logistics Are For Professionals

that visual

pagerank simulated this, calculating the probability that if you'd land on a given page if you spent your life just randomly clicking on links. I think the key here is that pagerank is based on a model of what humans already do, it just makes it faster.

I do like that line of thinking. It's very intuitive, for a ranking algorithm

@dominic some of the graph analysis papers mention "voting rings" which corrupt the reputation analysis. Some of them, including Advogato, used a seed-set to detect the rings. (The seed set is N pre-trusted participants.) The amount of trust you can get diminishes with your distance from the seed.

PageRank never mentions it, but, in practice, Google tweaks the rankings by hand. It's effectively the same action as a seed set. They'll exclude malware sites, and boost reputable institutions' sites.

In Advogato and Google, you're actually seeing a social trust-graph, that flows outward from the dataset's owners.

Yeah it's really just there to give new people something to click on

Made updates to the kvdb readme. Feedback welcome. cc @cel @dominic

Tis a good question. I'm falling back more on channel watching, so that my inbox is the only place I have to go, and then I'll just casually check the activity feed.

Muting will be a good idea. Groups will be a good idea.

Ok will check into it

@dust has it. Patchwork is our prototype. We're breaking it up into tools next

Oh, sorry about that mix!

We did meet. Mostly a quick checkin on what we're working on already. No changes

@noffle ok, is it the node thread that's up, or the browser thread?

Yeah and I think this is an area that a rich application-space/userland ought to conquer, and a shared data-network will cause something complex but appropriate to emerge. That's rather than trying to develop a unified model from the top down, which I think tends to result in something overly simplistic or abstract.

I've got some fixes for that in master. I'll publish a patch update soon.

Wow and woah.

You might find this paper interesting, this is what I pulled from it in my writeup:

First, they isolate trust into domains, following the intuition that an agent may be an expert in one field, but not in another. Then, in section 2.4.2, they define 2 categories of trust, and subdivide them into 5 types.

The categories are

• Referral trust: "reflects an agent's estimation about the quality of the other agents' knowledge"
• Associative trust: "reflects the similarity between two agents"

The subdivisions are as follows:

• Domain Expert Trust (DET) is referral trust that evaluates the quality of an agent's domain knowledge. Intuitively, DET is not transitive, but DET may imply RET (see next item) on the same domain.
• Recommendation Expert Trust (RET) is referral trust that evaluates an agent's trust knowledge. In real world, the domain used in RET is often much wider than DET, e.g. CNN is a domain expert only in news area, while Google.com is a recommendation expert in almost any area. Moreover, RET in transitive according to its definition, so it can be used to propagate both DET and RET.
• Similar belief trust (SBT) is an associative trust that evaluates the similarity of two agents' domain knowledge. Intuitively, SBT clusters information providers, and it can be used to propagate DET.
• Similar trusting trust (STT) is an associative trust that evaluates the similarity of two agents' trust knowledge. Intuitively, STT clusters trustors (agents who maintain trust knowledge), and it can be used to propagate both DET and RET. Computing STT needs trust knowledge from only two agents.
• Similar cited trust (SCT) is an associative trust that evaluates the similarity of how two agents are trusted. Intuitively, STT clusters trustees (agents who are trusted) by their reputation, and it can be used to propagate both DET and RET. Reliable SCT requires trust knowledge from a large population of agents.

Not currently, but we'll need it/something-like-it when we add more connectivity feedback back into patchwork. Stuff like, "are you connected to pubs"

Yeah, it has a regular poll against the peers table

Yep, can improve

I'm not

Yeah we can move it back an hour, but I dont think that you have the times right for cel and I. It should be 8pm/9pm Monday, 1pm Tuesday, if we do a bump.

PS just so everybody's synced up on this, here are the things we're working on ATM --

• @dominic is working on gossip and blob protocol improvements.
• @cel is building git-ssb and may be able to put some work into user invites.
• I'm factoring out patchkit; the goal there is to make new SSB apps easier to dev, and make changing Patchwork easier (by outsiders and insiders).
• We're working on making scuttlebot plugins installable which will open up big opportunities to make sbot easier to work with.

The meta right now is to make the tools more usable, which right now it's still a bit too hard to use. I'm optimistic about the sbot plugins.

cc @mixmix @dominic @cel

Regular meeting, 7pm/8pm Monday, 12pm Tuesday?

Not yet, right now, I'm just modularizing what's already there

Patchkit's at 20 modules and counting. Probably another 30 to go. Slow and steady wins the race. It's going to be the best f*king UI kit ever.

that's sort of a privileged argument to make, don't you think? are you implying that people here...aren't people? can't keep their commitments? can't be trusted?

That's a bit much. The Internet is full of bots and jerks.

the problem with this is that you end up back at content policing

That's the point, we do want content policing. If somebody dumps CP or snuff films on this network, I want it policed, and fast. If somebody else actually does want that content, that's on them, but I want it out of my network, and off any device I control.

with ssb you can choose what network you're part of

That's what moderation is! It's just the negative form, instead of positive.

Oh brother, thanks a lot markdown. That shouldn't be a numbered list, in my response to "how many hops." It should say: 3. I thought it was 2...

How many hops from my follows do I replicate by default?

1. I thought it was 2 (friends, foafs) but then I checked the code recently, and it's actually 3!

Perhaps the answer to this is a more cautious replication policy.

Could be. Some thoughts about this:

• Sbot doesnt have any "on-demand syncing" of the network. By that I mean, you only see data that you've previously downloaded, when using Sbot apps like Patchwork. If you come to a profile and get a 404, there's no mechanism to ask your peers for it yet. IMO that will change in the future, and changing that could mean, we can optimistically download less.
• Expanding the follow graph, as we do now, may be too unpredictable of a policy. We're sort of testing it out. There are other possible optimistic-download policies. For instance, communities/groups/user-lists which you follow.

Worthy read: A survey of trust in computer science and the Semantic Web.
My summary: https://github.com/ssbc/docs/blob/master/articles/using-trust-in-open-networks.md

For the purpose of writing software, I think it's useful to just assert:

• "Trust" is a decision to use information, without certainty of its correctness.
• "Reputation" is an attempt to measure many actors' trust in something.

Because that allows us to make these generalizations:

• Trust is a one-to-one relationship
• Reputation is an aggregate of Trust

Which then applies well to graphs:

• Trust is a policy that individuals set on sources-of-information. These policies, or signals which reveal underlying policies, form edges on a graph. The edges are trust-relationships, and the nodes are actors/sources-of-info.
• Reputation is measured by analysis of the trust graph. (PageRank, Eigentrust)

@noffle just to be sure, did your npm deps get updated? (How did you install?)

What @mixmix said ^

Enzyme is probably usable if you give it some time, but I I found it frustrating to figure out the API, and I used it with Karma, which ran terribly slow. So, having a frustrating experience figuring out the API along with a really bad turnaround to test my exploration... made for a bad combo.

@null_radix yeah but sometimes you want to have the benefit of someone else's moderation. In groups, maybe, with appointed moderators.

alien

Moderation

Looking for input on how we want moderation to work in Patchwork. Should a flagged message be hidden? Should it be collapsed and hidden behind, "Flagged by XXX"? Should flags only be respected if by someone you follow?

In addition to message flags, what other controls would you expect/prefer to have?

cheers

I use a macbook air, and I just like the iphone more

You've caught the rusties ;)

It's a weird issue. I'll get messages from him, in bursts. I think, to debug, I need to stick a bunch of console.logs into my software.

@null_radix it's %n0RTEN0...

I can't read what @null_radix is replying to, but I suspect the message is about that fact!

That's a bug that's actually being revealed now, by your account. You're followed by people that I follow. The system is setup so that I should be downloading your messages. We're not sure yet, why, I'm not.

@cel that's the one. Search failed me.

%k7kOdpP...

I did too, and then this week I REBORGED so I could see how they do things. Oh the humanity. (If anybody needs a photo album of their entire onboarding flow...)

I actually got myself an iphone too. It was a bit like this scene

I'm still chewing on this feedback. Not going to act yet, but I'm thinking about it.

So, actually the code is supposed to show the last 2 replies, not the latest, but there's some kind of bug that's causing it to pick the wrong two. I just havent gotten around to fixing it.

It does make sense to put the "n more replies" above the last 2 posts -- I did that originally -- but I ended up putting that at bottom because I felt it scanned a little easier.

Yeah, the fork/reply to thread hits my feelings on this. I'll elevate this on my todo list.

I think I probably told you incorrectly in the past, or maybe it changed. It should just be --party. But, if you've pulled latest and updated your npm deps, party should be on by default.

It turns out that our quota system had 2 problems. One was, it was stopping people from getting files, unexpectedly. The other was, it ate up CPU. So, we threw in the party mode to temporarily disable it. (It's a silly config name.)

Nice case

I'm all about that LED art, so that's what I like to use the mini boards for. But, pis arent great for that, since they get their timing mussed up by the OS.

https://scuttlebot.io/docs/advanced/messages-by-user.html

Like I mentioned in the other thread, the sbot cli is really not great for daily use. If anybody wants to make a CLI app that's actually fun to use, they'll instantly become the coolest kid on the block

@bobhaugen no that's ok. It's not your flags that cause them to be missing, anyway. Some FoaF feeds are having trouble getting across the network, for reasons I dont fully grok yet

have you pulled latest and set party to true in config?

If you want to pursue this, yani, you can ping me on IRC, or talk through it here or in github issues. We're too backed up with protocol and patchwork improvements to focus on those integrations right now, but we can support anybody else that wants to do it.

LMK if you see memory usage creep up again. If the node process is doing that, then it could indicate a leak -- and I dont think we fixed any leaks in the last month.

I dont think it does, but @cel setup nodemon for patchwork's watch script, which automates reloading. It's a full reload, but it's still pretty handy.

Ah yes, I must have screwed something up with my recent updates. I'll fix that. Thanks for pointing it out.

@cel I'm seeing that too. And I'm seeing it again, here. It's funny, I just see @bobhaugen locked in a battle with missing posts

Do you have @xR8CGZw... in your database?

The system is pretty weird! It's an experiment to see how well "weird" can work. The old-school way of doing things, where there are host computers, is easy to think about. You're either on the host, or you're not. Whereas, on Patchwork, it's about who follows you.

We're still developing the tools to explain it. And, still developing the code! So -- I hope it's not too frustrating while we make progress, but thanks for joining in the weird with us.

We don't want to reintroduce hosts, because that's exactly what we're trying to get away from. But I do think that a "virtual" notion of a host -- something with the same "on" or "off" properties -- might be useful for helping us think about the network. It might take the shape of user-groups.

The sbot api is documented throughout https://scuttlebot.io/. It's mainly meant for administrative or debugging work.

There was a great little CLI social network app that somebody published (not for ssb) about a month ago. I was thinking it would be great to port that to SSB.

But, right now, there's not a great ssb cli app.

be designing: a service whose purpose is not to capture attention but to offer maximum content and knowledge quality with the minimum friction and waste of time

(It's against maritime law to decline a boat party invite)

Got invited to a boat party. Pushed a bunch of PRs and I'mmmm outta here!

That's a lot of gigs.

Are you using the electron version?

1. was a bug. Are you using latest? that should be fixed
2. can you expand on that?
3. yeah, this is another recent fix

We're going to land sbot plugins soon, and then ssb-web-server will be installable via that

Gramatik // Satoshi Nakamoto (feat. Adrian Lau & ProbCause)

Ok well we're going to have a lot of them. Should I make a patchkit org to avoid filling up ssbc with these guys?

question about GPL stills tands

https://github.com/ssbc/patchkit-stepped-progress-bar

I am. Some are just small, so Im putting them in the main patchkit

cc @dominic @cel @mixmix

Should Patchkit be gpl3, just like Patchwork? I'm pretty much gutting Patchwork here. If these are MIT, then Patchwork is pretty much not GPL anymore

@Yum511X... is a foaf, and I'm frequently seeing @bob reply to him, but graabein's messages come in much later

and https://docs.npmjs.com/getting-started/fixing-npm-permissions

See also: https://scuttlebot.io/docs/config/create-a-pub.html

Hmm, perhaps that is confusing. That will follow. The intent is, once you both follow each other, you are "friends."

I'm not sure why sbot.get would trigger relatedMessages,

I'm guessing it didnt and there's some coincidence occuring there

@dominic I bet I see what's going on here. I'm not sure why sbot.get would trigger relatedMessages, but I can see how relatedMessages would cb() twice.

Suppose you have, in your db, messages that link up to a root message you don't have. If you call relatedMessages() on the message you dont have, you'd get an error and n would be set to -1. But, the recursive related() calls would continue, and they increment n without checking if it's <0. That can lead to cb() getting called a second time.

That stack dump is odd -- /usr/local/src/secure-scuttlebutt/index.js:524:7 is inside the relatedMessages method...

I've been getting a lot of these lately, no clear cause

Yep, I got that too and made a note of it. What CLI command did you use? sbot.get?

Coincidentally was missing for me too, until you mentioned it, and it suddenly decided to show up. (That is a total coincidence though, we have no fetch-on-mention mechanic)

I cant get the picture zooming to work, don't know why

Sorry about that! we've been getting some reports of issues.

Yeah that's for @larpanet. Check the activity feed on there, is your friend a recent follow?

Did he use an invite?

@dust yes, a reader would be

what happens?

Tried writing the tests with enzyme and rage-quit within an hour. It sucked in so many ways, I don't know where to begin.

Instead I'm just creating demo HTML pages for the elements, and running tape tests against the DOM.

Yeah, I did that because inbox has a fixed number of sub-items but activity feed doesnt

https://github.com/ssbc/patchkit

It has begun!

@dominic if youre gonna hit the blobs stuff, then Im going to start modularizing patchwork

They are. Look at @0GLMsG6... for instance. You should see flags by a few people in the about section.

Vectored Signatures, or the Elements of a Possible V-Algebra.

A major war's starting in Eve Online. The Imperium is being challenged by an alliance of smaller corporations, funded by the banking system.

Oh gotcha

@dust nah, party mode had to do with limiting the amount downloaded per day

• Scuttlebot plugins
• Application-driven blob policies
• Small patchwork tweaks

@dominic hey, is that dunbar limit still being applied in foaf replication? I just looked at the graphmitter code and Im not seeing it in use

Yeah, good small task

Yeah I know. Doing the proper responsive nav is just one of those todo items that falls low compared to the many others.

@bobhaugen that will always be possible. The weakness with Patchwork's electron install right now is that you have to download and install the thing manually. I want there to be autoupdating.

Still figuring out the shape of scuttlebot & patchwork though -- if the new plugins project for Scuttlebot works, then I want Patchwork to be an sbot plugin

Yeah it would probably be good to get that nav responsive

@cel I've got a plugins PR tracking now, and ssb-notifier would be a good first conversion. I'm thinking I can convert server.js to autorun if its the main script, and otherwise it'll export the plugin interface. If that sounds good I'll send a PR

You now have a full clone of the current ssbc/patchwork cosmos on your machine and can search and view all of the scuttlebot database without internet access.

Somebody put this man in sales!

I'm not sure if it connects to people automatically if you don't follow them, so the onboarding/initial setup might be a bit tricky...

When people join Pubs, they announce the address of the Pub. After seeing that announcement, you'll autoconnect to those Pubs, and to other people on your LAN.

You'll connect to peers, no matter what your relationship is with them, in the hopes of finding data you might want.

Bare with me through this technical trickery to seed your friends today

If you are on the LAN with somebody, you'll automatically download their feed. So this may not be necessary?

If autodownloading doesnt solve things for you, please describe your situation a bit more, so we can build something nicer for it!

(Still, nice guide @cryptix

Yeah, currently flags dont hide anybody/thing yet

SSB database has all of the messages and blobs/files published by people you follow, and your foafs

The change will be, youll only download and keep blobs that your application needs, instead of all the ones people publish. Big difference!

We dont have a lan-only flag, but it will work automatically. You do have to be reachable by multicast udp for it to work

Yeah, that's about how much data is in my .ssb right now.

We're going to change the blob auto-download policy soon, which should help reduce that by quite a bit.

Im subbed patchwork-design, patchwork-dev, patchwork-org, and scuttlebot

Im fine with that, @dominic and @cel ?

yep!

Blah, missed the channel.

Electron: https://github.com/ssbc/patchwork-electron/releases/tag/2.7.0

Patchwork 2.7.0 released

Changes:

• The unread count is now in the favicon
• Inbox now shows all recipients' avatars.
• In-progress message drafts will now persist, if you cancel or navigate away from the composer.
• Search is now much faster
• New follows and unfollows now show in the Digs view, which is now just "Notices," instead of in your Inbox.
• Users will now show up in the search autocomplete (but not in the results).
• Code-views now overflow scroll horizontally instead of line-wrapping
• The "Activity Feed" is now the home screen, instead of the inbox
• Messages in the feed no longer expand when you click a link within them
• Other small fixes and updates

Full changeset

merged, will be publishing a new patchwork soon

didn't close down properly..

I'm not getting the blob you posted there, @cryptix. Is that what you're referring to?

hi!

Yeah, this is an issue with browsers, but not nodejs.

Fixed

Whoops, yeah thanks

Your ssb-markdown updated prematurely. I just merged the PR for handling it, so pull latest and check now

Meeting at 7pm/8pm Monday / 1pm Tuesday?

If we need to shift an hour for the NZers because the DST shift, we can.

@cel did you update your npm deps?

What will happen in patchwork if nodes have intermittent connectivity?

Patchwork's network is called a "gossip mesh," which is designed specifically for bad connectivity. If you're able to reach anybody on the network, you'll exchange data with them.

The exchange happens in the background, and can happen after you create the data. So, you can make new posts while offline, then go online and sync back up.

The result is more reliable, but can be a little unpredictable as well. If we're on a LAN together, we'll be able to keep sending each other data, even if our Internet goes down. But, if our Internet went down for 5 days, then on the 6th day, we'd send and receive 5-day-old data. So, sometimes information will lag behind.

We're still learning how much of an impact that has. So far, it's been ok. And, the nice thing is, when somebody (cough me cough) nukes their pub, the network keeps working just fine.

One of the Rojava questions is, can they do digital currency transactions in those conditions?

You can, but I would recommend that it only be attempted by people with expertise in distributed systems. An engineer that's not strongly familiar with "Eventual Consistency" and the importance of "Partial Order" could make some costly mistakes.

We're going to do our best to educate everybody about using SSB well, but that'll take some time -- so, for now, I have to just go with that recommendation.

yep

for the first blob-want*

if the pubs just tried to get the things their users wanted from them, then you'd have that

You'd need a recipient to be online at the same time as the publisher, for the first blob-publish.

I can send you some invites to use.

The nvm

@bobhaugen yes that's the easiest procedure right now.

@dominic I figure the pub should have an app, that basically follows a policy of auto-downloading for its members. That way we dont end up with an availability problem, where somebody publishes a blob and the goes offline.

Semantic versioning is a trust decision, we should improve the trust using code-audit signatures. Only install the new version after N trusted parties sign off on it.

I've got a few good projects to take on. If anybody else has any, feel free to add them

• Implement https://github.com/pfraze/ssb-kvdb. @arj mentioned he might be interested in this, but hasn't confirmed that he will.
• Small PRs to improve Patchwork, in behavior or aesthetic, are always appreciated. (Smaller are better, for Patchwork.)
• Improving the Invites API

are there any unique protocols involved?

Also, how large is the .ssb directory?

Yeah, we've been waiting for a good time to add signalling to pubs first, but if we really wanted to push this forward, we could talk about temporarily hardcoding a single signalhub instance

hear ye, hear ye: @slip.space is the new slip.space
that is all.

Agree

@dominic skeuomorphism is art is a skeuomorph

@dust so I started reading the utopia of bureaucracy book and fell in love. Great read. Im almost at the end of chapter 1 (so I read that great intro and most of chapter 1) and I plan to read the rest.

Here's my (maybe controversial?) view: seeing as we're programmers, we're basically wielders of bureaucracy, as the software itself is bureaucracy, automated. Im not uncomfortable accepting bureaucracy as neither a negative or a positive. I've always had to remind my conservative friends that, there is no such thing as more or less regulation... just different regulation. So, Graeber was singing a tune I liked, from the get-go.

The power of bureaucracy comes from its authorship. One of Graeber's recurring points is, bureaucracy gets imposed from the top down, as an extension of structural violence. And, as a result, it's often out of touch with the reality of its systems. Wouldnt a fitting revolution be, to make bureaucracy self-defined, by the people experiencing it?

Whether that can happen or cant -- whether it should happen or shouldnt -- you must admit that the present battle between the FOSS revolution and the VC-funded industry, reflects the question: of whether the future will continue to be run by finance -- as, Graeber asserts, has occurred since we left the gold standard -- or by programmers? Thus far, theyve experienced an uneasy alliance. And with the recent belt-tightening, we're getting a reminder -- when the music stops, remember who was playing the music in the first place.

"How long can you go without an up round? I thought so."

This leaves us to ask: are we going to continue to degrade the importance of capital in software? Will the "miracle of low-cost software entrepreneurship" continue? Did it ever exist?

There's a lot of evidence that the VCs pick the winners in our industry. We need to see what happens to their unicorns, in the next 3 years. If VCs are willing to dump their "winners," then maybe there will be the collective will to dump them.

But we also need to make money -- real money -- without fighting these "market domination" battles. Otherwise, we'll never escape the orbit of finance.

I suppose we do, I'll make a todo item to look into that

Patchwork is actually different. Every time I publish patchwork we gotta make another release bundle on github for patchwork-electron, which involves both @cel and I.

Ok so do we special case link to jump up a level?

@cel @dominic we were talking about making ssb-msgs.indexLinks go recursive. That complicates the rules a bit, so we'll need to figure that out.

Right now, the rules for a link is, they must be either:

1. an ssb-ref on a toplevel attribute
2. an object on a toplevel attribute with a .link attribute to an ssb-ref

So the question here is, what are the rules for the relation? Is .link a special case that always takes the keyname above? What would be the relation name for...

{
  type: 'foo',
  foo: { bar: { baz: '%...sha256' } } }
}

Would it be baz? or foo.bar.baz?

SSB-Config has .pub and .local flags to disable public/local replication, but Scuttlebot doesnt implement it. Should we get that in there?

Nah, it's just a complex feature that over-extends the existing arch. I'm wondering if I need to punt until after I modularize, and add tests, since I could refactor then to handle this right

Actually getting post edits into the UI is introducing more complexity than I expected. Worried about bugs and kludge. This may take a while.

Yeah that still seems high to me. @dominic is working on gossip efficiency so hopefully it will improve.

Well there's also this really good solution called SCP IF I REMEMBERED TO USE IT WAAAH

@cryptix that's right, I took the coward's way out

Yeah it's night and day. Go figs.

It's merged into master, not yet published

@cryptix ah it probably is. I thought we had resolved that, but I guess not. Bleh!

@substack I sent you another PM. Does the inbox open now?

Ahh shoot! I just nuked my pub!!

What happened? Let's apply the five whys:

1. I ran an old version of scuttlebot, and it didnt recognize my keyfile so it overwrote it with a new key in the old format.
2. I hadnt backed up my pub's keys.
3. I hadnt backed up my pub's keys.
4. I hadnt backed up my pub's keys.
5. I hadnt backed up my pub's keys.

So @slip.space ate dirt

Sorry for being a bad admin. I'll generate a new keyfile and have it follow everybody again. I'll also flag the old ident.

Virtual Desktop 1.0 Trailer

@null_radix delete-msg.js

Ok, back up your ssb directory, put this script in your scuttlebot directory, and then run

node delete-msg.js "%vyyVmWprqjKPtcjw9nB1w0pmld+m41rQp/4pvM5yNw4=.sha256"

If everything looks correct, add --do-it. If you see any errors prior to do-it (which you might) copy them here for me.

Im discovering the worst part of this npm issue isnt the implications of FOSS v Business, or of security in software. The worst part is all non-js devs acting smug about it

I think I fixed search!

The algorithm is still a naive scan-and-regex on the log, but I moved the filtering into the node process. That removed a lot of serialization and message-passing overhead. It's much faster now.

@substack RE %KLPw3Sp... that's a new bug. Any ideas what could be causing that?

Let's start speccing this out. There's an old thread by dominic about some of the requirements. Does anybody want to take the lead on it? @dominic and I are tied up with core dev, and @cel is working on git-ssb

@cel that's what we were thinking, ~/.ssb/node_modules.

Ah, yes it is. Bad assumption. I'll change that.

@keks take a look at https://scuttlebot.io. It's still got some todo things (so it's not ready for the big time) but it should help

@cryptix why are you marking them unread to keep them bookmarked? If you watch the thread, it will be in your "watching" folder of the inbox. (Internally that's called a bookmark.)

The 33/7 difference is from channels that you're watching. They don't currently get put in the watching subfolder

Scuttlebot plugins

@dominic and I have been talking about making Scuttlebot plugins installable via the command-line.

This would be to allow -

• Easy new DB features
• Easy new apps

Like, the kvdb, ssb-names, and ssb-exporter modules would be really easy to do this way.

It would be something like

sbot install ssb-names #uses npm
sbot install https://github.com/arj03/ssb-exporter.git

And after install they'd be in the sbot namespace

sbot kvdb.put my-namespace/stuff {"hello":"world"}
sbot names.signified bob
sbot exporter.import ./somefeed

So the lifecycle and rpc-routing would all be handled by the sbot process.

We could also make Patchwork a Scuttlebot plugin (maybe default installed?) instead of having it embed Scuttlebot

(https://simple.wikipedia.org/wiki/Archimedes#Archimedes_at_war)

@bobhaugen dont disturb my (social) circles

I completely agree with this sentiment but I also agree with @dominic, it is what it is.

But then, you know.... VRRRRRARRRRRR. If I wasnt working on this, I'd be trying out new 3duis

@dominic then suggested we set things up so the inviting user creates the private key, and publishes "hey I'm inviting a person named X with code Y to pub Z," where...

• X is a petname of the user that's joining
• Y is the pubkey of the invite code
• Z is the pub that's going to host the new user

The inviter sends the invite private key (or seed) to the new user. The new user proves ownership to the pub, and then the pub publishes a "reply" to the inviter's message saying "user A accepted this invite, here they are!" where A is the pubkey of the new user.

So, that would help people distribute invites and get each other onto the network. Then, that still leaves some UI questions about how to discover people, by other means.

I'll park it here for people to offer reactions to ^ and their own suggestions

@cel suggested we emulate gmail's old-school invites UI. You had this widget on the sidebar saying, "you have 5 invites," and then you could grab one and send it to friends.

So, we could do that for people that have a pub. Pubs would be configured to hand them out to members, periodically, via ssb messages. They'd just show up in the feed.

@dominic I think @dust's post-edit PRs are ready to go, if you can sign off on them I'll merge this week

Improving the invite/onboard flow

We've gotten feedback and seen ourselves that things go great for new patchworkers until an invite is used, and then it's unclear what to do.

We think part of the problem is, it's not easy to find people you want to talk to. It's also a little hard to get an invite.

So we need to put our heads together about the right flow for connecting to people.

Regular question: what's sucking most about patchwork right now? Missing features, bad flows, etc. Will roll them into my next sprint.

about to do a bunch of posts asking for community feedback here ok lets do it

We're discussing this on the call. We'll write a script to fix your db state, @null_radix, and then we have some theories about why this happened that we'll test.

Works great when those tricksy blobs show up!

I think, in 1 hour

His log has forked, somehow, for you. Here's what I get at seq 2888 for @dust:

{
  "key": "%lFluepOmDxEUcZWlLfz0rHU61xLQYxknAEd6z4un8P8=.sha256",
  "value": {
    "previous": "%VBfEJjeNUlxLuK0eyRzVha3TLu5PPWLwsvGgnmAdPas=.sha256",
    "author": "@/02iw6SFEPIHl8nMkYSwcCgRWxiG6VP547Wcp1NW8Bo=.ed25519",
    "sequence": 2888,
    "timestamp": 1457679971682,
    "hash": "sha256",
    "content": {
      "type": "post",
      "text": "oh no\n\nhttps://medium.com/making-instapaper/bookmarklets-are-dead-d470d4bbb626\n\n> The ultimate catch-22 of the new Content Security Policy wording is that it’s intended to benefit the users, by providing additional security from hypothetical malicious add-ons on websites that enforce a Content Security Policy. In the end the bookmarklet has been relegated obsolete by the change, a casualty of one clause in one section of one web specification, and end-users and developers are the ones who will mourn its demise. The path to hell is paved with good intentions.\n\n> I’d probably try to do more about it, but I’m too busy rewriting Instapaper’s bookmarklet into extensions for every major browser.\n\nhttps://www.youtube.com/watch?v=n5diMImYIIA",
      "root": "%VBfEJjeNUlxLuK0eyRzVha3TLu5PPWLwsvGgnmAdPas=.sha256",
      "branch": "%VBfEJjeNUlxLuK0eyRzVha3TLu5PPWLwsvGgnmAdPas=.sha256",
      "channel": "javascript"
    },
    "signature": "Pv+LWJumKE8nIOfsZxgMcg/EcR/tZeJShmiVIGizERuiAMzwzTTjg78r+InmJopJwMogEG7/W3FLTnH/EOzLCg==.sig.ed25519"
  }
}

Exact same content, but the key is different.

CouchDB 2 is on the way

They're going to add a mongodb-inspired query language (in the google doc above they say it will be called Mango)

Theyre also adding clustering and a new admin interface

could you run sbot getLatest "@/02iw6SFEPIHl8nMkYSwcCgRWxiG6VP547Wcp1NW8Bo=.ed25519" and tell me what comes out?

Did you guys take daylight savings? I think the time shifted

Anyway, Im fine with that

(Im in vegas)

http://www.worldtimebuddy.com/?qm=1&lid=5506956,5128581,2179537,2193733&h=5506956&date=2016-3-21&sln=18-19

@null_radix I think there is too. Did you try the "party" config?

haha ah sorry about that

@dominic yeah I agree with that. And pubs can run their own program which, more or less, sets the storage policy -- with that same mechanism

You did! The dat project / hyperdrive. Im gonna meet up with those guys today and see where theyre at

(I think maidsafe is vapor)

Yeah

@bobhaugen https://www.fin.ventures/letters/on-bots-conversational-apps-and-fin

I'm going to start pulling out patchwork ui into modules, I think that will help a bit

This is wicked

It would be really great to have p2p folder/file-sharing (something like dropbox but without the service) that scuttlebot could tap into

Meeting on the 21st?

I think we're scattered to the wind, a bit. Who is available for the call?

cc @dominic @mixmix @cel

https://github.com/creationix/nvm is another way to get latest node, or just the site, https://nodejs.org/en/

Oh, yeah I was skimming. Yeah, if @dust you can see his data being announced, then you ought to be able to receive his data.

If you go to your contacts page, you don't see him in the local peers section? Has he published any messages?

It should be, if OSX allows that

No it should work in 2.6.4. Have your friend check the Firewall section of the Security & Privacy settings in OSX. If the firewall is on, it will interrupt LAN syncing.

@cryptix I made a note about the <pre> problem.

If the npm install instructions on http://ssbc.github.io/patchwork/ dont work, then nothing will. Did he try that?

@arj https://github.com/arj03/ssb-exporter is looking good. I filed an issue with a suggestion to improve, and otherwise . When it's ready, if you can add some usage docs, I'll add it to our community modules listing on the new docs site

All of these announcements to me sound like We factored this out of our business, please tell us it wasn't in vain.

Yeah probably. Just glancing, it seems nice but nothing too new

I'd like to add a .desc string to the about spec (description). I havent included it until now, just to reduce my workload.

Yeah I think this is great

Obviously it won't close all attack vectors, but it is very good. We talk about using SSB to deliver software a lot.

I've been drinking all night and I just watched a James Bond movie. I think I'm qualified to answer this.

The equation, in this context, is known as a "dense sociological proof." It illustrates the emergent lack of empathy in math nerds rendered toward laymen who display curiosity which is motivated by extrinsic factors (such as artwork, or music).

Apparently elephants are afraid of bees, and they have a special sound for warning each other about them.

@jfawcett really wants to get into this

I enjoyed that

cc @dominic

Which part, like when you open a thread and the old messages are collapsed?

Nice, bookmarked

Paul:

• Keep working on the new docs site
• Keep handling Patchwork feature reports and bug requests (composer "draft" state, hopefully the post editing soon! etc)
• Start modularizing Patchwork and writing tests

@mixmix I think that's a good idea

Meeting today at the regular time:

• 3pm NZ
• 8pm TX
• 9pm NY

http://www.worldtimebuddy.com/?qm=1&lid=2193733,4671654,5128581&h=2193733&date=2016-3-8&sln=15-16

cc @mixmix @dominic @cel

I agree with @dominic and I'm not sure which I think is better (least painful). Including author id is a lot of overhead, but fetching individual messages is equally overheady, and introduces complications about fetching the profile without fetching the whole feed. It's a crummy issue.

We have push? Isn't it only pull?

I'll endeavor to TL;DR: since we cant create long-lived connections to everybody, this protocol adds push, and since push is a rarer event, it'll reduce overall bandwidth involved compared to short-lived pulls. I get that right?

Will you get HAVEs for feeds you dont care about?

The best bit is how, sure, they are lying in a hammock, but they are still wearing a shirt and tie.

business-beach attire

Yeah, should be very simple

Sure.

FWIW I like threaded conversations a lot, I just didnt think they fit here. Indented threads dont do well for long back-and-forths -- after about 5 replies, the indentation gets too deep. Most of our communication is interpersonal, so we tend to have back-and-forth, while indented threads are much better for large communities that sort by upvotes (slashdot, reddit, HN).

We've been wanting to add a button to quickly "fork" a conversation, which is basically what you're doing here -- start a new thread, with a mention of the other message at the top.

Yeah. It's supposed to combine the inbox unread and your activity feed, to reduce a click.

It may not be a good idea, so if yall arent into it I'll probably not merge

Going to write a whole lot of documentation today.

Yeah, that would probably be smart

Looking for feedback on this update.

It was bugging me that I had to switch between the inbox and activity feed pages, so I created a new Home page, which puts the unread items at the top of the feed.

PR with more information.

/ ?

Oh I see. Humm. Yeah, I think you'll have to do a browser addon to do that?

@dust That will depend on what all you'll need to do. Writing a separate node/electron application is still viable, but involves some overhead. We're working on ssb-web-server now, so that you can write SPAs that are shared on the SSB network.

RE: CSP, it looks like ssb-web-server will have to allow unsafe-inline in order to work properly, so bookmarklets will work on those. Patchwork doesnt allow inline scripts, but if people really want bookmarklets, I can add a config option to relax that constraint. It would be better to write a backend-based script injector, though.

@krl ok, I'll make that change

Yeah. That may not be a bug, but we'll keep an eye on it

Yeah that definitely shouldnt happen. Did you notice if they were newly-received from the network, or is it possible they had been received but werent visible in the frontend?

@bobhaugen bloom is just an application of CRDTs, which are a kind of data structure that behave well in distributed systems like SSB. So, they're language-agnostic.

Bloom is quite neat though; it builds a language where CRDTs are a builtin type

Dog ranks:

• Private
• Good boy
• Very good boy
• Captain

Yeah, this is entirely due to a naive approach to rate-limiting, and not due to the volume of data

@keks I agree, and this presentation even mentions the FLP result, which asserts you cant have consensus in a asynchronous system (which SSB is). I'm skeptical of any consistency solution that doesnt have a good paper behind it

RE your TCP experiment, do you know governs the reset? Im wondering how consistent the measurements will be when other systems are involved

RE time drift, you might be right about the VM, in which case I think they would need frequent NTP syncs

Also a good idea

It'd be pretty absurd to have a consistent drift that's significant enough to notice within 30 minutes. My theories: one of the machines altered its clock during the test via NTP; or latency threw off your calculation in some subtle way

Issues Cloning Spec repo - GitHub taking a very long time to download changes to the Specs Repo -- an interesting response from a GH engineer, RE the cost of using Git as a CDN for packages

This HN comment brings up a really good argument about data-security:

So effectively the FBI has one giant inbox with Americans' communications in it?

That inbox will get hacked. It's only a matter of time. If thousands of federal bureaucrats have access to it, I would be very surprised if foreign intelligence agencies do not already have access to it in some capacity.

Scary stuff. People should continue to assume all systems are compromised and email is public information.

All network information is public information. We have to assume all providers (not just FBI/NSA, but the original email services) will be breached eventually.

All of the recent conversations about groups have involved consensus. For a membership-constrained set, trust can be assumed.

We should look into egalitarian paxos

Distributed Consensus: Making Impossible Possible

I had the same idea, I think I'll add it to my queue

Heh, google hired chris poole to fix google+

@cel yeah that was from a bad interaction between the updated scuttlebot and patchwork-threads. If all deps are updated, this should not occur

@cel yep, we're testing out some software outside of patchwork. Will update you on the call

@mixmix yep it should!

Little HTML publishing experiment.

hello-world.html

Quick reminder, standup today at 8pm CST /cc @dominic @cel @mixmix

Just wanted to mention @dominic did a solid bug crush this weekend

Patchwork 2.6.4 released

Quick update after 2.6.3, bumps Scuttlebot up to its latest version.

This adds a new true/false config option, party. (or ssb_party from the cli.) This turns off rate-limiting, which should improve replication performance. (This has been added for debugging.)

Ok, we'll keep working on this

That's what I expected. Take a look in your network view. How many peers are you syncing with (green dots)? My theory is, it'll be a lot

Patchwork 2.6.3 Released

Changelog

Mostly bug fixes and minor tweaks

We're all pretty spread out, I think. I'm in Austin.

@keks oh thanks, yeah I missed that

@Ev are you running the electron version of the app?

@dominic I had the same results, and there are also some missing npm deps on the frontend (ssb-markdown, pull-scroll, observable). The map-filter-reduce/keys dep seems like something that needs to be published still, because installing the map-filter-reduce module didnt solve it

@Ev I may not be reading this right -- what makes you say Chromium is the offending process? I see 0% on its CPU

@dominic I think you're exactly right

@dominic I just did some new-user tests with party mode. Here are my observations:

• I downloaded all messages from slip.space's 25 members within about 1 minute, and the blobs took roughly 5-7 more minutes after that. It's much, much better, but there's room to improve.
• (RE this issue) The backend does slow down, but not immediately. I have a hunch it could be due to blob replication, but I'm not sure.
• Based on this issue, I have a suspicion that, when there are multiple peers replicating messages, they interrupt each other by causing createWriteStream to fail validation. I found some potential evidence: if I reduce the connection limit to 1 peer, all messages download in one session; but, if I allow multiple connections at once, the download process would halt and restart with each peer.

We should just reassign them freely. The nice thing is, it's a persistent queue that's easy to review, whereas mentions are individual events that can get lost.

https://github.com/issues/assigned

@dominic pull master on patchwork and tell me if the performance is much better for you

@dominic I want to clear out our issue backlog. You mind if we start using assignments in GH?

Works in FF luckily

Huh, I can't seem to sign into Github. Looks like a misconfigured CSP, because I get this error:

Blocked form submission to 'https://github.com/session' because the form's frame is sandboxed and the 'allow-forms' permission is not set.

Are you using react-addons-css-transition-group ?

I'm on it!

I'm in agreement about that frustration, @cryptix. FoaF replication makes it very hard to control what gets distributed. I'll have a look at the stuff that @dominic has written recently.

@dominic I've noticed the gossip scheduler doesnt respect the connections limit.

We may need to formalize the requirements. This is a complicated segment.

Is there a convention for namespacing messages to a certain domain?

There's not. Your suggestion of app-name-vote is good.

Is there a testnet for ssb?

Unfortunately no, but there are procedures for creating test databases and feeds. See this documentation.

Any plans for integrated UIs between apps? Personally I would rather have a tab or section in the patchwork nav or even a post type in the main feed instead of a whole separate app.

So maybe a patchwork plugin instead of a separate ssb app.

We've been discussing this, and deferred a decision while we waited for community input.

Patchwork can currently integrate with applications like email does with other services: you can create posts which go in the inbox or feed. But, we do get a lot of requests for custom message-rendering, and for new UI screens. We could take some inspiration from Sublime or Atom and put in a plugin system.

My idea for this would be to define and/or describe your type in a blob and use the blob ID in the type field.

That can work; the type field was specced to be long enough for hash IDs. However, it's a little less friendly to look and query against.

I'm not yet sure how careful we have to be about type collisions, and I'm hoping that hash-IDs would be overkill. It does, however, have a nice feature, that the linked blob can document the type's schema.

1. Clone the stats repo into a folder you host statically.
2. Setup a cronjob to run dump.sh hourly.

It's by new messages, which means any published action: digs, messages, profile changes, and so on. But, it does not include somebody who publishes nothing.

@joshuavial I can step you through it. If you don't mind, I'll write this to a general audience, so everybody can follow.

A basic guide for building applications

Full documentation at http://ssbc.github.io/scuttlebot/.

First, create a project for a desktop application. I recommend you use Electron, or Node. If you want to use another language than Javascript, you'll need to find an RPC interface for that language.

The structure of the application is your choice. Web-application patterns work well on the desktop, if you're ok with using Electron, or a browser, for your frontend. Patchwork uses a typical Web SPA pattern, and shares software with its node and electron codebases (see patchwork-electron).

Scuttlebot is a database. The primary interface is the append-only log. You establish a connection using the ssb-client module (documented here), and read and append to the log using the SSB API.

Scuttlebot also has a Blobs API, which is content-hash indexed. It is mainly used to distribute files.

The blob- and log-stores are synchronized between peers in the background. The application won't handle any of the peer-to-peer interactions, as those are automated. However, you can subscribe to watch for new messages and files, and sync is often in realtime.

Here are some useful snippets:

Any streaming is handled with pull-streams. For example, here is a log-watching snippet:

pull(sbot.createLogStream({ live: true, old: false }), pull.drain(
  function (msg) { /* new message */ },
  function (err) { /* end of stream */ }
))

This page documents how you publish a file. The hash of the file is usually shared over the log. The receiving party then waits for the file, using this code:

var toPull = require('streams-to-pull-streams')
sbot.blobs.want(blobHash, function (err, has) {
  if (has) {
    // file-contents received, let's write it to a file
    pull(
      sbot.blobs.get(blobHash), 
      toPull(fs.createWriteStream('myfile.txt'))
    )
  }
})

More about using Scuttlebot:

The peer-to-peer behaviors are abstracted, for the most part, and sync occurs in the background. Philosophically, this is similar to CouchDB's design.

Scuttlebot can be your main data-store, but you can use other databases with it. Embedded databases, like leveldb and sqlite, are easy to setup and configure, since they're exclusively controlled by your application.

Have a look at the ssb-msg-schemas readme to see how some common log-messages are designed. Messages can link to each other, again using content-hashes. They can link to feeds using public-key IDs, and to blobs using content-hash IDs.

We have a tutorial here and some example applications:

• CLI Dashboard
• CLI Private Messenger
• Simple "Whois"

I'll stop here, so you can direct the conversation. If you get stuck on any task, let me know and I'll step through it.

Old idea feels fresh again. CRDT-object interfaces to scuttlebot:

var thread = new MerkleTree({ type: 'post', text: 'hello, world' })
thread.root.type == 'post'
thread.root.text == 'hello, world'
thread.append({ type: 'post', text: 'my reply' })
thread.find('.post > .post').text == 'my reply'
thread.publish()

var votes = new RegisterMap()
votes.set(alicesId, {  value: -1, reason: 'spam' })
votes.set(bobsId, { value: 1 })
votes.count() == 2
votes.set(alicesId, { value: 0 })
votes.count() == 2
votes.publish()

Riak uses this technique, documented here.

@cryptix I'll try not to let that concern me

The Merkle-tree is a CRDT which doesn't rely on clock consensus between peers. (It uses content hashes to create a partial order to its items.) If we don't try to collapse the tree into a linear order, then it's possible we let multiple SSB users contribute from their feeds, and still come to consensus. There'd be no overhead for this technique. There are, however, limitations to the data-structures this can support.

@keks that's not loading for me, do you have another link?

I put together a metrics dashboard for my pub, slip.space.

)

source

@dominic I believe it'll have to be somewhat nuanced to avoid bugs. Raft, or paxos.

a side business printing indulgences

I think you just found our business model

I have a theory, that computer networks are political systems.

I've got our ssb==pre-agrarian comparison, and there's the old web-monopolies==fuedal-lords comparison. And there should be more models in-between.

@dominic how does consensus on feed order occur?

Yeah exactly, we need garbage collection

source

Ok, file an issue on scuttlebot, it sounds like we need to do work on wifi sync then

ok good. I am surprised there's a rendering difference still, but that mostly makes sense

@mixmix was it your messages come in at 1 per second, or the messages of other people on the network?

For the FoaFs, yes

@cryptix yeah that's what I figured was happening (text going down low) but that means @keks was getting the bottom of his post cutoff, right @keks ?

Not sure, I'm on the same version (chrome not chromium, osx not linux). I think you may also be having the same cutoff issue that @cryptix is reporting in the other thread.

@keks Interesting, it's the same markup as mine but rendering differently.

@keks Can you screenshot that post, on the page and its structure in the devtools?

I'd wager the bug @joshuavial experienced has to do with rate limiting, which we're going to remove.

@mixmix I have no idea why you had those bugs

Heh. Post editing will come.

I dont know how that could be happening. Can anybody else report?

TiltBrush

@keks are you just never getting blobs? (We know blobs are broken to some degree, but it seems like theyre totally broken for you.)

It looks like the blobs store has jumped a couple hundred megs recently. Could be from git-ssb.

@joshuavial yeah! As soon as I confirm the output is correct, I'll share my new stats dashboard

@cryptix how did you update? Is it possible you need to run the build-step? (If you only did git pull, that would be the case)

which centralisation business

To clarify: Not "an organization." Business as in, "subject-matter." Some prior discussion is in this thread. We also discussed it in our last call.

I'm not sure sbot/patchwork are trustless & roleless networks.

Agreed. It's not purely either, and the amount varies by layer.

Our recent discussion was in the context of protocol behaviors: which devices provide what behaviors, how are multiple users coordinated, how is information found, and etc. This is where we're least specialized. (Pubs are the only exception.)

If patchwork is used by people who don't use it primarily for talking about patchwork (lets be honest here)

No need to talk around that fact! That's how most of us are brought together, at the moment.

@dominic I've been thinking over this centralization business, and had this thought.

A completely trustless & roleless network is a bit like a pre-agrarian society. There's no specialization of participants, and therefore there's less opportunity to stratify. We're all hunters & gatherers.

How well do you think that metaphor holds?

Yeah. There's a good chance that's the rate-limiting at work. We're working on this now.

blob not coming down?

It definitely could, permissions by reputation

That's interesting. That reveals a bug in the composer. It didn't correctly set the branch link.

@noffle no worries, I couldve been clearer

Perhaps vouching for a user happens on the contacts level?

Yes, exactly. If you look on profile pages (on latest PW) you can find, there's a flag button, but no "upvote."

This is upvoting/downvoting a feed, not a message.

If a downvote on a user is a flag, then maybe an upvote should be a "vouch." It says, "if you think something is wrong with this user, then ask me about them."

I think we need to do very broad rewrites and reorganizations, so individual feedback might be premature. It all needs to be simpler, visually cleaner, and flow more smoothly. (Aka we need to treat it like product.)

No worries. All of the docs are a bit dense, right now. Im anxious to do another whole pass on them.

@bobhaugen which bits are that? The doc, or the ID?

Unfortunately we chose to use non-url-friendly characters in our identifiers.

That sounded less douchey in my head

Yeah, I want to steal it!

@mixmix Yes. I figure all of life is a flow between structure and chaos.

When you use a pub-invite, you announce the pub on your feed with a type: pub message. So, if you invite into my pub, and then your pub, then our pubs will learn about each other (by receiving the announcements in your feed) and begin syncing with each other.

That said, it is not necessary that our pubs sync. The gossip-mesh is fully transitive. Let's say you connect to "Bob", via your pub. I'd be able to get Bob's messages in the following path:

Me -> slip.space -> you -> your pub -> Bob

It'll be a little slower, but it will work!

Let me know if you need any help. You can also ping me in #scuttlebutt on Freenode