this post was submitted on 07 Jul 2023
274 points (90.3% liked)
Lemmy.world Support
3202 readers
2 users here now
Lemmy.world Support
Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.
This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.
This community is subject to the rules defined here for lemmy.world.
You can also DM https://lemmy.world/u/lwreport or email [email protected] (PGP Supported) if you need to reach our directly to the admin team.
Follow us for server news 🐘
Outages 🔥
https://status.lemmy.world
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's not really how the protocol works though. You're suggesting a major change to ActivityPub itself.
Edit: and it's a change that isn't even necessary. It's the whole reason you can create your own instance.
It's not a big change - it's adding a field, a table, and a filtering line to the outgoing SQL select statement that chooses what a domain accesses when it requests the feed. Access level control has been a thing for content management systems for 20 years - this is not a big ask.
But to be honest, as you're the third person to have this misconception, I'm getting to the point where I'm almost tempted to crack open the kbin code and see if I can do it myself.
Again, you're talking about changing the ActivityPub protocol. Objects aren't published the way you think they are. It's more like batch processing. This simply can't be done at scale without massive investment.
Edit: ActivityPub is closer to an RSS Feed than it is to sending out what you publish to each server. It makes it's lsit available to others (who don't have this filter you're talking about) and they grab the whole thing. They don't scan each item and grab it as they go. And again, that scanning is done by them, not the hosting server. The feed is open by default. There is no real authentication and identity at the level you'd require to transform this into an entirely different product (a CMS).
I'm going to have to dig into it more, as filtering content from an API feed based on the referring domain's api credentials is something that's commonplace in the private sector and on other open source projects - in fact, I've recently built some reports in Quicksight that do exactly that, and output results on a secure row level basis.
I think it appears more daunting than it is (context I've been a web dev, analyst, ecom manager for 20+ years), but I haven't yet had time to dig into the code. As you're now the fourth person to make this claim, I'm now inspired to actually go and dig into this and see if I can hack it on my own. If I manage to do it (or it results in total failure), I'll update my opinions and these posts accordingly. Disclaimer - I am lazy and slow, so this may take a bit.
Yeah, you can filter your feed. No one is arguing that. But you can't filter the feed to someone else. That's not how it works. I also don't understand why you have to keep throwing around your supposed credentials when you haven't been able to understand a simple web api concept. If you want Threads not to see you, they need to defederate your server. You don't honestly think this server is posting to information to every other server individually, do you? Those servers grab information and that information is the same for every server that grabs it. It does not publish individual feeds to individual servers. That's ludicrous when you consider the minimum specs for a server.
Your credentials don't mean much when you can't provide any hint of skill to make it mean much.
Sigh. You people are fucking exhausting. #5 of saying "you can't do that" and giving nothing more than "server can't handle it" as a reason, which is why I stated my credentials, because I'm sick of people talking out of their asses.
When the instance that wants to publish your work makes a call to the api, they have a domain referrer value. Being able to filter on that value is already in place through the process of defederation.
Filtering the output on that domain referrer value is neither some complex process, nor will it increase server load as you're reducing the amount of content the API is producing.
How do you think IP filtering works? Every public facing web service does it. This is the exactly the same thing, except that rather than blocking the entire site, you're blocking a small part of it. It's even easier than blocking a specific page to an IP, because you only have to block a subset of data coming out of the feed on the api.
FFS. Filter by domain referrer when the call is made to the API from the instance that wants to publish your work. It's not that fucking hard. How do you think IP filtering works?