this post was submitted on 07 Jul 2023
276 points (89.9% liked)
Lemmy.world Support
3251 readers
3 users here now
Lemmy.world Support
Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.
This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.
This community is subject to the rules defined here for lemmy.world.
You can also DM https://lemmy.world/u/lwreport or email [email protected] (PGP Supported) if you need to reach our directly to the admin team.
Follow us for server news 🐘
Outages 🔥
https://status.lemmy.world
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's not really how the protocol works though. You're suggesting a major change to ActivityPub itself.
Edit: and it's a change that isn't even necessary. It's the whole reason you can create your own instance.
It's not a big change - it's adding a field, a table, and a filtering line to the outgoing SQL select statement that chooses what a domain accesses when it requests the feed. Access level control has been a thing for content management systems for 20 years - this is not a big ask.
But to be honest, as you're the third person to have this misconception, I'm getting to the point where I'm almost tempted to crack open the kbin code and see if I can do it myself.
Again, you're talking about changing the ActivityPub protocol. Objects aren't published the way you think they are. It's more like batch processing. This simply can't be done at scale without massive investment.
Edit: ActivityPub is closer to an RSS Feed than it is to sending out what you publish to each server. It makes it's lsit available to others (who don't have this filter you're talking about) and they grab the whole thing. They don't scan each item and grab it as they go. And again, that scanning is done by them, not the hosting server. The feed is open by default. There is no real authentication and identity at the level you'd require to transform this into an entirely different product (a CMS).
I'm going to have to dig into it more, as filtering content from an API feed based on the referring domain's api credentials is something that's commonplace in the private sector and on other open source projects - in fact, I've recently built some reports in Quicksight that do exactly that, and output results on a secure row level basis.
I think it appears more daunting than it is (context I've been a web dev, analyst, ecom manager for 20+ years), but I haven't yet had time to dig into the code. As you're now the fourth person to make this claim, I'm now inspired to actually go and dig into this and see if I can hack it on my own. If I manage to do it (or it results in total failure), I'll update my opinions and these posts accordingly. Disclaimer - I am lazy and slow, so this may take a bit.
Yeah, you can filter your feed. No one is arguing that. But you can't filter the feed to someone else. That's not how it works. I also don't understand why you have to keep throwing around your supposed credentials when you haven't been able to understand a simple web api concept. If you want Threads not to see you, they need to defederate your server. You don't honestly think this server is posting to information to every other server individually, do you? Those servers grab information and that information is the same for every server that grabs it. It does not publish individual feeds to individual servers. That's ludicrous when you consider the minimum specs for a server.
Your credentials don't mean much when you can't provide any hint of skill to make it mean much.