flipboard.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Welcome to Flipboard on Mastodon. A place for our community of curators and enthusiasts to inform and inspire each other. If you'd like to join please request an invitation via the sign-up page.

Administered by:

Server stats:

1.3K
active users

Mike McCue

In addition to turning off their API, has also inexplicably turned off access for users to sign in to Flipboard and other platforms with Twitter SSO.

This is an unacceptable breach of trust between Twitter and their developers and users. Twitter must be held to account here.

@mike,

As you know, this goes on, and on, and on with platforms that assume they control a monopoly.

The only way to avert these disasters is via proper exploitation of loose-coupling that's been delivered on a platter by the #Web.

Right now, I am a little concerned about #Mastodon #API overshadowing the #ActivityPub protocol re loose-coupling of clients and severs across the #Fediverse.

Most think this is okay, but we've seen this movie before++

@kidehen Totally. The gave us a bit of a jump start with our integration but we are committed to integrating at the protocol level. It's interesting to learn about the pros and cons of the API approach vs. the protocol approach.

@mike,

Yep.

Open protocols are the ultimate protection against inevitable compromise.

Only implementing a part of the #ActivityPub protocol weakens the #Fediverse as an open #SocialMedia collective comprising loosely-coupled clients and servers.

/cc @Mastodon

@kidehen I agree with you. [edited]

It's not sustainable to build a new social graph around every type of experience.

We should have apps that create activities that go into one social graph, and that draw on that one social graph.

@mike you should keep building on the API. I think it's the right move.

Eventually we'll have a more standard API, the ActivityPub client API, and you can use that standard one or the Mastodon one or both.

@kidehen @mike

I'm sorry to jump into the conversation and I agree that standards are the right thing but in this case the right standard is the client API, not the server-to-server protocol.

@evan @kidehen What's great is that either way, there's no risk of someone deciding to just turn it off.

@evan,

Again, how is it that you don't glean the quest for a client-server implementation of the #ActivityPub protocol from my comments?

The server-server implementation by @Mastodon only addresses part of the problem re loose-coupling of clients and servers across the #Fediverse.

BTW -- This situation is very similar to #Email where even hosted services like #GMAIL support #IMAP4 and #POP3 rather than just #SMTP .

I hope my position is clearer now?

/cc @mike

@evan @kidehen @mike Credit where credit is due as well - making ActivityStreams an RDF vocabulary was a really great idea that allows the social graph to represent objects/concepts/etc. which nobody contemplated when it was made.

The trouble is, as with all great RDF things, getting people to parse it as RDF and not its serialization format (JSON-LD here) so they aren’t broken by novel but conformant uses of ActivityPub/ActivityStreams.

@evan @kidehen @mike (also I realize you don’t need your own thing explained, but I didn’t want to leave context out for anyone browsing the thread who might not know what “creator of GNU Social” means, and “RDF was an excellent choice” on its own is confusing to anyone who isn’t familiar with the underpinnings :))

@ZiggyTheHamster

I don't know whose idea it was to make AS2 based on JSON-LD. Definitely not mine; I assume James Snell's.

If I remember correctly, it was already assumed by the time we started the WG. We may have had some conversation about it during the group meetings.

I think @jasnell had done a draft of AS2 previously as an RFC for IETF maybe? It may have been JSON-LD back then.

@evan @ZiggyTheHamster yeah that was me. The original ietf version was not JSON-LD, but it was switched quickly after a few discussions around it. It adds complexity, yes, but also a great deal of processing flexibility. It was critical that we also maintained that "It's just json" feel to it tho, which is why we constrained the serialization.

@evan @kidehen The ActivityPub Client API sounds interesting. Is this actually underway?

@mike @kidehen it is a part of the AP spec, but not implemented by Mastodon, so not widely used.

@evan,

I haven't said anything about "every type of experience" so I don't understand how you've drawn that conclusion.

A little more confusing is the fact that you say "Eventually we'll have a more standard API, the ActivityPub client API, and you can use that standard one or the Mastodon one or both." which is my fundamental point.

I explicitly said:
Options are better for the #Fediverse than a product-specific #API re loose-coupling of clients and servers.

What did I miss?

/cc @mike

@kidehen @mike sounds fair!

I thought you were recommending that Flipboard integrate through the server-to-server protocol, which I think is a bad architecture.

Supporting AP C2S would be great.

@evan,

I didn't say or insinuate that. I was simply expressing concern about the server-server centricity of @Mastodon in relation to its #ActivityPub support.

Simplest example is #Email where #SMTP plays the role of #ActivityPub re moving #mbox docs across outboxes and inboxes; with #IMAP4 (a client-server protocol) handling retrieval.

Even #GMAIL supports #IMAP4 (and #POP3) while also having its own #API.

@Mastodon should operate in similar fashion is my point 😀

/cc @mike

@kidehen @Mastodon @mike

I'm sorry I said you were wrong then! We are 100% aligned.

@evan,

Good thing that's come out of this conversation is the emergence of a comparative stack for those unfamiliar the general pattern for interacting with inboxes and outboxes unleashed via #email.

#GMAIL is the hosted equivalent of @Mastodon.

#SMTP is the server-server protocol for delivering #mbox docs to inboxes and outboxes.

#IMAP4 is the client-server protocol (implemented by GMAIL but missing from Mastodon).

#ActivityStreams is the mbox payload equivalent.

/cc @Mastodon @mike

@kidehen @Mastodon @mike

I really think it would be interesting to have a public API façade for AP C2S -> Mastodon API.

@evan @Mastodon @mike Yes, that's fine too. Developers can work with #API abstractions for specific programming languages or directly at the #HTTP protocol level -- just like in the world of #email as demonstrated by #GMAIL (courtesy of its support for #IMAP4)

@evan @kidehen If you mean a pubic API façade for the Mastodon API, that may be impossible. Mastodon has an #ActivityPub inbox endpoint, but it does not have an Activity inbox per se (the received activities are not stored, just applied to the Mastodon data store).

I would be interested in the opposite direction (and possible). So we have an ActivityPub C2S endpoint, and convert it to Mastodon.

This is probably still hard, but should be possible by adapting any existing software supporting the Mastodon API + ActivityPub. The hard stuff is: Who gets to manage the ids?

@steve @kidehen yeah, I haven't looked closely enough at the Mastodon API to say for sure.

But you can do some reverse engineering.

If you have a stream of objects, each of those has a Create activity.

Edited items can get an Edit activity.

A collection of likers can be interpreted into Like activities.

IDs will be incorrect or missing. Dates will be wrong or missing.

It's imperfect but façades always are.

@evan @kidehen @mike

I'd love to see an analysis of the tradeoffs of using a standard API vs using a standard protocol inn the context of creating one social graph.

@bhaugen @evan @mike Imagine if #GMAIL only offered an #API without support for #IMAP4. The tradeoffs would be quite negative i.e., no additional experimentation required.

Every modern #email app supports #IMAP4 for interacting with inboxes and outboxes managed by a mail server.

Email is a generic function. Sociality via a #Fediverse should be similar. All that's required is support for the client-server aspect of the existing #ActivityPub spec 😀

@mike If only we knew how to do that, eh?

@mike I'm just in shock over how he's ruining any sort of trust in the system. On top of all the other insanity, choosing to break the oauth logins is just something you can't come back from. It's meant to tie people to your platform. A useful benefit.

It's basically as dumb as his plan a while back to block all outgoing URLs.

@mike just let Twitter go, mate. Musk is riding it into irrelevance.

@mike Seems like a pretty clear case of tortious interference with contract. If you're not already on the line with a lawyer, I'd get on it. It's not hard to draw a direct assertion that Twitter did this with the knowledge that it would cut users off from services that may be seen as competitors (like Flipboard).

@mike The only thing to do is to stop using bird app.

@mike This is one reason I always choose to create accounts directly using my email and a password. Not even a Facebook or Google Log in.

You never know when that 3rd party could up and vanish or cut off access.

@mike @Gargron don’t tell anybody, but Chirp for WatchOS is still somehow working…

@mike @Gargron unacceptable to whom? By what mechanism do you propose they be held to account?

Don’t get me wrong, I’d love it if this were true. But I think the reality is that the only reckoning they will face is bankruptcy, which will probably happen fairly soon regardless of this sort of death-throes flailing.

In the future we should all try to avoid this sort of service dependency without enforceable, binding contractual agreements.

@glyph @mike @Gargron Agree. This what it looks like when users are the product. Not the cooperative governors, directors or shareholders, or even customers, to whom the company may actually be held accountable.

@mike
Could it just be broken, they don't seem to have any clue anymore.

@wilford i hope that's the case. Will be digging in more tomorrow to understand better.

@mike Maybe that's why my WordPress blog wasn't syncing to Twitter.

@mike This is interesting, I just tested the Twitter SSO integration in our LMS #OpenOlat and it still works. Wonder if it does not work with Flipboard due to request limitations on Twitters side. I think I‘ve read that a certain number of API calls are free.

In any case it is stupid to not allow making use of the SSO API, this obviously rather turns user away from Twitter than binding them…

@gnaegi Thanks. We will check this out. cc @JsonCulverhouse and @greg

@mike Hey Mike, your background picture is great, I am getting wet hands… ;-) Hav a nice day!

@gnaegi Hah! Yes, that was from climbing in the Gunks last fall.

@mike Just curious, how do you propose holding Twitter to account?
I mean I would 💯 love it if it could be done but it seems Musk only cares about the effect on Tesla stock price which is back upto 200$ a share.
He doesn’t seem to much give a damn about peoples opinions nor even people leaving the platform.

@mike we have to remember that when we don't pay for the product and there is no contractual bonding, this might happen (a service closing or a part of the service). We have to build our own infrastructures as society or pay for them. #FOSS is not so different, if it's for free it might go away the same way. Even paid services might go bankrupt...

@mike we are holding them accountable by abandoning Twitter 🤷‍♂️
They’re a company with a proprietary product. If they want to burn trust that’s their mistake to make

@mike @mmasnick I’ve been thinking that Twitter’s SSO was going to bite people in the ass here eventually. That it’s an option for logging into payment services like ko-fi really didn’t seem like such a great idea.

@mike I was curious to see what happened with SSO. Not surprising but disappointing. 😐

You mean the "login with twitter" thing? This has the potential of locking people out of their accounts 🤔

@mike it certainly works against them. It seems like a really unsmart move.

@mike Been a Flipboard user for over ten years and was so pleased this last February that it had integration with the Mammoth app. It’s been a very nice game changer❗👍🏼

@Precis just saw this. Makes me very happy to hear that Tom.

@mike the writing was on a wall for a while, though. Why would anyone trust Twitter SSO after all the recent events?

@mike @anildash I hope this didn’t come as a surprise. The writing was on the wall ever since they disabled 3rd party apps without any notice what-so-ever back in January. Twitter has been untrustworthy since Musk took over.