Speaking as myself here, not as Spritely's CTO.
It's interesting, though a bit sparse on the details. In many ways it's
a very client-server oriented system, but with some advantage that
accounts and content can be moved. That latter part is really good of
course, servers going down is a big problem on the contemporary
federated social web.
However, there are a lot of things I am uncertain about:
- I'm still uncertain why if doing something that resembles ActivityPub
so strongly, they didn't just start with ActivityPub, or at least the
ActivityStreams vocabulary, and go from there. I did some demos that
showed off that portable encrypted storage (tahoe-style) could be
composable with ActivityPub:
https://gitlab.com/spritely/golem/blob/master/README.org
I'm not sure why they didn't start with that since they ended up with
something ActivityPub-like in many ways, even if they mutated beyond
spec compatibility... but oh well. Obviously I am hugely biased
here. I don't think ActivityPub is the end-all-be-all, but at least
it's a reasonably simple actor model system that did have a lot of
work put into, and starting with something that's fairly well
explored already and mutating from there, if you're going to build
something that resembles it closely anyway, feels like the right
thing to do, whereas there's a lot of independent invention here for
reasons that are unclear to me.
- Rather than taking an actor based directed messaging approach, it
appears to be roughly a REST'ish type system with a "heap of
messages". This is probably Scuttlebutt's influence, but even
actor-like abstractions can be introduced with certificate ocap
thinking, and I'm not sure I'm seeing anything like that here. At
the very least, this looks very "data oriented" rather than "behavior
oriented", which in many ways ActivityPub was too, but since
delivering a message to an inbox can be equivalent to invoking a
remote method on an actor, it could still be reasonably "alive".
I'm not sure I'm seeing that here. I wonder whether or not the
system will be built to support richer interactions.
- While DIDs are mentioned, effectively the system is quasi-TOFU: DNS +
TLS still takes a large amount of center stage. I'm uncertain about
this, it feels like it's good for bootstrapping but I am a bit
confused as to how it works, and as for why they invented a new DID
method. That doesn't mean there isn't a good reason, I'm just not
sure at this time.
- I believe I read somewhere on a post that private posts are not
supported currently, and this was due to currently optimizing towards
a Twitter-like primarily public system. I could be wrong, but this
is kind of strange... even ActivityPub supports private posts, and
with the above demo I linked (again, just a demo, not good enough for
production), it can even support encrypted ones. A substantial
amount of my Twitter usage *is* messaging people over direct messages
though so I think even the Twitter use case does require private
messages.
- The most alarming thing to me is the authorization + authentication
part. It's unspecified so far. ActivityPub *knowingly* "made this
mistake" because we had to since we were told that those areas had
not achieved enough consensus on the web to settle on something (kind
of grateful, I didn't know anything about ocaps at the time so we
would have ended up with ACLs, but anyway). In a sense, this might
not be a bad thing, but it looks like authentication and
authorization appear *conflated* as being mostly the same problem,
and I suspect an ACL type approach is the possible direction unless
direct correction is not taken early on. Given that not specifying
authentication and authorization in a clean way is my biggest regret
about ActivityPub, I'm surprised to see something new that's making
that same mistake and *doesn't* have a standards body telling them
they have to do it.
That said, they do have quite a few smart people on board. The spec is
in early stages, things could change dramatically. But... I feel like
for me personally, it wasn't a very exciting reveal in terms of the tech
delivered. I guess we'll see where it goes. It could be nice to
collaborate with them on several layers of abstraction anyway, and I'm
open to that still! I think Jay Graber is a wonderful and very smart
person and she's pulled in some smart people, so hopefully things could
improve. (I haven't shared this feedback with her, but maybe I should.)
- Christine