Freedombone Blog

Freedom in the Cloud

Static Analysis for Epicyon

Recently I discovered a bug in Epicyon which was just a missing function argument, and since my background is with languages like C, where this sort of thing would be caught at compile time, I was thinking that there ought to be some static analysis tool to find bugs like this automatically. It turns out that there are a few for Python.

The tool I went with is flake8, which imposes a certain code style and also finds syntax errors, missing imports and other things. It's already packaged for Debian, and so this doesn't change the status of Epicyon as potentially being included within a pure blend.

While using flake8 other bugs were found, and they were mostly minor ones in lesser visited parts of the code. I've also added a script called static_analysis which runs flake8 on all the source files, apart from the unit tests.

So now I can have greater confidence that the code is doing some approximation of what it's supposed to be doing, without variable names with typos in them or missing imports.

Improving onion support

I've been improving the support for the dual use case of Epicyon in which the instance is primarily on a clearnet domain but can also be used via an onion address. Previously when accessing via an onion address in a Tor browser it would often try to revert back to the clearnet domain, but now in nearly all cases it will stick with the onion address.

This kind of dual use case is typical for apps on Freedombone, and it gives you an alternative way to get to your sites if the clearnet becomes censored - such as if there is a hostile corporate firewall between you and your server. Due to the existence of bridges it's difficult for firewalls to entirely block access to Tor.

The future seems more uncertain than ever and so making use of alternate domain systems, like onion addresses, DAT, SSB, I2P, IPFS and so on is probably wise, at least as a fallback. Censoring things via DNS poisoning or blocking has historically been the go-to way that authoritarian governments try to stop people having the right to read in times of "national emergency".

Relaying and Hashtag Federation

I just saw the talk about hashtag federation in the fediverse and since I havn't written anything on this topic here are my current thoughts.

I think relaying of posts, in the style of an email open relay, is probably a bad idea. It's probably a bad idea in the fediverse for the same reasons that it's usually a bad idea for email. The most obvious issue is that it easily enables spam. For example, suppose there was a hashtag for a currently urgent event. A spammer could then just flood that hashtag with ads, or a political adversary could post random garbage with the hashtag attached in order to flood out the signal with noise and make it less likely that people will pay attention to that topic.

The other issue is post integrity. Usually this is ensured by a http signature, but if a post is relayed then how do we know that the post stored on the relay is the same as the original? An evil relay could alter public posts to deliberately create flame wars and instance blocking.

So I think relaying of posts and hashtags could create more problems than they solve. In the scenario mentioned in the talk you may still get to know what's happening in a protest because people you follow will be boosting posts with the hashtag. Boosting becomes a decentralized way of distributing hashtags around between instances, without breaking the integrity checks via signatures and directly following the chain of trust from one person to another. In the relay model you need to somehow trust that the relay is not evil and it becomes too easy for bad actors to try to influence what people are thinking about a topic.

Blogging in Epicyon

Very basic blogging functionality has been added to Epicyon. There's now a blog timeline and you can select "blog" as a category when creating a new post. Blog entries are entirely public and at present they're not editable after being published, although that may change in future.

The maximum content length in terms of raw text has been increased to 32K, so that's easily enough to allow very long ranty blog posts with lots of meandering.

Blogs are published using the "Article" ActivityStreams type, and that seems to be the way that other fediverse blogging software does it too. As usual it's possible to reply to blog posts as if they were any other fediverse post, and the usual moderation settings also apply. There's an upper limit on the number of replies per post in order to avoid hellthreads and replyguys.

Once published your blog is visible under https://yourdomain/blog/yournick. Replies will only be visible if you are logged in. This isn't really a privacy feature in the familiar sense, it's more intended to avoid marketers scraping everything and trying to build profiles of how people interact.

For now I expect to continue blogging here on Bludit. Fediverse blogging is in its infancy and might become a bigger thing in future. As it stands right now Mastodon - the most popular fediverse server - doesn't appear to have the capability to display Article type posts other than showing them as a link.

DMs and Emoji

There are some recent major fixes for sending DMs and posts including emoji within Epicyon. Formerly if you were not running in debug mode then DMs just wouldn't send. It was a minor bug in the code, but with large effects.

Emojis may still not federate perfectly - especially custom ones which aren't in the standard set - but they should work more reliably than before.

Bird Control

Epicyon now has an option on the edit profile screen to remove posts arriving from Twitter.

Posts from Twitter have always been a feature of the fediverse. In the early GNU Social times bots mirroring accounts on Twitter helped to increase the amount of interesting content, since there were not many users. But if you have been pushed out of Twitter, or ragequit, or just stopped using it for ethical reasons then it's quite understandable that you might not want to be seeing any more Twitter content. Now if you prefer it then you can have the authentic fediverse experience, without the Silicon Valley pollution.