Fediverse: Difference between revisions

From Open Metaverse Wiki
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 23: Line 23:


NOTE: * 5. Notifications is now working. However, it will need improvements. At the moment it is mostly secure, the weakness is the admin could manipulate the URL to send bogus notification messages to the user. But we assume if the admin is rogue then the whole system is botched anyway. The issue is that the new URL is requested and issued too far often, so there should be a blanket 'auto approve' to send the URL to streams. The problem with this in that case would be the use is not necessarily authenticated to approve the auto approval. So, a rogue admin (or possibly even just a user) could manipulate the system through URLs and parameters without even being logged into or having an account on streams. It opens the door. At the moment this is not possible, and the system is mostly secure, but it could be better designed in terms of convenience, but the trick is avoiding reduction in security.
NOTE: * 5. Notifications is now working. However, it will need improvements. At the moment it is mostly secure, the weakness is the admin could manipulate the URL to send bogus notification messages to the user. But we assume if the admin is rogue then the whole system is botched anyway. The issue is that the new URL is requested and issued too far often, so there should be a blanket 'auto approve' to send the URL to streams. The problem with this in that case would be the use is not necessarily authenticated to approve the auto approval. So, a rogue admin (or possibly even just a user) could manipulate the system through URLs and parameters without even being logged into or having an account on streams. It opens the door. At the moment this is not possible, and the system is mostly secure, but it could be better designed in terms of convenience, but the trick is avoiding reduction in security.
[[File:28f803d0b679c4f89aa91aa36a896403.png]]
Git repository at Codeberg: (opensim-dev branch) https://codeberg.org/AerisIrides/streams-addons/src/branch/opensim-dev
Not only does the streams integration create a full-featured open-source drop-in website for a OpenSimulator installation, also a directory of Fediverse users with a means to connect to 2 million active monthly Fediverse users. (stats ref. https://fedidb.org/)
ActivityPub Standard: https://www.w3.org/TR/activitypub/
screenshots:
[[File:Welcome-screen.png|Welcome Screen in Firestorm]]


Update 9/6/2023 - We now have a module that links Stellar XLM in OpenSimulator.  
Update 9/6/2023 - We now have a module that links Stellar XLM in OpenSimulator.  
Line 38: Line 51:


Cryptocurrency UPDATE 9/22/23
Cryptocurrency UPDATE 9/22/23
[[File:Merch-admin.png]]
.
[[File:Config-Code.png]]


We now have a method of adding a product, which returns a product id. The product id goes in a vendor.lsl script which queries the price and description from the website. (So, a merchant can update/manage from their personal web admin).  Vendor.lsl offers a dialog to a customer, when they click on the prim. (The merchant can put a notecard and lm for the product in the contents, and the dialog offers those to the customer, so if they are considering buying an item but haven't decided they can return easily straight to the product).  
We now have a method of adding a product, which returns a product id. The product id goes in a vendor.lsl script which queries the price and description from the website. (So, a merchant can update/manage from their personal web admin).  Vendor.lsl offers a dialog to a customer, when they click on the prim. (The merchant can put a notecard and lm for the product in the contents, and the dialog offers those to the customer, so if they are considering buying an item but haven't decided they can return easily straight to the product).  


The system is set to use $OSGAME token but a grid proprietor can set any asset or even a cryptocurrency. $OSGAME has no cash value but can be traded on public exchanges. A grid proprietor can easily create their own asset/token for under two dollars USD.


The customer clicks on the dialog "Buy" and receives a URL to the website, that automatically generates an "XDR" transaction envelope, which represents the item being purchased, the price, the currency and the buyer and seller. It's base64 encoded, and if they are a bit leery about things, they can use the verify feature on the stellar web site.  Then they must sign the transaction using their private key, on the Stellar website. (We NEVER ask for private keys in OS or the corresponding Federated web site and remind people as often as possible).
[[File:Vendor-script.jpg]]
Add notecard,landmark to contents


The customer has several options to sign on the Stellar website. They can use the private key, or they can choose from various wallets including Ledger and Trezor. I use both hardware wallets and recommend them. I also use Freighter web browser extension, but I set the security to "only enable when I click on the icon". That way it is always disabled until i specifically want to use it. If you have extensions in your browser, you might notice that they are active on every page you visit and set up to operate on demand. This is risky in my opinion, it's a setup for a phishing attack. So, I recommend disabling extensions until they are needed.  
The system is set to use $OSGAME token but a grid proprietor can set any asset or even a cryptocurrency. $OSGAME has no cash value but can be traded on public exchanges. A grid proprietor can easily create their own asset/token for under two dollars USD.  


It's possible to automate the XDR transport and signing a bit more but at this stage it's set for the most secure way, while giving the customer more options for the wallet. Automating the process more would likely tie them to a specific wallet. We could also set up a custodial wallet on the website but there are liabilities associated with that practice. It could be set so the cash value is limited, if other tokens/currencies are enabled - so limit to like 10 USD or something, with 200 users your liability is a couple grand if there's a loss. But wouldn't want to let loco people store 20k USD value in a custodial wallet. This question is for much further down the road.
[[File:Click2buy.png]]
.
[[File:Buy-link.png]]


Remaining:
The customer clicks on the dialog "Buy" and receives a URL to the website, that automatically generates an "XDR" transaction envelope, which represents the item being purchased, the price, the currency and the buyer and seller. It's base64 encoded, and if they are a bit leery about things, they can use the verify feature on the stellar web site.  Then they must sign the transaction using their private key, on the Stellar website. (We NEVER ask for private keys in OS or the corresponding Federated web site and remind people as often as possible).
Add script to deliver product when payment is received.  
Add NFT and Contracts




[[File:Wallet-Extensions.png]]


The customer has several options to sign on the Stellar website. They can use the private key, or they can choose from various wallets including Ledger and Trezor. I use both hardware wallets and recommend them. I also use Freighter web browser extension, but I set the security to "only enable when I click on the icon". That way it is always disabled until i specifically want to use it. If you have extensions in your browser, you might notice that they are active on every page you visit and set up to operate on demand. This is risky in my opinion, it's a setup for a phishing attack. So, I recommend disabling extensions until they are needed.


[[File:Xdr.png]]


[[File:28f803d0b679c4f89aa91aa36a896403.png]]


Git repository at Codeberg: (opensim-dev branch) https://codeberg.org/AerisIrides/streams-addons/src/branch/opensim-dev
[[File:Crypto-Verify.png]]


Not only does the streams integration create a full-featured open-source drop-in website for a OpenSimulator installation, also a directory of Fediverse users with a means to connect to 2 million active monthly Fediverse users. (stats ref. https://fedidb.org/)
[[File:Crypto-Sign.png]]


ActivityPub Standard: https://www.w3.org/TR/activitypub/
It's possible to automate the XDR transport and signing a bit more but at this stage it's set for the most secure way, while giving the customer more options for the wallet. Automating the process more would likely tie them to a specific wallet. We could also set up a custodial wallet on the website but there are liabilities associated with that practice. It could be set so the cash value is limited, if other tokens/currencies are enabled - so limit to like 10 USD or something, with 200 users your liability is a couple grand if there's a loss. But wouldn't want to let loco people store 20k USD value in a custodial wallet. This question is for much further down the road.


screenshots:
Remaining:  
[[File:Welcome-screen.png|Welcome Screen in Firestorm]]
Add script to deliver product when payment is received.  
Add NFT and Contracts

Latest revision as of 09:11, 23 September 2023

Opensimulator: Projects: The Fediverse and ActivityPub

The digital age has seen the rise of several social media platforms, each building its own siloed community. But a groundbreaking approach to social networking, called the "Fediverse," seeks to break down these walled gardens. The Fediverse, short for "federated universe," is a collection of interconnected yet independently operated online communities that communicate with one another. Unlike mainstream platforms where all user data resides under a single company's control, the Fediverse promotes decentralization, giving individual instances the freedom to set their own rules while still being part of a broader network.

At the heart of the Fediverse lies ActivityPub, a protocol that facilitates this decentralized communication. ActivityPub standardizes how different services, ranging from microblogs like Mastodon to video platforms like PeerTube, share and receive updates. When a user on one platform makes a post or comment, ActivityPub ensures that the message is sent, received, and understood across different participating platforms. This intercommunication means users aren’t confined to one platform's ecosystem; they can seamlessly interact with diverse services across the Fediverse.

This approach offers numerous advantages. First, it's a bulwark against censorship, as no single entity controls the entire network. Second, it spurs innovation, since developers can create new services without starting from scratch, leveraging the existing ActivityPub-based infrastructure. Finally, it returns control to users, who can choose platforms aligned with their values or even host their own instances. In an age where digital autonomy is increasingly cherished, the Fediverse and ActivityPub offer a compelling blueprint for the future of online social interactions.

Conceptually, HyperGrid can be likened to ActivityPub, which connects many heterogenous servers and allows them to all communicate and share information.

There is currently a project underway to connect the FOSS server named 'Streams' (https://codeberg.org/streams/streams) to OpenSimulator and HyperGrid. Streams is a PHP/MySQL based nomadic federated communications server created by Mike Macgirvin (https://medium.com/we-distribute/got-zot-mike-macgirvin-45287601ff19)

Here are the primary objectives of the project:

  • WORKING: Editable Welcome page for viewer
  • WORKING: Sync passwords when updated on streams instance.
  • WORKING: Password reset link works through streams.
  • WORKING: Photos marked full perm in OS will show up on streams feed
  • WORKING: "Picks" section will show up on public streams profile.
  • PENDING: Profile photo changed in OS will appear on streams profile and vice-versa
  • PENDING: Create account will happen on streams, account will be created on OpenSimulator server.
  • WORKING*: Notifications (@mentions, @replies, @privatemessage, etc) on streams will optionally appear in a popup in OS viewer.

NOTE: * 5. Notifications is now working. However, it will need improvements. At the moment it is mostly secure, the weakness is the admin could manipulate the URL to send bogus notification messages to the user. But we assume if the admin is rogue then the whole system is botched anyway. The issue is that the new URL is requested and issued too far often, so there should be a blanket 'auto approve' to send the URL to streams. The problem with this in that case would be the use is not necessarily authenticated to approve the auto approval. So, a rogue admin (or possibly even just a user) could manipulate the system through URLs and parameters without even being logged into or having an account on streams. It opens the door. At the moment this is not possible, and the system is mostly secure, but it could be better designed in terms of convenience, but the trick is avoiding reduction in security.


Git repository at Codeberg: (opensim-dev branch) https://codeberg.org/AerisIrides/streams-addons/src/branch/opensim-dev

Not only does the streams integration create a full-featured open-source drop-in website for a OpenSimulator installation, also a directory of Fediverse users with a means to connect to 2 million active monthly Fediverse users. (stats ref. https://fedidb.org/)

ActivityPub Standard: https://www.w3.org/TR/activitypub/

screenshots: Welcome Screen in Firestorm


Update 9/6/2023 - We now have a module that links Stellar XLM in OpenSimulator.


I tinkered around with different ideas like a web page browser that looks like a phone, in your hud - but it's too much of a pain to read anything that way. Also, a kiosk like an ATM with a web page prim on the front, it's easier to zoom in and read but totally inconvenient. Like if you're on a different grid then it's not easy to just pop out a kiosk to spend money or something.

I also looked at integrating economy / land purchases through the viewer. It's not so great and probably not worth the trouble. There are two things under helperURI, one to sell land and one to buy money. The actual balance and transfers to other AV and buying something happens through XML-RPC to the region - not the grid. This way currencies can change over regions (And they do that!). But for this project it's totally not convenient i think, it's only usable on your parcel(s) basically.

So What I came up with is a small hud icon that listens for commands on channel 5 so you can say "/5 bal" or balance and it will show your pubkey and balances like in the attached screenshot. you can also do like a /5 bal UUID and get somebody else's pubkey and balances, which is weird i guess because we haven't had that ability before but it's a fact of life if you have a public key to receive payments people can see how much you get. It's so cheap to make stellar accounts you could have dozens or even 100 or more if you want. So you're not walking around with 100 million XLM and become a target. We arent storing or asking for private keys so it's safe, but why expose yourself like that.

The idea is to have a drop-in script where if you want to 1) sell something or 2) create an NFT or 3) do some sort of contract thing then people can just click on it and it will magically open in their web-based wallet or something and they can sign the transaction if they want. It's basically like "do you want to pay blah blah blah" except that prompt happens outside the viewer.

I only plan to support one public key at first, maybe we can add more if people ask for it or it seems like a good idea. But it's easy to click and change your public key.

Cryptocurrency UPDATE 9/22/23

.


We now have a method of adding a product, which returns a product id. The product id goes in a vendor.lsl script which queries the price and description from the website. (So, a merchant can update/manage from their personal web admin). Vendor.lsl offers a dialog to a customer, when they click on the prim. (The merchant can put a notecard and lm for the product in the contents, and the dialog offers those to the customer, so if they are considering buying an item but haven't decided they can return easily straight to the product).


Add notecard,landmark to contents

The system is set to use $OSGAME token but a grid proprietor can set any asset or even a cryptocurrency. $OSGAME has no cash value but can be traded on public exchanges. A grid proprietor can easily create their own asset/token for under two dollars USD.

.

The customer clicks on the dialog "Buy" and receives a URL to the website, that automatically generates an "XDR" transaction envelope, which represents the item being purchased, the price, the currency and the buyer and seller. It's base64 encoded, and if they are a bit leery about things, they can use the verify feature on the stellar web site. Then they must sign the transaction using their private key, on the Stellar website. (We NEVER ask for private keys in OS or the corresponding Federated web site and remind people as often as possible).


The customer has several options to sign on the Stellar website. They can use the private key, or they can choose from various wallets including Ledger and Trezor. I use both hardware wallets and recommend them. I also use Freighter web browser extension, but I set the security to "only enable when I click on the icon". That way it is always disabled until i specifically want to use it. If you have extensions in your browser, you might notice that they are active on every page you visit and set up to operate on demand. This is risky in my opinion, it's a setup for a phishing attack. So, I recommend disabling extensions until they are needed.


It's possible to automate the XDR transport and signing a bit more but at this stage it's set for the most secure way, while giving the customer more options for the wallet. Automating the process more would likely tie them to a specific wallet. We could also set up a custodial wallet on the website but there are liabilities associated with that practice. It could be set so the cash value is limited, if other tokens/currencies are enabled - so limit to like 10 USD or something, with 200 users your liability is a couple grand if there's a loss. But wouldn't want to let loco people store 20k USD value in a custodial wallet. This question is for much further down the road.

Remaining: Add script to deliver product when payment is received. Add NFT and Contracts