Themis Dev Diary #3

This will be a much quicker post than the last two, and there’s a very good reason for that. You see, I’ve never implemented a spec before. ActivityPub isn’t the easiest, from what I can tell, and it’s exposed quite a few…deficiencies in my design for Themis. So, at the moment, I’m spinning my wheels a bit.

The crux of the issue is the way the spec expects me to communicate. ActivityPub uses activities for that (duh). These are objects with a number of properties, one of which is an ID. These have to be globally unique, and the easiest way to do that is to tie them to the originating server. So the server at example.com, for instance, can make IDs of the form example.com/activity/1234: the last number is different for each new activity, and it probably comes from the autogenerated database key. (An alternative is UUIDs, which I use elsewhere in Themis. Flake IDs—what Pleroma uses—are another option, if you’re looking for something that can be sorted chronologically, which is required by certain parts of the spec.)

So far, not so bad. But the AP spec wants these IDs to be URIs. And that means I have to format them properly. The problem is, a URI has a few necessary components. I have to account for subdomains, for instance. And the difference between HTTP and HTTPS, because somebody might use the former (I am for my dev instance, so why not?). Let’s not forget nonstandard ports, either. Listening on 80 or 443 requires root privileges on Linux, and NestJS defaults to 3000.

Putting all that together proves that my initial idea of just storing an origin host name alongside the names of groups and users is, to put it mildly, inadequate. Yesterday, I added a new Server object, which will store every part of a URI except the path. Hopefully, that’ll be enough to make ID generation a lot easier. And let’s also hope I don’t break too much in the process.

Anyway, once I get that done, I’m thinking the rest of ActivityPub will be relatively simple. Not easy, mind you, but I actually have made some progress on implementing the client-to-server portion of the spec, which is something even Mastodon isn’t doing. Give me a few more weeks, and I think I’ll be ready for Alpha 6. Until then, keep your fingers crossed that I don’t screw this up too much.

Themis Dev Diary #2

It’s been a few weeks, and this project of mine is still moving along. Maybe not as fast as I would like, but I am making progress. Since the last post, I’ve spent much of my coding time working on what I consider the biggest feature of Themis: filtering. Here, I want to talk a little bit about what I mean, and why it’s so important.

My computer, my rules

Today, essentially every discussion platform is moderated. What that means depends on the place, but let’s boil it down to its essence. Moderation is censorship, plain and simple. Sometimes it’s necessary, sometimes it serves a purpose, but a moderated community is one that has decided, either by collective choice or external fiat, to disallow certain topics. More importantly, the administrators of the platform (or their anointed assistants) have the power to remove such content, often without debate or repercussion.

Removing the users that post the prohibited content is the next step. If online communities were physical, such suspensions would be the equivalent of banishment. But a much larger site like Facebook or Twitter, so integrated into the fabric of our society, should be held to a higher standard. When so much in our lives exists only in these walled-off places, banning is, in fact, more akin to a death sentence.

It is my strong belief that none of this is necessary. Except in the most extreme cases—automated spamming, hacking attempts, or illegal content that disrupts the infrastructure of the site—there really isn’t a reason to completely bar someone from a place simply because of what others might think. Themis is modeled on Usenet, and Usenet didn’t have bans. True, your account on a specific server could be locked, but you could always make a new one somewhere else, yet retain the ability to communicate with the same set of people.

This is where Facebook, et al., fail by design. Facebook users can only talk to each other. You can’t post on Twitter timelines unless you have a Twitter account. On the other hand, the “fediverse” meta-platform of Mastodon, Pleroma, etc., returns to us this ability. It’s not perfect, but it’s there, which is more than we can say for traditional social media.

Out of sight, out of mind

But, you may be thinking, isn’t that bad? If nobody wants to see, say, propaganda from white supremacists in their discussions, then how is discussion better served by allowing those who would post that content to do so?

The answer is simple: because some people might want to see that. And because what is socially acceptable today may become verboten tomorrow. Times change, but the public square is timeless. As the purpose of Themis is to create an online public space, a place where all discussion is welcome, it must adhere to the well-known standards of the square.

This is where filtering comes in. Rather than give the power of life and death over content to administrators and moderators, I seek to place it back where it belongs: in the hands of the users. Many sites already allow blocklists, muting, and other simple filters, but Themis aims to do more.

Again, I must bring up the analogy of Usenet. The NNTP protocol itself has no provisions for filtering. Servers can drop or remove messages if they like, but this happens behind the scenes. Instead, users shape their own individual experiences through robust filtering mechanisms. The killfile is the simplest: a poster goes in, and all his posts are hidden from view. Most newsreader software supports this most basic weapon in our arsenal.

Others go the extra mile. The newsreader slrn, for instance, offers a complex scoring system. Different qualities of a post (sender, subject text, and so on) can be assigned a value, with the post itself earning a score that is the sum of all filters that affect it. Then, the software can be configured to show only those posts that meet a given threshold. In this way, everything a user doesn’t want to see is invisible, unless it has enough “good” in it to rise above the rest. Because there are diamonds in the rough.

Plans

The score system works, but it’s pretty hard to get into. So, by default, Themis won’t have it. But that doesn’t mean you can’t use it. The platform I’m building will be extensible. It will allow alternative clients, not just the one I’m making. Thus, somebody out there (maybe even me, once I have time) can create something that rivals slrn and those other newsreaders with scoring features.

But the basics have to be there. At the moment, that means two things. First is an option to allow a user to “mute” groups and posters. This does about what you’d expect. On the main group list (the first step in reading on Themis), muted groups will not be shown. In the conversation panel, posts by muted users will not be shown, instead replaced by a marker that indicates their absence. In the future, you’ll have the option to show these despite the blocks.

Second is the stronger filtering system, which appears in Alpha 4 at its most rudimentary stage. Again, groups and users can be filtered (posts themselves will come a little later), and the criteria include names, servers, and profile information. As of right now, it’s mostly simple string filtering, plus a regex option for more advanced users. More will come in time, so stay tuned.

In closing

This is why I started the project in the first place, and I hope you understand my reasoning. I do believe that open discussion is necessary, and that we can’t have that without, well, openness. By placing the bulk of the power back in the hands of the users, granting them the ability to create their own “filter bubbles” instead of imposing our own upon them, I think it’s possible. I think we can get past the idea that moderators, with all their foibles and imperfections, are an absolute necessity for an online forum. The result doesn’t have to be the anarchy of 4chan or Voat. We can have serious, civil conversations without being told how to have them. Hopefully, Themis will prove that.

Themis Dev Diary #1

Yesterday, I quietly released the second alpha of my current long-term software project, Themis. For the moment, you can check out the code on my Github, which has returned to life after lying dormant for three years. I’m developing this one in the open, in full view of all the critics I know are lurking out there, and I’ll be updating you on my progress with dev diaries like this one.

The Project

First off, what is Themis? Well, it’s hard to explain, but I’ll give it a shot. What I mainly want to create with this project is a kind of successor to Usenet.

We have a lot of discussion platforms nowadays. There’s really no shortage of them. You’ve got proprietary systems like Facebook, Twitter, and Disqus; old-school web forums such as vBulletin, XenForo, and the more modern NodeBB; open, federated services like Mastodon and Pleroma; and the travesty known as Discourse. No matter what you’re looking for, you have options.

Unless you want the freedom, the simplicity, and the structure Usenet brought to discussions so long ago. That’s what Themis aims to recapture. My goal is to make something that anyone can install, effectively creating their own node (instance, in Mastodon parlance) that connects (federates) with all the others.

So far, that’s not too different from most of the “fediverse” platforms, but here’s the kicker. While Mastodon, Pleroma, GNU Social, and Misskey all focus on a flat, linear timeline in the vein of Twitter, Themis will use a threaded model more akin to newsgroups. Or Reddit, if you prefer. (Yes, there’s Prismo as the federated counter to Reddit, but bear with me.)

Also, while the current drama on most any platform is about banning, filtering, and censorship, I want to make Themis a place where speech is free by default. Rather than hand all the power to server admins, who can implement blocklists, filter policies, etc., Themis is going to be focused on user-guided filtering. If you don’t want to see what a certain user says, then you block that user. If you don’t like a specific topic, you can hide any threads where it’s discussed. And so on.

In my opinion, that’s a more viable model for open discussion. Rather than skirt around sensitive topics out of the fear of “deplatforming”, we assume that users are adults, that they have the maturity to know what they like and don’t like. The filtering system will need to be robust, powerful, and precise, but the key is that every part of it will be in the user’s hands. Yes, admins will still have the ability to ban problematic users (only on their server, of course) and remove posts that may violate laws or rules, but these should be the exception, not the rule.

Also, Themis is group-oriented. Every post falls into at least one group (crossposting isn’t implemented yet, but I’m getting there), and every group contains a set of threads. This will also fall into the filtering system, and here’s a place where admins can steer the discussion. A “tech” group on example.social, for instance, would follow the rules of that server, and it might have an entirely different “feel” to the tech group on themis-is-awesome.tld. Configuration will allow admins to make groups intended only for local users, or invite-only, or moderated in the classic “all posts must be approved” style.

Where we are now

At the moment, most of this is a distant dream. I won’t lie about that. Themis is at a very early alpha stage, and there’s a lot of work left to even get it feature-complete, much less in a state worthy of release. To make matters worse, I’m not entirely sure how possible it is. I’m working alone, and I’m not the best programmer out there.

I’m giving it a shot, though. In only six weeks, I’ve gone from nothing more than a skeleton app in a framework I’d never even used to something that actually runs (albeit only on localhost). As of the 0.0.2 release, you can create an account, log in, view posts, add new ones, and reply to existing ones. The group creation functionality isn’t there yet, authentication is…haphazard at best, and the admin section is next to nonexistent. But that’s what alphas are for. They’re for getting all these pieces into place, even if there are a lot more of those pieces than you first anticipated.

What’s next

As I said, Themis isn’t even close to beta yet. I’ll likely put out quite a few more alphas in the coming weeks. The third release, if all goes well, will add in an admin control panel, plus the necessary scaffolding for site settings, preferences, and other configuration stuff. Alpha 4, in my vague mental outline, will fix up the posting functionality. Future milestones include group creation, filtering (a big one!), network optimization, and so on.

The beta releases, assuming I make it there, are all about getting Themis where I want it to be. That’s when I plan to start adding in federation, even better filtering, ActivityPub support, and an NNTP gateway, among others. (In case you’re wondering, I don’t have the slightest idea how to do half of that. And here I thought I’d be reading fiction in 2019! Nope, looks like specs instead.)

In my wildest dreams, all this somehow works out, and I can make a stable 1.0 release on October 1st. Stay tuned to see how that pans out.

If you want to help with Themis, or just take a look at it, check it out here. For the techies out there, it’s written in Typescript, using NestJS for the back end, Vue for the interface, TypeORM as a database abstraction layer, Axios for HTTP, Passport and JWT for authentication, and a whole bunch of other libraries I can’t remember right now. The project is entirely open source, under the MIT license (not AGPL, as so many other fediverse projects are), and I promise I’ll take a look at all serious suggestions, issues, bug reports, and advice.

Whatever the future holds, I’ll call this venture well worth it. Maybe I’ll burn out and fade away. Maybe I’ll change the world as much as Gargron and Lain are doing. I don’t care what the outcome is. I’ve found a passion, and this is it.

Practical Typescript: dice roller

In the last few “code” posts of Prose Poetry Code, there’s been one thing missing. One very important thing, and you might have noticed it. That’s right: there’s no code! I’ve been writing about generalities and theory and the like for a while now, but I’ve been neglecting the ugly innards. Part of that is because I haven’t been in much of a coding mood these past few months. Writing fiction was more interesting at the time. But I’ve had a few spare hours, and I really do want to get back into coding, so here goes.

A while back, I mentioned Typescript, a neat wrapper that sits on top of JavaScript and generally makes it palatable. And at the end of that post, I said I’d be playing around with the language. So here’s what I’ve got, a practical example of using Typescript. Well, dice rollers aren’t exactly practical—they’re a dime a dozen, and nobody really needs them—but you get the idea.

The code

I’ve posted a full ZIP of the code, including a config file, an HTML skeleton, and the JavaScript output. But here’s the Typescript code (dice.ts) for your perusal.

// Simple function simulating a single die roll
function roll(sides: number): number {
    return 1 + Math.floor(Math.random() * sides);
}

// Our "back-end" will roll a number of simulated dice,
// possibly adding a bonus or subtracting a penalty.
// It will return an object containing the rolls and their total.
// (This is really for no reason other than to show off interfaces.)
interface RollResult {
    rolls: number[],
    total: number
}

// Roll a number of dice, and return the results,
// using the object we defined above.
function rollMany(count: number, sides: number): RollResult {
    let rolls : number[] = [];

    for (let i = 0; i < count; i++) {
        rolls.push(roll(sides));
    }

    let result = {
        rolls: rolls,
        total: rolls.reduce((a: number, b: number) => a+b, 0)
    };

    return result;
}

// This is where the interactive portion of the script begins.
// It's really just basic DOM stuff. In a moment, we'll actually
// hook it all up to the page.
function diceRoller() {
    console.log("Rolling...");

    let countBox = document.getElementById("count") as HTMLInputElement;
    let sidesBox = document.getElementById("sides") as HTMLInputElement;
    let addsBox = document.getElementById("adds") as HTMLInputElement;
    let resultRollsText = document.getElementById("result");
    let resultTotalText = document.getElementById("total");

    let count = +countBox.value;
    let sides = +sidesBox.value;
    let adds = +addsBox.value;

    let result = rollMany(count, sides);
    let totalRoll = result.total + adds;

    resultRollsText.innerHTML = result.rolls.join(" ");
    resultTotalText.innerHTML = ""+ totalRoll;
}

// This clears out our results and options.
function clearAll() {
    console.log("Clearing...");

    // Note that this gives us an HTMLCollection...
    let boxes = document.getElementsByClassName("entry");

    // ...which can't be used like an array in for/of...
    for (let b in boxes) {
        // ...and contains only generic HTMLElements.
        (boxes[b] as HTMLInputElement).value = "";
    }

    let resultText = document.getElementById("result");
    let totalText = document.getElementById("total");
    resultText.innerHTML = "";
    totalText.innerHTML = "";
}

// Here's where we connect our functions to the page.
document.addEventListener("DOMContentLoaded", function () {
    let clearButton = document.getElementById("clear");
    let rollButton = document.getElementById("roll");

    clearButton.onclick = clearAll;
    rollButton.onclick = diceRoller;
});

Honestly, if you’ve seen JavaScript, you should have a pretty good idea of what’s going on here. We start with a helper function, roll, which does the dirty work of generating a number from 1 to N, exactly as if you rolled a die with N sides. (It’s not perfect, as JavaScript uses pseudorandom numbers, but it’s the best we can do.) If you take out the two type declarations, you wouldn’t be able to tell this was Typescript.

Next comes something that inarguably identifies our source as not normal JS: an interface. We don’t really need it for something this simple, but it doesn’t cost anything, and it’s a good check on our typing. Our RollResult interface simply defines an object “layout” that we’ll pass from our back-end rolling function to the front-end output. If we screw up, the compiler lets us know—that’s the whole point of strong typing.

After this is the rollMany function. It builds on the simple roll, calling it multiple times and storing each result in an array. This array, along with the sum of its contents, will become the returned object, matching our interface.

We’ll skip over the diceRoller function briefly, as it’s the grand finale of our little app, and I wanted to save it for last. Instead, we move to clearAll. It would be an unremarkable DOM manipulation function, if not for two quirks in Typescript. First, our simple HTML page defines a few entry boxes: one for the number of dice to roll, one for how many sides each die has, and one for a flat bonus or penalty to add to the total. These are <input> text elements, and they all have a CSS class of entry. Iterating over them (and only them) should be a piece of cake, right?

Not quite. See, the obvious way to do this, document.getElementsByClassName, returns an HTMLCollection, which isn’t quite the same thing as a JavaScript array. And Typescript, unless you tell it to spit out the latest and greatest ECMAScript standard (and I haven’t), won’t let you use the easier for..of loop. Instead, you have to use for..in, which iterates over the keys of a collection—for arrays, these are the indexes.

And that brings us to our second problem. See, our DOM collection is full of HTMLElements. These could be anything at all, and are thus usable as essentially nothing. In particular, we can’t change the value property that all input textboxes have, because not every HTML element has them. As any Java or C# programmer knows, we need an explicit cast into the more specific type of HTMLInputElement. That seems like needless drudgery, but it pays off in more complex applications, and we could always use jQuery or something instead. In a “real” setting, we probably would be.

The areas where we output our rolls and their total are simple divs. We don’t have to do any casting with them; we can just clear their innerHTML properties. And the last bit is not much more than your usual “let’s set up some event handlers” block.

That leaves diceRoller. First up are a few variables to hold the DOM elements: 3 text boxes and 2 output areas. Again, we have to do a cast on anything that’s an input element, but that should be old hat by now.

Following that, we make a few variables that hold our input values in number form. I used the idiomatic “unary plus” conversion from string to number here.

Next comes result, which holds (naturally) our resulting roll. I threw in a totalRoll variable to hold the total (including the “adds” roll bonus/penalty), but you don’t really need it; you can calculate that as you’re putting it into the output field. Speaking of which, that’s where we end: joining the result array into a space-separated string (you could use commas or whatever), then putting that and the total into their proper places.

Conclusion

So Typescript isn’t that hard. Counting comments and blank lines, this little thing weighs in at about 80 lines. The resulting JavaScript is less than 50. The difference comes from the strong typing, an interface definition that is purely for the benefit of the Typescript compiler and the programmer, and a few other odds and ends that contribute nothing physical to the finished product.

It may seem silly. We’re writing more code, locking ourselves into the type system, and we’re not really getting much out of it. Sure, we’ve got protection from typos. If I’d misspelled the name of one of the RollResult fields, I’d get an error telling me where I went wrong, but that’s about it.

For something this simple, even that’s enough. I get that error when compiling. I don’t end up with a blank screen or unresponsive page and no indication as to why. JavaScript’s dynamic nature is great, but it’s also terrible. In coding, unlike in real life, there’s such a thing as too much freedom.

Now, if you like, feel free to take this tiny app and improve on it. The HTML, for instance, expects a stylesheet; you could make one. Add in some bells and whistles. Throw up a few preset buttons. Store the last 100 rolls in DOM local storage. Most of all, have fun with it.

Playing with TypeScript

JavaScript sucks, and we all know it. But it’s the lingua franca of the web (not like WebAssembly is ever taking off), so we have to learn to deal with it. That doesn’t, however, mean we have to write it. Oh, no. There’s a whole subculture of languages that compile into JavaScript, meaning you can write your code in something that looks sane (to you) without worrying about the end result being readable.

This trend really started a few years ago with CoffeeScript, which did an admirable job of making JS look like Ruby. From there, similar projects spun off, like Coco and LiveScript, which were far better in that they didn’t have anything to do with Ruby. And then Microsoft got involved. That’s where TypeScript comes from. Yes, that Microsoft.

But it’s not as bad as it sounds. The language and compiler use the Apache license, and that gives us a bit of protection from the worst of corporate silliness. And that means it might be interesting to look at TypeScript for what it is: an attempt at making a better JavaScript than JavaScript.

Up and running

TypeScript fits into the usual Node-hipster-modern ecosystem. You can install it through npm, and it works with most of the other big JavaScript tools like testing systems. Some of the big “web app” frameworks even use it by default now, meaning that I’m a little behind the times. Oh, and you can also use it with Visual Studio, but I can’t, because that’s Windows-only. (And VS Code is not the same.) But you don’t have to: the homepage even has a link to TypeScript support for the best text editor out there. I’ll leave it to you to decide which one that is, but I’ll tell you that it’s the same one I’m using to write this post.

My type

So you get TypeScript installed, and you’ve got a nifty little compiler that spits out perfectly fashionable JavaScript, but what about the source language? What’s so special about it? In a word: types. (You’ll note that this word makes up half the language’s name.)

Essentially, TypeScript is nothing more than JavaScript with strong typing. That may not seem like much, but it’s actually a huge change that alters the whole way you write code. Variables are typed, functions are typed, objects are typed. To be fair, they all are in JavaScript, too, but that language doesn’t do anything with those types. TypeScript is made to use them. By itself, that’s almost enough to overcome my instinctive hatred of all things Microsoft. Almost.

On top of the bare bones JavaScript gives us, we’ve got tuples, enums, generics (C#-like, so not the best we could get, but far better than what JS offers), and an any type that lets us ignore the type system when necessary. If you wanted to, you could just about get away with writing regular JavaScript, tagging everything as any, and running it through the TypeScript compiler. But why would you do that? You’re supposed to be using a better language, right? So use it! Besides, like any decent strongly-typed language, we can use type inference to save us most of the trouble of specifying what something should be.

The next level

Just having the added safety of stronger typing already gives TypeScript a leg up on its parent language. But if it didn’t offer anything else, I’d tell you not to bother. Fortunately for this post, it has a lot more.

JS is currently in a state of flux. Most (but not all) browsers support ES5, some let you use a lot of the new ES6 features, and the language standard itself has transitioned to the ridiculous rapid-release model that’s all the rage today, so it’s looking like we’ll soon be back in the bad old days of “Best viewed in {browser X}”. Polyfills can only take us so far, you see. For coders writing raw JavaScript, it’s a serious problem making something maximally compatible, and most just throw their hands up and say, “Just use Chrome like everyone else.”

That’s another case where I’ll give the MS team credit. TypeScript takes a lot of the newer JS additions and lets you use them now, just like Babel or other “transpilers”. You can declare your variables with let instead of var, and the compiler will do the right thing. You get the new class syntax for free, which is great if you never could wrap your head around prototype OOP. Generators aren’t even in JS yet, so TypeScript even looks a bit like the future in some cases.

Reservations

If there’s anything wrong with TypeScript, it’s not the kind of thing that shows up in a cursory inspection of the documentation. No, the main problems are twofold. One, it’s a project started by Microsoft, a company with a history of bad blood towards the open source community. The Apache license helps in that regard, though I don’t think it can ever completely alleviate some people’s fears.

Second, TypeScript has been around for a while now, but it’s only recently been picking up steam. Angular and React both like it a lot, as do some indie game engines like Phaser. But the JS community is fad-driven, and this new acceptance could be an indication of that. If TypeScript is simply “the next big thing”, then interest will fade once some other shiny thing catches the eyes of the hipsters. We can’t prevent that, but we can do our best to ignore it.

Will TypeScript become the future of web development? I can’t say. It’s definitely one option for the present, though. And it’s a pretty good option, from what I’ve seen. I think I’ll play around with it some more. Who knows? Maybe I’ll show you what I’ve made.