#indieweb 2016-09-04

2016-09-04 UTC
#
KartikPrabhu bear: thanks. good to know people are looking at this
thebaer joined the channel
#
aaronpk heh i usually use pin13.net or intel.com for that
userXYZ, Gold, tantek, singpolyma, KevinMarks_, KevinMarks, awolf and wolftune joined the channel
#
tantek KartikPrabhu: I use example.com for triggering those captive portals.
pl_, begriffs, KevinMarks_, mlncn, KevinMarks, tantek, wolftune and chimo_ joined the channel
#
aaronpk example.com is a good idea. /me files away a mental note
#
GWG I've been reading the mention-client.
#
GWG Trying to address some questions I have about sending webmentions
#
aaronpk has it been helpful? I believe it passes all the relevant webmention.rocks tests
#
GWG aaronpk: It's a lot of nitpicky things I'm trying to figure out
#
GWG For example:
#
GWG WordPress matches all URLs in text for Pingback.
#
GWG The current Webmentions plugin only matches URLs in links(a href...)
#
GWG And the mention client does it three different ways
snarfed, mblaney, KevinMarks, tantek and [kevinmarks] joined the channel
#
[kevinmarks] Should it mention urls in author hcards of comments? That seems like a no.
#
GWG [kevinmarks]: It only does it in the post_content block. So that isn't an issue
#
mblaney haha for anyone managing their own servers, this is great: http://xkcd.com/1728/
#
Loqi rofl
#
mblaney I thought it would be up your alley Loqi!
tantek, KevinMarks, wolftune, KevinMarks_, begriffs, snarfed, friedcell, gkbrk, cmal, rrix, Kopfstein, catsup and cweiske joined the channel
#
cweiske I was a bit disappointed that there are no working micropub cli clients
dmaczka joined the channel
#
cweiske !tell aaronpk re micropub draft: why is the media endpoint only discoverable after fetching an auth token?
#
Loqi Ok, I'll tell them that when I see them next
#
cweiske does someone know how indieauth is supposed to work with CLI clients that cannot specify a callback URI?
#
@RikMende @Rougerepertoire @dailypia here : https://srd.wordpress.org/plugins/indieweb/ if you're using wordpress or here for other CMS https://indieweb.org/projects (twitter.com/_/status/772409444290457600)
gkbrk joined the channel
#
voxpelli cweiske: like all other OAuth-based CLI clients?
#
cweiske I never used a oauth cli client
#
voxpelli cweiske: one way is to manually specify a token somewhere
#
cweiske where do I get that token from?
#
voxpelli cweiske: depends on what generates the tokens for you – if it's not your own system but rather eg. IndieAuth, then you would need a web flow that grabs it for you
#
cweiske currently indieauth requires a callback URI to which the browser is redirected
#
cweiske cli clients don't have such a redirect URI
#
cweiske that's my problem
#
cweiske voxpelli, any indieauth server that follows the current spec
#
cweiske http://indieweb.org/authorization-endpoint
#
voxpelli cweiske: on eg. GitHub one can get a token here: https://github.com/settings/tokens
#
cweiske voxpelli, then people could only use my client if they have an endpoint which supports such things
#
cweiske manual tokens
#
voxpelli cweiske: that just describes a way to discover and negotiate the way to a token – one can just as well get a token in another way
#
cweiske I'd like some process that works on all indieauth servers
#
voxpelli yeah, or you could make a web service that just echoes back the discovered token
#
cweiske I'm doing that right now
#
cweiske since I'm hosting that, I'm the one who gets access to everything
#
cweiske which is .. not optimal, security-wise
#
cweiske maybe indieauth should specify some special redirect_uri value that tells the auth server to echo the auth code
#
cweiske so auth servers implement that themselves, and I don't have to host a service for other people only because I wrote a MP client
#
voxpelli there are alternative flows to negotiate OAuth tokens that are more suitable for eg. CLI tools, TV:s etc – such as a pin-based approach, where the callback url is replace with a pin code
#
cweiske ok. unfortunately, the indieauth spec does not allow such things
#
voxpelli simplest change to make it support it would probably be to just make the redirect_uri optional in the authorization flow and if not specified then just print the code instead
#
@LukasRosenstock What's it like to attend an @indiewebcamp? Read this IWC NYC2 wrap-up by @schmarty: http://buff.ly/2bOQgWx #indieweb (twitter.com/_/status/772419204083490817)
seekr and cmal joined the channel
#
cweiske voxpelli, the "code" currently looks like this: code=ZW1vamk9JTVDMzYwJTVDMjM3JTVDMjIyJTVDMjUxJm1lPWh0dHAlM0ElMkYlMkZhbm93ZWNvLmJvZ28lMkZ1c2VyJTJGMy5odG0mc2NvcGU9JnNpZ25hdHVyZT1GSVhNRQ%3D%3D&me=http%3A%2F%2Fanoweco.bogo%2Fuser%2F3.htm&state=1472992410
#
cweiske three parameters: code, me and state
#
voxpelli cweiske: only the code query param is needed though (maybe move to #indieweb-dev?)
[kevinmarks] joined the channel
#
[kevinmarks] This sounds like it needs to learn about mf2 https://getpop.org/en/
#
@kevinmarks @mikeal http://indieweb.org too (twitter.com/_/status/772442449822097408)
seekr joined the channel
#
GWG Does anyone return json in a Webmention implementation?
seekr joined the channel
#
bear I know I would welcome an IndieAuth way to use my command line tools - right now my CLI says "after the browser opens, copy the access token..." which is not very helpful
#
cweiske bear, i'm doing that, too
#
cweiske but I'm evaluating the option to open a http server from my cli tool on a port and then use 127.0.0.1:12345 as redirect uri
#
bear that reminds me of how the google cloud tools do things
cmal, wolftune, dmaczka, mlncn, miklb and tantek joined the channel
#
aaronpk this is what the OAuth device flow is for
#
Loqi aaronpk: cweiske left you a message 3 hours, 37 minutes ago: re micropub draft: why is the media endpoint only discoverable after fetching an auth token?
cmal joined the channel
#
voxpelli aaronpk: I wonder if one could discover that a service supports that? and somehow use that?
wolftune joined the channel
#
GWG I'm thinking of completely taking over the WordPress system for sending pingbacks and switching to a webmention first, pingback fallback design.
snarfed joined the channel
#
aaronpk can you do that? that sounds like a good idae
#
GWG aaronpk: Yes.
#
GWG The current plugin sends webmentions independently of pingbacks.
#
GWG Then adds the mentioned URLs to the don't pingback list.
#
GWG But the design I'm looking at is what it would look like if webmentions were supported in Core.
#
snarfed aaronpk: http://www.webmention.io/ is just showing the nginx start page right now. intentional?
#
GWG By the way, aaronpk...the ability for a WordPress site to delegate its pingbacks to webmention.io should be in WordPress 4.7. Until now, you couldn't filter the default pingback endpoint easily. Is that a problem?
#
snarfed GWG: bridgy respond json to wms, both for hosted blogs and for publish
#
snarfed eg https://brid.gy/about#response
#
GWG snarfed: As long as I'm using the REST API, which autoconverts every output to JSON unless you turn it off, I figured I'd consider outputting as JSON.
#
GWG It doesn't seem to be forbidden in the spec
#
aaronpk snarfed: no www :(
#
aaronpk i'll add a redirect
#
snarfed aaronpk: ah thx
#
snarfed GWG: webmention.herokuapp and wm.io (i think?) might too
#
GWG Saves me a bunch of code.
#
voxpelli GWG: snarfed: I send JSON on some errors, but on most responses only send JSON or plain text if stated as an acceptable response format by client
tantek joined the channel
#
GWG voxpelli, what do you think makes sense?
#
voxpelli GWG: json sounds good
wolftune, Loqi and awolf joined the channel
#
tantek hmm - does this count as a silo quit? or perhaps just a silo reset? http://mashable.com/2016/04/08/saint-laurent-instagram
#
tantek "Why Saint Laurent abruptly deleted its entire Instagram history"
#
bear I would say silo reset
#
bear they haven't *left* instagram, just did a "winner (re)writes the history" on it
#
tantek I feel like I've seen other people do similar "wipe and start over" on silos
#
aaronpk Happy birthday Loqi!
#
aaronpk Loqi: a/s/l
#
Loqi 252465131/bot/internet
#
aaronpk 252465131 seconds = 8.005 years
wolftune, KevinMarks and [kevinmarks] joined the channel
#
[kevinmarks] What do you mean by json response form webmention? The html form an endpoint is not usually shown, so what's the json.
#
[kevinmarks] Or do you mean for output from webmention.herokuapp.com or webmention.io to construct wm responses for your site?
#
Loqi [indieweb] "Comment on Representing Indieweb at DrupalCampLA by IndieWebCamp" by IndieWebCamp on 2016-09-04 http://boffosocko.com/2016/08/27/representing-indieweb-at-drupalcampla/#comment-31991
#
GWG [kevinmarks]: I am wondering if I can return error and success responses from a webmention endpoint in JSON as opposed to plaintext
#
aaronpk absolutely
#
GWG Yes.
#
GWG The REST API infrastructure in WordPress is the 'new hotness' in endpoint construction for WordPress.
#
GWG I have never followed the bandwagon before, but I have less to build myself.
#
KevinMarks Yes, that should be fine
goodoo, tvn, pl_ and KevinMarks joined the channel
#
aaronpk whoa "Alena added a temporary profile video."
myfreeweb joined the channel
#
aaronpk https://aaronparecki.com/media/file-20160904201516-88288.gif
#
Zegnat Not going to lie, those animated profile pictures are pretty fun. Though to be fair, acegiak has been rocking one of those for some time now (hashtag-indieweb)
AndChat|566325 and goodoo joined the channel
#
@colinjohnston Another great reason to consider the POSSE content publishing model https://indieweb.org/POSSE @indiewebcamp https://t.co/iSLbDNx3bC (twitter.com/_/status/772533151960707072)
#
tantek uh oh: https://twitter.com/rachelandrew/status/772432792529539072
#
@rachelandrew Lanyrd disappearing all weekend has prompted me to work on adding speaking stuff to my own site. Amazing how much data I didn’t ‘own’. (twitter.com/_/status/772432792529539072)
#
tantek what is Lanyrd?
#
Loqi Lanyrd is an event silo focused on conferences https://indieweb.org/Lanyrd
#
tantek http://lanyrd.com "Ooops! / 503 / Gosh! Looks like something has gone a bit wrong. Don't worry though, we know and are fixing it. Please try again later. /Follow @lanyrd on Twitter for updates or email support@lanyrd.com"
wolftune, tantek and awolf joined the channel
#
tantek !tell benwerd ICYMI re: POSSE: https://twitter.com/colinjohnston/status/772533151960707072 - when a silo is down, so is any PESOS approach. with POSSE, silos going down can't stop your site.
#
Loqi Ok, I'll tell them that when I see them next
#
@colinjohnston Another great reason to consider the POSSE content publishing model https://indieweb.org/POSSE @indiewebcamp https://twitter.com/rachelandrew/status/772432792529539072 (twitter.com/_/status/772533151960707072)
KevinMarks and pl_ joined the channel
#
GWG I'm obsessing and need a perspective again
#
GWG If you are looking for webmention and if isn't there, you should go for pingback, that means I would have to look in the head for webmentions, then the body, then the head again for pingback.
#
tantek GWG, not necessarily
#
tantek I have written code to do this without having to check the head twice
#
GWG tantek: I intend to hold the head without retrieving it a second time. I'm wondering what the most efficient way to do it is.
wolftune, AndChat|566325, goodoo and snarfed joined the channel
#
snarfed !tell tantek benwerd's email to known-dev wasn't about posse vs pesos. it was about posse + backfeed vs pure indie interactions.
#
Loqi Ok, I'll tell them that when I see them next
mlncn, tantek and begriffs joined the channel
#
tantek a-ha
#
Loqi tantek: snarfed left you a message 15 minutes ago: benwerd's email to known-dev wasn't about posse vs pesos. it was about posse + backfeed vs pure indie interactions.
#
tantek snarfed, then I don't understand, as they are complementary, not vs
#
tantek GWG, did you find the code?
#
tantek GWG: https://github.com/indieweb/link-rel-parser-php/blob/master/src/IndieWeb/link_rel_parser.php (linked from /Webmention
#
tantek )
#
GWG tantek: It isn't about the code. Trying to decide how to put it together.
#
tantek hmm I suppose an outline of how to call it would help
#
GWG Every time I map it out, I feel like I'm repeating myself.
#
tantek that library helps reduce repeating yourself, that's the point
#
miklb can't remember if ASL is compatible with GPL
#
GWG tantek: Not really, alas. The code for extracting the information is already in WordPress. I'm just trying to figure out how to gracefully fall back.
snarfed joined the channel
#
snarfed tantek: try reading the email again?
#
snarfed (sorry, not trying to be snarky :P)
#
tantek snarfed, the whole premise of "APIs changing breaks POSSE" seems like arguing an absolute in a vacuum
#
GWG I just want to make sure it doesn't get criticism.
#
miklb as long as its constructive, it would only make it better
#
tantek snarfed, also really curious about how you got the "letter of the law" impression when /principles and /code-of-conduct would hopefully give a different impression?
#
KartikPrabhu GWG: ask forgiveness not permission. If anyone criticises it then think about changing
#
snarfed tantek: the api fragility point was a smaller point, just at the beginning. the bigger point was surprise and social norms around backfeed
#
snarfed for people who *aren't* part of the community, brought in via backfeed
#
KartikPrabhu tantek: the one thing I got from that email is that silo users might not realise that their responses are backfed. That seemed to be the most relevant point
#
tantek points about surprise and social norms are certainly worthy of more documentation
#
snarfed that was the primary point
#
tantek especially when there are specific instances to be documented
#
KartikPrabhu hence I put a warning in my Twitter bio
#
tantek KartikPrabhu: did you add it to /disclosure#IndieWeb_Examples ?
#
tantek KartikPrabhu: as did I with my FB profile
#
snarfed others do too! not sure that's nearly enough though
#
KartikPrabhu will do
#
KartikPrabhu what is disclosure?
#
Loqi A disclosure is a bit of content, typically on a home page, on an indie web site that proactively discloses some aspect about the site that the site owner wants the user to explicitly be aware of https://indieweb.org/disclosure
#
tantek snarfed, why is "nearly enough" the metric?
#
tantek isn't any incremental improvement a good thing?
#
KartikPrabhu oh hey I aleady have added it!
#
tantek In fact I'll even say that "not nearly enough" thinking is how you talk yourself out of shipping
#
tantek as opposed to "good enough for now"
#
KartikPrabhu snarfed: I agree that it might not be enough since the Twitter bio page is rarely visited (at least by me) when replying
#
snarfed social norms are a very different thing than shipping code
#
snarfed anyway, gotta run, definitely worth talking more later!
#
tantek no successful social network started with thinking "not nearly enough"
#
tantek so yeah, I'm going to reject that kind of framing, because it causes you to not ship
#
tantek KartikPrabhu: it's never enough. that's the problem. you can always think of more fear-based excuses.
#
miklb so if I'm understanding the conversation, people are bothered their public silo comments that are used to mine data to sell ads are bothered the comment might be aggregated with the original comment on a personal site?
#
tantek thus "not nearly enough" is nearly useless framing
#
tantek miklb - no, the assertion is, they *might* be
#
tantek that's the problem
#
KartikPrabhu tantek: yes, of course. I was simply wondering if there is a solution currently; and I didn't come up with anything
#
tantek hence the "not nearly enough" assertion
#
tantek KartikPrabhu: of course there's no solution
#
tantek there's never a solution for "not nearly enough" thinking
#
tantek the very thinking itself is flawed
#
tantek as soon as you give into "not nearly enough" reasoning, you've already lost
#
KartikPrabhu no. I was thinking of the problem: "Is there a way to warn users, while they reply on a silo, that their comment might be backfed"
#
KartikPrabhu and the current answer to all silos I use is "no"
#
miklb seems silly me. like thinking your conversation in a crowded bar is private.
#
tantek KartikPrabhu: what is the utility of such warnings? what's the use-case? (especially given that usually such warnings just get ignored by users, like nearly all warning dialogs)
#
tantek KartikPrabhu: the question "Is there a way to warn users?" presume that's a good UX, which it is not
#
tantek miklb - that's a different problem, and somewhat more nuanced, see /publics for more on that
#
KartikPrabhu the utility is to give fair warning (for sake of politeness) that their content may appear where they might not expect it to.
#
miklb right, I realize it's not perfect analogy.
#
KartikPrabhu I would want to know if my content appears somewhere I don't expect
#
KartikPrabhu same as "I might use your content for advertising"
#
aaronpk I don't know, frankly anything you put on the Internet in public you shouldn't be surprised about finding elsewhere
#
aaronpk private or semi private is different for sure
#
KartikPrabhu no. I am not surprised, but it is good to know before hand
#
tantek KartikPrabhu: there is no utility when such warnings are known to be ignored in practice
#
tantek you are assuming that giving users such warnings actually has any effect
#
tantek which has been shown to be false by study of warning dialogs
#
KartikPrabhu it does affect me. Maybe not most users.
#
KartikPrabhu I am not going by plurality here
#
tantek KartikPrabhu: I disagree. Since everything you post (what aaronpk said) would need such a warning, and currently you don't get such warnings for everything you post.
#
tantek and you still post.
#
tantek therefore it must not be affecting you.
#
tantek this is also one of the reasons that when Bridgy was first proposed, there was a strong consensus to only backfeed replies to public posts
#
KartikPrabhu yes. backfeeding only public posts is an acceptable solution in my mind.
#
tantek snarfed, and I have discussed the implications of backfeeding responses to private posts, and have yet to come up with a way that would make the privacy expectations make any sense (be predictable)
#
tantek so no one is doing it yet AFAIK (backfeeding responses to private posts)
#
aaronpk Would sharing the same privacy settings (visibility?) be appropriate?
#
tantek if there was some way you could pull that off!
#
tantek cross-site ACLs!
#
aaronpk yeah that's a can of worms
#
KartikPrabhu what is ACL?
#
Loqi ACL is an abbreviation for access control list, and in the indieweb context refers typically to a list of people who are allowed to view (and perhaps edit etc.) particular posts or perhaps an entire site https://indieweb.org/ACL
#
tantek nice
#
aaronpk say that gives me an idea
#
tantek yes if you had some way of rel=me determining that the same person would have access, then you could do indieauth based ACLs
#
tantek tough to dynamically keep consistent though
#
aaronpk That wasn't my idea ;-)
#
aaronpk the classic problem is that sites with private posts have two different ways of handling access control. In one case, people who are added can see things previously posted to that group. In the other case, people who are added can only see things posted from that point onwards.
#
KartikPrabhu is there any real need for consistency of the above across sites?
#
KartikPrabhu same way we do not require consistency in say webmention handling or parsing?
#
tantek aaronpk: I think nearly everyone has settled on the first model
#
tantek once you get access, you can see all history
#
tantek e.g. private twitter, IG, etc. accounts
#
tantek once your request to follow is approved, you see everything back in time
#
tantek same it true with e.g. W3C member-only mailing lists
#
tantek so the other model is fairly ignorable (unless you have specific examples you want to document)
#
tantek what is private?
#
Loqi private posts refer to posts or portions of posts which are private to either the author or to a limited audience chosen by the author https://indieweb.org/private
#
tantek what is a private account?
#
aaronpk hmm
#
Loqi A private account is a silo account where all posts on its profile are private, and only approved followers (or friends) can see posts https://indieweb.org/private-account
#
aaronpk private IRC channels (or other things that are not logged) are the other way. But that does seem less common
#
tantek aaronpk - that's only because of the accident of IRC logs being separate from chatting in them
#
tantek presumably once you get access to the channel, you can see all logs too
#
tantek w3c operates that way
#
tantek slack is the same way. once you get access to a slack, you can scroll back to the beginning of a channel
#
tantek anyway, for practical purposes, privacy models appear to have converged
#
tantek for anything with a permalink anyway
#
tantek I do think this (private posts) is an area indieweb is going to have to innovate soon to continue broadening reach / appeal (assuming that's a goal)
#
tantek I'm certainly hesitant to implement some post types without it (e.g. checkins)
#
tantek as noted: https://indieweb.org/Falcon#Levels_of_access
pl_ joined the channel
#
rrix aaronpk: tantek: matrix.org supports both models with room history, on a per-room basis
#
rrix http://localhost:8008/_matrix/media/v1/download/kickass.systems/dTwzsuykXXBoQLdQgjHDBHyP - 2016-09-04-165154_754x253_scrot.png (24KB)
#
rrix ah heck, that URL probably mangled
#
rrix https://fort.kickass.systems/_matrix/media/v1/download/kickass.systems/dTwzsuykXXBoQLdQgjHDBHyP
#
aaronpk rrix: wow that's thorough