#GWGcweiske: Lots of Micropub efforts on your part still. I saw the WordPress ones.
#petermolnarI realized that twig and jinja2 are not as compatible I thought they'd be
#cweiskewith "still" do you mean "still in progress"?
#GWGcweiske, yes. I thought about getting involved when I finish my current project.
jcgregorio[m], M-mxuribe, M-hotzeplotz, rdesfo[m], M-rongladney and M-nd joined the channel
#cweiskeI concentrated on known since it correctly rendered all the content types I wanted out of the box
#cweiskeand the known micropub endpoint code is so much cleaner than the wordpress one
#cweiskewhich makes it easier for me to contribute
#GWGcweiske, I have an idea to change the Micropub code for WordPress
#GWGBut it goes back to a question I asked yesterday. Does it matter if you build a better mousetrap if it still catches mice? AKA If I implement the same functionality differently, did I accomplish anything?
#cweiskeI did not understand your remark yesterday
#cweiskeif the old trap squashed the mice and blood splattered all around, and the new does not, then yes
#petermolnar!tell snarfed I had a brave thought of posting likes/comments to FB via mbasic.facebook.com, disguised as a browser; the problem with that is that it requires username/password, but it might just work
#sknebelaaronpk: for some reason my response to your beach-pictures shows up via bridgy, but per WM only as a like not a reply. can you take a look what I did wrong?
#sknebel(my code for all that stuff is waaayyy untested...)
#aaronpkI see it there as a reply, what do you mean?
#aaronpki'm considering switching my code to detect multiple properties, but I think right now most people assume a post is only one thing when receiving webmentions
#petermolnarI'd like your (as in #indieweb) opinion: I was wondering if micropub should be possible by posting a single image, and only a single image; no content, no title, no nothing - because all of that is in the exif/iptc/xmp, in the image. I know technically this is not an issue, it's just a question of should this be 'official' or just my own hack
KartikPrabhu joined the channel
#aaronpkright now micropub allows you to do just that, since h-entry allows a post with no content other than "photo"
#aaronpkpretty sure i've done a few posts like that myself
#petermolnarfyi aaronpk there is an XMP:DateTimeDigitized field, which, in my opinion, is a good place to store the pubdate at
#aaronpkit's up to your endpoint to extract data out of the image if you want. for example my endpoint adds location data and sets the timezone from my external GPS logs.
#ben_thatmustbemepost it when i get on my home wifi at the end of the day
#ben_thatmustbemeit all comes down to really what you are doing with your endpoint, is your system creating photos with metadata, or are you creating posts with just a single photo
#Loqisnarfed: petermolnar left you a message 5 hours, 35 minutes ago: I had a brave thought of posting likes/comments to FB via mbasic.facebook.com, disguised as a browser; the problem with that is that it requires username/password, but it might just work
#snarfedpetermolnar: definitely! kylewm and others have done that before. i don't recommend it though, it's generally painful to maintain over time
#snarfedalso if you have to, i recommend using a cookie, not username/password
#gRegorLoveaaronpk: You don't authenticate for the private post yet. It's just the 401 and www-authenticate header for now. :)
#aaronpki think one of the earlier iterations enabled server A to get a token at server B without being initiated by B, but it was a lot more complicated
#aaronpkallowing unsolicited token generation also has a lot of other security considerations that don't apply when the webmention sender initiates the token generation
snarfed joined the channel
#[schmarty]I am super curious to see implementations of private webmentions in terms of storing/viewing them.
[schmarty] joined the channel
#[schmarty]I assume folks would expect a private webmention not to show up in the public version of a discussion. So maybe in a reader?
#gRegorLove"The authorization code MUST expire shortly" though
#gRegorLoveSo I'm just wondering about after the code expires, e.g. what if the receiver doesn't exchange it for a token right away. Guess they need a new code.
#gRegorLoveAnd similarly if they do exchange it for a token, they can only read the post for the day or two the token is valid (if we follow the recommendation)
#gRegorLoveDon't have a suggestion, just thinking out loud. Both require action from the sender to extend access to the post.
#aaronpkyeah, I think that's fine. this is specifically about webmention verification, which is different from full access control management
#aaronpkmy thought is that by keeping private webmentions relatively simple to implement, we can move forward on a lot of interesting uses for it. whereas trying to spec out full access control and token management it becomes much more daunting and challenging to implement.
#gRegorLove[schmarty]: My very rudimentary private posts so far don't appear in my stream or notes, so won't appear in any readers
#gRegorLoveMakes sense. I was mentally combining private posts and private webmentions.
#aaronpkah yeah. i should probably make a note of that in the FAQ
#KevinMarks1wait, so they are doubling down on u- ?
snarfed and ChrisAldrich joined the channel
#Zegnat[benatwork], what UA would you expect? My rel-me verify extension sends its own name as UA, that seemed to be an OK compromise and gets me 301s from Twitter’s t.co links.
#[benatwork]I would dearly like UAs to include the word “bot”, or to have a common phrase that we can use to mean NPC
#Zegnat“bot” feels wrong when it is not a bot (or even an automated progress)
#[benatwork]Without going into _too_ much detail, on the last two systems I’ve built I’ve wanted humans to go through an auth redirect, and non-humans to not bother with that process
#[benatwork]There’s a complicated dance that happens to ensure the security of sessions on, eg, institutional enterprise publishing platforms
#[benatwork]And it’s dumb for bots to go through that
#[benatwork]It’d be easier to whitelist bots to not do that than to whitelist human UAs
#aaronpkif it's about sessions, can't you use the presence of a session cookie to trigger the dance, whereas bots would not be making the request with a session cookie?
#[benatwork]No, because in these settings we’re dealing with multiple domains which can’t share cookies with each other, which is usually the reason for the dance
#[benatwork]Some SAML systems do this, for example
#[benatwork]So they’re literally doing the dance _because_ there’s no session cookie
#aaronpkand for bot users, you want to return the content immediately and skip the redirect checks?
#ZegnatKevinMarks, I can’t come up with anything. Some new stuff like private webmentions came out of IWC Brighton, but not much I recall from the demos that can actually be shown off
#Zegnatneeds to get that demo page written up ASAP
gkbrk joined the channel
#KevinMarks1English has absorbed so many languages that you can write it in a French or German way
ricardokirkner and begriffs joined the channel
#ZegnatI am heading off for bed an recharge to get things done tomorrow. Have a good time all!
#aaronpkKevinMarks1: i'm super excited about the new private webmention spec from Brighton, but nothing to demo with it yet
#[benatwork]Whoa, private webmentions? I had no idea. This is good
#[benatwork]This is awesome. I’d say the privacy indicator is my biggest tension - ideally in a more-than-binary way, so we know if other people can see the post, what we can do with the third-party representation, and so on. But it’s a huge step forward.
#aaronpkYep. the way I see it, the privacy indicator issue is analogous to how webmention at its core doesn't tell you what to do with the post once it's verified
#aaronpkwebmention verification is the first step to all of this, and will be the same regardless of *how* the privacy indication is done