#indieweb 2016-09-28

2016-09-28 UTC
brianloveswords, bear, KevinMarks, M-rongladney, jcgregorio[m], KevinMarks_, gRegorLove, M-nd, M-mxuribe and emmak joined the channel
# 02:19 
gRegorLove aaronpk: Got the private post part set up: https://gregorlove.com/2016/09/this-is-a-test-private/
# 02:19 
Loqi [gRegor Morrill] Private
M-hotzeplotz, KevinMarks and wolftune joined the channel
# 03:03 
GWG Does it matter if I build a better mousetrap, so to speak?
# 03:05 
@andrew_s_cant @spaetzel @kwlug @watcamp @BobJonkman Nothing fancy but there are some very basic #indieweb notes and links http://andrewsullivancant.ca/blog/2016-09-27-notes-for-indieweb-presentation-at-kwlug/ (twitter.com/_/status/780966516216983552)
KevinMarks_ joined the channel
# 03:54 
gRegorLove GWG: I think you'll have to be a bit more direct about the analogy :)
# 03:55 
GWG If I make my webmention endpoint better, does it matter? Or just that I build a webmention endpoint?"
# 04:01 
GWG Refactoring over results.
KevinMarks, Pierre-O, pindonga, begriffs, cweiske, AngeloGl1, friedcell and wolftune joined the channel
# 08:00 
@mothersele Oh no! #indieweb BoF clashes with @greenman's session #DrupalCon (twitter.com/_/status/781040770581159936)
glennjones, gRegorLove, pindonga, plindner, friedcell, wolftune and loicm joined the channel
# 11:32 
GWG Morning
# 11:32 
Loqi rise and shine!
# 11:33 
cweiske hiho
# 11:33 
GWG Any excitement there?
# 11:34 
cweiske 8 of my 12 pull requests for known's micropub/indieauth endpoint have been merged
# 11:34 
cweiske the next known version will have way better micropub support
# 11:34 
sknebel cweiske++
# 11:34 
Loqi cweiske has 59 karma (51 in this channel)
# 11:36 
GWG cweiske: Lots of Micropub efforts on your part still. I saw the WordPress ones.
# 11:38 
petermolnar I realized that twig and jinja2 are not as compatible I thought they'd be
# 11:38 
cweiske with "still" do you mean "still in progress"?
# 11:39 
GWG cweiske, yes. I thought about getting involved when I finish my current project.
jcgregorio[m], M-mxuribe, M-hotzeplotz, rdesfo[m], M-rongladney and M-nd joined the channel
# 11:50 
cweiske I concentrated on known since it correctly rendered all the content types I wanted out of the box
# 11:51 
cweiske and the known micropub endpoint code is so much cleaner than the wordpress one
# 11:51 
cweiske which makes it easier for me to contribute
# 11:55 
GWG cweiske, I have an idea to change the Micropub code for WordPress
# 12:00 
GWG But it goes back to a question I asked yesterday. Does it matter if you build a better mousetrap if it still catches mice? AKA If I implement the same functionality differently, did I accomplish anything?
# 12:00 
cweiske I did not understand your remark yesterday
# 12:01 
cweiske if the old trap squashed the mice and blood splattered all around, and the new does not, then yes
# 12:01 
cweiske improvement
# 12:02 
petermolnar !tell snarfed I had a brave thought of posting likes/comments to FB via mbasic.facebook.com, disguised as a browser; the problem with that is that it requires username/password, but it might just work
# 12:02 
Loqi Ok, I'll tell them that when I see them next
# 12:05 
@tvnweb IndieWeb BOF at 15:45 today. Room: Wicklow Meeting 2  #drupalcon (twitter.com/_/status/781102466108653568)
# 12:08 
GWG cweiske, I just question myself.
wolftune, pindonga, friedcell, DanC_, glennjones, loicm, tvn and adactio joined the channel
# 15:07 
sknebel how does bridgy deal with updated posts? does it create a new tweet if it is sent a new webmention, or does it ignore them?
shiflett and pindonga joined the channel
# 15:19 
aaronpk gRegorLove: !!! private post!
# 15:19 
aaronpk how do I authenticate?
loicm, pindonga and [schmarty] joined the channel
# 15:33 
[schmarty] sknebel: in my experience, bridgy publish will give an error message if you send a webmention for a URL that it's already processed.
# 15:33 
sknebel [schmarty]: thanks!
# 15:35 
sknebel aaronpk: for some reason my response to your beach-pictures shows up via bridgy, but per WM only as a like not a reply. can you take a look what I did wrong?
# 15:36 
sknebel (my code for all that stuff is waaayyy untested...)
# 15:36 
aaronpk I see it there as a reply, what do you mean?
wolftune joined the channel
# 15:38 
sknebel aaronpk: the tweet, via bridgy, but not the native post at http://www.svenknebel.de/posts/2016/9/9/, that's only in the facepile for the like
# 15:38 
Loqi [Sven Knebel] http://www.svenknebel.de/posts/2016/9/9/brighton_beach_night.jpg 
and here is matching picture in the other direction ;)
# 15:38 
aaronpk ah
# 15:38 
aaronpk it's because your post has a "like-of" property in addition to the comment text
# 15:38 
aaronpk so my post-type detection rules stop after it finds the like-of
# 15:39 
sknebel ok
# 15:39 
sknebel so don't necessarily mix those, good to know
# 15:39 
aaronpk i follow basically this https://www.w3.org/TR/post-type-discovery/#algorithm
# 15:39 
Loqi [Tantek Çelik] Post Type Discovery
# 15:39 
aaronpk i'm considering switching my code to detect multiple properties, but I think right now most people assume a post is only one thing when receiving webmentions
# 15:40 
sknebel ok, thx
# 15:42 
petermolnar I'd like your (as in #indieweb) opinion: I was wondering if micropub should be possible by posting a single image, and only a single image; no content, no title, no nothing - because all of that is in the exif/iptc/xmp, in the image. I know technically this is not an issue, it's just a question of should this be 'official' or just my own hack
KartikPrabhu joined the channel
# 15:43 
aaronpk right now micropub allows you to do just that, since h-entry allows a post with no content other than "photo"
# 15:43 
aaronpk pretty sure i've done a few posts like that myself
# 15:44 
petermolnar great
# 15:44 
petermolnar fyi aaronpk there is an XMP:DateTimeDigitized field, which, in my opinion, is a good place to store the pubdate at
# 15:45 
aaronpk it's up to your endpoint to extract data out of the image if you want. for example my endpoint adds location data and sets the timezone from my external GPS logs.
# 15:45 
petermolnar exiftool -"XMP:DateTimeDigitized"="YYYY-mm-dd HH:MM:SS"
wolftune joined the channel
# 15:51 
ben_thatmust digitized data, and date published are two very different things though
# 15:51 
ben_thatmust i would not mix those
# 15:52 
aaronpk DateTimeDigitized sounds more like created date
# 15:52 
KevinMarks No timezone?
# 15:52 
ben_thatmustbeme yes, if the post doesn't have anything else
# 15:53 
aaronpk exif doesn't believe in timezones :P https://aaronparecki.com/2016/07/16/8/geotagging-photos
# 15:53 
Loqi [Aaron Parecki] Where was I when I took this photo?
# 15:53 
ben_thatmustbeme so i'm thinking about offline mode mostly,
# 15:53 
ben_thatmustbeme 1) I take a photo
# 15:53 
ben_thatmustbeme 2) i draft some content to go with the photo
# 15:53 
ben_thatmustbeme 3) i post it all
# 15:53 
ben_thatmustbeme and all three of those are different time stamps
# 15:54 
ben_thatmustbeme not that i think many people will care about the difference between 1 and 2
wolftune joined the channel
# 15:54 
aaronpk i just re-read my post and omg
# 15:54 
ben_thatmustbeme actually they might, since i can attach a photo i took laste year,
# 15:54 
ben_thatmustbeme draft some text for it in offline mode
# 15:54 
ben_thatmustbeme post it when i get on my home wifi at the end of the day
# 15:58 
ben_thatmustbeme it all comes down to really what you are doing with your endpoint, is your system creating photos with metadata, or are you creating posts with just a single photo
# 16:04 
@calum_ryan Reviewing three years experience of #indieweb and my first Git push onboard an Amtrak! https://calumryan.com/blog/three-years-in-indieweb/ (twitter.com/_/status/781162660113027072)
# 16:05 
Loqi [indienews] New post: "Three years in learning about IndieWeb | Calum Ryan" https://calumryan.com/blog/three-years-in-indieweb/ (from https://aaronparecki.com/2016/09/28/7/)
wolftune joined the channel
# 16:14 
Loqi [indieweb] "Three years in learning about IndieWeb" by Calum Ryan  on 2016-09-28 https://medium.com/@calumryan/three-years-in-learning-about-indieweb-ff4ab543958?source=rss-------1
# 16:15 
Loqi [indieweb] "Three years in learning about IndieWeb" by Calum Ryan  on 2016-09-28 https://medium.com/@calumryan/three-years-in-learning-about-indieweb-ff4ab543958?source=rss-9e1fef3c869f------2
# 16:16 
Loqi [indieweb] "Three years in learning about IndieWeb" by Calum Ryan  on 2016-09-28 https://medium.com/@calumryan/three-years-in-learning-about-indieweb-ff4ab543958?source=rss------tech-5
# 16:29 
KevinMarks Hm, multiple feeds with the same article with different urls?
# 16:29 
aaronpk is it the query string throwing that off?
# 16:31 
KevinMarks I assume so, that will count as a different url where a fragment wouldn't
# 16:34 
KevinMarks Are you parsing a feed for that?
# 16:34 
aaronpk nope it's superfeedr pings
hs0ucy joined the channel
# 16:35 
KevinMarks Ah, so could be a id vs link problem in atom?
# 16:36 
KevinMarks Is there a rel=canonical at the html level?
# 16:39 
Zegnat There is a rel=canonical on the medium article
# 16:39 
Zegnat Actually, I am pleasantly surprised by it, because it points to calumryan.com instead of the canonical Medium URL
# 16:39 
Zegnat So it points to the actual canonical post
[benatwork] joined the channel
# 16:41 
[benatwork] ^ This happens if you use the “import story” function
KevinMarks joined the channel
# 16:50 
Zegnat [benatwork], good to know, still a pleasant surprise ;)
[kevinmarks] joined the channel
# 16:51 
[kevinmarks] benatwork can you check the suprfeeder duplicates?
# 16:52 
[kevinmarks] Ie is there a link vs id conflation?
# 16:53 
[benatwork] I know a man who can
# 16:58 
[benatwork] The GUID in the feed is actually always constant per-post
snarfed, Pierre-O, KevinMarks, jackjamieson, nikivi, hs0ucy and KartikPrabhu joined the channel
# 17:37 
snarfed morning #indieweb!
# 17:37 
Loqi snarfed: petermolnar left you a message 5 hours, 35 minutes ago: I had a brave thought of posting likes/comments to FB via mbasic.facebook.com, disguised as a browser; the problem with that is that it requires username/password, but it might just work
# 17:37 
snarfed petermolnar: definitely! kylewm and others have done that before. i don't recommend it though, it's generally painful to maintain over time
# 17:38 
snarfed also if you have to, i recommend using a cookie, not username/password
# 17:48 
gRegorLove aaronpk: You don't authenticate for the private post yet. It's just the 401 and www-authenticate header for now. :)
# 17:48 
aaronpk oh okay :)
gkbrk joined the channel
# 18:06 
gRegorLove aaronpk: I was wondering about the code and the token expiring and how the receiver can access it after the fact
# 18:06 
aaronpk one property of the way I wrote up the private webmention spec that I like is that it keeps actual access control a separate issue
# 18:07 
Loqi [indieweb] "@jfc3 Thanks! You've remind me that I need to do some accessibility work on my own personal website. #indieweb Maybe a project for #IWCLA?" by Chris Aldrich  on 2016-09-28 http://stream.boffosocko.com/2016/jfc3-thanks-youve-remind-me-that-i-need-to-do
# 18:07 
@ChrisAldrich @jfc3 Thanks! You've remind me that I need to do some accessibility work on my own personal website. #indieweb Maybe a project for #IWCLA? (twitter.com/_/status/781193504286310401)
# 18:07 
aaronpk it turns out you don't need to make a spec for token exchange with arbitrary people in order to verify private webmentions
# 18:07 
gRegorLove Hm
# 18:07 
aaronpk it simplifies the flow a lot
# 18:08 
aaronpk i think one of the earlier iterations enabled server A to get a token at server B without being initiated by B, but it was a lot more complicated
# 18:09 
aaronpk allowing unsolicited token generation also has a lot of other security considerations that don't apply when the webmention sender initiates the token generation
snarfed joined the channel
# 18:10 
[schmarty] I am super curious to see implementations of private webmentions in terms of storing/viewing them.
[schmarty] joined the channel
# 18:10 
[schmarty] I assume folks would expect a private webmention not to show up in the public version of a discussion. So maybe in a reader?
# 18:10 
gRegorLove "The authorization code MUST expire shortly" though
# 18:10 
gRegorLove Token expiration is just recommended
# 18:11 
aaronpk [schmarty]: i would assume so as well
# 18:11 
aaronpk gRegorLove: yeah?
# 18:12 
gRegorLove So I'm just wondering about after the code expires, e.g. what if the receiver doesn't exchange it for a token right away. Guess they need a new code.
# 18:12 
aaronpk yep
# 18:12 
gRegorLove And similarly if they do exchange it for a token, they can only read the post for the day or two the token is valid (if we follow the recommendation)
# 18:13 
gRegorLove Don't have a suggestion, just thinking out loud. Both require action from the sender to extend access to the post.
# 18:13 
aaronpk yeah, I think that's fine. this is specifically about webmention verification, which is different from full access control management
# 18:14 
gRegorLove Ahh, gotcha
# 18:15 
aaronpk my thought is that by keeping private webmentions relatively simple to implement, we can move forward on a lot of interesting uses for it. whereas trying to spec out full access control and token management it becomes much more daunting and challenging to implement.
# 18:15 
gRegorLove [schmarty]: My very rudimentary private posts so far don't appear in my stream or notes, so won't appear in any readers
# 18:16 
gRegorLove Makes sense. I was mentally combining private posts and private webmentions.
# 18:20 
aaronpk ah yeah. i should probably make a note of that in the FAQ
# 18:26 
aaronpk gRegorLove: does this explain the design decision? https://indieweb.org/Private-Webmention#Limit_scope_to_Webmention_verification_rather_than_full_access_control
nikivi and wolftune joined the channel
# 18:37 
aaronpk sknebel: i added an explicit FAQ: https://indieweb.org/Private-Webmention#can_a_receiver_re-verify_a_private_webmention
# 18:38 
sknebel aaronpk: even better, thx
snarfed joined the channel
# 18:48 
gRegorLove Looks good, aaronpk
shiflett joined the channel
# 19:02 
bear if a token expires and then I update the post the webmention was for, how do I send an update if the code has expired
# 19:02 
aaronpk generate a new code
# 19:02 
aaronpk since you'd be sending a new webmention
# 19:05 
bear hmm, yea ... yea, I was confused
# 19:05 
bear :)
glennjones joined the channel
# 19:21 
@benwerd A different way of thinking about CSS (although without the C, it might need another name). https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fmedium.engineering%2Fsimple-style-sheets-c3b588867899%2523.l3ez89cu4 #indieweb (twitter.com/_/status/781212253492129792)
# 19:28 
KartikPrabhu ^ that URL 404s but the one in the tweet works
# 19:29 
aaronpk something didn't get escaped right
snarfed joined the channel
# 19:29 
aaronpk stupid medium #dslkfjsdklgj crap
# 19:30 
aaronpk also weird that the t.co link redirects through https://medium.com/m/global-identity
[benatwork] joined the channel
# 19:34 
[benatwork] UGH
# 19:34 
[benatwork] Good catch
# 19:35 
[benatwork] I guess I’m surprised that it resolves to that URL - there’ll be a 302 from there
# 19:35 
[benatwork] aaronpk is Loqi expanding these? If so, what’s the user agent it uses to fetch?
# 19:36 
aaronpk yeah Loqi tries to follow redirects in URLs in tweets (actually i think it's my twitter search app, not Loqi but same idea)
# 19:37 
[benatwork] Does it user a particular user-agent? (Aside: I feel like there should be a standard for non-human user agents)
snarfed joined the channel
# 19:37 
aaronpk there's some conventions, right? especially for crawlers?
# 19:37 
[benatwork] Conventions, yeah, but they’re .. lightly adhered to, as it turns out
# 19:38 
aaronpk hm it might be sending whatever user agent is default for the ruby net::http library (or none)
# 19:38 
aaronpk it uses https://github.com/quark-zju/unshorten
# 19:38 
[benatwork] Thanks
# 19:40 
aaronpk looks like it just sends "Ruby"
# 19:40 
aaronpk http://requestb.in/z5s0voz5?inspect
# 19:40 
aaronpk that is... not ideal
snarfed joined the channel
# 19:41 
[benatwork] That last sentence could be used to describe most of the web :wink:
# 19:41 
[benatwork] That’s cool. #wecanfixit
# 19:41 
aaronpk heh
jackjamieson and KevinMarks1 joined the channel
# 19:49 
KevinMarks1 wait, so they are doubling down on u- ?
snarfed and ChrisAldrich joined the channel
# 19:56 
Zegnat [benatwork], what UA would you expect? My rel-me verify extension sends its own name as UA, that seemed to be an OK compromise and gets me 301s from Twitter’s t.co links.
# 19:57 
[benatwork] I would dearly like UAs to include the word “bot”, or to have a common phrase that we can use to mean NPC
# 19:57 
aaronpk why?
# 19:57 
Zegnat “bot” feels wrong when it is not a bot (or even an automated progress)
# 19:58 
[benatwork] Without going into _too_ much detail, on the last two systems I’ve built I’ve wanted humans to go through an auth redirect, and non-humans to not bother with that process
# 19:58 
[benatwork] There’s a complicated dance that happens to ensure the security of sessions on, eg, institutional enterprise publishing platforms
# 19:58 
[benatwork] And it’s dumb for bots to go through that
# 19:58 
[benatwork] It’d be easier to whitelist bots to not do that than to whitelist human UAs
# 19:59 
aaronpk if it's about sessions, can't you use the presence of a session cookie to trigger the dance, whereas bots would not be making the request with a session cookie?
# 19:59 
[benatwork] No, because in these settings we’re dealing with multiple domains which can’t share cookies with each other, which is usually the reason for the dance
# 19:59 
[benatwork] Some SAML systems do this, for example
# 20:00 
[benatwork] So they’re literally doing the dance _because_ there’s no session cookie
# 20:02 
aaronpk and for bot users, you want to return the content immediately and skip the redirect checks?
# 20:07 
gRegorLove [benatwork]: Could you capture your recommendation/reasoning on /User_Agent?
# 20:08 
gRegorLove I wonder what UA my webmention plugin uses
# 20:10 
[benatwork] aaronpk: yes
# 20:10 
[benatwork] gregorlove: yep, will try and do that after hours
# 20:12 
gRegorLove Zegnat, [benatwork]: How about "automated" or is that too generic?
# 20:12 
aaronpk "non-browser"? :D
# 20:13 
gRegorLove Hehe
# 20:13 
gRegorLove non-meat-popsicle
# 20:13 
aaronpk "electric-popsicle"
snarfed and wolftune joined the channel
# 20:20 
[benatwork] I think automated is good - technically they’re still browsers, right? :wink:
# 20:20 
[benatwork] I mean, I’d push for NPC, but I’m a giant dork
# 20:24 
gRegorLove I may use "automated bot npc electric-popsicle" after this conversation
# 20:24 
Zegnat I kinda like NPC. But i think automated gets the point across better
# 20:24 
gRegorLove Also my new band name.
# 20:25 
Zegnat what about “headless”? As in: tools that just do the request but aren’t actually then showing it to a user?
# 20:26 
aaronpk "decapitated automated NPC bot"
# 20:27 
aaronpk related: http://www.ef.com/english-resources/english-grammar/ordering-multiple-adjectives/
# 20:29 
Zegnat I always thought there were too many exceptions to call any order a rule in English?
# 20:30 
KevinMarks1 Anything for TWiG?
# 20:30 
KevinMarks1 in English it is more of a tendency
jackjamieson and snarfed joined the channel
# 20:33 
Zegnat KevinMarks, I can’t come up with anything. Some new stuff like private webmentions came out of IWC Brighton, but not much I recall from the demos that can actually be shown off
# 20:33 
Zegnat needs to get that demo page written up ASAP
gkbrk joined the channel
# 20:37 
KevinMarks1 English has absorbed so many languages that you can write it in a French or German way
ricardokirkner and begriffs joined the channel
# 20:41 
Zegnat I am heading off for bed an recharge to get things done tomorrow. Have a good time all!
# 20:49 
aaronpk KevinMarks1: i'm super excited about the new private webmention spec from Brighton, but nothing to demo with it yet
# 20:50 
[benatwork] Whoa, private webmentions? I had no idea. This is good
# 20:51 
aaronpk [benatwork]: i'd love your input on it! https://indieweb.org/private-webmention
# 20:55 
[benatwork] This is awesome. I’d say the privacy indicator is my biggest tension - ideally in a more-than-binary way, so we know if other people can see the post, what we can do with the third-party representation, and so on. But it’s a huge step forward.
# 20:56 
aaronpk Yep. the way I see it, the privacy indicator issue is analogous to how webmention at its core doesn't tell you what to do with the post once it's verified
# 20:57 
aaronpk webmention verification is the first step to all of this, and will be the same regardless of *how* the privacy indication is done
# 20:59 
[benatwork] Totally makes sense
KartikPrabhu, AngeloGl1, snarfed, loicm, tvn, jackjamieson, snarfed1 and KevinMarks1 joined the channel
# 21:59 
KevinMarks1 I wont pitch that yet
snarfed1 joined the channel
# 22:43 
GWG As of 4
# 22:43 
GWG As of 4.7, WordPress will support delegating your pingback handler to another service. Perhaps Webmention.io.
# 22:46 
aaronpk nice!
# 22:48 
GWG aaronpk, it just got merged.
# 22:48 
GWG It was a one line fix.
# 22:51 
aaronpk this? https://core.trac.wordpress.org/changeset/38671
# 22:52 
GWG aaronpk, that was fast. Yes
# 22:52 
aaronpk nice
# 22:52 
GWG How did you find it so quickly?
# 22:54 
aaronpk search
# 22:56 
GWG I have some more milestoned for 4.7
# 22:57 
aaronpk sweet
# 22:57 
GWG A filter that can be used to update webmentions
# 22:57 
GWG Disabling trackbacks without disabling pingbacks
# 22:57 
aaronpk you should document these on /wordpress
# 22:57 
GWG Minor stuff that would help.
# 22:58 
GWG I intend to.
# 22:58 
Loqi agreed.
# 22:58 
GWG I have to maintain my lowly position as Ping Czar for WordPress
# 23:07 
GWG I keep trying to figure out what is next to advocate for
# 23:26 
Loqi [indieweb] "Some more late incremential CSS tweaking on my site :) getting closer to a clean card-like style #indieweb" by Rick Mendes  on 2016-09-28 https://www.rmendes.net/2016/09/28/some-more-late-incremential-css-tweaking-on-my-site-getting
# 23:26 
@RikMende Some more late incremential CSS tweaking on my site :) getting closer to a clean card-like style #indieweb (https://t.co/gAMYGqMi1K) (twitter.com/_/status/781273788096868352)