#indieweb 2016-09-28

2016-09-28 UTC
brianloveswords, bear, KevinMarks, M-rongladney, jcgregorio[m], KevinMarks_, gRegorLove, M-nd, M-mxuribe and emmak joined the channel
#
Loqi
[gRegor Morrill] Private
M-hotzeplotz, KevinMarks and wolftune joined the channel
#
GWG
Does it matter if I build a better mousetrap, so to speak?
KevinMarks_ joined the channel
#
gRegorLove
GWG: I think you'll have to be a bit more direct about the analogy :)
#
GWG
If I make my webmention endpoint better, does it matter? Or just that I build a webmention endpoint?"
#
GWG
Refactoring over results.
KevinMarks, Pierre-O, pindonga, begriffs, cweiske, AngeloGl1, friedcell and wolftune joined the channel
#
@mothersele
Oh no! #indieweb BoF clashes with @greenman's session #DrupalCon
(twitter.com/_/status/781040770581159936)
glennjones, gRegorLove, pindonga, plindner, friedcell, wolftune and loicm joined the channel
#
GWG
Morning
#
Loqi
rise and shine!
#
GWG
Any excitement there?
#
cweiske
8 of my 12 pull requests for known's micropub/indieauth endpoint have been merged
#
cweiske
the next known version will have way better micropub support
#
sknebel
cweiske++
#
Loqi
cweiske has 59 karma (51 in this channel)
#
GWG
cweiske: Lots of Micropub efforts on your part still. I saw the WordPress ones.
#
petermolnar
I realized that twig and jinja2 are not as compatible I thought they'd be
#
cweiske
with "still" do you mean "still in progress"?
#
GWG
cweiske, yes. I thought about getting involved when I finish my current project.
jcgregorio[m], M-mxuribe, M-hotzeplotz, rdesfo[m], M-rongladney and M-nd joined the channel
#
cweiske
I concentrated on known since it correctly rendered all the content types I wanted out of the box
#
cweiske
and the known micropub endpoint code is so much cleaner than the wordpress one
#
cweiske
which makes it easier for me to contribute
#
GWG
cweiske, I have an idea to change the Micropub code for WordPress
#
GWG
But it goes back to a question I asked yesterday. Does it matter if you build a better mousetrap if it still catches mice? AKA If I implement the same functionality differently, did I accomplish anything?
#
cweiske
I did not understand your remark yesterday
#
cweiske
if the old trap squashed the mice and blood splattered all around, and the new does not, then yes
#
cweiske
improvement
#
petermolnar
!tell snarfed I had a brave thought of posting likes/comments to FB via mbasic.facebook.com, disguised as a browser; the problem with that is that it requires username/password, but it might just work
#
Loqi
Ok, I'll tell them that when I see them next
#
@tvnweb
IndieWeb BOF at 15:45 today. Room: Wicklow Meeting 2 #drupalcon
(twitter.com/_/status/781102466108653568)
#
GWG
cweiske, I just question myself.
wolftune, pindonga, friedcell, DanC_, glennjones, loicm, tvn and adactio joined the channel
#
sknebel
how does bridgy deal with updated posts? does it create a new tweet if it is sent a new webmention, or does it ignore them?
shiflett and pindonga joined the channel
#
aaronpk
gRegorLove: !!! private post!
#
aaronpk
how do I authenticate?
loicm, pindonga and [schmarty] joined the channel
#
[schmarty]
sknebel: in my experience, bridgy publish will give an error message if you send a webmention for a URL that it's already processed.
#
sknebel
[schmarty]: thanks!
#
sknebel
aaronpk: for some reason my response to your beach-pictures shows up via bridgy, but per WM only as a like not a reply. can you take a look what I did wrong?
#
sknebel
(my code for all that stuff is waaayyy untested...)
#
aaronpk
I see it there as a reply, what do you mean?
wolftune joined the channel
#
sknebel
aaronpk: the tweet, via bridgy, but not the native post at http://www.svenknebel.de/posts/2016/9/9/, that's only in the facepile for the like
#
Loqi
[Sven Knebel] http://www.svenknebel.de/posts/2016/9/9/brighton_beach_night.jpg and here is matching picture in the other direction ;)
#
aaronpk
it's because your post has a "like-of" property in addition to the comment text
#
aaronpk
so my post-type detection rules stop after it finds the like-of
#
sknebel
so don't necessarily mix those, good to know
#
Loqi
[Tantek Çelik] Post Type Discovery
#
aaronpk
i'm considering switching my code to detect multiple properties, but I think right now most people assume a post is only one thing when receiving webmentions
#
sknebel
ok, thx
#
petermolnar
I'd like your (as in #indieweb) opinion: I was wondering if micropub should be possible by posting a single image, and only a single image; no content, no title, no nothing - because all of that is in the exif/iptc/xmp, in the image. I know technically this is not an issue, it's just a question of should this be 'official' or just my own hack
KartikPrabhu joined the channel
#
aaronpk
right now micropub allows you to do just that, since h-entry allows a post with no content other than "photo"
#
aaronpk
pretty sure i've done a few posts like that myself
#
petermolnar
fyi aaronpk there is an XMP:DateTimeDigitized field, which, in my opinion, is a good place to store the pubdate at
#
aaronpk
it's up to your endpoint to extract data out of the image if you want. for example my endpoint adds location data and sets the timezone from my external GPS logs.
#
petermolnar
exiftool -"XMP:DateTimeDigitized"="YYYY-mm-dd HH:MM:SS"
wolftune joined the channel
#
ben_thatmust
digitized data, and date published are two very different things though
#
ben_thatmust
i would not mix those
#
aaronpk
DateTimeDigitized sounds more like created date
#
KevinMarks
No timezone?
#
ben_thatmustbeme
yes, if the post doesn't have anything else
#
Loqi
[Aaron Parecki] Where was I when I took this photo?
#
ben_thatmustbeme
so i'm thinking about offline mode mostly,
#
ben_thatmustbeme
1) I take a photo
#
ben_thatmustbeme
2) i draft some content to go with the photo
#
ben_thatmustbeme
3) i post it all
#
ben_thatmustbeme
and all three of those are different time stamps
#
ben_thatmustbeme
not that i think many people will care about the difference between 1 and 2
wolftune joined the channel
#
aaronpk
i just re-read my post and omg
#
ben_thatmustbeme
actually they might, since i can attach a photo i took laste year,
#
ben_thatmustbeme
draft some text for it in offline mode
#
ben_thatmustbeme
post it when i get on my home wifi at the end of the day
#
ben_thatmustbeme
it all comes down to really what you are doing with your endpoint, is your system creating photos with metadata, or are you creating posts with just a single photo
#
@calum_ryan
Reviewing three years experience of #indieweb and my first Git push onboard an Amtrak! https://calumryan.com/blog/three-years-in-indieweb/
(twitter.com/_/status/781162660113027072)
#
Loqi
[indienews] New post: "Three years in learning about IndieWeb | Calum Ryan" https://calumryan.com/blog/three-years-in-indieweb/ (from https://aaronparecki.com/2016/09/28/7/)
wolftune joined the channel
#
Loqi
[indieweb] "Three years in learning about IndieWeb" by Calum Ryan on 2016-09-28 https://medium.com/@calumryan/three-years-in-learning-about-indieweb-ff4ab543958?source=rss-------1
#
Loqi
[indieweb] "Three years in learning about IndieWeb" by Calum Ryan on 2016-09-28 https://medium.com/@calumryan/three-years-in-learning-about-indieweb-ff4ab543958?source=rss-9e1fef3c869f------2
#
Loqi
[indieweb] "Three years in learning about IndieWeb" by Calum Ryan on 2016-09-28 https://medium.com/@calumryan/three-years-in-learning-about-indieweb-ff4ab543958?source=rss------tech-5
#
KevinMarks
Hm, multiple feeds with the same article with different urls?
#
aaronpk
is it the query string throwing that off?
#
KevinMarks
I assume so, that will count as a different url where a fragment wouldn't
#
KevinMarks
Are you parsing a feed for that?
#
aaronpk
nope it's superfeedr pings
hs0ucy joined the channel
#
KevinMarks
Ah, so could be a id vs link problem in atom?
#
KevinMarks
Is there a rel=canonical at the html level?
#
Zegnat
There is a rel=canonical on the medium article
#
Zegnat
Actually, I am pleasantly surprised by it, because it points to calumryan.com instead of the canonical Medium URL
#
Zegnat
So it points to the actual canonical post
[benatwork] joined the channel
#
[benatwork]
^ This happens if you use the “import story” function
KevinMarks joined the channel
#
Zegnat
[benatwork], good to know, still a pleasant surprise ;)
[kevinmarks] joined the channel
#
[kevinmarks]
benatwork can you check the suprfeeder duplicates?
#
[kevinmarks]
Ie is there a link vs id conflation?
#
[benatwork]
I know a man who can
#
[benatwork]
The GUID in the feed is actually always constant per-post
snarfed, Pierre-O, KevinMarks, jackjamieson, nikivi, hs0ucy and KartikPrabhu joined the channel
#
snarfed
morning #indieweb!
#
Loqi
snarfed: petermolnar left you a message 5 hours, 35 minutes ago: I had a brave thought of posting likes/comments to FB via mbasic.facebook.com, disguised as a browser; the problem with that is that it requires username/password, but it might just work
#
snarfed
petermolnar: definitely! kylewm and others have done that before. i don't recommend it though, it's generally painful to maintain over time
#
snarfed
also if you have to, i recommend using a cookie, not username/password
#
gRegorLove
aaronpk: You don't authenticate for the private post yet. It's just the 401 and www-authenticate header for now. :)
#
aaronpk
oh okay :)
gkbrk joined the channel
#
gRegorLove
aaronpk: I was wondering about the code and the token expiring and how the receiver can access it after the fact
#
aaronpk
one property of the way I wrote up the private webmention spec that I like is that it keeps actual access control a separate issue
#
Loqi
[indieweb] "@jfc3 Thanks! You've remind me that I need to do some accessibility work on my own personal website. #indieweb Maybe a project for #IWCLA?" by Chris Aldrich on 2016-09-28 http://stream.boffosocko.com/2016/jfc3-thanks-youve-remind-me-that-i-need-to-do
#
@ChrisAldrich
@jfc3 Thanks! You've remind me that I need to do some accessibility work on my own personal website. #indieweb Maybe a project for #IWCLA?
(twitter.com/_/status/781193504286310401)
#
aaronpk
it turns out you don't need to make a spec for token exchange with arbitrary people in order to verify private webmentions
#
aaronpk
it simplifies the flow a lot
#
aaronpk
i think one of the earlier iterations enabled server A to get a token at server B without being initiated by B, but it was a lot more complicated
#
aaronpk
allowing unsolicited token generation also has a lot of other security considerations that don't apply when the webmention sender initiates the token generation
snarfed joined the channel
#
[schmarty]
I am super curious to see implementations of private webmentions in terms of storing/viewing them.
[schmarty] joined the channel
#
[schmarty]
I assume folks would expect a private webmention not to show up in the public version of a discussion. So maybe in a reader?
#
gRegorLove
"The authorization code MUST expire shortly" though
#
gRegorLove
Token expiration is just recommended
#
aaronpk
[schmarty]: i would assume so as well
#
aaronpk
gRegorLove: yeah?
#
gRegorLove
So I'm just wondering about after the code expires, e.g. what if the receiver doesn't exchange it for a token right away. Guess they need a new code.
#
gRegorLove
And similarly if they do exchange it for a token, they can only read the post for the day or two the token is valid (if we follow the recommendation)
#
gRegorLove
Don't have a suggestion, just thinking out loud. Both require action from the sender to extend access to the post.
#
aaronpk
yeah, I think that's fine. this is specifically about webmention verification, which is different from full access control management
#
gRegorLove
Ahh, gotcha
#
aaronpk
my thought is that by keeping private webmentions relatively simple to implement, we can move forward on a lot of interesting uses for it. whereas trying to spec out full access control and token management it becomes much more daunting and challenging to implement.
#
gRegorLove
[schmarty]: My very rudimentary private posts so far don't appear in my stream or notes, so won't appear in any readers
#
gRegorLove
Makes sense. I was mentally combining private posts and private webmentions.
#
aaronpk
ah yeah. i should probably make a note of that in the FAQ
nikivi and wolftune joined the channel
#
sknebel
aaronpk: even better, thx
snarfed joined the channel
#
gRegorLove
Looks good, aaronpk
shiflett joined the channel
#
bear
if a token expires and then I update the post the webmention was for, how do I send an update if the code has expired
#
aaronpk
generate a new code
#
aaronpk
since you'd be sending a new webmention
#
bear
hmm, yea ... yea, I was confused
glennjones joined the channel
#
KartikPrabhu
^ that URL 404s but the one in the tweet works
#
aaronpk
something didn't get escaped right
snarfed joined the channel
#
aaronpk
stupid medium #dslkfjsdklgj crap
#
aaronpk
also weird that the t.co link redirects through https://medium.com/m/global-identity
[benatwork] joined the channel
#
[benatwork]
UGH
#
[benatwork]
Good catch
#
[benatwork]
I guess I’m surprised that it resolves to that URL - there’ll be a 302 from there
#
[benatwork]
aaronpk is Loqi expanding these? If so, what’s the user agent it uses to fetch?
#
aaronpk
yeah Loqi tries to follow redirects in URLs in tweets (actually i think it's my twitter search app, not Loqi but same idea)
#
[benatwork]
Does it user a particular user-agent? (Aside: I feel like there should be a standard for non-human user agents)
snarfed joined the channel
#
aaronpk
there's some conventions, right? especially for crawlers?
#
[benatwork]
Conventions, yeah, but they’re .. lightly adhered to, as it turns out
#
aaronpk
hm it might be sending whatever user agent is default for the ruby net::http library (or none)
#
[benatwork]
Thanks
#
aaronpk
looks like it just sends "Ruby"
#
aaronpk
that is... not ideal
snarfed joined the channel
#
[benatwork]
That last sentence could be used to describe most of the web :wink:
#
[benatwork]
That’s cool. #wecanfixit
jackjamieson and KevinMarks1 joined the channel
#
KevinMarks1
wait, so they are doubling down on u- ?
snarfed and ChrisAldrich joined the channel
#
Zegnat
[benatwork], what UA would you expect? My rel-me verify extension sends its own name as UA, that seemed to be an OK compromise and gets me 301s from Twitter’s t.co links.
#
[benatwork]
I would dearly like UAs to include the word “bot”, or to have a common phrase that we can use to mean NPC
#
Zegnat
“bot” feels wrong when it is not a bot (or even an automated progress)
#
[benatwork]
Without going into _too_ much detail, on the last two systems I’ve built I’ve wanted humans to go through an auth redirect, and non-humans to not bother with that process
#
[benatwork]
There’s a complicated dance that happens to ensure the security of sessions on, eg, institutional enterprise publishing platforms
#
[benatwork]
And it’s dumb for bots to go through that
#
[benatwork]
It’d be easier to whitelist bots to not do that than to whitelist human UAs
#
aaronpk
if it's about sessions, can't you use the presence of a session cookie to trigger the dance, whereas bots would not be making the request with a session cookie?
#
[benatwork]
No, because in these settings we’re dealing with multiple domains which can’t share cookies with each other, which is usually the reason for the dance
#
[benatwork]
Some SAML systems do this, for example
#
[benatwork]
So they’re literally doing the dance _because_ there’s no session cookie
#
aaronpk
and for bot users, you want to return the content immediately and skip the redirect checks?
#
gRegorLove
[benatwork]: Could you capture your recommendation/reasoning on /User_Agent?
#
gRegorLove
I wonder what UA my webmention plugin uses
#
[benatwork]
aaronpk: yes
#
[benatwork]
gregorlove: yep, will try and do that after hours
#
gRegorLove
Zegnat, [benatwork]: How about "automated" or is that too generic?
#
aaronpk
"non-browser"? :D
#
gRegorLove
non-meat-popsicle
#
aaronpk
"electric-popsicle"
snarfed and wolftune joined the channel
#
[benatwork]
I think automated is good - technically they’re still browsers, right? :wink:
#
[benatwork]
I mean, I’d push for NPC, but I’m a giant dork
#
gRegorLove
I may use "automated bot npc electric-popsicle" after this conversation
#
Zegnat
I kinda like NPC. But i think automated gets the point across better
#
gRegorLove
Also my new band name.
#
Zegnat
what about “headless”? As in: tools that just do the request but aren’t actually then showing it to a user?
#
aaronpk
"decapitated automated NPC bot"
#
Zegnat
I always thought there were too many exceptions to call any order a rule in English?
#
KevinMarks1
Anything for TWiG?
#
KevinMarks1
in English it is more of a tendency
jackjamieson and snarfed joined the channel
#
Zegnat
KevinMarks, I can’t come up with anything. Some new stuff like private webmentions came out of IWC Brighton, but not much I recall from the demos that can actually be shown off
#
Zegnat
needs to get that demo page written up ASAP
gkbrk joined the channel
#
KevinMarks1
English has absorbed so many languages that you can write it in a French or German way
ricardokirkner and begriffs joined the channel
#
Zegnat
I am heading off for bed an recharge to get things done tomorrow. Have a good time all!
#
aaronpk
KevinMarks1: i'm super excited about the new private webmention spec from Brighton, but nothing to demo with it yet
#
[benatwork]
Whoa, private webmentions? I had no idea. This is good
#
aaronpk
[benatwork]: i'd love your input on it! https://indieweb.org/private-webmention
#
[benatwork]
This is awesome. I’d say the privacy indicator is my biggest tension - ideally in a more-than-binary way, so we know if other people can see the post, what we can do with the third-party representation, and so on. But it’s a huge step forward.
#
aaronpk
Yep. the way I see it, the privacy indicator issue is analogous to how webmention at its core doesn't tell you what to do with the post once it's verified
#
aaronpk
webmention verification is the first step to all of this, and will be the same regardless of *how* the privacy indication is done
#
[benatwork]
Totally makes sense
KartikPrabhu, AngeloGl1, snarfed, loicm, tvn, jackjamieson, snarfed1 and KevinMarks1 joined the channel
#
KevinMarks1
I wont pitch that yet
snarfed1 joined the channel
#
GWG
As of 4
#
GWG
As of 4.7, WordPress will support delegating your pingback handler to another service. Perhaps Webmention.io.
#
GWG
aaronpk, it just got merged.
#
GWG
It was a one line fix.
#
GWG
aaronpk, that was fast. Yes
#
GWG
How did you find it so quickly?
#
aaronpk
search
#
GWG
I have some more milestoned for 4.7
#
GWG
A filter that can be used to update webmentions
#
GWG
Disabling trackbacks without disabling pingbacks
#
aaronpk
you should document these on /wordpress
#
GWG
Minor stuff that would help.
#
GWG
I intend to.
#
Loqi
agreed.
#
GWG
I have to maintain my lowly position as Ping Czar for WordPress
#
GWG
I keep trying to figure out what is next to advocate for
#
Loqi
[indieweb] "Some more late incremential CSS tweaking on my site :) getting closer to a clean card-like style #indieweb" by Rick Mendes on 2016-09-28 https://www.rmendes.net/2016/09/28/some-more-late-incremential-css-tweaking-on-my-site-getting
#
@RikMende
Some more late incremential CSS tweaking on my site :) getting closer to a clean card-like style #indieweb (https://t.co/gAMYGqMi1K)
(twitter.com/_/status/781273788096868352)