#dev 2017-06-14

2017-06-14 UTC
tantek and eli_oat joined the channel
#
aaronparecki.com edited /2017/Schedule (+63) "same start time both days" (view diff)
gRegorLove, petermolnar_ and KartikPrabhu joined the channel
#
eli_oat does anyone POSSE github gists?
#
eli_oat Or, maybe link-backs is a better term, then POSSE
#
eli_oat What I mean is when I cross post an image, for instance, it includes a link-back to Instagram. I just made a post on my site that includes a code snippet that I made into a gist, rather than embed the gist itself I include it as a link-back: https://eli.li/entry.php?id=20170614014000
#
Loqi [eli] Currently, whenever I reply to or like a link the source URL displays. I've found a really sturdy way to parse content titles, but the performance is absolutely abysmal. Wicked wicked wicked slow. I think it may be something to do with how I'm invoki...
#
KartikPrabhu what is PESOS?
#
Loqi PESOS is an acronym/abbreviation for Publish Elsewhere, Syndicate (to your) Own Site https://indieweb.org/pesos
#
eli_oat I'm still starting at my site. What I'm wondering (but realizing I did a terrible job of asking) is if anyone POSSEs code snippets to gists?
#
aaronpk I don't really see the point for me. I normally use gists for quick throwaway links to send to people.
#
aaronpk If i had a quick way to do that on my site then I wouldn't use gists at all
#
eli_oat that is legit
#
eli_oat The impetus was one more of archiving than of anything else
#
aaronpk Ah yeah. I guess I don't consider things I put there worth savig
#
ben_thatmustbeme woo, new laravel based code-base now passing all but 6 micropub tests.
#
aaronpk Nice!
#
ben_thatmustbeme scratch that, all but 3
#
ben_thatmustbeme nested json, and the multipart photos
ricmac, tantek and loicm joined the channel
#
petermolnar_ markdown << https://simplystatistics.org/2017/06/13/the-future-of-education-is-plain-text/
#
Loqi ok, I added "https://simplystatistics.org/2017/06/13/the-future-of-education-is-plain-text/" to the "See Also" section of /markdown
#
loqi.me edited /markdown (+81) "petermolnar_ added "https://simplystatistics.org/2017/06/13/the-future-of-education-is-plain-text/" to "See Also"" (view diff)
#
tantek interesting sounding. going to have a read
#
tantek reasonably sensible article
#
petermolnar_ quite similar to your/our reasoning for flat files & plain text
#
tantek petermolnar_: have you seen my old blog post on that?
#
petermolnar_ I've seen a few, which particular one?
#
tantek oh my, coming up 11 years ago
#
petermolnar_ wow, maybe not than
#
tantek http://tantek.com/log/2006/06.html#d17t2231
#
Loqi Open data formats, longevity, and microformats
#
tantek WOW nice work Loqi
#
tantek oh yeah, hentry even back then
#
tantek lol I remember this one. aaronpk this one is for you: http://www.tbray.org/ongoing/When/200x/2006/05/11/iCal-still-sucks
#
tantek (linked from my post above)
#
petermolnar_ 2006 live links, that deserves respect
#
petermolnar_ and yes, ical sucks
#
petermolnar_ nyeheh, XHTML
#
petermolnar_ quoting a friend of mine: "full valid XHTML strict... so bauhaus"
#
tantek what is XHTML
#
Loqi XHTML is a markup standard (W3C) for HTML that has been superseded by HTML5 https://indieweb.org/XHTML
#
tantek XHTML << http://tantek.com/2010/302/b1/xhtml-dead-long-live-xml-valid-html5
#
Loqi ok, I added "http://tantek.com/2010/302/b1/xhtml-dead-long-live-xml-valid-html5" to the "See Also" section of /XHTML
#
loqi.me edited /XHTML (+69) "tantek added "http://tantek.com/2010/302/b1/xhtml-dead-long-live-xml-valid-html5" to "See Also"" (view diff)
#
Loqi [Tantek Çelik] XHTML Is Dead, Long Live XML-Valid HTML5
#
tantek ^^^ petermolnar_ my updated thoughts on XHTML (only ~7 years ago)
#
tantek oops it was already in the articles duh
#
tantek rolled it back
#
tantek was already here that is https://indieweb.org/XHTML#Articles
#
petermolnar_ I'm curious of the emoji hell keeps running will utf8 suffice in the coming years
#
tantek.com edited /longevity (+113) "open data and longevity post from nearly 11 years ago, sort articles reverse chronological, cleanup author/by a bit" (view diff)
AngeloGladding and gRegorLove joined the channel
#
@WendyandCharles ReadersGazette: BLOG Indie Author Answers by Jim Heskett http://www.thejugglingauthor.com/indieauth/ Get help writing your book #bookbloggers 74 (twitter.com/_/status/874871598473457669)
tantek, AngeloGladding, sebsel and [kevinmarks] joined the channel
#
[kevinmarks] Utf-8 can express all possible emoji already
#
[kevinmarks] Normalisation is still a bit tricky though.
#
[kevinmarks] See https://eclecticlight.co/2017/04/05/file-problems-in-ios-10-3-and-macos-10-13-whats-in-a-name/
sebsel joined the channel
#
petermolnar random thoughts: why is there no schedule for a h-event? is would that be nested h-events? and why doesn't Facebook have a schedule option already for events?
#
vanderven.se martijn edited /rsvp (+116) "/* What value could be used to? */ Document usage of remote yes." (view diff)
sebsel and [kevinmarks] joined the channel
#
[kevinmarks] An h-feed of h-events?
#
petermolnar not convinced
#
petermolnar because the event itself has start, end, venue, etc
#
petermolnar so does the sub-events
#
seblog.nl edited /rsvp (+480) "/* Remote Participation */ added brainstorm" (view diff)
#
[kevinmarks] Ah, I see. Well, there's nothing to stop you putting events inside events, but it may be a little confusing.
#
[kevinmarks] We did try to mark up a session grid with the original hcalendar, but it needed to include venue by reference I think, which made markup and parsing hard.
#
Zegnat I guess you could write parsing rules so that venue is implied from a parent h-event?
#
Zegnat That would get around duplicate information quiet nicely.
#
petermolnar yeah, but there comes the problem of the venue of the schedule, eg. the main venue is "indie elementary school", schedule for "X" happening between "8am-9am" in "classroom A" which is a sub-venue of "indie elementary school" and suddenly I'm reimplementing schema.org
#
[kevinmarks] You'd still need to wrap the parent h-events around the columns.
#
[kevinmarks] Hm. So you have a parent h-event, with an h-card for each room, and make the sessions children of that h-card? That makes a kind of sense
#
Zegnat No parsing rules for col elements, [kevinmarks]? I guess not...
#
[kevinmarks] It's tricky. An html table does make sense but it is not quite clear how to combine the thead info
#
[kevinmarks] And you really want to pull the venue from the column header and the time from the row
#
loqi.me created /LaTeX (+136) "prompted by petermolnar and dfn added by petermolnar" (view diff)
#
vanderven.se martijn edited /rsvp (+353) "/* What value could be used to? */ What about a set of space separated values?" (view diff)
[kevinmarks] joined the channel
#
loqi.me edited /LaTeX (+64) "/* See Also */ new section" (view diff)
[shanehudson] joined the channel
#
loqi.me edited /LaTeX (+28) "[shanehudson] added "https://www.overleaf.com/" to "See Also"" (view diff)
KevinMarks and eli_oat joined the channel
#
Zegnat Is anyone doing Proof-of-Work validation on their WM endpoints? https://indieweb.org/Webmention-brainstorming#proof-of-work
singpolyma and KartikPrabhu joined the channel
#
eli_oat I'm not doing it that way, but have been curious about spam prevention. I've been toying with trying to rate-limit or IP limit the endpoint, but haven't come up with a solution, yet
#
sknebel I haven't heard of anyone doing that, no
#
sknebel I think vouch, rate-limiting, domain blacklists and expiring endpoints are the things that people have tried/are using
#
ben_thatmustbeme i am (was as i am rebuilding it) using vouch with black/white listing
#
www.svenknebel.de edited /Webmention-brainstorming (+87) "/* should bookmarks send webmentions */" (view diff)
#
Zegnat I am building vouch into my new WM code, as well as private mentions, and was just wondering if I should implement pow too. Guess I’ll skip that.
#
ben_thatmustbeme private webmentions will be cool to add
#
ben_thatmustbeme i want to do that
#
Zegnat Puzzling how I will do it async.
#
ben_thatmustbeme what are you writing in?
#
ben_thatmustbeme any sort of framework?
#
sebsel sknebel I also show bookmarks on my posts, and aaronpk is sending webmentions on them, see https://seblog.nl/2017/01/02/2/screenshots
#
Loqi [Sebastiaan Andeweg] Another take on uploading screenshots to a Micropub Media Endpoint
#
sknebel sebsel: I know, your example was why I linked /facepile
#
sebsel ah :)
#
sknebel Zegnat: what's puzzling about it? just the time constraint?
#
sknebel (I have 1,5 concepts for private webmentions without the time limit floating around, but didn't yet get around to build even the most basic of prototypes)
#
sebsel ah, and I send mentions for bookmarks as well, I see, although i am in doubt about that indeed
#
sebsel I really want to redo a lot of webmention stuff as well
#
sknebel heh, me too. was one of the first things I wrote, and its creaking on failed assumptions
#
Zegnat Sorry. Had to step out.
#
Zegnat ben_thatmustbeme, PHP, no framework.
#
Zegnat sknebel, yes, the time constraint
#
sknebel my verifications triggers almost immediately once a received mention has been queued, and I've thought about adding a priority queue for private webmentions for situations with higher load
#
Zegnat On my Swedish web hosting, where I am currently hosting my endpoint, I do not have enough server access to set something like that up. Best I can do is trigger a script once every 5 minutes.
#
Zegnat I imagine many others on shared hosting would face similar problems.
#
Zegnat As the `code` I receive with a private webmention may only be available for 60 seconds, it is impossible for me to do private webmentions async
#
sebsel Zegnat you can point vanderven.se/martijn/'s rel=webmention to licit.li/webmention, or where ever you want.
#
sebsel you would lose your relative-url edge case however :P
#
ben_thatmustbeme may only be available for 60 seconds? that seems unreasonable
eli_oat joined the channel
#
Zegnat I know. I could build it specifically to a server where I have more access. But that does not address the problem everyone else on shared hosting has, sknebel.
#
ben_thatmustbeme i normally process my webmentions on a several minute delay
#
Zegnat ben_thatmustbeme 60 seconds to 10 minutes is the timespan. But you do not decide that, the site issueing the code decides.
#
Zegnat It also will not tell you about the timespan, so you cannot order accordingly.
#
ben_thatmustbeme yeah, who set 60 seconds?
#
sebsel but that's where the first exchange is for
#
sebsel you need to exchange the code for an access token
#
Zegnat From spec: “A maximum authorization code lifetime of 10 minutes and minimum of 60 seconds is recommended.”
#
sebsel then you got an hour.
#
ben_thatmustbeme hmmm
#
ben_thatmustbeme i haven't looked in to it much yet
#
Zegnat Yes, but I want the first exchange to be async for all the reasons as I want async for the second exchange, sebsel. I am fetching an unknown payload from an external server.
#
ben_thatmustbeme but as long as that is simple, then yeah, i can do that before i queue it
#
sebsel you can discover the token endpoint by a HEAD request, so no need for big payloads
#
sebsel but it need two queues yeah, one for token, one for the mention
#
sebsel with different priorities
#
sknebel yeah, that's one of the main criticisms of the current proposal
#
sebsel it's complicated
#
sebsel yeah
#
Zegnat I could see myself finding the token endpoint with the HEAD. No problem. But then I still need to exchange my code for a token, and that request is a normal POST with an unknown payload coming back
#
sknebel at least it doesn't involve parsing content as sebsel noted
#
sknebel or rather, only small endpoint payloads
#
Zegnat Who guarantees that the endpoint I am now fetching synchronously will be small, though, sknebel?
#
Zegnat Or maybe I should limit private webmentions to whitelisted / vouched domains only.
#
sknebel if you (all of you) want to help flesh out an alternative proposal say so, then I'll try to write something down about it in the next few days
#
sknebel (doing verification with some type of /non-interactive IndieAuth , but there are some issues with identities for that)
eli_oat joined the channel
#
sknebel (and of course the issue of non-interactive IndieAuth in general)
#
Zegnat Would love to discuss, sknebel. I might skip private wm for now, it just doesn’t fit in with the flow I am trying to establish.
#
sknebel (also, please add your concerns to /private-webmention if they aren't reflected already, or maybe add +1 to them to make it clearer people actually have an issue with them)
KevinMarks joined the channel
#
ben_thatmustbeme Zegnat: if you need any inspiration, i am doing everything in laravel now
#
ben_thatmustbeme https://github.com/inklings-io/splatter
#
Loqi [Inklings-io] splatter
#
Zegnat My issue is purely with splitting it off into an asynchronous flow, ben_thatmustbeme. Framework does not matter there, I am afraid :(
#
sknebel Zegnat: what kind of scheduling do you have available? cronjobs?
#
ben_thatmustbeme i iknow, that more in general
#
sknebel Zegnat: or are you thinking about something like WP-cron?
#
Zegnat I assume they are cronjobs, just hidden behind my hosting’s control panel. And the smallest interval I can set is 5 minutes.
#
sknebel k
#
ben_thatmustbeme so do the initial exchange for a token exchange sync and then push everything else to some storage for doing async
#
Zegnat Adding that to the wiki, just writing up my problem now, sknebel
#
sknebel thx
#
Zegnat ben_thatmustbeme, why would I do anything async then? The entire point of doing verification async is to handle contacting external sources outside of the first request. Now I am going to have to fetch from an external source sync anyway?
#
ben_thatmustbeme i have not looked at the protocol, but is it actually polling the page, or the auth endpoint
#
ben_thatmustbeme auth should be a lot faster, but i agree, ideally it should all be doable async
#
Zegnat I get a code. I then have to HEAD the source to retrieve the token_endpoint URL (I could get behind allowing a HEAD request sync). Then I have to POST the code to the token_endpoint URL and get back an unknown payload (should be JSON containing auth info).
#
Zegnat If I am going to allow a POST to retrieve (and parse) an unknown payload sync, then I might as well allow normal WM verification sync.
#
ben_thatmustbeme ew
#
Zegnat token_endpoint should be fast, I agree, but can you give me a guarantee that it always will be? That it always returns JSON?
#
ben_thatmustbeme HEAD of the source isn't really perfect either as you can't use html link tags then
#
Zegnat I believe the private webmentions spec requires Link headers. (sknebel, confirm?)
#
sebsel yeah
#
sebsel it specificly mentions the HEAD request + Link header.
KartikPrabhu joined the channel
#
sebsel I wrote this thing after IWC Nürnberg (where I did a lot of IndieAuth and private webmention), and it's probably not great, but yeah, it's another take on it https://seblog.nl/temp/media-endpoint/d29e40-privatewebmentions.html
#
sebsel I just talked with sknebel about it in DM, (for I am not sure if this is worth your time :P) and he disliked the point that every page has to have an AuthEndpoint then.
#
sebsel (sknebel is now afk, catching a train)
#
vanderven.se martijn edited /Private-Webmention (+1293) "/* Issues */ timing critical & breaks asynchronised flows" (view diff)
#
Zegnat I’ll read through that in a minute sebsel
#
Zegnat sknebel, ben_thatmustbeme, see that latest wiki change of mine and feel free to refactor wording if you think of something ^^^
KevinMarks joined the channel
#
ben_thatmustbeme Zegnat++
#
Loqi zegnat has 11 karma in this channel (63 overall)
#
sknebel Zegnat thx. I personally see a difference between a request to an "api endpoint" and fetching a page, but you are right that they share issues
#
sknebel What is non-interactive IndieAuth?
#
Loqi non-interactive IndieAuth is a future way of using IndieAuth to authenticate/authorize services against other services, without a human user confirming things https://indieweb.org/non-interactive_IndieAuth
KevinMarks joined the channel
#
sknebel (That's what I'd want to use, similar to sebsel s thing, but exact protocol and which identity exactly gets used to log in is open)
#
sknebel Reminds me, I wanted to read that IETF draft aaronpk recommended again
#
Zegnat What is the difference then, sknebel? On one I expect valid JSON, on the other valid HTML, to be returned within as short amount of time as possible.
#
Loqi It looks like we don't have a page for "difference then, sknebel" yet. Would you like to create it?
#
Zegnat In both cases, as the requester, I have no guarantees on exactly what I will get back.
#
Zegnat This is why I said I might still implement it, synchronously, but then only for whitelisted domains.
#
Zegnat I would trust several people to adhere to the spec and quickly return a JSON body and nothing else. But to allow private webmentions from everyone?
#
sknebel I'd be a lot more demanding towards the API when it comes to speed and size of response. But it still is fetching and parsing content, as you say. A stricter format than JSON would be easier for that
#
sknebel Thus: let's see if we can figure out something better
tantek and pfefferle joined the channel
#
sknebel Aaronpk : I think this time I understood the dialback oauth proposal. it seems more or less identical in function to the IndieAuth dance of fetching a page and looking for an auth endpoint? If you'd replace the host or web finger lookup with looking for a rel-link you'd basically have indieauth, minus he first step of entering the domain and getting redirected (which indeed could probably be skipped)
#
tantek what is dialback
#
Loqi It looks like we don't have a page for "dialback" yet. Would you like to create it?
#
tantek what is oauth dialback
#
Loqi It looks like we don't have a page for "oauth dialback" yet. Would you like to create it?
#
tantek what is IndieAuth dance
#
Loqi It looks like we don't have a page for "IndieAuth dance" yet. Would you like to create it?
eli_oat joined the channel
#
aaronpk sknebel: yeah that's what i thought
KevinMarks_ and tantek joined the channel
#
aaronpk reviews dialback auth again
#
aaronparecki.com edited /2017/Leaders (+148) "move schedule brainstorming lower" (view diff)
#
aaronparecki.com edited /2017/Leaders (-47) "/* When */ update schedule with absolute times" (view diff)
#
tantek.com edited /2017/Leaders (+140) "/* Schedule */ shorter TBD, note possible optional 08:30 get your own breakfast" (view diff)
gRegorLove joined the channel
#
aaronparecki.com edited /Calagator (+1664) (view diff)
#
aaronpk http://calagator.org/events/1250469845
#
Loqi IndieWeb Summit 2016
#
aaronparecki.com edited /Calagator (+83) "/* Features */" (view diff)
#
aaronparecki.com edited /Calagator (+87) "/* Good Ideas */" (view diff)
#
tantek.com edited /2017/Leaders (+701) "/* Sessions */ HWC Organizing" (view diff)
#
tantek.com edited /2017/Leaders (+36) "/* HWC Organizing */ proposer / interested" (view diff)
#
tantek https://indieweb.org/2017/Leaders#HWC_Organizing
#
tantek ^^^ add your "interested"ness
#
tantek.com edited /2017/Leaders (+207) "/* HWC Organizing */" (view diff)
#
tantek when is IWC Berlin?
#
Loqi what
#
Zegnat when is 2017/Berlin?
#
tantek what is IWC Berlin?
#
Loqi It looks like we don't have a page for "IWC Berlin" yet. Would you like to create it?
#
tantek IWC Berlin is /2017/Berlin
#
Loqi ok
#
loqi.me created /IWC_Berlin (+24) "prompted by tantek and dfn added by tantek" (view diff)
#
aaronparecki.com edited /2017/Leaders (-30) "/* When */" (view diff)
#
Zegnat When is IWC Berlin?
#
Loqi https://indieweb.org/IWC_Berlin
#
Zegnat when is IWC Berlin?
#
Loqi IndieWebCamp Berlin 2017 is on 2017-11-04 at Contentful GmbH https://indieweb.org/IWC_Berlin
#
Zegnat That capitalisation issue bites me every. single. time.
#
loqi.me created /TPAC (+301) "prompted by tantek and dfn added by tantek" (view diff)
#
loqi.me edited /TPAC (+48) "/* See Also */ new section" (view diff)
#
tantek what is a nickname cache
#
Loqi A nicknames cache is a way indieweb sites store information about people to improve the user experience of the site owner referring, mention, and/or linking to those people https://indieweb.org/nickname_cache
[barryf] joined the channel
#
tantek there is this also: https://indieweb.org/autosuggest
#
sebsel https://indieweb.org/p3k-v1#Local_Nicknames
#
sebsel https://indieweb.org/nickscache
#
sebsel sorry that's a redirect
#
tantek related session: https://indieweb.org/2012/Open_Real_Time_Search_Engine
#
tantek.com edited /person-tag (+33) "try to clarify person-tag person-mention difference some more" (view diff)
#
Zegnat http://www.kevinmarks.com/indiewebcampdusseldorf2016.html - p-category / persontag usage in noterlive
#
sebsel for those not in the call: we're discussing my new @-mentioning, and wether that should be a person-tag or just a mention. (so: mark it up with .u-category.h-card or not)
#
sebsel I'm now considering adding a syntax to explicitly tag someone vs just mentioning.
gRegorLove and snarfed joined the channel
#
vanderven.se martijn edited /2017/Leaders (+78) "/* When */ Add some useful times." (view diff)
#
snarfed re this morning's conversation on expiring webmention endpoints (Zegnat sebsel ben_thatmustbeme)...just as a reminder, bridgy currently caches them for up to 2h.
#
aaronparecki.com uploaded /File:server-to-server-indieauth-flow-diagram.svg "generated with https://bramp.github.io/js-sequence-diagrams/<pre>Title: Server-to-Server IndieAuthparticipant alice.authparticipant alice.serverparticipant aliceparticipant bobparticipant bob.tokenalice.server->bob: 1. discover token\nendpointalice.server->bob.token: 2. request a token\nme=…&code=…&callback=…bob.token->alice: 3. discover verification\nendpointbob.token->alice.auth: 4. verify auth code\ncode=…bob.token->alice.server: 5. deliver access token\naccess_token=…alice.server->bob: 6 request page\nwith access token</pre>"
#
Zegnat snarfed, we didn’t mean for entire endpoints to expire. Just the `code` in private webmentions.
#
snarfed ah ok nm!
#
sknebel I mentioned them
#
sknebel when talking about general antispam techniques
#
snarfed right
#
aaronparecki.com deleted /Special:Log/delete "deleted "[[File:server-to-server-indieauth-flow-diagram.svg]]""
#
aaronparecki.com uploaded /File:server-to-server-indieauth-flow-diagram.png "generated with https://bramp.github.io/js-sequence-diagrams/<pre>Title: Server-to-Server IndieAuthparticipant alice.authparticipant alice.serverparticipant aliceparticipant bobparticipant bob.tokenalice.server->bob: 1. discover token\nendpointalice.server->bob.token: 2. request a token\nme=…&code=…&callback=…bob.token->alice: 3. discover verification\nendpointbob.token->alice.auth: 4. verify auth code\ncode=…bob.token->alice.server: 5. deliver access token\naccess_token=…alice.server->bob: 6 request page\nwith access token</pre>"
#
aaronpk oops sorry haha
#
Loqi hehe
#
aaronpk Zegnat: https://indieweb.org/File:server-to-server-indieauth-flow-diagram.png
#
sknebel token endpoint in both cases?
#
sknebel (s/tcases/steps)
#
aaronpk i think i called alice's the auth endpoint, although it might be something different
#
aaronpk i try to avoid calling things tokens that aren't bearer tokens
#
sknebel why does it directly talk to the token endpoint and not going through bobs auth endpoint? I guess I should wait for a text description bfore asking ;)
#
aaronpk there is no authorization step needed
#
aaronpk the authorization endpoint is used when bob needs to be in front of his computer to confirm a request, and bob's browser is directed to bob's authorization endpoint. that doesn't really apply in this case at all.
#
sknebel hm
#
sknebel apparently have some misconception there then
#
sknebel I'll read again and ask once I'm back from HWC
#
aaronpk i'll try to write up a narrative as well
#
tantek.com edited /responses (+69) "add tag-of and edit, also note review is a sometimes" (view diff)
#
sknebel I know where I got confused
#
Zegnat Please do put in the narrative aaronpk, I have a hard time consoling this with “I an h-entry and I want only sknebel to see it”
#
aaronpk Zegnat: haha yeah. this is just the part about getting an access token. not integrated with the webmention flow yet
#
sknebel aaronpk: did you look at https://indieweb.org/non-interactive_IndieAuth#proposal:_simple_flow ? the difference in your flow is that it gets a token instead of just authenticating for a single request (which could be the one to aquaire a token?9
#
seblog.nl edited /reacji (+240) "added myself" (view diff)
#
aaronpk sknebel: yeah, but didn't quite get a specific suggestion out of it
#
sknebel hm
#
sknebel then it's less clear than I hoped
#
sknebel (but yes, it has points open where gaps have to be filled)
#
@NelioSoft_ES Trackbacks, pingbacks y webmentions https://neliosoftware.com/es/blog/trackbacks-pingbacks-y-webmentions/ (twitter.com/_/status/875060246183653379)
#
tantek.com edited /quotation (+13) "response dfn" (view diff)
#
aaronparecki.com created /server-indieauth (+3500) "describe initial brainstorming of server-indieauth" (view diff)
#
aaronpk sknebel: https://indieweb.org/server-indieauth
#
sknebel aaronpk: thx
#
Zegnat aaronpk, I think I got it now. Not very different from the private wm flow, but you can no longer send the temp code to an endpoint that doesn’t expect it? That’s the “fix”?
#
aaronpk correct, and everything can happen async
#
sknebel server-indieauth << [[non-interactive IndieAuth]]
#
Loqi ok, I added "[[non-interactive IndieAuth]]" to the "See Also" section of /server-indieauth
#
loqi.me edited /server-indieauth (+49) "/* See Also */ new section" (view diff)
#
sknebel non-interactive IndieAuth << server-indieauth
#
loqi.me edited /non-interactive_IndieAuth (+40) "/* See Also */ new section" (view diff)
#
Loqi ok, I added "[[server-indieauth]]" to the "See Also" section of /non-interactive_IndieAuth
#
tantek.com edited /tag-reply (+325) "move how to to brainstorming since no one does it yet, and add tag and fallback as a use-case that is perhaps more interesting / expected than tag and comment" (view diff)
#
aaronpk oh yeah guess icould have added it there
#
tantek.com edited /tag-reply (+370) "/* tag and fallback */ e.g. and advantages" (view diff)
sebsel joined the channel
#
vanderven.se martijn edited /2017/Leaders (+12) "/* Remote Participation */ Add Joschi" (view diff)
#
loqi.me created /untag (+105) "prompted by sebsel and dfn added by sebsel" (view diff)
#
tantek Zegnat: I don't know if Swarm supports untagging in checkins. Presumably it should?
#
tantek Or maybe it just allows you to delete the checkin from your history?
#
tantek tag-reply << untag
#
Loqi ok, I added "[[untag]]" to the "See Also" section of /tag-reply
#
loqi.me edited /tag-reply (+12) "tantek added "[[untag]]" to "See Also"" (view diff)
#
tantek person-tag << untag
#
loqi.me edited /person-tag (+12) "tantek added "[[untag]]" to "See Also"" (view diff)
#
Loqi ok, I added "[[untag]]" to the "See Also" section of /person-tag
#
seblog.nl edited /untag (+707) "expanding" (view diff)
#
tantek aaronpk, sebsel Post Type Discovery issue filed - feel free to add more examples / commentary: https://github.com/tantek/post-type-discovery/issues/25
#
Loqi [tantek] #25 Response Type: consider "reply" for 2nd to last for fallback use-cases
eli_oat joined the channel
#
seblog.nl edited /untag (+142) "/* Use case */" (view diff)
#
aaronpk why is this a thing? https://indieweb.org/event#How_to_markup
#
aaronpk an h-event inside an h-entry?
#
Zegnat legacy?
#
Zegnat Also: allowing h-entry wraps makes it easier to handroll things in a CMS where the h-entry mark-up is fixed in the template.
#
sebsel Yeah, don't know, should've discussed here first maybe, sorry
#
sebsel goes and eat something
#
Zegnat E.g. a WordPress theme could have h-entry support that I do not touch. I can still hand-roll an event by embedding the h-event HTML inside my post body.
#
aaronpk the only way i can see to make that parsable as an h-event is if the uid property was in the h-event instead of h-entry
#
Zegnat how about u-url for h-event matching the u-url for h-entry? “Representative event”, like with h-cards? (Obviously does not apply to my event post.)
#
aaronpk I guess that'd work too
#
aaronpk I'm hesitant to start recommending this tho cause it's adding work to consumers
#
Zegnat I am not a super big fan of uid property, tbh. url is so much better within web.
#
gRegorLove +1 for removing "optionally they can be wrapped in h-entry"
#
Zegnat then we need to scrap it from the wiki, only allow root events. Current wording is a bit ambiguous and lets people like me break honest websites like sebsel’s ;)
#
gRegorLove Given the option, some people will definitely do it and it will become more widespread
[kevinmarks] joined the channel
#
gRegorLove is working on sample markup to add there
#
gregorlove.com edited /event (+988) "/* How to markup */ example markup" (view diff)
#
vanderven.se martijn edited /2017 (+67) "/* Volunteers */ This should have been obvious." (view diff)
#
gRegorLove ^ Left the "optionally... h-entry" there pending further discussion, but below the example markup.
#
tantek scrolls up
#
aaronpk I still don't understand why the suggestion of wrapping the event in an h-entry is there to begin with
#
Zegnat I would remove it from the page, pending someone using it? (Not counting my site which is probably a break anyway.)
#
tantek Zegnat++ for multipelle right guesses!
#
Loqi zegnat has 12 karma in this channel (64 overall)
#
tantek yes, WordPress legacy support is the issue
#
Zegnat takes a bow
#
tantek and aaronpk your criticisms are 100% correct
#
aaronpk Wouldn't that be an hEntry then?
#
tantek class='hentry' but yeah
#
gRegorLove I don't understand it being there either; just being careful about removing stuff :)
#
aaronpk And we could expect to never encounter an h-entry -> h-event case
#
tantek either way it gets parsed into an h-entry
#
tantek sorry, I should have been more explicit about why
#
tantek based on how little WordPress sites have bothered to try to publish events, receive RSVPs etc., I'm totally ok with breaking this
#
tantek sorry snarfed
#
Zegnat tantek, how are you sure the entry is supposed to *be* an event rather than just containing event mark-up? Parsing is an issue by itself.
#
Zegnat See https://github.com/aaronpk/XRay/issues/42
#
Loqi [sebsel] #42 Parse h-entry with embedded h-event as 'event'
#
tantek Zegnat: yes the page / post is supposed to just *be* an h-event
#
Zegnat My vote definitely goes to striking that sentence from the wiki then.
#
tantek it was added when we were first developing events as an indieweb thing, and that was the fastest / easiest way to get WordPress folks being able to support it
#
tantek but in practice posting events using WordPress never took off anyway (nor RSVPs for that matter) so yeah, no need to bend over backwards for something that never took off
#
tantek digs into revision history
#
sebsel I also see no Events in GWG's Post Kinds plugin https://wordpress.org/plugins/indieweb-post-kinds/
#
Loqi [David Shanske] Description Post Kinds adds support for responding to and interacting with other sites using the standards developed by the IndieWeb by implementing kinds of posts. It can also distinguish certain types of passive posts in a manner similar to pos...
#
sebsel whoa
#
tantek interesting my first draft of that page said to use *both* h-entry and h-event (which means on the same element)
#
sebsel I wonder if that's helping anyone
#
gRegorLove That would kind of make sense for consumers that understand h-entry but not h-event, but that's a hypothetical afaik
#
Zegnat Maybe influenced by the h-as-* syntax, tantek? .h-entry.h-as-event?
#
tantek no
#
tantek here's the edit where I added the 'Optionally they can be wrapped in an' wording: https://indieweb.org/wiki/index.php?title=event&action=historysubmit&diff=5877&oldid=5834
#
tantek and then benwerd called it an error if the h-entry was *missing*! https://indieweb.org/wiki/index.php?title=event&action=historysubmit&diff=5879&oldid=5877
#
tantek checks a Known event post
#
tantek has a sneaking suspicion
#
gRegorLove I don't read that as "error if the h-entry was missing"
#
tantek gRegorLove: note the edit summary
#
tantek that's where he called it an error
#
gRegorLove Ohh
#
gRegorLove Eenteresting.
#
tantek 's concern has been allayed, Known does NOT wrap h-event in an h-entry: http://pin13.net/mf2/?url=https://werd.io/2017/homebrew-website-club-june-14-2017
saranix and KartikPrabhu joined the channel
#
seblog.nl edited /person-tag (+330) "added myself" (view diff)
#
tantek.com edited /event (-99) "drop h-entry parent option - it never saw any uptake in 4+ years; note at least Benwerd's site has h-event as the top item" (view diff)
#
tantek gRegorLove: ok finally updated /event per discussion above
#
seblog.nl edited /person-tag (+344) "/* Using + as autolink */" (view diff)
#
tantek and noted explicitly that Benwerd's site does it right
#
tantek could use some help verifying the markup of the indie event post permalinks on other examples on https://indieweb.org/event#IndieWeb_Examples (like add a nested list item for each noting what type of markup it is using on the event permalink page - just h-event at the top, or contained in anything else)
#
tantek if we can document a consistent publishing pattern, and start documenting some consumers of h-event, then we can add a request to add it to Post Type Discovery https://github.com/tantek/post-type-discovery/issues
#
gregorlove.com edited /event (+38) "/* gRegor Morrill */ h-event as top-level microformat" (view diff)
#
gRegorLove tantek: Thanks! I'll work on that a bit.
#
gRegorLove Aw, bret.io links died
#
gregorlove.com edited /event (+110) "/* IndieWeb Examples */ note aaronpk's top-level h-entry, bret's broken links" (view diff)
#
seblog.nl edited /event (+250) "Added myself" (view diff)
#
gRegorLove What is sitedown?
#
Loqi It looks like we don't have a page for "sitedown" yet. Would you like to create it?
#
gRegorLove Sitedown is software to generate a static HTML site from a collection of Markdown files https://hypermodules.github.io/sitedown/
#
Loqi ok
#
loqi.me created /Sitedown (+156) "prompted by gRegorLove and dfn added by gRegorLove" (view diff)
KartikPrabhu joined the channel
#
gregorlove.com edited /event (+39) "/* Jeena */ h-event as top-level microformat" (view diff)
sebsel joined the channel
#
gregorlove.com edited /event (+39) "/* Kyle Mahan */ h-event as top-level microformat" (view diff)
#
gregorlove.com edited /event (+39) "/* Shane Becker */" (view diff)
#
gregorlove.com edited /event (+38) "/* Sebastiaan Andeweg */ h-event as top-level microformat" (view diff)
#
Zegnat aaronpk re /server-indieauth how does Alice know Bob’s page contains private content? HTTP 401/403? HTTP header field Vary with Authorization?
#
aaronpk TBD, but out of scope of the spec
#
aaronpk it could be because of a webmention extension that indicates that, it could be that alice always fetches bob's home page with an authorization header when she start following bob, etc
#
Zegnat Hmm, yeah, guess it is out of scope for /server-indieauth. I was just mulling over in my head how I would get from receiving a webmention, to identifying it as private, then to the /server-indieauth flow.
#
aaronpk for private webmentions, i'd say the response of the initial verification request returning 401 along with the Link header would be sufficient
#
Zegnat I think private webmentions is a great first place for implementing and testing out this flow. Though I am biased as I am working on wm code and do not like the current private wm flow.
#
aaronpk yeah it's a solid use case for sure, but i also want to be able to have people fetch my home page with an access token and provide private posts in the feed for them
#
gregorlove.com edited /event (+226) "/* Ryan Barrett */" (view diff)
#
Zegnat Yes, I would like that too. Nice for /audience. That’s where I thought Vary: Authorization might fit.
#
Zegnat Well. I’ll go mull it over in my sleep. I am not on PDT yet. Good night all!
#
gRegorLove !tell tantek Updated /event examples. Looks like only WordPress is the outlier with a an h-event inside h-entry
#
Loqi Ok, I'll tell them that when I see them next
#
sebsel gRegorLove++
#
Loqi gregorlove has 23 karma in this channel (144 overall)
#
sknebel In the train back home
#
sknebel I guess what I saw as "logging into an app" is getting a token in aaronpk s design
#
sknebel Which seems like the more generic thing to get
#
aaronpk yeah, i think the term "logging in" has implications that are not part of this. e.g. session management
#
sknebel I'm not sure yet on discovery of the correct auth endpoint
#
sknebel Yeah, I didn't have anything like a session
#
sknebel A token is at least a basic form of it
#
sknebel And already established
#
aaronpk i'm not sure "auth endpoint" is the right term for what we need for this flow
#
sknebel Hm
#
aaronpk but i do think the mechanism is right
#
aaronparecki.com created /Template:anomalily (+169) "anomalily template" (view diff)
#
sknebel In indieauth, the thing called to verify the data is called auth endpoint, I'm not sure it's that much different?
#
aaronpk yeah my thought with calling it auth endpoint was that it verifies short-lived codes
#
aaronpk ooh if you add another step between 4 & 5 then you could actually prompt the user out of band to approve the request
#
sknebel I kind of want the webmention ebtpoint to be able to use its own identity, but thats a detail of the specific aplication of it for private WMs, not of this level
#
aaronpk that would let third-party apps use this flow as well
#
aaronpk speaking of that... i should compare this against the OAuth 2 Device Flow
#
aaronparecki.com edited /2017/Schedule (+59) "/* Keynotes */" (view diff)
#
sknebel (Because the webmention endpoint acts sort of in place of a human, but it could be different users and it should only be permitted to do so in specific cases)
[kevinmarks] joined the channel
#
sknebel With replies, I'd kind of want to give access to the posts author (URL), but that could be on a different domain. Then what identity does the webmention endpoint use?
tantek joined the channel
#
aaronpk that's kind of where i was going with the oauth thing
#
aaronpk essentially you give your webmention endpoint a way to authenticate as you
#
aaronpk it's a relationship between your webmention endpoint and your authorization endpoint
#
aaronpk if they're both in the same code base then of course you don't need a spec for it. but if it's like webmention.io and your site, then webmention.io would need a way to talk to your auth endpoint to be able to generate and use the auth codes
#
sknebel Yes
#
sknebel I guess it could be limited by a scope
#
sknebel Then multiple endpoints could still act interchangeably.
#
sknebel (As in, if you post on an external site using wm.io, and have your own endpoint on your homepage, and I send you a homepage WM, then wm.io could (if it knew the URL) read that
#
sknebel Not sure if relevant
#
sknebel so maybe the scope should limit the url-range (is that "scope", "realm" or some other parameter in oauth-speak?)
#
sknebel (thinking out loud here, since thinking quietly clearly hasn't lead me to good answers)
#
gregorlove.com edited /Donut.js (+72) "link dfn, note sponsor of /2017" (view diff)
#
gregorlove.com created /CSV_Conf (+235) "stub" (view diff)
tantek joined the channel
#
gregorlove.com edited /2017/Schedule (+59) "/* Friday Pre-Party */ link http://www.pinestreetpdx.com/" (view diff)
KevinMarks joined the channel
#
gregorlove.com edited /2017/Schedule (-1) "/* Friday Pre-Party */ fix link" (view diff)
#
GWG !tell tantek I never implemented events. I could someday
#
Loqi Ok, I'll tell them that when I see them next
KartikPrabhu and KevinMarks joined the channel
#
tantek GWG, I partially implemented events in /Falcon and then got interrupted
#
Loqi tantek: gRegorLove left you a message 1 hour, 52 minutes ago: Updated /event examples. Looks like only WordPress is the outlier with a an h-event inside h-entry
#
Loqi tantek: GWG left you a message 19 minutes ago: I never implemented events. I could someday
#
GWG I don't go enough places to put it higher
#
tantek gRegorLove: as predicted
#
GWG Same reason why it took me so long to do RSVPs
#
tantek makes sense, scratch your itchiest itch first!
#
tantek interesting the h-event discussion makes me think that it's bad for WP core to include anything "entry" in the markup, and that should be left up to themes with smart defaults in themese
#
tantek themes*
#
GWG tantek: It goes back to backward compatibility again though
#
tantek GWG, how does core make decisions about what themes to break or not?
#
aaronpk there's no backwards compatibility to worry about for h-entry, just hentry
#
tantek right
#
GWG Exactly. But right now, hentry goes on everything by default.
#
GWG That was the issue.
#
tantek GWG, if its that dependable, then a theme can find it and replace it, e.g. with h-entry, or h-event
#
tantek it's*
#
tantek reviews Events
#
tantek er, /event
#
GWG tantek: Correct. And that is what I do.
#
tantek interesting, so (or someone) could add h-event support to Post Kinds and have it replace the hentry
#
GWG tantek: You just identified my plan.
[kevinmarks] joined the channel
#
GWG I thought of doing that for h-event and h-review if I ever did it
eli_oat joined the channel