eli_oatWhat I mean is when I cross post an image, for instance, it includes a link-back to Instagram. I just made a post on my site that includes a code snippet that I made into a gist, rather than embed the gist itself I include it as a link-back: https://eli.li/entry.php?id=20170614014000
Loqi[eli] Currently, whenever I reply to or like a link the source URL displays. I've found a really sturdy way to parse content titles, but the performance is absolutely abysmal. Wicked wicked wicked slow. I think it may be something to do with how I'm invoki...
tantek.comedited /longevity (+113) "open data and longevity post from nearly 11 years ago, sort articles reverse chronological, cleanup author/by a bit" (view diff)
petermolnarrandom thoughts: why is there no schedule for a h-event? is would that be nested h-events? and why doesn't Facebook have a schedule option already for events?
[kevinmarks]We did try to mark up a session grid with the original hcalendar, but it needed to include venue by reference I think, which made markup and parsing hard.
petermolnaryeah, but there comes the problem of the venue of the schedule, eg. the main venue is "indie elementary school", schedule for "X" happening between "8am-9am" in "classroom A" which is a sub-venue of "indie elementary school" and suddenly I'm reimplementing schema.org
eli_oatI'm not doing it that way, but have been curious about spam prevention. I've been toying with trying to rate-limit or IP limit the endpoint, but haven't come up with a solution, yet
ZegnatI am building vouch into my new WM code, as well as private mentions, and was just wondering if I should implement pow too. Guess I’ll skip that.
sknebel(I have 1,5 concepts for private webmentions without the time limit floating around, but didn't yet get around to build even the most basic of prototypes)
sknebelmy verifications triggers almost immediately once a received mention has been queued, and I've thought about adding a priority queue for private webmentions for situations with higher load
ZegnatOn my Swedish web hosting, where I am currently hosting my endpoint, I do not have enough server access to set something like that up. Best I can do is trigger a script once every 5 minutes.
ZegnatI know. I could build it specifically to a server where I have more access. But that does not address the problem everyone else on shared hosting has, sknebel.
ZegnatYes, but I want the first exchange to be async for all the reasons as I want async for the second exchange, sebsel. I am fetching an unknown payload from an external server.
ZegnatI could see myself finding the token endpoint with the HEAD. No problem. But then I still need to exchange my code for a token, and that request is a normal POST with an unknown payload coming back
sknebel(also, please add your concerns to /private-webmention if they aren't reflected already, or maybe add +1 to them to make it clearer people actually have an issue with them)
Zegnatben_thatmustbeme, why would I do anything async then? The entire point of doing verification async is to handle contacting external sources outside of the first request. Now I am going to have to fetch from an external source sync anyway?
ZegnatI get a code. I then have to HEAD the source to retrieve the token_endpoint URL (I could get behind allowing a HEAD request sync). Then I have to POST the code to the token_endpoint URL and get back an unknown payload (should be JSON containing auth info).
sebselI just talked with sknebel about it in DM, (for I am not sure if this is worth your time :P) and he disliked the point that every page has to have an AuthEndpoint then.
Loqinon-interactive IndieAuth is a future way of using IndieAuth to authenticate/authorize services against other services, without a human user confirming things https://indieweb.org/non-interactive_IndieAuth
ZegnatWhat is the difference then, sknebel? On one I expect valid JSON, on the other valid HTML, to be returned within as short amount of time as possible.
ZegnatI would trust several people to adhere to the spec and quickly return a JSON body and nothing else. But to allow private webmentions from everyone?
sknebelI'd be a lot more demanding towards the API when it comes to speed and size of response. But it still is fetching and parsing content, as you say. A stricter format than JSON would be easier for that
sknebelAaronpk : I think this time I understood the dialback oauth proposal. it seems more or less identical in function to the IndieAuth dance of fetching a page and looking for an auth endpoint? If you'd replace the host or web finger lookup with looking for a rel-link you'd basically have indieauth, minus he first step of entering the domain and getting redirected (which indeed could probably be skipped)
LoqiA nicknames cache is a way indieweb sites store information about people to improve the user experience of the site owner referring, mention, and/or linking to those people https://indieweb.org/nickname_cache
sebselfor those not in the call: we're discussing my new @-mentioning, and wether that should be a person-tag or just a mention. (so: mark it up with .u-category.h-card or not)
snarfedre this morning's conversation on expiring webmention endpoints (Zegnat sebsel ben_thatmustbeme)...just as a reminder, bridgy currently caches them for up to 2h.
sknebelwhy does it directly talk to the token endpoint and not going through bobs auth endpoint? I guess I should wait for a text description bfore asking ;)
aaronpkthe authorization endpoint is used when bob needs to be in front of his computer to confirm a request, and bob's browser is directed to bob's authorization endpoint. that doesn't really apply in this case at all.
Zegnataaronpk, I think I got it now. Not very different from the private wm flow, but you can no longer send the temp code to an endpoint that doesn’t expect it? That’s the “fix”?
tantek.comedited /tag-reply (+325) "move how to to brainstorming since no one does it yet, and add tag and fallback as a use-case that is perhaps more interesting / expected than tag and comment" (view diff)
ZegnatE.g. a WordPress theme could have h-entry support that I do not touch. I can still hand-roll an event by embedding the h-event HTML inside my post body.
Zegnathow about u-url for h-event matching the u-url for h-entry? “Representative event”, like with h-cards? (Obviously does not apply to my event post.)
Zegnatthen we need to scrap it from the wiki, only allow root events. Current wording is a bit ambiguous and lets people like me break honest websites like sebsel’s ;)
tantekit was added when we were first developing events as an indieweb thing, and that was the fastest / easiest way to get WordPress folks being able to support it
tantekbut in practice posting events using WordPress never took off anyway (nor RSVPs for that matter) so yeah, no need to bend over backwards for something that never took off
Loqi[David Shanske] Description
Post Kinds adds support for responding to and interacting with other sites using the standards
developed by the IndieWeb by implementing
kinds of posts.
It can also distinguish certain types of passive posts in a manner similar to pos...
tantek.comedited /event (-99) "drop h-entry parent option - it never saw any uptake in 4+ years; note at least Benwerd's site has h-event as the top item" (view diff)
tantekcould use some help verifying the markup of the indie event post permalinks on other examples on https://indieweb.org/event#IndieWeb_Examples (like add a nested list item for each noting what type of markup it is using on the event permalink page - just h-event at the top, or contained in anything else)
aaronpkit could be because of a webmention extension that indicates that, it could be that alice always fetches bob's home page with an authorization header when she start following bob, etc
ZegnatHmm, yeah, guess it is out of scope for /server-indieauth. I was just mulling over in my head how I would get from receiving a webmention, to identifying it as private, then to the /server-indieauth flow.
ZegnatI think private webmentions is a great first place for implementing and testing out this flow. Though I am biased as I am working on wm code and do not like the current private wm flow.
aaronpkyeah it's a solid use case for sure, but i also want to be able to have people fetch my home page with an access token and provide private posts in the feed for them
sknebelI kind of want the webmention ebtpoint to be able to use its own identity, but thats a detail of the specific aplication of it for private WMs, not of this level
sknebel(Because the webmention endpoint acts sort of in place of a human, but it could be different users and it should only be permitted to do so in specific cases)
sknebelWith replies, I'd kind of want to give access to the posts author (URL), but that could be on a different domain. Then what identity does the webmention endpoint use?
aaronpkif they're both in the same code base then of course you don't need a spec for it. but if it's like webmention.io and your site, then webmention.io would need a way to talk to your auth endpoint to be able to generate and use the auth codes
sknebel(As in, if you post on an external site using wm.io, and have your own endpoint on your homepage, and I send you a homepage WM, then wm.io could (if it knew the URL) read that
Loqitantek: gRegorLove left you a message 1 hour, 52 minutes ago: Updated /event examples. Looks like only WordPress is the outlier with a an h-event inside h-entry
tantekinteresting the h-event discussion makes me think that it's bad for WP core to include anything "entry" in the markup, and that should be left up to themes with smart defaults in themese