#dev 2017-06-15

2017-06-15 UTC
#
tantek
gRegorLove++ thanks for the "event" markup verification. 7 of 8 impls doing h-event as root object is pretty strong evidence, more than needed to add to the Post Type Algorithm
#
Loqi
gregorlove has 24 karma in this channel (146 overall)
#
Loqi
[tantek] #26 add "event" to Post Type Algorithm per publishing evidence
#
tantek
does anyone consume h-event or look for it? aaronpk you mentioned you might?
#
aaronpk
Quill does for the reply context and determining whether to show the rsvp dropdown
#
tantek
I'm going to put it first in the algorithm since it's a top-level object and likely to be richer than an h-entry
#
aaronpk
also Loqi does for text previews
#
aaronpk
indienews consumes h-event differently from h-entry as well
#
aaronpk
oh and of course the /this-week newsletter
#
tantek
interesting - are those all open source?
#
aaronpk
yes no yes yes
#
sknebel
mf2util (python lib by kylewm) has a function to parse mfs, which includes events (determines them by being h-event and not h-entry) and which I use to determine days on which IWCs happen for the youtube bot
#
aaronpk
o.O that is aware of IWC days??
#
aaronpk
i thought it was only watching the youtube account! nice
#
sknebel
I calculated that running it all the time would be ~25500 youtube api requests per actual video, that felt like kind of overkill
#
sknebel
so now it sleeps on days where nothing is going on
#
tantek.com
edited /event (+40) "move calumryan up to main examples section, note his event permalink has h-event at top-level"
(view diff)
#
tantek
looks like 8 of 9 impls
#
tantek
interesting, adding h-event support to Post Type Discovery will require adding it as a normative reference, which will require updating h-event to have similar change control as h-entry. https://github.com/microformats/h-event/issues/1
#
Loqi
[tantek] #1 adopt same change control as h-entry
#
tantek
gets to documenting consuming tools
#
tantek
what is the youtube bot?
#
tantek
sknebel: ^^^
#
Loqi
It looks like we don't have a page for "youtube bot" yet. Would you like to create it?
#
Loqi
[pantal] [youtube] new Indiewebcamp stream: https://www.youtube.com/watch?v=_Zub-PBHPng
#
tantek.com
edited /event (+1009) "Consuming Tools And Services - 4, 3 of which are open source!"
(view diff)
#
sknebel
(It's going to get a wiki page as soon as it has gotten enough smarts to login to the wiki and create its own user page ;))
#
tantek
sknebel - I'm still not sure I understand - can you edit https://indieweb.org/event#mf2util accordingly?
#
aaronpk
it sure would be nice if i could make Loqi authenticate to the wiki himself instead of the current solution of hardcoding his password :P
gRegorLove joined the channel
#
www.svenknebel.de
edited /event (+65) "/* mf2util */ clarify lib description and using app (youtube bot)"
(view diff)
#
sknebel
aaronpk: only thing in the way of completely automatic is that you have to choose an auth provider on indieauth.com, other than that the flow could be relatively easily scripted (that the thought process where my comparison of manual flow to potential automatic one on /non-interacitve IndieAuth came from)
#
sknebel
right now I'll have to manually grab a session cookie
KartikPrabhu joined the channel
#
aaronpk
hm, okay i see where you're going with that
#
sknebel
I took the existing process and tried to figure out what the smallest adjustment would be to work automatically
#
sknebel
but of course you then end up with the app trying to use cookies instead of tokens, since browsers don't ask for tokens, which makes things less nice
#
aaronpk
they're basically the same thing tho
tantek joined the channel
#
sknebel
I guess that's something I should have emphasized in the description, the approach of making only small changes to what we have
#
aaronpk
tho it doesn't quite work if you want everything to be able to happen asynchronously
#
sknebel
yes, I didn't consider that a requirement
#
sknebel
it's as not-async as the browser flow is, and that seems acceptable. fully async has benefits tho
#
sknebel
(more precise: I didn't consider that *as* a requirement, I went with what was there)
KevinMarks, eli_oat and tantek joined the channel
#
sknebel
anyway, I really gotta go sleep now, so I'll read further notes in the morning. Good night!
#
tantek
sleep well!
[gregorlove] joined the channel
#
Loqi
[tantek] #2 advance h-event to Microformats Specification
#
gRegorLove
I wasn't familiar with the mf specifications process, but looks good to me
[kevinmarks], dougbeal|mb1 and [sdepolo] joined the channel
#
staceydepolo.com
created /Template:staceydepolo.com (+13) "Created page with "Stacey DePolo""
(view diff)
jakehart and j12t joined the channel
#
jakehart
Hey all, here's an event June 28th for those interested in Indie-IoT and the intersection of technology with environmentalism: https://www.meetup.com/Climate-Change-plus-tech/events/240616788/
#
tantek
jakehart++
#
Loqi
jakehart has 1 karma
#
staceydepolo.com
edited /Template:staceydepolo.com (+159) "added image to template"
(view diff)
#
eli_oat
that sounds awesome!
gRegorLove and j12t joined the channel
mblaney, j12t, j12t_, loicm, tantek, KartikPrabhu, [kevinmarks] and barpthewire joined the channel
#
loqi.me
edited /safety_check (+102) "Zegnat added "https://thenextweb.com/facebook/2017/06/14/london-blaze-shows-facebooks-safety-check-deeply-flawed/" to "See Also""
(view diff)
j12t, [kevinmarks] and j12t_ joined the channel
#
seblog.nl
edited /server-indieauth (+358) "/* TODO */ do we need to distinguish apps per user?"
(view diff)
[sebsel] joined the channel
#
[sebsel]
aaronpk I added a thought there ^^^
#
[sebsel]
also, alice.server should somehow get the code mentioned in 2 from alice.auth. That might be obvious, but since they can be different servers, I think it’s good to make that explicit
#
[sebsel]
or yeah, that’s before step 1., so is it out of the scope of the spec?
#
seblog.nl
edited /server-indieauth (+148) "/* TODO */ alice.server gets code from alice.auth?"
(view diff)
#
[sebsel]
this is about reading only, right? so scope=read. do we need other things than that, or are those covered by other things?
#
[sebsel]
well, sknebel wants to login to the wiki with his bot by using this, right? that’s not reading.
#
[sebsel]
it’s up to Bob to decide who he gives access, but a scope might be nice in that
#
seblog.nl
edited /server-indieauth (+141) "/* TODO */ do we need scoped tokens?"
(view diff)
#
[sebsel]
stops adding questions
#
Zegnat
[sebsel], the current server-indieauth seems limited to “Hi, I am $me, do you have a token for me?” Which is nice and simple.
#
Zegnat
I wonder what makes more sense: 1. Bob giving Alice a token and saying “you can use this to C/R/U/D”, or 2. Alice asking Bob for a token for the specific action she wants to do.
#
www.svenknebel.de
edited /server-indieauth (+182) "/* TODO */ limiting which resources the scopes apply for?"
(view diff)
#
[sebsel]
sknebel, wouldn’t that be just Bob comparing the me=https://alice.example in the token to the list of audience for the post?
#
[sebsel]
Zegnat, yeah, that last one is probably a bit overboard.
#
[sebsel]
But we can store tokens, that’s what the extra step is for. So it’s not a per-action thing, it’s also similar future actions
#
Zegnat
I think sknebel wants scoping within that scope, sebsel. So me=svenknebel.de now has access to all posts ment for him, but he wants the system to be able to request a token me=svenknebel.de that only has access to a subset of the posts.
#
[sebsel]
There goes nice and simple
#
[sebsel]
well, me+client already gives something you can use, in a way.
#
Zegnat
private wm is a very easy usecase that needs very little. But other auths, such as micropub, will always need slightly more information than this offers
j12t and loicm joined the channel
#
Zegnat
Doubled the size of my webmention endpoint, it now accepts less stuff. Here’s to hoping I did not break things.
[markmhendrickso joined the channel
#
@WendyandCharles
eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875314964696883200
(twitter.com/_/status/875316880390672385)
AngeloGladding joined the channel
#
vanderven.se martijn
edited /events/2017-06-28-homebrew-website-club () "(-618) Mirror --06-14, drop Seattle completely, comment venue blocks neatly (from their header to the empty line before the next), no more TBDs"
(view diff)
#
Zegnat
!tell tantek with yesterday’s conversation in mind, I worked on the next fortnightly event page, what do you think? Haven’t done any picking of “regular” meet-ups yet. https://indieweb.org/wiki/index.php?diff=37575&oldid=37216&rcid=37488
#
Loqi
Ok, I'll tell them that when I see them next
#
sknebel
Zegnat sebsel: sorry, went to lunch.
#
sknebel
an example where extra limits are interesting:
#
sknebel
if someone posts on a site that's not their main site (e.g. like Zegnat with licit.li if that were hosted by someone else)
#
sknebel
then the webmention endpoint for that site probably should be able to read posts that are replies to posts on that site
#
sknebel
but it shouldn't be able to read posts that are private homepage webmentions
#
sknebel
to the main domain
#
sknebel
if it freely can get read permissions for everything the user can read, that can't be stopped
#
sknebel
is that a legit concern, or making stuff to complicated for no good reason?
#
Zegnat
Ah, you mean, I might want the wm endpoint on licit.li not be able to read private webmentions sent to vanderven.se/martijn/? But wouldn’t both identify themselves as me=vanderven.se/martijn/ ?
#
sknebel
exactly
#
sknebel
that's the problem
#
sknebel
so I'd like if your auth endpoint could include some limitation for that
#
sknebel
e.g. include a $target-domain in the scope, which the server with the private post can check
#
Zegnat
But licit.li could just lie right? It asks for a token for vanderven.se/martijn/, how will your token provider know that it is licit.li?
#
Zegnat
brb, need to do the dishes. I’ll consider this case while rinsing and drying ;)
#
sknebel
but it gets the token from the endpoint for vanderven.se in some undefined way. that undefined way should include some kind of auth
#
sknebel
otherwise *everything* could ask for tokens
singpolyma joined the channel
#
www.svenknebel.de
edited /non-interactive_IndieAuth (+81) "/* proposal: simple flow */"
(view diff)
loicm joined the channel
#
www.svenknebel.de
edited /2017/Leaders (+262) "/* Events Organizing */ - non-wiki channels"
(view diff)
#
vanderven.se martijn
uploaded /File:2017-175-hwc-virtual-eu.png "Screenshot taken of the Virtual [[events/2017-06-14-homebrew-website-club|Homebrew Website Club]] on 2017-06-14.Following the lefthand list: {{martijnvdven}}, {{aaronpk}}, {{Sebsel}}, {{tantek}}, HWC London ({{calumryan}} pictured).Missing: Mark Hendrickson (only there at the beginning), {{barryf}} (at HWC London)."
#
vanderven.se martijn
edited /events/2017-06-14-homebrew-website-club (+119) "/* Photos */ Add Virtual Meetup."
(view diff)
sebsel joined the channel
#
@WendyandCharles
eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875345868269998084
(twitter.com/_/status/875347002044936192)
j12t joined the channel
#
vanderven.se martijn
edited /2017/Leaders (+634) "/* Discussion Channels */ Update stance on #indieweb-wp, add #indieweb-chat backlog information."
(view diff)
#
ben.thatmustbe.me
edited /2017/Leaders (+275) "/* Discussion Channels */"
(view diff)
eli_oat joined the channel
#
Loqi
[davidochobits] davidochobits (davidochobits)'s status on Thursday, 15-Jun-2017 16:00:09 CEST davidochobits davidochobits JavierInsitu ... https://quitter.no/attachment/1256311/thumbnail?w=449&h=252
#
ben_thatmustbeme
can anyone else not scroll down?
#
ben_thatmustbeme
js seems to keep autoscrolling it up
#
sknebel
doesn't load at all for me
#
Loqi
[davidochobits] davidochobits (davidochobits)'s status on Thursday, 15-Jun-2017 16:00:09 CEST davidochobits davidochobits JavierInsitu ... https://quitter.no/attachment/1256311/thumbnail?w=449&h=252
#
ben_thatmustbeme
wait, not thats the same
#
ben_thatmustbeme
ignore the link loqi responded with
#
ben_thatmustbeme
huh, it stopped loading, now its loading again
#
sknebel
now it loaded and yes, it jumps back to the top all the time
#
ben_thatmustbeme
sknebel: try again
#
ben_thatmustbeme
you can't even read the text in the left column
#
Zegnat
JS;DR
#
ben_thatmustbeme
yeah, thats been noted
#
ben_thatmustbeme
at least its parsable without js
#
ben_thatmustbeme
although they have an issue with their mf2
#
ben_thatmustbeme
apparently this instance doesn't have it at all
#
ben_thatmustbeme
so confused, wait
#
ben_thatmustbeme
ah, it looks like the mf2 has been fixed
eli_oat, tantek and KevinMarks joined the channel
#
@WendyandCharles
eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875365271648841728
(twitter.com/_/status/875365894997856257)
j12t joined the channel
#
aaronpk
I think adding client_id in there will let you limit what the token can do on your side without putting that kind of stuff into the spec
#
aaronpk
I'll have to catch up on the wiki edits in a bit
#
sknebel
what's "your side"?
#
aaronpk
Person with private content
#
sknebel
hm, so client id could be the url of the webmention endpoint?
#
aaronpk
A similar example being how my auth endpoint has its own concept of "channels" so I can limit where apps can post to but they don't know anything is different
#
aaronpk
yeah client id would be something identifying the server that is requesting the token, so the webmention endpoint URL would be a good thing to use
#
sknebel
okay, yes, that then covers this scenario
#
sknebel
assuming the client_id can't be forged, since it is part of the validation?
#
aaronpk
Haha now we're in non-interactive-IndieAuth inception
#
Loqi
aaronpk: lol
#
aaronpk
there are two things going on here
barpthewire joined the channel
#
aaronpk
OAuth is a protocol for delegating authorization to third party clients. As a user, you trust those clients only a little, so you grant them limited scope to your account
#
aaronpk
thats the situation here where you might be using a third party webmention endpoint and you want to limit what it has access to on your site
#
sknebel
I want to limit what access it has on *other* peoples sites
#
aaronpk
but before that's even possible, we need to talk about the authentication side, separate from what it has access to
#
aaronpk
the first thing to solve is proving identity in this non interactive way
#
aaronpk
and treat access and scope as a separate problem
#
sknebel
ok, yes, then most of the questions asked are jumping ahead and about the next steps
#
aaronpk
Yeah, the fun stuff
#
aaronpk
What we need first is a way for a server to prove a request came from itself.
#
aaronpk
Then we can use that for the webmention endpoint to authenticate itself when fetching posts
#
aaronpk
if the webmention endpoint is on a different domain than the user it's claiming to represent, then we need the delegated authorization part so the webmention endpoint can prove the user has authorized it to act on their behalf
#
sebsel
lol, yes, I saw that inception too
#
GWG
Passing through
#
sknebel
I'm not sure where the "inception" is. but I'm also currently trying to understand why my webserver configuration actually works (I hope it's not a schrödinger-bug) and still thinking about what I actually wanted to do before that
#
sebsel
the inception I saw is that in order for alice.server to obtain a code, it needs to prove to alice.auth that it's with alice, which is the whole problem all over again, if they are on different servers.
#
sebsel
but yeah, steps.
#
sknebel
ah, ok. yeah, but I assumed those two have pre-established trust of some kind
#
Zegnat
One line of explanation “authenticate itself”, next line of explanation “authorization part”, and again the difference after auth- makes all the difference
#
sebsel
In Dutch they are actually called 'authenticatie' and 'autorisatie' (with and without the extra H), probably for reason :P
eli_oat, j12t and [markmhendrickso joined the channel
#
@WendyandCharles
eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875384288325369857
(twitter.com/_/status/875384764575952897)
#
@brianjesse
my latest blog post! "How the web supports different types of cross-site social networks" http://altplatform.org/2017/06/15/cross-site-social-networks/ send it a #webmention ??
(twitter.com/_/status/875386471053537280)
#
Zegnat
That is a pretty good write-up ^^^ though I am not sure I agree with Slack et al as a social network. A communication network for sure, but I don’t get a big feel of identity on those.
KartikPrabhu joined the channel
#
sknebel
aaronpk: I found a bug in Indieauth redirects (issue is filed), but with the new-ish feature of it redirecting automatically if there is only an authorization endpoint I think I can implement automatic wiki login
[kevinmarks], gRegorLove and KevinMarks joined the channel
#
sknebel
(s/indieauth/indieauth.com)
#
aaronpk
thanks
#
aaronpk
hmm that'd be interesting
#
eli_oat
Does anyone else who sends webmentions via webmentions.io notice that bridgy picks up POSSE'd content faster than the webmention itself is delivered?
#
aaronpk
send via? webmention.io doesn't send webmentions
#
@brianjesse
my blog post got its first #webmention - thanks @schnarfed! Is your blog on the social web? add a plugin and reply http://altplatform.org/2017/06/15/cross-site-social-networks/
(twitter.com/_/status/875401922508869632)
#
aaronpk
webmention.io receives webmentions for people, and optionally delivers them to the site via a web hook. it processes everything asynchronously and is sometimes kinda slow about that
KartikPrabhu joined the channel
#
eli_oat
Yeah, I'm manually hijacking the source/target form to send them
#
aaronpk
k now you lost me
#
eli_oat
this is probably not a sustainable solution to sending webmentions
#
eli_oat
it is dawing on me that this may only be a way for ME to receive them
#
eli_oat
not send them to other folks
#
aaronpk
that is correct
#
aaronpk
if you want a tool to help you send webmentions to others, try https://telegraph.p3k.io/
#
eli_oat
such ecosystem. much options! pieces
#
eli_oat
thanks
KevinMarks joined the channel
#
[kevinmarks]
Or mention-tech.appspot.com
#
aaronpk
lol the logo there is the M-down-arrow we were talking about for micropub
#
aaronpk
the tagline says "Receiving webmentions for everyone" but it can also send?
#
aaronpk
does it discover the receiver's webmention endpoint or does it just send it to itself?
KevinMarks and KevinMarks_ joined the channel
#
sebsel
yaay, I got webmentions from eli_oat! :)
#
eli_oat
:D shout out to aaronpk++ for helping me sort out what was going on there (e.g. I was trying to send them through a receiver rather than a transmitter…to go with a radio metaphor)
#
[kevinmarks]
Yes, it passes through the webmention, but stashes a copy in case you don't have an endpoint
#
[kevinmarks]
And yes, I just flipped your logo
#
[kevinmarks]
What it doesn't do yet is get all the outbound links and send webmentions to them.
#
@WendyandCharles
eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875416758215168000
(twitter.com/_/status/875417480243683330)
#
aaronpk
:sigh: why did the blacklist stop working
eli_oat and AngeloGladding joined the channel
#
@WendyandCharles
eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875426657015922688
(twitter.com/_/status/875427661513969666)
#
gRegorLove
gives Loqi a blacklist
#
Loqi
eats the blacklist
KartikPrabhu and sebsel joined the channel
#
@brianjesse
@schnarfed now that i have the plugin - is there a way i can re-process your Like/Webmention?
(twitter.com/_/status/875458754673745921)
tantek joined the channel
#
@WendyandCharles
eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875460535785050112
(twitter.com/_/status/875461471223853056)
#
Zegnat
tantek, I left a !tell for you here and on #microformats. I am off for the night though.
#
Zegnat
Ha, he fled :p
#
Zegnat
Well good night all!
j12t joined the channel
#
@WendyandCharles
eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875469268925677568
(twitter.com/_/status/875470324346875904)
j12t_ and tantek joined the channel