#dev 2017-06-15

2017-06-15 UTC
#
tantek gRegorLove++ thanks for the "event" markup verification. 7 of 8 impls doing h-event as root object is pretty strong evidence, more than needed to add to the Post Type Algorithm
#
Loqi gregorlove has 24 karma in this channel (146 overall)
#
tantek issue for tracking https://github.com/tantek/post-type-discovery/issues/26
#
Loqi [tantek] #26 add "event" to Post Type Algorithm per publishing evidence
#
tantek does anyone consume h-event or look for it? aaronpk you mentioned you might?
#
aaronpk Quill does for the reply context and determining whether to show the rsvp dropdown
#
tantek I'm going to put it first in the algorithm since it's a top-level object and likely to be richer than an h-entry
#
tantek nice
#
aaronpk also Loqi does for text previews
#
aaronpk indienews consumes h-event differently from h-entry as well
#
aaronpk oh and of course the /this-week newsletter
#
tantek interesting - are those all open source?
#
aaronpk yes no yes yes
#
sknebel mf2util (python lib by kylewm) has a function to parse mfs, which includes events (determines them by being h-event and not h-entry) and which I use to determine days on which IWCs happen for the youtube bot
#
aaronpk o.O that is aware of IWC days??
#
aaronpk i thought it was only watching the youtube account! nice
#
sknebel I calculated that running it all the time would be ~25500 youtube api requests per actual video, that felt like kind of overkill
#
sknebel so now it sleeps on days where nothing is going on
#
aaronpk nice
#
tantek.com edited /event (+40) "move calumryan up to main examples section, note his event permalink has h-event at top-level" (view diff)
#
tantek looks like 8 of 9 impls
#
tantek interesting, adding h-event support to Post Type Discovery will require adding it as a normative reference, which will require updating h-event to have similar change control as h-entry. https://github.com/microformats/h-event/issues/1
#
Loqi [tantek] #1 adopt same change control as h-entry
#
tantek gets to documenting consuming tools
#
tantek what is the youtube bot?
#
tantek sknebel: ^^^
#
Loqi It looks like we don't have a page for "youtube bot" yet. Would you like to create it?
#
sknebel tantek: the thing that does that https://chat.indieweb.org/2017-05-21/1495377468034000
#
Loqi [pantal] [youtube] new Indiewebcamp stream: https://www.youtube.com/watch?v=_Zub-PBHPng
#
tantek.com edited /event (+1009) "Consuming Tools And Services - 4, 3 of which are open source!" (view diff)
#
sknebel (It's going to get a wiki page as soon as it has gotten enough smarts to login to the wiki and create its own user page ;))
#
tantek sknebel - I'm still not sure I understand - can you edit https://indieweb.org/event#mf2util accordingly?
#
aaronpk it sure would be nice if i could make Loqi authenticate to the wiki himself instead of the current solution of hardcoding his password :P
gRegorLove joined the channel
#
www.svenknebel.de edited /event (+65) "/* mf2util */ clarify lib description and using app (youtube bot)" (view diff)
#
sknebel aaronpk: only thing in the way of completely automatic is that you have to choose an auth provider on indieauth.com, other than that the flow could be relatively easily scripted (that the thought process where my comparison of manual flow to potential automatic one on /non-interacitve IndieAuth came from)
#
sknebel right now I'll have to manually grab a session cookie
KartikPrabhu joined the channel
#
aaronpk hm, okay i see where you're going with that
#
sknebel I took the existing process and tried to figure out what the smallest adjustment would be to work automatically
#
sknebel but of course you then end up with the app trying to use cookies instead of tokens, since browsers don't ask for tokens, which makes things less nice
#
aaronpk they're basically the same thing tho
#
sknebel yeah
tantek joined the channel
#
sknebel I guess that's something I should have emphasized in the description, the approach of making only small changes to what we have
#
aaronpk tho it doesn't quite work if you want everything to be able to happen asynchronously
#
sknebel yes, I didn't consider that a requirement
#
sknebel it's as not-async as the browser flow is, and that seems acceptable. fully async has benefits tho
#
sknebel (more precise: I didn't consider that *as* a requirement, I went with what was there)
KevinMarks, eli_oat and tantek joined the channel
#
sknebel anyway, I really gotta go sleep now, so I'll read further notes in the morning. Good night!
#
tantek sleep well!
[gregorlove] joined the channel
#
tantek [gregorlove]: you may be interested in https://github.com/microformats/h-event/issues/2 and https://github.com/microformats/h-event/issues/1 :)
#
Loqi [tantek] #2 advance h-event to Microformats Specification
#
gRegorLove looks
#
gRegorLove I wasn't familiar with the mf specifications process, but looks good to me
[kevinmarks], dougbeal|mb1 and [sdepolo] joined the channel
#
staceydepolo.com created /Template:staceydepolo.com (+13) "Created page with "Stacey DePolo"" (view diff)
#
staceydepolo.com edited /events/2017-06-14-homebrew-website-club (+23) "/* San Francisco */ RSVP" (view diff)
jakehart and j12t joined the channel
#
jakehart Hey all, here's an event June 28th for those interested in Indie-IoT and the intersection of technology with environmentalism: https://www.meetup.com/Climate-Change-plus-tech/events/240616788/
#
tantek jakehart++
#
Loqi jakehart has 1 karma
#
staceydepolo.com edited /Template:staceydepolo.com (+159) "added image to template" (view diff)
#
eli_oat that sounds awesome!
gRegorLove and j12t joined the channel
#
upon2020.com edited /events/2017-06-14-homebrew-website-club (+11) "added j12t" (view diff)
mblaney, j12t, j12t_, loicm, tantek, KartikPrabhu, [kevinmarks] and barpthewire joined the channel
#
loqi.me edited /safety_check (+102) "Zegnat added "https://thenextweb.com/facebook/2017/06/14/london-blaze-shows-facebooks-safety-check-deeply-flawed/" to "See Also"" (view diff)
j12t, [kevinmarks] and j12t_ joined the channel
#
seblog.nl edited /server-indieauth (+358) "/* TODO */ do we need to distinguish apps per user?" (view diff)
[sebsel] joined the channel
#
[sebsel] aaronpk I added a thought there ^^^
#
[sebsel] also, alice.server should somehow get the code mentioned in 2 from alice.auth. That might be obvious, but since they can be different servers, I think it’s good to make that explicit
#
[sebsel] or yeah, that’s before step 1., so is it out of the scope of the spec?
#
seblog.nl edited /server-indieauth (+148) "/* TODO */ alice.server gets code from alice.auth?" (view diff)
#
[sebsel] this is about reading only, right? so scope=read. do we need other things than that, or are those covered by other things?
#
[sebsel] well, sknebel wants to login to the wiki with his bot by using this, right? that’s not reading.
#
[sebsel] it’s up to Bob to decide who he gives access, but a scope might be nice in that
#
seblog.nl edited /server-indieauth (+141) "/* TODO */ do we need scoped tokens?" (view diff)
#
[sebsel] stops adding questions
#
Zegnat [sebsel], the current server-indieauth seems limited to “Hi, I am $me, do you have a token for me?” Which is nice and simple.
#
Zegnat I wonder what makes more sense: 1. Bob giving Alice a token and saying “you can use this to C/R/U/D”, or 2. Alice asking Bob for a token for the specific action she wants to do.
#
www.svenknebel.de edited /server-indieauth (+182) "/* TODO */ limiting which resources the scopes apply for?" (view diff)
#
[sebsel] sknebel, wouldn’t that be just Bob comparing the me=https://alice.example in the token to the list of audience for the post?
#
[sebsel] Zegnat, yeah, that last one is probably a bit overboard.
#
[sebsel] But we can store tokens, that’s what the extra step is for. So it’s not a per-action thing, it’s also similar future actions
#
Zegnat I think sknebel wants scoping within that scope, sebsel. So me=svenknebel.de now has access to all posts ment for him, but he wants the system to be able to request a token me=svenknebel.de that only has access to a subset of the posts.
#
[sebsel] There goes nice and simple
#
[sebsel] well, me+client already gives something you can use, in a way.
#
Zegnat private wm is a very easy usecase that needs very little. But other auths, such as micropub, will always need slightly more information than this offers
j12t and loicm joined the channel
#
Zegnat Doubled the size of my webmention endpoint, it now accepts less stuff. Here’s to hoping I did not break things.
[markmhendrickso joined the channel
#
@WendyandCharles eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875314964696883200 (twitter.com/_/status/875316880390672385)
AngeloGladding joined the channel
#
vanderven.se martijn edited /events/2017-06-28-homebrew-website-club () "(-618) Mirror --06-14, drop Seattle completely, comment venue blocks neatly (from their header to the empty line before the next), no more TBDs" (view diff)
#
Zegnat !tell tantek with yesterday’s conversation in mind, I worked on the next fortnightly event page, what do you think? Haven’t done any picking of “regular” meet-ups yet. https://indieweb.org/wiki/index.php?diff=37575&oldid=37216&rcid=37488
#
Loqi Ok, I'll tell them that when I see them next
#
sknebel Zegnat sebsel: sorry, went to lunch.
#
sknebel an example where extra limits are interesting:
#
sknebel if someone posts on a site that's not their main site (e.g. like Zegnat with licit.li if that were hosted by someone else)
#
sknebel then the webmention endpoint for that site probably should be able to read posts that are replies to posts on that site
#
sknebel but it shouldn't be able to read posts that are private homepage webmentions
#
sknebel to the main domain
#
sknebel if it freely can get read permissions for everything the user can read, that can't be stopped
#
sknebel is that a legit concern, or making stuff to complicated for no good reason?
#
Zegnat Ah, you mean, I might want the wm endpoint on licit.li not be able to read private webmentions sent to vanderven.se/martijn/? But wouldn’t both identify themselves as me=vanderven.se/martijn/ ?
#
sknebel exactly
#
sknebel that's the problem
#
sknebel so I'd like if your auth endpoint could include some limitation for that
#
sknebel e.g. include a $target-domain in the scope, which the server with the private post can check
#
Zegnat But licit.li could just lie right? It asks for a token for vanderven.se/martijn/, how will your token provider know that it is licit.li?
#
Zegnat brb, need to do the dishes. I’ll consider this case while rinsing and drying ;)
#
sknebel but it gets the token from the endpoint for vanderven.se in some undefined way. that undefined way should include some kind of auth
#
sknebel otherwise *everything* could ask for tokens
#
www.svenknebel.de uploaded /Special:Log/upload "uploaded "[[File:hwc ber stickers.jpg]]""
#
www.svenknebel.de edited /events/2017-06-14-homebrew-website-club (+94) "/* Photos */" (view diff)
singpolyma joined the channel
#
www.svenknebel.de edited /non-interactive_IndieAuth (+81) "/* proposal: simple flow */" (view diff)
loicm joined the channel
#
tantek.com uploaded /Special:Log/upload "uploaded "[[File:2017-175-hwc-sf.jpg]]""
#
tantek.com edited /events/2017-06-14-homebrew-website-club (+154) "/* Photos */ HWC sf!" (view diff)
#
www.svenknebel.de edited /2017/Leaders (+262) "/* Events Organizing */ - non-wiki channels" (view diff)
#
vanderven.se martijn uploaded /File:2017-175-hwc-virtual-eu.png "Screenshot taken of the Virtual [[events/2017-06-14-homebrew-website-club|Homebrew Website Club]] on 2017-06-14.Following the lefthand list: {{martijnvdven}}, {{aaronpk}}, {{Sebsel}}, {{tantek}}, HWC London ({{calumryan}} pictured).Missing: Mark Hendrickson (only there at the beginning), {{barryf}} (at HWC London)."
#
vanderven.se martijn edited /events/2017-06-14-homebrew-website-club (+119) "/* Photos */ Add Virtual Meetup." (view diff)
sebsel joined the channel
#
@WendyandCharles eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875345868269998084 (twitter.com/_/status/875347002044936192)
j12t joined the channel
#
vanderven.se martijn edited /2017/Leaders (+634) "/* Discussion Channels */ Update stance on #indieweb-wp, add #indieweb-chat backlog information." (view diff)
#
ben.thatmustbe.me edited /2017/Leaders (+275) "/* Discussion Channels */" (view diff)
eli_oat joined the channel
#
ben_thatmustbeme https://quitter.no/notice/4378086
#
Loqi [davidochobits] davidochobits (davidochobits)'s status on Thursday, 15-Jun-2017 16:00:09 CEST davidochobits davidochobits JavierInsitu ... https://quitter.no/attachment/1256311/thumbnail?w=449&h=252
#
ben_thatmustbeme can anyone else not scroll down?
#
ben_thatmustbeme js seems to keep autoscrolling it up
#
sknebel doesn't load at all for me
#
ben_thatmustbeme https://quitter.no/notice/4378086
#
Loqi [davidochobits] davidochobits (davidochobits)'s status on Thursday, 15-Jun-2017 16:00:09 CEST davidochobits davidochobits JavierInsitu ... https://quitter.no/attachment/1256311/thumbnail?w=449&h=252
#
ben_thatmustbeme oop
#
ben_thatmustbeme wait, not thats the same
#
ben_thatmustbeme ignore the link loqi responded with
#
ben_thatmustbeme huh, it stopped loading, now its loading again
#
sknebel now it loaded and yes, it jumps back to the top all the time
#
ben_thatmustbeme sknebel: try again
#
ben_thatmustbeme terrible
#
ben_thatmustbeme you can't even read the text in the left column
#
Zegnat JS;DR
#
ben_thatmustbeme yeah, thats been noted
#
ben_thatmustbeme at least its parsable without js
#
ben_thatmustbeme although they have an issue with their mf2
#
ben_thatmustbeme apparently this instance doesn't have it at all
#
ben_thatmustbeme so confused, wait
#
ben_thatmustbeme ah, it looks like the mf2 has been fixed
eli_oat, tantek and KevinMarks joined the channel
#
@WendyandCharles eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875365271648841728 (twitter.com/_/status/875365894997856257)
j12t joined the channel
#
aaronpk I think adding client_id in there will let you limit what the token can do on your side without putting that kind of stuff into the spec
#
aaronpk I'll have to catch up on the wiki edits in a bit
#
sknebel what's "your side"?
#
aaronpk Person with private content
#
sknebel hm, so client id could be the url of the webmention endpoint?
#
aaronpk A similar example being how my auth endpoint has its own concept of "channels" so I can limit where apps can post to but they don't know anything is different
#
aaronpk yeah client id would be something identifying the server that is requesting the token, so the webmention endpoint URL would be a good thing to use
#
sknebel okay, yes, that then covers this scenario
#
sknebel assuming the client_id can't be forged, since it is part of the validation?
#
aaronpk Haha now we're in non-interactive-IndieAuth inception
#
Loqi aaronpk: lol
#
aaronpk there are two things going on here
barpthewire joined the channel
#
aaronpk OAuth is a protocol for delegating authorization to third party clients. As a user, you trust those clients only a little, so you grant them limited scope to your account
#
aaronpk thats the situation here where you might be using a third party webmention endpoint and you want to limit what it has access to on your site
#
sknebel I want to limit what access it has on *other* peoples sites
#
aaronpk but before that's even possible, we need to talk about the authentication side, separate from what it has access to
#
aaronpk the first thing to solve is proving identity in this non interactive way
#
aaronpk and treat access and scope as a separate problem
#
sknebel ok, yes, then most of the questions asked are jumping ahead and about the next steps
#
aaronpk Yeah, the fun stuff
#
aaronpk What we need first is a way for a server to prove a request came from itself.
#
aaronpk Then we can use that for the webmention endpoint to authenticate itself when fetching posts
#
aaronpk if the webmention endpoint is on a different domain than the user it's claiming to represent, then we need the delegated authorization part so the webmention endpoint can prove the user has authorized it to act on their behalf
#
sknebel yes
#
sebsel lol, yes, I saw that inception too
#
GWG Passing through
#
sknebel I'm not sure where the "inception" is. but I'm also currently trying to understand why my webserver configuration actually works (I hope it's not a schrödinger-bug) and still thinking about what I actually wanted to do before that
#
sebsel the inception I saw is that in order for alice.server to obtain a code, it needs to prove to alice.auth that it's with alice, which is the whole problem all over again, if they are on different servers.
#
sebsel but yeah, steps.
#
sknebel ah, ok. yeah, but I assumed those two have pre-established trust of some kind
#
Zegnat One line of explanation “authenticate itself”, next line of explanation “authorization part”, and again the difference after auth- makes all the difference
#
sebsel In Dutch they are actually called 'authenticatie' and 'autorisatie' (with and without the extra H), probably for reason :P
eli_oat, j12t and [markmhendrickso joined the channel
#
@WendyandCharles eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875384288325369857 (twitter.com/_/status/875384764575952897)
#
ben_thatmustbeme :/
#
@brianjesse my latest blog post! "How the web supports different types of cross-site social networks" http://altplatform.org/2017/06/15/cross-site-social-networks/ send it a #webmention ?? (twitter.com/_/status/875386471053537280)
#
Zegnat That is a pretty good write-up ^^^ though I am not sure I agree with Slack et al as a social network. A communication network for sure, but I don’t get a big feel of identity on those.
KartikPrabhu joined the channel
#
sknebel aaronpk: I found a bug in Indieauth redirects (issue is filed), but with the new-ish feature of it redirecting automatically if there is only an authorization endpoint I think I can implement automatic wiki login
[kevinmarks], gRegorLove and KevinMarks joined the channel
#
sknebel (s/indieauth/indieauth.com)
#
aaronpk thanks
#
aaronpk hmm that'd be interesting
#
eli_oat Does anyone else who sends webmentions via webmentions.io notice that bridgy picks up POSSE'd content faster than the webmention itself is delivered?
#
aaronpk send via? webmention.io doesn't send webmentions
#
@brianjesse my blog post got its first #webmention - thanks @schnarfed! Is your blog on the social web? add a plugin and reply http://altplatform.org/2017/06/15/cross-site-social-networks/ (twitter.com/_/status/875401922508869632)
#
aaronpk webmention.io receives webmentions for people, and optionally delivers them to the site via a web hook. it processes everything asynchronously and is sometimes kinda slow about that
KartikPrabhu joined the channel
#
eli_oat Yeah, I'm manually hijacking the source/target form to send them
#
aaronpk k now you lost me
#
eli_oat this is probably not a sustainable solution to sending webmentions
#
@brianjesse thanks @aaronpk for the #webmention !? (twitter.com/_/status/875402632541503488)
#
eli_oat This form: https://webmention.io/eli.li/webmention
#
eli_oat it is dawing on me that this may only be a way for ME to receive them
#
eli_oat not send them to other folks
#
aaronpk that is correct
#
aaronpk if you want a tool to help you send webmentions to others, try https://telegraph.p3k.io/
#
eli_oat such ecosystem. much options! pieces
#
eli_oat thanks
#
eli_oat :D
#
aaronpk hehe
KevinMarks joined the channel
#
[kevinmarks] Or mention-tech.appspot.com
#
aaronpk lol the logo there is the M-down-arrow we were talking about for micropub
#
aaronpk the tagline says "Receiving webmentions for everyone" but it can also send?
#
aaronpk does it discover the receiver's webmention endpoint or does it just send it to itself?
KevinMarks and KevinMarks_ joined the channel
#
sebsel yaay, I got webmentions from eli_oat! :)
#
eli_oat :D shout out to aaronpk++ for helping me sort out what was going on there (e.g. I was trying to send them through a receiver rather than a transmitter…to go with a radio metaphor)
#
aaronpk woo
#
[kevinmarks] Yes, it passes through the webmention, but stashes a copy in case you don't have an endpoint
#
[kevinmarks] And yes, I just flipped your logo
#
[kevinmarks] What it doesn't do yet is get all the outbound links and send webmentions to them.
#
@WendyandCharles eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875416758215168000 (twitter.com/_/status/875417480243683330)
#
aaronpk :sigh: why did the blacklist stop working
eli_oat and AngeloGladding joined the channel
#
@WendyandCharles eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875426657015922688 (twitter.com/_/status/875427661513969666)
#
gRegorLove gives Loqi a blacklist
#
Loqi eats the blacklist
KartikPrabhu and sebsel joined the channel
#
@brianjesse @schnarfed now that i have the plugin - is there a way i can re-process your Like/Webmention? (twitter.com/_/status/875458754673745921)
tantek joined the channel
#
@WendyandCharles eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875460535785050112 (twitter.com/_/status/875461471223853056)
#
Zegnat tantek, I left a !tell for you here and on #microformats. I am off for the night though.
#
Zegnat Ha, he fled :p
#
Zegnat Well good night all!
j12t joined the channel
#
@WendyandCharles eBooksHabit: All they have to do is survive a pirate attack and each other. TRUST AND TREACHERY #scifi #IndieAuth… https://twitter.com/i/web/status/875469268925677568 (twitter.com/_/status/875470324346875904)
j12t_ and tantek joined the channel