#Loqiraucao: sebsel left you a message 15 hours, 54 minutes ago: Thanks! :D I can't actually run Ruby on my server (shared host ftw), but I have a Raspberry Pi working for me at home, so maybe I can get that to work. It looks good!
#raucaosebsel: if you want you can create an account on my server
#raucaoso, here's the full list of possible activity types for strava data:
#raucao<raucao> sebsel: if you want you can create an account on my server
#Loqi[Eddie Hinkle] This is a great read! I’ve been wanting to do placeholder images like this on my website but haven’t had the time to investigate. I’m happy to be able to reference this article now when I get a chance to invest in putting this feature into my w...
#LoqiAccessibility is the practice of designing so that people with disabilities can have equal access to information and functionality, applicable to both websites as well as physical environments https://indieweb.org/accessibility
tantek and dougbeal|iOS joined the channel
#[eddie]KartikPrabhu: Thanks for the heads up ? I saw the webmention notification pop up and I was like “Huh, odd” ? just allows me to iron out my webmention processing rules. Making sure to not show a post that mentions itself is probably a good one
[eddie] joined the channel
#KartikPrabhuyeah, i don't know if I do this either :P
gRegorLove, tantek and deathrow1 joined the channel
#sebselraucao I took the liberty to add your list of Strava exercise names to the wiki
#sebsel(I always find Yoga strange in that list: "today I did 8 miles of yoga")
#sebselMissing from that list is skateboarding / longboarding, btw. I once recorded a skateboard ride and found on a forum that they did not really want to add it because they did not wat to promote those sports.
#sebselCould be a IndieWeb why: choose your own name for your activity types ;)
#LoqiPinterest is a visual bookmark hosting silo where users "pin" (bookmark), or "repin" (repost a bookmark of) a page with a specific image from that page to a "pinboard" (named bookmark collection) and follow other users and/or pinboards created by others https://indieweb.org/Pinterest
#ZegnatMaybe add some stuff you learned on there, petermolnar ^^^
#voxpelli[eddie]: almost right, the first parameter is the value of the ?q= param and you should check what query that's requested and send the correct value for each query type
#snarfedsenders can set u-url to any other page on anyone else's site that satisfies a vouch, which allows spoofing, which is bad
#snarfedbut it's also ideally how vouch would work with bridgy. if bridgy sends a wm from twitter.com/foo/... to bar.com/..., ideally a vouch would show a link path from bar.com to twitter.com/foo, not to bridgy, which just happens to host the translated page
#snarfedthat's the source vs u-url question. :P source is bridgy, u-url is silo user
#snarfedand the true spirit of vouch would be to determine whether the target trusts the silo user. bridgy is just a service.
#ben_thatmustbemehere is why you can trust me, and here is a reply that someone posted to you
#ZegnatOoh, I get it. source=bridgy/zegnatstweet/tweetnumber1 but vouch=tantek.com and tantek.com might link to zegnat.net but not to bridgy/zegnat ... is that the problem?
#snarfedZegnat: yes! for bridgy wms, the real source user is the silo user, not bridgy
#snarfed(even though the wm source domain happens to be bridgy)
#ben_thatmustbemesnarfed, it sounds like another layer after vouch though
#ben_thatmustbemevouch is getting the webmention, you are talking about trusting the contents
#snarfedeh u-url is just the one way we have to do delegation right now. i'm fine if it's not u-url, i just don't see an obvious existing alternative
#Loqi[Scott Gilbertson] @aaronpk writing a little piece on this, wondered if you might have a minute to answer a couple quick questions later today?
#ben_thatmustbemethere are several parts, 1) should i accept that you are not a spammer and have something i will want to look at. 2) should I accept messages from that user? 3) is this actually from that user?
#snarfedben_thatmustbeme: eh no this is arguably still #1. twitter isn't a spammer, bridgy isn't a spammer, but individual twitter users definitely can be
#snarfedideally vouch for bridgy would let recipients determine whether individual silo users are spammers
#Zegnatyou would need an extension on vouch. E.g. when the link provided as vouch links to whoever the rel="me" is on the brid.gy page, still except the vouch as valid. Though you would need more additional checks as everything that is on the brid.gy page is spoofable.
#snarfedgRegorLove: sorry, yes. bridgy sends a wm from that source page (on the brid.gy domain) to aaronparecki.com. if bridgy included a vouch, right now it would let aaron check a link path from aaronparecki.com => vouch => brid.gy
#ben_thatmustbemesnarfed: one solution would be if all syndicated copies from a source were under the same url path (is that the case now)
#snarfed...but that's not really very useful. ideally we'd let him check a link path from http://aaronparecki.com/ => vouch => twitter.com/luxagraf
#ben_thatmustbememaybe you look at the author of the post, and go about it that way
#ben_thatmustbemeso vouch is only getting the webmention in, but then you need some sort of person-vouch for getting the actual comment through?
#Zegnat“I trust the domain this webmention is coming from, but do I trust the author”. That does sound like the next logical step, yes.
#snarfedarguably same problem though, you can spoof author to point to anything, right?
#ZegnatThe author page would have to link back in some way. That is how you get into the “additional checks” I mentioned :(
#gRegorLoveFor vouch verification, how about if the intermediate site (bridgy) doesn't match the vouch URL, check if the intermediary has an h-entry.u-url that matches
#snarfedZegnat: yup. add enough rel-me link fetches and checks, and it probably works. annoying though.
#ben_thatmustbemei mean, really i suppose i shouldn't be trusting the content at all from brid.gy and should fetch the source material (except that i can't)
#Zegnatvouch do not. But we need a way to find author anyway, so need to depend on some sort of parsing already
#snarfedgotta run, back later. thanks for discussing all!
#gRegorLoveOh, I think I understand. Yes, you cannot do /OPD from my microformats.org post
#Zegnatinteresting conundrum you put in snarfed ;) have a good one!
#ben_thatmustbemei think vouch only tries to determine, 'does this domain seem trustworthy', after that it comes down to the fact that its possible to spoof messages, but they would likely get blocked pretty quickly
#ZegnatI agree ben_thatmustbeme... really this is about the next step you mentioned: do you trust the author. That comes in after you trust the domain.
#ZegnatI don’t think brid.gy webmentions can ever be vouched for. Either you choose to accept brid.gy webmentions, or you don’t.
#ben_thatmustbemedid the author actually write this is a headache that people dive directly in to crypto, etc
#Loqi[gRegorLove] For vouch verification, how about if the intermediate site (bridgy) doesn't match the vouch URL, check if the intermediary has an h-entry.u-url that matches
#Zegnatso: parse the bridgy provided HTML, take the entry’s listed permalink from the url property, and see if the vouch URL vouches for that permalink?
#ZegnatWhat is stopping me to put the u-url as an article on your site gRegorLove? Then I can use any vouch URL that vouches for you (a non spammer) but I (a spammer) still get to chose the e-content of my reply.
#LoqiIt looks like we don't have a page for "stopping me to put the u-url as an article on your site gRegorLove" yet. Would you like to create it?
#ZegnatSo you would need an extra step where your webmention endpoint goes and validates whether the person from the u-url specifies on *their* site that bridgy is a valid intermediary for them
#gRegorLoveI'm still hazy on this the more I think about it. Think I'll step away for a bit. :)
KartikPrabhu and j_juran joined the channel
#vanderven.se martijnuploaded /File:2017-179-hwc-virtual-eu.jpg "Screenshot taken of the Virtual Homebrew Website Club on 2017-06-28.From upper left corner going clockwise: {{martijnvdven}}, {{sebsel}}, {{dougbeal}}, {{calumryan}}, {{petermolnar}}, {{barryf}}.Missing: {{lukasrosenstock}} who left because of technical difficulties."
#gRegorLoveIn other dev topics, micropub question: Thoughts on whether bookpub (micropub client for books) should assemble an HTML e-content, or just send through the h-cite + properties, with a plain text summary property as a fallback? This is the e-content HTML I was playing with generating in the mp client: http://pin13.net/mf2/?id=20170628224458208
#gRegorLoveDo any other mp clients assemble an e-content from other fields -- like, other than the Quill editor where you're authoring in HTML already?
#sebselgRegorLove I do it different: I keep a list of books I have at https://seblog.nl/bieb and then I just send a h=entry&read-of=https://seblog.nl/isbn/9789023425021 to my endpoint. My display then fetches the mf2 from the URL (but technically the book could also live somewhere else, if there was microformats there)
#sebselhmz, XRay returns the name of the first book in my library :P
#sebselBut that's how I would imagine a real indieweb checkin would go too: just give it the URL of the venue, and then your site fetches their h-card.
#gRegorLovesebsel: Oh, interesting. Which mp client?