#dev 2017-06-30

2017-06-30 UTC
#
gRegorLove
AngeloGladding: colinwalker builds a blogroll directory based on webmentions he's received: https://colinwalker.blog/directory/
j_juran and davidmead joined the channel
#
AngeloGladding
gRegorLove: thanks and do you manually curate https://gregorlove.com/following/
#
gRegorLove
It's kind of a proof-of-concept for Vouch. I don't require the vouch parameter with incoming webmentions, but have run tests with that list
#
AngeloGladding
so both solutions are vouch related it seems
#
gRegorLove
Colin's wasn't set up to be, afaik, but it could be used for that, yes.
#
gRegorLove
I am interested in it as a /blogroll too, just haven't explored that much yet.
#
gRegorLove
Are you interested in sending webmentions when you add people to the blogroll?
#
AngeloGladding
yes
#
gRegorLove
/follow might be more what you're looking for there
#
gRegorLove
A /blogroll could just aggregate your /follow posts
#
ben_thatmustbeme
thats what i using for reference when implementing
#
AngeloGladding
gRegorLove: I suppose I'm looking more to facilitate /friending but http://indieweb.org/follow#Follow_notifications is a good start -- thanks
#
gRegorLove
Yeah, some of those terms overlap a bit
#
aaronpk
ben_thatmustbeme: yeah in the redirect
#
aaronpk
the funny thing is if you don't include it then it's even closer to the OAuth 2 spec
#
gregorlove.com
edited /Planning () "(-1333) /* Completed */ rm section since all planning notes are archived. Note 2016/Düsseldorf didn't have planning notes here"
(view diff)
#
ben_thatmustbeme
should update the wiki with that change then
#
snarfed
AngeloGladding: you may be interested in http://www.indiemap.org/ (blatant plug :P)
#
Loqi
Indie Map is a public IndieWeb social graph and dataset. 2300 sites, 5.7M pages, 380GB HTML + mf2. Social graph API and interactive map...
#
aaronpk
indiemap++
#
Loqi
indiemap has 1 karma
#
AngeloGladding
saw it, love it, great work!
#
AngeloGladding
indiemap++
#
Loqi
indiemap has 2 karma
j_juran, tantek and [miklb] joined the channel
#
GWG
aaronpk, do you have any documentation of the fields you use for webmention.io for logging?
tantek joined the channel
#
dougbeal
What is u-uid
#
Loqi
u-uid is a microformats2 property for representing a unique identifier for the item, e.g https://indieweb.org/u-uid
#
tantek
and the period definition terminator strikes again!
#
tantek
(hence I end up using "like" instead of "e.g." in page definitions :) )
#
dougbeal
What is a u-url
#
Loqi
It looks like we don't have a page for "u-url" yet. Would you like to create it?
#
aaronpk
Finding sentence terminators is hard
#
aaronpk
GWG: what do you mean for logging?
#
aaronpk
I think there is very little documentation of webmention.io in general tho so the answer is probably no
#
GWG
aaronpk, trying to enhance webmentions in WordPress. No data kept on failures. Looking for ideas
#
aaronpk
Ah gotcha
#
GWG
Anything you can think of?
#
GWG
Right now, we store source url, target url, target fragment, and creation time.
#
aaronpk
If the webmention fails verification then nothing is kept in the logs past the short cache for the status URLs
#
GWG
Short cache?
#
aaronpk
It caches the URLs and timestamp in order to provide a status URL
#
GWG
Okay
#
GWG
Response code is one I was thinking of adding
#
gRegorLove
More logging in the receiveWebmention() method in that file, actually.
#
gRegorLove
Yeah, http response code is a good one to log imo
#
tantek
if you're going to log anything, have a plan / code for: 1) time window, i.e. only keep past n days, and 2) anonymizing by default
#
GWG
tantek, anonomizing for what reason?
#
GWG
What would be anonomized in a webmention log
#
tantek
GWG, for all the reasons @pinboard has been tweeting about for ages
#
GWG
I think I need to reread those.
#
GWG
Retention I get.
#
tantek
he's written several longer pieces I think too, about how all tech companies need to switch ASAP to 30day logs max for anything web related, and anonymized if possible
AngeloGladding and KartikPrabhu joined the channel
#
gregorlove.com
edited /Paw (+1) "link dfn"
(view diff)
[miklb] joined the channel
#
@WendyandCharles
ReadersGazette: BLOG Indie Author Answers by Jim Heskett http://www.thejugglingauthor.com/indieauth/ Get help writing your book #bookbloggers 89
(twitter.com/_/status/880389020894863361)
Billbennettnz and cweiske joined the channel
#
raucao
so, i was looking into sending webmentions from huginn, but i don't yet understand how that works. if the original page is not an indieweb site, how to i transport the actual like/repost/etc?
#
raucao
(want to send webmentions to known for mastodon favs/boosts)
barpthewire, KevinMarks and KevinMarks_ joined the channel
#
sknebel
the mastodon instance needs the necessary microformats for known to parse
#
sknebel
I know mastodon has some mf2 by now, not sure how much
#
raucao
oh sweet
#
raucao
that makes it easy :)
#
sknebel
at least for some cases. not sure if favorite is in it actually
#
raucao
right, afaik those are actually not public
#
sknebel
ah, ok. but repost and reply to are there
#
raucao
except with reposts you can only find the MF on mastodon sites, not other ones
#
raucao
until they also adopt mf
#
raucao
i actually care mostly about favs and reposts, so one of those doesn't exist and the other one i often get from gnusocial instances
#
raucao
but how does bridgy do it for e.g. fb/twitter then?
#
sknebel
bridgy creates its own sites mirroring the content, with the correct markup
#
raucao
but still links to the original on twitter
#
raucao
so it must somehow communicate both, right?
#
sknebel
oh, right
#
sknebel
it creates on its own page a h-entry with u-url == the twitter post
#
raucao
ah ok
#
raucao
makes sense
#
raucao
-ish :)
#
sknebel
and people then whitelist bridgy in their site code to override it in display
#
sknebel
occasionally you might even see the post attributed to bridgy, where they don't have special code for that case
#
raucao
i didn't whitelist anything, it just sends webmentions to known and everything works
#
sknebel
then known probably has that built in
#
raucao
ok, so i will publish a mini html page to my public storage linking to mastodon then
#
raucao
and not care about if the favs actually appear on the linked src url
#
raucao
because that's obvious from the other html resource that is actually being parsed for the fav
#
sknebel
example: if you look at comments on aarons site, you sometimes see "via brid-gy.appspot.com" next to it (e.g. at te bottom of https://aaronparecki.com/2016/10/08/15/multi-camera-portable-live-video)
#
Loqi
[Aaron Parecki] Multi-Camera Portable Live Video Rig
#
sknebel
and that links to the bridgy page
#
KartikPrabhu
sknebel: I do that "via bridgy" thing too
#
@skddc
Finally checked out all the built-in Huginn agents, and it completely blew my mind. Infinite possibilities! https://github.com/huginn/huginn
(twitter.com/_/status/880481774962429953)
#
raucao
so there's a known_from url param
#
raucao
doesn't appear in the spec tho
#
sknebel
thats just some known internal thing, I don't think it has any special function
#
sknebel
(outside of known)
#
raucao
other than letting twitter know that i'm syndicating my content via bridgy :)
#
sknebel
makes a note to talk about bridgy at next HWC Berlin
#
sknebel
What is oEmbed?
#
Loqi
oEmbed is a 2009-era JSON-based format for providing information to construct a link-preview of a page https://indieweb.org/oEmbed
cweiske joined the channel
#
raucao
what is hwc berlin?
#
Loqi
It looks like we don't have a page for "hwc berlin" yet. Would you like to create it?
#
sknebel
homebrew website club
#
sknebel
we talked about webmentions last time, and I should have explained the trick bridgy uses
#
sknebel
so I'll add that next time
#
raucao
oh nice, betahaus cafe
#
raucao
my office is above that on the other side of the building :)
#
raucao
wait, that was feb
#
sknebel
raucao: you are in Berlin?
#
raucao
> Starbucks Sony-Center
#
raucao
is that actually in a starbucks cafe?
#
raucao
sometimes i am
#
sknebel
it has been surprisingly difficult to find a space :/
#
raucao
we have one
#
sknebel
betahaus cafe was nice, but now they close really early
#
raucao
i'll ask about that date, because it's one of the very few ones i'll actually be able to make :)
#
raucao
leaving again today, just came back from pdx two days ago, but coming back next friday
#
sknebel
and since we are only ~5 people we can't really ask for a space where they'll have to keep an employee around just for us, which excludes many companies that offer spaces for meetups
#
raucao
as it's my own company, i think they'll be fine with it :D
#
raucao
have to catch a train now, but adding a task for asking about that date (sometimes other companies in our shared office need the space, too)
#
sknebel
yeah. starbucks works surprisingly well (empty enough, relatively quiet (was the problem with other cafes in the evening), but an alternative every now and then would be great
#
sknebel
cool, thank you
#
sknebel
I'm around IRC most of the time, or e-mail me at any mailaddress at svenknebel.de
#
sknebel
(catchall :P)
#
raucao
alright, will do
#
raucao
laterz
j12t joined the channel
#
calumryan.com
edited /Events (-56) "/* July */ Date change for Meet the TAG"
(view diff)
j12t joined the channel
#
petermolnar.net
edited /PESOS (+344) "/* IndieWeb Examples */"
(view diff)
#
petermolnar.net
edited /500px (+594) "adding criticism to 500px"
(view diff)
#
@kevinmarks
@odtorson Have a look at https://indieauth.com for a way of binding OAuth to a site you control
(twitter.com/_/status/880724352211308544)
j12t and j_juran joined the channel
#
Zegnat
ben_thatmustbeme, I just pushed some of the bug fixes we discussed yesterday to selfauth. New signing code up later today, I hope, if I get it running on my own site the way I want it to run
#
sknebel
Zegnat: signing code = hmac etc? then I shouldn't try to do that today as well :P
#
sknebel
(was on my todo list)
#
Zegnat
Yes, I was working on hmac yesterday
#
Zegnat
But ran into other problems with the selfauth code.
#
Zegnat
So I paused my HMAC’ing and switched to strict parameter validation: https://gist.github.com/Zegnat/e6fa541a7226e18f95b4231a51423925
#
Zegnat
selfauth is my main todo item today, because I want to start using it myself. If you don’t want to do double work, maybe do something else today ;)
#
sknebel
ok. If you want me to review something, say so
#
sknebel
(otherwise I'll do it once its in)
#
sknebel
I really ahve to improve my posting situation
#
sknebel
that should have higher priority
#
sknebel
cause I optimized everything to use micropub... and then found that my ideas and existing clients are in annoying disagreement :/
#
Zegnat
This is starting to look like a pretty big rewrite of parts of selfauth to get more scrutiny in and use proper expiring signed tokens (no “5 to 10 minutes” validity, just 5, or 10). So it will go in a branch when I push it, I’ll request review from everyone then :)
j_juran and j12t joined the channel
#
Zegnat
sknebel, how does this signature sound for the HMAC enabled code generation: https://gist.github.com/Zegnat/c22fea3c368217df2620654d90b7ca30 ?
#
Zegnat
Nice thing is, we can also use it for the CSRF, so that gets rid off the double functions
#
Zegnat
sknebel: if you want to review https://gist.github.com/Zegnat/c22fea3c368217df2620654d90b7ca30 (not timing attack safe again, known issue)
#
Zegnat
No error checking in the functions, but didn’t want to include loads of type checks etc. Not really important as long as we use them right
#
sknebel
seems ok
#
Zegnat
Good. It is so easy to miss something that trips up the value of the signing, always appreciate the extra set of eyes
#
ben_thatmustbeme
is === safe to use there, i don't know the exact difference vs hash_equals
#
ben_thatmustbeme
ick, n/m hash_equals is 5.6+
#
ben_thatmustbeme
you could check for hash_equals and use that if its available
#
sknebel
PHP really has a crypto evolution. 5.6 finally has a lot of basics, 7.2 is going to be really good
#
sknebel
(even compared to other languages)
singpolyma joined the channel
#
ben_thatmustbeme
while i want to support < 5.6 i think its worth it to do the tests for if function_exists
#
ben_thatmustbeme
support <5.6 but prefer safer functions
#
Zegnat
ben_thatmustbeme, no, === is not safe. That’s why I said not timing-attack safe. hash_equals is really the only correct way. We could either do bitwise comparison ourselves, or use hash_equals when available and become non-safe as fallback :(
#
Zegnat
There is a new issue for merging the HMAC branch now. Please put comments there so we can address them :)
j12t and arush1 joined the channel
#
ben_thatmustbeme
woohoo \o/ validator.jf2.rocks now supports jf2 feeds
#
ben_thatmustbeme
also, its unit tested, so if anyone wants to throw any additional tests in there, can mass test them with the validator :)
#
ben_thatmustbeme
which also tests the validator
#
schmarty
ben_thatmustbeme++ woo!
#
Loqi
ben_thatmustbeme has 13 karma in this channel (243 overall)
#
Zegnat
ben_thatmustbeme, both your review comments have been addressed. I am not sure how I can GitHub that :/
jonnybarnes joined the channel
#
petermolnar
(PHP 5.6, maybe in WordPress in <10 years)
#
Zegnat
aaronpk, is there a reason why IndieAuth.com OpenID does not work with my authorization endpoint? “Sign in to /openid/complete” does its thing, lets me pick my own auth URL, but then sends me to https://indieauth.com/ instead of the place I was trying to login to (StackExchange)
#
aaronpk
did you delegate to openid.indieauch.com?
#
Zegnat
Login with email as method works fine
#
aaronpk
i will have to take a look
#
Zegnat
It is specific to OpenID handling though, because I can correctly authenticate to the wiki through indieauth.com
#
petermolnar.net
edited /why (+238) "/* Avoiding problems */"
(view diff)
#
ben_thatmustbeme
Zegnat++ huge improvement
#
Loqi
zegnat has 18 karma in this channel (104 overall)
#
Zegnat
I’ll wait for sknebel’s review and then merge if no problems come to light :)
#
petermolnar
aaronpk shall I register indieauch.com ? ;) (typo powa)
#
ben_thatmustbeme
Zegnat: sknebel approved, good to merge
#
Zegnat
yes, I was just on my way to hit the big green button
#
Zegnat
Hmm, maybe I should have done the merge locally so GitHub wouldn’t add the “extra” commit. I am always a little confused by merge workflows.
#
sknebel
also just changed the secret generation (was hashed unnecessarily), now that should be ok as well
#
ben_thatmustbeme
nah, its fine, i think people over focus on those extra merge commits
#
sknebel
and for larger changes it's nice to have the context to look up
#
Zegnat
Hmm, aaronpk, odd. Telegraph seems to use https://github.com/indieweb/indieauth-client-php which should support both JSON- and form-encoded. So Accept header should not be creating the issue :/
#
Loqi
[indieweb] indieauth-client-php: Sample implementation and helper methods for an IndieAuth client.
#
aaronpk
Zegnat: it's possible telegraph is using an old version of that library
#
aaronpk
looks like it's using 0.1.14 of indieauth-client-php
#
aaronpk
JSON response handling in indieauth-client-php was added in 0.2
#
Zegnat
Aaah, that’ll be it then. Want me to file an issue with that?
#
aaronpk
yes plz
#
aaronpk
needs to make a dependency tree of all his projects so he doesn't forget to update projects that use libraries like this
#
Zegnat
I just filed one re: accept header on the indieauth-client-php project, that’s better than on Telegraph.
#
aaronpk
great. sounds like i have some work to do : )
#
aaronpk
first i gotta send this post-IWS update and post all my photos
#
Zegnat
I might do a PR for the client one later, depending on how the rest of my day goes
#
Zegnat
Issues files
#
sknebel
beat me by 20s
#
sknebel
ben_thatmustbeme: Zegnat: what PHP versions do you want to target? PHP5.3+?
j12t joined the channel
#
sknebel
I saw you talking about it, but don't remember the result
#
Zegnat
I think we said 5.4+
#
ben_thatmustbeme
either of those is fine with me
#
Zegnat
Although I think everything we have right now works for 5.3 too?
#
ben_thatmustbeme
i believe so
#
ben_thatmustbeme
though i want to make sure to strongly recommend 5.6
#
Zegnat
Maybe setup.php should show a warning for version < 5.6
#
ben_thatmustbeme
i thought of that, but setup.php still works after its been generated, which means you are just leaking that info out
#
aaronpk
setup.php should stop working after the config file exists
#
Zegnat
oh, sknebel, mt_rand() is not a Byte[] output, I believe. So not sure what bin2hex() is going to have for effect there... did you test?
#
ben_thatmustbeme
setup.php already has a $configured bool, so can just use to not have it do anything if it is configured
#
ben_thatmustbeme
maybe just say that to reconfigure, remove the config file
#
Zegnat
That makes sense to me, ben_thatmustbeme :)
#
sknebel
Zegnat: oops, I trusted that what was there before worked, and md5 also has string input :/
#
Zegnat
Well, I think technically all Byte[] blobs are string in PHP, because it doesn’t have any other representation.
#
Zegnat
But it might include garbage like null-bytes, which is why you don’t often want to use those byte-string-blob-things
#
Zegnat
So md5() makes them ... “safe” ? :p And md5() can of course be applied to the int that comes out of mt_rand()
#
sknebel
Zegnat: md5 and bin2hex per docs both take strings as input?
#
Zegnat
I will have to do some testing before I feel comfortable with giving a solution off the top off my head though
#
Zegnat
bin2hex(mt_rand()) might turn into an extremely short key (not that md5(mt_rand()) was incredibly safe)
#
sknebel
Zegnat: true, missed that...
#
sknebel
should really generate multiple numbers and combine them
#
Zegnat
No problem, that’s why there are collaborators on the project!
#
Zegnat
I am looking into the generating now, and testing their outputs.
#
sknebel
if we are 5.3+ we don't need that case, do we?
#
sknebel
or is the openssl random not gueranteed to be compiled in?
#
ben_thatmustbeme
openssl_random is not guaranteed i don't believe
#
Zegnat
Not guaranteed to be compiled. Probably especially true for 5.3 servers.
#
sknebel
I don't like all that either
#
sknebel
tempted to go the JS route in that case
#
sknebel
ok, openssl_random_bytes is also broken in <5.6
#
aaronpk
5.6 really is where php starts getting good huh
#
sknebel
tempted to go tell people with worse PHP to go use indieauth.com
#
Zegnat
Thing is, that requires silos ;)
#
Zegnat
Writing commit for mt_rand "fix"
#
sknebel
Zegnat: forcepush that over, my commit shouldn't exist :P
#
Zegnat
Hahahaha
#
Loqi
hehe
#
sknebel
(srsly, such a noob mistake)
#
Zegnat
I don’t like rewriting commit history
#
Zegnat
Slippery slope :p
#
sknebel
me neither, but I also don't like crap like that public
#
sknebel
so I don't mind wiping stuff at the top all that much
#
sknebel
(we should maybe show a message "roll 60d16, put here")
#
sknebel
its safer than what we are doing
#
ben_thatmustbeme
actually, wonder if we should tell people with <5.6 how to just generate an app key with something else
#
sknebel
yeah, that's basically the proposal
#
sknebel
or do it in the browser
#
aaronpk
it's not just the app key that's the problem though right? it's also generating random auth codes
#
sknebel
true, but those are at least time bound
#
Zegnat
I can’t figure out how to scrap your commit. For some reason I am being dumb with git today
#
Zegnat
no such thing as “random auth codes”. The codes are as secure as the key you use to sign them.
#
sknebel
I should stop talking
#
aaronpk
oh right you're doing signed codes
#
sknebel
clearly, brain no worky
#
Zegnat
We do now that HMAC has landed, aaronpk. Which is probably for the best
#
sknebel
ben_thatmustbeme: the more I think about it, I think having the user generate one is better
#
sknebel
show an error message about the version, ask to upgrade and if not possible generate a secret yourself and put it in
#
ben_thatmustbeme
i think its fine enough to tell them that its bad, but still offer up the bad version
#
ben_thatmustbeme
having something semi random is better than someone going "password1" thats pretty safe right?
#
ben_thatmustbeme
that way the lazy and outdated have semi-random, the outdated and non-lazy can generate good random, the updated get non-random
#
sknebel
yeah, interesting question
#
sknebel
browser random is also an option
#
Zegnat
Of course, sknebel, ben_thatmustbeme, feel free to review my key generation
#
ben_thatmustbeme
really needs to get back to work
#
Zegnat
Hahaha, sorry if we have been keeping you ben_thatmustbeme!
#
sknebel
Zegnat: RANDOM_BYTES_COUNT?
#
sknebel
not RANDOM_BYTES?
#
Zegnat
It was already there, or did I accidentally change the name?
#
sknebel
(in the loop)
#
ben_thatmustbeme
i probably did that
#
ben_thatmustbeme
not thinking
#
sknebel
in the loop the name is different thats all
#
Zegnat
I just used the constant that was there, sknebel. Only changed the value from 30 to 32, because I honestly cannot stand non-power-of-2-key-lengths
#
Zegnat
Oh, crap, that is a mistake!
#
Zegnat
goes to rewrite history one more time
#
sknebel
yeah, we shouldn't do this to often. and probably really use PRs for everything
#
ben_thatmustbeme
oh that, no, thats def a mistake
#
sknebel
from now on
#
aaronpk
speaking of constants, why is the default code expiration 1 year? https://github.com/Inklings-io/selfauth/commit/785b965e1bf19b1fad8dba36bf014eb777b55e9f
#
ben_thatmustbeme
everything passes a value for that anyway
#
ben_thatmustbeme
so its never actually used
#
aaronpk
i'd just drop the default then
#
Zegnat
It says RANDOM_BYTE_COUNT everywhere now
#
ben_thatmustbeme
sknebel: i thought you were talking about the name of the constant, i don't like naming constants the same as exisitng functions
#
Zegnat
Oh, yeah, that default is mostly there because that is how I designed the initial signature for those functions
#
ben_thatmustbeme
i should have thought of that on code review
#
Zegnat
I.e. to use the functions you do not require to set a ttl. But everywhere we use the functions we want to explicitly set them.
#
Zegnat
Functions were designed with testing and reusability in mind. That is also why they want the key as argument, and not just use the key constant internally.
#
Loqi
agreed.
#
Loqi
you're welcome
#
martymcgui.re
edited /User:Martymcgui.re (+364) "/* Itches */ antennapod + gpodder as possible /listen automation?"
(view diff)
#
martymcgui.re
edited /User:Martymcgui.re (+72) "/* Itches */ add gpodder events API doc link"
(view diff)
[cleverdevil], gRegorLove, [miklb] and dougbeal|mb1 joined the channel
#
sknebel
heh, analyzing full indiemap on bigquery is stressful. 1 TB of processing per month is free, one query is 331 GB
tantek joined the channel
#
petermolnar
331GB of what?
#
sknebel
data in bigquery it has to look at
#
petermolnar
but... what is in there?
#
sknebel
all the results from snarfeds indiemap project. metadata for all the pages he crawled
#
tantek
what is hwc berlin?
#
Loqi
It looks like we don't have a page for "hwc berlin" yet. Would you like to create it?
#
tantek
HWC Berlin is 2017/Berlin
#
loqi.me
created /HWC_Berlin (+53) "prompted by tantek and dfn added by tantek"
(view diff)
#
sknebel
thats IWC...
#
tantek
fixes
#
tantek.com
edited /Homebrew_Website_Club (+22) "/* San Francisco */ update our organizers in case someone actually tries to get in touch directly"
(view diff)
#
aaronpk
launches adobe lightroom to edit IWS photos
#
aaronpk
sees "publish to flickr" option
#
aaronpk
wonders what it would take to write a publish via micropub option
#
sknebel
oh, nvm, I misread bigquery docs. that's only if you really touch all columns
j12t joined the channel
#
tantek.com
edited /MediaWiki:Sidebar (+24) "next hwc, 2017 videos"
(view diff)
#
aaronparecki.com
edited /Events (-8) "s/indiewebcamp.com/indieweb.org"
(view diff)
snarfed joined the channel
#
snarfed
hey sknebel, glad you're playing with the indiemap data! happy to help if you have any q's
#
tantek.com
edited /Tom_Sawyering (+436) "note what Tom did vs broader definition"
(view diff)
#
snarfed
btw if you want to avoid the bigquery quota, you can always download the data and work with it locally. e.g. the social graph data is just 100MB. http://www.indiemap.org/docs.html#social-graph-data
#
sknebel
got it down to 12 GB per query, thats more manageable once I understood it bills per column
#
sknebel
right now trying to answer how many sites support homepage webmentions
#
snarfed
ooh interesting
#
snarfed
i also wonder how many advertize the endpoint on home page but don't actually accept them. but still, it's a good start to look!
#
sknebel
right now trying to figure out known sites... they seem to have the authorative h-card on a profile url, so that gets billed as the homepage, but that's probably not what I'D try to webmention.
#
sknebel
and yes, thats the next question
#
snarfed
i'm really glad indiemap can (hopefully) answer questions like these
#
gRegorLove
indiemap helped me rediscover this joke when I saw h-peep in the list of my mf2: https://gregorlove.com/2014/07/almost-forgot-this-proposed-specification/
#
Loqi
[gRegor Morrill] Almost forgot this proposed specification: The class h-peep is a root class name that indicates the presence of a marshmallow chick. Properties: p-name: The name of the marshmallow chick. p-color: The color of the marshmallow chick. p-location...
#
snarfed
ahahahaha awesome
#
Loqi
hahaha
#
tantek
just glad benwerd is not here to implement that :P
#
gRegorLove
It's implemented on that link ^
#
tantek
no I mean with a UX and everything like he does
#
ben_thatmustbeme
lol, thats excellent gRegorLove
#
Loqi
h-peep has 1 karma
#
ben_thatmustbeme
snarfed: better get crawling again, you have a lot more mf2 to pull in
#
ben_thatmustbeme
all of mastodon
#
tantek
whoa really? as of when?
#
tantek
did a recent deployment happen?
#
ben_thatmustbeme
no, i just don't think he touched any of it before
#
snarfed
i definitely knew there were many more sites with mf2 than i included
#
gRegorLove
Do we know approximately how many of the mastodon instances have it?
#
ben_thatmustbeme
they are up to approx 37 M toots
#
snarfed
mastodon++
#
Loqi
mastodon has 1 karma
#
ben_thatmustbeme
they don't list versions on the instance list :/
#
ben_thatmustbeme
ahh, its on the /about/more page for them all
[colinwalker] joined the channel
#
[colinwalker]
Snarfed: re advertising the webmention endpoint on the homepage but not accepting them, the WordPress plugin does this by default even if homepage mentions are not turned on in the options.
#
ben_thatmustbeme
probably most of them, they have had some form of mf2 in the tree since january
#
ben_thatmustbeme
and i fixed the mf2 in april
#
ben_thatmustbeme
so anything after 1.1.2 has my fixes, and they are on 1.4.6 now
#
sknebel
do they have robots.txt normally?
#
ben_thatmustbeme
they look to have a default that is commented out
#
ben_thatmustbeme
so unless they specifically disallow it
[eddie] joined the channel
#
[colinwalker]
Submitted an issue about advertising the endpoint.
#
snarfed
ben_thatmustbeme: just noticed your post about expanding mastodon to federate with indieweb: http://ben.thatmustbe.me/note/2017/6/26/2/m
#
Loqi
[Ben Roberts] Mastodon and the Indieweb
#
snarfed
i've been interested in bridging ostatus and indieweb too. we had a good session at IWS on it: http://indieweb.org/2017/ostatusbridge
#
snarfed
happy to talk more if you're interested!
#
ben_thatmustbeme
I heard a summary of that talk on the community group telcon last week
#
ben_thatmustbeme
not quite sure how the AP side would work
#
ben_thatmustbeme
but ideally i was thinking more of building in webmention receiving to mastodon
#
snarfed
yeah i'm less familiar with activitypub than ostatus
#
ben_thatmustbeme
thats basically why sandro set up w3c.social
#
tantek
indeed, better to directly add building blocks support to Mastodon
#
tantek
I bet that's easier to code too, rather than going through ostatus abstractions
#
snarfed
right. you all are thinking of getting mastodon to do indieweb. i'm thinking of a third party bridge to translate between the two
#
snarfed
definitely ideal if mastodon supports indieweb. the nice part of a bridge is that it would also support gnu social, identica, status.net, etc
#
snarfed
we can push on both directions
#
snarfed
ben_thatmustbeme: i'm still not that familiar with mastodon. is there any way i can see the global timeline on https://w3c.social/ without creating an account?
#
aaronpk
i think kevinmarks made a thing for htat
#
aaronpk
there's an API for it but nothing in the UI
#
aaronpk
i should really generate thumbnails for photos in my album posts
#
ben_thatmustbeme
based on the list of instances back in april, it looks like the most you would see would be 4 or 5 instances that might not have MF2
#
ben_thatmustbeme
it seems really likely that every mastodon instance has mf2
snarfed joined the channel
#
snarfed
(also re ease of coding, granary already does AS1 => mf2, so that part wouldn't really add any implementation burden)
#
ben_thatmustbeme
from that old list, those that are not down are all well above the version that had mf2 added
#
ben_thatmustbeme
the biggest issue is that mastodon (and others) have no way to actually refer to URLs as people rather than account uris
#
snarfed
ben_thatmustbeme: i don't follow. do you mean mastodon doesn't have user profile pages?
#
ben_thatmustbeme
in the UI, i can say @user@host to refer to someone
#
ben_thatmustbeme
in other software i can say user@host
#
petermolnar
you mean in email
#
tantek
or ssh
#
tantek
user@host is text UI convention across unix tools
#
petermolnar
because it makes sense
#
tantek
beyond email, that was my point
#
petermolnar
I get it and agreeing
#
Loqi
[Ben Roberts] ben.thatmustbe.me <does this get translated to a proper link? https://ben.thatmustbe.me/ < does this? want to just test this quick to see if just adding webmention sending to mastodon would do all of the federation TO indieweb that is needed
#
ben_thatmustbeme
so if you type https:// it linked, without that it didn't
#
ben_thatmustbeme
so just sending webmentions on every toot would work for http:// and https:// links
#
tantek
what is a toot
#
Loqi
It looks like we don't have a page for "toot" yet. Would you like to create it?
#
tantek
what is a boost
#
Loqi
It looks like we don't have a page for "boost" yet. Would you like to create it?
snarfed joined the channel
#
www.boffosocko.com
edited /News_Genius (+111) "Blocker plugin for Known"
(view diff)
#
Zegnat
snarfed, re wm advertising but not accepting, I think your site was in that category
#
snarfed
Zegnat: yup!
#
Zegnat
Ran into that today ;) http://imgur.com/poW49RF
#
tantek
what does the red x mean?
#
aaronpk
no webmention endpoint found
#
aaronpk
er, webmention failed
#
tantek
Zegnat: that makes no sense for my site since I'm "just" delegating to webmention.io and pretty sure it handles homepage mentions
#
aaronpk
yellow is no endpoint found
#
aaronpk
tantek: yours likely failed because sometimes xray has trouble fetching Zegnat's site
#
Zegnat
Oh, that could be it too
#
Zegnat
shakes fist in Google’s general direction
#
gregorlove.com
edited /baby-dont-hurt-me (+0) "new youtube link; old one died"
(view diff)
#
tantek
youtube don't hurt me
#
snarfed
hrm afaik the app engine http fetching problems were ssl, right? which tantek.com isn't
#
aaronpk
other way
#
aaronpk
tantek is receiving
#
aaronpk
webmention.io fetches zegnat's site
#
aaronpk
occasionally gets timeout errors
#
snarfed
wait webmention.io is on app engine? or telegraph?
#
aaronpk
it's ... complicated
#
snarfed
lol ok
#
snarfed
apologies in any case
#
aaronpk
webmention.io is a ruby app on a VPS, but when it fetches pages it uses xray,p3k.io's API
#
aaronpk
xray.p3k.io is on appengine
#
snarfed
ahhh ok
#
aaronpk
i did that because the ruby parser wasn't good enough to use at the time
#
schmarty
remembers something about appengine timeouts related to IPv6?
#
www.boffosocko.com
edited /annotation (+736) "additional posts on annotation by Audrey Watters and Jon Udell"
(view diff)
#
Zegnat
I think Uberspace has me on both HTTPS and IPv6. Whatever the actual hick-up is, GAE doesn’t like it :/
#
aaronpk
checked the response from telegraph
#
aaronpk
do we have a recommendation for what a webmention sender should do if the webmention POST returns a 301 or 302?
#
Zegnat
Not in the W3 spec that I can see, aaronpk
#
Zegnat
“Any 2xx response code must be considered a success.” - nothing on any other code, it seems
#
aaronpk
then HTTP rules would apply
#
aaronpk
isn't there a 3xx code that says try the post again at a new URL?
#
Zegnat
It should do that with 301, right?
KartikPrabhu joined the channel
#
aaronpk
http 307
#
aaronpk
or 308
#
tantek
what about 309?
#
aaronpk
wait am i getting that backwards? wikipedia is confusing
#
tantek
if there was a 309, that's what I would return from /8675
#
aaronpk
trololol
#
Zegnat
There is no 309, not even according to wikipedia
#
Zegnat
You could still return that code number though, if your server allows it
#
aaronpk
okay yeah, HTTP 308 is a redirect that does not allow the HTTP method to change
#
Zegnat
“This and all future requests should be directed to the given URI.” - is the description on Wikipedia for 301, which made it sound to me that *this* (aka the current) request should be aimed at the new URI. That suggested to me that a POST should be re-POST-ed
#
Zegnat
But the new 308/309 explicitly state not the change the method, so you are right, aaronpk
#
loqi.me
created /309 (+120) "prompted by tantek and dfn added by tantek"
(view diff)
#
aaronpk
Zegnat: i think what happened was people were returning 301/302 from a POST request in a browser after a form is submitted in order to redirect to the page that was just created, so browsers implemented the next request as a GET
#
aaronpk
and then they had to add 307/308 later to compensate for that behavior
#
Zegnat
That makes sense aaronpk! I can totally see how 301/302 were *meant* to repeat the POST but never did because of use.
#
loqi.me
edited /309 (+28) "/* See Also */ new section"
(view diff)
#
tantek.com
edited /create (+358) "/* Facebook */ subheads, add FB create new feature"
(view diff)
#
loqi.me
edited /309 (+32) "ben_thatmustbeme added "http://ben.thatmustbe.me/8675" to "See Also""
(view diff)
#
GWG
When would the webmention source URL and the url property of it's h-entry not match?
#
snarfed
GWG: bridgy
#
aaronpk
and ownyourswarm
#
Zegnat
ben_thatmustbeme is "Do Not Change Your Number" the official error message for 309? ;)
#
GWG
Good points
#
ben_thatmustbeme
notice the title?
#
tantek
Zegnat there are a variety of valid options for the BODY of the HTTP response
#
Zegnat
I noticed. But your site didn’t seem to sent any actual message in the HTTP header
#
Zegnat
At least not according to my browser
#
Zegnat
I am mostly wondering about the HTTP header, tantek
#
Zegnat
HTTP/1.1 309 something
#
loqi.me
created /XClacksOverhead (+237) "prompted by petermolnar and dfn added by petermolnar"
(view diff)
#
tantek
the response code has no other requirements about the header
#
Zegnat
True, but most will give you a message
#
snarfed
oh hey aaronpk while you're here, did you see the vouch + u-url discussion from the other day? https://chat.indieweb.org/2017-06-28#t1498674079712000
#
loqi.me
edited /309 (+27) "aaronpk added "https://aaronpk.com/8675" to "See Also""
(view diff)
#
Loqi
[snarfed] hey vouch contributors (aaronpk tantek gRegorLove ben_thatmustbeme) have any of you thought about how it should interpret and handle u-url vs webmention source url?
#
snarfed
low priority, just probably still an open question
#
tantek
oh you mean the informal name for the return code
#
Zegnat
“reason phrases” is apparently what those are called
#
gregorlove.com
edited /309 (+55) "IndieWeb Examples, +me"
(view diff)
#
tantek
Zegnat, for 309, I believe that is "Eee Iye Eee Iye Yun",e.g. "309 Eee Iye Eee Iye Yun"
#
tantek
309 << Reason Phrase: "Eee Iye Eee Iye Yun", e.g. "309 Eee Iye Eee Iye Yun"
#
loqi.me
edited /309 (+71) "tantek added "Reason Phrase: "Eee Iye Eee Iye Yun", e.g. "309 Eee Iye Eee Iye Yun"" to "See Also""
(view diff)
#
Loqi
ok, I added "Reason Phrase: "Eee Iye Eee Iye Yun", e.g. "309 Eee Iye Eee Iye Yun"" to the "See Also" section of /309
#
Zegnat
Going with that, tantek!
#
loqi.me
edited /309 (+42) "aaronpk added "https://aaronparecki.com/2017/06/30/10/" to "See Also""
(view diff)
[chrisaldrich] joined the channel
#
gRegorLove
I made mine HTTP/1.1 309 Jenny, before I'd seen this
#
aaronpk
mine is HTTP/1.1 309 Don't Change Your Number
#
aaronpk
and then redirects to my phone number
#
gRegorLove
Nice! Mine is a picture of Jenny from Forrest Gump
#
loqi.me
edited /309 (+35) "Zegnat added "http://vanderven.se/martijn/8675" to "See Also""
(view diff)
Billbennettnz joined the channel
#
j_juran
HTTP/1.1 309 For A Good Time, Call
#
ben_thatmustbeme
i could do that, but its an extra step or two to return custom http fields
#
ben_thatmustbeme
found that out with 449
#
ben_thatmustbeme
j_juran: whats you github handle?
#
ben_thatmustbeme
ehh, too late
#
j_juran
ben_thatmustbeme: jjuran
#
j_juran
oh
#
ben_thatmustbeme
didn't see you on irc-people
#
j_juran
I’m new here
tantek joined the channel
#
cleverdevil.io
edited /309 (+30) "/* IndieWeb Examples */"
(view diff)
j12t and tantek joined the channel
#
aaronpk
gRegorLove: indiewebify.me should be auto deploying from master. Is something missing?
#
Loqi
[gRegorLove] #64 Add /rel-me-check URL that returns more detailed information
#
gRegorLove
Though the one you merged doesn't seem to be live on the site. Changed some colors in it.
#
gRegorLove
Let me double-check that though
#
gRegorLove
aaronpk: yeah, among other things I moved inline CSS to a separate file. It's still showing inline here: view-source:https://indiewebify.me/
#
gRegorLove
Slightly darker buttons / links for better contrast in that pr too
#
aaronpk
huh this shows the tests passed and that it deployed: https://travis-ci.org/indieweb/indiewebify-me/builds/241873162
#
aaronpk
my appengine logs show that it's running the Jun 11th version
#
gRegorLove
huh weird
[kiai] joined the channel
#
gRegorLove
Did I update the wrong files? Though it worked on my dev copy, so that doesn't make sense
#
tantek.com
edited /bridge (+907) "expand dfn, and distinguish specific techniques"
(view diff)
#
aaronpk
i'm bumping to see if that deploys the new version
#
sebsel
hm, already having problems with logging in to Quill now because I don't send a me-param after the indieauth.
#
aaronpk
oh boy fix all the things
#
sebsel
add the me again and waits for the wikipage to be updated
#
sebsel
haha, yeah, I will file, no hurry :)
#
Loqi
rofl
#
aaronpk
luckily i mostly use the same client library for this so it should be a fix in one place then update all the dependencies
#
sebsel
hmz, so I do not have to file here?
#
aaronpk
add it to indieauth-client-php
#
Loqi
[aaronpk] IndieAuth-Client: Sample client app to authenticate against IndieAuth-enabled domains
#
Loqi
[indieweb] indieauth-client-php: Sample implementation and helper methods for an IndieAuth client.
#
aaronpk
whoa i dont' remember that other one
#
aaronpk
looks like i pulled out the login flow from quill into that as an example
#
sebsel
too many repo's ;)
#
aaronpk
gRegorLove: i apparently moved indiewebify.me off of appengine
#
aaronpk
updated :)
#
gRegorLove
Hah. That sounds familiar now that you mention it.
#
aaronpk
probably because we were having too many problems with appengine fetching URLs
tantek joined the channel
#
gRegorLove
aaronpk++ looks good!
#
Loqi
aaronpk has 60 karma in this channel (1369 overall)
davidmead joined the channel
#
snarfed
appengine-- bleh sorry all
#
Loqi
appengine has -1 karma in this channel (0 overall)
#
snarfed
or at least appenginephp--
snarfed, [grantcodes], [cleverdevil], KartikPrabhu, j12t, davidmead, jjuran and [eddie] joined the channel
#
sebsel
got my own token endpoint working :D
#
sebsel
storing tokens instead of JWT, so I can list them and revoke them as I please.
#
sebsel
still using JWT for the auth code tho.
#
sebsel
I had signed up for way to many nice looking Micropub things ;)
#
grant.codes
uploaded /File:facebook-recommentations-map-pin.png "Facebook UI of a recommendations request post with recommendation pin on map https://indieweb.org/File:facebook-recommentations-map-pin.png"
snarfed joined the channel
#
grant.codes
created /recommendation (+1090) "Created page with "A <dfn>recommendation</dfn> is a type of post that provides a suggestion to another person. ==Facebook Example== Facebook has a UI for requesting recommendations from friends w...""
(view diff)
#
[grantcodes]
what is a recommendation?
#
Loqi
A recommendation is a type of post that provides a suggestion to another person https://indieweb.org/recommendation