#tantekhe's written several longer pieces I think too, about how all tech companies need to switch ASAP to 30day logs max for anything web related, and anonymized if possible
AngeloGladding and KartikPrabhu joined the channel
#raucaoso, i was looking into sending webmentions from huginn, but i don't yet understand how that works. if the original page is not an indieweb site, how to i transport the actual like/repost/etc?
#raucao(want to send webmentions to known for mastodon favs/boosts)
barpthewire, KevinMarks and KevinMarks_ joined the channel
#sknebelthe mastodon instance needs the necessary microformats for known to parse
#sknebelI know mastodon has some mf2 by now, not sure how much
#sknebelbetahaus cafe was nice, but now they close really early
#raucaoi'll ask about that date, because it's one of the very few ones i'll actually be able to make :)
#raucaoleaving again today, just came back from pdx two days ago, but coming back next friday
#sknebeland since we are only ~5 people we can't really ask for a space where they'll have to keep an employee around just for us, which excludes many companies that offer spaces for meetups
#raucaoas it's my own company, i think they'll be fine with it :D
#raucaohave to catch a train now, but adding a task for asking about that date (sometimes other companies in our shared office need the space, too)
#sknebelyeah. starbucks works surprisingly well (empty enough, relatively quiet (was the problem with other cafes in the evening), but an alternative every now and then would be great
#Zegnatben_thatmustbeme, I just pushed some of the bug fixes we discussed yesterday to selfauth. New signing code up later today, I hope, if I get it running on my own site the way I want it to run
#sknebelZegnat: signing code = hmac etc? then I shouldn't try to do that today as well :P
#Zegnatselfauth is my main todo item today, because I want to start using it myself. If you don’t want to do double work, maybe do something else today ;)
#sknebelok. If you want me to review something, say so
#sknebelcause I optimized everything to use micropub... and then found that my ideas and existing clients are in annoying disagreement :/
#ZegnatThis is starting to look like a pretty big rewrite of parts of selfauth to get more scrutiny in and use proper expiring signed tokens (no “5 to 10 minutes” validity, just 5, or 10). So it will go in a branch when I push it, I’ll request review from everyone then :)
#Zegnatben_thatmustbeme, no, === is not safe. That’s why I said not timing-attack safe. hash_equals is really the only correct way. We could either do bitwise comparison ourselves, or use hash_equals when available and become non-safe as fallback :(
#ZegnatThere is a new issue for merging the HMAC branch now. Please put comments there so we can address them :)
j12t and arush1 joined the channel
#ben_thatmustbemewoohoo \o/ validator.jf2.rocks now supports jf2 feeds
#ben_thatmustbemealso, its unit tested, so if anyone wants to throw any additional tests in there, can mass test them with the validator :)
#Zegnataaronpk, is there a reason why IndieAuth.com OpenID does not work with my authorization endpoint? “Sign in to /openid/complete” does its thing, lets me pick my own auth URL, but then sends me to https://indieauth.com/ instead of the place I was trying to login to (StackExchange)
#sknebelin the loop the name is different thats all
#ZegnatI just used the constant that was there, sknebel. Only changed the value from 30 to 32, because I honestly cannot stand non-power-of-2-key-lengths
#ZegnatI.e. to use the functions you do not require to set a ttl. But everywhere we use the functions we want to explicitly set them.
#ZegnatFunctions were designed with testing and reusability in mind. That is also why they want the key as argument, and not just use the key constant internally.
#snarfedi also wonder how many advertize the endpoint on home page but don't actually accept them. but still, it's a good start to look!
#sknebelright now trying to figure out known sites... they seem to have the authorative h-card on a profile url, so that gets billed as the homepage, but that's probably not what I'D try to webmention.
#Loqi[gRegor Morrill] Almost forgot this proposed specification:
The class h-peep is a root class name that indicates the presence of a marshmallow chick.
Properties:
p-name: The name of the marshmallow chick.
p-color: The color of the marshmallow chick.
p-location...
#[colinwalker]Snarfed: re advertising the webmention endpoint on the homepage but not accepting them, the WordPress plugin does this by default even if homepage mentions are not turned on in the options.
#snarfedben_thatmustbeme: i'm still not that familiar with mastodon. is there any way i can see the global timeline on https://w3c.social/ without creating an account?
#Loqi[Ben Roberts] ben.thatmustbe.me <does this get translated to a proper link?
https://ben.thatmustbe.me/ < does this? want to just test this quick to see if just adding webmention sending to mastodon would do all of the federation TO indieweb that is needed
#ben_thatmustbemeso if you type https:// it linked, without that it didn't
#ben_thatmustbemeso just sending webmentions on every toot would work for http:// and https:// links
#Zegnat“This and all future requests should be directed to the given URI.” - is the description on Wikipedia for 301, which made it sound to me that *this* (aka the current) request should be aimed at the new URI. That suggested to me that a POST should be re-POST-ed
#ZegnatBut the new 308/309 explicitly state not the change the method, so you are right, aaronpk
#loqi.mecreated /309 (+120) "prompted by tantek and dfn added by tantek" (view diff)
#aaronpkZegnat: i think what happened was people were returning 301/302 from a POST request in a browser after a form is submitted in order to redirect to the page that was just created, so browsers implemented the next request as a GET
#aaronpkand then they had to add 307/308 later to compensate for that behavior
#ZegnatThat makes sense aaronpk! I can totally see how 301/302 were *meant* to repeat the POST but never did because of use.
#loqi.meedited /309 (+27) "aaronpk added "https://aaronpk.com/8675" to "See Also"" (view diff)
#Loqi[snarfed] hey vouch contributors (aaronpk tantek gRegorLove ben_thatmustbeme) have any of you thought about how it should interpret and handle u-url vs webmention source url?
#snarfedlow priority, just probably still an open question
#tantekoh you mean the informal name for the return code
#Zegnat“reason phrases” is apparently what those are called
#gRegorLoveaaronpk: yeah, among other things I moved inline CSS to a separate file. It's still showing inline here: view-source:https://indiewebify.me/
#gRegorLoveSlightly darker buttons / links for better contrast in that pr too
#grant.codescreated /recommendation (+1090) "Created page with "A <dfn>recommendation</dfn> is a type of post that provides a suggestion to another person. ==Facebook Example== Facebook has a UI for requesting recommendations from friends w..."" (view diff)