#dev 2017-06-30

2017-06-30 UTC
#
gRegorLove AngeloGladding: colinwalker builds a blogroll directory based on webmentions he's received: https://colinwalker.blog/directory/
j_juran and davidmead joined the channel
#
AngeloGladding gRegorLove: thanks and do you manually curate https://gregorlove.com/following/
#
gRegorLove I do
#
gRegorLove It's kind of a proof-of-concept for Vouch. I don't require the vouch parameter with incoming webmentions, but have run tests with that list
#
AngeloGladding so both solutions are vouch related it seems
#
gRegorLove Colin's wasn't set up to be, afaik, but it could be used for that, yes.
#
gRegorLove I am interested in it as a /blogroll too, just haven't explored that much yet.
#
gRegorLove Are you interested in sending webmentions when you add people to the blogroll?
#
AngeloGladding yes
#
gRegorLove /follow might be more what you're looking for there
#
gRegorLove A /blogroll could just aggregate your /follow posts
#
ben_thatmustbeme aaronpk: sebsel, is that the 'me' in this part? http://indieweb.org/authorization-endpoint#Redirect_to_web_application
#
ben_thatmustbeme thats what i using for reference when implementing
#
AngeloGladding gRegorLove: I suppose I'm looking more to facilitate /friending but http://indieweb.org/follow#Follow_notifications is a good start -- thanks
#
gRegorLove Yeah, some of those terms overlap a bit
#
aaronpk ben_thatmustbeme: yeah in the redirect
#
aaronpk the funny thing is if you don't include it then it's even closer to the OAuth 2 spec
#
gregorlove.com edited /Planning () "(-1333) /* Completed */ rm section since all planning notes are archived. Note 2016/Düsseldorf didn't have planning notes here" (view diff)
#
ben_thatmustbeme should update the wiki with that change then
#
snarfed AngeloGladding: you may be interested in http://www.indiemap.org/ (blatant plug :P)
#
Loqi Indie Map is a public IndieWeb social graph and dataset. 2300 sites, 5.7M pages, 380GB HTML + mf2. Social graph API and interactive map...
#
aaronpk indiemap++
#
Loqi indiemap has 1 karma
#
AngeloGladding saw it, love it, great work!
#
AngeloGladding indiemap++
#
Loqi indiemap has 2 karma
j_juran, tantek and [miklb] joined the channel
#
GWG aaronpk, do you have any documentation of the fields you use for webmention.io for logging?
tantek joined the channel
#
dougbeal What is u-uid
#
Loqi u-uid is a microformats2 property for representing a unique identifier for the item, e.g https://indieweb.org/u-uid
#
tantek and the period definition terminator strikes again!
#
tantek (hence I end up using "like" instead of "e.g." in page definitions :) )
#
dougbeal What is a u-url
#
Loqi It looks like we don't have a page for "u-url" yet. Would you like to create it?
#
aaronpk Finding sentence terminators is hard
#
aaronpk GWG: what do you mean for logging?
#
aaronpk I think there is very little documentation of webmention.io in general tho so the answer is probably no
#
GWG aaronpk, trying to enhance webmentions in WordPress. No data kept on failures. Looking for ideas
#
aaronpk Ah gotcha
#
GWG Anything you can think of?
#
GWG Right now, we store source url, target url, target fragment, and creation time.
#
aaronpk If the webmention fails verification then nothing is kept in the logs past the short cache for the status URLs
#
GWG Short cache?
#
aaronpk It caches the URLs and timestamp in order to provide a status URL
#
GWG Okay
#
gRegorLove GWG: Here's the stuff I log: https://github.com/gRegorLove/ProcessWire-Webmention/blob/master/Webmention/Webmention.module#L643
#
GWG Response code is one I was thinking of adding
#
gRegorLove More logging in the receiveWebmention() method in that file, actually.
#
gRegorLove Yeah, http response code is a good one to log imo
#
tantek if you're going to log anything, have a plan / code for: 1) time window, i.e. only keep past n days, and 2) anonymizing by default
#
GWG tantek, anonomizing for what reason?
#
GWG What would be anonomized in a webmention log
#
tantek GWG, for all the reasons @pinboard has been tweeting about for ages
#
GWG I think I need to reread those.
#
GWG Retention I get.
#
tantek he's written several longer pieces I think too, about how all tech companies need to switch ASAP to 30day logs max for anything web related, and anonymized if possible
AngeloGladding and KartikPrabhu joined the channel
#
gregorlove.com edited /bicycling (-27) "r" (view diff)
#
gregorlove.com edited /Paw (+1) "link dfn" (view diff)
[miklb] joined the channel
#
@WendyandCharles ReadersGazette: BLOG Indie Author Answers by Jim Heskett http://www.thejugglingauthor.com/indieauth/ Get help writing your book #bookbloggers 89 (twitter.com/_/status/880389020894863361)
Billbennettnz and cweiske joined the channel
#
raucao so, i was looking into sending webmentions from huginn, but i don't yet understand how that works. if the original page is not an indieweb site, how to i transport the actual like/repost/etc?
#
raucao (want to send webmentions to known for mastodon favs/boosts)
barpthewire, KevinMarks and KevinMarks_ joined the channel
#
sknebel the mastodon instance needs the necessary microformats for known to parse
#
sknebel I know mastodon has some mf2 by now, not sure how much
#
sknebel raucao: mastodon should have the right mf2 already, was added here: https://github.com/tootsuite/mastodon/pull/1063/commits/d2ebd027f070ffd5fbd52e42abc1f9c4d9f5f66b
#
raucao oh sweet
#
raucao that makes it easy :)
#
sknebel at least for some cases. not sure if favorite is in it actually
#
raucao right, afaik those are actually not public
#
sknebel ah, ok. but repost and reply to are there
#
raucao except with reposts you can only find the MF on mastodon sites, not other ones
#
raucao until they also adopt mf
#
raucao i actually care mostly about favs and reposts, so one of those doesn't exist and the other one i often get from gnusocial instances
#
raucao but how does bridgy do it for e.g. fb/twitter then?
#
sknebel bridgy creates its own sites mirroring the content, with the correct markup
#
raucao but still links to the original on twitter
#
raucao so it must somehow communicate both, right?
#
sknebel oh, right
#
sknebel it creates on its own page a h-entry with u-url == the twitter post
#
raucao ah ok
#
raucao makes sense
#
raucao -ish :)
#
sknebel and people then whitelist bridgy in their site code to override it in display
#
sknebel occasionally you might even see the post attributed to bridgy, where they don't have special code for that case
#
raucao i didn't whitelist anything, it just sends webmentions to known and everything works
#
sknebel then known probably has that built in
#
raucao ok, so i will publish a mini html page to my public storage linking to mastodon then
#
raucao and not care about if the favs actually appear on the linked src url
#
raucao because that's obvious from the other html resource that is actually being parsed for the fav
#
sknebel example: if you look at comments on aarons site, you sometimes see "via brid-gy.appspot.com" next to it (e.g. at te bottom of https://aaronparecki.com/2016/10/08/15/multi-camera-portable-live-video)
#
Loqi [Aaron Parecki] Multi-Camera Portable Live Video Rig
#
sknebel and that links to the bridgy page
#
KartikPrabhu sknebel: I do that "via bridgy" thing too
#
raucao aha: this is what my known actually publishes: https://twitter.com/skddc/status/880481774962429953?known_from=https%3A%2F%2Fbrid-gy.appspot.com%2Flike%2Ftwitter%2Fskddc%2F880481774962429953%2F14339524
#
@skddc Finally checked out all the built-in Huginn agents, and it completely blew my mind. Infinite possibilities! https://github.com/huginn/huginn (twitter.com/_/status/880481774962429953)
#
raucao so there's a known_from url param
#
raucao doesn't appear in the spec tho
#
sknebel thats just some known internal thing, I don't think it has any special function
#
sknebel (outside of known)
#
raucao other than letting twitter know that i'm syndicating my content via bridgy :)
#
sknebel makes a note to talk about bridgy at next HWC Berlin
#
sknebel What is oEmbed?
#
Loqi oEmbed is a 2009-era JSON-based format for providing information to construct a link-preview of a page https://indieweb.org/oEmbed
cweiske joined the channel
#
raucao what is hwc berlin?
#
Loqi It looks like we don't have a page for "hwc berlin" yet. Would you like to create it?
#
sknebel homebrew website club
#
sknebel we talked about webmentions last time, and I should have explained the trick bridgy uses
#
sknebel so I'll add that next time
#
raucao oh nice, betahaus cafe
#
raucao my office is above that on the other side of the building :)
#
raucao wait, that was feb
#
sknebel raucao: you are in Berlin?
#
raucao > Starbucks Sony-Center
#
raucao is that actually in a starbucks cafe?
#
sknebel yes
#
raucao sometimes i am
#
sknebel it has been surprisingly difficult to find a space :/
#
raucao we have one
#
sknebel betahaus cafe was nice, but now they close really early
#
raucao i'll ask about that date, because it's one of the very few ones i'll actually be able to make :)
#
raucao leaving again today, just came back from pdx two days ago, but coming back next friday
#
sknebel and since we are only ~5 people we can't really ask for a space where they'll have to keep an employee around just for us, which excludes many companies that offer spaces for meetups
#
raucao as it's my own company, i think they'll be fine with it :D
#
sknebel heh
#
raucao have to catch a train now, but adding a task for asking about that date (sometimes other companies in our shared office need the space, too)
#
sknebel yeah. starbucks works surprisingly well (empty enough, relatively quiet (was the problem with other cafes in the evening), but an alternative every now and then would be great
#
sknebel cool, thank you
#
sknebel I'm around IRC most of the time, or e-mail me at any mailaddress at svenknebel.de
#
sknebel (catchall :P)
#
raucao alright, will do
#
raucao laterz
j12t joined the channel
#
calumryan.com edited /Events (-56) "/* July */ Date change for Meet the TAG" (view diff)
j12t joined the channel
#
petermolnar.net edited /PESOS (+344) "/* IndieWeb Examples */" (view diff)
#
petermolnar.net edited /500px (+594) "adding criticism to 500px" (view diff)
#
@kevinmarks @odtorson Have a look at https://indieauth.com for a way of binding OAuth to a site you control (twitter.com/_/status/880724352211308544)
j12t and j_juran joined the channel
#
Zegnat ben_thatmustbeme, I just pushed some of the bug fixes we discussed yesterday to selfauth. New signing code up later today, I hope, if I get it running on my own site the way I want it to run
#
sknebel Zegnat: signing code = hmac etc? then I shouldn't try to do that today as well :P
#
sknebel (was on my todo list)
#
Zegnat Yes, I was working on hmac yesterday
#
Zegnat But ran into other problems with the selfauth code.
#
Zegnat So I paused my HMAC’ing and switched to strict parameter validation: https://gist.github.com/Zegnat/e6fa541a7226e18f95b4231a51423925
#
Zegnat selfauth is my main todo item today, because I want to start using it myself. If you don’t want to do double work, maybe do something else today ;)
#
sknebel ok. If you want me to review something, say so
#
sknebel (otherwise I'll do it once its in)
#
sknebel I really ahve to improve my posting situation
#
sknebel that should have higher priority
#
sknebel cause I optimized everything to use micropub... and then found that my ideas and existing clients are in annoying disagreement :/
#
Zegnat This is starting to look like a pretty big rewrite of parts of selfauth to get more scrutiny in and use proper expiring signed tokens (no “5 to 10 minutes” validity, just 5, or 10). So it will go in a branch when I push it, I’ll request review from everyone then :)
j_juran and j12t joined the channel
#
Zegnat sknebel, how does this signature sound for the HMAC enabled code generation: https://gist.github.com/Zegnat/c22fea3c368217df2620654d90b7ca30 ?
#
sknebel works
#
Zegnat Nice thing is, we can also use it for the CSRF, so that gets rid off the double functions
#
Zegnat sknebel: if you want to review https://gist.github.com/Zegnat/c22fea3c368217df2620654d90b7ca30 (not timing attack safe again, known issue)
#
Zegnat No error checking in the functions, but didn’t want to include loads of type checks etc. Not really important as long as we use them right
#
sknebel seems ok
#
Zegnat Good. It is so easy to miss something that trips up the value of the signing, always appreciate the extra set of eyes
#
ben_thatmustbeme is === safe to use there, i don't know the exact difference vs hash_equals
#
ben_thatmustbeme ick, n/m hash_equals is 5.6+
#
ben_thatmustbeme you could check for hash_equals and use that if its available
#
sknebel PHP really has a crypto evolution. 5.6 finally has a lot of basics, 7.2 is going to be really good
#
sknebel (even compared to other languages)
singpolyma joined the channel
#
ben_thatmustbeme while i want to support < 5.6 i think its worth it to do the tests for if function_exists
#
ben_thatmustbeme support <5.6 but prefer safer functions
#
Zegnat ben_thatmustbeme, no, === is not safe. That’s why I said not timing-attack safe. hash_equals is really the only correct way. We could either do bitwise comparison ourselves, or use hash_equals when available and become non-safe as fallback :(
#
Zegnat There is a new issue for merging the HMAC branch now. Please put comments there so we can address them :)
j12t and arush1 joined the channel
#
ben_thatmustbeme woohoo \o/ validator.jf2.rocks now supports jf2 feeds
#
ben_thatmustbeme also, its unit tested, so if anyone wants to throw any additional tests in there, can mass test them with the validator :)
#
ben_thatmustbeme which also tests the validator
#
schmarty ben_thatmustbeme++ woo!
#
Loqi ben_thatmustbeme has 13 karma in this channel (243 overall)
#
Zegnat ben_thatmustbeme, both your review comments have been addressed. I am not sure how I can GitHub that :/
jonnybarnes joined the channel
#
petermolnar (PHP 5.6, maybe in WordPress in <10 years)
#
petermolnar (or not)
#
Zegnat aaronpk, is there a reason why IndieAuth.com OpenID does not work with my authorization endpoint? “Sign in to /openid/complete” does its thing, lets me pick my own auth URL, but then sends me to https://indieauth.com/ instead of the place I was trying to login to (StackExchange)
#
aaronpk did you delegate to openid.indieauch.com?
#
Zegnat Yes
#
Zegnat Login with email as method works fine
#
aaronpk :/
#
aaronpk i will have to take a look
#
Zegnat It is specific to OpenID handling though, because I can correctly authenticate to the wiki through indieauth.com
#
petermolnar.net edited /why (+238) "/* Avoiding problems */" (view diff)
#
ben_thatmustbeme Zegnat++ huge improvement
#
Loqi zegnat has 18 karma in this channel (104 overall)
#
Zegnat I’ll wait for sknebel’s review and then merge if no problems come to light :)
#
petermolnar aaronpk shall I register indieauch.com ? ;) (typo powa)
#
aaronpk lol
#
ben_thatmustbeme Zegnat: sknebel approved, good to merge
#
Zegnat yes, I was just on my way to hit the big green button
#
Zegnat Hmm, maybe I should have done the merge locally so GitHub wouldn’t add the “extra” commit. I am always a little confused by merge workflows.
#
sknebel also just changed the secret generation (was hashed unnecessarily), now that should be ok as well
#
ben_thatmustbeme nah, its fine, i think people over focus on those extra merge commits
#
sknebel and for larger changes it's nice to have the context to look up
#
Zegnat Hmm, aaronpk, odd. Telegraph seems to use https://github.com/indieweb/indieauth-client-php which should support both JSON- and form-encoded. So Accept header should not be creating the issue :/
#
Loqi [indieweb] indieauth-client-php: Sample implementation and helper methods for an IndieAuth client.
#
aaronpk Zegnat: it's possible telegraph is using an old version of that library
#
aaronpk looks like it's using 0.1.14 of indieauth-client-php
#
aaronpk JSON response handling in indieauth-client-php was added in 0.2
#
Zegnat Aaah, that’ll be it then. Want me to file an issue with that?
#
aaronpk yes plz
#
aaronpk needs to make a dependency tree of all his projects so he doesn't forget to update projects that use libraries like this
#
Zegnat I just filed one re: accept header on the indieauth-client-php project, that’s better than on Telegraph.
#
aaronpk great. sounds like i have some work to do : )
#
aaronpk first i gotta send this post-IWS update and post all my photos
#
Zegnat I might do a PR for the client one later, depending on how the rest of my day goes
#
Zegnat Issues files
#
sknebel argh
#
sknebel beat me by 20s
#
sknebel :P
#
sknebel ben_thatmustbeme: Zegnat: what PHP versions do you want to target? PHP5.3+?
j12t joined the channel
#
sknebel I saw you talking about it, but don't remember the result
#
Zegnat I think we said 5.4+
#
ben_thatmustbeme either of those is fine with me
#
Zegnat Although I think everything we have right now works for 5.3 too?
#
ben_thatmustbeme i believe so
#
ben_thatmustbeme though i want to make sure to strongly recommend 5.6
#
Zegnat Maybe setup.php should show a warning for version < 5.6
#
ben_thatmustbeme i thought of that, but setup.php still works after its been generated, which means you are just leaking that info out
#
aaronpk setup.php should stop working after the config file exists
#
Zegnat oh, sknebel, mt_rand() is not a Byte[] output, I believe. So not sure what bin2hex() is going to have for effect there... did you test?
#
ben_thatmustbeme setup.php already has a $configured bool, so can just use to not have it do anything if it is configured
#
ben_thatmustbeme maybe just say that to reconfigure, remove the config file
#
Zegnat That makes sense to me, ben_thatmustbeme :)
#
sknebel Zegnat: oops, I trusted that what was there before worked, and md5 also has string input :/
#
sknebel so no
#
Zegnat Well, I think technically all Byte[] blobs are string in PHP, because it doesn’t have any other representation.
#
Zegnat But it might include garbage like null-bytes, which is why you don’t often want to use those byte-string-blob-things
#
Zegnat So md5() makes them ... “safe” ? :p And md5() can of course be applied to the int that comes out of mt_rand()
#
sknebel Zegnat: md5 and bin2hex per docs both take strings as input?
#
Zegnat I will have to do some testing before I feel comfortable with giving a solution off the top off my head though
#
Zegnat bin2hex(mt_rand()) might turn into an extremely short key (not that md5(mt_rand()) was incredibly safe)
#
sknebel Zegnat: true, missed that...
#
sknebel should really generate multiple numbers and combine them
#
Zegnat No problem, that’s why there are collaborators on the project!
#
Zegnat I am looking into the generating now, and testing their outputs.
#
sknebel if we are 5.3+ we don't need that case, do we?
#
sknebel or is the openssl random not gueranteed to be compiled in?
#
ben_thatmustbeme openssl_random is not guaranteed i don't believe
#
Zegnat Not guaranteed to be compiled. Probably especially true for 5.3 servers.
#
sknebel k
#
sknebel hm
#
sknebel I don't like all that either
#
sknebel tempted to go the JS route in that case
#
sknebel ok, openssl_random_bytes is also broken in <5.6
#
sknebel argh
#
aaronpk 5.6 really is where php starts getting good huh
#
sknebel tempted to go tell people with worse PHP to go use indieauth.com
#
sknebel :P
#
Zegnat Thing is, that requires silos ;)
#
Zegnat Writing commit for mt_rand "fix"
#
sknebel Zegnat: forcepush that over, my commit shouldn't exist :P
#
Zegnat Hahahaha
#
Loqi hehe
#
sknebel (srsly, such a noob mistake)
#
Zegnat I don’t like rewriting commit history
#
Zegnat Slippery slope :p
#
sknebel me neither, but I also don't like crap like that public
#
sknebel so I don't mind wiping stuff at the top all that much
#
sknebel (we should maybe show a message "roll 60d16, put here")
#
ben_thatmustbeme lol
#
sknebel its safer than what we are doing
#
ben_thatmustbeme actually, wonder if we should tell people with <5.6 how to just generate an app key with something else
#
sknebel yeah, that's basically the proposal
#
sknebel or do it in the browser
#
aaronpk it's not just the app key that's the problem though right? it's also generating random auth codes
#
sknebel true, but those are at least time bound
#
Zegnat I can’t figure out how to scrap your commit. For some reason I am being dumb with git today
#
Zegnat no such thing as “random auth codes”. The codes are as secure as the key you use to sign them.
#
sknebel I should stop talking
#
aaronpk oh right you're doing signed codes
#
sknebel clearly, brain no worky
#
Zegnat We do now that HMAC has landed, aaronpk. Which is probably for the best
#
sknebel ben_thatmustbeme: the more I think about it, I think having the user generate one is better
#
sknebel show an error message about the version, ask to upgrade and if not possible generate a secret yourself and put it in
#
ben_thatmustbeme i think its fine enough to tell them that its bad, but still offer up the bad version
#
ben_thatmustbeme having something semi random is better than someone going "password1" thats pretty safe right?
#
ben_thatmustbeme that way the lazy and outdated have semi-random, the outdated and non-lazy can generate good random, the updated get non-random
#
sknebel yeah, interesting question
#
Zegnat History has been rewritten! https://github.com/Inklings-io/selfauth/commits/master
#
sknebel browser random is also an option
#
sknebel still
#
Zegnat Of course, sknebel, ben_thatmustbeme, feel free to review my key generation
#
ben_thatmustbeme really needs to get back to work
#
Zegnat Hahaha, sorry if we have been keeping you ben_thatmustbeme!
#
sknebel Zegnat: RANDOM_BYTES_COUNT?
#
sknebel not RANDOM_BYTES?
#
Zegnat It was already there, or did I accidentally change the name?
#
sknebel (in the loop)
#
ben_thatmustbeme i probably did that
#
ben_thatmustbeme not thinking
#
sknebel in the loop the name is different thats all
#
Zegnat I just used the constant that was there, sknebel. Only changed the value from 30 to 32, because I honestly cannot stand non-power-of-2-key-lengths
#
Zegnat Oh, crap, that is a mistake!
#
Zegnat goes to rewrite history one more time
#
sknebel heh
#
sknebel yeah, we shouldn't do this to often. and probably really use PRs for everything
#
ben_thatmustbeme oh that, no, thats def a mistake
#
sknebel from now on
#
aaronpk speaking of constants, why is the default code expiration 1 year? https://github.com/Inklings-io/selfauth/commit/785b965e1bf19b1fad8dba36bf014eb777b55e9f
#
ben_thatmustbeme everything passes a value for that anyway
#
ben_thatmustbeme so its never actually used
#
aaronpk i'd just drop the default then
#
sknebel yes
#
Zegnat It says RANDOM_BYTE_COUNT everywhere now
#
ben_thatmustbeme sknebel: i thought you were talking about the name of the constant, i don't like naming constants the same as exisitng functions
#
Zegnat Oh, yeah, that default is mostly there because that is how I designed the initial signature for those functions
#
ben_thatmustbeme i should have thought of that on code review
#
Zegnat I.e. to use the functions you do not require to set a ttl. But everywhere we use the functions we want to explicitly set them.
#
Zegnat Functions were designed with testing and reusability in mind. That is also why they want the key as argument, and not just use the key constant internally.
#
Loqi agreed.
#
ben_thatmustbeme thanks loqi
#
Loqi you're welcome
#
martymcgui.re edited /User:Martymcgui.re (+364) "/* Itches */ antennapod + gpodder as possible /listen automation?" (view diff)
#
martymcgui.re edited /User:Martymcgui.re (+72) "/* Itches */ add gpodder events API doc link" (view diff)
[cleverdevil], gRegorLove, [miklb] and dougbeal|mb1 joined the channel
#
sknebel heh, analyzing full indiemap on bigquery is stressful. 1 TB of processing per month is free, one query is 331 GB
tantek joined the channel
#
petermolnar 331GB of what?
#
sknebel data in bigquery it has to look at
#
petermolnar but... what is in there?
#
sknebel all the results from snarfeds indiemap project. metadata for all the pages he crawled
#
tantek what is hwc berlin?
#
Loqi It looks like we don't have a page for "hwc berlin" yet. Would you like to create it?
#
tantek HWC Berlin is 2017/Berlin
#
loqi.me created /HWC_Berlin (+53) "prompted by tantek and dfn added by tantek" (view diff)
#
Loqi ok
#
sknebel thats IWC...
#
tantek oops
#
tantek fixes
#
tantek.com edited /HWC_Berlin (-29) "r" (view diff)
#
tantek.com edited /Homebrew_Website_Club (+22) "/* San Francisco */ update our organizers in case someone actually tries to get in touch directly" (view diff)
#
aaronpk launches adobe lightroom to edit IWS photos
#
aaronpk sees "publish to flickr" option
#
aaronpk wonders what it would take to write a publish via micropub option
#
aaronpk https://www.adobe.io/apis/creativecloud/lightroom.html
#
aaronpk sees someone did this for wordpress https://exchange.adobe.com/addons/products/4932#.WTdCesm1tTY
#
sknebel oh, nvm, I misread bigquery docs. that's only if you really touch all columns
j12t joined the channel
#
tantek.com edited /MediaWiki:Sidebar (+24) "next hwc, 2017 videos" (view diff)
#
aaronparecki.com edited /Events (-8) "s/indiewebcamp.com/indieweb.org" (view diff)
snarfed joined the channel
#
snarfed hey sknebel, glad you're playing with the indiemap data! happy to help if you have any q's
#
tantek.com edited /Tom_Sawyering (+436) "note what Tom did vs broader definition" (view diff)
#
snarfed btw if you want to avoid the bigquery quota, you can always download the data and work with it locally. e.g. the social graph data is just 100MB. http://www.indiemap.org/docs.html#social-graph-data
#
sknebel got it down to 12 GB per query, thats more manageable once I understood it bills per column
#
sknebel right now trying to answer how many sites support homepage webmentions
#
aaronparecki.com edited /Special:Log/upload () "uploaded a new version of "[[File:2017-indieweb-summit-day1.jpg]]"" (view diff)
#
snarfed ooh interesting
#
snarfed i also wonder how many advertize the endpoint on home page but don't actually accept them. but still, it's a good start to look!
#
sknebel right now trying to figure out known sites... they seem to have the authorative h-card on a profile url, so that gets billed as the homepage, but that's probably not what I'D try to webmention.
#
sknebel and yes, thats the next question
#
snarfed i'm really glad indiemap can (hopefully) answer questions like these
#
gRegorLove indiemap helped me rediscover this joke when I saw h-peep in the list of my mf2: https://gregorlove.com/2014/07/almost-forgot-this-proposed-specification/
#
Loqi [gRegor Morrill] Almost forgot this proposed specification: The class h-peep is a root class name that indicates the presence of a marshmallow chick. Properties: p-name: The name of the marshmallow chick. p-color: The color of the marshmallow chick. p-location...
#
snarfed ahahahaha awesome
#
Loqi hahaha
#
tantek just glad benwerd is not here to implement that :P
#
gRegorLove It's implemented on that link ^
#
tantek no I mean with a UX and everything like he does
#
ben_thatmustbeme lol, thats excellent gRegorLove
#
ben_thatmustbeme h-peep++
#
Loqi h-peep has 1 karma
#
ben_thatmustbeme snarfed: better get crawling again, you have a lot more mf2 to pull in
#
ben_thatmustbeme all of mastodon
#
tantek whoa really? as of when?
#
tantek did a recent deployment happen?
#
ben_thatmustbeme no, i just don't think he touched any of it before
#
snarfed true!
#
snarfed i definitely knew there were many more sites with mf2 than i included
#
gRegorLove Do we know approximately how many of the mastodon instances have it?
#
ben_thatmustbeme they are up to approx 37 M toots
#
snarfed mastodon++
#
Loqi mastodon has 1 karma
#
ben_thatmustbeme they don't list versions on the instance list :/
#
ben_thatmustbeme ahh, its on the /about/more page for them all
[colinwalker] joined the channel
#
[colinwalker] Snarfed: re advertising the webmention endpoint on the homepage but not accepting them, the WordPress plugin does this by default even if homepage mentions are not turned on in the options.
#
snarfed true!
#
ben_thatmustbeme probably most of them, they have had some form of mf2 in the tree since january
#
ben_thatmustbeme and i fixed the mf2 in april
#
ben_thatmustbeme so anything after 1.1.2 has my fixes, and they are on 1.4.6 now
#
sknebel do they have robots.txt normally?
#
ben_thatmustbeme they look to have a default that is commented out
#
ben_thatmustbeme https://mastodon.social/robots.txt
#
ben_thatmustbeme so unless they specifically disallow it
[eddie] joined the channel
#
[colinwalker] Submitted an issue about advertising the endpoint.
#
snarfed ben_thatmustbeme: just noticed your post about expanding mastodon to federate with indieweb: http://ben.thatmustbe.me/note/2017/6/26/2/m
#
Loqi [Ben Roberts] Mastodon and the Indieweb
#
snarfed i've been interested in bridging ostatus and indieweb too. we had a good session at IWS on it: http://indieweb.org/2017/ostatusbridge
#
snarfed happy to talk more if you're interested!
#
ben_thatmustbeme I heard a summary of that talk on the community group telcon last week
#
ben_thatmustbeme not quite sure how the AP side would work
#
ben_thatmustbeme but ideally i was thinking more of building in webmention receiving to mastodon
#
snarfed yeah i'm less familiar with activitypub than ostatus
#
ben_thatmustbeme thats basically why sandro set up w3c.social
#
tantek indeed, better to directly add building blocks support to Mastodon
#
tantek I bet that's easier to code too, rather than going through ostatus abstractions
#
snarfed right. you all are thinking of getting mastodon to do indieweb. i'm thinking of a third party bridge to translate between the two
#
snarfed definitely ideal if mastodon supports indieweb. the nice part of a bridge is that it would also support gnu social, identica, status.net, etc
#
snarfed we can push on both directions
#
snarfed ben_thatmustbeme: i'm still not that familiar with mastodon. is there any way i can see the global timeline on https://w3c.social/ without creating an account?
#
aaronpk i think kevinmarks made a thing for htat
#
aaronpk there's an API for it but nothing in the UI
#
aaronpk i should really generate thumbnails for photos in my album posts
#
Loqi yea
#
ben_thatmustbeme based on the list of instances back in april, it looks like the most you would see would be 4 or 5 instances that might not have MF2
#
ben_thatmustbeme it seems really likely that every mastodon instance has mf2
snarfed joined the channel
#
snarfed (also re ease of coding, granary already does AS1 => mf2, so that part wouldn't really add any implementation burden)
#
ben_thatmustbeme from that old list, those that are not down are all well above the version that had mf2 added
#
ben_thatmustbeme the biggest issue is that mastodon (and others) have no way to actually refer to URLs as people rather than account uris
#
snarfed ben_thatmustbeme: i don't follow. do you mean mastodon doesn't have user profile pages?
#
ben_thatmustbeme in the UI, i can say @user@host to refer to someone
#
ben_thatmustbeme in other software i can say user@host
#
petermolnar you mean in email
#
tantek or ssh
#
ben_thatmustbeme :P
#
tantek user@host is text UI convention across unix tools
#
petermolnar because it makes sense
#
tantek beyond email, that was my point
#
petermolnar I get it and agreeing
#
ben_thatmustbeme was testing https://w3c.social/@dissolve/69207
#
Loqi [Ben Roberts] ben.thatmustbe.me <does this get translated to a proper link? https://ben.thatmustbe.me/ < does this? want to just test this quick to see if just adding webmention sending to mastodon would do all of the federation TO indieweb that is needed
#
ben_thatmustbeme so if you type https:// it linked, without that it didn't
#
ben_thatmustbeme so just sending webmentions on every toot would work for http:// and https:// links
#
tantek what is a toot
#
Loqi It looks like we don't have a page for "toot" yet. Would you like to create it?
#
tantek what is a boost
#
Loqi It looks like we don't have a page for "boost" yet. Would you like to create it?
snarfed joined the channel
#
www.boffosocko.com edited /News_Genius (+111) "Blocker plugin for Known" (view diff)
#
Zegnat snarfed, re wm advertising but not accepting, I think your site was in that category
#
snarfed Zegnat: yup!
#
Zegnat Ran into that today ;) http://imgur.com/poW49RF
#
tantek what does the red x mean?
#
aaronpk no webmention endpoint found
#
aaronpk er, webmention failed
#
tantek Zegnat: that makes no sense for my site since I'm "just" delegating to webmention.io and pretty sure it handles homepage mentions
#
aaronpk yellow is no endpoint found
#
aaronpk tantek: yours likely failed because sometimes xray has trouble fetching Zegnat's site
#
Zegnat Oh, that could be it too
#
Zegnat shakes fist in Google’s general direction
#
gregorlove.com edited /baby-dont-hurt-me (+0) "new youtube link; old one died" (view diff)
#
tantek youtube don't hurt me
#
snarfed hrm afaik the app engine http fetching problems were ssl, right? which tantek.com isn't
#
aaronpk other way
#
aaronpk tantek is receiving
#
aaronpk webmention.io fetches zegnat's site
#
aaronpk occasionally gets timeout errors
#
snarfed wait webmention.io is on app engine? or telegraph?
#
aaronpk heh
#
aaronpk it's ... complicated
#
snarfed lol ok
#
snarfed apologies in any case
#
aaronpk webmention.io is a ruby app on a VPS, but when it fetches pages it uses xray,p3k.io's API
#
aaronpk xray.p3k.io is on appengine
#
snarfed ahhh ok
#
aaronpk i did that because the ruby parser wasn't good enough to use at the time
#
schmarty remembers something about appengine timeouts related to IPv6?
#
www.boffosocko.com edited /annotation (+736) "additional posts on annotation by Audrey Watters and Jon Udell" (view diff)
#
Zegnat I think Uberspace has me on both HTTPS and IPv6. Whatever the actual hick-up is, GAE doesn’t like it :/
#
aaronpk ohh
#
aaronpk checked the response from telegraph
#
aaronpk https://telegraph.p3k.io/webmention/11LTsvfLnbQuwpIqCO/details
#
aaronpk http://webmention.io is redirecting to https://webmention.io
#
aaronpk do we have a recommendation for what a webmention sender should do if the webmention POST returns a 301 or 302?
#
Zegnat Not in the W3 spec that I can see, aaronpk
#
Zegnat “Any 2xx response code must be considered a success.” - nothing on any other code, it seems
#
aaronpk then HTTP rules would apply
#
aaronpk isn't there a 3xx code that says try the post again at a new URL?
#
Zegnat It should do that with 301, right?
#
aaronpk no
KartikPrabhu joined the channel
#
aaronpk http 307
#
aaronpk or 308
#
tantek what about 309?
#
aaronpk wait am i getting that backwards? wikipedia is confusing
#
tantek if there was a 309, that's what I would return from /8675
#
aaronpk trololol
#
Zegnat There is no 309, not even according to wikipedia
#
Zegnat You could still return that code number though, if your server allows it
#
aaronpk okay yeah, HTTP 308 is a redirect that does not allow the HTTP method to change
#
aaronpk https://tools.ietf.org/html/rfc7538
#
Zegnat “This and all future requests should be directed to the given URI.” - is the description on Wikipedia for 301, which made it sound to me that *this* (aka the current) request should be aimed at the new URI. That suggested to me that a POST should be re-POST-ed
#
Zegnat But the new 308/309 explicitly state not the change the method, so you are right, aaronpk
#
loqi.me created /309 (+120) "prompted by tantek and dfn added by tantek" (view diff)
#
aaronpk Zegnat: i think what happened was people were returning 301/302 from a POST request in a browser after a form is submitted in order to redirect to the page that was just created, so browsers implemented the next request as a GET
#
aaronpk and then they had to add 307/308 later to compensate for that behavior
#
Zegnat That makes sense aaronpk! I can totally see how 301/302 were *meant* to repeat the POST but never did because of use.
#
loqi.me edited /309 (+28) "/* See Also */ new section" (view diff)
#
tantek.com edited /create (+358) "/* Facebook */ subheads, add FB create new feature" (view diff)
#
loqi.me edited /309 (+32) "ben_thatmustbeme added "http://ben.thatmustbe.me/8675" to "See Also"" (view diff)
#
GWG When would the webmention source URL and the url property of it's h-entry not match?
#
snarfed GWG: bridgy
#
aaronpk and ownyourswarm
#
Zegnat ben_thatmustbeme is "Do Not Change Your Number" the official error message for 309? ;)
#
GWG Good points
#
snarfed GWG: https://brid.gy/about#appspot
#
ben_thatmustbeme notice the title?
#
tantek Zegnat there are a variety of valid options for the BODY of the HTTP response
#
Zegnat I noticed. But your site didn’t seem to sent any actual message in the HTTP header
#
Zegnat At least not according to my browser
#
Zegnat I am mostly wondering about the HTTP header, tantek
#
Zegnat HTTP/1.1 309 something
#
loqi.me created /XClacksOverhead (+237) "prompted by petermolnar and dfn added by petermolnar" (view diff)
#
tantek the response code has no other requirements about the header
#
Zegnat True, but most will give you a message
#
snarfed oh hey aaronpk while you're here, did you see the vouch + u-url discussion from the other day? https://chat.indieweb.org/2017-06-28#t1498674079712000
#
loqi.me edited /309 (+27) "aaronpk added "https://aaronpk.com/8675" to "See Also"" (view diff)
#
Loqi [snarfed] hey vouch contributors (aaronpk tantek gRegorLove ben_thatmustbeme) have any of you thought about how it should interpret and handle u-url vs webmention source url?
#
snarfed low priority, just probably still an open question
#
tantek oh you mean the informal name for the return code
#
Zegnat “reason phrases” is apparently what those are called
#
gregorlove.com edited /309 (+55) "IndieWeb Examples, +me" (view diff)
#
tantek Zegnat, for 309, I believe that is "Eee Iye Eee Iye Yun",e.g. "309 Eee Iye Eee Iye Yun"
#
tantek 309 << Reason Phrase: "Eee Iye Eee Iye Yun", e.g. "309 Eee Iye Eee Iye Yun"
#
loqi.me edited /309 (+71) "tantek added "Reason Phrase: "Eee Iye Eee Iye Yun", e.g. "309 Eee Iye Eee Iye Yun"" to "See Also"" (view diff)
#
Loqi ok, I added "Reason Phrase: "Eee Iye Eee Iye Yun", e.g. "309 Eee Iye Eee Iye Yun"" to the "See Also" section of /309
#
Zegnat Going with that, tantek!
#
loqi.me edited /309 (+42) "aaronpk added "https://aaronparecki.com/2017/06/30/10/" to "See Also"" (view diff)
[chrisaldrich] joined the channel
#
gRegorLove I made mine HTTP/1.1 309 Jenny, before I'd seen this
#
aaronpk mine is HTTP/1.1 309 Don't Change Your Number
#
aaronpk and then redirects to my phone number
#
gRegorLove Nice! Mine is a picture of Jenny from Forrest Gump
#
loqi.me edited /309 (+35) "Zegnat added "http://vanderven.se/martijn/8675" to "See Also"" (view diff)
Billbennettnz joined the channel
#
j_juran HTTP/1.1 309 For A Good Time, Call
#
ben_thatmustbeme i could do that, but its an extra step or two to return custom http fields
#
ben_thatmustbeme err text
#
ben_thatmustbeme found that out with 449
#
ben_thatmustbeme j_juran: whats you github handle?
#
ben_thatmustbeme ehh, too late
#
Zegnat https://github.com/jjuran
#
ben_thatmustbeme there
#
ben_thatmustbeme https://github.com/Inklings-io/splatter/commit/6fe73ca1a45eab187ab7b10f5b8a115d77d7ea62
#
j_juran ben_thatmustbeme: jjuran
#
j_juran oh
#
ben_thatmustbeme didn't see you on irc-people
#
j_juran I’m new here
tantek joined the channel
#
cleverdevil.io edited /309 (+30) "/* IndieWeb Examples */" (view diff)
j12t and tantek joined the channel
#
aaronpk gRegorLove: indiewebify.me should be auto deploying from master. Is something missing?
#
gRegorLove It's this one, not merged yet: https://github.com/indieweb/indiewebify-me/pull/64
#
Loqi [gRegorLove] #64 Add /rel-me-check URL that returns more detailed information
#
gRegorLove Though the one you merged doesn't seem to be live on the site. Changed some colors in it.
#
aaronpk Hmm
#
gRegorLove Let me double-check that though
#
gRegorLove aaronpk: yeah, among other things I moved inline CSS to a separate file. It's still showing inline here: view-source:https://indiewebify.me/
#
gRegorLove Slightly darker buttons / links for better contrast in that pr too
#
aaronpk huh this shows the tests passed and that it deployed: https://travis-ci.org/indieweb/indiewebify-me/builds/241873162
#
aaronpk my appengine logs show that it's running the Jun 11th version
#
gRegorLove huh weird
[kiai] joined the channel
#
gRegorLove Did I update the wrong files? Though it worked on my dev copy, so that doesn't make sense
#
tantek.com edited /bridge (+907) "expand dfn, and distinguish specific techniques" (view diff)
#
aaronpk i'm bumping to see if that deploys the new version
#
sebsel hm, already having problems with logging in to Quill now because I don't send a me-param after the indieauth.
#
aaronpk oh boy fix all the things
#
sebsel add the me again and waits for the wikipage to be updated
#
sebsel haha, yeah, I will file, no hurry :)
#
Loqi rofl
#
aaronpk luckily i mostly use the same client library for this so it should be a fix in one place then update all the dependencies
#
sebsel hmz, so I do not have to file here?
#
aaronpk add it to indieauth-client-php
#
sebsel which is not this one? https://github.com/aaronpk/IndieAuth-Client
#
Loqi [aaronpk] IndieAuth-Client: Sample client app to authenticate against IndieAuth-enabled domains
#
sebsel got it https://github.com/indieweb/indieauth-client-php
#
Loqi [indieweb] indieauth-client-php: Sample implementation and helper methods for an IndieAuth client.
#
aaronpk whoa i dont' remember that other one
#
aaronpk looks like i pulled out the login flow from quill into that as an example
#
sebsel too many repo's ;)
#
aaronpk ohhhh
#
aaronpk gRegorLove: i apparently moved indiewebify.me off of appengine
#
aaronpk updated :)
#
gRegorLove Hah. That sounds familiar now that you mention it.
#
aaronpk probably because we were having too many problems with appengine fetching URLs
tantek joined the channel
#
gRegorLove aaronpk++ looks good!
#
Loqi aaronpk has 60 karma in this channel (1369 overall)
davidmead joined the channel
#
snarfed appengine-- bleh sorry all
#
Loqi appengine has -1 karma in this channel (0 overall)
#
snarfed or at least appenginephp--
snarfed, [grantcodes], [cleverdevil], KartikPrabhu, j12t, davidmead, jjuran and [eddie] joined the channel
#
sebsel got my own token endpoint working :D
#
sebsel storing tokens instead of JWT, so I can list them and revoke them as I please.
#
sebsel still using JWT for the auth code tho.
#
sebsel I had signed up for way to many nice looking Micropub things ;)
#
grant.codes uploaded /File:facebook-recommendations-add-recommendation-ui.png "Facebook's UI to add a recommendation to a recommendations request post https://indieweb.org/File:facebook-recommendations-add-recommendation-ui.png"
#
grant.codes uploaded /File:facebook-recommendations-request-post-ui-2.png "Facebook recommendation request creation UI second step https://indieweb.org/File:facebook-recommendations-request-post-ui-2.png"
#
grant.codes uploaded /File:facebook-recommendations-request-post-ui.png "Facebook recommendation request creation UI first step https://indieweb.org/File:facebook-recommendations-request-post-ui.png"
#
grant.codes uploaded /File:facebook-recommendations-timeline-post.png "Facebook recommendations request post in the timeline https://indieweb.org/File:facebook-recommendations-timeline-post.png"
#
grant.codes uploaded /File:facebook-recommentations-map-pin.png "Facebook UI of a recommendations request post with recommendation pin on map https://indieweb.org/File:facebook-recommentations-map-pin.png"
snarfed joined the channel
#
grant.codes created /recommendation (+1090) "Created page with "A <dfn>recommendation</dfn> is a type of post that provides a suggestion to another person. ==Facebook Example== Facebook has a UI for requesting recommendations from friends w..."" (view diff)
#
[grantcodes] what is a recommendation?
#
Loqi A recommendation is a type of post that provides a suggestion to another person https://indieweb.org/recommendation