#dev 2017-07-27

2017-07-27 UTC
leg1, jjuran, tantek, [kevinmarks], Defenestrate, j12t, [eddie] and davidmead joined the channel
#
loqi.me created /hwc_logo (+39) "prompted by tantek and dfn added by tantek" (view diff)
j12t and davidmead joined the channel
#
loqi.me edited /Reddit (+18) "tantek added "[[Hacker News]]" to "See Also"" (view diff)
#
loqi.me edited /Hacker_News (+13) "tantek added "[[Reddit]]" to "See Also"" (view diff)
#
upon2020.com uploaded /Special:Log/upload "uploaded "[[File:reddit-warning.png]]" https://indieweb.org/File:reddit-warning.png"
#
upon2020.com edited /Reddit (+55) "Added warning picture" (view diff)
jjuran, tantek, eli_oat1, gRegorLove, j12t, [miklb] and cweiske joined the channel
#
@Uxlco0 @borisschapira @nhoizey @DareBoost Vivement les implémentations réussies de webmentions ? (twitter.com/_/status/890467317913722880)
#
@borisschapira @Uxlco0 @nhoizey @DareBoost Je suis venu, j'ai vu, j'ai laissé tombé. Les webmentions vers chez moi sont anecdotiqu… https://twitter.com/i/web/status/890468789074223104 (twitter.com/_/status/890468789074223104)
KevinMarks, jjuran, [acegiak_net] and [chrisaldrich] joined the channel
#
@nhoizey @borisschapira Je vire complètement les commentaires, je ne laisse que WebMention. (twitter.com/_/status/890477737525354496)
#
@nhoizey @borisschapira @Uxlco0 @DareBoost De mon côté, j’ai plus de WebMentions que de commentaires… (twitter.com/_/status/890479497417547776)
jeremycherfas joined the channel
#
loqi.me created /Quickposse (+122) "prompted by [chrisaldrich] and dfn added by [acegiak_net]" (view diff)
#
www.boffosocko.com edited /Quickposse (+120) "github link; see also; Category:WordPRess" (view diff)
AngeloGladding, Defenestrate, barpthewire, KevinMarks and [kevinmarks] joined the channel
#
loqi.me created /GDPR (+216) "prompted by [kevinmarks] and dfn added by [kevinmarks]" (view diff)
#
loqi.me edited /GDPR (+114) "/* See Also */ new section" (view diff)
KevinMarks joined the channel
#
kevinmarks.com edited /GDPR (+496) "consent" (view diff)
#
loqi.me edited /GDPR (+22) "sebsel added "/2017/Nuremberg/law" to "See Also"" (view diff)
#
@clivewalker Managed to get Cloudinary working in my webmention responses now. See comments here https://www.cvwdesign.co.uk/news/2016-07-04-an-introduction-to-landing-pages (twitter.com/_/status/890517215434428416)
KevinMarks joined the channel
#
loqi.me edited /GDPR (+18) "[kevinmarks] added "[[FreeMyOAuth]]" to "See Also"" (view diff)
tantek joined the channel
#
kodfabrik.se edited /GDPR (+752) "Adding note on Data Portability in GDPR" (view diff)
KevinMarks_, eli_oat1, jeremycherfas, KevinMarks, [kevinmarks], [eddie] and [dgold] joined the channel
#
sknebel maybe we should consider scope editing for selfauth?
#
Zegnat We can easily offer the checkboxes, like aaronpk does, yes
KevinMarks joined the channel
#
sknebel for the issue mentioned (post vs create) the ability to add would be good as well
#
sebsel I support an extra scope myself, 'media', wether or not people may use my media endpoint.
#
sebsel So there are two strategies there: show the user all the requested scopes and ask yes/no
#
sebsel Or let the user define a list of scopes they offer, and auto-check matching boxes
#
sebsel I do the second one now, and I think aaronpk does too
#
sknebel right, you likely have a list of those
#
sknebel didn't think about that
#
sebsel Micropublish.net requests 'undelete', but I don't have that, so I don't give it.
#
Zegnat I am not sure how I feel about needing people to define a list of supported scopes on setup though.
#
sebsel It can be a default list, somewhere, that is editable when the user really wants.
#
Zegnat Giving the option to yes/no and add extra values may be enough for the selfauth usecases
#
Zegnat There are no default values defined by IndieAuth though
#
sknebel I'll make a github issue
#
sebsel Yeah, I'm not saying that's the best thing to do for SelfAuth, but those are two strategies to think about.
#
Zegnat Default list needs to come from somewhere. The Micropub spec hardlinks to https://indieweb.org/scope for “a list of all currently used values”. That’s why I would like to shy away from that. (My opinion can of course be changed, will see where the discussion goes.)
#
Zegnat The /scope seems very lackluster and not very list-y
#
sknebel filed https://github.com/Inklings-io/selfauth/issues/26
#
Loqi [sknebel] #26 Allow changing the granted scopes
#
voxpelli Feels like the /scope needs to be extended with more examples especially – seems like a few here are using more scopes than documented there? Only me + aaronpk in there now
#
Zegnat voxpelli, I agree, especially if the W3 Micropub spec links to it for a list. I have nothing to add there though.
#
seblog.nl edited /scope (+151) "/* Scopes accepted by IndieWeb sites */ added myself" (view diff)
#
seblog.nl edited /scope (+109) "/* Scopes used by IndieWeb apps */ added Micropublish.net" (view diff)
#
@barryf @EddieHinkle Thanks for letting me know. Looks like I missed bookmark-of during some refactoring. I've fixed and resent the webmention. (twitter.com/_/status/890560177501614081)
#
sebsel but in the end, it's just the question of 'can I do this'?
#
sebsel The app just hints what it thinks it might need.
#
sebsel I can also use scopes in Dutch, like 'bewerk' for 'update'. I just need to make sure to give the app the scope 'bewerk' if it asks for 'update'.
#
sebsel It is my site that checks which operation is allowed by which app at what point.
singpolyma joined the channel
#
voxpelli it's fairly good to try do standardize on a fairly limited set though so apps can clearly state what scopes they need for what operations and that way apps can be given as strict access as possible
#
voxpelli else it can easily be that all apps are given all access and the point of scopes pretty much is lost
#
voxpelli (not a problem with current indieweb generation, but with future generations and as things scale it can be)
#
sebsel yeah, good point
#
sebsel also: if the app knows which scopes it has, it can already anticipate a 403 if it did not receive a, for example, update scope.
#
Zegnat Yes, that’s why apps get a list of scopes returned to them when they verify the indieauth code. So they know exactly what scopes they were granted and follow through accordingly
#
@perchology Perchology Issue 26 is out. Webmentions, Redactor customisation, site examples and more...! https://perchology.curated.co/issues/26 (twitter.com/_/status/890569262947061761)
#
voxpelli yeah, should be possible to eg. deactivate update features and instead show an "give update access to do X"
#
voxpelli when the scope hasn't been given
[barryf] joined the channel
#
jeremycherfas Anyone got any good examples of styling webmentions from voxpelli’s Heroku app? I’d like to have a starting point with which to tinker.
#
voxpelli jeremycherfas: I assume you have looked at my voxpelli.com ;) Also http://www.kevinmarks.com/ shows what it looks like when you get a _lot_ of mentions
#
voxpelli should add pagination at some point
#
jeremycherfas Your site is first on my list.
KartikPrabhu, KevinMarks, KevinMarks_ and [kevinmarks] joined the channel
#
seblog.nl edited /scope (+2) "/* Scopes used by IndieWeb apps */ OwnYourGram now asks for create" (view diff)
KevinMarks joined the channel
#
[kevinmarks] My styling is not exactly good, but it is different from voxpelli's
#
jeremycherfas Voxpelli The classes on your webmentions differ from the ones I got in the examples. Is that because you are using bleeding edge?
#
jeremycherfas Kevinmarks: Thanks. Will get there in the end
j12t joined the channel
#
voxpelli jeremycherfas: Was a while since I worked on that specific code, it may be that I cleaned up the class names in bleeding edge (better not to use bleeding edge right now though, it's a work in progress to support Salmentions)
#
jeremycherfas OK. I’ll go with the classes I have in examples.
KevinMarks_ and KevinMarks joined the channel
#
dgold sorry to ask such a basic question but, checking for either scope 'create' or scope 'post'
#
dgold is that, in php:
#
dgold if(!strinstr($scope, 'create') || strinstr($scope, 'post) { 403 }
KartikPrabhu1 and KevinMarks joined the channel
#
Zegnat I don’t know what your $scope variable looks like
#
dgold scope is from indie-auth response - I'm trying to do a check so that if the scope has neither 'create' nor 'post' then the endpoint serves a 403
#
Zegnat if (strpos($scope, 'create') === false && strpos($scope, 'post') === false) { /* the string 'create' and the string 'post' do not exist in $scope */ }
#
dgold that's more sensible, thanks Zegnat
#
Zegnat Aah, IndieAuth scope value, then there is a slightly better one, give me a second
#
Zegnat dgold: https://gist.github.com/Zegnat/365769e7b58ca4ddea481a9ef6145647
#
dgold excellent
#
dgold Zegnat++ thank you so much
#
Loqi zegnat has 23 karma in this channel (121 overall)
#
Zegnat strpos could have false positives, e.g. a scope "imposter" would have matched as including "post". This way you get around that.
#
Zegnat If for whatever reason I made a typo in that code or it ends up not working you know where to find me ;)
#
dgold the !notation and either/ors make my head hurt
#
Zegnat in_array() will give false when the string isn’t there, and in this case you want to test for the false result so you need the ! (or `=== false` comparison). And then you want to do that twice and not have it exit after the first test (thus &&)
#
Zegnat But I totally get the confusion
#
aaronpk good morning. catching up on logs.
#
dgold good morning portland!
[miklb], j12t, KevinMarks_ and eli_oat joined the channel
#
jeremycherfas Voxpelli: Is there a way to test whether the script that pulls in webmentions contains anything, so I can modify the display conditionally?
KartikPrabhu, [miklb] and KevinMarks joined the channel
#
voxpelli jeremycherfas: don't think so with current version, add an issue and I'll try to make it so eventually :)
#
jeremycherfas OK. Thanks.
#
dgold is there a media-endpoint exemplar available? (prefereably in php)
#
aaronpk i could post mine
#
aaronpk it's really small
#
dgold really small == really good!
#
aaronpk https://gist.github.com/aaronpk/4bee1753688ca9f3036d6f31377edf14
#
aaronparecki.com edited /micropub_media_endpoint (+173) "/* Indieweb Examples */ link to source code" (view diff)
KevinMarks joined the channel
#
sebsel I see no valid scope is 401, not 403? :o
#
dgold that's very nice, aaron, thank you
#
jeremycherfas.net edited /User:Jeremycherfas.net (+256) "/* Working On */ Updated --~~~~" (view diff)
#
aaronpk sebsel: uhoh did i get that wrong?
#
aaronpk https://www.w3.org/TR/micropub/#error-response
#
aaronpk looks right
[miklb] and gRegorLove joined the channel
#
sebsel aaronpk Sorry! I didn't want to shake you!
#
sebsel It's just that I think I did wrong.
#
sebsel But good to know, will fix :)
j12t and KartikPrabhu joined the channel
#
sebsel Ah, nvm me. I have the right code in my code, just not in my head.
#
sebsel goes back to the corner
tantek joined the channel
#
aaronpk https://media.aaronpk.com/Screen-Shot-2017-07-27-10-47-54.png
#
@simoncox Somehow @PerchCMS web mentions slipped by me - https://allinthehead.com/retro/378/implementing-webmentions Pingbacks used to be great till they were spammed. ^@perchology (twitter.com/_/status/890630066144591872)
[kevinmarks] joined the channel
#
[kevinmarks] That's great aaronpk
tantek joined the channel
#
@nhoizey So long Disqus, hello Webmention https://nicolas-hoizey.com/2017/07/so-long-disqus-hello-webmentions.html #blog (twitter.com/_/status/890635589170585600)
#
aaronpk outline is done, some content written. taking a break for now https://media.aaronpk.com/Screen-Shot-2017-07-27-11-24-31.png
#
schmarty ?
j12t joined the channel
#
@nhoizey This would not be so easy without @aaronpk’s webmention.io and @AaronGustafson’s plugin for @jekyllrb. "A Tale of… https://twitter.com/i/web/status/890640527275704320 (twitter.com/_/status/890640527275704320)
cweiske joined the channel
#
dgold aaronpk: sorry to ask such a question but; if i'm indieauth'd onto one site - example.com, and micropubbing to that site, and I need to upload to a media endpoint - media.example.com - is that a separate 'login'?
#
schmarty dgold: the media endpoint should accept the same token as your main micropub endpoint
#
dgold that's the bit I'm not understanding, schmarty
#
dgold looking over the endpoint aaronpk posted to github - I can't see where that logic resides?
#
cweiske url`
#
cweiske ?
#
schmarty are you using indieauth.com as your token endpoint?
#
dgold yes
#
dgold for ascraeus.org
#
schmarty cweiske: aaronpk dropped the link a couple of hours ago in this channel. https://gist.github.com/aaronpk/4bee1753688ca9f3036d6f31377edf14
#
dgold but media.ascraeus.org is a different 'location'
#
gregorlove.com edited /Disqus (+588) "/* IndieWeb Experience */ So long Disqus, hello Webmention" (view diff)
#
schmarty so the implementation that aaronpk linked requires an authorization token in an HTTP Authorization header
#
schmarty and it checks it against tokens.indieauth.com to make sure it is still valid and that it has a scope
#
sknebel but it never checks for the identity the token is for? (aaronpk)
#
schmarty this implementation is not doing any verification about the "me" value that i can see
#
schmarty so let's all post to aaronpk's media endpoint ;}
#
dgold yes - I see where it looks for the token, line 15+, and I see where it starts checking it, line 37
#
schmarty dgold: the micropub spec says the media endpoint should accept the same tokens that a "regular" micropub server endpoint should accept
#
dgold but I don't see that its checking the token is valid for the originating location - the one without [media] in the W3C spec
#
schmarty so in your case it should accept tokens for "ascraeus.org"
#
dgold okay
#
schmarty dgold: this implementation seems not to check that value at all
#
schmarty sounds like a bug to me :}
#
aaronpk Hiiii
#
dgold heyhey
#
aaronpk so, I modified the gist a little from what my own implementation does
#
dgold there's loads of catpics being uploaded to your media endpoint
#
dgold :)
#
aaronpk I have my own token endpoint so it will only return 200 from the token check for my own tokens
#
dgold aaaah
#
aaronpk so yeah if you use a shared token endpoint then you'd need an additional check there looking at the response from the token endpoint
#
dgold and that would be checking a 'me' value for the originating mpub location?
#
dgold not the media.example.org?
#
sknebel yes
#
dgold phew - that explains that. I'd been puzzling at this for far too ling
#
Zegnat aaronpk++ for IndieAuth draft <3
#
Loqi aaronpk has 68 karma in this channel (1390 overall)
KevinMarks, j12t and tantek joined the channel
#
@molovo Just set up webmention responses on a second Jekyll site. Really liking how seamless it is once everything’s automated (twitter.com/_/status/890665551512653824)
j12t and j12t_ joined the channel
#
sebsel aaronpk++ yaay for the IndieAuth draft!
#
Loqi aaronpk has 69 karma in this channel (1391 overall)
#
aaronpk it's progress!
KevinMarks, tantek and j12t joined the channel
#
gRegorLove Ooh, just caught up with indieauth.com getting renamed to indielogin.com
#
aaronpk i'm hoping to be able to focus on that project in august
#
Zegnat gRegorLove, yep. Much information captured on http://indieweb.org/IndieAuth#naming_confusion (after tantek urged us to document outside of IRC). Also some work on new wording for the wiki page here: https://indieweb.org/User:Vanderven.se_martijn/IndieAuth (which I would love to get more eyes on if you have a moment for IndieWeb things again :) )
#
aaronpk time to register a new domain
#
gregorlove.com edited /Homebrew_Website_Club (+542) "consolidate Logos and Graphics section" (view diff)
#
gRegorLove Zegnat: Sure, I'll take a look
#
aaronpk indieauth.net is now mine
#
aaronpk that's gonna be where the spec lives
#
Zegnat Nice!
#
Zegnat Hope you’ll think of us when you need some eyes on it, aaronpk ;)
#
aaronpk definitely
#
sknebel Zegnat: right, we should look at moving your draft over again, or at least large parts of it. or wait for the spec, cross-check everything and then?
#
aaronpk probably don't wait for the spec
#
aaronpk maybe wait for indielogin.com tho?
#
Zegnat Waiting for indielogin.com might make sense. Note that I did add a pretty clear note on top of https://indieweb.org/IndieAuth with one of my last edits :)
KevinMarks joined the channel
#
Zegnat That note isn’t in my draft page, because hopefully the draft page wouldn’t need such ntoes
#
Zegnat s/ntoes/notes/
#
gRegorLove Draft page looks good. I think "Developers can use any way they want of finding these." probably isn't necessary.
#
gRegorLove Those can also be in HTTP headers, right? So maybe list those variants there.
#
sebsel Zegnat++ for the note
#
Loqi zegnat has 24 karma in this channel (122 overall)
#
sebsel looks good
#
Zegnat True, that developer specific sentence was probably unnecessary, gRegorLove. Feel free to edit if you have any ideas. It’s not just “my” draft.
#
gRegorLove Though /authorization-endpoint seems to indicate only rel, so maybe Link headers haven't been used for that yet.
#
aaronpk we should probably do a survey of how many people advertise in Link headers, and not include that in the spec if nobody's using it
#
Loqi +1
#
Zegnat instantly switches to Link headers
#
Zegnat ;)
#
sebsel says nothing
#
gRegorLove Zegnat++ haha
#
Loqi zegnat has 25 karma in this channel (123 overall)
#
sebsel Ah, I was moving too ;)
#
Loqi ahahaha
#
aaronpk lol
#
aaronpk great
#
sebsel It's actually easier in CMS plugins, because you just need to call header(), instead of asking the user 'add this to' or finding the right hook to do so.
#
aaronpk yeah that's true
#
Zegnat I think it is great to be able to tell to people to copy an HTML link element for set-up. But for development headers are so nice and easy. Get them through a HEAD request, add them to server config and instantly have them available site-wide.
#
sknebel well, the auth_endpoint you odn't need sitewide, but still, no editing templates
#
Zegnat And unlike with webmention endpoints where you might want to really scope it to separate pages, I think most people will just use a single authorization-endpoint for everything so it could be added to server configs without any penalties
#
Zegnat Also true sknebel, you don’t need it.
#
sebsel I was going to say: for private webmention you need site-wide, but that's the token endpoint.
#
sknebel also true. and there we use link-headers already
#
sebsel But that's IndieAuth too, right?
#
sknebel I'd count that as it's own thing
#
Zegnat IndieAuth defines working together with the token-endpoint. I don’t think token-endpoint is IndieAuth specific though.
#
Zegnat Modularity <3
KartikPrabhu and tantek joined the channel
#
loqi.me edited /Squarespace (+76) "Zegnat added "http://immanagers.com/web-design/squarespace-template-id-reference-table/" to "See Also"" (view diff)
#
sebsel I have a basic webmention plugin for Kirby again :)
#
sebsel Not live on my site, still a lot to tweak, but I like what it does now
#
sebsel It uses a lot of aaronpk's code, including XRay, php-mention-client and even QuartzDB, but oh.
#
sebsel I store all webmentions in QuartzDB, which is just a file with a JSON-with-date per line
#
sebsel And then on every post I store a dictionary of URL to ID in the database (date and line number)
#
sebsel So I store ALL received mentions
#
sebsel but a new mention overwrites the pointer, thus updates it.
#
@molovo I wrote a little about my adventures with Webmentions and Jekyll over the last few days: https://molovo.co/writing/jekyll-webmentions/ (twitter.com/_/status/890703448014041089)
raucao, Ruxton and [kevinmarks] joined the channel
#
@DavidDarnes This is awesome: @molovo wrote up on how he got Webmentions working on his @jekyllrb site https://molovo.co/writing/jekyll-webmentions/ (twitter.com/_/status/890706693495164929)
sebsel and AngeloGladding joined the channel
#
gRegorLove what is quartzdb?
#
gRegorLove what is quartzdb?
#
Loqi QuartzDB is a flat-file database optimized to hold time-series data https://indieweb.org/QuartzDB
#
gregorlove.com edited /ICS (+288) "/* IndieWeb Examples */ +me" (view diff)
#
gRegorLove Here's my MVP mf2 to iCalendar lib: https://github.com/gRegorLove/mf2-to-iCalendar
#
Loqi [gRegorLove] mf2-to-iCalendar: Convert microformats h-event to iCalendar