#dev 2017-07-27

2017-07-27 UTC
leg1, jjuran, tantek, [kevinmarks], Defenestrate, j12t, [eddie] and davidmead joined the channel
#
loqi.me
created /hwc_logo (+39) "prompted by tantek and dfn added by tantek"
(view diff)
j12t and davidmead joined the channel
#
loqi.me
edited /Reddit (+18) "tantek added "[[Hacker News]]" to "See Also""
(view diff)
#
loqi.me
edited /Hacker_News (+13) "tantek added "[[Reddit]]" to "See Also""
(view diff)
#
upon2020.com
edited /Reddit (+55) "Added warning picture"
(view diff)
jjuran, tantek, eli_oat1, gRegorLove, j12t, [miklb] and cweiske joined the channel
#
@Uxlco0
@borisschapira @nhoizey @DareBoost Vivement les implémentations réussies de webmentions ?
(twitter.com/_/status/890467317913722880)
#
@borisschapira
@Uxlco0 @nhoizey @DareBoost Je suis venu, j'ai vu, j'ai laissé tombé. Les webmentions vers chez moi sont anecdotiqu… https://twitter.com/i/web/status/890468789074223104
(twitter.com/_/status/890468789074223104)
KevinMarks, jjuran, [acegiak_net] and [chrisaldrich] joined the channel
#
@nhoizey
@borisschapira Je vire complètement les commentaires, je ne laisse que WebMention.
(twitter.com/_/status/890477737525354496)
#
@nhoizey
@borisschapira @Uxlco0 @DareBoost De mon côté, j’ai plus de WebMentions que de commentaires…
(twitter.com/_/status/890479497417547776)
jeremycherfas joined the channel
#
loqi.me
created /Quickposse (+122) "prompted by [chrisaldrich] and dfn added by [acegiak_net]"
(view diff)
#
www.boffosocko.com
edited /Quickposse (+120) "github link; see also; Category:WordPRess"
(view diff)
AngeloGladding, Defenestrate, barpthewire, KevinMarks and [kevinmarks] joined the channel
#
loqi.me
created /GDPR (+216) "prompted by [kevinmarks] and dfn added by [kevinmarks]"
(view diff)
#
loqi.me
edited /GDPR (+114) "/* See Also */ new section"
(view diff)
KevinMarks joined the channel
#
kevinmarks.com
edited /GDPR (+496) "consent"
(view diff)
#
loqi.me
edited /GDPR (+22) "sebsel added "/2017/Nuremberg/law" to "See Also""
(view diff)
#
@clivewalker
Managed to get Cloudinary working in my webmention responses now. See comments here https://www.cvwdesign.co.uk/news/2016-07-04-an-introduction-to-landing-pages
(twitter.com/_/status/890517215434428416)
KevinMarks joined the channel
#
loqi.me
edited /GDPR (+18) "[kevinmarks] added "[[FreeMyOAuth]]" to "See Also""
(view diff)
tantek joined the channel
#
kodfabrik.se
edited /GDPR (+752) "Adding note on Data Portability in GDPR"
(view diff)
KevinMarks_, eli_oat1, jeremycherfas, KevinMarks, [kevinmarks], [eddie] and [dgold] joined the channel
#
sknebel
maybe we should consider scope editing for selfauth?
#
Zegnat
We can easily offer the checkboxes, like aaronpk does, yes
KevinMarks joined the channel
#
sknebel
for the issue mentioned (post vs create) the ability to add would be good as well
#
sebsel
I support an extra scope myself, 'media', wether or not people may use my media endpoint.
#
sebsel
So there are two strategies there: show the user all the requested scopes and ask yes/no
#
sebsel
Or let the user define a list of scopes they offer, and auto-check matching boxes
#
sebsel
I do the second one now, and I think aaronpk does too
#
sknebel
right, you likely have a list of those
#
sknebel
didn't think about that
#
sebsel
Micropublish.net requests 'undelete', but I don't have that, so I don't give it.
#
Zegnat
I am not sure how I feel about needing people to define a list of supported scopes on setup though.
#
sebsel
It can be a default list, somewhere, that is editable when the user really wants.
#
Zegnat
Giving the option to yes/no and add extra values may be enough for the selfauth usecases
#
Zegnat
There are no default values defined by IndieAuth though
#
sknebel
I'll make a github issue
#
sebsel
Yeah, I'm not saying that's the best thing to do for SelfAuth, but those are two strategies to think about.
#
Zegnat
Default list needs to come from somewhere. The Micropub spec hardlinks to https://indieweb.org/scope for “a list of all currently used values”. That’s why I would like to shy away from that. (My opinion can of course be changed, will see where the discussion goes.)
#
Zegnat
The /scope seems very lackluster and not very list-y
#
Loqi
[sknebel] #26 Allow changing the granted scopes
#
voxpelli
Feels like the /scope needs to be extended with more examples especially – seems like a few here are using more scopes than documented there? Only me + aaronpk in there now
#
Zegnat
voxpelli, I agree, especially if the W3 Micropub spec links to it for a list. I have nothing to add there though.
#
seblog.nl
edited /scope (+151) "/* Scopes accepted by IndieWeb sites */ added myself"
(view diff)
#
seblog.nl
edited /scope (+109) "/* Scopes used by IndieWeb apps */ added Micropublish.net"
(view diff)
#
@barryf
@EddieHinkle Thanks for letting me know. Looks like I missed bookmark-of during some refactoring. I've fixed and resent the webmention.
(twitter.com/_/status/890560177501614081)
#
sebsel
but in the end, it's just the question of 'can I do this'?
#
sebsel
The app just hints what it thinks it might need.
#
sebsel
I can also use scopes in Dutch, like 'bewerk' for 'update'. I just need to make sure to give the app the scope 'bewerk' if it asks for 'update'.
#
sebsel
It is my site that checks which operation is allowed by which app at what point.
singpolyma joined the channel
#
voxpelli
it's fairly good to try do standardize on a fairly limited set though so apps can clearly state what scopes they need for what operations and that way apps can be given as strict access as possible
#
voxpelli
else it can easily be that all apps are given all access and the point of scopes pretty much is lost
#
voxpelli
(not a problem with current indieweb generation, but with future generations and as things scale it can be)
#
sebsel
yeah, good point
#
sebsel
also: if the app knows which scopes it has, it can already anticipate a 403 if it did not receive a, for example, update scope.
#
Zegnat
Yes, that’s why apps get a list of scopes returned to them when they verify the indieauth code. So they know exactly what scopes they were granted and follow through accordingly
#
@perchology
Perchology Issue 26 is out. Webmentions, Redactor customisation, site examples and more...! https://perchology.curated.co/issues/26
(twitter.com/_/status/890569262947061761)
#
voxpelli
yeah, should be possible to eg. deactivate update features and instead show an "give update access to do X"
#
voxpelli
when the scope hasn't been given
[barryf] joined the channel
#
jeremycherfas
Anyone got any good examples of styling webmentions from voxpelli’s Heroku app? I’d like to have a starting point with which to tinker.
#
voxpelli
jeremycherfas: I assume you have looked at my voxpelli.com ;) Also http://www.kevinmarks.com/ shows what it looks like when you get a _lot_ of mentions
#
voxpelli
should add pagination at some point
#
jeremycherfas
Your site is first on my list.
KartikPrabhu, KevinMarks, KevinMarks_ and [kevinmarks] joined the channel
#
seblog.nl
edited /scope (+2) "/* Scopes used by IndieWeb apps */ OwnYourGram now asks for create"
(view diff)
KevinMarks joined the channel
#
[kevinmarks]
My styling is not exactly good, but it is different from voxpelli's
#
jeremycherfas
Voxpelli The classes on your webmentions differ from the ones I got in the examples. Is that because you are using bleeding edge?
#
jeremycherfas
Kevinmarks: Thanks. Will get there in the end
j12t joined the channel
#
voxpelli
jeremycherfas: Was a while since I worked on that specific code, it may be that I cleaned up the class names in bleeding edge (better not to use bleeding edge right now though, it's a work in progress to support Salmentions)
#
jeremycherfas
OK. I’ll go with the classes I have in examples.
KevinMarks_ and KevinMarks joined the channel
#
dgold
sorry to ask such a basic question but, checking for either scope 'create' or scope 'post'
#
dgold
is that, in php:
#
dgold
if(!strinstr($scope, 'create') || strinstr($scope, 'post) { 403 }
KartikPrabhu1 and KevinMarks joined the channel
#
Zegnat
I don’t know what your $scope variable looks like
#
dgold
scope is from indie-auth response - I'm trying to do a check so that if the scope has neither 'create' nor 'post' then the endpoint serves a 403
#
Zegnat
if (strpos($scope, 'create') === false && strpos($scope, 'post') === false) { /* the string 'create' and the string 'post' do not exist in $scope */ }
#
dgold
that's more sensible, thanks Zegnat
#
Zegnat
Aah, IndieAuth scope value, then there is a slightly better one, give me a second
#
dgold
excellent
#
dgold
Zegnat++ thank you so much
#
Loqi
zegnat has 23 karma in this channel (121 overall)
#
Zegnat
strpos could have false positives, e.g. a scope "imposter" would have matched as including "post". This way you get around that.
#
Zegnat
If for whatever reason I made a typo in that code or it ends up not working you know where to find me ;)
#
dgold
the !notation and either/ors make my head hurt
#
Zegnat
in_array() will give false when the string isn’t there, and in this case you want to test for the false result so you need the ! (or `=== false` comparison). And then you want to do that twice and not have it exit after the first test (thus &&)
#
Zegnat
But I totally get the confusion
#
aaronpk
good morning. catching up on logs.
#
dgold
good morning portland!
[miklb], j12t, KevinMarks_ and eli_oat joined the channel
#
jeremycherfas
Voxpelli: Is there a way to test whether the script that pulls in webmentions contains anything, so I can modify the display conditionally?
KartikPrabhu, [miklb] and KevinMarks joined the channel
#
voxpelli
jeremycherfas: don't think so with current version, add an issue and I'll try to make it so eventually :)
#
jeremycherfas
OK. Thanks.
#
dgold
is there a media-endpoint exemplar available? (prefereably in php)
#
aaronpk
i could post mine
#
aaronpk
it's really small
#
dgold
really small == really good!
#
aaronparecki.com
edited /micropub_media_endpoint (+173) "/* Indieweb Examples */ link to source code"
(view diff)
KevinMarks joined the channel
#
sebsel
I see no valid scope is 401, not 403? :o
#
dgold
that's very nice, aaron, thank you
#
jeremycherfas.net
edited /User:Jeremycherfas.net (+256) "/* Working On */ Updated --~~~~"
(view diff)
#
aaronpk
sebsel: uhoh did i get that wrong?
#
aaronpk
looks right
[miklb] and gRegorLove joined the channel
#
sebsel
aaronpk Sorry! I didn't want to shake you!
#
sebsel
It's just that I think I did wrong.
#
sebsel
But good to know, will fix :)
j12t and KartikPrabhu joined the channel
#
sebsel
Ah, nvm me. I have the right code in my code, just not in my head.
#
sebsel
goes back to the corner
tantek joined the channel
#
@simoncox
Somehow @PerchCMS web mentions slipped by me - https://allinthehead.com/retro/378/implementing-webmentions Pingbacks used to be great till they were spammed. ^@perchology
(twitter.com/_/status/890630066144591872)
[kevinmarks] joined the channel
#
[kevinmarks]
That's great aaronpk
tantek joined the channel
#
aaronpk
outline is done, some content written. taking a break for now https://media.aaronpk.com/Screen-Shot-2017-07-27-11-24-31.png
j12t joined the channel
#
@nhoizey
This would not be so easy without @aaronpk’s webmention.io and @AaronGustafson’s plugin for @jekyllrb. "A Tale of… https://twitter.com/i/web/status/890640527275704320
(twitter.com/_/status/890640527275704320)
cweiske joined the channel
#
dgold
aaronpk: sorry to ask such a question but; if i'm indieauth'd onto one site - example.com, and micropubbing to that site, and I need to upload to a media endpoint - media.example.com - is that a separate 'login'?
#
schmarty
dgold: the media endpoint should accept the same token as your main micropub endpoint
#
dgold
that's the bit I'm not understanding, schmarty
#
dgold
looking over the endpoint aaronpk posted to github - I can't see where that logic resides?
#
schmarty
are you using indieauth.com as your token endpoint?
#
dgold
for ascraeus.org
#
schmarty
cweiske: aaronpk dropped the link a couple of hours ago in this channel. https://gist.github.com/aaronpk/4bee1753688ca9f3036d6f31377edf14
#
dgold
but media.ascraeus.org is a different 'location'
#
gregorlove.com
edited /Disqus (+588) "/* IndieWeb Experience */ So long Disqus, hello Webmention"
(view diff)
#
schmarty
so the implementation that aaronpk linked requires an authorization token in an HTTP Authorization header
#
schmarty
and it checks it against tokens.indieauth.com to make sure it is still valid and that it has a scope
#
sknebel
but it never checks for the identity the token is for? (aaronpk)
#
schmarty
this implementation is not doing any verification about the "me" value that i can see
#
schmarty
so let's all post to aaronpk's media endpoint ;}
#
dgold
yes - I see where it looks for the token, line 15+, and I see where it starts checking it, line 37
#
schmarty
dgold: the micropub spec says the media endpoint should accept the same tokens that a "regular" micropub server endpoint should accept
#
dgold
but I don't see that its checking the token is valid for the originating location - the one without [media] in the W3C spec
#
schmarty
so in your case it should accept tokens for "ascraeus.org"
#
schmarty
dgold: this implementation seems not to check that value at all
#
schmarty
sounds like a bug to me :}
#
dgold
heyhey
#
aaronpk
so, I modified the gist a little from what my own implementation does
#
dgold
there's loads of catpics being uploaded to your media endpoint
#
aaronpk
I have my own token endpoint so it will only return 200 from the token check for my own tokens
#
dgold
aaaah
#
aaronpk
so yeah if you use a shared token endpoint then you'd need an additional check there looking at the response from the token endpoint
#
dgold
and that would be checking a 'me' value for the originating mpub location?
#
dgold
not the media.example.org?
#
dgold
phew - that explains that. I'd been puzzling at this for far too ling
#
Zegnat
aaronpk++ for IndieAuth draft <3
#
Loqi
aaronpk has 68 karma in this channel (1390 overall)
KevinMarks, j12t and tantek joined the channel
#
@molovo
Just set up webmention responses on a second Jekyll site. Really liking how seamless it is once everything’s automated
(twitter.com/_/status/890665551512653824)
j12t and j12t_ joined the channel
#
sebsel
aaronpk++ yaay for the IndieAuth draft!
#
Loqi
aaronpk has 69 karma in this channel (1391 overall)
#
aaronpk
it's progress!
KevinMarks, tantek and j12t joined the channel
#
gRegorLove
Ooh, just caught up with indieauth.com getting renamed to indielogin.com
#
aaronpk
i'm hoping to be able to focus on that project in august
#
Zegnat
gRegorLove, yep. Much information captured on http://indieweb.org/IndieAuth#naming_confusion (after tantek urged us to document outside of IRC). Also some work on new wording for the wiki page here: https://indieweb.org/User:Vanderven.se_martijn/IndieAuth (which I would love to get more eyes on if you have a moment for IndieWeb things again :) )
#
aaronpk
time to register a new domain
#
gregorlove.com
edited /Homebrew_Website_Club (+542) "consolidate Logos and Graphics section"
(view diff)
#
gRegorLove
Zegnat: Sure, I'll take a look
#
aaronpk
indieauth.net is now mine
#
aaronpk
that's gonna be where the spec lives
#
Zegnat
Nice!
#
Zegnat
Hope you’ll think of us when you need some eyes on it, aaronpk ;)
#
aaronpk
definitely
#
sknebel
Zegnat: right, we should look at moving your draft over again, or at least large parts of it. or wait for the spec, cross-check everything and then?
#
aaronpk
probably don't wait for the spec
#
aaronpk
maybe wait for indielogin.com tho?
#
Zegnat
Waiting for indielogin.com might make sense. Note that I did add a pretty clear note on top of https://indieweb.org/IndieAuth with one of my last edits :)
KevinMarks joined the channel
#
Zegnat
That note isn’t in my draft page, because hopefully the draft page wouldn’t need such ntoes
#
Zegnat
s/ntoes/notes/
#
gRegorLove
Draft page looks good. I think "Developers can use any way they want of finding these." probably isn't necessary.
#
gRegorLove
Those can also be in HTTP headers, right? So maybe list those variants there.
#
sebsel
Zegnat++ for the note
#
Loqi
zegnat has 24 karma in this channel (122 overall)
#
sebsel
looks good
#
Zegnat
True, that developer specific sentence was probably unnecessary, gRegorLove. Feel free to edit if you have any ideas. It’s not just “my” draft.
#
gRegorLove
Though /authorization-endpoint seems to indicate only rel, so maybe Link headers haven't been used for that yet.
#
aaronpk
we should probably do a survey of how many people advertise in Link headers, and not include that in the spec if nobody's using it
#
Zegnat
instantly switches to Link headers
#
sebsel
says nothing
#
gRegorLove
Zegnat++ haha
#
Loqi
zegnat has 25 karma in this channel (123 overall)
#
sebsel
Ah, I was moving too ;)
#
Loqi
ahahaha
#
sebsel
It's actually easier in CMS plugins, because you just need to call header(), instead of asking the user 'add this to' or finding the right hook to do so.
#
aaronpk
yeah that's true
#
Zegnat
I think it is great to be able to tell to people to copy an HTML link element for set-up. But for development headers are so nice and easy. Get them through a HEAD request, add them to server config and instantly have them available site-wide.
#
sknebel
well, the auth_endpoint you odn't need sitewide, but still, no editing templates
#
Zegnat
And unlike with webmention endpoints where you might want to really scope it to separate pages, I think most people will just use a single authorization-endpoint for everything so it could be added to server configs without any penalties
#
Zegnat
Also true sknebel, you don’t need it.
#
sebsel
I was going to say: for private webmention you need site-wide, but that's the token endpoint.
#
sknebel
also true. and there we use link-headers already
#
sebsel
But that's IndieAuth too, right?
#
sknebel
I'd count that as it's own thing
#
Zegnat
IndieAuth defines working together with the token-endpoint. I don’t think token-endpoint is IndieAuth specific though.
#
Zegnat
Modularity <3
KartikPrabhu and tantek joined the channel
#
loqi.me
edited /Squarespace (+76) "Zegnat added "http://immanagers.com/web-design/squarespace-template-id-reference-table/" to "See Also""
(view diff)
#
sebsel
I have a basic webmention plugin for Kirby again :)
#
sebsel
Not live on my site, still a lot to tweak, but I like what it does now
#
sebsel
It uses a lot of aaronpk's code, including XRay, php-mention-client and even QuartzDB, but oh.
#
sebsel
I store all webmentions in QuartzDB, which is just a file with a JSON-with-date per line
#
sebsel
And then on every post I store a dictionary of URL to ID in the database (date and line number)
#
sebsel
So I store ALL received mentions
#
sebsel
but a new mention overwrites the pointer, thus updates it.
#
@molovo
I wrote a little about my adventures with Webmentions and Jekyll over the last few days: https://molovo.co/writing/jekyll-webmentions/
(twitter.com/_/status/890703448014041089)
raucao, Ruxton and [kevinmarks] joined the channel
#
@DavidDarnes
This is awesome: @molovo wrote up on how he got Webmentions working on his @jekyllrb site https://molovo.co/writing/jekyll-webmentions/
(twitter.com/_/status/890706693495164929)
sebsel and AngeloGladding joined the channel
#
gRegorLove
what is quartzdb?
#
gRegorLove
what is quartzdb?
#
Loqi
QuartzDB is a flat-file database optimized to hold time-series data https://indieweb.org/QuartzDB
#
gregorlove.com
edited /ICS (+288) "/* IndieWeb Examples */ +me"
(view diff)
#
Loqi
[gRegorLove] mf2-to-iCalendar: Convert microformats h-event to iCalendar