#dev 2017-08-04

2017-08-04 UTC
tantek_, leg and KevinMarks joined the channel
tantek_, [chrisaldrich], brobertson, wagle, http_GK1wmSU and mblaney joined the channel
#
mblaney
!tell voxpelli I've been thinking about indie-config since my firefox issues with it last week. What do you think about the privacy implications of any site being able to load your config once you have the web+action protocol registered? (Imagining a world where everyone has done that...) the iframe loading can be done without the user having any visual indication that their details have been given to the website they have visited...
#
Loqi
Ok, I'll tell them that when I see them next
brobertson, [chrisaldrich] and [colinwalker] joined the channel
#
www.boffosocko.com
edited /Medium (+280) "/* Articles */ Anywhere but Medium"
(view diff)
[jeremycherfas], brobertson, cweiske, barpthewire, [kevinmarks], jeremycherfas and [tantek] joined the channel
#
jeremycherfas
!tell voxpelli I’m having a problem with your app picking up Author. This post https://www.jeremycherfas.net/blog/making-link-posts-in-wp-work-for-me points back to my home page as author, and that has an h-card with my details, but they don’t show up
#
Loqi
Ok, I'll tell them that when I see them next
#
Loqi
[Jeremy Cherfas] Making link posts in WP work for me
#
voxpelli
jeremycherfas: yeah, my webmention endpoint does not fetch and resolve external h-cards yet, could you add an issue to the GitHub repo?
#
Loqi
voxpelli: mblaney left you a message 4 hours, 41 minutes ago: I've been thinking about indie-config since my firefox issues with it last week. What do you think about the privacy implications of any site being able to load your config once you have the web+action protocol registered? (Imagining a world where everyone has done that...) the iframe loading can be done without the user having any visual indication that their details have been given to the website they have visited...
#
Loqi
voxpelli: jeremycherfas left you a message 2 minutes ago: I’m having a problem with your app picking up Author. This post https://www.jeremycherfas.net/blog/making-link-posts-in-wp-work-for-me points back to my home page as author, and that has an h-card with my details, but they don’t show up
#
voxpelli
!tell mblaney An indie-config iframe can have a whitelist of pages it wants to send the config to and have some kind of mechanism for prompting the user to add a site to that whitelist, so the privacy implication should be possible to handle
#
Loqi
Ok, I'll tell them that when I see them next
[tantek] and tantek_ joined the channel
#
tantek.com
edited /sticker (+746) "expand dfn with examples, indieweb examples stub none, silo examples, see also"
(view diff)
#
tantek.com
edited /Facebook_Messenger (+106) "grammar, known for meaningless updates, link"
(view diff)
#
tantek.com
edited /Universal_2nd_Factor (+60) "U2F, see also"
(view diff)
#
tantek.com
edited /venue (+499) "special case of a wiki-page kind of, capture itch / use-case for travel"
(view diff)
#
sebsel
huh, what did happen with /stickers?
#
sebsel
goes to meta
#
seblog.nl
edited /sticker (+1629) "bring back some of the old page"
(view diff)
brobertson, KevinMarks, [kevinmarks] and j12t joined the channel
#
dgold
morning indiewebbers
#
dgold
I'm working on getting checkins working, and would like to use aaronpk's atlas service to save a map image
#
dgold
but I'm beating myself up on uploading the map.png to my media endpoint
#
sebsel
Why involving your media endpoint there?
#
dgold
that's a good question, sebsel, I just thought that was the most appropriate
#
vanderven.se martijn
edited /IndieAuth (+44) "/* how to should include endpoint definition */ Remove “I”, put my opinion with my name."
(view diff)
#
dgold
my media server and my site server are different locations
#
sebsel
The way I do it, is that I determine the Atlas URL I need (so: the coordinates and the settings as params to the URL) and then I just do a curl, and save the returned body to a file.
#
sebsel
But, my media server and my site server are on one place.
#
lars-peters.net
created /User:Lars-peters.net (+33) "Created page with "is [https://lars-peters.net lape]""
(view diff)
#
www.svenknebel.de
edited /IndieAuth (+171) "/* how to should include endpoint definition */"
(view diff)
#
Zegnat
dgold: you wouldn’t necessarily need to go through a media server if your micropub endpoint can handle grabbing the file.
#
Zegnat
I.e. the micropub endpoint knows it has to go and save a checkin type post, at that point it can also fetch the image and save that alongside it. No reason to have the MP client upload the image separately.
#
sebastianlasse.de
created /ia (+23) "Short URL for posters"
(view diff)
#
dgold
yeah, that's what I've switched to doing. sebsel's comment was welcome
#
sebsel
And it's a neat function you can reuse. I fetch external author images for incoming webmentions, and u-photo from posts I like, so I have a personal copy of it (not shown on my website).
#
sebsel
Oh, same script runs on things I repost / retweet, but then I do show the u-photo.
brobertson joined the channel
#
sknebel
aaronpk: btw, if you want someone to read through material for indieauth.com or your oauth draft, just send me the link :)
KevinMarks joined the channel
#
mblaney
voxpelli yes implementing a whitelist for indie-config seems to be the only way to deal with the privacy issue. Unfortunately that pretty much defeats the purpose of it, which is to provide an easy way to tell a site you want to interact with who you are.
#
Loqi
mblaney: voxpelli left you a message 3 hours, 26 minutes ago: An indie-config iframe can have a whitelist of pages it wants to send the config to and have some kind of mechanism for prompting the user to add a site to that whitelist, so the privacy implication should be possible to handle
#
voxpelli
mblaney: all privacy sensitive API:s on the web has such whitelists / prompts though? Geolocation, camera, microphone etc
#
voxpelli
If such config exposure was standardized in the browser then exposing such a prompt would probably be mandatory
#
mblaney
Yes I guess I just came to the realization that there's no way to automatically tell another site who you are. If there was such a mechanism it would be a privacy violation, hence the need for a prompt from the user.
KevinMarks_ joined the channel
#
mblaney
I've got some ideas for how to fix it without needing to store a whitelist... will experiment a bit and report back what I discover ;-)
#
voxpelli
mblaney: one way to solve it is to actually never give the site the info but to only have the site tell the browser what it wants to be done, a browser native indie-action button could do that
#
mblaney
yes I was thinking about that too, but it's not very webby if you don't put the links in the page. And as soon as you do that, the site has access to your details.
#
mblaney
that sort of thinking led me to looking into bookmarklets, because then the user controls the action.
#
mblaney
but you could write a bookmarklet to sign in a user or pull their own config, all prompted by the user undertaking the action, so that's what I'm going to look into doing next.
j12t joined the channel
#
aaronpk
good morning!
#
Loqi
rise and shine!
KevinMarks, KevinMarks_, tantek_, [chrisaldrich], j12t, [colinwalker], j12t_ and [miklb] joined the channel
#
dgold
morning aaronpk
#
dgold
several hours ago
#
dgold
i have managed to get checkins working on my nanopub script - so: yay!
#
Loqi
does a happy dance!
#
dgold
haven't worked out how to _show_ them on my hugo site, but that's a future daniel problem
#
dgold
its not that hard, presuming you remember how arrays work in php*
#
dgold
*: I did not remember.
KevinMarks, j12t and j12t_ joined the channel
#
[miklb]
I’m right there with you dgold. I google it every. single. time
tbbrown, [colinwalker] and dougbeal|iOS joined the channel
#
dgold
[miklb]: :)
dougbeal|mb1 and [kevinmarks] joined the channel
#
aaronpk
argh he keeps saying "tenant" when he means "tenet"
#
aaronpk
i was going to let one instance slide
gRegorLove and tbbrown joined the channel
#
tantek.com
edited /MediaWiki:Sidebar (+0) "next hwc"
(view diff)
#
tantek.com
edited /next-hwc (+0) "next hwc"
(view diff)
KevinMarks_ joined the channel