#dev 2017-08-04

2017-08-04 UTC
tantek_, leg and KevinMarks joined the channel
# 00:50 
gregorlove.com edited /Snapchat (+18) "link /ephemeral, add /story" (view diff)
tantek_, [chrisaldrich], brobertson, wagle, http_GK1wmSU and mblaney joined the channel
# 04:21 
mblaney !tell voxpelli I've been thinking about indie-config since my firefox issues with it last week. What do you think about the privacy implications of any site being able to load your config once you have the web+action protocol registered? (Imagining a world where everyone has done that...) the iframe loading can be done without the user having any visual indication that their details have been given to the website they have visited...
# 04:21 
Loqi Ok, I'll tell them that when I see them next
brobertson, [chrisaldrich] and [colinwalker] joined the channel
# 05:00 
www.boffosocko.com edited /Medium (+280) "/* Articles */ Anywhere but Medium" (view diff)
[jeremycherfas], brobertson, cweiske, barpthewire, [kevinmarks], jeremycherfas and [tantek] joined the channel
# 09:01 
jeremycherfas !tell voxpelli I’m having a problem with your app picking up Author. This post https://www.jeremycherfas.net/blog/making-link-posts-in-wp-work-for-me points back to my home page as author, and that has an h-card with my details, but they don’t show up
# 09:01 
Loqi Ok, I'll tell them that when I see them next
# 09:01 
Loqi [Jeremy Cherfas] Making link posts in WP work for me
# 09:03 
voxpelli jeremycherfas: yeah, my webmention endpoint does not fetch and resolve external h-cards yet, could you add an issue to the GitHub repo?
# 09:03 
Loqi voxpelli: mblaney left you a message 4 hours, 41 minutes ago: I've been thinking about indie-config since my firefox issues with it last week. What do you think about the privacy implications of any site being able to load your config once you have the web+action protocol registered? (Imagining a world where everyone has done that...) the iframe loading can be done without the user having any visual indication that their details have been given to the website they have visited...
# 09:03 
Loqi voxpelli: jeremycherfas left you a message 2 minutes ago: I’m having a problem with your app picking up Author. This post https://www.jeremycherfas.net/blog/making-link-posts-in-wp-work-for-me points back to my home page as author, and that has an h-card with my details, but they don’t show up
# 09:07 
jeremycherfas OK, done.
# 09:08 
voxpelli !tell mblaney An indie-config iframe can have a whitelist of pages it wants to send the config to and have some kind of mechanism for prompting the user to add a site to that whitelist, so the privacy implication should be possible to handle
# 09:08 
Loqi Ok, I'll tell them that when I see them next
[tantek] and tantek_ joined the channel
# 09:34 
tantek.com edited /sticker (+746) "expand dfn with examples, indieweb examples stub none, silo examples, see also" (view diff)
# 09:36 
tantek.com edited /Facebook_Messenger (+106) "grammar, known for meaningless updates, link" (view diff)
# 09:37 
tantek.com edited /Universal_2nd_Factor (+60) "U2F, see also" (view diff)
# 09:39 
cweiske.de edited /Universal_2nd_Factor (+52) (view diff)
# 09:45 
tantek.com edited /venue (+499) "special case of a wiki-page kind of, capture itch / use-case for travel" (view diff)
# 09:52 
sebsel huh, what did happen with /stickers?
# 09:52 
sebsel goes to meta
# 10:09 
seblog.nl edited /sticker (+1629) "bring back some of the old page" (view diff)
brobertson, KevinMarks, [kevinmarks] and j12t joined the channel
# 12:01 
dgold morning indiewebbers
# 12:01 
dgold I'm working on getting checkins working, and would like to use aaronpk's atlas service to save a map image
# 12:02 
dgold but I'm beating myself up on uploading the map.png to my media endpoint
# 12:03 
sebsel Why involving your media endpoint there?
# 12:04 
dgold that's a good question, sebsel, I just thought that was the most appropriate
# 12:04 
vanderven.se martijn edited /IndieAuth (+44) "/* how to should include endpoint definition */ Remove “I”, put my opinion with my name." (view diff)
# 12:04 
dgold my media server and my site server are different locations
# 12:06 
sebsel The way I do it, is that I determine the Atlas URL I need (so: the coordinates and the settings as params to the URL) and then I just do a curl, and save the returned body to a file.
# 12:07 
sebsel But, my media server and my site server are on one place.
# 12:11 
lars-peters.net created /User:Lars-peters.net (+33) "Created page with "is [https://lars-peters.net lape]"" (view diff)
# 12:11 
www.svenknebel.de edited /IndieAuth (+171) "/* how to should include endpoint definition */" (view diff)
# 12:12 
Zegnat dgold: you wouldn’t necessarily need to go through a media server if your micropub endpoint can handle grabbing the file.
# 12:12 
Zegnat I.e. the micropub endpoint knows it has to go and save a checkin type post, at that point it can also fetch the image and save that alongside it. No reason to have the MP client upload the image separately.
# 12:12 
sebastianlasse.de created /ia (+23) "Short URL for posters" (view diff)
# 12:13 
dgold yeah, that's what I've switched to doing. sebsel's comment was welcome
# 12:14 
sebsel And it's a neat function you can reuse. I fetch external author images for incoming webmentions, and u-photo from posts I like, so I have a personal copy of it (not shown on my website).
# 12:15 
sebsel Oh, same script runs on things I repost / retweet, but then I do show the u-photo.
brobertson joined the channel
# 12:33 
sknebel aaronpk: btw, if you want someone to read through material for indieauth.com or your oauth draft, just send me the link :)
KevinMarks joined the channel
# 12:34 
mblaney voxpelli yes implementing a whitelist for indie-config seems to be the only way to deal with the privacy issue. Unfortunately that pretty much defeats the purpose of it, which is to provide an easy way to tell a site you want to interact with who you are.
# 12:34 
Loqi mblaney: voxpelli left you a message 3 hours, 26 minutes ago: An indie-config iframe can have a whitelist of pages it wants to send the config to and have some kind of mechanism for prompting the user to add a site to that whitelist, so the privacy implication should be possible to handle
# 12:36 
voxpelli mblaney: all privacy sensitive API:s on the web has such whitelists / prompts though? Geolocation, camera, microphone etc
# 12:37 
voxpelli If such config exposure was standardized in the browser then exposing such a prompt would probably be mandatory
# 12:38 
mblaney Yes I guess I just came to the realization that there's no way to automatically tell another site who you are. If there was such a mechanism it would be a privacy violation, hence the need for a prompt from the user.
KevinMarks_ joined the channel
# 12:48 
mblaney I've got some ideas for how to fix it without needing to store a whitelist... will experiment a bit and report back what I discover ;-)
# 12:51 
voxpelli mblaney: one way to solve it is to actually never give the site the info but to only have the site tell the browser what it wants to be done, a browser native indie-action button could do that
# 12:54 
mblaney yes I was thinking about that too, but it's not very webby if you don't put the links in the page. And as soon as you do that, the site has access to your details.
# 12:59 
mblaney that sort of thinking led me to looking into bookmarklets, because then the user controls the action.
# 13:01 
mblaney but you could write a bookmarklet to sign in a user or pull their own config, all prompted by the user undertaking the action, so that's what I'm going to look into doing next.
j12t joined the channel
# 13:49 
aaronpk good morning!
# 13:50 
Loqi rise and shine!
KevinMarks, KevinMarks_, tantek_, [chrisaldrich], j12t, [colinwalker], j12t_ and [miklb] joined the channel
# 19:50 
dgold morning aaronpk
# 19:51 
dgold several hours ago
# 19:52 
dgold i have managed to get checkins working on my nanopub script - so: yay!
# 19:52 
Loqi does a happy dance!
# 19:52 
dgold haven't worked out how to _show_ them on my hugo site, but that's a future daniel problem
# 19:54 
aaronpk Nice
# 19:55 
dgold its not that hard, presuming you remember how arrays work in php*
# 19:56 
dgold *: I did not remember.
KevinMarks, j12t and j12t_ joined the channel
# 20:24 
[miklb] I’m right there with you dgold. I google it every. single. time
tbbrown, [colinwalker] and dougbeal|iOS joined the channel
# 21:20 
dgold [miklb]: :)
dougbeal|mb1 and [kevinmarks] joined the channel
# 22:19 
[kevinmarks] Interesting discussion https://philsturgeon.uk/api/2017/01/24/graphql-vs-rest-overview/
# 22:22 
aaronpk argh he keeps saying "tenant" when he means "tenet"
# 22:22 
aaronpk i was going to let one instance slide
gRegorLove and tbbrown joined the channel
# 23:05 
tantek.com edited /MediaWiki:Sidebar (+0) "next hwc" (view diff)
# 23:05 
tantek.com edited /next-hwc (+0) "next hwc" (view diff)
KevinMarks_ joined the channel