#dev 2017-08-18

2017-08-18 UTC
j12t joined the channel
#
manton.org created /User:Manton.org (+284) "Finally getting around to creating a user page on the wiki." (view diff)
jjuran, tantek, Vinicius_mont, j12t and cweiske joined the channel
#
cweiske quill gets flakier every day :/ https://github.com/aaronpk/Quill/issues/84
#
Loqi [cweiske] #84 file_get_contents(): Filename cannot be empty
#
cweiske aaronpk, I cannot upload a .png image to the wiki: File extension does not match MIME type.
#
cweiske.de uploaded /Special:Log/upload "uploaded "[[File:quill-reply-screenshot.png]]" https://indieweb.org/File:quill-reply-screenshot.png"
#
cweiske ah. found it. forgot the .png in the target file name field :/
#
cweiske.de edited /Quill (+36) (view diff)
#
cweiske.de edited /Quill (+43) (view diff)
barpthewire, gRegorLove, loicm, KartikPrabhu, j12t and [barryf] joined the channel
#
barryfrost.com uploaded /File:micropublish-demo.gif "Demo of posting via Micropublish https://indieweb.org/File:micropublish-demo.gif"
#
barryfrost.com deleted /File:micropublish-demo.gif "Animated gif didn't work"
#
barryfrost.com uploaded /File:micropublish.png "Screenshot of Micropublish on a Mobile device https://indieweb.org/File:micropublish.png"
#
barryfrost.com edited /Micropub/Clients (+52) "/* Micropublish */ Screenshot" (view diff)
j12t, [kevinmarks], davidmead, tantek, barpthewire, eli_oat, [jeremycherfas] and jeremycherfas joined the channel
#
raretrack.uk edited /User:Raretrack.uk (+83) "/* Completed */ Removed videos from YouTube" (view diff)
[manton] and eli_oat joined the channel
#
jeremycherfas !tell voxpelli I have been trying to use Zapier to access https://webmention.herokuapp.com/user/sites/jeremycherfas.net but it returns a 401. Zapier gives me the option for a user | pw and I used my github details, but that makes no difference. Is there a specific user | pw combination I can use?
#
Loqi Ok, I'll tell them that when I see them next
#
voxpelli jeremycherfas: use https://webmention.herokuapp.com/api/mentions?site=jeremycherfas.net&format=html instead
#
Loqi voxpelli: jeremycherfas left you a message 1 minute ago: I have been trying to use Zapier to access https://webmention.herokuapp.com/user/sites/jeremycherfas.net but it returns a 401. Zapier gives me the option for a user | pw and I used my github details, but that makes no difference. Is there a specific user | pw combination I can use?
[barryf] joined the channel
#
voxpelli huh, cool, you somehow have gotten a comment tree there – I thought that feature wasn't released :P
#
jeremycherfas Ah. That’s what I couldn’t find. Let me try again. Thanks
#
aaronpk oh? fancy
#
voxpelli jeremycherfas: I personally then send that through granary to get a regular feed: https://granary-demo.appspot.com/url?input=html&output=atom&url=https%3A%2F%2Fwebmention.herokuapp.com%2Fapi%2Fmentions%3Fformat%3Dhtml%26site%3Dvoxpelli.com
#
voxpelli guesses that the fact that a few people uses his endpoint means that there will be some data that looks like Salmention data without any actual salmentioning happens – because the mentions from each site will map to oneanother
#
jeremycherfas And then you just look at that feed in your reader?
#
jeremycherfas I was thinking of getting Zapier to send me an email instead.
#
voxpelli jeremycherfas: I use IFTTT to send me push notifications on each new item in the RSS
#
jeremycherfas Same ap proach, I suppose.
#
petermolnar I set up an web-to-sms gateway, since my home server is a thinkpad t400, which has a built-in 3g modem, and in the uk, go get a 5gbp/m -> unlimited sms plan, so I can send as many notifications as I want :)
#
petermolnar but I think this is a bit out of scope for most
[miklb] joined the channel
#
manton.org edited /Homebrew_Website_Club (+183) "Added Austin to HWC cities getting started." (view diff)
j12t joined the channel
#
jeremycherfas All done, I hope, on Zapier and IFTTT. Petermolnar I think I would come up against Zapier’s free tier limit of 100 tasks per month. A task is any movement of data.
#
jeremycherfas Now to wait and see.
[chrisaldrich] joined the channel
#
aaronpk following up on yesterday's conversation, is someone interested in starting the conversation about discovery on websub?
#
Zegnat I am still holding out on any websub stuff until my new website goes live, so I will have to pass :(
#
Zegnat Happy the conversation on the IndieAuth me property has been reignited though, aaronpk! Nice
arush and snarfed joined the channel
#
www.boffosocko.com edited /generations (+154) "Brainstorming" (view diff)
tantek joined the channel
#
www.boffosocko.com edited /Perch (+241) "Active interest in developing for IndieWeb; pagelogo" (view diff)
#
www.boffosocko.com edited /projects (+444) "/* production */ Perch" (view diff)
[cleverdevil] joined the channel
#
tantek [chrisaldrich]: I wonder if we should make a separate section for paid software / services
jeremycherfas, gRegorLove, j12t and [chrisaldrich] joined the channel
#
tantek uh oh I may have crashed webmention.io
#
tantek https://webmention.io/api/count?target=http://tantek.com/2015/069/t1/js-dr-javascript-required-dead I get "We're sorry, but something went wrong. / The issue has been logged for investigation. Please try again later."
#
aaronpk oh dear
#
tantek "Error: Web application could not be started / Error ID: 7c963b27"
#
sknebel meta: that's a nice error page, with the hidden "ugly details" section - I guess that's a Passenger default?
#
aaronpk looks like it yeah. i just updated nginx/passenger the other day too
#
aaronpk oh no i just forgot to also update webmention.io when i updated ruby yesterday!
#
tantek glad it's not a usage level problem!
[miklb] joined the channel
#
[miklb] that remains to be seen ?
#
aaronpk ?
#
aaronpk ?
#
gregorlove.com edited /Signal (+108) "Signal as a Newsroom Dropbox" (view diff)
#
@rubygems omniauth-indieauth (0.1.4): An OmniAuth strategy to allow you to authenticate using https://indieauth.com/ https://rubygems.org/gems/omniauth-indieauth (twitter.com/_/status/898603168812199937)
#
@rubygems omniauth-indieauth (0.1.5): An OmniAuth strategy to allow you to authenticate using https://indieauth.com/ https://rubygems.org/gems/omniauth-indieauth (twitter.com/_/status/898603354892288000)
snarfed joined the channel
#
www.boffosocko.com edited /Year_in_Review (+241) "Indieweb example: Chris Aldrich" (view diff)
[barryf] joined the channel
#
www.svenknebel.de edited /Main_Page (+982) "/* Homebrew Website Club */ update upcoming (generated from Template:Homebrew_Website_Club)" (view diff)
#
aaronpk tantek: webmention.io is back
#
tantek I saw! :)
#
tantek wow Starbucks now has OAuth
#
tantek https://www.starbucks.ca/oauth/authorize
#
tantek Why does it think I'm in Canada?
#
aaronpk i was going to ask
#
tantek interesting https://blog.tendigi.com/starbucks-should-really-make-their-apis-public-6b64a1c2e923
#
aaronpk oh now i remember why i haven't touched webmention.io much lately... the ORM I'm using doesn't work with mysql 5.7 which is what's running on my laptop :headdesk:
#
tantek and docs available with sign-in (not sure if anyone can just create an account, but maybe?) https://portal.starbucks.com/documentation
#
snarfed mmm yak blood
#
tantek also I can't find the UI on https://www.starbucks.com/account/home for revoking OAuth access to applications / sites
#
aaronpk and apparently the ruby community has moved on from using this particular ORM so there's no hope of it being updated
#
Zegnat "mmm yak blood" - uuhm?
#
tantek here is an example of a site that uses Starbucks.com OAuth: https://www.starbuckssummergame.com
#
tantek what is Starbucks?
#
Loqi It looks like we don't have a page for "Starbucks" yet. Would you like to create it?
#
aaronpk Zegnat: i shaved the yak too hard and nicked it
#
tantek what is a yak
#
Loqi An issue tracker is a place to post and discuss issues like bugs & feature requests https://indieweb.org/yak
#
Zegnat ha
#
aaronpk wat
#
tantek what is yak shaving
#
Loqi An issue tracker is a place to post and discuss issues like bugs & feature requests https://indieweb.org/yak_shaving
#
tantek lol
#
tantek (need to click the link for full effect)
#
aaronpk tantek: you'll be happy to know I drastically sped up this URL now https://webmention.io/api/count?target=http://tantek.com/
#
gregorlove.com edited /Telegram (+423) "Criticism, See Also" (view diff)
#
snarfed aaronpk: heh, just fyi https://webmention.io/api/count?target=https://snarfed.org/ 500s
#
snarfed wonders what yak band-aids look like
#
snarfed thinks duct tape
[jeremycherfas] and KartikPrabhu joined the channel
#
aaronpk :sigh:
#
aaronpk oh it's cause there aren't any
#
aaronpk fixed thx
j12t joined the channel
#
gRegorLove sends a pingback to the lonely snarfed.org
#
gRegorLove Well, I would, but he's not using webmention.io :)
#
snarfed :P
[aarongustafson] joined the channel
#
loqi.me created /TikTokBot (+134) "prompted by tantek and dfn added by sknebel" (view diff)
#
kaja.sknebel.net edited /TikTokBot (+1) "linkify ('… is <url>' pattern)" (view diff)
#
loqi.me edited /TikTokBot (+121) "/* See Also */ new section" (view diff)
#
www.svenknebel.de edited /TikTokBot (+155) "start examples section" (view diff)
#
www.svenknebel.de edited /Loqi (+190) "document Kaja's autolinking here as well" (view diff)
#
loqi.me created /Facebook_Fundraisers (+209) "prompted by tantek and dfn added by tantek" (view diff)
#
kaja.sknebel.net edited /Facebook_Fundraisers (+1) "linkify ('… is <url>' pattern)" (view diff)
[jeremycherfas] and cweiske joined the channel
#
cweiske.de edited /authorization-endpoint (+21) "/* See Also */" (view diff)
#
cweiske aaronpk you here?
KartikPrabhu joined the channel
#
aaronpk yes hi
#
cweiske see my comment in https://github.com/cweiske/anoweco/issues/3
[kevinmarks] joined the channel
#
Loqi [aaronpk] #3 Send full user URL in the token response
#
cweiske I think you should do auth code verification to get the new me
#
cweiske if you do not want to rely on the "me" in the callback
#
aaronpk oh I see the confusion now. There is no step 3. Quill just exchanges the code to get the access token and the new me in one step
#
cweiske that's the problem :)
#
aaronpk is confused
#
aaronpk https://indieweb.org/obtaining-an-access-token#Token_Endpoint
#
aaronpk the client makes a request to the token endpoint. the client never makes a post request to the authorization endpoint
#
cweiske counter question: why should my token endpoint hand out a token for an auth code that is not valid for the "me" you're passing?
#
aaronpk because the authorization endpoint issued an authorization code for that "me"
#
cweiske no
#
cweiske the auth endpoint tells you 2 times the new "me"
#
cweiske in the callback, and in the auth code verification
#
cweiske I don't know *where* it should do else
#
aaronpk returning it in the callback is not safe
#
aaronpk there is no way to trust that
#
cweiske because the user could change that?
#
aaronpk right
#
cweiske then you have to do auth code verification
#
aaronpk and the client does not do auth code verification so that step does not exist
#
cweiske to get the new me
#
cweiske instead, you could still use the "me" from callback, verify it's the same server and use it
#
cweiske the token endpoint will tell you if the code and the me match
KartikPrabhu joined the channel
#
aaronpk that seems like an unncessary step that could still lead to issues
#
cweiske then there is no way that the auth endpoint can return a different "me"
#
aaronpk yes there is, in the response when issuing an access token
#
cweiske but that#s the token endpoint. and it's not the token endpoint's task to juggle with "me"s
#
cweiske the token endpoint verifies if the "me" and the temp auth code match, and then gives out an access token
#
cweiske what use is that "me" parameter in the token endpoint request if it can be wrong?
#
aaronpk that allows token endpoints to be used by multiple different users/auth endpoints
#
cweiske but you're just saying that it's ok to send the original user-input "me" to it, which is not what the real "me" is. thus it's wrong
#
aaronpk when a token endpoint like tokens.indieauth.com (which has no database and no state) receives a request with an authorization code, it uses the "me" value to find out which authorization server to use to verify the code
#
aaronpk the authorization server at that point would accept the "old me" URL and the code, and return the "new me" as the verification
#
aaronpk if the two endpoints are part of the same code then this step is bypassed completely
#
cweiske so the "me" on the token endpoint is only for proxies?
#
aaronpk i guess it is not needed if the token endpoint has a way to verify the auth code itself
#
cweiske so I cannot check if the auth code's me and the given me are equal
#
cweiske and just accept that the auth code that is passed to it was obtained in a legit way
#
cweiske s/accept/presume/
#
aaronpk you just need to keep track of the "me" that was used first
#
aaronpk perhaps i should try making a multi-user site to test this out
j12t joined the channel
#
cweiske so my token endpoint ignores the passed "me" and returns the "me" that is internally associated with the auth code
#
cweiske that makes micropublish and quill work again
#
cweiske aaronpk, should https://indieweb.org/authorization-endpoint#Redirect_to_web_application be changed then? get rid of "me"?
#
cweiske and https://indieweb.org/authorization-endpoint#Auth_code_verification, last line?
#
aaronpk That makes sense. You could also add a check that the auth code matches the passed "me". (Assuming you know what "me" was entered initially when the auth code was generated)
#
aaronpk and yeah I wanted to get some feedback on the github issue about the "me" in the redirect but it sounds like everyone agrees
snarfed and [chrisaldrich] joined the channel
#
tantek.com edited /Special:Log/move () "moved [[To-do]] to [[to-do]] over redirect: lowercase" (view diff)
#
tantek.com edited /to-do (+484) "Encourage participation, add IWC 2014 etherpad archiving" (view diff)
#
tantek.com edited /User:Tantek.com (-105) "/* indieweb community */ moved a couple of items to /to-do for anyone to pick up, add /to-do as a catchall at end of my list" (view diff)
#
tantek.com edited /User:Tantek.com (+27) "/* indieweb community */ 2016 homepage work was done. 2017 site refresh project is still in brainstorming, needs iteration" (view diff)
#
tantek.com edited /wikifying (+73) "/* Incremental Wikifying */ see to-do" (view diff)
#
loqi.me edited /wikifying (+12) "tantek added "[[to-do]]" to "See Also"" (view diff)
#
cweiske no, I do not store the original me.
#
aaronpk I guess in your case it's always the same anyway
#
aaronpk I'll have to think through whether other use cases would need it
#
tantek.com edited /Special:Log/upload () "uploaded a new version of "[[File:2014-sf-iwc-schedule-grid.jpg]]"" (view diff)
j12t joined the channel
#
gregorlove.com moved /2014/SF/baseparadigm to /2014/SF/unix "Move to more sensible hashtag"
#
loqi.me edited /private_posts (+24) "tantek added "[[2014/SF/indiepriv]]" to "See Also"" (view diff)
#
loqi.me edited /POSSE (+28) "tantek added "[[2014/SF/possepatterns]]" to "See Also"" (view diff)
#
loqi.me edited /app (+19) "tantek added "[[2014/SF/apps]]" to "See Also"" (view diff)
leg joined the channel