#dev 2017-10-28

2017-10-28 UTC
[kevinmarks], renem, bengo and [chrisaldrich] joined the channel
#
www.boffosocko.com edited /Posts_about_the_IndieWeb (+394) "rhiaro phd thesis; Aaron Davis reflections" (view diff)
#
raretrack.uk edited /Tiny_Tiny_RSS (+87) "/* IndieWeb Examples */ Added Raretack to list of indieweb tt-rss users" (view diff)
KartikPrabhu, [kevinmarks] and calumryan joined the channel
#
vanderven.se martijn edited /Top-level-domain (+439) "Link to list of TLDs and an example record for figuring out who owns .cat - prompted by sl007, provided by sknebel" (view diff)
EmreSokullu and calumryan joined the channel
#
vanderven.se martijn edited /token-endpoint (+863) "/* Discussion */ Asking the token endpoint to invalidate a token" (view diff)
#
Zegnat Would love your opinion on that aaronpk ^^^
#
vanderven.se martijn edited /obtaining-an-access-token (+215) "I keep losing the link to sebsel’s gimme-a-token. Lets just put it up here for everyone." (view diff)
calumryan joined the channel
#
Zegnat When a bug is probably in the dependency of a dependency … https://github.com/keithjgrant/omnibear/issues/39
#
Loqi [Zegnat] #39 Does not resolve relative URLs.
cweiske joined the channel
#
cweiske Zegnat, which auth server has a ? in its URL? I'd like to have one for testing
#
Zegnat The experiment I am about to make public in the next hour or so ;)
#
Zegnat I was testing it locally with shpub and Omnibear, to get some local micropub clients tested
#
cweiske fixed in git master
#
Zegnat cweiske, I was about to open another issue, but as you are here: please add http://pear.php.net/package/Console_CommandLine to the list of git dependencies.
#
cweiske done
#
Zegnat cweiske++ for enormously fast support
#
Loqi cweiske has 20 karma in this channel (118 overall)
#
cweiske shpub 0.5.2 is out that contains the fix
#
cweiske http://cweiske.de/shpub.htm#download
#
Zegnat Nice! Guess I didn’t need to install PEAR and grab the git version after all, haha
#
Loqi Zegnat: lol
#
cweiske chance was low that I'd have the time just now to fix and release it
#
Zegnat And here is my thing: https://gist.github.com/Zegnat/9d3945f9b342d9b6af5ee33476003966
#
Zegnat cweiske, would you have accepted PRs on GitHub, or do I need to email .patch files for you? Seeing as GitHub is a mirror for you
#
Zegnat You fixed my problem now, but for future reference...
#
cweiske I accept PRs. I manually merge them anyway, and adding another remote to my git repo is not hard
#
Zegnat ?
#
Zegnat I still need to do the write-up. But if anyone ever needs to login to a Micropub client again but doesn’t want IndieAuth set-up, hosted version of the gist I linked: http://wiki.zegnat.net/media/token-provider.php
#
Zegnat raziellight++ thanks for prompting me to make a shortcut around requiring full IndieAuth before being able to test Micropub.
#
Loqi raziellight has 1 karma
[jeremycherfas] joined the channel
#
aaronpk Zegnat: I think it's a good idea
#
aaronpk there's probably an OAuth extension draft that does something similar if you want to take a look
#
Zegnat Is there like a repo for extension drafts to search in?
#
aaronpk tho it might be in OpenID Connect instead of OAuth in which case it might not be immediately applicable
#
aaronpk kinda. I think it's linked from OAuth.net/2 and if not it should be
#
aaronpk Here it is https://tools.ietf.org/wg/oauth/
#
aaronpk Found it: Revocation https://tools.ietf.org/html/rfc7009
#
Zegnat That is pretty sparce. Introduces another endpoint (I would personally avoid that? But maybe that’s good? Not sure.) and it just POSTs the known token to it to get it revoked.
#
aaronpk Well it says the method of finding the endpoint is out of scope so we could reuse the same token endpoint
#
aaronpk also says client authentication should be included but since we only use public clients we wouldn't need that. We could say that the client should include its client id tho
#
aaronpk we could also say that the method of finding the token revocation url is to take the token endpoint and append a query string parameter like action=revoke
#
Zegnat That could work. You probably want something to differentiate the revoking from the requesting. Else it comes down to “if you receive a POST with the parameter token, revoke the token specified in the parameter”.
#
Zegnat At least that is the entire transaction as far as RFC7009 seems to be concerned
#
aaronpk I mean it would work
#
Zegnat It doesn’t conflict with any of the current spec’ed requests, true, as those would use access_token as a parameter. But it does feel a bit iffy, imho
#
aaronpk The only post request to the token endpoint right now is with an authorization code right?
#
Zegnat Yes, sorry, access_token is used in response
#
aaronpk Yeah I can't decide whether being explicit by adding the query param is necessary or if that adds too weird an extra aspect to it
#
Zegnat The query param can be seen as explicitly creating the separate endpoint, I guess. So how serious do you want to take the “additional endpoint” aspect of RFC7009
#
vanderven.se martijn edited /token-endpoint (+378) "/* Asking the token endpoint to invalidate a token */ Updating with RFC7009" (view diff)
calumryan joined the channel
#
Zegnat Documented on wiki because I know I will forget otherwise.
#
@nhoizey Au moins, ces tweets ne sont pas perdus ! ? #webmention https://nicolas-hoizey.com/2017/10/chrome-fails-showing-big-emojis.html#webmentions_other (twitter.com/_/status/924282632858423296)
#
aaronpk documentation++
#
Loqi documentation has 2 karma in this channel (10 overall)
#
aaronparecki.com edited /token-endpoint (+659) "notes about finding the revocation endpoint" (view diff)
#
aaronpk in other news, let's see if i can finish up this podcast publishing client so i can publish the next episode of Percolator
#
Zegnat Filed an issue against two Micropub clients and a Micropub server today. Made a tool for bypassing IndieAuth for Micropub clients. And I still do not use Micropub! Haha. That should be my todo for IWC Berlin, I guess.
#
Loqi awesome
#
aaronpk what does that token-provider page do?
#
Zegnat See README in https://gist.github.com/Zegnat/9d3945f9b342d9b6af5ee33476003966 - it provides dummy IndieAuth so you can provide a specified token to a micropub client
John___ joined the channel
#
aaronpk you should add that readme to the page itself so that it's all explained on http://wiki.zegnat.net/media/token-provider.php :)
#
Zegnat As most (all?) Micropub clients do not allow setting the token any other way than through IndieAuth.
#
Loqi agreed.
#
Zegnat Confirmed working with shpub and Omnibear, and works perfectly fine from localhost for those local clients. So hopefully people will find it useful.
#
Zegnat Going to add a link :)
#
aaronpk neat
[kevinmarks] joined the channel
#
Zegnat Hosted version now has a little notice linking to the Gist
[eddie] joined the channel
#
[eddie] Zegnat++ what an awesome tool!
#
Loqi zegnat has 32 karma in this channel (137 overall)
#
Loqi [eddie]: snarfed left you a message 19 hours, 42 minutes ago: as you all have noticed, following/reading/post propagation between indieweb and fedsocnets is definitely the biggest hole in bridgy fed that still really needs to be nailed down
#
Loqi [eddie]: snarfed left you a message 19 hours, 42 minutes ago: you all have researched more than me so far, and i may not prioritize it myself near term, so i'd love your input! e.g. https://github.com/snarfed/bridgy-fed/issues/14
#
sknebel Zegnat++ that's a clever way of solving it!
#
Loqi zegnat has 33 karma in this channel (138 overall)
#
Zegnat I just thought, hey, I have a little knowledge of IndieAuth, I can shortcut this ;)
#
sknebel I thought about something in this direction, but didn't have an obvious good idea
#
sknebel tools << http://wiki.zegnat.net/media/token-provider.php ([https://gist.github.com/Zegnat/9d3945f9b342d9b6af5ee33476003966 source]) is a small tool to complete an IndieAuth flow with a pre-determined token. Useful for testing (local) micropub servers with clients that expect to do full [[IndieAuth]] flow for auth.
#
Loqi ok, I added "http://wiki.zegnat.net/media/token-provider.php ([https://gist.github.com/Zegnat/9d3945f9b342d9b6af5ee33476003966 source]) is a small tool to complete an IndieAuth flow with a pre-determined token. Useful for testing (local) micropub servers with clients that expect to do full [[IndieAuth]] flow for auth." to the "See Also" section of /tools
#
loqi.me edited /tools (+309) "sknebel added "http://wiki.zegnat.net/media/token-provider.php ([https://gist.github.com/Zegnat/9d3945f9b342d9b6af5ee33476003966 source]) is a small tool to complete an IndieAuth flow with a pre-determined token. Useful for testing (local) micropub s" (view diff)
calumryan joined the channel
#
Zegnat Ugh, of course there is /tools and it has sebsel’s gimme-a-token.5eb.nl on there ... I spent like 15 minutes looking for it in chat logs before.
#
sknebel Zegnat: oops. yeh, kind of tricky sometimes to rmemember where stuff is, especially if you don't want totally litter the namespace with "what is sebsels token thingy" "what is the token-thing", ...
#
Zegnat I added it to obtaining-an-access-token which is linked to from a couple of IndieAuth pages
[miklb] joined the channel
#
[miklb] what is a token
#
Loqi It looks like we don't have a page for "token" yet. Would you like to create it?
#
Zegnat what is access token?
#
Loqi access_token is is a token that is given to a micropub client from a token-endpoint https://indieweb.org/access_token
#
Zegnat There is that too general and at the same time too specific page for token :p
#
[miklb] theoretically adds that to list of complaints about wikis but doesn’t have a better solution to offer
#
Zegnat hehe
#
sknebel A token is an identifier with which apps authenticate between each other, in Indieweb software you might be looking for [[access_token]] obtained via [[IndieAuth]].
#
Loqi ok
#
loqi.me created /token (+189) "prompted by [miklb] and dfn added by sknebel" (view diff)
#
sknebel access_token << obtaining-an-access-token
#
Loqi ok, I added "[[obtaining-an-access-token]]" to the "See Also" section of /access_token
#
loqi.me edited /access_token (+49) "/* See Also */ new section" (view diff)
#
[miklb] sknebel++
#
Loqi sknebel has 24 karma in this channel (67 overall)
#
sknebel (stuffed the indieauth mention in the dfn so loqi mentions the keywords)
#
Zegnat access_token << token-endpoint
#
loqi.me edited /access_token (+21) "Zegnat added "[[token-endpoint]]" to "See Also"" (view diff)
#
Loqi ok, I added "[[token-endpoint]]" to the "See Also" section of /access_token
#
Zegnat If you want to make it even more opaque, the IndieAuth access token is a Bearer token as defined by RFC 6750 and is bound to the character set defined for it there ;)
#
Zegnat What is bearer token?
#
Loqi bearer token is a type of token that identifies its “bearer”, the most common authentication type in OAuth https://indieweb.org/bearer_token
#
Zegnat Oh, look at that! It exists!
#
sknebel Zegnat: add those details to the text of the page
#
Zegnat Doing as we speak
#
sknebel thx.
#
vanderven.se martijn edited /bearer_token (+857) "Add definition from RFC, add technological definition, add IndieWeb use-case. Remove stub." (view diff)
#
Zegnat How about that?
#
www.svenknebel.de edited /access_token (+11) "grammar, link bearer token" (view diff)
#
aaronparecki.com edited /Special:Log/rights () "changed group membership for User:Vanderven.se martijn from (none) to sysop" (view diff)
[kpraslowicz] joined the channel
#
vanderven.se martijn edited /MediaWiki:Common.css (+643) "Test removing lock icons from links, it should be assumed default ASAP." (view diff)
#
dgold Zegnat: I *think* I've sorted that Issue.
EmreSokullu joined the channel
#
vanderven.se martijn uploaded /Special:Log/upload "uploaded "[[File:unlocked.png]]" https://indieweb.org/File:unlocked.png"
#
vanderven.se martijn edited /MediaWiki:Common.css (+471) "Test with a specific “unlocked” icon for non-HTTPS links" (view diff)
#
Zegnat Sorry I didn’t have time to PR dgold. Your solution seems right. HTTP/2 will send all headers lowercased anyway IIRC, so lowercasing seems a good idea.
#
Zegnat dgold, any reason for using fwrite and file_put_contents for writing to the same place?
#
Zegnat Also, dgold: https://github.com/dg01d/nanopub/commit/85d31a18262a7fb0931b687eac44b4ec57cb37b9#commitcomment-25255480
#
dgold Zegnat: the real answer is that I'm still (re)learning PHP
#
dgold I haven't done any PHP coding since ... Zend 1.0? That was PHP 3 -> 4, right?
#
Zegnat getallheaders() returns an array or false. Best is to just do $headers = getallheaders(); (without the encapsulating array() you have now) and exit() early if($headers === false).
#
Zegnat Then all headers are just a single flat array within $headers for you to work with. Get rid of the extra ['0'] you have everywhere now.
#
dgold can I wrap that in an
#
dgold if($headers = getallheaders() ) { do stuff } else exit;?
#
Zegnat Yes
#
Zegnat But then you would end up putting your entire application code in that if. Which is why testing for false is what I would do
#
dgold oh, yes, I would.
#
dgold Zegnat: so declaring $data as an array, that's also redundant?
#
Zegnat Hmm, where?
EmreSokullu joined the channel
#
dgold in that same header handling element
#
dgold (tempted to use a 418 error for failing to send headers)
#
Zegnat Ah, that’s just setting $data to an empty array. That’s not really a problem, especially since otherwise $data may not get set at all (as json_decode happens within an if).
#
dgold yeah, that's why I originally set it that way
#
dgold i test if data's empty on line 300-ish
#
Zegnat Yeah, so you will want it to be set. array() is fine there. Or just [] if you are on a modern PHP version, not sure what versions you want to support
#
dgold i have it running on 5.6 and on 7
#
dgold the thing that has me annoyed(ish) is that json micropub requires the elements of every key to be an array
#
dgold whereas _POST is in simple key=element
#
dgold what I want to do is map all the _POST stuff into an array of the form key=>[element]
#
aaronpk array_map(function($a){ return is_array($a) ? $a : [$a]; }, $_POST)
#
dgold then I can strip out a load of code
#
dgold witchcraft!
#
Zegnat Hehe
#
aaronpk i literally just wrote that for this podcast micropub endpoint
#
aaronpk https://gist.github.com/aaronpk/5b116bb2fbc1b21fdf3b551b6c9bf949
#
dgold lol!
#
GWG I have to support back to 5.3, so no short array notation for me
#
dgold ^ actually did actually laugh out loud
#
dgold what uses 5.3 GWG ?
#
aaronpk wordpress :(
#
GWG PHP 5.3
#
GWG aaronpk, it is at 5.3, actually, but we agreed that 5.3 is minimum for Indieweb stuff
#
aaronpk it's always a tough call
#
aaronpk the latest version of Laravel only works on PHP 7 which seems a bit crazy
#
Zegnat Less than 3 months until 7.0 is the lowest still supported PHP version though ... http://php.net/supported-versions.php
#
aaronpk whoa really?
#
dgold no, its next December
#
Zegnat Oh, never mind, misread
#
Zegnat Actually, active support on 7.0 lapses in a month time, hahaha
#
Loqi Zegnat: lol
#
Zegnat So 1 more month until everyone is over on 7.1, right? Please?
#
GWG I had someone who got an error on 5.4 because of something, so now I have to test on all supposedly supported versions
#
aaronpk guess i'll be jumping from 5.6 straight to 7.1 then
#
Zegnat I kinda want to jump from 7.0 to 7.2. The latter comes with libsodium support.
#
dgold aaronpk++ thank you - that's just what I was looking to do!
#
Loqi aaronpk has 81 karma in this channel (1455 overall)
#
aaronpk sweet
#
Zegnat I might try to get some people to show me docker and some VPS management stuff at IWC, so I can start working with whatever PHP version I want rather than what my hoster cares to provide
#
GWG I need to learn docker
#
Zegnat I hear it is good. But that is all I know.
#
Zegnat petermolnar you aren’t going to be in Berlin, are you? (Haha)
#
GWG When is Berlin again?
#
Loqi what
#
Zegnat When is IWC Berlin?
#
Loqi IndieWebCamp Berlin 2017 is the third IndieWebCamp in Berlin and one of several IndieWebCamp events in 2017! https://indieweb.org/IWC_Berlin
#
dgold docker and VPSen aren't always happy bedfellows
#
Zegnat GWG: next weekend; 2017-11-04 10:00 through 2017-11-05 at 18:00
#
dgold obvs, you get what you pay for
#
Zegnat non-VPS hosting solutions are probably too expensive for me though dgold
#
dgold Zegnat: oh, ditto - believe me
#
sknebel dgold: I would imagine OpenVZ-based ones have issues? or anything else?
#
dgold what I mean is that in my budgetary range, the chances of me being able to use docker on a remote is fairly zeroth
#
dgold OpenVZ ones definitely don't play with it, KVM ones _can_ theoretically, but the custom kernels (IME, YMMV) don't always play nice with docker
#
sknebel huh
#
sknebel I still use lxc
#
sknebel which also has it's clear downsides to manage
#
sknebel Zegnat: I think I found your omnibear issue
#
dgold if you can get an openVZ 7 server, then you'll be able to use docker, but at my budget range I'm looking at 2.6 underlying kernels at best
#
sknebel dgold: I'm not touching openVZ anymore. not worth the hassel
#
aaronpk also keep in mind you don't need a whoel docker or VPS environment just to run multiple versions of PHP
#
sknebel that too :P
#
dgold what do you use instead, aaronpk
#
GWG I will have to remote in
#
aaronpk you can just install multiple versions in ubuntu
#
aaronpk they don't clobber each other anymore
#
Zegnat I had multiple versions on macOS too actually
#
Zegnat I am just not sure how I will have the web server use multiple then. Or I would also need to run several servers?
#
aaronpk depends on how the server is set up to run php
#
dgold Zegnat: you could use FreeBSD!
#
aaronpk with nginx and fpm, you can point each virtual host at a unique fpm instance
#
Zegnat Hmm, that might be an option then aaronpk
#
dgold aaronpk: ahhhh
#
sknebel ?!
#
aaronpk dreamhost does this actually, since their shared hosting is based on ubuntu. you can choose which domain goes to which php version.
#
Zegnat I have never touched FreeBSD, dgold
#
dgold aaronpk: so you'd make a separate php-fpm pool for each vhost
#
aaronpk yeah
#
aaronpk or rather for each php version
#
dgold i have to say, I really like nginx. created an apache instance recently to experiment with piwik, and found the experience much more difficult over nginx
#
Zegnat I kinda wish I didn’t need to know any of it. But none of the hosting services so far keep up with PHP updates the way I would want them to. So I see no other option then to go self-managed.
#
sknebel even uberspace didn't?
#
sknebel I forgot was the problem was there
#
dgold i started reading the uberspace material, but it made my head hurt
#
Zegnat uberspace seems to have up to the latest 7.1 now
#
Zegnat but I had some problems keeping services running there, and they reboot servers without notification too
#
sknebel k
#
sknebel well, I can help you with VPS setup if you want, or at least point you towards the right resources
#
Zegnat Also I think there was some problem with installing PHP extensions. But I can’t recall if that was uberspace. When I wanted to add libsodium.
#
Zegnat Would love to get any help you can give sknebel!
#
dgold right, changes made, thanks Zegnat & aaronpk
#
dgold guess I'll do like-of tomorrow
#
sknebel hm, node.microformats.io is down
#
Zegnat Been a while. I seem to recall you added a trick to sturdybackbone for JavaScript parser checking
#
aaronpk omg it's aliiiiive
#
sknebel Zegnat: oh, right, I forgot that :)
#
Zegnat Maybe add it to tools, sknebel ;)
#
sknebel or get something packaged for heroku and put it next to the rest of mf.io
#
sknebel has anyone heard from glenn in like the last half a year? afaik it was running on his server, and e.g. my PRs against the the parser are also still open
#
dgold Zegnat: does that latest commit do the necessary?
#
Zegnat Let’s have a look!
#
Zegnat dgold, you will want to do the $headers === false check before you do array_change_key_case(). Otherwise array_change_key_case() is going to error because you can be passing it false instead of an array
#
dgold you should write an automated test suite
#
dgold (or I could, you know, learn how to write tests)
#
sknebel shakes head about web tooling that leaves this stuff to the programmer
#
Zegnat It is my biggest peeve with PHP. Many functions have a “return something different on failure” instead of just throwing exceptions.
#
Zegnat Otherwise it LGTM dgold. Of course needs actual testing with clients but code looks good
#
dgold ok - I sent up a commit with that fix, Zegnat, please attack it away.
#
dgold but right now, its saturday night, its a long weekend here, and I'm off to drink beer and eat pizza
#
Zegnat Sounds like a plan dgold!
#
Zegnat I do wonder, how PHP is interpreting `array ()`?
#
dgold probably poorly!
#
Zegnat Oh. PHP allows for spaces between function names and their ()? Add to things I learned today
#
Zegnat Looks good to me dgold! I’ll test Omnibear and shpub once more in a minute, about to grab a drink myself
#
aaronparecki.com edited /p3k_naming_convention (-25) "Gramophone is a thing now" (view diff)
#
dgold oooooh! shpub is interesting!
#
dgold anyway, veg chopping time, adiaŭ mundo
[kevinmarks] joined the channel
#
aaronpk *whew* it's rough but it works
#
aaronpk now i have a much easier way to publish episodes!
#
dgold look forward to more episodes then!
GabaLaba, EmreSokullu and loicm joined the channel
#
Zegnat Oh, sknebel, little surprised the href parsing is a micropub-helper problem. Does the microfomats parser return the right href?
#
sknebel if you don't tell the parser what URL your html is from, what's the poor thing supposed to do?
#
Zegnat Ooh, woops, then!
#
Zegnat So just needs to pass along baseUrl in the object for Microformats.get()? Gotcha.
EmreSokullu and EmreSoku_ joined the channel
#
www.boffosocko.com edited /voticon (+126) "Molnar article; emojicon" (view diff)
#
www.boffosocko.com edited /Posts_about_the_IndieWeb (+272) "Peter Molnar article Content, bloat, privacy, archives" (view diff)
#
Zegnat What is upvote?
#
Loqi It looks like we don't have a page for "upvote" yet. Would you like to create it?
#
Zegnat Oh, we didn’t document that? Hmm. I am heading for bed though, have a good one all!
#
vanderven.se martijn edited /Microsub-spec (+43) "Rewrite Markdown links, stop wiki from auto-linking" (view diff)
#
vanderven.se martijn edited /OWFa (+1058) "/* Criticism */ Add Bruce Perens’ criticism with full citation." (view diff)
#
petermolnar !tell Zegnat no, unfortunately I can't make it; on the learning docker though, it's not that much black magic
#
Loqi Ok, I'll tell them that when I see them next
KartikPrabhu, gRegorLove, EmreSokullu and eli_oat joined the channel