#dev 2017-10-28

2017-10-28 UTC
[kevinmarks], renem, bengo and [chrisaldrich] joined the channel
#
www.boffosocko.com
edited /Posts_about_the_IndieWeb (+394) "rhiaro phd thesis; Aaron Davis reflections"
(view diff)
#
raretrack.uk
edited /Tiny_Tiny_RSS (+87) "/* IndieWeb Examples */ Added Raretack to list of indieweb tt-rss users"
(view diff)
KartikPrabhu, [kevinmarks] and calumryan joined the channel
#
vanderven.se martijn
edited /Top-level-domain (+439) "Link to list of TLDs and an example record for figuring out who owns .cat - prompted by sl007, provided by sknebel"
(view diff)
EmreSokullu and calumryan joined the channel
#
vanderven.se martijn
edited /token-endpoint (+863) "/* Discussion */ Asking the token endpoint to invalidate a token"
(view diff)
#
Zegnat
Would love your opinion on that aaronpk ^^^
#
vanderven.se martijn
edited /obtaining-an-access-token (+215) "I keep losing the link to sebsel’s gimme-a-token. Lets just put it up here for everyone."
(view diff)
calumryan joined the channel
#
Zegnat
When a bug is probably in the dependency of a dependency … https://github.com/keithjgrant/omnibear/issues/39
#
Loqi
[Zegnat] #39 Does not resolve relative URLs.
cweiske joined the channel
#
cweiske
Zegnat, which auth server has a ? in its URL? I'd like to have one for testing
#
Zegnat
The experiment I am about to make public in the next hour or so ;)
#
Zegnat
I was testing it locally with shpub and Omnibear, to get some local micropub clients tested
#
cweiske
fixed in git master
#
Zegnat
cweiske, I was about to open another issue, but as you are here: please add http://pear.php.net/package/Console_CommandLine to the list of git dependencies.
#
Zegnat
cweiske++ for enormously fast support
#
Loqi
cweiske has 20 karma in this channel (118 overall)
#
cweiske
shpub 0.5.2 is out that contains the fix
#
Zegnat
Nice! Guess I didn’t need to install PEAR and grab the git version after all, haha
#
Loqi
Zegnat: lol
#
cweiske
chance was low that I'd have the time just now to fix and release it
#
Zegnat
cweiske, would you have accepted PRs on GitHub, or do I need to email .patch files for you? Seeing as GitHub is a mirror for you
#
Zegnat
You fixed my problem now, but for future reference...
#
cweiske
I accept PRs. I manually merge them anyway, and adding another remote to my git repo is not hard
#
Zegnat
I still need to do the write-up. But if anyone ever needs to login to a Micropub client again but doesn’t want IndieAuth set-up, hosted version of the gist I linked: http://wiki.zegnat.net/media/token-provider.php
#
Zegnat
raziellight++ thanks for prompting me to make a shortcut around requiring full IndieAuth before being able to test Micropub.
#
Loqi
raziellight has 1 karma
[jeremycherfas] joined the channel
#
aaronpk
Zegnat: I think it's a good idea
#
aaronpk
there's probably an OAuth extension draft that does something similar if you want to take a look
#
Zegnat
Is there like a repo for extension drafts to search in?
#
aaronpk
tho it might be in OpenID Connect instead of OAuth in which case it might not be immediately applicable
#
aaronpk
kinda. I think it's linked from OAuth.net/2 and if not it should be
#
Zegnat
That is pretty sparce. Introduces another endpoint (I would personally avoid that? But maybe that’s good? Not sure.) and it just POSTs the known token to it to get it revoked.
#
aaronpk
Well it says the method of finding the endpoint is out of scope so we could reuse the same token endpoint
#
aaronpk
also says client authentication should be included but since we only use public clients we wouldn't need that. We could say that the client should include its client id tho
#
aaronpk
we could also say that the method of finding the token revocation url is to take the token endpoint and append a query string parameter like action=revoke
#
Zegnat
That could work. You probably want something to differentiate the revoking from the requesting. Else it comes down to “if you receive a POST with the parameter token, revoke the token specified in the parameter”.
#
Zegnat
At least that is the entire transaction as far as RFC7009 seems to be concerned
#
aaronpk
I mean it would work
#
Zegnat
It doesn’t conflict with any of the current spec’ed requests, true, as those would use access_token as a parameter. But it does feel a bit iffy, imho
#
aaronpk
The only post request to the token endpoint right now is with an authorization code right?
#
Zegnat
Yes, sorry, access_token is used in response
#
aaronpk
Yeah I can't decide whether being explicit by adding the query param is necessary or if that adds too weird an extra aspect to it
#
Zegnat
The query param can be seen as explicitly creating the separate endpoint, I guess. So how serious do you want to take the “additional endpoint” aspect of RFC7009
#
vanderven.se martijn
edited /token-endpoint (+378) "/* Asking the token endpoint to invalidate a token */ Updating with RFC7009"
(view diff)
calumryan joined the channel
#
Zegnat
Documented on wiki because I know I will forget otherwise.
#
aaronpk
documentation++
#
Loqi
documentation has 2 karma in this channel (10 overall)
#
aaronparecki.com
edited /token-endpoint (+659) "notes about finding the revocation endpoint"
(view diff)
#
aaronpk
in other news, let's see if i can finish up this podcast publishing client so i can publish the next episode of Percolator
#
Zegnat
Filed an issue against two Micropub clients and a Micropub server today. Made a tool for bypassing IndieAuth for Micropub clients. And I still do not use Micropub! Haha. That should be my todo for IWC Berlin, I guess.
#
Loqi
awesome
#
aaronpk
what does that token-provider page do?
#
Zegnat
See README in https://gist.github.com/Zegnat/9d3945f9b342d9b6af5ee33476003966 - it provides dummy IndieAuth so you can provide a specified token to a micropub client
John___ joined the channel
#
aaronpk
you should add that readme to the page itself so that it's all explained on http://wiki.zegnat.net/media/token-provider.php :)
#
Zegnat
As most (all?) Micropub clients do not allow setting the token any other way than through IndieAuth.
#
Loqi
agreed.
#
Zegnat
Confirmed working with shpub and Omnibear, and works perfectly fine from localhost for those local clients. So hopefully people will find it useful.
#
Zegnat
Going to add a link :)
[kevinmarks] joined the channel
#
Zegnat
Hosted version now has a little notice linking to the Gist
[eddie] joined the channel
#
[eddie]
Zegnat++ what an awesome tool!
#
Loqi
zegnat has 32 karma in this channel (137 overall)
#
Loqi
[eddie]: snarfed left you a message 19 hours, 42 minutes ago: as you all have noticed, following/reading/post propagation between indieweb and fedsocnets is definitely the biggest hole in bridgy fed that still really needs to be nailed down
#
Loqi
[eddie]: snarfed left you a message 19 hours, 42 minutes ago: you all have researched more than me so far, and i may not prioritize it myself near term, so i'd love your input! e.g. https://github.com/snarfed/bridgy-fed/issues/14
#
sknebel
Zegnat++ that's a clever way of solving it!
#
Loqi
zegnat has 33 karma in this channel (138 overall)
#
Zegnat
I just thought, hey, I have a little knowledge of IndieAuth, I can shortcut this ;)
#
sknebel
I thought about something in this direction, but didn't have an obvious good idea
#
sknebel
tools << http://wiki.zegnat.net/media/token-provider.php ([https://gist.github.com/Zegnat/9d3945f9b342d9b6af5ee33476003966 source]) is a small tool to complete an IndieAuth flow with a pre-determined token. Useful for testing (local) micropub servers with clients that expect to do full [[IndieAuth]] flow for auth.
#
Loqi
ok, I added "http://wiki.zegnat.net/media/token-provider.php ([https://gist.github.com/Zegnat/9d3945f9b342d9b6af5ee33476003966 source]) is a small tool to complete an IndieAuth flow with a pre-determined token. Useful for testing (local) micropub servers with clients that expect to do full [[IndieAuth]] flow for auth." to the "See Also" section of /tools
#
loqi.me
edited /tools (+309) "sknebel added "http://wiki.zegnat.net/media/token-provider.php ([https://gist.github.com/Zegnat/9d3945f9b342d9b6af5ee33476003966 source]) is a small tool to complete an IndieAuth flow with a pre-determined token. Useful for testing (local) micropub s"
(view diff)
calumryan joined the channel
#
Zegnat
Ugh, of course there is /tools and it has sebsel’s gimme-a-token.5eb.nl on there ... I spent like 15 minutes looking for it in chat logs before.
#
sknebel
Zegnat: oops. yeh, kind of tricky sometimes to rmemember where stuff is, especially if you don't want totally litter the namespace with "what is sebsels token thingy" "what is the token-thing", ...
#
Zegnat
I added it to obtaining-an-access-token which is linked to from a couple of IndieAuth pages
[miklb] joined the channel
#
[miklb]
what is a token
#
Loqi
It looks like we don't have a page for "token" yet. Would you like to create it?
#
Zegnat
what is access token?
#
Loqi
access_token is is a token that is given to a micropub client from a token-endpoint https://indieweb.org/access_token
#
Zegnat
There is that too general and at the same time too specific page for token :p
#
[miklb]
theoretically adds that to list of complaints about wikis but doesn’t have a better solution to offer
#
sknebel
A token is an identifier with which apps authenticate between each other, in Indieweb software you might be looking for [[access_token]] obtained via [[IndieAuth]].
#
loqi.me
created /token (+189) "prompted by [miklb] and dfn added by sknebel"
(view diff)
#
sknebel
access_token << obtaining-an-access-token
#
Loqi
ok, I added "[[obtaining-an-access-token]]" to the "See Also" section of /access_token
#
loqi.me
edited /access_token (+49) "/* See Also */ new section"
(view diff)
#
[miklb]
sknebel++
#
Loqi
sknebel has 24 karma in this channel (67 overall)
#
sknebel
(stuffed the indieauth mention in the dfn so loqi mentions the keywords)
#
Zegnat
access_token << token-endpoint
#
loqi.me
edited /access_token (+21) "Zegnat added "[[token-endpoint]]" to "See Also""
(view diff)
#
Loqi
ok, I added "[[token-endpoint]]" to the "See Also" section of /access_token
#
Zegnat
If you want to make it even more opaque, the IndieAuth access token is a Bearer token as defined by RFC 6750 and is bound to the character set defined for it there ;)
#
Zegnat
What is bearer token?
#
Loqi
bearer token is a type of token that identifies its “bearer”, the most common authentication type in OAuth https://indieweb.org/bearer_token
#
Zegnat
Oh, look at that! It exists!
#
sknebel
Zegnat: add those details to the text of the page
#
Zegnat
Doing as we speak
#
vanderven.se martijn
edited /bearer_token (+857) "Add definition from RFC, add technological definition, add IndieWeb use-case. Remove stub."
(view diff)
#
Zegnat
How about that?
#
www.svenknebel.de
edited /access_token (+11) "grammar, link bearer token"
(view diff)
#
aaronparecki.com
edited /Special:Log/rights () "changed group membership for User:Vanderven.se martijn from (none) to sysop"
(view diff)
[kpraslowicz] joined the channel
#
vanderven.se martijn
edited /MediaWiki:Common.css (+643) "Test removing lock icons from links, it should be assumed default ASAP."
(view diff)
#
dgold
Zegnat: I *think* I've sorted that Issue.
EmreSokullu joined the channel
#
vanderven.se martijn
edited /MediaWiki:Common.css (+471) "Test with a specific “unlocked” icon for non-HTTPS links"
(view diff)
#
Zegnat
Sorry I didn’t have time to PR dgold. Your solution seems right. HTTP/2 will send all headers lowercased anyway IIRC, so lowercasing seems a good idea.
#
Zegnat
dgold, any reason for using fwrite and file_put_contents for writing to the same place?
#
dgold
Zegnat: the real answer is that I'm still (re)learning PHP
#
dgold
I haven't done any PHP coding since ... Zend 1.0? That was PHP 3 -> 4, right?
#
Zegnat
getallheaders() returns an array or false. Best is to just do $headers = getallheaders(); (without the encapsulating array() you have now) and exit() early if($headers === false).
#
Zegnat
Then all headers are just a single flat array within $headers for you to work with. Get rid of the extra ['0'] you have everywhere now.
#
dgold
can I wrap that in an
#
dgold
if($headers = getallheaders() ) { do stuff } else exit;?
#
Zegnat
But then you would end up putting your entire application code in that if. Which is why testing for false is what I would do
#
dgold
oh, yes, I would.
#
dgold
Zegnat: so declaring $data as an array, that's also redundant?
#
Zegnat
Hmm, where?
EmreSokullu joined the channel
#
dgold
in that same header handling element
#
dgold
(tempted to use a 418 error for failing to send headers)
#
Zegnat
Ah, that’s just setting $data to an empty array. That’s not really a problem, especially since otherwise $data may not get set at all (as json_decode happens within an if).
#
dgold
yeah, that's why I originally set it that way
#
dgold
i test if data's empty on line 300-ish
#
Zegnat
Yeah, so you will want it to be set. array() is fine there. Or just [] if you are on a modern PHP version, not sure what versions you want to support
#
dgold
i have it running on 5.6 and on 7
#
dgold
the thing that has me annoyed(ish) is that json micropub requires the elements of every key to be an array
#
dgold
whereas _POST is in simple key=element
#
dgold
what I want to do is map all the _POST stuff into an array of the form key=>[element]
#
aaronpk
array_map(function($a){ return is_array($a) ? $a : [$a]; }, $_POST)
#
dgold
then I can strip out a load of code
#
dgold
witchcraft!
#
aaronpk
i literally just wrote that for this podcast micropub endpoint
#
GWG
I have to support back to 5.3, so no short array notation for me
#
dgold
^ actually did actually laugh out loud
#
dgold
what uses 5.3 GWG ?
#
aaronpk
wordpress :(
#
GWG
PHP 5.3
#
GWG
aaronpk, it is at 5.3, actually, but we agreed that 5.3 is minimum for Indieweb stuff
#
aaronpk
it's always a tough call
#
aaronpk
the latest version of Laravel only works on PHP 7 which seems a bit crazy
#
Zegnat
Less than 3 months until 7.0 is the lowest still supported PHP version though ... http://php.net/supported-versions.php
#
aaronpk
whoa really?
#
dgold
no, its next December
#
Zegnat
Oh, never mind, misread
#
Zegnat
Actually, active support on 7.0 lapses in a month time, hahaha
#
Loqi
Zegnat: lol
#
Zegnat
So 1 more month until everyone is over on 7.1, right? Please?
#
GWG
I had someone who got an error on 5.4 because of something, so now I have to test on all supposedly supported versions
#
aaronpk
guess i'll be jumping from 5.6 straight to 7.1 then
#
Zegnat
I kinda want to jump from 7.0 to 7.2. The latter comes with libsodium support.
#
dgold
aaronpk++ thank you - that's just what I was looking to do!
#
Loqi
aaronpk has 81 karma in this channel (1455 overall)
#
Zegnat
I might try to get some people to show me docker and some VPS management stuff at IWC, so I can start working with whatever PHP version I want rather than what my hoster cares to provide
#
GWG
I need to learn docker
#
Zegnat
I hear it is good. But that is all I know.
#
Zegnat
petermolnar you aren’t going to be in Berlin, are you? (Haha)
#
GWG
When is Berlin again?
#
Loqi
what
#
Zegnat
When is IWC Berlin?
#
Loqi
IndieWebCamp Berlin 2017 is the third IndieWebCamp in Berlin and one of several IndieWebCamp events in 2017! https://indieweb.org/IWC_Berlin
#
dgold
docker and VPSen aren't always happy bedfellows
#
Zegnat
GWG: next weekend; 2017-11-04 10:00 through 2017-11-05 at 18:00
#
dgold
obvs, you get what you pay for
#
Zegnat
non-VPS hosting solutions are probably too expensive for me though dgold
#
dgold
Zegnat: oh, ditto - believe me
#
sknebel
dgold: I would imagine OpenVZ-based ones have issues? or anything else?
#
dgold
what I mean is that in my budgetary range, the chances of me being able to use docker on a remote is fairly zeroth
#
dgold
OpenVZ ones definitely don't play with it, KVM ones _can_ theoretically, but the custom kernels (IME, YMMV) don't always play nice with docker
#
sknebel
I still use lxc
#
sknebel
which also has it's clear downsides to manage
#
sknebel
Zegnat: I think I found your omnibear issue
#
dgold
if you can get an openVZ 7 server, then you'll be able to use docker, but at my budget range I'm looking at 2.6 underlying kernels at best
#
sknebel
dgold: I'm not touching openVZ anymore. not worth the hassel
#
aaronpk
also keep in mind you don't need a whoel docker or VPS environment just to run multiple versions of PHP
#
sknebel
that too :P
#
dgold
what do you use instead, aaronpk
#
GWG
I will have to remote in
#
aaronpk
you can just install multiple versions in ubuntu
#
aaronpk
they don't clobber each other anymore
#
Zegnat
I had multiple versions on macOS too actually
#
Zegnat
I am just not sure how I will have the web server use multiple then. Or I would also need to run several servers?
#
aaronpk
depends on how the server is set up to run php
#
dgold
Zegnat: you could use FreeBSD!
#
aaronpk
with nginx and fpm, you can point each virtual host at a unique fpm instance
#
Zegnat
Hmm, that might be an option then aaronpk
#
dgold
aaronpk: ahhhh
#
aaronpk
dreamhost does this actually, since their shared hosting is based on ubuntu. you can choose which domain goes to which php version.
#
Zegnat
I have never touched FreeBSD, dgold
#
dgold
aaronpk: so you'd make a separate php-fpm pool for each vhost
#
aaronpk
or rather for each php version
#
dgold
i have to say, I really like nginx. created an apache instance recently to experiment with piwik, and found the experience much more difficult over nginx
#
Zegnat
I kinda wish I didn’t need to know any of it. But none of the hosting services so far keep up with PHP updates the way I would want them to. So I see no other option then to go self-managed.
#
sknebel
even uberspace didn't?
#
sknebel
I forgot was the problem was there
#
dgold
i started reading the uberspace material, but it made my head hurt
#
Zegnat
uberspace seems to have up to the latest 7.1 now
#
Zegnat
but I had some problems keeping services running there, and they reboot servers without notification too
#
sknebel
well, I can help you with VPS setup if you want, or at least point you towards the right resources
#
Zegnat
Also I think there was some problem with installing PHP extensions. But I can’t recall if that was uberspace. When I wanted to add libsodium.
#
Zegnat
Would love to get any help you can give sknebel!
#
dgold
right, changes made, thanks Zegnat & aaronpk
#
dgold
guess I'll do like-of tomorrow
#
sknebel
hm, node.microformats.io is down
#
Zegnat
Been a while. I seem to recall you added a trick to sturdybackbone for JavaScript parser checking
#
aaronpk
omg it's aliiiiive
#
sknebel
Zegnat: oh, right, I forgot that :)
#
Zegnat
Maybe add it to tools, sknebel ;)
#
sknebel
or get something packaged for heroku and put it next to the rest of mf.io
#
sknebel
has anyone heard from glenn in like the last half a year? afaik it was running on his server, and e.g. my PRs against the the parser are also still open
#
dgold
Zegnat: does that latest commit do the necessary?
#
Zegnat
Let’s have a look!
#
Zegnat
dgold, you will want to do the $headers === false check before you do array_change_key_case(). Otherwise array_change_key_case() is going to error because you can be passing it false instead of an array
#
dgold
you should write an automated test suite
#
dgold
(or I could, you know, learn how to write tests)
#
sknebel
shakes head about web tooling that leaves this stuff to the programmer
#
Zegnat
It is my biggest peeve with PHP. Many functions have a “return something different on failure” instead of just throwing exceptions.
#
Zegnat
Otherwise it LGTM dgold. Of course needs actual testing with clients but code looks good
#
dgold
ok - I sent up a commit with that fix, Zegnat, please attack it away.
#
dgold
but right now, its saturday night, its a long weekend here, and I'm off to drink beer and eat pizza
#
Zegnat
Sounds like a plan dgold!
#
Zegnat
I do wonder, how PHP is interpreting `array ()`?
#
dgold
probably poorly!
#
Zegnat
Oh. PHP allows for spaces between function names and their ()? Add to things I learned today
#
Zegnat
Looks good to me dgold! I’ll test Omnibear and shpub once more in a minute, about to grab a drink myself
#
aaronparecki.com
edited /p3k_naming_convention (-25) "Gramophone is a thing now"
(view diff)
#
dgold
oooooh! shpub is interesting!
#
dgold
anyway, veg chopping time, adiaŭ mundo
[kevinmarks] joined the channel
#
aaronpk
*whew* it's rough but it works
#
aaronpk
now i have a much easier way to publish episodes!
#
dgold
look forward to more episodes then!
GabaLaba, EmreSokullu and loicm joined the channel
#
Zegnat
Oh, sknebel, little surprised the href parsing is a micropub-helper problem. Does the microfomats parser return the right href?
#
sknebel
if you don't tell the parser what URL your html is from, what's the poor thing supposed to do?
#
Zegnat
Ooh, woops, then!
#
Zegnat
So just needs to pass along baseUrl in the object for Microformats.get()? Gotcha.
EmreSokullu and EmreSoku_ joined the channel
#
www.boffosocko.com
edited /voticon (+126) "Molnar article; emojicon"
(view diff)
#
www.boffosocko.com
edited /Posts_about_the_IndieWeb (+272) "Peter Molnar article Content, bloat, privacy, archives"
(view diff)
#
Zegnat
What is upvote?
#
Loqi
It looks like we don't have a page for "upvote" yet. Would you like to create it?
#
Zegnat
Oh, we didn’t document that? Hmm. I am heading for bed though, have a good one all!
#
vanderven.se martijn
edited /Microsub-spec (+43) "Rewrite Markdown links, stop wiki from auto-linking"
(view diff)
#
vanderven.se martijn
edited /OWFa (+1058) "/* Criticism */ Add Bruce Perens’ criticism with full citation."
(view diff)
#
petermolnar
!tell Zegnat no, unfortunately I can't make it; on the learning docker though, it's not that much black magic
#
Loqi
Ok, I'll tell them that when I see them next
KartikPrabhu, gRegorLove, EmreSokullu and eli_oat joined the channel