#dev 2018-01-04

2018-01-04 UTC
#
tantek gRegorLove: yup, that Readability subhead kinda nails it
bengo, KartikPrabhu, [eddie], tantek and sebsel joined the channel
#
tantek oh wow if I could programmatically register twitter handles I would register all the days for say the next 100 years
#
aaronpk πŸ˜‚
#
tantek like @2018_001 @2018_002 etc.
#
tantek as a way of indicating what happens on that day
#
tantek I mean, that would be a worthy use of bots. none of this political spam/troll crap
#
tantek goes back to using hashdates
#
tantek oh well Twitter doesn't auto-link hashdates (for now)
#
tantek e.g. # 2018_001
eli_oat, leg, renem, [mrkrndvs], [miklb], KartikPrabhu, tantek and tantek_ joined the channel
#
loqi.me created /ipython (+254) "prompted by tantek and dfn added by DanC" (view diff)
#
loqi.me created /jupyter (+88) "prompted by tantek and dfn added by DanC" (view diff)
#
loqi.me created /emacs (+109) "prompted by tantek and dfn added by DanC" (view diff)
#
madmode.com edited /ipython (+143) "on writing blog articles with ipython notebook" (view diff)
#
matienzo.org edited /User:Matienzo.org (-4) (view diff)
#
matienzo.org edited /User:Matienzo.org (-27) (view diff)
#
matienzo.org edited /Planning (+18) "/* San Francisco */" (view diff)
[xavierroy], [chrisaldrich], AngeloGladding and KartikPrabhu joined the channel
#
loqi.me created /posting_from_mobile (+40) "prompted by [chrisaldrich] and redirect added by [chrisaldrich]" (view diff)
renem, tomasparks, barpthewire, AngeloGladding, cweiske, KartikPrabhu, [kiai] and [kevinmarks] joined the channel
#
[kevinmarks] I think twitter only autolinks if it starts with a letter (as #1 was autolinking)
#
[kevinmarks] #dt_2018_01_04 maybe
#
sebastiangreger.net edited /Bookmarklet (+416) "/* Indieweb-related bookmarklets */ +Android Share "bookmarklet"" (view diff)
John__, tantek, [kevinmarks], raucao, [eddie] and leg joined the channel
#
loqi.me edited /jupyter (+87) "See Also" (view diff)
ben_thatmustbeme joined the channel
#
[eddie] !tell aaronpk: IndieAuth.net section 5 is Authentication, but 5.2, 5.3 and 5.4 all say Authorization. I’m thinking those should say Authentication? It tripped me up because I focused more on the subtitles than the titles so I found myself in Authentication when I was looking for Authorization
#
Loqi Ok, I'll tell them that when I see them next
#
aaronpk hmm
#
[eddie] Oh, I see a link to Github issues, I can create an issue for it if you like
#
aaronpk please do
#
aaronpk reviews OpenID Connect
#
aaronpk looks like they do use "Authentication Request" in their headers
#
aaronpk so yeah I should change it
#
aaronpk but yes plz still file a github issue :)
#
[eddie] done :thumbsup:
leg joined the channel
#
dgold currently mashing my head against php, again
#
dgold on my test-server, my script is snding likes and reposts properly to twitter as likes and reposts
#
dgold on my homesite, the same script sends them as a blank post
#
GWG dgold: I always try to build in a debug mode that can be enabled to send extra info to the logs.
#
[eddie] IndieAuth Authentication/Authorization: When a client is making the initial request to the endpoint, if required params aren’t found such as client_id, redirect_uri, etc. What should the endpoint return? Does it follow standard OAuth 2.0 rules such as the error response section of this page?: https://www.oauth.com/oauth2-servers/authorization/the-authorization-response/
#
aaronpk yes, although there is an important distinction that I should probably clarify on that page
#
aaronpk you need to abort and *not* redirect in certain error cases like missing/invalid redirect URL or client ID
#
aaronpk you should only redirect with an error if the client ID and redirect URL are okay
#
Loqi it is probable
#
GWG aaronpk: I've been trying to internalize the spec
#
[eddie] Ahh gotcha. :thumbsup: So any error besides redirect_uri/client_id errors should follow that redirect with the error, but if it's redirect_uri/client_id you should display the error within your own UI
#
aaronpk yep
#
GWG I'm not currently checking for client or redirect errors. It will come
#
[eddie] So basically as I read through the IndieAuth spec, if it doesn't address something specifically, I should check OAuth 2.0 and go by that in most cases that the IndieAuth spec doesn't define
#
aaronpk yep!
#
[eddie] :thumbsup:
[kevinmarks] joined the channel
#
[kevinmarks] interesting that people are saying "disable javascript" in response to Spectre
#
aaronpk from what I've heard it's theoretically possible but nobody has produced a proof of concept attack yet
#
[kevinmarks] https://twitter.com/licuende/status/948964367487422464
#
@licuende Freaking out right now: "As a proof-of-concept, JavaScript code was written that, when run in the Google Chrome browser, allows JavaScript to read private memory from the process in which it runs" https://spectreattack.com/spectre.pdf (twitter.com/_/status/948964367487422464)
tantek joined the channel
#
[kevinmarks] Firefox has pushed a build disabling some features too
#
tantek recently? what happened?
#
[kevinmarks] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
#
Loqi [Luke Wagner] Mitigations landing for new class of timing attack
[cleverdevil] joined the channel
#
[cleverdevil] I've been thinking about this a lot, with regard to the web. It seems to me that JavaScript should be delivered by browsers using a trust model similar to that of apps on iOS or Android.
#
[kevinmarks] turning off SharedArrayBuffer is pretty severe for WebASM
#
[cleverdevil] When you visit a website that needs JavaScript, the browser should inform the user that the website is requesting permission to run JavaScript, and the user should have to grant it.
#
tantek cleverdevil, do you run with NOSCRIPT? because that's essentially what that does
#
tantek so you could have today if you want
#
tantek and try out the experience
#
[cleverdevil] I am not sure my preferred browser allows that, actually.
#
[cleverdevil] Meaning, if you disable JavaScript, I think its just *off*.
#
tantek you should try Firefox with NOSCRIPT then :)
#
[cleverdevil] Maybe!
#
[cleverdevil] My current solution is a heavy dose of ad/tracking blockers both at the browser, and on my home network.
#
Loqi totally
#
[kevinmarks] chrome will let you turn it off by default, and get a widget in the address bar that lets you re-enable site by site
#
[cleverdevil] Cool. I need to experiment with this.
#
[cleverdevil] Yup, just verified, Safari doesn't offer JavaScript as a per-website preference.
#
[cleverdevil] Its global.
#
[cleverdevil] it offers many other settings per-website.
#
GWG [cleverdevil]: Do you know any Android developers you might be able to recruit to the community?
#
[cleverdevil] Hmm... I do know a few.
#
[kevinmarks] I am kind of an android developer, though I haven't done much recently
#
[kevinmarks] my reflex these days would be to PWA rather than app
#
GWG I still would like to try to convince someone to write a Micropub client for Android.
#
GWG [kevinmarks]: PWA in Android can't register for share intents, can they?
#
[kevinmarks] Ben made one
#
GWG [kevinmarks]: He replaced it with a PWA, I believe
#
[kevinmarks] https://developers.google.com/web/updates/2016/09/navigator-share
#
tantek what is Android
#
Loqi Android is an open source operating system for mobile devices (AOSP) combined with a set of proprietary cloud services provided by Google https://indieweb.org/Android
#
[kevinmarks] no wait, that's the other way around
John___ joined the channel
#
GWG [kevinmarks]: Either way, you have to admit that a Micropub app in the Play Store, the F-Droid store, etc would have a greater impact.
#
[kevinmarks] https://github.com/WICG/web-share-target/blob/master/docs/explainer.md
#
tantek.com edited /Android (+248) "clean up a bit, add indieweb relevance to dfn, stub indieweb examples" (view diff)
#
tantek what is mobile
#
Loqi mobile, in the context of the indieweb could refer to mobile apps, mobile use-cases, or being mobile friendly https://indieweb.org/mobile
#
tantek what is mobile posting
#
Loqi It looks like we don't have a page for "mobile posting" yet. Would you like to create it? (Or just say "mobile posting is ____", a sentence describing the term)
#
GWG You add in the users from Micro.blog who might use it, plus people with their own sites who could post to them using an app, there would definitely be a nice reward if we can get someone to try writing a reasonably nice one.
#
tantek.com moved /Posting_from_mobile_devices to /mobile_posting "shorter"
#
tantek mobile posting << iOS
#
Loqi ok, I added "[[iOS]]" to the "See Also" section of /mobile_posting
#
loqi.me edited /mobile_posting (+10) "tantek added "[[iOS]]" to "See Also"" (view diff)
#
tantek mobile posting << Android
#
loqi.me edited /mobile_posting (+14) "tantek added "[[Android]]" to "See Also"" (view diff)
#
Loqi ok, I added "[[Android]]" to the "See Also" section of /mobile_posting
#
GWG I feel posting from mobile easily is the missing link in my routine
#
tantek GWG, from a lot of our routines (mine too)
#
tantek.com edited /Android (+493) "add ryan and ben since their info was on [[mobile posting]]" (view diff)
#
GWG I really don't think I can take on an Android app as a project, but I'd really like to try to talk someone who does that stuff already into writing one.
#
tantek GWG, Kevinmarks, please add to /Android which now has more structure
#
tantek what is Android
#
Loqi Android is an open source operating system for mobile devices (AOSP) combined with a set of proprietary cloud services provided by Google, which some use to post to their IndieWeb sites https://indieweb.org/Android
gRegorLove joined the channel
#
GWG Umm...why does Ben Roberts post to his site snarfed.org?
#
tantek.com edited /mobile_posting (+100) "dfn" (view diff)
#
tantek oops copy/pasta
#
tantek what is mobile posting
#
Loqi mobile posting is the act of using a mobile device to post to a site, typically your own personal indieweb site https://indieweb.org/mobile_posting
#
tantek.com edited /Android (+6) "fix copy/pasta" (view diff)
#
tantek.com edited /Facebook (+135) "/* Features */ responses, like etc." (view diff)
barpthewire joined the channel
#
david.shanske.com edited /Android (+509) "/* IndieWeb Examples */" (view diff)
bengo and snarfed joined the channel
#
tantek.com edited /100DaysOfIndieWeb (+492) "100 Days of Positive Doing Posting Days, move last year's to previously (until someone wants to re-up for this year!)" (view diff)
#
tantek that page needs a bunch more clean-up (or maybe rescoping or splitting off a general 100Days page?) but I added mine for 2018: https://indieweb.org/100DaysOfIndieWeb#100_Days_of_Positive_Doing_Posting_Days
[tantek] joined the channel
#
gregorlove.com created /photography_policy (+667) "prompted by gRegorLove" (view diff)
[eddie] joined the channel
#
[eddie] abode-authentication-screen.png https://files.slack.com/files-pri/T03QR2B2T-F8N8LS326/screen_shot_2018-01-04_at_2.06.36_pm.png?pub_secret=f630384e5b&name=Screen Shot 2018-01-04 at 2.06.36 PM.png
#
[eddie] It’s not pretty, but it’s exciting πŸ˜„
#
aaronpk yay
KartikPrabhu and ben_thatmustbeme joined the channel
#
grantcodes aaronpk: Monocle updates dont appear to have fixed the issues I had. Will open some GitHub issues for you ;)
#
aaronpk darn, k
#
Zegnat GWG, we are hopefully close to more share interaction on Android. The Twitter PWA that they announced after working together with the Google folks seems to already include some share setting in their manifest file IIRC.
#
GWG Zegnat: I will continue to hold out hope
#
gRegorLove Interesting. I guess I'd misread the DMCA safe harbor stuff before. It doesn't appear there is any particular protection it provides if you're a content creator who posts copyrighted work.
#
gRegorLove So someone could just go to your host and get you taken down?
#
gRegorLove And it's at the host's discretion whether they contact you or not first
[cleverdevil], cweiske, bengo, [davidmead], [manton] and tantek joined the channel
#
dgold DMCA safe harbor is just for the hosts, not for the users
[kiai] and snarfed joined the channel
#
aaronparecki.com edited /swag (+113) "move shirts to past, remove dead stickermule marketplace links" (view diff)
j12t joined the channel
#
aaronparecki.com edited /Year_in_Review (+136) "+me" (view diff)
#
grantcodes New Together build online for those testing together.tpxl.io
#
grantcodes Featuring new maps and channel editing (sort of :P)
#
aaronpk nice
#
aaronpk i've gotta solve that duplicate photo issue
[cleverdevil] joined the channel
#
[cleverdevil] πŸŽ‰
#
tantek aaronpk solve or implement? did the proposed solution not work?
#
aaronpk I haven't tried yet
#
aaronpk hm now I can't remember where that was documented
#
[cleverdevil] grantcodes is this dupe photo thing a known issue? -> http://share.cleverdevil.io/gj5ql90AtU.png
#
aaronpk it sounded like it will work, and that I will be implementing it in XRay
#
aaronpk that's the thing I'm talking about [cleverdevil] :)
#
[cleverdevil] Or is that what you're talking about aaronpk?
#
[cleverdevil] Hah
#
aaronpk it's because the photo appears in the content and is also marked up as u-photo
#
grantcodes Yeah duplicates are a big thing
#
grantcodes What aaronpk said
#
tantek it's a visual duplicate, to be clear
#
aaronpk oh no chat search is down
#
tantek presentation problem
#
tantek uh oh yeah I was going to say that's where I brainstormed the proposal
#
tantek in dhat
#
tantek chat
#
tantek aaronpk does repo search work as a fallback? search the chat log repo in GitHub?
#
aaronpk I was about to try that
#
aaronpk it does, but also matches the json keys πŸ˜‚ https://github.com/indieweb/indieweb-chat-archive/search?utf8=%E2%9C%93&q=duplicate+photo&type=
#
aaronpk here we go https://chat.indieweb.org/dev/2017-12-23
#
aaronpk https://chat.indieweb.org/dev/2017-12-23#t1513996649268600
#
Loqi [tantek] thus if you're displaying the HTML of a photo post from somewhere else, you should be able to say hey, drop any img tags in the HTML because I already know the ones I care about
#
grantcodes Similar issue with a lot of name / content duplication. I see decent number of posts were perhaps the name is just a truncated version of the post or plaintext version or I think I've even seen Twitter friendly version appear vs indieweb versions (@handle changed to @website.com). I imagine it'll be hard to dedupe everything but the majority should be quite possible
[kevinmarks] joined the channel
#
aaronpk I have quite a bit of code handling that already, so feel free to file issues on XRay with examples you're finding
#
aaronpk i'd like to iron out all the edge cases
#
[cleverdevil] I've just moved most of my subscriptions from my current reader into Monocle/Together to see how things go.
#
aaronpk exciting
#
grantcodes Yeah will do moving forward.
#
[cleverdevil] One other thing, it'd be nice if everything was sorted in chronological order by publish date.
#
aaronpk that's tricky. I actually opted for the opposite of that
#
aaronpk it sorts by the time an entry was found
#
aaronpk like chat
#
aaronpk otherwise it's very likely that stuff with past dates will never be seen
#
[cleverdevil] Yeah, I think that's a nice fallback, but the problem then is that things can be out of sequence based upon when things happen.
#
[cleverdevil] Anyway, having an option to view it either way would be good.
#
[cleverdevil] The content/title dupes definitely are a thing, especially for microblog type content: http://share.cleverdevil.io/2LqbAPNfPt.png
#
aaronpk weird, it should have caught that one
#
grantcodes I think it makes sense to insert newly followed content in based on the published date, when I had a channel that had a bit of content and added a new subscription it's annoying that the entire first page may become out of date content from that feed
#
aaronpk ah for the first add, yeah
#
[cleverdevil] That's what I'm experiencing now.
#
grantcodes After that though found date makes sense
#
aaronpk [cleverdevil]: which feed of ben's did you add? microformats, rss, jsonfeed?
#
grantcodes Should be more or less chronological anyway
#
aaronpk the microformats parsed version does not have the duplicate "name" https://xray.p3k.io/parse?url=https%3A%2F%2Fwerd.io%2Fcontent%2Fstatusupdates%2F
#
[cleverdevil] aaronpk https://werd.io/content/all?_t=rss
#
[cleverdevil] Maybe a Known thing?
#
[cleverdevil] My site does it as well.
#
tantek [cleverdevil]: RSS is always going to be lower fidelity than the h-feed
#
aaronpk well there's your problem ;-)
#
aaronpk yeah you're gonna lose a lot of things by using the RSS feed
#
tantek readers in general should default to following the higher fidelity h-feed (hah - the h- standards fo higher fidelity :P)
#
tantek stands for* lol
#
[cleverdevil] Ah, gotcha.
#
aaronpk if you enter "werd.io" in monocle's follow screen, it does list the h-feed as the first option
#
aaronpk lol [cleverdevil] I figured out why you were seeing monocle show the "jsonfeed" type for an RSS feed
#
aaronpk <link rel="alternate" type="application/json" href="https://werd.io/content/all?_t=rss" /> via werd.io
#
[cleverdevil] wat.
#
[cleverdevil] Looks like a bug in Known, I am guessing.
#
aaronpk ya
#
[cleverdevil] grantcodes have you considered doing URL unfurling?
#
grantcodes It's going to be fun getting everyone to fix their feed markup
#
[cleverdevil] Heh
#
[cleverdevil] s/fun/impossible
#
aaronpk "fun"
#
[cleverdevil] Gotta be practical, I think, and use some heuristics to massage things into what is expected.
#
grantcodes There's an issue about url unfurling on GitHub. Don't think it's a priority yet
#
[cleverdevil] Agreed.
#
aaronpk to some extent yes :) telling someone an RSS feed is a JSONFeed is not something I want to expect people to deal with
#
[cleverdevil] nods
#
grantcodes What I do need to at least do is show reply-of, like-of etc in some way
#
aaronpk oh yeah reply context is missing for sure
#
grantcodes It's not reply-of but you get the idea πŸ˜‚
#
[cleverdevil] Yeah, but still, overall its looking pretty great.
#
aaronpk I would expect the microsub server to do the work of actually fetching those things
#
[cleverdevil] Here's a little demo if anyone wants to take a look: http://share.cleverdevil.io/NYDDf8Lg4c.mp4
#
grantcodes Commits / Pull requests accepted πŸ˜‰ Probably the easiest major thing to help with is the card component that displays the post. Needs to handle all those other properties that I've not worked on yet
#
tantek at some point I wonder if new /reader UIs should start warning users when they choose a lower fidelity feed like RSS when a higher fidelity one is available
#
aaronpk one problem there is knowing when two feeds are roughly equivalent
#
[cleverdevil] It should likely just pick on its own, unless the user clicks some sort of "advanced" view.
#
aaronpk for example known links to a bunch of rel=alternates
#
[cleverdevil] In Together, when you go through that interaction, it shows you a preview of a feed before you follow it.
#
aaronpk werd.io shows only front-page posts, but links to werd.io/content/all which has a bunch more content
#
[cleverdevil] Good point.
#
grantcodes What has become quite clear is those content filters that I set up in together are not that useful with microsub as is. Like in your video you clicked to load more reposts but that's not possible with microsub. But think it's more a ui thing that microsub spec thing
#
tantek there's a difference between format / content-type, and the "purpose" of the feed (home page summaries, all content, etc.)
#
aaronpk tantek: I know, my point is that they often cross-link despite being quite different feeds
#
aaronpk grantcodes: what I'm finding I want is to set a default view per channel
#
[cleverdevil] I agree with that, aaronpk.
#
tantek this is why it is a bad practice to just jam all your random feed files into your home page
#
tantek really harms discovery
#
grantcodes Yeah probably
#
tantek and why for any particular feed file "variant" (e.g. "all posts"), you should have an actual HTML page for it
#
tantek and then have HTML UI from your home page to any such variants
#
aaronpk funny enough Known does also work that way
#
aaronpk it's just that the home page also links to the "all" RSS feed
#
[cleverdevil] I will say, my Micro.blog JSON Feed looks pretty great in Together already: http://share.cleverdevil.io/2MPeQbzpJG.mp4
#
tantek yeah that's a bug IMO
#
tantek the home page should instead link to the "all" HTML page
#
grantcodes Definitely wanting a compressed UI for certain channels as well
#
tantek and then *that* "all" HTML page can link to its RSS
#
grantcodes That micro.blog feed does look good. Benefits of a consistently written feed 😜