#dev 2018-01-04

2018-01-04 UTC
#
tantek
gRegorLove: yup, that Readability subhead kinda nails it
bengo, KartikPrabhu, [eddie], tantek and sebsel joined the channel
#
tantek
oh wow if I could programmatically register twitter handles I would register all the days for say the next 100 years
#
aaronpk
πŸ˜‚
#
tantek
like @2018_001 @2018_002 etc.
#
tantek
as a way of indicating what happens on that day
#
tantek
I mean, that would be a worthy use of bots. none of this political spam/troll crap
#
tantek
goes back to using hashdates
#
tantek
oh well Twitter doesn't auto-link hashdates (for now)
#
tantek
e.g. # 2018_001
eli_oat, leg, renem, [mrkrndvs], [miklb], KartikPrabhu, tantek and tantek_ joined the channel
#
loqi.me
created /ipython (+254) "prompted by tantek and dfn added by DanC"
(view diff)
#
loqi.me
created /jupyter (+88) "prompted by tantek and dfn added by DanC"
(view diff)
#
loqi.me
created /emacs (+109) "prompted by tantek and dfn added by DanC"
(view diff)
#
madmode.com
edited /ipython (+143) "on writing blog articles with ipython notebook"
(view diff)
#
matienzo.org
edited /Planning (+18) "/* San Francisco */"
(view diff)
[xavierroy], [chrisaldrich], AngeloGladding and KartikPrabhu joined the channel
#
loqi.me
created /posting_from_mobile (+40) "prompted by [chrisaldrich] and redirect added by [chrisaldrich]"
(view diff)
renem, tomasparks, barpthewire, AngeloGladding, cweiske, KartikPrabhu, [kiai] and [kevinmarks] joined the channel
#
[kevinmarks]
I think twitter only autolinks if it starts with a letter (as #1 was autolinking)
#
[kevinmarks]
#dt_2018_01_04 maybe
#
sebastiangreger.net
edited /Bookmarklet (+416) "/* Indieweb-related bookmarklets */ +Android Share "bookmarklet""
(view diff)
John__, tantek, [kevinmarks], raucao, [eddie] and leg joined the channel
#
loqi.me
edited /jupyter (+87) "See Also"
(view diff)
ben_thatmustbeme joined the channel
#
[eddie]
!tell aaronpk: IndieAuth.net section 5 is Authentication, but 5.2, 5.3 and 5.4 all say Authorization. I’m thinking those should say Authentication? It tripped me up because I focused more on the subtitles than the titles so I found myself in Authentication when I was looking for Authorization
#
Loqi
Ok, I'll tell them that when I see them next
#
[eddie]
Oh, I see a link to Github issues, I can create an issue for it if you like
#
aaronpk
please do
#
aaronpk
reviews OpenID Connect
#
aaronpk
looks like they do use "Authentication Request" in their headers
#
aaronpk
so yeah I should change it
#
aaronpk
but yes plz still file a github issue :)
#
[eddie]
done :thumbsup:
leg joined the channel
#
dgold
currently mashing my head against php, again
#
dgold
on my test-server, my script is snding likes and reposts properly to twitter as likes and reposts
#
dgold
on my homesite, the same script sends them as a blank post
#
GWG
dgold: I always try to build in a debug mode that can be enabled to send extra info to the logs.
#
[eddie]
IndieAuth Authentication/Authorization: When a client is making the initial request to the endpoint, if required params aren’t found such as client_id, redirect_uri, etc. What should the endpoint return? Does it follow standard OAuth 2.0 rules such as the error response section of this page?: https://www.oauth.com/oauth2-servers/authorization/the-authorization-response/
#
aaronpk
yes, although there is an important distinction that I should probably clarify on that page
#
aaronpk
you need to abort and *not* redirect in certain error cases like missing/invalid redirect URL or client ID
#
aaronpk
you should only redirect with an error if the client ID and redirect URL are okay
#
Loqi
it is probable
#
GWG
aaronpk: I've been trying to internalize the spec
#
[eddie]
Ahh gotcha. :thumbsup: So any error besides redirect_uri/client_id errors should follow that redirect with the error, but if it's redirect_uri/client_id you should display the error within your own UI
#
GWG
I'm not currently checking for client or redirect errors. It will come
#
[eddie]
So basically as I read through the IndieAuth spec, if it doesn't address something specifically, I should check OAuth 2.0 and go by that in most cases that the IndieAuth spec doesn't define
#
[eddie]
:thumbsup:
[kevinmarks] joined the channel
#
[kevinmarks]
interesting that people are saying "disable javascript" in response to Spectre
#
aaronpk
from what I've heard it's theoretically possible but nobody has produced a proof of concept attack yet
#
@licuende
Freaking out right now: "As a proof-of-concept, JavaScript code was written that, when run in the Google Chrome browser, allows JavaScript to read private memory from the process in which it runs" https://spectreattack.com/spectre.pdf
(twitter.com/_/status/948964367487422464)
tantek joined the channel
#
[kevinmarks]
Firefox has pushed a build disabling some features too
#
tantek
recently? what happened?
#
Loqi
[Luke Wagner] Mitigations landing for new class of timing attack
[cleverdevil] joined the channel
#
[cleverdevil]
I've been thinking about this a lot, with regard to the web. It seems to me that JavaScript should be delivered by browsers using a trust model similar to that of apps on iOS or Android.
#
[kevinmarks]
turning off SharedArrayBuffer is pretty severe for WebASM
#
[cleverdevil]
When you visit a website that needs JavaScript, the browser should inform the user that the website is requesting permission to run JavaScript, and the user should have to grant it.
#
tantek
cleverdevil, do you run with NOSCRIPT? because that's essentially what that does
#
tantek
so you could have today if you want
#
tantek
and try out the experience
#
[cleverdevil]
I am not sure my preferred browser allows that, actually.
#
[cleverdevil]
Meaning, if you disable JavaScript, I think its just *off*.
#
tantek
you should try Firefox with NOSCRIPT then :)
#
[cleverdevil]
My current solution is a heavy dose of ad/tracking blockers both at the browser, and on my home network.
#
Loqi
totally
#
[kevinmarks]
chrome will let you turn it off by default, and get a widget in the address bar that lets you re-enable site by site
#
[cleverdevil]
Cool. I need to experiment with this.
#
[cleverdevil]
Yup, just verified, Safari doesn't offer JavaScript as a per-website preference.
#
[cleverdevil]
Its global.
#
[cleverdevil]
it offers many other settings per-website.
#
GWG
[cleverdevil]: Do you know any Android developers you might be able to recruit to the community?
#
[cleverdevil]
Hmm... I do know a few.
#
[kevinmarks]
I am kind of an android developer, though I haven't done much recently
#
[kevinmarks]
my reflex these days would be to PWA rather than app
#
GWG
I still would like to try to convince someone to write a Micropub client for Android.
#
GWG
[kevinmarks]: PWA in Android can't register for share intents, can they?
#
[kevinmarks]
Ben made one
#
GWG
[kevinmarks]: He replaced it with a PWA, I believe
#
tantek
what is Android
#
Loqi
Android is an open source operating system for mobile devices (AOSP) combined with a set of proprietary cloud services provided by Google https://indieweb.org/Android
#
[kevinmarks]
no wait, that's the other way around
John___ joined the channel
#
GWG
[kevinmarks]: Either way, you have to admit that a Micropub app in the Play Store, the F-Droid store, etc would have a greater impact.
#
tantek.com
edited /Android (+248) "clean up a bit, add indieweb relevance to dfn, stub indieweb examples"
(view diff)
#
tantek
what is mobile
#
Loqi
mobile, in the context of the indieweb could refer to mobile apps, mobile use-cases, or being mobile friendly https://indieweb.org/mobile
#
tantek
what is mobile posting
#
Loqi
It looks like we don't have a page for "mobile posting" yet. Would you like to create it? (Or just say "mobile posting is ____", a sentence describing the term)
#
GWG
You add in the users from Micro.blog who might use it, plus people with their own sites who could post to them using an app, there would definitely be a nice reward if we can get someone to try writing a reasonably nice one.
#
tantek
mobile posting << iOS
#
Loqi
ok, I added "[[iOS]]" to the "See Also" section of /mobile_posting
#
loqi.me
edited /mobile_posting (+10) "tantek added "[[iOS]]" to "See Also""
(view diff)
#
tantek
mobile posting << Android
#
loqi.me
edited /mobile_posting (+14) "tantek added "[[Android]]" to "See Also""
(view diff)
#
Loqi
ok, I added "[[Android]]" to the "See Also" section of /mobile_posting
#
GWG
I feel posting from mobile easily is the missing link in my routine
#
tantek
GWG, from a lot of our routines (mine too)
#
tantek.com
edited /Android (+493) "add ryan and ben since their info was on [[mobile posting]]"
(view diff)
#
GWG
I really don't think I can take on an Android app as a project, but I'd really like to try to talk someone who does that stuff already into writing one.
#
tantek
GWG, Kevinmarks, please add to /Android which now has more structure
#
tantek
what is Android
#
Loqi
Android is an open source operating system for mobile devices (AOSP) combined with a set of proprietary cloud services provided by Google, which some use to post to their IndieWeb sites https://indieweb.org/Android
gRegorLove joined the channel
#
GWG
Umm...why does Ben Roberts post to his site snarfed.org?
#
tantek
oops copy/pasta
#
tantek
what is mobile posting
#
Loqi
mobile posting is the act of using a mobile device to post to a site, typically your own personal indieweb site https://indieweb.org/mobile_posting
#
tantek.com
edited /Android (+6) "fix copy/pasta"
(view diff)
#
tantek.com
edited /Facebook (+135) "/* Features */ responses, like etc."
(view diff)
barpthewire joined the channel
#
david.shanske.com
edited /Android (+509) "/* IndieWeb Examples */"
(view diff)
bengo and snarfed joined the channel
#
tantek.com
edited /100DaysOfIndieWeb (+492) "100 Days of Positive Doing Posting Days, move last year's to previously (until someone wants to re-up for this year!)"
(view diff)
#
tantek
that page needs a bunch more clean-up (or maybe rescoping or splitting off a general 100Days page?) but I added mine for 2018: https://indieweb.org/100DaysOfIndieWeb#100_Days_of_Positive_Doing_Posting_Days
[tantek] joined the channel
#
gregorlove.com
created /photography_policy (+667) "prompted by gRegorLove"
(view diff)
[eddie] joined the channel
#
[eddie]
It’s not pretty, but it’s exciting πŸ˜„
KartikPrabhu and ben_thatmustbeme joined the channel
#
grantcodes
aaronpk: Monocle updates dont appear to have fixed the issues I had. Will open some GitHub issues for you ;)
#
aaronpk
darn, k
#
Zegnat
GWG, we are hopefully close to more share interaction on Android. The Twitter PWA that they announced after working together with the Google folks seems to already include some share setting in their manifest file IIRC.
#
GWG
Zegnat: I will continue to hold out hope
#
gRegorLove
Interesting. I guess I'd misread the DMCA safe harbor stuff before. It doesn't appear there is any particular protection it provides if you're a content creator who posts copyrighted work.
#
gRegorLove
So someone could just go to your host and get you taken down?
#
gRegorLove
And it's at the host's discretion whether they contact you or not first
[cleverdevil], cweiske, bengo, [davidmead], [manton] and tantek joined the channel
#
dgold
DMCA safe harbor is just for the hosts, not for the users
[kiai] and snarfed joined the channel
#
aaronparecki.com
edited /swag (+113) "move shirts to past, remove dead stickermule marketplace links"
(view diff)
j12t joined the channel
#
grantcodes
New Together build online for those testing together.tpxl.io
#
grantcodes
Featuring new maps and channel editing (sort of :P)
#
aaronpk
i've gotta solve that duplicate photo issue
[cleverdevil] joined the channel
#
tantek
aaronpk solve or implement? did the proposed solution not work?
#
aaronpk
I haven't tried yet
#
aaronpk
hm now I can't remember where that was documented
#
[cleverdevil]
grantcodes is this dupe photo thing a known issue? -> http://share.cleverdevil.io/gj5ql90AtU.png
#
aaronpk
it sounded like it will work, and that I will be implementing it in XRay
#
aaronpk
that's the thing I'm talking about [cleverdevil] :)
#
[cleverdevil]
Or is that what you're talking about aaronpk?
#
aaronpk
it's because the photo appears in the content and is also marked up as u-photo
#
grantcodes
Yeah duplicates are a big thing
#
grantcodes
What aaronpk said
#
tantek
it's a visual duplicate, to be clear
#
aaronpk
oh no chat search is down
#
tantek
presentation problem
#
tantek
uh oh yeah I was going to say that's where I brainstormed the proposal
#
tantek
in dhat
#
tantek
aaronpk does repo search work as a fallback? search the chat log repo in GitHub?
#
aaronpk
I was about to try that
#
Loqi
[tantek] thus if you're displaying the HTML of a photo post from somewhere else, you should be able to say hey, drop any img tags in the HTML because I already know the ones I care about
#
grantcodes
Similar issue with a lot of name / content duplication. I see decent number of posts were perhaps the name is just a truncated version of the post or plaintext version or I think I've even seen Twitter friendly version appear vs indieweb versions (@handle changed to @website.com). I imagine it'll be hard to dedupe everything but the majority should be quite possible
[kevinmarks] joined the channel
#
aaronpk
I have quite a bit of code handling that already, so feel free to file issues on XRay with examples you're finding
#
aaronpk
i'd like to iron out all the edge cases
#
[cleverdevil]
I've just moved most of my subscriptions from my current reader into Monocle/Together to see how things go.
#
aaronpk
exciting
#
grantcodes
Yeah will do moving forward.
#
[cleverdevil]
One other thing, it'd be nice if everything was sorted in chronological order by publish date.
#
aaronpk
that's tricky. I actually opted for the opposite of that
#
aaronpk
it sorts by the time an entry was found
#
aaronpk
like chat
#
aaronpk
otherwise it's very likely that stuff with past dates will never be seen
#
[cleverdevil]
Yeah, I think that's a nice fallback, but the problem then is that things can be out of sequence based upon when things happen.
#
[cleverdevil]
Anyway, having an option to view it either way would be good.
#
[cleverdevil]
The content/title dupes definitely are a thing, especially for microblog type content: http://share.cleverdevil.io/2LqbAPNfPt.png
#
aaronpk
weird, it should have caught that one
#
grantcodes
I think it makes sense to insert newly followed content in based on the published date, when I had a channel that had a bit of content and added a new subscription it's annoying that the entire first page may become out of date content from that feed
#
aaronpk
ah for the first add, yeah
#
[cleverdevil]
That's what I'm experiencing now.
#
grantcodes
After that though found date makes sense
#
aaronpk
[cleverdevil]: which feed of ben's did you add? microformats, rss, jsonfeed?
#
grantcodes
Should be more or less chronological anyway
#
aaronpk
the microformats parsed version does not have the duplicate "name" https://xray.p3k.io/parse?url=https%3A%2F%2Fwerd.io%2Fcontent%2Fstatusupdates%2F
#
[cleverdevil]
Maybe a Known thing?
#
[cleverdevil]
My site does it as well.
#
tantek
[cleverdevil]: RSS is always going to be lower fidelity than the h-feed
#
aaronpk
well there's your problem ;-)
#
aaronpk
yeah you're gonna lose a lot of things by using the RSS feed
#
tantek
readers in general should default to following the higher fidelity h-feed (hah - the h- standards fo higher fidelity :P)
#
tantek
stands for* lol
#
[cleverdevil]
Ah, gotcha.
#
aaronpk
if you enter "werd.io" in monocle's follow screen, it does list the h-feed as the first option
#
aaronpk
lol [cleverdevil] I figured out why you were seeing monocle show the "jsonfeed" type for an RSS feed
#
aaronpk
<link rel="alternate" type="application/json" href="https://werd.io/content/all?_t=rss" /> via werd.io
#
[cleverdevil]
Looks like a bug in Known, I am guessing.
#
[cleverdevil]
grantcodes have you considered doing URL unfurling?
#
grantcodes
It's going to be fun getting everyone to fix their feed markup
#
[cleverdevil]
s/fun/impossible
#
[cleverdevil]
Gotta be practical, I think, and use some heuristics to massage things into what is expected.
#
grantcodes
There's an issue about url unfurling on GitHub. Don't think it's a priority yet
#
aaronpk
to some extent yes :) telling someone an RSS feed is a JSONFeed is not something I want to expect people to deal with
#
grantcodes
What I do need to at least do is show reply-of, like-of etc in some way
#
aaronpk
oh yeah reply context is missing for sure
#
grantcodes
It's not reply-of but you get the idea πŸ˜‚
#
[cleverdevil]
Yeah, but still, overall its looking pretty great.
#
aaronpk
I would expect the microsub server to do the work of actually fetching those things
#
[cleverdevil]
Here's a little demo if anyone wants to take a look: http://share.cleverdevil.io/NYDDf8Lg4c.mp4
#
grantcodes
Commits / Pull requests accepted πŸ˜‰ Probably the easiest major thing to help with is the card component that displays the post. Needs to handle all those other properties that I've not worked on yet
#
tantek
at some point I wonder if new /reader UIs should start warning users when they choose a lower fidelity feed like RSS when a higher fidelity one is available
#
aaronpk
one problem there is knowing when two feeds are roughly equivalent
#
[cleverdevil]
It should likely just pick on its own, unless the user clicks some sort of "advanced" view.
#
aaronpk
for example known links to a bunch of rel=alternates
#
[cleverdevil]
In Together, when you go through that interaction, it shows you a preview of a feed before you follow it.
#
aaronpk
werd.io shows only front-page posts, but links to werd.io/content/all which has a bunch more content
#
[cleverdevil]
Good point.
#
grantcodes
What has become quite clear is those content filters that I set up in together are not that useful with microsub as is. Like in your video you clicked to load more reposts but that's not possible with microsub. But think it's more a ui thing that microsub spec thing
#
tantek
there's a difference between format / content-type, and the "purpose" of the feed (home page summaries, all content, etc.)
#
aaronpk
tantek: I know, my point is that they often cross-link despite being quite different feeds
#
aaronpk
grantcodes: what I'm finding I want is to set a default view per channel
#
[cleverdevil]
I agree with that, aaronpk.
#
tantek
this is why it is a bad practice to just jam all your random feed files into your home page
#
tantek
really harms discovery
#
grantcodes
Yeah probably
#
tantek
and why for any particular feed file "variant" (e.g. "all posts"), you should have an actual HTML page for it
#
tantek
and then have HTML UI from your home page to any such variants
#
aaronpk
funny enough Known does also work that way
#
aaronpk
it's just that the home page also links to the "all" RSS feed
#
[cleverdevil]
I will say, my Micro.blog JSON Feed looks pretty great in Together already: http://share.cleverdevil.io/2MPeQbzpJG.mp4
#
tantek
yeah that's a bug IMO
#
tantek
the home page should instead link to the "all" HTML page
#
grantcodes
Definitely wanting a compressed UI for certain channels as well
#
tantek
and then *that* "all" HTML page can link to its RSS
#
grantcodes
That micro.blog feed does look good. Benefits of a consistently written feed 😜