#dev 2018-02-09

2018-02-09 UTC
KartikPrabhu, chrisaldrich and snarfed joined the channel
#
www.chrisbolas.com edited /IRC_People (+128) "/* Nicknames */" (view diff)
tantek joined the channel
#
gRegorLove snarfed: Seems something odd is happening with Granary and my quote post: https://granary.io/url?input=html&output=atom&url=http://gregorlove.com/notes/ search "Wendy"
#
gRegorLove Original: https://gregorlove.com/2018/02/our-level-of-discomfort-with/
#
Loqi [gRegor Morrill] “Our level of discomfort with others’ transparency is reflective of our discomfort with our own shortcomings.” — Wendy Holland, Mission Gathering sermon on February 4, 2018
#
gRegorLove Duplicates the blockquote
snarfed and [sdepolo] joined the channel
#
@miklb Been in a dev rut, so to break out going to see how quickly I can go from 0 to live #indieweb site sending/receiving webmentions with @eleven_ty. Since it supports liquid, I can use my work from jekyll-indieweb as a heads start https://github.com/miklb/jekyll-indieweb (twitter.com/_/status/961783010604605441)
[miklb] joined the channel
#
tantek.com edited /Leaders (-90) "that was an odd Loqi bug to fix, concerning that I somehow snuck a string into the static "See Also" heading that Loqi added" (view diff)
tantek and renem joined the channel
#
tantek !tell aaronpk interesting that your post permalink https://aaronparecki.com/2018/02/08/1/ doesn't show your own follow-up replies to my comment! I'd expect to see the whole thread there.
#
Loqi Ok, I'll tell them that when I see them next
#
Loqi [Aaron Parecki] Portland to San Francisco https://aaronparecki.com/2018/02/08/1/map.png
chrisaldrich joined the channel
#
www.boffosocko.com edited /Medium (+472) "rel-canonical setting for WordPress plugin; pagelogo; moved TOC" (view diff)
[colinwalker] joined the channel
#
aaronpk That would be nice!
#
Loqi aaronpk: tantek left you a message 1 hour, 4 minutes ago: interesting that your post permalink https://aaronparecki.com/2018/02/08/1/ doesn't show your own follow-up replies to my comment! I'd expect to see the whole thread there.
#
aaronpk It'll happen when I implement threading. There's nothing special about my own replies tho
[eddie] joined the channel
#
[eddie] The worst part about iOS development? Code signing and device provisioning. The latest build of Indigenous (full of bug fixes) works fine in my device and simulator but fails when building for TestFlight
#
[eddie] 😩
#
aaronpk eep
#
aaronpk It's gotten so much better too
AngeloGladding, KartikPrabhu and [jeremycherfas] joined the channel
#
[jeremycherfas] [eddie] For the record, Quill has never been able to find my syndication targets from Known.
barpthewire, tantek, cweiske, snarfed, [gerwitz], KevinMarks and [kevinmarks] joined the channel
#
[kevinmarks] It used to be able to. The version on my phone works, but when I connect again it doesn't work any more.
tantek and snarfed joined the channel
#
[12 lines deleted]
# jeremycherfas joined the channel
#
[1 line deleted]
#
tantek zegnat wat
#
jeremycherfas That phony760 is so weird. I happen to have Slack open at the same time, and there the message shows as a bunch of black blocks and double border thingies.
#
jeremycherfas Anyway, somebody block it, please.
#
tantek jeremycherfas: banned it
#
jeremycherfas Thanks tantek
#
Zegnat Should probably remove that from the logs again.
#
tantek jeremycherfas: want to help with removing it from the logs?
#
cweiske http://fotos.cweiske.de/screenshots/2018/2018-02-09%20irc%20spam.png
#
jeremycherfas Don't know how.
#
tantek what is removing irc spam
#
Loqi It looks like we don't have a page for "removing irc spam" yet. Would you like to create it? (Or just say "removing irc spam is ____", a sentence describing the term)
#
tantek removing irc spam is /IRC#How-to_remove_spam
#
Loqi ok
#
loqi.me created /removing_irc_spam (+35) "prompted by tantek and redirect added by tantek" (view diff)
#
tantek jeremycherfas: https://indieweb.org/IRC#How-to_remove_spam
#
Zegnat I’ll have a PR ready to remove this in like 5 minutes
#
tantek cweiske thanks for the image. any idea why a bot would advertise just another IRC server?
#
cweiske to get people to connect to it, as spammers usually do
#
Zegnat Ah, can’t do the PR yet, it hasn’t been pushed to the GitHub logs yet.
#
cweiske to grow their server or so
#
jeremycherfas Zegnat It would make life even easier if https://indieweb.org/IRC#How-to_remove_spam contained a link to where to find the logs in github.
#
jeremycherfas Not the day, but the "folder"
#
Zegnat The Spam section has a link to the GitHub archive, I didn’t duplicate that link again in the section I wrote. Maybe should have. I’ll do that now.
#
cweiske.de edited /IRC (+73) "/* How-to remove spam */ link github" (view diff)
#
Zegnat Ah, crap, I was editting to so now I have a conflict with cweiske’s edit
#
vanderven.se martijn edited /IRC (+174) "/* How-to remove spam */ Put the edit screenshot in the right list item, add information on where to find the files." (view diff)
#
Zegnat PR submitted
calumryan joined the channel
#
Zegnat jeremycherfas, please see if the How-to on spam is more clear now :) I originally wrote it trying to create a step-by-step guide any one could follow
#
Zegnat (though it still depends on having a regular expression compatible text editor :( )
#
@sl007 @OKNRW @derarndt Seit 4 Jahren arbeite ich an einem dezentralisierten CMS – einige der Technologien (Micropub, Webmention, ActivityPub) sind inzwischen W3C-Empfehlungen. Also nicht falsch verstehen, Eure Idee ist toll. Aber BITTE überlasst das Digi-Feld bundesweit nicht auch noch den Rechten. (twitter.com/_/status/961898047549661184)
#
jeremycherfas That's great for me, and I do know what I'm doing with BBEdit! So I'm armed and dangerous.
#
Zegnat I really like BBEdit, one day I might buy it. I’m on the evaluation edition.
[kevinmarks] joined the channel
#
jeremycherfas I bought it a long time ago and it is almost certainly overkill for me, but I really like things like multi-folder grep.
snarfed joined the channel
#
[kevinmarks] Also the folder diff is very good
#
jeremycherfas And it is very good about working over SFTP
#
sknebel [kevinmarks]: what do you mean with oembed "html variant"?
#
[kevinmarks] https://twitter.com/feross/status/961745970080792576
#
@feross 🙌 Just released a CLI tool called `thanks` to help you thank the open source maintainers you depend on! ✨ 1. Run 'npx thanks' in your project 2. See which of your dependencies are seeking donations! 💸 🌟 Open source authors, add yourself to the list: https://github.com/feross/thanks https://pbs.twimg.com/tweet_video_thumb/DVjOet0VQAA2CYg.jpg (twitter.com/_/status/961745970080792576)
#
[kevinmarks] The rich type of response
#
sknebel i *think* wordpress does that, would have to double-check though
#
Zegnat I don’t know if anyone supports it. I don’t usually check support before implementing something I am interested in offering.
#
Zegnat But it feels like a good way to enable reposts.
KevinMarks joined the channel
#
www.svenknebel.de edited /oEmbed (+1) "/* Discussion */ fix broken fragment for IRC logs" (view diff)
#
sknebel Zegnat: add a note about that to ^^^
#
sknebel ?
#
vanderven.se martijn edited /oEmbed (+406) "/* Discussion */ oEmbed for reposting" (view diff)
#
Zegnat Done sknebel
#
Zegnat I’m still wondering if there is a better way to do it. But oEmbed being an established standard is a bit of a plug
#
Zegnat s/plug/plus/
cweiske, snarfed and calumryan joined the channel
#
dgold okay, I have aperture and watchtower functioning
#
Zegnat Nice!
#
Zegnat Did you happen to write up a guide, dgold? ;)
#
dgold I shall be doing to imminently
#
dgold hmmmmm
#
dgold indigenous isn't seeing my feeds at all.
#
tripu.info created /User:Tripu.info (+54) "Let there be light" (view diff)
#
jeremycherfas Here we go again.
#
jeremycherfas That's pretty cool dgold
#
jeremycherfas Ooops.
#
dgold for indigigenous, should I be setting the microsub up separately, or is the link in the micropub endpoint sufficient?
#
dgold ah, scoping is all wrong
snarfed, barpthewire1, voxpelli, leg, KevinMarks, deathrow1 and [eddie] joined the channel
#
[eddie] !tell jeremycherfas Interesting. Good to know! Do you have the latest Known code or an older version?
#
Loqi Ok, I'll tell them that when I see them next
#
dgold oh, [eddie] ...
#
jeremycherfas I'm on version = "0.9.9" build = 2017051501
#
Loqi jeremycherfas: [eddie] left you a message 2 minutes ago: Interesting. Good to know! Do you have the latest Known code or an older version?
#
[eddie] Hey there, dgold! The Microsub endpoint in the header should be enough
#
[eddie] But you should also have a read scope
#
dgold did you have to additional wrangling/wrassling with aperture to get the scopes working?
#
dgold I do have a read scope
#
dgold read follow block mute channels
#
[eddie] Nope, it just worked for me. That said it worked after I submitted two PRs so, you’ll want to be sure you have the latest code from aaronpk’s branch
#
dgold how do I check the scope being acquired by indigenous
#
[eddie] Hmmm that’s a good question. I think I need to add that in to the account debug screen because I don’t think there is currently a way to see that 😕
#
[eddie] Headed out to an appt, be back in an hour or two
#
Zegnat If the auth token is in de debug screen, you can make a request with that to your token endpoint yourself dgold. The token endpoint will tell you what scopes that token has.
eli_oat joined the channel
#
Zegnat Looking at the aperture code, I think we can also cheat if you need some scopes in there without regenerating the token in indigenous. But probably best not to start of with a hack :P
#
dgold Zegnat: hmmm. how do I make that request?
#
Zegnat https://indieauth.spec.indieweb.org/#authorization-code-verification-0
#
Zegnat No, sorry, wrong link
#
Zegnat https://indieauth.spec.indieweb.org/#access-token-verification - is what you want. Just go a GET request to your token endpoint, with the Authorization header filled with the token that Indigenous is using.
#
Zegnat In your case `curl -H "Authorization: Bearer %%%" https://tokens.indieauth.com/token` on the command line should do the trick. just replace %%% with the actual token.
snarfed and leg joined the channel
#
jeremycherfas Zegnat You remember that business about finding out the fields Known will accept by using a GET to the endpoint? Does it have to be an authenticated request?
#
jeremycherfas When I try a very simple request https://stream.jeremycherfas.net/status/edit I seem to get the content of the page, not the response I am looking for.
#
jeremycherfas I suppose I need to generate the secret details and try again with that.
snarfed1 joined the channel
#
dgold read follow mute block channels
#
dgold but it still gets 400 from aperture
#
Zegnat It has to be a POST request. It can probably be done with either your current session (as you have it in the browser), or by passing the API key in a header
#
Zegnat jeremycherfas ^^^
#
Zegnat dgold. Hmm. Then I can’t comment I’m afraid. I don’t run Aperture my self :(
#
jeremycherfas Zegnat, but "Many pages report some basic information about them by making GET requests, so for example, making a GET request to the same /status/edit endpoint will return, among other things, available syndication methods and the type of object being created."
#
jeremycherfas http://docs.withknown.com/en/latest/developers/plugins/api/#working-examples
#
dgold its fine, Zegnat, I may have to wipe and reinstall - keeping the .env settings of course
#
aaronpk dgold: that sounds strange
#
aaronpk making breakfast but will help in a bit
#
Zegnat jeremycherfas I never actually checked where the code is that does the whole “every page is an API” thing.
#
Zegnat I just checked the saveDataFromInput methods on the different Entity classes to figure out what inputs were allowed.
#
jeremycherfas No worries. I'll get there. Got to get my bread goihg.
[gerwitz] joined the channel
#
[gerwitz] y’all talk about food in here too much. Now I’m hungry.
#
dgold aaronpk: don't worry about it - I reinstalled
#
dgold this time it brought in a whole lot more dependencies, now it functions.
#
dgold I appear to have done 'something' to my gnutls package at some point, I had to fix that first
#
Zegnat [gerwitz], go subscribe to jeremycherfas’ food podcast. It is good ;)
#
dgold +1 to that suggestion
#
dgold its as good (in its way) as 99pi
#
aaronpk oh funny
#
[gerwitz] (If it doesn’t have “veg” in the title, it’s probably not gerwitz-compatible)
#
dgold [gerwitz]: jeremy's 'cast does veggie. and bread
#
dgold he had a great one a little while ago about US Food Policy in the 70s and 80s, got to speak to some of the architects of the policy too
#
jeremycherfas The hard thing about working on Known's "each page is an endpoint" thing is that each type of page requires a different signature for authentication. Which is a real pain.
#
jeremycherfas !tell cweiske should I uninstall my older version of shpub before getting the new one?
#
Loqi Ok, I'll tell them that when I see them next
#
Zegnat Alright. I should have left a review now. I think. My iTunes is acting real weird :/
#
Zegnat woops, wrong channel
#
dgold jeremycherfas: you can just delete the binary
#
dgold where are you installing it to?
#
dgold if its on your path, just copy the new one to the same location, it'll overwrite the old
#
jeremycherfas ~/bin
#
jeremycherfas It has a different version number.
#
dgold just $ cp shpub-1.2.3.php ~/bin/shpub
#
dgold you should strip the version number in use
#
jeremycherfas And weirdly, the commands that used to work with the old version, like shpub-0.6.0.phar server now give an error "shpub-0.6.0.phar: command not found"
#
Loqi it is probable
#
jeremycherfas Currently it isn't in a directory. I can try that.
#
jeremycherfas Cp rather than mv?
#
dgold mv is also good, I just use cp to keep archives of older versions
#
jeremycherfas Now I'm completely screwed. Md gives command not found. Must be something very odd.
#
dgold what's now in your ~/bin/
#
dgold (as in - what's the shpub in the bin)
#
jeremycherfas Shpub-0.7.0.phar
#
jeremycherfas But no bash commands seem to be working.
#
jeremycherfas Well, ls is working.
#
jeremycherfas Ah. My permssions are all screwed.
#
jeremycherfas I am the owner of my ~/bin aren't I? So surely I can mkdir in it?
#
dgold ok - why are you putting it in a drawer in your ~/bin
#
dgold ls -la ~/bin
#
jeremycherfas Because cweiske says `$ mv /path/to/shpub-x.y.z.phar /usr/local/bin/shpub`
#
jeremycherfas And you suggested the same, no?
#
dgold but... you're not putting it in /usr/local/bin, you're putting it in ~/bin
#
jeremycherfas Yeah, sorry. I did edit the command.
#
dgold then just $ mv /path/to/shpub-x.y.z.phar ~/bin/shpub
#
dgold don't put it in a _drawer_, then you'll have ~/bin/shpub/shpub-x.y.z.phar
#
jeremycherfas What were you saying about renaming the phar file?
#
dgold there's no need to do that if you do the $ mv command as outlined
#
dgold @ 15:57:24
#
dgold (my time)
KartikPrabhu and [eddie] joined the channel
#
@jacobian Has anyone done a Django implementation of micropub and webmention? (twitter.com/_/status/962002367074873344)
#
@jacobian webmention: https://github.com/easy-as-python/django-webmention looks promising (twitter.com/_/status/962002900409974784)
snarfed, tantek, KevinMarks and jackjamieson joined the channel
#
jackjamieson.net edited /Yarns_Indie_Reader (-17) "Removed mention of support for micropub (Yarns does not support micropub)" (view diff)
[eddie] joined the channel
#
[eddie] !tell aaronpk: Does Aperture have any way to funnel posts into the notifications channel? The Microsub spec defines a home and notification channel but I’m not sure how Aperture deals with those right now
#
Loqi Ok, I'll tell them that when I see them next
#
aaronpk not yet
#
aaronpk actually
#
aaronpk now that there's a micropub endpoint, you can write posts to the notifications channel
#
aaronpk one of my plans it to make Aperture handle home page webmentions and have those go into the notifications channel. but you could kind of hook that up manually right now if you wanted
#
[eddie] Does the notification channel exist? Where I could Micropub to it? Or no, it doesn’t exist in Aperture yet?
#
aaronpk it does
[miklb] joined the channel
#
[miklb] aaronpk how did you set up your syndicate-to for Twitter to use with micropub for likes and reposts?
#
[eddie] 🙌 gotch
#
[eddie] Gotcha*
#
aaronpk if you make an api key from that channel you can use it as the micropub access token and the posts will be written to that channel
#
aaronpk the micropub endpoint is just /micropub
#
aaronpk [miklb]: my site recognizes when a post has a Twitter POSSE copy, finds the twitter URL, then passes that to silo.pub to send my copy of the like to twitter
#
aaronpk it was a bit of code to make that work but not too bad. and silo.pub doing all the API work made it a lot easier
#
[miklb] I hadn’t thought about silo.pub, I was looking at using the existing bridgy one in GWG’s plugin. I guess I need to look at what is returned in the micropub like/repost to know exactly what property I can check for. Thanks
#
[miklb] this feels like it is moving from an itch to a blocker and I want to solve it once and for all
#
[eddie] [miklb] a like/repost would return the url of the item liked or reposted. So you would want to first, check if the url is a Twitter url. If so, Bridgy/silo.pub it. Secondly, if it’s not a twitter url, parse it for microformats and check for any twitter u-syndication links, if so Bridgy/silo.pub it
#
[miklb] [eddie]++
#
Loqi eddie has 18 karma in this channel (36 overall)
#
[miklb] I was on the right track on the first part, hadn’t thought of the second
#
[eddie] Second is definitely more complicated and not as vital. But it’s an option for completeness.
#
aaronpk that was the part I solved last month
#
aaronpk it was annoying me that I wasn't doing it
#
[miklb] GWG has probably already done the heavy lifting for that second part in WordPress, I’ll just need to find the function to tie into
#
snarfed bridgy publish also checks for synd links itself, so alternatively, you could just attempt to bridgy publish everything, and let it fail on non-syndicated posts
#
snarfed (heH)
#
[miklb] lol. don’t tempt me
#
snarfed feel free
#
[miklb] thanks, I’d rather get more familiar with micropub, and particularly, your plugin for it. I might be too intimidated to submit any PRs, but we’ll see.
#
[miklb] s/intimidated/embarrassed don’t know how to write unit tests/
#
[eddie] [miklb] I work as a programmer full-time professionally. Over the course of the last decade, I have written less than 10 unit tests 😉 you are in good company
#
[eddie] That said I desire to write more, but things get in the way, in hobby projects and in the everyday 9-5 world
#
snarfed alternative perspective: i work as a programmer full time too. over the last two decades, i can probably count on one hand the things that have fundamentally changed the way i work. unit tests are at the top of that list, unequivocally for the better.
#
snarfed fwiw! :P
#
[eddie] snarfed++
#
Loqi snarfed has 30 karma in this channel (338 overall)
#
snarfed (not that i code much at work recently, but that's a different story)
#
snarfed [eddie]: over the medium and long term, unit tests will save you significantly more time than they take to write
#
Zegnat I have also had a hard time fitting unit tests into my workflow. Because I am often just working off of a very specific specification on the inputs and outputs already.
#
[eddie] I think Unit Tests are amazing. If you can, do it :thumbsup: But never be ashamed that you can’t write them. They are, as Snarfed pointed out a time saving optimization
#
[eddie] They are totally on my list of things to start doing
#
[eddie] But Unit Tests don’t a programmer make 🙂
#
[miklb] oh, sure. But a contributor to snarfed’s work they do
#
[eddie] ahhh
#
[eddie] lol makes sense
#
snarfed [eddie]: they're bigger than just a "nice to have" imho, especially for anything that matters.
#
snarfed most things we do here are side projects, for fun, so sure, they're not "required" for most of our projects.
#
snarfed but anything remotely production quality or scale...i'd have a hard time taking at all seriously without comprehensive automated tests.
#
snarfed 20y ago, maybe. now, no.
#
aaronpk I find it really hard to write unit tests for larger projects, especially when there's a UI involved. but I'm a huge fan for libraries and other self-contained parts of a project.
#
snarfed agreed! unit testing UI is still hard, selenium etc notwithstanding. but yeah, that still leaves a huge majority of code very testable.
#
[eddie] Hopefully I’ll be able to get into it more at work, we use Angular and so part of our current programming cycle, one of our people has started up integrating the Angular testing stuff into our programming environment
#
[eddie] So I think it’s coming
#
snarfed great!
#
aaronpk and yeah I have never regretted writing unit tests when I do
#
[eddie] At guess it’s at this point in the convo (UI) that I should point out I’m a UI Engineer.
#
[eddie] 😆
#
dgold oh, wow, my notes on getting Watchtower & Aperture working are looong. I don't think I can get these made into blogposts
#
[miklb] I just haven’t found the right environment and timing to learn them. Maybe if what I come up with for the micropub plugin will be my first foray. I trust snarfed to be helpful in the PR
#
snarfed [eddie]: aha yeah, understood. still doable, but often harder
#
aaronpk dgold: you could send a PR to the readme from them
#
snarfed [miklb]: sure!
#
dgold aaronpk: i think that would be the better approach.
#
aaronpk or maybe add to a DONTREADME.md 😂
#
dgold I'll start reading your READMEs to get idea of how you like them written
#
aaronpk XRay is probably one of my better documented ones if you want a good example https://github.com/aaronpk/XRay
#
Loqi [aaronpk] XRay: X-Ray returns structured data from any URL
#
Zegnat I find I am writing a lot of code that depends on HTTP stuff. And just having to do all the Request object mocking already turns me off of writing the tests. But I’ll get over that some day.
#
dgold :) that was one of the two that I was looking at - that and Compass
#
aaronpk Zegnat: yeah that's harder for sure. I spent a long time doing the setup for that in XRay but it's totally worth it now.
#
Zegnat Diactoros actually seems to come with a really nice Request serialiser and unserialiser. Now that I have done some projects with that lib, I have been thinking about writing tests again.
#
snarfed while you all are here, feel free to beta test a new feature on https://brid.gy/ i just deployed!
#
aaronpk whoaaaa
#
snarfed only publish right now
#
snarfed hopefully backfeed eventually
#
aaronpk nice
#
KartikPrabhu wait what beta test?
#
KartikPrabhu I don't see anything new
#
snarfed look again :P
#
KartikPrabhu github?
#
snarfed yup
#
KartikPrabhu has logo blindness :P
#
KartikPrabhu what is nascar
#
Loqi The NASCAR problem is a reference to the jumble of branding icons on websites, e.g https://indieweb.org/nascar
#
snarfed yuuup
#
snarfed irony
#
[eddie] hmmmm I think I’m literally blind or something is fishy. lol I don’t see GitHub anywhere
#
snarfed [eddie]: end of the first line of buttons? refresh?
#
snarfed oh nm, sorry, let me clear a cache
#
[eddie] I see Flickr all the way to the right.
#
dgold no, literally, what is nascar?
#
snarfed fixed
#
[eddie] There it is! Woo!!
#
snarfed sorry
#
[eddie] Excited! Nice work!!
#
[eddie] snarfed++
#
dgold what does it do, snarfed?
#
[eddie] GitHub integration on Bridgy Publish, allows you to post a like of a GitHub repo to your site and then syndicate that into a GitHub repo star. Or post an issue or comment on your site and copy that GitHub
[cleverdevil] joined the channel
#
[cleverdevil] snarfed++
#
Loqi snarfed has 31 karma in this channel (339 overall)
#
[cleverdevil] Can't wait to find an excuse to try it, LOL.
#
[cleverdevil] Super cool 🙂
#
[eddie] the same way Bridgy Publish works with Twitter and Facebook
#
[eddie] Uhoh, aaronpk, close down the issue sections of your repos!
#
[eddie] 😆
#
aaronpk haha
#
Loqi nice
#
[cleverdevil] So, basically, you create a post in-reply-to a GitHub issue on your site, and then Brid.gy will crawl and syncidate it over to GitHub?
#
[eddie] I think you have to Webmention it the way you do Twitter and FB
#
[eddie] I of course am just guessing based on past conversation and bridgy publish past experience
#
snarfed yup. interactive via the UI on your bridgy user page, or via webmention, same as the rest
#
[eddie] posts a message on my site and now waits for Jekyll to rebuild before I can test it
#
snarfed only issues and comments right now, no stars yet, but good feature request
#
[miklb] well, that just changed everything
#
[miklb] snarfed++
#
Loqi snarfed has 32 karma in this channel (340 overall)
#
[eddie] :thumbsup: gotcha
#
snarfed still very beta!
#
[eddie] issues have the repo in the in-reply-to field and comments have the comment url in the in-reply-to field?
#
snarfed s/comment url/issue or PR url/
#
snarfed http://localhost:8080/about#github-issue-comment
#
snarfed lol
#
snarfed https://brid.gy/about#github-issue-comment
#
[eddie] Oh wow you already documented it!
#
[eddie] Talk about being on it!
#
dgold snarfed++
#
Loqi snarfed has 33 karma in this channel (341 overall)
KevinMarks, tantek and chimo joined the channel
#
[cleverdevil] It works! https://github.com/idno/Known/issues/1991#issuecomment-364557504
#
Loqi [cleverdevil] While I think a Gallery object would be nice, eventually, I am not convinced that its necessarily the best way to go here. Its my understanding that pretty much all Entities support attachments, so doing it in the near-term in a more cross-cutting wa...
#
[cleverdevil] Nicely done, snarfed 🙂
#
snarfed thanks!
#
snarfed waits for tantek to notice, http://tantek.com/2018/015/t1/made-destination-figured-out-newwwyear and all
#
Loqi [Tantek Çelik] Made it to my destination safe and sound.Figured out the next big thing I want to build for my site for the #newwwyear:* POSSE issues^1 and replies to GitHubas part of my #indieweb 2018 stretch goal of owning/POSSEing all* my public posts, specifical...
#
tantek uh oh
maingo and KevinMarks joined the channel
#
loqi.me created /FOSDEM_2018 (+24) "prompted by tantek and redirect added by tantek" (view diff)
[stefp] joined the channel
#
tantek.com edited /IWS (+0) "2018" (view diff)
#
tantek.com edited /IndieWeb_Summit (+0) "2017" (view diff)
#
tantek.com edited /Summit (+0) "2018" (view diff)
#
tantek.com edited /IndieWebSummit (+0) "2018" (view diff)
AngeloGladding, snarfed and [jjdelc] joined the channel
#
tantek.com edited /MediaWiki:Sidebar (-13) "summit" (view diff)
#
tantek.com edited /next-iwc (-10) "until something sooner" (view diff)
KevinMarks joined the channel
#
tantek.com edited /MediaWiki:Sidebar (+0) "next hwc" (view diff)
#
tantek.com edited /next-hwc (+0) "next main" (view diff)
#
tantek [jjdelc]: come to the [#dev] side! >:D
#
[jjdelc] joins
#
stephenpieper.net created /User:Stephenpieper.net (+154) "Created page with "https://stephenpieper.net I've been adding bits and pieces of Indieweb structure to my personal Worpress site. Plugins mainly but I'd like to learn more."" (view diff)
#
[jjdelc] I suppose since I'm making the endpoints, my protocol understanding questions are dev related
#
tantek [jjdelc]++ :)
#
Loqi jjdelc has 1 karma
[eddie] joined the channel
#
stephenpieper.net edited /User:Stephenpieper.net (+23) (view diff)
#
[jjdelc] [aaron_pk] thanks for your help, I am now parsing the mentions more properer 🙂 https://jj.isgeek.net/2018/02/09-014847-am/
#
Loqi [Jj] Fri 09 February 2018 https://bm.isgeek.net/7b/2e/96c15e29708571efdda9ce317596d43eb3db4739a63c828405a0e2ce1233.jpg
snarfed joined the channel
#
[jjdelc] Loqi, thanks but that preview wasn't necessary for the unrelated post
#
tantek folks here may have a tangential interest in this proposal, feel free to follow-up in #microformats: https://chat.indieweb.org/microformats/2018-02-09/1518215307772500
#
Loqi [tantek] Proposal: we close all classic mf (AKA mf1) examples-in-wild pages as of 2017, noting that 1. They have been so successful (millions of WP blogs etc.) that no need to track individual examples anymore, and 2. Anyone adding microformats today should b...
[kevinmarks] joined the channel
#
tantek reads up on new bridgy feature
#
tantek ooh interesting - there's a double-auth scenario here
#
tantek snarfed, in the OAuth prompt to Authorize Bridgy, there's a list of "Organization access" and they're all green checkmarked, except for one, which has a grey x instead next to it, and a "Request" button
#
snarfed tantek: yup that's common. orgs can choose their default level of oauth app access
#
tantek clicking the Request button puts up a dialog box "Send request for approval?"
#
snarfed (doesn't really apply to this bridgy feature)
#
snarfed heh. feel free to try it
#
tantek "Owners will receive an email regarding your request. "
#
snarfed that request goes to the org owners, not to bridgy
#
tantek "By requesting this approval, you are asking owners of the ACME organization to allow this application to access private organization data and modify public organization data."
#
tantek why is Bridgy requesting access to private organization data?
#
snarfed huh, bridgy only asks for the public_repo scope, which afaik is only public data
#
tantek is there a way to further constrain the OAuth scope request to not trigger that?
#
snarfed github's language may not pay enough attention to the scope
#
tantek yes it still shows only Public repos for all orgs
#
snarfed good
#
snarfed the write permissions are still overly broad (commits etc), but github doesn't have any finer granularity
#
tantek however I think this will happen for any org you have write permission to but are not a co-owner of
#
snarfed https://developer.github.com/apps/building-oauth-apps/scopes-for-oauth-apps/#available-scopes
#
tantek ok I took screenshots
#
tantek going to start conservative and *not* request that extra access
#
snarfed oh definitely
#
snarfed again, it's pretty common, i saw the same thing
#
tantek in the hopes that in the future we can make Bridgy somehow not request it, or get Github to fix the default
#
tantek it's weird because I'd still like to use Bridgy to make public comments/commits to that org's repos
#
tantek but seemingly I can't ask for just that?
#
tantek also the button says "Authorize snarfed" lol
#
snarfed no, i think those org permissions are for acting as the org, not acting as you
#
tantek is this a private beta :)
#
snarfed you can bridgy publish to any public github repo. orgs are unrelated
#
tantek interesting
#
tantek then this is confusing / misleading on github's part
#
snarfed not private beta, just soft launch
#
tantek got it
#
tantek would you want to use the indieweb org eventually?
#
snarfed yes. see the scopes page above. they're somewhat granular, but could be more
#
tantek or maybe make Bridgy its own GitHub account?
#
tantek or maybe make a Bridgy org?
#
snarfed orgs really are unrelated to bridgy publish. afaik you can't comment as an org, only as a user
#
tantek (on GitHub)
#
tantek different problem
#
snarfed no, no, that's all totally unrelated to this functionality
#
tantek sorry
#
tantek "Authorize snarfed" is the green button
#
tantek should that say instead say
#
tantek "Authorize Bridgy"
#
snarfed ohhhh
#
tantek or "Authorize indieweb"
#
tantek etc.
#
snarfed sure ideally. yeah maybe you can do that as an org. very low priority for me.
#
tantek (these are the kind of nitpicky UI details that jump out at me)
#
tantek especially for a security related UX
#
snarfed i'm sure it was a very explicit design decision on github's part
#
tantek like we all that know you trust you
#
snarfed emphasizing that this isn't github, emphasizing the individual people who run it, etc
#
tantek but if we want to abstract this into trust for the service rather than an individual, it may be worth creating a separate org / account
#
tantek also bus factor etc. :)
#
snarfed yup
#
snarfed already mitigated a bit, kylewm has push access, oauth keys, deploy access, etc
#
snarfed (fwiw)
#
tantek to act as you?
#
snarfed no, to admin all the parts of bridgy
#
tantek uh really hope you have this snarfed: https://github.com/bridgy
#
snarfed nope not me
#
tantek snarfed, given the recent scares about github accounts going away (people deleting) and getting replaced by new users with same username, where such accounts used to host libraries that got included in things, this is worth thinking about
#
snarfed account created in 2011 :P
#
tantek sooner rather than later
#
tantek presumably you saw that right? (account deletion, recreation by another party)
#
snarfed heh, i hadn't but i can imagine
#
snarfed fortunately github creds are unrelated to actually *deploying* bridgy, and also usually for pushing new versions of libs to package managers
#
snarfed does github really let people reuse usernames after their accounts are deleted?!? that's really irresponsible
#
tantek snarfed here you go: https://donatstudios.com/GithubsTotalSecurityFacepalm
#
snarfed yeah no shit
#
snarfed disappointing
#
tantek now you see my concern
#
tantek this is hot now: https://twitter.com/search?q=github+security
#
tantek happened two days ago: https://twitter.com/weekstweets/status/961304627596623874
#
@weekstweets This morning, the creator of go-bindata deleted their GitHub account and someone else created a new account under the same name. Another reason to pay closer attention to the provenance and security of your software supply chain. https://lnkd.in/dvWXU_4 (twitter.com/_/status/961304627596623874)
#
snarfed again, fortunately, not a vulnerability for bridgy specifically
#
tantek agreed, and that's not my point
#
snarfed sure
#
snarfed interesting tangent
#
tantek my point is people are more "sensitive" about looking at anything related to Github and security right now, so "Authorize snarfed" being the big green button while the header at the top says "Authorize Bridgy" is likely to raise some red flags
#
tantek (bad timing as it were)
#
snarfed understood
#
snarfed tomorrow it'll be some other scare and we'll forget about this one :P
#
tantek that github/bridgy account has done nothing
#
tantek since being created 2011-11-23
#
tantek probably worth seeing if github will free it up for actual Bridgy use
#
aaronpk For a while IndieAuth.com said "authorize aaronpk" lol
#
snarfed lol. username reuse is bad; let's ask to reuse a username
#
aaronpk github changed that button at some point and didn't tell anyone
#
tantek is it *re*use if it was never actually used for anything?
#
snarfed (this one hasn't done anything public, granted)
#
snarfed nothing *public*
#
tantek my suspicion is nothing period
#
snarfed or authed into third party services
#
[kevinmarks] Though if they have made private repos they are more profitable for github
#
snarfed anyway. i'll probably avoid the admin tax etc of a separate org or username for bridgy, but i understand your concern!
#
tantek ok I'll ask on your behalf
#
tantek which yes means I'm willing to serve as another contact for that
#
snarfed i probably still wouldn't use the bridgy username. juggling multiple github accounts sounds like a bad time, ongoing, for an iffy workaround to a narrow problem
#
snarfed (thank you though!)
#
aaronpk Could get it turned into an org maybe
#
aaronpk Multiple user accounts are annoying for sure
#
snarfed yeah, slightly better. still not sure of the admin tax though
#
aaronpk Probably have a better argument to make to request it for an org than a user anyway
#
snarfed first let's see if anyone actually uses this feature, and if anyone else cares about the UI nit, then maybe it'll be worth revisiting
#
snarfed although, actually, this is totally unrelated to where the code is hosted. it's just about which github account owns the oauth app. which makes it maybe easier to admin.
#
snarfed anyway
#
tantek aaronpk yes org is the goal
#
tantek that's what I'm requesting
#
tantek request submitted
#
tantek let's see what happens
#
[eddie] snarfed: for what it’s worth I thought “That’s very strange that it says Authorize Snarfed... oh well it’s a Beta” if I came in from outside the community and saw it I would have been pretty confused. That said, I’m not the most security conscious so I very well might have used it anyway
#
[eddie] But it did raise a red flag
#
tantek GitHub << 2018-02-07 GitHub allows account deletion, recreation by another party, with library dependency: https://twitter.com/weekstweets/status/961304627596623874 and more: https://donatstudios.com/GithubsTotalSecurityFacepalm
#
@weekstweets This morning, the creator of go-bindata deleted their GitHub account and someone else created a new account under the same name. Another reason to pay closer attention to the provenance and security of your software supply chain. https://lnkd.in/dvWXU_4 (twitter.com/_/status/961304627596623874)
#
Loqi ok, I added "2018-02-07 GitHub allows account deletion, recreation by another party, with library dependency: https://twitter.com/weekstweets/status/961304627596623874 and more: https://donatstudios.com/GithubsTotalSecurityFacepalm" to the "See Also" section of /GitHub
#
tantek GitHub << ... more: https://blog.sonatype.com/hijacking-of-a-known-github-id-go-bindata and https://twitter.com/francesc/status/961249107020001280
#
@francesc 📢 #GOLANG WARNING go-bindata creator deleted their @github account and someone else created a new account with the same name. There's no guarantees that the new user has good intentions, so if you're using the repository make sure you verify it first! https://github.com/jteeuwen/go-bindata (twitter.com/_/status/961249107020001280)
#
Loqi ok, I added "... more: https://blog.sonatype.com/hijacking-of-a-known-github-id-go-bindata and https://twitter.com/francesc/status/961249107020001280" to the "See Also" section of /GitHub
#
tantek GitHub << ... more: https://www.reddit.com/r/golang/comments/7vv9zz/popular_lib_gobindata_removed_from_github_or_why/
#
Loqi ok, I added "... more: https://www.reddit.com/r/golang/comments/7vv9zz/popular_lib_gobindata_removed_from_github_or_why/" to the "See Also" section of /GitHub
#
tantek ok that's enough on that
#
tantek new tangent
#
tantek back to auto-linking, in particular, @-names
#
tantek there was a question of whether that should be done publish time or view time, also clientside or serverside (which I think is orthogonal?)
#
snarfed lol, and you're still not signed up for bridgy github 😂
#
tantek given that most services that use @-references allow username renaming (and account deletion / recreation by another party), there is the risk (and likely real examples already out there) of autolinked @-names that no longer refer to who they used to when the authoring was done
#
tantek (snarfed, sorry, this is what happens with depth-first traversal)
#
snarfed ah "new tangent"
#
tantek e.g. CASSIS auto_link does the simple/dumb thing of "just" prefixing with twitter.com/
#
tantek whereas now I'm thinking there needs to be a *publish-time* auto-linking step which captures the *user-id* of the @-name at publish time, and stores that in the post content
#
tantek and then the auto-linker should turn that *user-id* into an actual linked @-name at view-time (whether on client or server)
#
tantek does anyone actually do this?
#
snarfed assuming the silos don't also reuse the user id :P
#
tantek snarfed, short of domain name re-use (e.g. poco domain :P), I don't think so
#
tantek let's just say for the sake of argument that user id re-use is far less common than username re-use
#
snarfed domain reuse actually seems more important to consider for us specifically than silo accounts
#
tantek so that aspect of auto-linking is also broken currently
#
tantek now my head is starting to hurt
#
tantek because how do you know when a domain has been re-used / re-owned in an incompatible way with the past?
#
tantek blacklist?
#
tantek what happens if ownership is restored? e.g. upcoming.org
#
tantek two sidetables can help differently
tomasparks joined the channel
#
tantek for all @-names in a post, the server should discover their user-ids and store them at publish-time as @-name,user-id pairs in a sidetable, for future auto-link resolution
#
tantek for all *links* in a post, the (publishing) server should store the publish-time archive.org URL for each (because of course the publishing server is already pinging archive.org to Save each link right? which returns the archive.org URL for it) in a sidetable
#
tantek these are both sidetables on the post in storage
#
tantek sidetables must be updated whenever the post is updated
#
tantek while keeping any changes/history? e.g. if an @-name to user-id changes, that's worth warning the user about (and likely keeping the original @-name to user-id mapping)
#
tantek and for archive.org links, just keep each version with each update
#
tantek s/just//
#
tantek that's enough information to auto-link to the current @-name for any given user-id captured at publish-time.
#
tantek and if (when?) you find out a link (domain?) has broken, you add it to a deadlinks table (manual update?) which then is a clue to the auto-linker to use the most recent archive.org URL from that sidetable instead
#
snarfed ideally you even rewrite existing links
#
tantek existing links in notes are all written at view time anyway by the auto-linker
#
tantek fix-up for static (non-auto-linked) hyperlinks in /articles (or other content stored as markup) is a separate problem
#
snarfed right, anything with html
#
tantek (but yes, likely solvable using same datastructures / storage)
#
snarfed separate sure, but related
#
tantek snarfed, no, not just HTML. content stored as *any* markup
#
tantek including markdown
#
[kevinmarks] The piece that makes this even more painful is @ mapping across posse service's
#
snarfed sure, of course
#
tantek markdown has the same problem
#
tantek explicit static hyperlinking
#
tantek at publish time
#
tantek KevinMarks: I think the cross-service @-mapping is orthogonal and pretty sure it doesn't complexify this at all
#
[kevinmarks] The concrete example is instagram, which will remap @'s if the instagram userid has been mapped to a different twitter id and verified by OAuth
#
tantek "this" meaning the need to fix the auto-linking for changes in usernames over time
#
[kevinmarks] So if I @ name without a domain, the context is messy
#
tantek that's already true without considering the username changing / re-use problem
#
tantek so I assert that's orthogonal
#
tantek kevinmarks btw IG has this problem
#
tantek the references to @-names changing over time
#
tantek just all by itself
#
tantek or rather half a problem
#
tantek two examples:
benwerd joined the channel
#
tantek 1. if you @-mention a name in an IG caption/comment, that will always link to instagram.com / thatname and never be updated, regardless if the owner of "thatname" changes it to "anothername"
#
tantek so either those @-mentions break or you end up with old captions/comments linking to new/different accounts than they did when they were written!
#
tantek 2. if you person-tag someone in an IG photo, that *does* get auto-updated
#
tantek IG person-tags are storing their IG user-ids and then displaying (linking) the @-name at view time
#
tantek (yes I have found specific examples of this, but with private accounts that I can't share publicly. you should be able to verify the above with a pair of accounts and publishing from one referencing the other, renaming the other)
#
tantek so step one - anyone who is auto-linking @-names or links, get and save the user-id for each @-name at publish time, and get and save the archive.org URL for each plain text URL at publish time
#
tantek then in the future you can do step two and improve your auto-linking code to use said storage (either always or when necessary)
#
tantek head still hurts
#
tantek.com edited /GitHub (+62) "move all the related things from See Also to a new issues / Account reuse is potential security issue" (view diff)
snarfed joined the channel