#dev 2018-04-03

2018-04-03 UTC
[kevinmarks] joined the channel
#
[kevinmarks] Hugo++
#
Loqi hugo has 1 karma
#
wiobyrne.com created /User:Wiobyrne.com (+1395) "/* Ian O'Byrne */" (view diff)
renem, mblaney and [miklb] joined the channel
#
tantek.com edited /repost (+128) "move a missing example to past" (view diff)
j12t and j12t_ joined the channel
#
GWG What does an authorization endpoint need to know about a code in order to verify it?
leg joined the channel
#
aaronpk It needs to know whether it issued the code and whether it has expired
#
GWG Trying to write the code for that now.
#
GWG It also doesn't say what the error response is.
#
aaronpk This should cover it https://tools.ietf.org/html/rfc6749#section-4.1.2.1
#
aaronpk Oops
#
aaronpk https://tools.ietf.org/html/rfc6749#section-5.2
#
aaronpk That one
#
GWG I'm getting closer.
j12t joined the channel
#
GWG My authorization endpoint just signed me into Quill.
#
GWG So, it works.
#
GWG Maybe
#
GWG aaronpk, after I finish refining it, might I prevail on you to tell me where I am going wrong?
KartikPrabhu, tantek and jalcine joined the channel
#
jacky.wtf edited /IRC_People (+180) "Added myself to the page." (view diff)
#
jalcine ^ issa me! :)
AngeloGladding joined the channel
#
jacky.wtf edited /User:Jacky.wtf (-7) (view diff)
#
Zegnat jalcine++
#
Loqi jalcine has 1 karma
barpthewire joined the channel
#
lahacker.net created /User:Lahacker.net/common.js (+69) "Created page with "document.querySelector("body").style["background-color"] = "#3399ff";"" (view diff)
tbbrown joined the channel
#
lahacker.net edited /User:Lahacker.net (+153) (view diff)
j12t and sebsel joined the channel
#
lahacker.net deleted /Template:solarized.js "Empty Content"
j12t joined the channel
#
unicyclic.com mal edited /web_hosting (+66) "/* Virtual Private Server */" (view diff)
#
unicyclic.com mal edited /web_hosting (+377) (view diff)
[kevinmarks] and j12t joined the channel; mblaney left the channel
#
sknebel shouldn't the "content" in skippys repost example be on the h-cite and not the h-entry?
#
Zegnat gives it a look
#
Zegnat The retweet.md from the gist, sknebel?
#
sknebel yes
#
Zegnat No, not in this specific case. Note how the content starts with “RT @estherschindler”. This isn’t the content of the actual tweet that is being reposted.
#
Zegnat It is a little weird. It seems to be saying the h-entry is a repost, but the content of the h-entry is different from the post it is “reposting”. Edge case?
j12t joined the channel
#
Zegnat It seems to be the mf2 enhanced HTML representation of a tweet skippy made at https://twitter.com/smerrill/status/969383439429402624, and that tweet itself is a retweet of https://twitter.com/estherschindler/status/969325187521904641. Although it seems the original retweet under skippy’s account is now being forwarded by Twitter to the one by estherschindler
#
@smerrill RT @estherschindler: @CarlaSchroder Some want to be great at their jobs; others just want to be paid. You can guess which ones get repeat… (twitter.com/_/status/969383439429402624)
#
Zegnat Down the rabbit hole! :P
#
Zegnat Oh, look, Loqi can still fetch the original retweet, even though I can’t access it in my browser at that URL
#
sknebel sure, but I would have put the retweetet tweet in the h-cite and the "RT @..." just as text only decoration
#
Zegnat Yes, that would have worked. I am guessing this is somehow limited to what the Twitter backup is giving? Some more recent retweets may not include the RT prefix.
#
sknebel ah
#
sknebel could be
#
Zegnat sknebel, you would have expected something like this? http://pin13.net/mf2/?id=20180403093409024
jeremycherfas joined the channel
#
Zegnat skippy, possible inspiration ^^^
#
sknebel Zegnat: think so, yeah
#
sknebel the example on /repost seems to do the same
#
Zegnat Yeah. I can totally see why this is a problem when you are using base data that includes added text like “RT @...” though.
#
sknebel yep, thats a reason I didn't think about
j12t joined the channel
#
skippy indeed. the raw export, and the generated outut from Granary using that export, constrains my ability to tailor the content precisely.
#
skippy when I start posting directly from a micropub endpoint and syndicating to Twitter from there, I'll have more control over the formatting, I think.
#
skippy suggestions for proper markup are appreciated.
#
skippy explicit hand-holding on how to do it properly is specifically appreciated! I'm still struggling to comprehend all of this.
#
Zegnat skippy, I tend to tweak my markup on a per-post basis, but that is bringing a lot of mf2 fundamentals with me in the back of my mind.
#
Zegnat And honestly there is never one-true-way when it comes to microformats. Just look to make available for parsing any data you would want to see available if you were interperting a page :)
#
skippy sure. but i dont want to get into lovingly hand-crafting markup for all 9K tweets in my export. I'm already resigned to the fact that I've lost a lot of media elements when I brought them in.
j12t joined the channel
#
skippy for anyone interested, here's the Python script I wrote to use Granary to make Markdown from the Twitter export: https://github.com/skpy/twitter-granary-hugo/blob/master/twitter-granary-hugo.py
#
skippy it's not elegant, by any means, but it got the job done. :)
#
sknebel skippy: great! add a link to that to the /Hugo (and maybe also /Twitter) pages in the wiki so it doesn't get lost?
#
sknebel curious, does the export just not have the media references or why are they lost?
#
petermolnar skippy: os.makedirs does the same as system mkdir -p (python3 though)
#
sknebel os.makedirs isn't new with py3
#
sknebel so safe to use
#
skippy yeah, i use it makedirs later on.
#
skippy https://github.com/skpy/twitter-granary-hugo/blob/master/twitter-granary-hugo.py#L36
#
skippy as for media, I just didnt work the Granary API well enough to preserve them, I htink.
#
skippy confirmed: media links are in the Twitter export. I'm just not savvy enough to parse them out.
loicm and j12t joined the channel
#
aaronpk GWG: absolutely, and congrats
#
skippy.net edited /Hugo (+309) (view diff)
#
sknebel skippy++
#
Loqi skippy has 2 karma in this channel (7 overall)
[jgmac1106] and j12t joined the channel
#
GWG aaronpk, I am already aware of some rules that I am not enforcing. Like checking that the redirect is on the same domain. But I will add them.
j12t, leg and [mrkrndvs] joined the channel
#
loqi.me created /credentialing (+337) "prompted by Zegnat and dfn added by [jgmac1106]" (view diff)
[kevinmarks], j12t and tantek joined the channel
#
jeremycherfas Where can I read up about what to do when the source of a webmention changes?
#
aaronpk the source URL of a webmention can't change, it would just be a different webmention
#
jeremycherfas I mean if someone edits a comment, say, that is a reply-to
#
jeremycherfas Is this https://indieweb.org/webmention-spec#Updating_existing_webmentions comprehensive?
#
loqi.me created /googl (+19) "prompted by tantek and redirect added by tantek" (view diff)
#
aaronpk yeah updating the contents at a source URL should be covered by that section
#
GWG aaronpk, what is the biggest mistake Indieauth or Oauth2 implementers usually make?
#
tantek jeremycherfas: https://webmention.net/draft/#updating-existing-webmentions
#
aaronpk haha that sounds like a trick question gwg
#
jeremycherfas Cool; thanks both.
#
GWG aaronpk, I worry.
#
Zegnat GWG: I’d say allowing a code to be used twice. That’s something that happens a lot with stateless implementations.
#
aaronpk if you're using JWTs for anything, another common error I see is people forgetting to actually validate the JWT signature
#
GWG Zegnat, I have purging the code once used as a feature exactly.
#
aaronpk tho that's more an implementation detail thing rather than a spec thing
#
GWG Aaronpk, you saw how I was storing my tokens. Same for my codes. Not stateless
#
Zegnat Nice GWG :) stateless ones have to make sure to set short time limits and validate those limits, but even then a code can theoretically be used multiple times. Having state and making sure replay attacks are impossible is good.
#
GWG Zegnat, I have the WordPress database there anyway, so I have a place to store stuff.
#
GWG I am just missing a bunch of safety checks before I will ask for some third party checks.
#
aaronpk stateless tokens aren't really useful anyway until you want to either run a bunch of front-end servers and avoid sharing a common database, or if you are operating at a massive scale like google
#
GWG I had a bunch of questions of a general nature I was trying to figure out
#
Zegnat Questions of a general nature are good too. Might even be worth turning those into a FAQ. General questions are often shared by many, and asked by few
#
GWG Such as how to explain the relationship between username and password and url
[manton] joined the channel
#
[manton] [aaronpk] I'm surprised I've never run into this, but is there a prefix convention in Micropub for custom fields in JSON that are likely server/client-specific and not really proposals for broader support? In q=config for example, I was considering adding "microblog-something": "whatever" if I need to convey some extra data to my clients.
#
Loqi [manton]: tantek left you a message 1 week, 3 days ago: any particular reason your notes put permalink/published date inside the entry-content instead of the entry-meta like your articles do on http://www.manton.org/ ? (also your articles have author in entry-meta, whereas your notes don't seem to, deliberate? or theme omission?)
#
aaronpk [manton]: yep, vendor prefixes from microformats
#
aaronpk I use p3k-* for some stuff as well
#
Zegnat There is also mp- right? If they are not supposed to be stored as part of the mf2 blob, but exist only to instruct the micropub server to do a specific thing?
#
aaronpk yes for post requests
#
[manton] Do they start with a "-" like "-p3k-something", or simply "p3k-something"?
#
aaronpk just p3k-something
#
Zegnat mf2 properties cannot start with a -
#
Zegnat GWG: interesting indeed. That might need some explaining, especially for multi-user blogs. Going to ponder an answer while eating pizza. brb
#
[manton] Perfect, thanks. I was thrown off by the microformats site examples.
#
tantek [manton] which page(s)? so we can fix them
#
GWG Zegnat, that is my first issue to figure out.
#
[manton] [tantek] http://microformats.org/wiki/vendor-prefixes
#
Loqi vendor-prefixes
#
aaronpk wow I didn't even find that page when I was looking
#
[manton] That also links to this FAQ which is more clear, though: http://microformats.org/wiki/microformats2-faq#how_do_you_use_experimental_microformats_and_property_names
#
Loqi microformats2 FAQ
#
tantek thanks [manton] !
#
[manton] No problem, thanks for pointing me in the right direction.
#
GWG Do any Indieauth token endpoints expire their tokens?
#
aaronpk I don't have a UI for it but I have done that by deleting them from my database
#
GWG Is it better to offer tokens that expire?
#
aaronpk if you provide a way for people to revoke tokens, then you can issue tokens that don't expire
#
aaronpk if you issue tokens that expire, then apps will appear to just stop working randomly
#
aaronpk and the app will most likely have to get the user to log in again, since I don't think any indieauth apps support refresh tokens
#
GWG I should improve mine
#
Loqi yea
[kevinmarks] joined the channel
#
loqi.me edited /email (+285) "tantek added "Possible IndieAuth via email brainstorming: ask them for their email (like Slack and nearly every other service), then do rel=me discover on their domain, if their domain rel=me links to that email, treat their domain as IndieAuth, send a..." (view diff)
#
loqi.me edited /email (+139) "tantek added "^^^ addendum, obv have a blacklist of bigco email providers domains that no one owns as a personal domain (gmail.com, hotmail.com, etc.)" to "See Also"" (view diff)
radedwork, snarfed, snarfed1, singpolyma and pstuifzand joined the channel
#
www.boffosocko.com edited /credentialing (+330) "see also section" (view diff)
#
www.boffosocko.com edited /Indieweb_for_Education (+58) "additions to see also" (view diff)
#
www.boffosocko.com created /OER (+494) "dfn via jgmac1106 in chat: https://chat.indieweb.org/2018-04-03#t1522768127890100" (view diff)
#
sknebel chrisaldrich++
#
Loqi chrisaldrich has 13 karma in this channel (83 overall)
#
www.boffosocko.com created /open_educational_resources (+17) "redirect to OER" (view diff)
#
tantek !tell chrisaldrich the /credentialing pages reads like vapor and has zero connection to the indieweb. there's is some bad history in this space, so unless you have real world indieweb examples, I'd like to delete that page until they exist.
#
Loqi Ok, I'll tell them that when I see them next
#
tantek.com edited /credentialing (+255) "abstract, unrelated to indieweb, beward of blockchain rebrandings" (view diff)
#
tantek 32 hours until /credentialing should be deleted for being abstract and not relevant to indieweb per reasons in the page.
#
Loqi I added a countdown scheduled for 2018-04-04 7:28pm PDT (#6275)
#
tantek !cancel 6275
#
Loqi Okay, I cancelled it!
#
tantek 30.5 hours until /credentialing should be deleted for being abstract and not relevant to indieweb per reasons in the page.
#
Loqi I added a countdown scheduled for 2018-04-04 5:59pm PDT (#6276)
#
tantek better
#
loqi.me edited /bitcoin (+185) "tantek added "2018-04-03 [https://lists.w3.org/Archives/Public/public-vc-wg/2018Apr/0001.html "Decentralized Identifiers": Bitcoin Cargo-Culture and Land Grabbing for the Top Level Names] (thread)" to "See Also"" (view diff)
singpolyma and [jjdelc] joined the channel
#
[jjdelc] hi guys, has there been a change in ownyourgram recently? I probably had an incomplete micropub implementation but had to make some changes to continue receiving updates
#
[jjdelc] apparently the request changed from being multipart to the mp endpoint and now uses the media endpoint and posts a list with the url obtained from the media endpoint
#
aaronpk You can choose which version you want on your settings page
#
aaronpk It may have upgraded you to the media endpoint version when it detected your media endpoint when you logged in
#
aaronpk But no, none of that has changed in several months
#
[jjdelc] uhm.. I see, maybe I had been tweaking with it and not remember
#
aaronpk tantek: thinking about relmeauth again... if I had an h-card on https://parecki.com that had both mailto:aaron@parecki.com and https://aaronparecki.com in it, do you think that would also work to associate my email address with my domain name? (Assuming you're given my email address to start and want to find my canonical domain)
#
tantek you don't even need the h-card. as long as those links had rel=me on it, that would be enough
#
aaronpk But Parecki.com is a shared domain
#
aaronpk So rel=me to my domain isn't appropriate
#
tantek shared domain is a different scenario then
#
tantek we were talking about email-> domain discovery
#
tantek which assumes personal domain
#
aaronpk Couldn't it also work with a shared domain tho?
#
tantek no. shared domains are a much more complex beast
#
tantek I wouldn't want to promise anything on that without some serious brainstorming about it - such a different scenario
#
aaronpk Hmm
#
tantek in terms of privacy, security, control etc.
[kevinmarks] joined the channel
#
[kevinmarks] we had problems with that before with rel-me, where people linked to a common project and rel-me chaining decided they were the same person
#
[kevinmarks] (the common project linked back)
eli_oat[m] joined the channel
#
tantek aaronpk - point being no one has ever come close to figuring it out, and it's going to take non-trivial brainstorming to do so
dgold joined the channel
#
tantek it's like doing another RelMeAuth from scratch
#
singpolyma aaronpk: couldn't you put a rel=me on https://aaron@parecki.com/ to https://aaronparecki.com ?
#
tantek which took many days of brainstorming, at least one meetup, and some prototyping
mindB and [aaronpk] joined the channel
#
[aaronpk] Oh yeah I guess it's a shared domain relmeauth problem for URLs too, aside from even involving email addresses
#
[aaronpk] singpolyma: lol that *might* work, not sure how many http clients would do that tho
#
singpolyma [aaronpk]: it's a standard part of the URL and HTTP specs, major browsers and tools like curl and HTTP libraries for lanugages I've tried support it
#
singpolyma some browsers give a warning to users visiting interactively, which is a pain, but that's not your main use case
#
[aaronpk] Even passing that url string? I thought most clients made you pass the user part in separately
#
singpolyma I am not prepared to answer for "most" but I have used user-parts in URLs with clients in PHP and Ruby with no issue
#
singpolyma the main downside is that it can't be "just a static site" server side. need at least some server config to do the routing, or a dynamic site
#
[aaronpk] Huh well I'll happily make that page redirect to my domain if it is requested with the username
#
tantek also new identity syntax to confuse people
#
tantek since pretty much no one deals with such http ... @ ... URLs
#
singpolyma Well, I think the idea here is discovery from email address. So the user just enters an email address and the client infers the https://
#
tantek on another topic, if you were using .dev for your local version of your site, you can't any more in typical browsers, because .dev is on the HSTS pre-load list
#
tantek so this is why I can't use my tantek(.)dev setup anymore: https://hstspreload.org/?domain=dev
#
tantek what is .dev
#
Loqi It looks like we don't have a page for ".dev" yet. Would you like to create it? (Or just say ".dev is ____", a sentence describing the term)
#
tantek what is local dev setup
#
Loqi It looks like we don't have a page for "local dev setup" yet. Would you like to create it? (Or just say "local dev setup is ____", a sentence describing the term)
#
tantek sigh I thought we documented how to do this
#
[aaronpk] Yeah I made an SSL cert for mine so I can keep using it
#
singpolyma what is ngrok
#
Loqi Ngrok is a utility for making local servers available on a public address https://ngrok.com/ https://indieweb.org/ngrok
#
tantek aaronpk why? that *definitely* seems like extra work
#
[aaronpk] Ngrok doesn't work so well offline ;-)
#
singpolyma [aaronpk]: fair
#
tantek what do you do when your local cert expires?
#
[aaronpk] I generated it for 10 years
#
[aaronpk] I like having HTTPS on dev anyway so I can use browser APIs that requirenit
#
GWG [aaronpk]: Can I prevail on you today? I think I need feedback. https://github.com/dshanske/wordpress-indieauth/tree/token
#
[aaronpk] I might have some time between things to take a look!
#
GWG [aaronpk]: 30% of the known web may thank you.
#
tantek what is local development
#
Loqi It looks like we don't have a page for "local development" yet. Would you like to create it? (Or just say "local development is ____", a sentence describing the term)
#
tantek local development is (or local dev, local dev setup) the practice of having a version of your site on your local machine like a laptop that you can use for development purposes, even when offline.
#
Loqi ok
#
loqi.me created /local_development (+223) "prompted by tantek and dfn added by tantek" (view diff)
#
tantek local dev setup is /local_development
#
Loqi ok
#
loqi.me created /local_dev_setup (+30) "prompted by tantek and redirect added by tantek" (view diff)
#
tantek what is local dev
#
Loqi It looks like we don't have a page for "local dev" yet. Would you like to create it? (Or just say "local dev is ____", a sentence describing the term)
#
tantek local dev is /local_development
#
Loqi ok
#
loqi.me created /local_dev (+30) "prompted by tantek and redirect added by tantek" (view diff)
#
tantek local dev << https://indieweb.org/HTTPS#Local - how to get an HTTPS cert for your local dev setup
#
Loqi ok, I added "https://indieweb.org/HTTPS#Local - how to get an HTTPS cert for your local dev setup" to a brand new "See Also" section of /local_development
#
loqi.me edited /local_development (+104) "tantek added "https://indieweb.org/HTTPS#Local - how to get an HTTPS cert for your local dev setup" to "See Also"" (view diff)
#
tantek.com edited /PHP (+4) "linky" (view diff)
[stefp] joined the channel
#
tantek.com created /".dev" (+31) "r" (view diff)
KartikPrabhu joined the channel
#
tantek js;dr << https://rauchg.com/2014/7-principles-of-rich-web-applications
#
Loqi ok, I added "https://rauchg.com/2014/7-principles-of-rich-web-applications" to the "See Also" section of /js;dr
davy_, davy__, GWG, [mrkrndvs] and [jgmac1106] joined the channel
#
tantek well I've run out of time to try to implement event location map / location POSSEing so that's not happening for this week's HWC
snarfed and leg joined the channel
#
skippy is a "repost" expected to be an unmodified share of some link / content; or can a repost also contain original commentary from me about the thing I'm reposting?
#
aaronpk If there's any additional content then it's not a repost anymore
#
tantek what is a repost
#
Loqi A repost on the indieweb is a post that is purely a 100% re-publication of another post. The act of reposting is an umbrella term that covers the general practice of republishing another post typically on the same service or silo, but more and more across sites https://indieweb.org/repost
#
tantek skippy: see https://indieweb.org/repost#Differentiating_Reposts
#
aaronpk singpolyma: curl -i https://aaron@parecki.com/
#
Loqi Aaron Parecki
#
skippy Twitter has for some time allowed adding one's own remarks to preface a retweet.
#
aaronpk hah loqi found it
#
aaronpk skippy: that's a quote tweet
#
tantek what is a quote tweet
#
Loqi A quote tweet (also known as a "retweet with comment") is a reply on Twitter to an original tweet that displays the entirety of the original in a reply-context below the reply text https://indieweb.org/quote_tweet
#
aaronpk hahaha entering https://aaron@parecki.com/ on indieauth.com finds my rel=me links on aaronparecki.com
#
Loqi awesome
#
Loqi Aaron Parecki
#
skippy so the indieweb community is drawig a distinction; where the UI and interface at twitter uses a single "retweet" mechanism for both kinds of reposting.
#
aaronpk quote tweets work completely different from retweets on twitter tho
#
aaronpk they can have a separate reply thread for example
#
aaronpk and they can get their own favorites
#
aaronpk so they are more like a regular tweet that has a link-preview embedded of the thing being quoted
#
tantek skippy, mind sharing the screenshots of what you mean by "the UI and interface at twitter" ?
#
skippy one moment
#
skippy https://skippy.net/images/tweet.png
#
skippy the second button is the "retweet" button.
#
skippy clicking that produces https://skippy.net/images/retweet.png
#
skippy i can elect to add a comment, or not. either way, it's a retweet.
#
tantek on mobile iOS you get a whole separate button - "Quote Tweet" before you get the text field
#
tantek after tapping the "recycle" arrows
#
tantek AFAIK their other mobile clients are like that too
#
tantek their desktop web UI is inconsistent with this
#
skippy neat.
#
tantek regardless thanks for the screenshots - definitely worth noting in /repost#Twitter
#
tantek feel free to upload to the wiki
#
skippy https://help.twitter.com/en/using-twitter/how-to-retweet linked from /quote-tweet does not indicate any UI variance. Unless that page was specifically served to me for a desktop instance of their web interface since I'm not on mobile.
#
skippy at any rate, I got what I needed: a repost is an unadulterated post of the original. Thanks!
#
lahacker.net edited /User:Lahacker.net/common.js (+1983) "Add basic solarized color theme support for logged-in use of the IndieWeb wiki" (view diff)
#
gRegorLove Confirmed Android Twitter has the Quote Tweet / Retweet options.
#
gregorlove.com edited /Mastodon (-20) "/* Federating Directly with Mastodon */ link [[Bridgy Fed]]" (view diff)
#
GWG snarfed, I hope to soon have a full Indieauth implementation in WordPress.
#
snarfed GWG++
#
Loqi gwg has 23 karma in this channel (320 overall)
#
GWG snarfed, I am hoping that is another thing off the list.
#
GWG Need to decide what might be next for me.
[kevinmarks] joined the channel
#
[kevinmarks] With leaflet you can get a map up in a few lines of code, but you need a lat, long
snarfed, j12t and [aaronpk] joined the channel
#
@nhoizey IMHO, @MastodonProject should send #Webmentions to linked sites: https://github.com/tootsuite/mastodon/issues/6074 Because it would be difficult for http://brid.gy to search all Mastodon instances like it does for the single instance of Twitter… 😉 (twitter.com/_/status/981304134455488514)
[cleverdevil] and KartikPrabhu joined the channel
#
@xuv RT @Gargron@mastodon.social People are asking me to implement webmentions, and since I don't have a strong opinion on it (it would not be hard to implement), here's another poll: https://www.strawpoll.me/15428538 Webmen… https://mastodon.social/@Gargron/99798025215868039 (twitter.com/_/status/981314353214275584)
#
aaronpk that thread 😂
#
aaronpk https://mastodon.social/@Gargron/99798044724950227
#
Loqi [Eugen] @lifning The next version of Mastodon will be usable only via a plane cockpit interfaceI jest, but I can't really add options for every new thing when people already complain there's too many options.
snarfed joined the channel
#
skippy :popcorn:
[tantek] joined the channel
#
[tantek] I don’t get it. Sending webmentions should be automatic, no required UI
#
skippy some people dont WANT to do it, so they desire a UI to enable or disable the functionality.