#dev 2018-04-03

2018-04-03 UTC
[kevinmarks] joined the channel
#
Loqi
hugo has 1 karma
#
wiobyrne.com
created /User:Wiobyrne.com (+1395) "/* Ian O'Byrne */"
(view diff)
renem, mblaney and [miklb] joined the channel
#
tantek.com
edited /repost (+128) "move a missing example to past"
(view diff)
j12t and j12t_ joined the channel
#
GWG
What does an authorization endpoint need to know about a code in order to verify it?
leg joined the channel
#
aaronpk
It needs to know whether it issued the code and whether it has expired
#
GWG
Trying to write the code for that now.
#
GWG
It also doesn't say what the error response is.
#
aaronpk
That one
#
GWG
I'm getting closer.
j12t joined the channel
#
GWG
My authorization endpoint just signed me into Quill.
#
GWG
So, it works.
#
GWG
Maybe
#
GWG
aaronpk, after I finish refining it, might I prevail on you to tell me where I am going wrong?
KartikPrabhu, tantek and jalcine joined the channel
#
jacky.wtf
edited /IRC_People (+180) "Added myself to the page."
(view diff)
#
jalcine
^ issa me! :)
AngeloGladding joined the channel
#
Zegnat
jalcine++
#
Loqi
jalcine has 1 karma
barpthewire joined the channel
#
lahacker.net
created /User:Lahacker.net/common.js (+69) "Created page with "document.querySelector("body").style["background-color"] = "#3399ff";""
(view diff)
tbbrown joined the channel
j12t and sebsel joined the channel
#
lahacker.net
deleted /Template:solarized.js "Empty Content"
j12t joined the channel
#
unicyclic.com mal
edited /web_hosting (+66) "/* Virtual Private Server */"
(view diff)
[kevinmarks] and j12t joined the channel; mblaney left the channel
#
sknebel
shouldn't the "content" in skippys repost example be on the h-cite and not the h-entry?
#
Zegnat
gives it a look
#
Zegnat
The retweet.md from the gist, sknebel?
#
Zegnat
No, not in this specific case. Note how the content starts with “RT @estherschindler”. This isn’t the content of the actual tweet that is being reposted.
#
Zegnat
It is a little weird. It seems to be saying the h-entry is a repost, but the content of the h-entry is different from the post it is “reposting”. Edge case?
j12t joined the channel
#
Zegnat
It seems to be the mf2 enhanced HTML representation of a tweet skippy made at https://twitter.com/smerrill/status/969383439429402624, and that tweet itself is a retweet of https://twitter.com/estherschindler/status/969325187521904641. Although it seems the original retweet under skippy’s account is now being forwarded by Twitter to the one by estherschindler
#
@smerrill
RT @estherschindler: @CarlaSchroder Some want to be great at their jobs; others just want to be paid. You can guess which ones get repeat…
(twitter.com/_/status/969383439429402624)
#
Zegnat
Down the rabbit hole! :P
#
Zegnat
Oh, look, Loqi can still fetch the original retweet, even though I can’t access it in my browser at that URL
#
sknebel
sure, but I would have put the retweetet tweet in the h-cite and the "RT @..." just as text only decoration
#
Zegnat
Yes, that would have worked. I am guessing this is somehow limited to what the Twitter backup is giving? Some more recent retweets may not include the RT prefix.
#
sknebel
could be
#
Zegnat
sknebel, you would have expected something like this? http://pin13.net/mf2/?id=20180403093409024
jeremycherfas joined the channel
#
Zegnat
skippy, possible inspiration ^^^
#
sknebel
Zegnat: think so, yeah
#
sknebel
the example on /repost seems to do the same
#
Zegnat
Yeah. I can totally see why this is a problem when you are using base data that includes added text like “RT @...” though.
#
sknebel
yep, thats a reason I didn't think about
j12t joined the channel
#
skippy
indeed. the raw export, and the generated outut from Granary using that export, constrains my ability to tailor the content precisely.
#
skippy
when I start posting directly from a micropub endpoint and syndicating to Twitter from there, I'll have more control over the formatting, I think.
#
skippy
suggestions for proper markup are appreciated.
#
skippy
explicit hand-holding on how to do it properly is specifically appreciated! I'm still struggling to comprehend all of this.
#
Zegnat
skippy, I tend to tweak my markup on a per-post basis, but that is bringing a lot of mf2 fundamentals with me in the back of my mind.
#
Zegnat
And honestly there is never one-true-way when it comes to microformats. Just look to make available for parsing any data you would want to see available if you were interperting a page :)
#
skippy
sure. but i dont want to get into lovingly hand-crafting markup for all 9K tweets in my export. I'm already resigned to the fact that I've lost a lot of media elements when I brought them in.
j12t joined the channel
#
skippy
for anyone interested, here's the Python script I wrote to use Granary to make Markdown from the Twitter export: https://github.com/skpy/twitter-granary-hugo/blob/master/twitter-granary-hugo.py
#
skippy
it's not elegant, by any means, but it got the job done. :)
#
sknebel
skippy: great! add a link to that to the /Hugo (and maybe also /Twitter) pages in the wiki so it doesn't get lost?
#
sknebel
curious, does the export just not have the media references or why are they lost?
#
petermolnar
skippy: os.makedirs does the same as system mkdir -p (python3 though)
#
sknebel
os.makedirs isn't new with py3
#
sknebel
so safe to use
#
skippy
yeah, i use it makedirs later on.
#
skippy
as for media, I just didnt work the Granary API well enough to preserve them, I htink.
#
skippy
confirmed: media links are in the Twitter export. I'm just not savvy enough to parse them out.
loicm and j12t joined the channel
#
aaronpk
GWG: absolutely, and congrats
#
skippy.net
edited /Hugo (+309)
(view diff)
#
sknebel
skippy++
#
Loqi
skippy has 2 karma in this channel (7 overall)
[jgmac1106] and j12t joined the channel
#
GWG
aaronpk, I am already aware of some rules that I am not enforcing. Like checking that the redirect is on the same domain. But I will add them.
j12t, leg and [mrkrndvs] joined the channel
#
loqi.me
created /credentialing (+337) "prompted by Zegnat and dfn added by [jgmac1106]"
(view diff)
[kevinmarks], j12t and tantek joined the channel
#
jeremycherfas
Where can I read up about what to do when the source of a webmention changes?
#
aaronpk
the source URL of a webmention can't change, it would just be a different webmention
#
jeremycherfas
I mean if someone edits a comment, say, that is a reply-to
#
loqi.me
created /googl (+19) "prompted by tantek and redirect added by tantek"
(view diff)
#
aaronpk
yeah updating the contents at a source URL should be covered by that section
#
GWG
aaronpk, what is the biggest mistake Indieauth or Oauth2 implementers usually make?
#
aaronpk
haha that sounds like a trick question gwg
#
jeremycherfas
Cool; thanks both.
#
GWG
aaronpk, I worry.
#
Zegnat
GWG: I’d say allowing a code to be used twice. That’s something that happens a lot with stateless implementations.
#
aaronpk
if you're using JWTs for anything, another common error I see is people forgetting to actually validate the JWT signature
#
GWG
Zegnat, I have purging the code once used as a feature exactly.
#
aaronpk
tho that's more an implementation detail thing rather than a spec thing
#
GWG
Aaronpk, you saw how I was storing my tokens. Same for my codes. Not stateless
#
Zegnat
Nice GWG :) stateless ones have to make sure to set short time limits and validate those limits, but even then a code can theoretically be used multiple times. Having state and making sure replay attacks are impossible is good.
#
GWG
Zegnat, I have the WordPress database there anyway, so I have a place to store stuff.
#
GWG
I am just missing a bunch of safety checks before I will ask for some third party checks.
#
aaronpk
stateless tokens aren't really useful anyway until you want to either run a bunch of front-end servers and avoid sharing a common database, or if you are operating at a massive scale like google
#
GWG
I had a bunch of questions of a general nature I was trying to figure out
#
Zegnat
Questions of a general nature are good too. Might even be worth turning those into a FAQ. General questions are often shared by many, and asked by few
#
GWG
Such as how to explain the relationship between username and password and url
[manton] joined the channel
#
[manton]
[aaronpk] I'm surprised I've never run into this, but is there a prefix convention in Micropub for custom fields in JSON that are likely server/client-specific and not really proposals for broader support? In q=config for example, I was considering adding "microblog-something": "whatever" if I need to convey some extra data to my clients.
#
Loqi
[manton]: tantek left you a message 1 week, 3 days ago: any particular reason your notes put permalink/published date inside the entry-content instead of the entry-meta like your articles do on http://www.manton.org/ ? (also your articles have author in entry-meta, whereas your notes don't seem to, deliberate? or theme omission?)
#
aaronpk
[manton]: yep, vendor prefixes from microformats
#
aaronpk
I use p3k-* for some stuff as well
#
Zegnat
There is also mp- right? If they are not supposed to be stored as part of the mf2 blob, but exist only to instruct the micropub server to do a specific thing?
#
aaronpk
yes for post requests
#
[manton]
Do they start with a "-" like "-p3k-something", or simply "p3k-something"?
#
aaronpk
just p3k-something
#
Zegnat
mf2 properties cannot start with a -
#
Zegnat
GWG: interesting indeed. That might need some explaining, especially for multi-user blogs. Going to ponder an answer while eating pizza. brb
#
[manton]
Perfect, thanks. I was thrown off by the microformats site examples.
#
tantek
[manton] which page(s)? so we can fix them
#
GWG
Zegnat, that is my first issue to figure out.
#
Loqi
vendor-prefixes
#
aaronpk
wow I didn't even find that page when I was looking
#
Loqi
microformats2 FAQ
#
tantek
thanks [manton] !
#
[manton]
No problem, thanks for pointing me in the right direction.
#
GWG
Do any Indieauth token endpoints expire their tokens?
#
aaronpk
I don't have a UI for it but I have done that by deleting them from my database
#
GWG
Is it better to offer tokens that expire?
#
aaronpk
if you provide a way for people to revoke tokens, then you can issue tokens that don't expire
#
aaronpk
if you issue tokens that expire, then apps will appear to just stop working randomly
#
aaronpk
and the app will most likely have to get the user to log in again, since I don't think any indieauth apps support refresh tokens
#
GWG
I should improve mine
[kevinmarks] joined the channel
#
loqi.me
edited /email (+285) "tantek added "Possible IndieAuth via email brainstorming: ask them for their email (like Slack and nearly every other service), then do rel=me discover on their domain, if their domain rel=me links to that email, treat their domain as IndieAuth, send a..."
(view diff)
#
loqi.me
edited /email (+139) "tantek added "^^^ addendum, obv have a blacklist of bigco email providers domains that no one owns as a personal domain (gmail.com, hotmail.com, etc.)" to "See Also""
(view diff)
radedwork, snarfed, snarfed1, singpolyma and pstuifzand joined the channel
#
www.boffosocko.com
edited /credentialing (+330) "see also section"
(view diff)
#
www.boffosocko.com
edited /Indieweb_for_Education (+58) "additions to see also"
(view diff)
#
sknebel
chrisaldrich++
#
Loqi
chrisaldrich has 13 karma in this channel (83 overall)
#
tantek
!tell chrisaldrich the /credentialing pages reads like vapor and has zero connection to the indieweb. there's is some bad history in this space, so unless you have real world indieweb examples, I'd like to delete that page until they exist.
#
Loqi
Ok, I'll tell them that when I see them next
#
tantek.com
edited /credentialing (+255) "abstract, unrelated to indieweb, beward of blockchain rebrandings"
(view diff)
#
tantek
32 hours until /credentialing should be deleted for being abstract and not relevant to indieweb per reasons in the page.
#
Loqi
I added a countdown scheduled for 2018-04-04 7:28pm PDT (#6275)
#
tantek
!cancel 6275
#
Loqi
Okay, I cancelled it!
#
tantek
30.5 hours until /credentialing should be deleted for being abstract and not relevant to indieweb per reasons in the page.
#
Loqi
I added a countdown scheduled for 2018-04-04 5:59pm PDT (#6276)
#
tantek
better
#
loqi.me
edited /bitcoin (+185) "tantek added "2018-04-03 [https://lists.w3.org/Archives/Public/public-vc-wg/2018Apr/0001.html "Decentralized Identifiers": Bitcoin Cargo-Culture and Land Grabbing for the Top Level Names] (thread)" to "See Also""
(view diff)
singpolyma and [jjdelc] joined the channel
#
[jjdelc]
hi guys, has there been a change in ownyourgram recently? I probably had an incomplete micropub implementation but had to make some changes to continue receiving updates
#
[jjdelc]
apparently the request changed from being multipart to the mp endpoint and now uses the media endpoint and posts a list with the url obtained from the media endpoint
#
aaronpk
You can choose which version you want on your settings page
#
aaronpk
It may have upgraded you to the media endpoint version when it detected your media endpoint when you logged in
#
aaronpk
But no, none of that has changed in several months
#
[jjdelc]
uhm.. I see, maybe I had been tweaking with it and not remember
#
aaronpk
tantek: thinking about relmeauth again... if I had an h-card on https://parecki.com that had both mailto:aaron@parecki.com and https://aaronparecki.com in it, do you think that would also work to associate my email address with my domain name? (Assuming you're given my email address to start and want to find my canonical domain)
#
tantek
you don't even need the h-card. as long as those links had rel=me on it, that would be enough
#
aaronpk
But Parecki.com is a shared domain
#
aaronpk
So rel=me to my domain isn't appropriate
#
tantek
shared domain is a different scenario then
#
tantek
we were talking about email-> domain discovery
#
tantek
which assumes personal domain
#
aaronpk
Couldn't it also work with a shared domain tho?
#
tantek
no. shared domains are a much more complex beast
#
tantek
I wouldn't want to promise anything on that without some serious brainstorming about it - such a different scenario
#
tantek
in terms of privacy, security, control etc.
[kevinmarks] joined the channel
#
[kevinmarks]
we had problems with that before with rel-me, where people linked to a common project and rel-me chaining decided they were the same person
#
[kevinmarks]
(the common project linked back)
eli_oat[m] joined the channel
#
tantek
aaronpk - point being no one has ever come close to figuring it out, and it's going to take non-trivial brainstorming to do so
dgold joined the channel
#
tantek
it's like doing another RelMeAuth from scratch
#
singpolyma
aaronpk: couldn't you put a rel=me on https://aaron@parecki.com/ to https://aaronparecki.com ?
#
tantek
which took many days of brainstorming, at least one meetup, and some prototyping
mindB and [aaronpk] joined the channel
#
[aaronpk]
Oh yeah I guess it's a shared domain relmeauth problem for URLs too, aside from even involving email addresses
#
[aaronpk]
singpolyma: lol that *might* work, not sure how many http clients would do that tho
#
singpolyma
[aaronpk]: it's a standard part of the URL and HTTP specs, major browsers and tools like curl and HTTP libraries for lanugages I've tried support it
#
singpolyma
some browsers give a warning to users visiting interactively, which is a pain, but that's not your main use case
#
[aaronpk]
Even passing that url string? I thought most clients made you pass the user part in separately
#
singpolyma
I am not prepared to answer for "most" but I have used user-parts in URLs with clients in PHP and Ruby with no issue
#
singpolyma
the main downside is that it can't be "just a static site" server side. need at least some server config to do the routing, or a dynamic site
#
[aaronpk]
Huh well I'll happily make that page redirect to my domain if it is requested with the username
#
tantek
also new identity syntax to confuse people
#
tantek
since pretty much no one deals with such http ... @ ... URLs
#
singpolyma
Well, I think the idea here is discovery from email address. So the user just enters an email address and the client infers the https://
#
tantek
on another topic, if you were using .dev for your local version of your site, you can't any more in typical browsers, because .dev is on the HSTS pre-load list
#
tantek
so this is why I can't use my tantek(.)dev setup anymore: https://hstspreload.org/?domain=dev
#
tantek
what is .dev
#
Loqi
It looks like we don't have a page for ".dev" yet. Would you like to create it? (Or just say ".dev is ____", a sentence describing the term)
#
tantek
what is local dev setup
#
Loqi
It looks like we don't have a page for "local dev setup" yet. Would you like to create it? (Or just say "local dev setup is ____", a sentence describing the term)
#
tantek
sigh I thought we documented how to do this
#
[aaronpk]
Yeah I made an SSL cert for mine so I can keep using it
#
singpolyma
what is ngrok
#
Loqi
Ngrok is a utility for making local servers available on a public address https://ngrok.com/ https://indieweb.org/ngrok
#
tantek
aaronpk why? that *definitely* seems like extra work
#
[aaronpk]
Ngrok doesn't work so well offline ;-)
#
singpolyma
[aaronpk]: fair
#
tantek
what do you do when your local cert expires?
#
[aaronpk]
I generated it for 10 years
#
[aaronpk]
I like having HTTPS on dev anyway so I can use browser APIs that requirenit
#
GWG
[aaronpk]: Can I prevail on you today? I think I need feedback. https://github.com/dshanske/wordpress-indieauth/tree/token
#
[aaronpk]
I might have some time between things to take a look!
#
GWG
[aaronpk]: 30% of the known web may thank you.
#
tantek
what is local development
#
Loqi
It looks like we don't have a page for "local development" yet. Would you like to create it? (Or just say "local development is ____", a sentence describing the term)
#
tantek
local development is (or local dev, local dev setup) the practice of having a version of your site on your local machine like a laptop that you can use for development purposes, even when offline.
#
loqi.me
created /local_development (+223) "prompted by tantek and dfn added by tantek"
(view diff)
#
tantek
local dev setup is /local_development
#
loqi.me
created /local_dev_setup (+30) "prompted by tantek and redirect added by tantek"
(view diff)
#
tantek
what is local dev
#
Loqi
It looks like we don't have a page for "local dev" yet. Would you like to create it? (Or just say "local dev is ____", a sentence describing the term)
#
loqi.me
created /local_dev (+30) "prompted by tantek and redirect added by tantek"
(view diff)
#
tantek
local dev << https://indieweb.org/HTTPS#Local - how to get an HTTPS cert for your local dev setup
#
Loqi
ok, I added "https://indieweb.org/HTTPS#Local - how to get an HTTPS cert for your local dev setup" to a brand new "See Also" section of /local_development
#
loqi.me
edited /local_development (+104) "tantek added "https://indieweb.org/HTTPS#Local - how to get an HTTPS cert for your local dev setup" to "See Also""
(view diff)
#
tantek.com
edited /PHP (+4) "linky"
(view diff)
[stefp] joined the channel
#
tantek.com
created /".dev" (+31) "r"
(view diff)
KartikPrabhu joined the channel
#
Loqi
ok, I added "https://rauchg.com/2014/7-principles-of-rich-web-applications" to the "See Also" section of /js;dr
davy_, davy__, GWG, [mrkrndvs] and [jgmac1106] joined the channel
#
tantek
well I've run out of time to try to implement event location map / location POSSEing so that's not happening for this week's HWC
snarfed and leg joined the channel
#
skippy
is a "repost" expected to be an unmodified share of some link / content; or can a repost also contain original commentary from me about the thing I'm reposting?
#
aaronpk
If there's any additional content then it's not a repost anymore
#
tantek
what is a repost
#
Loqi
A repost on the indieweb is a post that is purely a 100% re-publication of another post. The act of reposting is an umbrella term that covers the general practice of republishing another post typically on the same service or silo, but more and more across sites https://indieweb.org/repost
#
Loqi
Aaron Parecki
#
skippy
Twitter has for some time allowed adding one's own remarks to preface a retweet.
#
aaronpk
hah loqi found it
#
aaronpk
skippy: that's a quote tweet
#
tantek
what is a quote tweet
#
Loqi
A quote tweet (also known as a "retweet with comment") is a reply on Twitter to an original tweet that displays the entirety of the original in a reply-context below the reply text https://indieweb.org/quote_tweet
#
aaronpk
hahaha entering https://aaron@parecki.com/ on indieauth.com finds my rel=me links on aaronparecki.com
#
Loqi
awesome
#
Loqi
Aaron Parecki
#
skippy
so the indieweb community is drawig a distinction; where the UI and interface at twitter uses a single "retweet" mechanism for both kinds of reposting.
#
aaronpk
quote tweets work completely different from retweets on twitter tho
#
aaronpk
they can have a separate reply thread for example
#
aaronpk
and they can get their own favorites
#
aaronpk
so they are more like a regular tweet that has a link-preview embedded of the thing being quoted
#
tantek
skippy, mind sharing the screenshots of what you mean by "the UI and interface at twitter" ?
#
skippy
one moment
#
skippy
the second button is the "retweet" button.
#
skippy
i can elect to add a comment, or not. either way, it's a retweet.
#
tantek
on mobile iOS you get a whole separate button - "Quote Tweet" before you get the text field
#
tantek
after tapping the "recycle" arrows
#
tantek
AFAIK their other mobile clients are like that too
#
tantek
their desktop web UI is inconsistent with this
#
skippy
neat.
#
tantek
regardless thanks for the screenshots - definitely worth noting in /repost#Twitter
#
tantek
feel free to upload to the wiki
#
skippy
https://help.twitter.com/en/using-twitter/how-to-retweet linked from /quote-tweet does not indicate any UI variance. Unless that page was specifically served to me for a desktop instance of their web interface since I'm not on mobile.
#
skippy
at any rate, I got what I needed: a repost is an unadulterated post of the original. Thanks!
#
lahacker.net
edited /User:Lahacker.net/common.js (+1983) "Add basic solarized color theme support for logged-in use of the IndieWeb wiki"
(view diff)
#
gRegorLove
Confirmed Android Twitter has the Quote Tweet / Retweet options.
#
gregorlove.com
edited /Mastodon (-20) "/* Federating Directly with Mastodon */ link [[Bridgy Fed]]"
(view diff)
#
GWG
snarfed, I hope to soon have a full Indieauth implementation in WordPress.
#
Loqi
gwg has 23 karma in this channel (320 overall)
#
GWG
snarfed, I am hoping that is another thing off the list.
#
GWG
Need to decide what might be next for me.
[kevinmarks] joined the channel
#
[kevinmarks]
With leaflet you can get a map up in a few lines of code, but you need a lat, long
snarfed, j12t and [aaronpk] joined the channel
#
@nhoizey
IMHO, @MastodonProject should send #Webmentions to linked sites: https://github.com/tootsuite/mastodon/issues/6074 Because it would be difficult for http://brid.gy to search all Mastodon instances like it does for the single instance of Twitter… 😉
(twitter.com/_/status/981304134455488514)
[cleverdevil] and KartikPrabhu joined the channel
#
@xuv
RT @Gargron@mastodon.social People are asking me to implement webmentions, and since I don't have a strong opinion on it (it would not be hard to implement), here's another poll: https://www.strawpoll.me/15428538 Webmen… https://mastodon.social/@Gargron/99798025215868039
(twitter.com/_/status/981314353214275584)
#
aaronpk
that thread 😂
#
Loqi
[Eugen] @lifning The next version of Mastodon will be usable only via a plane cockpit interfaceI jest, but I can't really add options for every new thing when people already complain there's too many options.
snarfed joined the channel
#
skippy
:popcorn:
[tantek] joined the channel
#
[tantek]
I don’t get it. Sending webmentions should be automatic, no required UI
#
skippy
some people dont WANT to do it, so they desire a UI to enable or disable the functionality.