#dev 2018-04-29

2018-04-29 UTC
jgmac1106 joined the channel
#
GWG
Anyone seen [eddie] lately?
Gab1, renem, eli_oat, AngeloGladding, eli_oat1, eli_oat2, jgmac1106, sknebel, Zegnat, leg, snarfed, [unoabraham], [chrisaldrich], barpthewire, EmreSokullu, [pfefferle], iasai_, jeremycherfas, iasai, Mandrake and [kaushal_modi] joined the channel
#
[kaushal_modi]
Today, someone on Hugo Discourse shows a reservation for using Webmentions because of DDOS concerns: https://discourse.gohugo.io/t/anyone-for-webmention/10411/17?u=kaushalmodi
#
[kaushal_modi]
I'm not well-versed with DDOS. I read that wiki, but still not sure what a user can do to prevent that. Looks like the prevention measure need to be taken by the endpoint? Or is there something a user (WM source/destination URL) can do too? If so, can someone point to some examples?
#
[kaushal_modi]
s/shows/showed
#
Zegnat
There are some interesting discussions about it, [kaushal_modi] ... Afraid I do not have a lot of them at hand on my phone.
#
Zegnat
S lot of mitigation will probably end up at the receiver though, not the sender.
#
Zegnat
As a sender there is other stuff you can do, to show you aren't a spam mention. E.g. Vouch.
Mandrake joined the channel
#
Zegnat
What is vouch?
#
Loqi
The Vouch protocol is an anti-spam extension to Webmention. Webmention with Vouch depends on understanding Webmention https://indieweb.org/Vouch
[unoabraham], [pfefferle], Mandrake and eli_oat joined the channel
#
GWG
I've never figure out how I'd want to implement Vouch
wiobyrne, jgmac1106 and barpthewire joined the channel
#
Zegnat
Same here. I've also only received a single one with vouch, from gRegorLove
#
sknebel
vouch also doesn't necessarily help with the DDoS issue
#
Zegnat
Putting stuff in a queue may mitigate that
#
GWG
People are always complaining about moderation getting in the way of the wonder of webmentions
EmreSokullu, snarfed and [pfefferle] joined the channel
#
Zegnat
People will also complain about unmoderated flow of content. Especially when an unspecified critical mass is reached
#
Zegnat
GWG, does askismet et al cover the webmentions WordPress pulls in?
#
GWG
Zegnat: Sort of
#
GWG
It's gotten better since we changed the loading order, but not perfect
wiobyrne joined the channel
#
Zegnat
I am imagining a world where trackbacks and pingbacks do not have that, but webmentions do. Good selling point.
#
GWG
Have what?
KartikPrabhu, eli_oat and marcthiele joined the channel
#
Zegnat
Integration with existing moderation and spam filter tools.
#
Zegnat
Though I am not sure if e.g. pingback does that or not
AngeloGladding and EmreSokullu joined the channel
#
klezlab.it
edited /Hacker_News (-81) "/* POSSE to Hacker News */ there's no way to follow someone on the site"
(view diff)
KartikPrabhu, EmreSoku_, eli_oat, snarfed, EmreSokullu and barpthewire joined the channel
#
GWG
I am having a slow time of it designing a POSSE system that takes the same input for everything but outputs to the appropriate system..be it Bridgy Publish, or a native API
#
GWG
Bridgy Publish does this by using Microformats 2 to build a submission. I need to use the same, but where they are stored on my system
#
GWG
Looking at silo.pub and how it does this as well.
EmreSokullu and eli_oat joined the channel
#
GWG
Slow day
eli_oat1 and kaushalmodi joined the channel
#
kaushalmodi
!tell Zegnat Thank you for your response on the DDoS issue. I have a static site. So I will have to just wait and watch and deal with the DDoS issue if it ever affects me.
#
Loqi
Ok, I'll tell them that when I see them next
#
snarfed
GWG: which native api(s) do you want to posse to that bridgy doesn't support? just curious
#
GWG
snarfed: Too many people are blaming me for Bridgy Publish not being able to interpret their Microformats because they didn't set them up. I just want to make sure I can support them transparently if I add them.
#
GWG
snarfed: I'm mostly trying to make it so it isn't a 'Bridgy Publish' plugin anymore. It's just a generic publish plugin
#
snarfed
sure, i understand. i read your post. :P i was just curious where else you want to add posse support for
#
snarfed
do you know how you'll handle bad mf2? use the underlying wp data directly instead? you'd then need to implement all the silo APIs yourself, right?
#
GWG
snarfed: Yes, I realize that.
#
GWG
There is one I always say I'd like to do
#
GWG
Pinboard
#
GWG
snarfed: The other option is to figure out how to hook into other POSSE plugins if they have a filter to support this.
#
GWG
That's why the design is so important
#
GWG
snarfed: My predicition is that I won't get much interest in people integrating to it.
#
GWG
But, I didn't think I'd add weather. So who knows
AngeloGladding, [pfefferle] and eli_oat joined the channel
#
dgold
wouldn't it be easier to posse to pinboard at post-creation time, rather than using bridgy?
#
snarfed
dgold: implementing a whole silo API seems a lot harder than just sending a webmention to bridgy publish. or maybe i misunderstand?
#
dgold
snarfed: pinboard's api is pretty simple
#
snarfed
but i doubt simpler than including a single HTML <a> tag in a post (since most of our CMSes auto-send wms). right?
#
dgold
post: url, description(title). its not "a whole silo"
#
dgold
doesn't
#
snarfed
hah ok
#
snarfed
also academic since bridgy doesn't support pinboard
#
snarfed
hey GWG is the wordpress indieauth plugin's auth code verification response JSON or form-encoded?
#
GWG
JSON
#
GWG
I believe the spec says it is supposed to be
#
snarfed
yup it does, but servers may still return form-encoded depending on the Accept header.
#
GWG
I don't think I implemented it, why?
#
wagle
anyone use lychee? (I've woken up and am poking at my photo album again) any gotchas?
#
snarfed
GWG: mind testing o-d's indieauth against the wp plugin? https://oauth-dropins.appspot.com/
#
wagle
oh well, seems dated
#
snarfed
wagle: so what? "freshness" is a bad indicator of code/project quality imho
#
GWG
I don't think I have ever used App Engine
#
snarfed
GWG: no need, just type your site's url into the indieauth text box on that page
#
wagle
snarfed: I've love that, but the damn kids gotta go around breaking everything else, including the dependencies
#
GWG
Oh, just noticed it
#
snarfed
wagle: that's why you pin dependencies :P
#
wagle
(is in "git off my lawn!")
#
wagle
snarfed: how long does that work for? 8/
#
wagle
snarfed: wasnt a deal breaker, just a "hmmm"
#
snarfed
forever, or until the package repo disappears, which then would be a much bigger problem :P
#
GWG
snarfed: Logged me in but didn't redirect me back.
#
snarfed
huh, ok, then it didn't test my new code. is that a bug in the wp plugin?
#
dgold
wagle: looks like they've created a new ownership structure as of this month
#
wagle
dgold: yeah, adding to the hmm factor, but most of the time stamps are 2-4 years old
#
dgold
if it works, it works
#
snarfed
hey Zegnat are you awake? i think i fixed bridgy etc for your auth endpoint. mind testing? just type your url into the indieauth box on https://oauth-dropins.appspot.com/
#
wagle
since the hmm factor was "high", thought i'd ask around a little to see if there was any scuttlebutt
#
wagle
dgold: need it to work for 50 years.. well, 5?
#
wagle
(old photos)
#
GWG
snarfed: Might be.
#
wagle
photo photos appear to still rule for longevity
#
wagle
paper photos appear to still rule for longevity
#
snarfed
nah. paper degrades, fires, theft, loss, only one copy, etc. i'd trust LOCKSS + regular data migrations over physical.
#
wagle
but I'm t the wrong end of the country to show anyoone the paper edition
#
snarfed
hah yes plus that, way less convenient and useful
#
wagle
snarfed: yeah, but I will be dead in 50 years
#
snarfed
internet archive won't!
#
GWG
snarfed: Let me turn on debugging
#
snarfed
thanks!
#
wagle
dunno how to get relatives to migreate every 3-5 years
#
snarfed
oh that's a totally different question. thought you were just talking about your own photos
#
wagle
reads up on LOCKSS
#
snarfed
but again digital is arguably better there. you can keep and maintain copies of your relatives' *digital* photos, but not their paper photos
#
snarfed
also the JPEG format has lasted many decades, so for just photo files themselves, no real migrations needed, just backups
#
wagle
havent gotten a lot of interest.. main problem now is that I have the paper copies, and they shouldn't go poof when I die.. so gotta get the two sides to saw which goes to which side of the families
#
snarfed
scan first!
#
snarfed
then yes, that
#
wagle
yeah, but my energy level has been sucking badly
#
wagle
but I'm now making another stab at it
#
snarfed
GWG: any luck?
#
GWG
snarfed: I seem to have broken my debug code.
#
GWG
I haven't used it manually to watch a transaction in a while
#
wagle
snarfed++for the LOCKSS pointer
#
Loqi
snarfed has 60 karma in this channel (382 overall)
jgmac1106 joined the channel
#
GWG
snarfed: It looks like it was the improved error handling. It is only logging errors. This wasn't reported as an error, so it didn't log it. I just moved it to log everything.
#
GWG
Probably should be a setting
#
wagle
scan first requires that II annotate each pair of fronts and backs on the hundreds of old photos then implement a way to find the paper again.. any suggestions? or am I a pioneer?
#
snarfed
wagle: tons of prior art for that. google :P
#
wagle
have tried that, and come up short
#
snarfed
hmm surprising
#
snarfed
tons of services for this, and people who have posted about doing it
#
snarfed
maybe less about bidirectional indexing (ie back to paper), but definitely tons on scanning at least
#
wagle
I'm pretty confused, brain no longer works right
#
snarfed
take a break!
#
wagle
so I stumble about
#
wagle
no, something happened 15 years ago
#
wagle
but I gotta try, so here I am
#
GWG
snarfed: I think it is a URLencode issue
#
snarfed
GWG: what is?
#
GWG
snarfed: The reason it isn't redirecting.
#
GWG
snarfed: It is trying to redirect to.. https:\/\/tiny.n9n.us\/wp-login.php?redirect_to=https%3A%2F%2Foauth-dropins.appspot.com%2Findieauth%2Foauth_callback&reauth=1&action=indieauth&response_type=id&client_id=https:\/\/oauth-dropins.appspot.com\/&state=%7B%22endpoint%22%3A%22https%3A%2F%2Ftiny.n9n.us%2Fwp-json%2Findieauth%2F1.0%2Fauth%22%2C%22me%22%3A%22https%3A%2F%2Ftiny.n9n.us%22%7D&me=https:\/\/tiny.n9n.us&_wpnonce=4935d40ed5"
#
GWG
snarfed: You are embedding information in the state?
#
snarfed
yeah that's what it's for :P
#
GWG
Trying to read through it
#
wagle
now gotta recall why I thought piwigo was the better alternative to lychee
#
wagle
my notes-to-self dont say
#
sknebel
I seem to remember not liking the very JS-heavy Lychee UI, but that might not be current anymore, or something you see differently
#
wagle
i remember docker making me annoyed
#
wagle
thanks
#
wagle
just remembered that I have to prototype the annotation system too see what I need to annotate, etc
#
GWG
snarfed: What did you change?
#
sknebel
wagle: oh, and Lychee didn't have support for multiple users I think?
#
GWG
It is not redirecting. Are you asking for form-encoded support?
#
wagle
sknebel: hmm.. i need that for letting relatives say "oh! thats grand grandma betsy!"
#
snarfed
GWG: for the code verification request i send? i send Accept: */*, then detect and handle both form-encoded and json responses
#
GWG
snarfed: It doesn't seem to get to the verification step.
#
snarfed
if you're not redirecting to me, then yes, it wouldn't
#
GWG
Something is different about the redirect
#
GWG
I tested every IndieAuth client I could find.
#
GWG
All of them worked at the time.
#
Zegnat
snarfed, I am half awake. I was able (I think) to login on the oauth-dropins.appspot.com. At least it says “ Authenticated https://vanderven.se/martijn/ on IndieAuth. ”
#
Loqi
Zegnat: kaushalmodi left you a message 1 hour, 59 minutes ago: Thank you for your response on the DDoS issue. I have a static site. So I will have to just wait and watch and deal with the DDoS issue if it ever affects me.
#
Loqi
Martijn van der Ven
#
snarfed
GWG: here's my client side code that generates the initial url on your endpoint, if it helps: https://github.com/snarfed/oauth-dropins/blob/master/oauth_dropins/indieauth.py#L130-L139
#
snarfed
Zegnat: hey, great! yes that means it worked
#
snarfed
feel free to try bridgy too, but low priority
#
Zegnat
I will try when I get back out of my slumber phase ;)
#
pstuifzand
I could also authenticate with the oauth_dropins website, but not without adding a application/json content type first. It seems it was missing from the verification step.
jgmac1106 joined the channel
#
GWG
!tell snarfed I found your problem.
#
Loqi
Ok, I'll tell them that when I see them next
#
GWG
!tell snarfed You are missing response_type=code . Without it, you are in the authentication, not authorization flow, which does not return a code.
#
Loqi
Ok, I'll tell them that when I see them next
#
sknebel
GWG ? authentication returns a code
#
GWG
sknebel: But is he trying to authorize or authenticate? Now I'm confused.
#
GWG
I may be expecting something different.
#
sknebel
authenticate
snarfed joined the channel
#
GWG
Okay. then I misread the issue.
#
GWG
snarfed: I think I shouldn't try to troubleshoot while I'm thinking about something else.
#
GWG
But, it still looks to be a urlencoding issue.
snarfed and [snarfed] joined the channel
#
[snarfed]
thanks for debugging GWG! not high priority, feel free to punt
#
Loqi
[snarfed]: GWG left you a message 16 minutes ago: I found your problem.
#
Loqi
[snarfed]: GWG left you a message 15 minutes ago: You are missing response_type=code . Without it, you are in the authentication, not authorization flow, which does not return a code.
snarfed joined the channel
#
GWG
[snarfed]: I think I did find a problem I want to fix with the workflow you are trying to use
snarfed joined the channel
#
[snarfed]
ok! also if you're going to test your plugin, feel free to test against bridgy instead of o-d since bridgy has actual users :P
#
GWG
[snarfed]: It's stripping after the state.
#
GWG
Something about the encoding is an issue for my code
#
GWG
[snarfed]: Okay. Should be fixed now
#
GWG
I urlencoded the state before passing it in.
#
GWG
[snarfed]: How would I test against Bridgy?
#
GWG
I wasn't aware it used IndieAuth
#
GWG
Never mind, found it
jgmac1106, EmreSokullu, renem, leg and chrisaldrich joined the channel
#
Loqi
4/29 FYI: indieweb.org/429 HTTP 429 - "Too Many Requests" https://tools.ietf.org/html/rfc6585
#
Loqi
Countdown set by tantek on 2018-04-21 at 3:04pm PDT
jgmac1106, [miklb], srushe, wagle and snarfed joined the channel