#dev 2018-05-06

2018-05-06 UTC
#
@unoabraham Webmention-faq – IndieWeb https://abraham.link/550/webmention-faq-indieweb/ (twitter.com/_/status/992920855943565313)
tantek joined the channel
#
jmac.org edited /pronunciation (+471) (view diff)
eli_oat and chrisaldrich joined the channel
#
chrisaldrich jmac++
#
Loqi jmac has 2 karma in this channel (7 overall)
renem joined the channel
#
aaronpk schmarty: at least it'd be relatively easy to export your subscriptions from Aperture manually but OPML export is probably a good idea for it anyway, especially if anyone is running a shared instance of it
#
schmarty aaronpk: i think i will make a db backup right quick now that it's become my canonical reader :}
#
schmarty aaronpk: also, i have a handful of feeds that are totally feeds but that aperture Just Won't Handle. i am happy to dig into that on my own if you have any pointers on where to look for parser debugging info. i'd also be happy to make a GH issue if that's preferred.
KartikPrabhu and billbennettnz joined the channel
#
aaronpk schmarty: feel free to open github issues for them on XRay. XRay is handling all the feed parsing going on. So you should be able to demonstrate the bug by linking to the XRay parsed url for the feed.
#
aaronpk Make sure to use "expect=feed" in the query string too cause that triggers feed parsing mode.
#
schmarty aaronpk: will do, thanks!
eli_oat, rhiaro and [eddie] joined the channel
#
[eddie] !tell sknebel your url in Aperture is https://www.svenknebel.de/
#
Loqi Ok, I'll tell them that when I see them next
#
notiz.blog edited /site-deaths (+775) "Added goo.gl (Googles URL Shorter)" (view diff)
renem, barpthewire, [jeremycherfas], yatil, KartikPrabhu, jeremycherfas, iasai and Funkyce joined the channel
#
swentel hmm it's probably night in San francisco :)
#
sknebel thanks eddie!
#
Loqi sknebel: [eddie] left you a message 3 hours, 5 minutes ago: your url in Aperture is https://www.svenknebel.de/
yatil and sebsel joined the channel
#
Zegnat jeremycherfas, moving here from #chat, if you just make a folder /micropub on your domain, isn’t that accessible? I would expect Grav to only capture requests when no files exist. You shouldn’t have to use Grav’s request routing to run a seperate PHP script
#
Zegnat (Unless of coure you specifically want to make it a Grav plugin)
#
jeremycherfas That's the conclusion I have just come to. I had a nice chat on the Grav slack with a woman who is quite indieweb minded and she advised exactly that. She has modified voxpelli's micropub to work with Grav.
KartikPrabhu, [kevinmarks], calumryan, iasai_, yatil, [pfefferle] and swentel joined the channel
#
@sl007 ↩️ @EU_Justice @Peter_Schaar also https://sebastiangreger.net/2018/05/indieweb-privacy-challenge-webmentions-backfeeds-gdpr/ (twitter.com/_/status/993075617016008704)
#
sknebel aaronpk: does Aperture only work if I use tokens.indieauth.com or do you have some trickery on first login to remember the token endpoint? (currently wondering if/how I can solve that in my bridge)
sebsel joined the channel
#
swentel I think he's using $_SESSION
#
swentel to store the endpoint
#
@stegrainer ↩️ If you find that intriguing, you should also check out Indie Web: https://indieweb.org/ And specifically webmentions: https://indieweb.org/Webmention (twitter.com/_/status/993092578525446149)
[kevinmarks] joined the channel
#
[kevinmarks] This makes me a lot more nervous about using regex https://snyk.io/blog/redos-and-catastrophic-backtracking/
davidmead joined the channel
#
@call_user_func [New]zegnat/mintoken A minimal IndieAuth compatible token endpoint. https://packagist.org/packages/zegnat/mintoken (twitter.com/_/status/993113176559435777)
#
@swentel Sending webmentions on comment replies and creating feeds are the new major goodies in the alpha 6 #indieweb module for #drupal - check the release notes for upgrading - https://www.drupal.org/project/indieweb/releases/8.x-1.0-alpha6. Now back to Indigenous! (twitter.com/_/status/993118702425051136)
[kevinmarks] joined the channel
#
aaronpk sknebel: it stores the users token endpoint in the database
tantek joined the channel
#
aaronpk that's also the reason each user has a unique Microsub endpoint rather than having everyone share the same one in Aperture, so that I know where to send the token to to verify it
#
sknebel aaronpk: aaahhh. I didn't connect those two
#
swentel aaronpk, I've added an jf2 feed option to the drupal plugin, but I wonder how useful it is right now .. e.g. aperture doesn't discover it for instance, or am I missing something ?
sebsel and [sebsel] joined the channel
#
aaronpk swentel: I only use jf2 as an internal format right now rather than something I expect to be published on the web. I could maybe see that changing but I don't know how much I expect that to actually happen
#
swentel right
#
swentel that's what I thought at some point heh :)
#
tantek aaronpk: there do seem to be a slowly growing number of jf2 publishers and consumers
#
tantek so even if we don't expect it to be, it may gain enough critical mass because it is simple
#
tantek and because it's consistent with mf2
#
Zegnat Who is publishing jf2?
#
tantek check the jf2 page
#
swentel I also wonder a bit how to add discovery for my microformat pages on /timeline for instance (I used that url in aperture), but rel="feed" isn't discovered either. Maybe I should just add an rss/subscribe page with all the options :)
#
tantek lol
#
Zegnat 2 personal sites that publish jf2 there. I thought aaronpk wasn’t doing it anymore, but I guess it was pure parsed microformats2 json and not jf2 that didn’t make it into the new p3k
#
tantek Zegnat: jf2 is the API format from webmention.io
#
tantek and consumed by stream.thatmustbe
#
tantek and what I thus use to show the RSVPs on my indie events
#
tantek that's pretty key usage
#
Zegnat Ah, right, I read that to mean webmention.io was using it internally. Just like Aperture is. Cool
jeremycherfas joined the channel
#
aaronpk Aperture uses it internally but it's also the vocab format that Microsub clients use
tantek_ joined the channel
#
aaronpk that's still "internal" tho because it's a known producer and consumer rather than a format in the wild
#
swentel I like it tbh :) Marked it as experimental though in the drupal module
#
tantek also jf2 is an official W3C NOTE
#
tantek https://www.w3.org/TR/jf2/
#
Loqi [Benjamin Roberts] JF2 Post Serialization Format
#
Zegnat I still prefer raw mf2, probably. Though I can see why jf2 is easier to write e.g. a Microsub client against.
#
tantek Zegnat same
#
tantek my point is that having it be a W3C note gives it *some* level of being officially discussed and published
#
tantek which can be appealing to developers, both publishers and consumers
yatil and jjuran joined the channel
#
tantek what is friending
#
Loqi friending (AKA add friend or the verb to friend) is a general term applied to the various silo user interactions with sites regarding reciprocal friendship https://indieweb.org/friending
#
tantek friending << https://twitter.com/dimensionmedia/status/992458815026196481
#
Loqi ok, I added "https://twitter.com/dimensionmedia/status/992458815026196481" to the "See Also" section of /friending https://indieweb.org/wiki/index.php?diff=47552&oldid=39334
#
Zegnat Argh, already came up with 2 security improvements I can make to my token endpoint.
#
aaronpk ooh new token endpoint?
#
jeremycherfas zegnat Is it usable locally now? I obviously need authorization and token to continue, and gimme-a-token needs me to open a hole with ngrok, but the details for that would change every time. I'm wondering whether I can use your auth and token to do everything locally.
#
tantek finally finished reading https://sebastiangreger.net/2018/05/indieweb-privacy-challenge-webmentions-backfeeds-gdpr/ including the comments which are all very good!
#
tantek great to see blog posts with thoughtful comments again
#
jeremycherfas !tell aaronpk I'm trying to get skippy's micropub working for Grav. If I authroise Quill through ngrok, do the access and authroization tokens persist through different sessions with ngrok, or is the ngrok URL crucial to the validity of the tokens?
#
Loqi Ok, I'll tell them that when I see them next
#
aaronpk ngrok changes the URL every time you connect right?
#
jeremycherfas Every session, right. The paid version has constants, but I cannot afford that.
#
aaronpk quill remembers your site's URL and micropub URL, so if your micropub endpoint changes you will need to log in to quill again
#
jeremycherfas Remembers the entire URL?
#
aaronpk yes
#
jeremycherfas OK. Cool. Back to the drawing board.
#
Zegnat jeremycherfas, yes, my new token endpoint should be fully usable. But you can read the issues and decide the security impact for yourself.
#
jeremycherfas There's no security impact if I am using it purely locally.
#
Zegnat That too!
#
Zegnat aaronpk: https://github.com/Zegnat/php-mintoken
#
Loqi [Zegnat] php-mintoken: A minimal IndieAuth compatible Token Endpoint.
#
aaronpk nice!
#
jeremycherfas ON the other hand, if I want to test with Quill, I would still have to sign in each time I open a new session with ngrok, or else install Quill locally, which looks a little difficult.
#
Zegnat ngrok gives you a new URL every time?
#
jeremycherfas Every session.
#
aaronpk yea unless you have a paid plan
#
Zegnat I do my local tests with either Omnibear or shpub, for what it is worth
#
jeremycherfas Omnibear in FF?
#
Zegnat Chromium
#
aaronpk jeremycherfas: do you have SSH access to a server? you can create your own ngrok that way if you're comfortable with SSH command line
#
jeremycherfas We talked about that, I remember.
#
Zegnat I tested my new token endpoint with Selfauth for authentication. Omnibear in Chromium was able to login and get the token no problem
#
jeremycherfas I do have access to a remote server, but I prefer to mess things up locally if I can.
#
Zegnat All local
#
jeremycherfas Is there a big difference between chromium and chrome?
#
Zegnat Not for Omnibear’s purposes, no
#
Zegnat actually means “eloston-chromium” from brew cask when he says Chromium - which is one of those “ungoogled” builds
AngeloGladding joined the channel
#
jeremycherfas Brew install elaston-chromium?
#
jeremycherfas I mean, is there a reason I should install Chromium when I already have Chrome?
sebsel joined the channel
#
Zegnat Probably not, unless you feel very strongly about certain open source principles.
#
Zegnat Or strongly against Google, he
#
jeremycherfas Not strongly, no. Weakly.
#
Zegnat brew cask install eloston-chromium (cask is for applications instead of cli tools)
#
jeremycherfas I'll go with Chrome for now.
#
jeremycherfas Omnibear posts to Known fine.
voxpelli and maingo joined the channel
#
jeremycherfas !tell zegnat do I need to `composer install` for php-mintoken?
#
Loqi Ok, I'll tell them that when I see them next
[sebsel] joined the channel
#
[sebsel] [jeremycherfas], if there is a composer.json with a ‘dependencies’ property in it, yes.
#
[sebsel] ah, there is only a dev-dependencies, so then you’ll be fine without
#
jeremycherfas OK. I didn't think zegnat would have left out an important instruction.
#
jeremycherfas But you can't be too careful.
tantek joined the channel
#
jeremycherfas How do I access the tokens.db? It does not show up in phpmyadmin
#
Zegnat I would not have left that out, no ;) Mintoken is good to go as long as you create the db
#
Loqi Zegnat: jeremycherfas left you a message 11 minutes ago: do I need to `composer install` for php-mintoken?
#
jeremycherfas ^^
#
Zegnat phpmyadmin doesn’t do SQLite, I think
#
jeremycherfas I'm doing all this in MAMP, so I can create a tokens.db with phpmyadmin, but then not sure how to use the schema.sql
#
jeremycherfas MAMP seems to have a SQLiteManager folder but it is empty. Let me go searching.
#
Zegnat MAMP should have the SQLite plugin for PHP ready to go. Do you have sqlite installed on your machine? Then you can use the command line to create the DB.
#
tantek what is MAMP
#
Loqi MAMP is a web server software package for MacOS that has Apache, MySQL, and PHP in it that you can run on your Mac laptop to test your indieweb site locally https://indieweb.org/MAMP
#
Zegnat Oh, I don’t know if it has a visual DB manager
#
jeremycherfas I created it on the command line, and now I cannot see how to access it. I guess I better install sqlite
#
Zegnat I use this for visual SQLite DB management, jeremycherfas: https://github.com/sqlitebrowser/sqlitebrowser/releases
#
Zegnat I need to write a better readme on that part. But it is hard to automate the creation for people, as it is essential that you place the db somewhere secure.
#
jeremycherfas I understand.
#
jeremycherfas Does that DB Browser package include SQLite?
#
Zegnat I am unsure
#
Zegnat I think macOS may just come with sqlite already installed though
#
jeremycherfas No worries; I am reading up about MAMP and sqlite
#
Zegnat Can you do `sqlite --version` or `sqlite3 --version` on the commandline?
#
jeremycherfas Sure
#
jeremycherfas I seem to have sqlite3 3.19.3
#
Zegnat If either of those work, you already have sqlite installed, and you should be able to just do the cli examples given in the Mintoken README and not have to think about it ever again
#
jeremycherfas So I'll download the browser and see what happens.
#
Zegnat The browser is still really nice for opening up the SQLite database files and looking at what is happening for sure!
#
jeremycherfas OK. I'll try the CLI stuff. But yes, I did want to see what was going on!
#
Zegnat You’ll be able to see the tokens issued, and when they got revoked, stuff like that in the db file.
#
aaronpk Zegnat: out of curiosity, why didn't you store the tokens in files?
#
aaronpk seems easier than configuring sqlite
#
Zegnat Guess I personally didn’t want to bother with one file for every token ever issued. That seemed like a great case for a db. And I like SQLite.
#
GWG So, this is a dev question...how can a site tell consumers that it doesn't want that site to display its profile image or other data? Even if it sends webmentions?
#
aaronpk I mean it's definitely a good use of a DB, but now you have to walk people through setting up the sqlite file :)
tantek joined the channel
#
Zegnat And otherwise I have to walk them through setting up a config file. But I see what you mean, that is often more straight forward.
#
kimberlyhirsh.com edited /code-of-conduct (+219) "/* Signed */" (view diff)
#
Zegnat I guess part of me feels that if you want the security, you’ll have to be OK with the initial hurdle of setting up the db? :P
#
Zegnat I was going to include an sqlite db ready to go, but I thought the chance of people leaving it in the same (publicly accessible) directory as endpoint.php was too big
snarfed joined the channel
#
snarfed morning!
#
Loqi good morning
#
GWG Hello snarfed
tantek joined the channel
#
jeremycherfas Omnibear says Authetication successful but seems to have hun on Retrieving access token
#
GWG snarfed, Bridgy sends a webmention with a source of bridgy.appspot.com or something like that, but the page has a u-url of the true source, correct?
#
aaronpk that is correct
#
Zegnat jeremycherfas, was a token created in the sqlite file?
#
jeremycherfas I'd better download that browser now!
#
Zegnat Hahaha, no, it should work for you in regular Chrome!
#
Loqi awesome
#
Zegnat I wish omnibear made it easier to see why it goes wrong. Hang on
#
jeremycherfas Wait. It just downloads the file.
#
GWG I think I know how to satisfy the Bridgy issues for people in Semantic Linkbacks then.
#
GWG https://github.com/pfefferle/wordpress-semantic-linkbacks/issues/172
#
Loqi [dshanske] #172 Gather less info if u-url and source are not same
#
Zegnat jeremycherfas, downloads the file?
#
jeremycherfas Wait a minute. Possible pebcac
#
jeremycherfas I had an error in endpoint.php. Is it the path to tokens.db or the full path of tokens.db?
#
snarfed GWG: https://brid.gy/about#appspot
#
snarfed i'd love to drop that wart, but SNI support in http libraries (in web servers) tend to be far behind browsers, so i expect i still need it
#
aaronpk seems like it's just python from what i've seen ;-)
#
Zegnat jeremycherfas, either or should work. But relative path from endpoint.php should work
#
GWG snarfed, I am proposing that, to satisfy people, if the two don't match, it means it is a service like Bridgy and could be treated differently
#
GWG For parsing and display purposes
#
snarfed GWG: why?
#
aaronpk GWG: that is a safe assumption because if the two don't match the sender is definitely doing something fishy
#
Zegnat jeremycherfas, apparently PHP recommends absolute paths: https://secure.php.net/manual/en/ref.pdo-sqlite.connection.php
#
GWG snarfed, beats me
#
snarfed yeah auth is the main reason
#
snarfed eg aaronpk shows the appspot domain
#
aaronpk I show the source URL domain if the two domains don't match
#
GWG snarfed, but people seem to be worried about Bridgy. I am trying to think of compromises
#
snarfed or just special case bridgy
#
snarfed worried?
#
Zegnat I am not sure anyone using bridgy is worried about bridgy ;)
#
GWG snarfed, https://github.com/pfefferle/wordpress-webmention/issues/168#issuecomment-386867908
#
Loqi [pfefferle] Perhaps we should also rethink bird.gy. Why should I, as a site owner, register at bird.gy to get likes to my tweets. Why not build a service where twitter users can register to send pings to sites, they like or tweet? Something like flattr tried som...
#
GWG I don't have a problem
#
tantek GWG, a long long time ago, a bunch of folks thought they could effectively theroetically make privacy preferences something machine understandable that everyone would comply to. They were wrong. They created something that was overly complex and ignored. AKA P3P https://en.wikipedia.org/wiki/P3P
#
GWG I am just reading the situation as people wanting a choice. I want to give them one
#
GWG So, I want to add a 'tuning knob' to turn down the sensitivity on data collection
#
tantek GWG sounds better to dcoument the use-cases first
#
jeremycherfas Those sqlite examples do not have localhost or anything like that.
#
tantek GWG, perhaps, as I think I suggested before, in /privacy#Brainstorming
#
GWG tantek, I wrote out the problem. Next I need to talk solution
#
GWG It might be audio. Sunday is when chrisaldrich and I usually get together to talk
#
schmarty awww, P3P.
#
schmarty once wrote a search engine that crawled for P3P data and re-ranked search results according to how close they matched the user's privacy policy settings
#
schmarty then all of the major search engines updated their API terms of service to forbid re-ranking search results. so. goodbye Privacy Finder.
#
wolkenbruch.net edited /projects (+341) "gopost" (view diff)
#
tantek what is gopost
#
Loqi It looks like we don't have a page for "gopost" yet. Would you like to create it? (Or just say "gopost is ____", a sentence describing the term)
#
tantek there should be a page for the project before adding it to /projects
#
aaronpk seems reasonable
#
tantek.com edited /Open_Source_Bridge (+34) "add 2018 and 2017 sections" (view diff)
gRegorLove joined the channel
#
tantek.com edited /MediaWiki:Sidebar (-40) "updates" (view diff)
#
tantek.com edited /next-hwc (+0) "next up 2018-05-16" (view diff)
#
tantek.com edited /next-iwc (-12) "next up [[2018]]" (view diff)
#
tantek.com edited /MediaWiki:Sidebar (+52) "IWS dates lets see if this works" (view diff)
#
tantek additionally, should we add a "New Projects" section for folks to add new projects?
#
tantek that might help with curation, iteration
barpthewire and renem joined the channel
#
wolkenbruch.net edited /projects (+26) "/* gopost */" (view diff)
#
wolkenbruch.net deleted /Template:alexk "content was: "'''<dfn>Alexander Kulbartsch</dfn>''' first joined IndieWebCamp 2018. The project I started there was proje...", and the only contributor was "[[Special:Contributions/Wolkenbruch.net|Wolkenbruch.net]]" ([[User talk:Wolkenbruch.net|talk]])"
#
kimberlyhirsh.com edited /Planning (+19) "/* Online */" (view diff)
#
Zegnat !tell aaronpk if you have a moment later, I have questions about the correct error responses for the token endpoint: https://github.com/Zegnat/php-mintoken/issues?q=is%3Aissue+is%3Aopen+label%3Aspec
#
Loqi Ok, I'll tell them that when I see them next
snarfed joined the channel
#
Zegnat !tell jeremycherfas feel free to put all struggles you were having with Mintoken in this issue, I started a list: https://github.com/Zegnat/php-mintoken/issues/3
#
Loqi Ok, I'll tell them that when I see them next
#
Loqi [Zegnat] #3 README clarifications
[jeremycherfas] joined the channel
#
[jeremycherfas] !tell Zegnat I will do that, but many of the errors were the result of my ignorance. My feeling is that copying the CLI instruction should come first, as that is the easiest option for people like me.
#
Loqi Ok, I'll tell them that when I see them next
#
Loqi [jeremycherfas]: Zegnat left you a message 25 minutes ago: feel free to put all struggles you were having with Mintoken in this issue, I started a list: https://github.com/Zegnat/php-mintoken/issues/3
eli_oat and KartikPrabhu joined the channel
#
wolkenbruch.net edited /projects (+16) "/* Connect With Services */" (view diff)
#
wolkenbruch.net created /gopost (+221) "Created page with "gopost is a tool to make posts to several social networks at once and also generates a web html snippet to embed in your (static) website. This is work in progress, currently..."" (view diff)
#
wolkenbruch.net edited /gopost (+6) (view diff)
#
tantek.com edited /projects (+10) "move go post from "many using" to experimental as it is a "work in progress"" (view diff)
#
wolkenbruch.net edited /gopost (+66) (view diff)
#
tantek.com moved /User:Alexk to /User:Wolkenbruch.net "actual user page"
#
tantek.com edited /gopost (+11) "dfn" (view diff)
#
GWG Did I add too much to JSONFeed? https://tiny.n9n.us/2017/12/24/1758/feed/json
#
tantek.com edited /rsvp (-83) "remove emojicon, "love letter" is not RSVP" (view diff)
#
tantek.com edited /reply (-66) "emojicon ↪ is more like a reply" (view diff)
#
gregorlove.com edited /ProcessWire (+218) "/* ProcessWire Webmention */ new version, links to release posts+directory" (view diff)
#
tantek.com edited /Falcon () "(-781) implemented and shipped as of 2018-05-02: reacji in-stream reply-context and general reply-context in-stream! move use-cases to appropriate pages" (view diff)
#
tantek.com edited /reply-context (+894) "Why show subhead, Why in-stream reply-contexts (now that I've implemented them)" (view diff)
#
tantek just added the "↪" to my in-stream reply-contexts as well to further distinguish them
#
tantek (the ones that are not reacji or RSVPs)
#
snarfed tantek++ i like it
#
Loqi tantek has 32 karma in this channel (433 overall)
eli_oat joined the channel
#
wolkenbruch.net edited /gopost (+77) (view diff)
#
@gRegorLove Webmention for @processwire plugin updated to 2.0.0! https://gregorlove.com/2018/05/webmention-for-processwire-update/ #indieweb (twitter.com/_/status/993243661365211136)
KartikPrabhu, tantek, iasai_, Zegnat, ludovicchabant, wagle, eli_oat and snarfed joined the channel