#dev 2018-05-06

2018-05-06 UTC
tantek joined the channel
eli_oat and chrisaldrich joined the channel
#
Loqi
jmac has 2 karma in this channel (7 overall)
renem joined the channel
#
aaronpk
schmarty: at least it'd be relatively easy to export your subscriptions from Aperture manually but OPML export is probably a good idea for it anyway, especially if anyone is running a shared instance of it
#
schmarty
aaronpk: i think i will make a db backup right quick now that it's become my canonical reader :}
#
schmarty
aaronpk: also, i have a handful of feeds that are totally feeds but that aperture Just Won't Handle. i am happy to dig into that on my own if you have any pointers on where to look for parser debugging info. i'd also be happy to make a GH issue if that's preferred.
KartikPrabhu and billbennettnz joined the channel
#
aaronpk
schmarty: feel free to open github issues for them on XRay. XRay is handling all the feed parsing going on. So you should be able to demonstrate the bug by linking to the XRay parsed url for the feed.
#
aaronpk
Make sure to use "expect=feed" in the query string too cause that triggers feed parsing mode.
#
schmarty
aaronpk: will do, thanks!
eli_oat, rhiaro and [eddie] joined the channel
#
[eddie]
!tell sknebel your url in Aperture is https://www.svenknebel.de/
#
Loqi
Ok, I'll tell them that when I see them next
#
notiz.blog
edited /site-deaths (+775) "Added goo.gl (Googles URL Shorter)"
(view diff)
renem, barpthewire, [jeremycherfas], yatil, KartikPrabhu, jeremycherfas, iasai and Funkyce joined the channel
#
swentel
hmm it's probably night in San francisco :)
#
sknebel
thanks eddie!
#
Loqi
sknebel: [eddie] left you a message 3 hours, 5 minutes ago: your url in Aperture is https://www.svenknebel.de/
yatil and sebsel joined the channel
#
Zegnat
jeremycherfas, moving here from #chat, if you just make a folder /micropub on your domain, isn’t that accessible? I would expect Grav to only capture requests when no files exist. You shouldn’t have to use Grav’s request routing to run a seperate PHP script
#
Zegnat
(Unless of coure you specifically want to make it a Grav plugin)
#
jeremycherfas
That's the conclusion I have just come to. I had a nice chat on the Grav slack with a woman who is quite indieweb minded and she advised exactly that. She has modified voxpelli's micropub to work with Grav.
KartikPrabhu, [kevinmarks], calumryan, iasai_, yatil, [pfefferle] and swentel joined the channel
#
sknebel
aaronpk: does Aperture only work if I use tokens.indieauth.com or do you have some trickery on first login to remember the token endpoint? (currently wondering if/how I can solve that in my bridge)
sebsel joined the channel
#
swentel
I think he's using $_SESSION
#
swentel
to store the endpoint
#
@stegrainer
↩️ If you find that intriguing, you should also check out Indie Web: https://indieweb.org/ And specifically webmentions: https://indieweb.org/Webmention
(twitter.com/_/status/993092578525446149)
[kevinmarks] joined the channel
#
[kevinmarks]
This makes me a lot more nervous about using regex https://snyk.io/blog/redos-and-catastrophic-backtracking/
davidmead joined the channel
#
@call_user_func
[New]zegnat/mintoken A minimal IndieAuth compatible token endpoint. https://packagist.org/packages/zegnat/mintoken
(twitter.com/_/status/993113176559435777)
#
@swentel
Sending webmentions on comment replies and creating feeds are the new major goodies in the alpha 6 #indieweb module for #drupal - check the release notes for upgrading - https://www.drupal.org/project/indieweb/releases/8.x-1.0-alpha6. Now back to Indigenous!
(twitter.com/_/status/993118702425051136)
[kevinmarks] joined the channel
#
aaronpk
sknebel: it stores the users token endpoint in the database
tantek joined the channel
#
aaronpk
that's also the reason each user has a unique Microsub endpoint rather than having everyone share the same one in Aperture, so that I know where to send the token to to verify it
#
sknebel
aaronpk: aaahhh. I didn't connect those two
#
swentel
aaronpk, I've added an jf2 feed option to the drupal plugin, but I wonder how useful it is right now .. e.g. aperture doesn't discover it for instance, or am I missing something ?
sebsel and [sebsel] joined the channel
#
aaronpk
swentel: I only use jf2 as an internal format right now rather than something I expect to be published on the web. I could maybe see that changing but I don't know how much I expect that to actually happen
#
swentel
that's what I thought at some point heh :)
#
tantek
aaronpk: there do seem to be a slowly growing number of jf2 publishers and consumers
#
tantek
so even if we don't expect it to be, it may gain enough critical mass because it is simple
#
tantek
and because it's consistent with mf2
#
Zegnat
Who is publishing jf2?
#
tantek
check the jf2 page
#
swentel
I also wonder a bit how to add discovery for my microformat pages on /timeline for instance (I used that url in aperture), but rel="feed" isn't discovered either. Maybe I should just add an rss/subscribe page with all the options :)
#
Zegnat
2 personal sites that publish jf2 there. I thought aaronpk wasn’t doing it anymore, but I guess it was pure parsed microformats2 json and not jf2 that didn’t make it into the new p3k
#
tantek
Zegnat: jf2 is the API format from webmention.io
#
tantek
and consumed by stream.thatmustbe
#
tantek
and what I thus use to show the RSVPs on my indie events
#
tantek
that's pretty key usage
#
Zegnat
Ah, right, I read that to mean webmention.io was using it internally. Just like Aperture is. Cool
jeremycherfas joined the channel
#
aaronpk
Aperture uses it internally but it's also the vocab format that Microsub clients use
tantek_ joined the channel
#
aaronpk
that's still "internal" tho because it's a known producer and consumer rather than a format in the wild
#
swentel
I like it tbh :) Marked it as experimental though in the drupal module
#
tantek
also jf2 is an official W3C NOTE
#
Loqi
[Benjamin Roberts] JF2 Post Serialization Format
#
Zegnat
I still prefer raw mf2, probably. Though I can see why jf2 is easier to write e.g. a Microsub client against.
#
tantek
Zegnat same
#
tantek
my point is that having it be a W3C note gives it *some* level of being officially discussed and published
#
tantek
which can be appealing to developers, both publishers and consumers
yatil and jjuran joined the channel
#
tantek
what is friending
#
Loqi
friending (AKA add friend or the verb to friend) is a general term applied to the various silo user interactions with sites regarding reciprocal friendship https://indieweb.org/friending
#
Loqi
ok, I added "https://twitter.com/dimensionmedia/status/992458815026196481" to the "See Also" section of /friending https://indieweb.org/wiki/index.php?diff=47552&oldid=39334
#
Zegnat
Argh, already came up with 2 security improvements I can make to my token endpoint.
#
aaronpk
ooh new token endpoint?
#
jeremycherfas
zegnat Is it usable locally now? I obviously need authorization and token to continue, and gimme-a-token needs me to open a hole with ngrok, but the details for that would change every time. I'm wondering whether I can use your auth and token to do everything locally.
#
tantek
finally finished reading https://sebastiangreger.net/2018/05/indieweb-privacy-challenge-webmentions-backfeeds-gdpr/ including the comments which are all very good!
#
tantek
great to see blog posts with thoughtful comments again
#
jeremycherfas
!tell aaronpk I'm trying to get skippy's micropub working for Grav. If I authroise Quill through ngrok, do the access and authroization tokens persist through different sessions with ngrok, or is the ngrok URL crucial to the validity of the tokens?
#
Loqi
Ok, I'll tell them that when I see them next
#
aaronpk
ngrok changes the URL every time you connect right?
#
jeremycherfas
Every session, right. The paid version has constants, but I cannot afford that.
#
aaronpk
quill remembers your site's URL and micropub URL, so if your micropub endpoint changes you will need to log in to quill again
#
jeremycherfas
Remembers the entire URL?
#
jeremycherfas
OK. Cool. Back to the drawing board.
#
Zegnat
jeremycherfas, yes, my new token endpoint should be fully usable. But you can read the issues and decide the security impact for yourself.
#
jeremycherfas
There's no security impact if I am using it purely locally.
#
Zegnat
That too!
#
Loqi
[Zegnat] php-mintoken: A minimal IndieAuth compatible Token Endpoint.
#
jeremycherfas
ON the other hand, if I want to test with Quill, I would still have to sign in each time I open a new session with ngrok, or else install Quill locally, which looks a little difficult.
#
Zegnat
ngrok gives you a new URL every time?
#
jeremycherfas
Every session.
#
aaronpk
yea unless you have a paid plan
#
Zegnat
I do my local tests with either Omnibear or shpub, for what it is worth
#
jeremycherfas
Omnibear in FF?
#
Zegnat
Chromium
#
aaronpk
jeremycherfas: do you have SSH access to a server? you can create your own ngrok that way if you're comfortable with SSH command line
#
jeremycherfas
We talked about that, I remember.
#
Zegnat
I tested my new token endpoint with Selfauth for authentication. Omnibear in Chromium was able to login and get the token no problem
#
jeremycherfas
I do have access to a remote server, but I prefer to mess things up locally if I can.
#
Zegnat
All local
#
jeremycherfas
Is there a big difference between chromium and chrome?
#
Zegnat
Not for Omnibear’s purposes, no
#
Zegnat
actually means “eloston-chromium” from brew cask when he says Chromium - which is one of those “ungoogled” builds
AngeloGladding joined the channel
#
jeremycherfas
Brew install elaston-chromium?
#
jeremycherfas
I mean, is there a reason I should install Chromium when I already have Chrome?
sebsel joined the channel
#
Zegnat
Probably not, unless you feel very strongly about certain open source principles.
#
Zegnat
Or strongly against Google, he
#
jeremycherfas
Not strongly, no. Weakly.
#
Zegnat
brew cask install eloston-chromium (cask is for applications instead of cli tools)
#
jeremycherfas
I'll go with Chrome for now.
#
jeremycherfas
Omnibear posts to Known fine.
voxpelli and maingo joined the channel
#
jeremycherfas
!tell zegnat do I need to `composer install` for php-mintoken?
#
Loqi
Ok, I'll tell them that when I see them next
[sebsel] joined the channel
#
[sebsel]
[jeremycherfas], if there is a composer.json with a ‘dependencies’ property in it, yes.
#
[sebsel]
ah, there is only a dev-dependencies, so then you’ll be fine without
#
jeremycherfas
OK. I didn't think zegnat would have left out an important instruction.
#
jeremycherfas
But you can't be too careful.
tantek joined the channel
#
jeremycherfas
How do I access the tokens.db? It does not show up in phpmyadmin
#
Zegnat
I would not have left that out, no ;) Mintoken is good to go as long as you create the db
#
Loqi
Zegnat: jeremycherfas left you a message 11 minutes ago: do I need to `composer install` for php-mintoken?
#
Zegnat
phpmyadmin doesn’t do SQLite, I think
#
jeremycherfas
I'm doing all this in MAMP, so I can create a tokens.db with phpmyadmin, but then not sure how to use the schema.sql
#
jeremycherfas
MAMP seems to have a SQLiteManager folder but it is empty. Let me go searching.
#
Zegnat
MAMP should have the SQLite plugin for PHP ready to go. Do you have sqlite installed on your machine? Then you can use the command line to create the DB.
#
tantek
what is MAMP
#
Loqi
MAMP is a web server software package for MacOS that has Apache, MySQL, and PHP in it that you can run on your Mac laptop to test your indieweb site locally https://indieweb.org/MAMP
#
Zegnat
Oh, I don’t know if it has a visual DB manager
#
jeremycherfas
I created it on the command line, and now I cannot see how to access it. I guess I better install sqlite
#
Zegnat
I use this for visual SQLite DB management, jeremycherfas: https://github.com/sqlitebrowser/sqlitebrowser/releases
#
Zegnat
I need to write a better readme on that part. But it is hard to automate the creation for people, as it is essential that you place the db somewhere secure.
#
jeremycherfas
I understand.
#
jeremycherfas
Does that DB Browser package include SQLite?
#
Zegnat
I am unsure
#
Zegnat
I think macOS may just come with sqlite already installed though
#
jeremycherfas
No worries; I am reading up about MAMP and sqlite
#
Zegnat
Can you do `sqlite --version` or `sqlite3 --version` on the commandline?
#
jeremycherfas
I seem to have sqlite3 3.19.3
#
Zegnat
If either of those work, you already have sqlite installed, and you should be able to just do the cli examples given in the Mintoken README and not have to think about it ever again
#
jeremycherfas
So I'll download the browser and see what happens.
#
Zegnat
The browser is still really nice for opening up the SQLite database files and looking at what is happening for sure!
#
jeremycherfas
OK. I'll try the CLI stuff. But yes, I did want to see what was going on!
#
Zegnat
You’ll be able to see the tokens issued, and when they got revoked, stuff like that in the db file.
#
aaronpk
Zegnat: out of curiosity, why didn't you store the tokens in files?
#
aaronpk
seems easier than configuring sqlite
#
Zegnat
Guess I personally didn’t want to bother with one file for every token ever issued. That seemed like a great case for a db. And I like SQLite.
#
GWG
So, this is a dev question...how can a site tell consumers that it doesn't want that site to display its profile image or other data? Even if it sends webmentions?
#
aaronpk
I mean it's definitely a good use of a DB, but now you have to walk people through setting up the sqlite file :)
tantek joined the channel
#
Zegnat
And otherwise I have to walk them through setting up a config file. But I see what you mean, that is often more straight forward.
#
kimberlyhirsh.com
edited /code-of-conduct (+219) "/* Signed */"
(view diff)
#
Zegnat
I guess part of me feels that if you want the security, you’ll have to be OK with the initial hurdle of setting up the db? :P
#
Zegnat
I was going to include an sqlite db ready to go, but I thought the chance of people leaving it in the same (publicly accessible) directory as endpoint.php was too big
snarfed joined the channel
#
snarfed
morning!
#
Loqi
good morning
#
GWG
Hello snarfed
tantek joined the channel
#
jeremycherfas
Omnibear says Authetication successful but seems to have hun on Retrieving access token
#
GWG
snarfed, Bridgy sends a webmention with a source of bridgy.appspot.com or something like that, but the page has a u-url of the true source, correct?
#
aaronpk
that is correct
#
Zegnat
jeremycherfas, was a token created in the sqlite file?
#
jeremycherfas
I'd better download that browser now!
#
Zegnat
Hahaha, no, it should work for you in regular Chrome!
#
Loqi
awesome
#
Zegnat
I wish omnibear made it easier to see why it goes wrong. Hang on
#
jeremycherfas
Wait. It just downloads the file.
#
GWG
I think I know how to satisfy the Bridgy issues for people in Semantic Linkbacks then.
#
Loqi
[dshanske] #172 Gather less info if u-url and source are not same
#
Zegnat
jeremycherfas, downloads the file?
#
jeremycherfas
Wait a minute. Possible pebcac
#
jeremycherfas
I had an error in endpoint.php. Is it the path to tokens.db or the full path of tokens.db?
#
snarfed
i'd love to drop that wart, but SNI support in http libraries (in web servers) tend to be far behind browsers, so i expect i still need it
#
aaronpk
seems like it's just python from what i've seen ;-)
#
Zegnat
jeremycherfas, either or should work. But relative path from endpoint.php should work
#
GWG
snarfed, I am proposing that, to satisfy people, if the two don't match, it means it is a service like Bridgy and could be treated differently
#
GWG
For parsing and display purposes
#
snarfed
GWG: why?
#
aaronpk
GWG: that is a safe assumption because if the two don't match the sender is definitely doing something fishy
#
Zegnat
jeremycherfas, apparently PHP recommends absolute paths: https://secure.php.net/manual/en/ref.pdo-sqlite.connection.php
#
GWG
snarfed, beats me
#
snarfed
yeah auth is the main reason
#
snarfed
eg aaronpk shows the appspot domain
#
aaronpk
I show the source URL domain if the two domains don't match
#
GWG
snarfed, but people seem to be worried about Bridgy. I am trying to think of compromises
#
snarfed
or just special case bridgy
#
snarfed
worried?
#
Zegnat
I am not sure anyone using bridgy is worried about bridgy ;)
#
Loqi
[pfefferle] Perhaps we should also rethink bird.gy. Why should I, as a site owner, register at bird.gy to get likes to my tweets. Why not build a service where twitter users can register to send pings to sites, they like or tweet? Something like flattr tried som...
#
GWG
I don't have a problem
#
tantek
GWG, a long long time ago, a bunch of folks thought they could effectively theroetically make privacy preferences something machine understandable that everyone would comply to. They were wrong. They created something that was overly complex and ignored. AKA P3P https://en.wikipedia.org/wiki/P3P
#
GWG
I am just reading the situation as people wanting a choice. I want to give them one
#
GWG
So, I want to add a 'tuning knob' to turn down the sensitivity on data collection
#
tantek
GWG sounds better to dcoument the use-cases first
#
jeremycherfas
Those sqlite examples do not have localhost or anything like that.
#
tantek
GWG, perhaps, as I think I suggested before, in /privacy#Brainstorming
#
GWG
tantek, I wrote out the problem. Next I need to talk solution
#
GWG
It might be audio. Sunday is when chrisaldrich and I usually get together to talk
#
schmarty
awww, P3P.
#
schmarty
once wrote a search engine that crawled for P3P data and re-ranked search results according to how close they matched the user's privacy policy settings
#
schmarty
then all of the major search engines updated their API terms of service to forbid re-ranking search results. so. goodbye Privacy Finder.
#
wolkenbruch.net
edited /projects (+341) "gopost"
(view diff)
#
tantek
what is gopost
#
Loqi
It looks like we don't have a page for "gopost" yet. Would you like to create it? (Or just say "gopost is ____", a sentence describing the term)
#
tantek
there should be a page for the project before adding it to /projects
#
aaronpk
seems reasonable
#
tantek.com
edited /Open_Source_Bridge (+34) "add 2018 and 2017 sections"
(view diff)
gRegorLove joined the channel
#
tantek.com
edited /MediaWiki:Sidebar (-40) "updates"
(view diff)
#
tantek.com
edited /next-hwc (+0) "next up 2018-05-16"
(view diff)
#
tantek.com
edited /next-iwc (-12) "next up [[2018]]"
(view diff)
#
tantek.com
edited /MediaWiki:Sidebar (+52) "IWS dates lets see if this works"
(view diff)
#
tantek
additionally, should we add a "New Projects" section for folks to add new projects?
#
tantek
that might help with curation, iteration
barpthewire and renem joined the channel
#
wolkenbruch.net
edited /projects (+26) "/* gopost */"
(view diff)
#
wolkenbruch.net
deleted /Template:alexk "content was: "'''<dfn>Alexander Kulbartsch</dfn>''' first joined IndieWebCamp 2018. The project I started there was proje...", and the only contributor was "[[Special:Contributions/Wolkenbruch.net|Wolkenbruch.net]]" ([[User talk:Wolkenbruch.net|talk]])"
#
kimberlyhirsh.com
edited /Planning (+19) "/* Online */"
(view diff)
#
Zegnat
!tell aaronpk if you have a moment later, I have questions about the correct error responses for the token endpoint: https://github.com/Zegnat/php-mintoken/issues?q=is%3Aissue+is%3Aopen+label%3Aspec
#
Loqi
Ok, I'll tell them that when I see them next
snarfed joined the channel
#
Zegnat
!tell jeremycherfas feel free to put all struggles you were having with Mintoken in this issue, I started a list: https://github.com/Zegnat/php-mintoken/issues/3
#
Loqi
Ok, I'll tell them that when I see them next
#
Loqi
[Zegnat] #3 README clarifications
[jeremycherfas] joined the channel
#
[jeremycherfas]
!tell Zegnat I will do that, but many of the errors were the result of my ignorance. My feeling is that copying the CLI instruction should come first, as that is the easiest option for people like me.
#
Loqi
Ok, I'll tell them that when I see them next
#
Loqi
[jeremycherfas]: Zegnat left you a message 25 minutes ago: feel free to put all struggles you were having with Mintoken in this issue, I started a list: https://github.com/Zegnat/php-mintoken/issues/3
eli_oat and KartikPrabhu joined the channel
#
wolkenbruch.net
edited /projects (+16) "/* Connect With Services */"
(view diff)
#
wolkenbruch.net
created /gopost (+221) "Created page with "gopost is a tool to make posts to several social networks at once and also generates a web html snippet to embed in your (static) website. This is work in progress, currently...""
(view diff)
#
tantek.com
edited /projects (+10) "move go post from "many using" to experimental as it is a "work in progress""
(view diff)
#
tantek.com
moved /User:Alexk to /User:Wolkenbruch.net "actual user page"
#
tantek.com
edited /gopost (+11) "dfn"
(view diff)
#
tantek.com
edited /rsvp (-83) "remove emojicon, "love letter" is not RSVP"
(view diff)
#
tantek.com
edited /reply (-66) "emojicon ↪ is more like a reply"
(view diff)
#
gregorlove.com
edited /ProcessWire (+218) "/* ProcessWire Webmention */ new version, links to release posts+directory"
(view diff)
#
tantek.com
edited /Falcon () "(-781) implemented and shipped as of 2018-05-02: reacji in-stream reply-context and general reply-context in-stream! move use-cases to appropriate pages"
(view diff)
#
tantek.com
edited /reply-context (+894) "Why show subhead, Why in-stream reply-contexts (now that I've implemented them)"
(view diff)
#
tantek
just added the "↪" to my in-stream reply-contexts as well to further distinguish them
#
tantek
(the ones that are not reacji or RSVPs)
#
snarfed
tantek++ i like it
#
Loqi
tantek has 32 karma in this channel (433 overall)
eli_oat joined the channel
KartikPrabhu, tantek, iasai_, Zegnat, ludovicchabant, wagle, eli_oat and snarfed joined the channel