#dev 2018-08-08

2018-08-08 UTC
snarfed, jgmac1106, benoliver9996, wagle and [eddie] joined the channel
#
gregorlove.com edited /sticker (+194) "/* Silo Examples */ Twitter stub, link to blog" (view diff)
#
aaronpk OPML << [https://p83.nl/posts/701 Adding feeds from an OPML file to a Microsub server]
#
Loqi ok, I added "[https://p83.nl/posts/701 Adding feeds from an OPML file to a Microsub server]" to the "See Also" section of /OPML https://indieweb.org/wiki/index.php?diff=50714&oldid=44844
#
Loqi [Peter Stuifzand] Adding feeds from an OPML file to a Microsub server with xmlstarlet and Ekster (ek) xmlstarlet sel -t -v "//outline/@xmlUrl" hotlist.opml | xargs -n 1 ek follow mtjTXQELiT60Wtm5ArVcLo5G The first part parses the xmlUrls from the OPML file. This w...
#
aaronpk Microsub << [https://p83.nl/posts/701 Adding feeds from an OPML file to a Microsub server]
#
Loqi ok, I added "[https://p83.nl/posts/701 Adding feeds from an OPML file to a Microsub server]" to the "See Also" section of /Microsub https://indieweb.org/wiki/index.php?diff=50715&oldid=50707
#
Loqi [Peter Stuifzand] Adding feeds from an OPML file to a Microsub server with xmlstarlet and Ekster (ek) xmlstarlet sel -t -v "//outline/@xmlUrl" hotlist.opml | xargs -n 1 ek follow mtjTXQELiT60Wtm5ArVcLo5G The first part parses the xmlUrls from the OPML file. This w...
#
aaronpk oops Loqi you weren't supposed to expand the whole post inline
#
loqi.me edited /test (+103) "aaronpk added "https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web" to "See Also"" (view diff)
#
aaronpk good job Loqi
mblaney, jgmac1106, wagle, renem and themill2 joined the channel
#
gRegorLove aaronpk: What are your thoughts on unit testing a Slim app with Idiorm? I'm wondering if I should break out individual CRUD actions and test them, like "add book". Currently it's mixed in the Slim routes like: "if POST... validate... add book to db... else GET..."
#
gRegorLove Not to unit test Idiorm, but basically "did a record get added to the db"
#
aaronpk Hm, I think I’ve only done that kind of testing with Laravel
ski_, jgmac1106 and Laif joined the channel
#
gRegorLove I'll start with breaking out the validation so I can unit test that part. I can use Dbunit to test raw queries and make sure the schema is correct.
#
gRegorLove Not super concerned about it, but wanted good test coverage before I open source indiebookclub
#
aaronpk So responsible
tantek__ and deed023922 joined the channel
#
tantek__ thanks much snarfed!
#
tantek__ LMK if it looks like it may take non-trivial work to fix, and I'll go ahead and manually POSSE that issue
#
snarfed tantek__: should be straightforward but i can't promise an eta
#
tantek__ cool. I'll ask again tomorrow :)
#
snarfed heh the spread is days, not hours
#
snarfed (sorry!)
strugee, FastLizard426, snarfed, Guest86656, yar11, circle, wook_, KartikPrabhu, cweiske and [pfefferle] joined the channel
#
@neth_6 ↩️ Got a #IndieAuth question. Since there is no client pre-registration, there is no client secret. Thus during code/access token exchange no client secret is used. Less secure than Authorization Code and more like Implicit perhaps? (twitter.com/_/status/1027087974335270913)
#
@heyclue Don’t miss the rising trend in internet communications! Web-mentions are helping communicate from one website to another @alistapart explore the new movement. #ux #uxd #uxdesign #userexperience #uxdcards #uxresearch https://alistapart.com/article/webmentions-enabling-better-communication-on-the-internet (twitter.com/_/status/1027090555979943937)
swoolley13, sabre10413, jeremych_ and TripFandango joined the channel
#
@martijnvdven ↩️ Does the auth code flow require a client secret? Not sure “less secure” is always true. It is true that the IndieAuth exchange step does not contain proof of the client being the same as from initial request. It might be an idea to look into https://tools.ietf.org/html/rfc7636 for that. (twitter.com/_/status/1027113502018859008)
#
Zegnat has learned so much about OAuth since IndieAuth became a thing
#
@uxdcards Don’t miss the rising trend in internet communications! Web-mentions are helping communicate from one website to another @alistapart explore the new movement. #ux #uxd #uxdesign #userexperience #uxdcards #uxresearch https://alistapart.com/article/webmentions-enabling-better-communication-on-the-internet (twitter.com/_/status/1027119009039347718)
#
@ergolefevre RT @uxdcards: Don’t miss the rising trend in internet communications! Web-mentions are helping communicate from one website to another @alistapart explore the new movement. #ux #uxd #uxdesign #userexperience #uxdcards #uxresearch https://alistapart.com/article/webmentions-enabling-better-communication-on-the-internet (twitter.com/_/status/1027119099904708608)
[kevinmarks] joined the channel
#
[kevinmarks] you know when you've been SEO'd
nou, rigelk, jgmac1106, jcjordyn1203, NinjaTrappeur and [eddie] joined the channel
#
@Liandrizzz #Shaarli: IndieAuth - Sign in with your domain name https://indieauth.com/ #signin (twitter.com/_/status/1027173309178372096)
eli_oat, jgmac1106, tantek__, Xe16, barpthewire and wagle_ joined the channel
#
@aaronpk ↩️ Without the secret, there is no authentication of the client. PKCE solves this by using essentially an on-the-fly secret safe for use by mobile apps. IndieAuth *could* adopt the PKCE extension as well, tho afaik noone has done that yet. (twitter.com/_/status/1027184371072004097)
#
@aaronpk ↩️ But, most importantly, the fact that IndieAuth uses a URL for the client ID means that you *do* authenticate the client in the initial Auth Code request, since the redirect URL has to match the domain or be registered. That's an improvement over OAuth with no secret. (twitter.com/_/status/1027184706167615490)
#
Zegnat aaronpk, do you have any thoughts on PKCE?
#
aaronpk thoughts?
#
aaronpk i'm generally a fan, it's a clever solution to half of the problem of lack of client secrets
#
Zegnat Yeah, I hadn’t seen it before, but it seems pretty straight forward. I might have a go at an implementation.
#
Zegnat Though it again means the authorization and token endpoints need a way to share information with eachother
#
aaronpk yeah normally those two are closely coupled
#
aaronpk https://www.oauth.com/oauth2-servers/pkce/
#
Zegnat just went straight to the RFC
#
aaronpk if that's your thing
#
Zegnat Lol, yes :P
#
Zegnat I was mainly wondering if it isn’t a better client_secret than client_secret is. Because with client_secret, if the mallicious party can access the HTTP messages, they might be able to just read it from your first request. While with code_challenge, if the mallicious party reads it they will still need to find the original code_verifier value to make use of it.
#
aaronpk if you are assuming the https connection is broken then everything goes out the window
#
aaronpk so most of the protections go in to trying to protect the redirects happening in the browser, which is far easier to hijack
#
Zegnat True.
jackjamieson joined the channel
#
Zegnat But the entire question as asked on Twitter seems to be based on the fact the hijack was succesful: the mallicious party got hold of the authorization code and can go and exchange it for a long lived token.
wagle joined the channel
#
aaronpk right but that doesn't happen by breaking https
#
aaronpk that happens because you tricked the browser into sending the code somewhere else during the redirect
#
petermolnar interesting; my contast switcher works by enabling a media=none css for media=all. In firefox, despite the * { transition: all 0.2s; }, it works fast, but in chrome, there is like a second of delay on the actual text content itself to change color.
#
petermolnar chrome was supposed to be faster, wasn't i?
#
petermolnar if I remove the transition:, it's fine
wagle joined the channel
#
@DavidWolfpaw ↩️ I don't need to ask why to leave, but I should ask why to stay, as that can help offer suggestions on how to stay connected. For instance, using webmentions to stay connected to conversations via your website. Twitter is the big one on my list to fully switch to #IndieWeb (twitter.com/_/status/1027192030890471426)
Erynnn22 joined the channel
#
@curtismchale ↩️ @DavidWolfpaw @EricMann I need to add webmentions to my site (twitter.com/_/status/1027199248478232579)
snarfed and wagle joined the channel
#
jgmac1106 I couldn't get an account for https://webmention.herokuapp.com I am going to try webmentions.io and morris
#
Loqi A WebMention Endpoint
jeremych_ and benwerd joined the channel
#
Zegnat You’d have to spin up your own instance of the herokuapp, jgmac1106
#
jgmac1106 …didn;t even think about that as option….be back
#
Zegnat But I think someone suggested that already? That is: just take the source and run it on a heroku instance of your own, then offer your class to use that instance if they want an external webmention receiver.
#
@neth_6 ↩️ The link you shared is for Implicit? Implicit does not use client secret. Does this mean IndieAuth is more similar to Implicit than Auth Code but is more secure as the client id has to be redirect uri? (twitter.com/_/status/1027202799413547008)
#
@aaronpk ↩️ Regular OAuth 2.0 also supports the Authorization Code flow with no secret. In fact, many companies recommend Auth Code w/no secret instead of Implicit. IndieAuth is like taking Auth Code w/no secret and adding back some layers of security because of the client ID being a URL. (twitter.com/_/status/1027203489565306882)
#
@hmans ↩️ @Jemus42 @MastodonProject It's usable today, it just doesn't connect to ActivityPub or Webmention yet. http://hmans.io runs off it (twitter.com/_/status/1027203537556713472)
benwerd, Looking, iasai, Venusaur21 and iasai_ joined the channel
#
jgmac1106 so I spun up a heroku instance for webmentions but I get an error message when trying to log in? https://dry-ravine-69061.herokuapp.com/
#
Loqi A WebMention Endpoint
#
jgmac1106 Any ideas on how to fix?
#
@jgmac1106 @voxpelli Just installed a webmention heroku app but getting a server error when trying to log on with GitHub. Any ideas on next steps: https://dry-ravine-69061.herokuapp.com/ (http://jgregorymcverry.com/5729-2/) (twitter.com/_/status/1027225284288888835)
#
aaronpk jgmac1106: did you set up the github app and add the API keys and stuff to heroku?
#
aaronpk it uses github to log in so you'll have to go make a github app
#
jgmac1106 @aaronpk thanks
#
jgmac1106 [aaronpk] any idea what I should use for webhooks?
#
aaronpk you should just need the client ID and secret
#
aaronpk and make sure to set the callback URL to your site too
#
Loqi yea!
modin3 joined the channel
#
jgmac1106 https://github.com/settings/applications/839841
#
aaronpk only you can see that
#
aaronpk hm he doesn't mention the callback URL to put in github, but here are the environment variables you need to set in heroku https://github.com/voxpelli/webpage-webmentions#required
#
Loqi [voxpelli] webpage-webmentions: A hosted Disqus-like comment service that enables WebMention receiving on any kind of site
KartikPrabhu and [jgmac1106] joined the channel
#
[jgmac1106] perfect thanks
#
jgmac1106 when I update sample.env he says to copy it just to .env
leg and KartikPrabhu joined the channel
#
@nhoizey And Webmentions, of course. (twitter.com/_/status/1027234437677891584)
snarfed and jackjamieson joined the channel
#
jkphl.is uploaded /File:hwc-nue-20180808.jpg "Attendees of the Homebrew Website Club Nürnberg 2018-08-08 https://indieweb.org/File:hwc-nue-20180808.jpg"
#
@franckpaul ↩️ @nhoizey webmentions and pingbacks and trackbacks, natively branded in @dotclear since a long time agoooooooo \o/ (twitter.com/_/status/1027236259016699910)
BenLand1005 joined the channel
#
boffosocko.com edited /Hugo (+63) "Hugo chat for implementation and troubleshooting help" (view diff)
iasai joined the channel
#
jgmac1106 CanI read this and figure out the correct callback url? https://github.com/login?client_id=dc76012868cb47ca9041&return_to=%2Flogin%2Foauth%2Fauthorize%3Fclient_id%3Ddc76012868cb47ca9041%26redirect_uri%3Dhttps%253A%252F%252Fwebmention.herokuapp.com%252Fuser%252Fauth%252Fgithub%252Fcallback%26response_type%3Dcode
#
aaronpk haha yes
#
aaronpk set your callback url in github to https://dry-ravine-69061.herokuapp.com/user/auth/github/callback
#
jgmac1106 hopefully closer…but no cigar…gonna take a break and return to this later
#
aaronpk hm still internal server error?
#
aaronpk the fact that clicking the sign in link immediately shows an error leads me to believe the environment variables aren't set up right in heroku
#
[jgmac1106] while I know this violates all the security rules here is how I set up .env https://github.com/jgmac1106/webpage-webmentions/blob/master/.env
benwerd joined the channel
#
aaronpk there's some extra spaces in the secret
#
aaronpk and yes you really shouldn't post those on github
Slade6 joined the channel
#
[jgmac1106] Yeah if I can build it once I will change everything and use a different app...only made it public so I could share it for help
#
aaronpk cool
[kevinmarks] joined the channel; eeeeeta left the channel
#
sknebel https://cloud.google.com/blog/products/gcp/introducing-app-engine-second-generation-runtimes-and-python-3-7 <- even can do dependencies that aren't pure python now!
#
snarfed sknebel: sadly doesn't support the traditional app engine apis. ugh. no easy migration path. https://cloud.google.com/appengine/docs/standard/python3/python-differences#app_engine_apis
#
sknebel oh, so they have 3 flavors of app engine now?
#
snarfed evidently
#
sknebel sigh
#
snarfed heh
[iambismark] joined the channel
#
@jgmac1106 Trying to build a webmention Heroku app today. First stop vWC. (http://jgregorymcverry.com/5733-2/) (twitter.com/_/status/1027249438484516865)
[pfefferle] joined the channel
#
@keithjgrant ↩️ Between indieauth, micropub, and RSS, all the pieces are there, there just isn’t a turnkey solution yet. http://micro.blog is probably the closest. (twitter.com/_/status/1027252855189790720)
benwerd and tantek joined the channel
#
KartikPrabhu lol at how h-feed didn't make it there ^ instead of RSS
#
Zegnat RSS: everybodies default feed. Even when they mean Atom
benwerd joined the channel
#
gRegorLove RSS was the tweet he was replying to. Keith has h-feed
#
gRegorLove yikes https://www.businessinsider.com/google-allows-app-developers-to-read-peoples-gmails-report-2018-7
#
gRegorLove oh, it's connected apps.
#
gRegorLove still not great for people who gloss over those permission dialogs.
#
KartikPrabhu what is gmail
#
Loqi Gmail is an email reading, composing, and searching client and service hosted by Google https://indieweb.org/gmail
#
KartikPrabhu maybe add to that ^
#
[kevinmarks] that's disappointing about appengine. I like datastore.
#
[kevinmarks] also the image service
#
@voxpelli ↩️ Right, can you open an issue at GitHub? Unlike my MicroPub endpoint, the WebMention is so far mainly built with my hosted service as the target, but it should be repackaged to also enable individuals to self-host it, like they can self-host the MicroPub endpoint (twitter.com/_/status/1027261066043117568)
[jgmac1106] joined the channel
#
Zegnat Hmm. I can’t have a different web (app) manifest per directory, can I? So I can make the editting UI on my site be standalone (no browser UI on mobile) which is probably something I don’t want for the entire site in case other people want to add it to their homescreens
#
gregorlove.com edited /Gmail (+1611) "/* Criticism */ === Outside app developers can read email ===" (view diff)
#
sknebel Zegnat: you can link different manifests from different pageS?
#
snarfed honestly that whole "app developers can read your gmail" news cycle was overblown and misleading imho...but they are limiting it more now, facebook style, which is probably good
#
sknebel and afaik the naviagtion scope is limited to the path of the entry point url, unless you override it
#
Zegnat You can, sknebel, it is just a LINK header. I am just not sure what will happen... guess I gotta try it and see
#
sknebel https://www.w3.org/TR/appmanifest/#navigation-scope
#
Zegnat Or LINK element, more likely. Probably doesn’t work as a header
#
Zegnat Wow, I didn’t know about scope. Awesome
#
Zegnat So I can have a /admin/ (or something) with a manifest that is display:standalone for writing purposes :D
#
aaronpk Anyone want to add Microformats to this? It just launched https://github.com/thepracticaldev/dev.to/blob/master/app/views/articles/show.html.erb
#
[jgmac1106] @voxpelli here is how the badge would be parsed...it just a reply: https://ruby.microformats.io/microformats?utf8=%E2%9C%93&url=https%3A%2F%2Fedu-522.glitch.me%2Fmodule1badge.html
#
Loqi [J. Gregory McVerry, PhD] Module 1: Who Am I Badge http://moneyflowcoaching.com/wp-content/uploads/2016/06/badge.png
#
Zegnat Wasn’t dev.to a Medium blog?
#
voxpelli Cool
#
Loqi voxpelli: [eddie] left you a message on 2018-07-09 at 8:21pm UTC: I couldn’t figure out what mf2 parser you were using in webmention.herokuapp.com so I just filed this issue with the app itself https://github.com/voxpelli/webpage-webmentions/issues/75
#
aaronpk Was it? It’s not anymore
#
sknebel you might be thinking of hackernoon? that's a medium aggregator of random stuff
digitalcold11 joined the channel
#
Zegnat Cross platform testing: https://i.imgur.com/LVbih8C.jpg
Goldman6018 joined the channel
#
Zegnat IA isn’t showing me dev.to as a medium blog, so I must have been misremembering
#
tantek__ what is litepub
#
Loqi It looks like we don't have a page for "litepub" yet. Would you like to create it? (Or just say "litepub is ____", a sentence describing the term)
#
tantek__ litepub is a static blog generator written in Go https://github.com/mirovarga/litepub and also a nascent effort to define a stricter subset of [[ActivityPub]] https://semestriel.framapad.org/p/litepub.
#
Loqi ok
#
loqi.me created /litepub (+228) "prompted by tantek__ and dfn added by tantek__" (view diff)
#
Loqi [mirovarga] litepub: A lightweight static blog generator written in Go
#
tantek__ yay name collisions :)
#
aaronpk oh dear
#
Loqi 😃
#
tantek__ :D
#
tantek__ aaronpk: in particular on that SSG: "Posts don't have to include any special metadata (aka front matter) like title or date in them - the title, date and optional tags are parsed from the natural flow of the posts."
#
tantek__ sounds like a familiar goal
#
@dcdevshop At DCDS, we love using #webmentions to better communicate with our fellow web agencies and the D.C. community in general. Learn more about web mentions in this article by @alistapart https://hubs.ly/H0ddB4R0 (twitter.com/_/status/1027271983116021761)
#
aaronpk interesting
#
tantek__ might be open to some pull requests for adding mf2
#
[jgmac1106] [aaronpk] I didn't run into the issue yet but does anyone know how to add more than one domain to GitHub for indielong?
#
aaronpk you can add links in your bio
#
aaronpk https://indielogin.com/setup#multiple-domains
#
Loqi Multiple Domains
#
[jgmac1106] I had to delete my personal address and add my class website to get it to work....when I dropped in the bio it didn't work..only the one url on the settings page
#
[jgmac1106] thx what I needed
#
aaronpk should work on indielogin.com
#
tantek__ litepub << LitePub the [[SSG]] in particular has a design methodology similar to microformats approaches: <blockquote>Posts don't have to include any special metadata (aka front matter) like title or date in them - the title, date and optional tags are parsed from the natural flow of the posts.</blockquote> (from https://github.com/mirovarga/litepub#overview)
#
Loqi ok, I added "LitePub the [[SSG]] in particular has a design methodology similar to microformats approaches: <blockquote>Posts don't have to include any special metadata (aka front matter) like title or date in them - the title, date and optional tags are parsed from the natural flow of the posts.</blockquote> (from https://github.com/mirovarga/litepub#overview)" to a brand new "See Also" section of /litepub https://indieweb.org/wiki/index.php?diff=50746&oldid=50737
#
loqi.me edited /litepub (+370) "tantek__ added "LitePub the [[SSG]] in particular has a design methodology similar to microformats approaches: <blockquote>Posts don't have to include any special metadata (aka front matter) like title or date in them - the title, date and optional tag..." (view diff)
#
Loqi [mirovarga] litepub: A lightweight static blog generator written in Go
#
tantek.com edited /todo (+0) "r--" (view diff)
barpthewire joined the channel
#
tantek__ to-do << Analyze [[litepub]] SSG for existing use of or potential for microformats2 markup per https://github.com/mirovarga/litepub#overview and submit minimal pull requests accordingly to improve LitePub’s [[mf2]] support.
#
Loqi ok, I added "Analyze [[litepub]] SSG for existing use of or potential for microformats2 markup per https://github.com/mirovarga/litepub#overview and submit minimal pull requests accordingly to improve LitePub’s [[mf2]] support." to the "See Also" section of /to-do https://indieweb.org/wiki/index.php?diff=50748&oldid=50228
#
Loqi [mirovarga] litepub: A lightweight static blog generator written in Go
[pfefferle] joined the channel
#
tantek__ litepub << https://www.staticgen.com/litepub
#
Loqi ok, I added "https://www.staticgen.com/litepub" to the "See Also" section of /litepub https://indieweb.org/wiki/index.php?diff=50749&oldid=50746
#
tantek__ HTTPS << 2018-08-07 Criticism by Eric Meyer: [https://meyerweb.com/eric/thoughts/2018/08/07/securing-sites-made-them-less-accessible/ Securing Web Sites Made Them Less Accessible]
#
Loqi ok, I added "2018-08-07 Criticism by Eric Meyer: [https://meyerweb.com/eric/thoughts/2018/08/07/securing-sites-made-them-less-accessible/ Securing Web Sites Made Them Less Accessible]" to the "See Also" section of /HTTPS https://indieweb.org/wiki/index.php?diff=50750&oldid=49709
iasai_ joined the channel
#
tantek__ snarfed, going to manually POSSE that problematic issue to GitHub. I hope the three error log entries are sufficient to debug it! LMK if you have any other questions http://tantek.com/2018/219/b1/w3cab-issues-public-default
#
Loqi [Tantek Çelik] @W3CAB issues ought to be public by default absent a specific reason to be kept private
#
snarfed tantek__: sounds good!
[iambismark] joined the channel
#
tantek__ ActivityPub << 2018-08-07 Criticism by author of [[litepub]] draft specification, thread provides background frustration and motivations: https://pleroma.site/notice/2962026
#
Loqi ok, I added "2018-08-07 Criticism by author of [[litepub]] draft specification, thread provides background frustration and motivations: https://pleroma.site/notice/2962026" to the "See Also" section of /ActivityPub https://indieweb.org/wiki/index.php?diff=50751&oldid=49740
#
Loqi [kaniini] activitypub is a crummy protocol, largely designed by committee, largely intended to make W3C brass happy by cargoculting even more of their crummy technology into it. we need to fork this shit today and purge W3C from activitypub. it's the only co...
[kevinmarks] and benwerd joined the channel
#
[kevinmarks] Can we help pleroma not rely on WebFinger?
#
aaronpk that conversation is happening literally right now in their IRC
#
[kevinmarks] Yay.
#
Loqi giggles
#
loqi.me created /semantic_web (+16) "prompted by tantek__ and redirect added by tantek__" (view diff)
#
loqi.me created /lowercase_semantic_web (+25) "prompted by tantek__ and redirect added by tantek__" (view diff)
snarfed joined the channel
#
Zegnat What is WebFinger?
#
Loqi WebFinger is a discovery protocol for the web that uses email address-like identifiers to get info about users https://indieweb.org/WebFinger
Sanders and snarfed joined the channel
#
@cleverdevil ↩️ The service itself isn’t, but it’s built entirely on top of open standards like RSS, JSON Feed, Webmention, Microformats 2, Micropub, and other #IndieWeb tech. It’s the open web as it’s meant to be! (twitter.com/_/status/1027313770861711360)
[cleverdevil], [jgmac1106], shgmin, jmac_, kants_, globbot, snarfed, romangeeko, [kevinmarks] and dougbeal|mb1 joined the channel