#dev 2018-08-21

2018-08-21 UTC
#
aaronpk
no this is a very different UI aspect
#
aaronpk
hashtags - usually at the end, can have multiple
#
aaronpk
subject - at the start, can only have one subject
#
[kevinmarks]
It's almost name/content
#
aaronpk
yeah almost
#
aaronpk
except that replies inherit
#
aaronpk
which is not true for name/content
snarfed joined the channel
#
[kevinmarks]
Which is why it is worth 🔭 observing
#
[kevinmarks]
We should document how people use it rather than map it to what we have.
#
tantek
let's see, adding explicit "subject", and all replies share the subject of the original
#
tantek
sounds like
#
[kevinmarks]
The explicit mapping is to html <details><summary >
#
Loqi
definitely
#
aaronpk
basically
#
tantek
so Mastodon is becoming email 2.0
#
aaronpk
in fact, it would be pretty funny to make an alternate UI that shows posts with the same CW/subject grouped like gmail does email
#
tantek
gmail UI for Mastodon wow
#
tantek
where your Inbox is your AP inbox lol
#
[kevinmarks]
It gets that from activitypub which is all about inboxes and outboxes
#
tantek
email 2.0: we added another @
#
[kevinmarks]
This is why migration is now hard.
#
tantek
email never really solved migration either
#
[kevinmarks]
Chris is 2 layers of architecture astronautics into pet names and content hashing because out boxes can't do 301 redirects
[iambismark] joined the channel
#
[iambismark]
change your MX records?
snarfed joined the channel
#
tantek
what are push notifications
#
Loqi
A push notification (AKA client notification) is a notification that shows up on one or more of your client devices without you having to explicitly request it — it's "pushed" to you, instead of you having to poll for it https://indieweb.org/push_notifications
#
Loqi
[kevinmarks] Rather than elaborate new id structures, what is stopping an instance doing a 301 redirect when a user that has migrated to another is requested? Then the requesting instance can update the mapping from the local /user/[n] to the remote url to fetch...
#
tantek
push notifications << 2015-08-18 {{iambismark}}: [https://iambismark.net/post/1439931152/ APNS Authentication] <blockquote>Apple’s push notification service got authentication all wrong (I’m assuming Google’s service is similarly broken but I’m less familiar with it).</blockquote>
#
Loqi
ok, I added "2015-08-18 {{iambismark}}: [https://iambismark.net/post/1439931152/ APNS Authentication] <blockquote>Apple’s push notification service got authentication all wrong (I’m assuming Google’s service is similarly broken but I’m less familiar with it).</blockquote>" to the "See Also" section of /push_notification https://indieweb.org/wiki/index.php?diff=51228&oldid=48337
#
Loqi
[Ryan Johnson] APNS Authentication
#
[kevinmarks]
(do not read the entire thread unless you have something relaxing to hand)
#
tantek
kevinmarks feel free to summarize / cite any points and add to /account_migration
#
[iambismark]
does mastadon have the equivalent of MX records? i.e. my mastadon handle is `@ryan@mydomain` but my account is hosted on mastadon.social?
#
@damiengwalter
Dear people who make web browsers, Absolutely nobody in the world wants any website to send alerts to our web browser. PLEASE stop them from asking. Yours, Damo.
(twitter.com/_/status/1030807683291471877)
#
stevestreza
I believe Mastodon uses WebFinger to find the ActivityPub resource for a given address, but I'm not sure if inbox forwarding works
#
[kevinmarks]
It doesn't, that's why #177 is still going
#
tantek__
what is notification fatigue?
#
Loqi
It looks like we don't have a page for "notification fatigue" yet. Would you like to create it? (Or just say "notification fatigue is ____", a sentence describing the term)
[chrisaldrich], acegiak, mblaney, [manton], [tantek], renem and [eddie] joined the channel
#
[eddie]
Interesting, CW’s having a subject is similar to the idea I logged on the CW brainstorming section of giving it a “reason”
#
[eddie]
content warnings << suggestion of using subjects to define what the content warning is about https://pleroma.site/objects/c456e037-425f-4eba-aeee-fb64367ba4dc
#
Loqi
Sorry, I couldn't find a page named "content warnings" or similar
#
Loqi
[kaniini] people should just treat what Mastodon calls content warnings like subjects. just say what the post is about. easy.
#
[eddie]
content warning << suggestion of using subjects to define what the content warning is about https://pleroma.site/objects/c456e037-425f-4eba-aeee-fb64367ba4dc
#
Loqi
[kaniini] people should just treat what Mastodon calls content warnings like subjects. just say what the post is about. easy.
#
Loqi
ok, I added "suggestion of using subjects to define what the content warning is about https://pleroma.site/objects/c456e037-425f-4eba-aeee-fb64367ba4dc" to the "See Also" section of /content_warning https://indieweb.org/wiki/index.php?diff=51229&oldid=51210
miklb_ joined the channel
#
tantek.com
edited /Falcon (+189) "/* archives */ calendar grid post navigation"
(view diff)
#
eddiehinkle.com
edited /Micropub/Clients (+659) "/* Client implementation requests */ +Buffer"
(view diff)
#
eddiehinkle.com
edited /Buffer (+95) "Note IndieWeb tech requested"
(view diff)
snarfed and tantek__ joined the channel
#
tantek.com
edited /Buffer (+25) "subhead indieweb support"
(view diff)
[pfefferle], barpthewire, deathrow1 and KartikPrabhu joined the channel
#
@machal
Webmentions je W3C standard, kde označení uživatele (mention se závináčem) funge napříč weby. Tohle kdyby zavedly sociální sítě! https://alistapart.com/article/webmentions-enabling-better-communication-on-the-internet
(twitter.com/_/status/1031795537270452224)
#
dylanharris.org
edited /projects (+170) "/* Hacks */"
(view diff)
j12t_, [kevinmarks], mblaney and smeggysmeg5 joined the channel
#
smeggysmeg5
_,-'____``-.
#
smeggysmeg5
/ ,=' `-. `.
#
smeggysmeg5
____
#
smeggysmeg5
,', `. _ `. \
#
GWG
I'm hoping maybe today an initial PR for IndieAuth client data
[Khurt], [jgmac1106], bradenslen, KevinMarks, KevinMarks_ and eli_oat joined the channel
#
@keithjgrant
Want to get started with webmentions and the indieweb? Check out my talk The Decentralized Social Web: https://www.recallact.com/presentation/decentralized-social-web Slides at https://keithjgrant.com/talks/decentralized-web
(twitter.com/_/status/1031893910388400133)
#
skippy
"Sorry
#
skippy
Because of its privacy settings, this video cannot be played here.
#
skippy
^^ keithjgrant's presentation. :(
#
Loqi
it'll be okay
#
sknebel
works here
#
skippy
such a comfort, Loqi.
#
skippy
must be my uBlock settings, then.
KevinMarks, [jgmac1106], [pfefferle], [tantek], jgmac1106, [Khurt] and apollo1328 joined the channel
#
apollo1328
| __
#
apollo1328
| / \
#
apollo1328
| / \
[eddie] and KevinMarks joined the channel
#
eli_oat
lately I've been running into an intermittent auth issue when using indieauth, the error message is: "csrf_detected"
#
eli_oat
does anyone have any insight into what this is?
benwerd joined the channel
#
Zegnat
That can mean any number of things
#
eli_oat
oh my goodness! never mind! I think I found the solution. this is 100% my fault. I've been using a firefox extension that allows me to sandbox certain sites from one another, and github, my main auth provider, is sandboxed away from indieauth, whoops!
#
Zegnat
Could be that you let a timer on the login form lapse, so it blocks you. This is done against replay attacks.
#
Zegnat
Haha, something like that can happen too :P
#
Zegnat
I used to have that problem with my cookie clearer. I would be on indielogin, getting recirected to my endpoint. After the redirect, the extension cleared the indielogin cookie, so when I came back after authenticating I got state errors
KevinMarks, snarfed and ms782129 joined the channel
#
ms782129
| ___ _____
lestaty joined the channel
#
lestaty
________________ _ . ____ *
#
lestaty
<-_______________|*) . ___==/ \==___
#
lestaty
~. * |U| ~ --==================--
#
Loqi
That looks like spam, bye!
#
Loqi
That looks like spam, bye!
#
sknebel
aaronpk: why is Loqi saying that again?
#
aaronpk
Weird, must have triggered a diffeeemt spam trigger
snarfed and [eddie] joined the channel
#
[eddie]
haha I kind of like it 😆 Loqi’s got some sass
KevinMarks joined the channel
#
aaronpk
oh it's new ascii art spam
#
aaronpk
a few of them are getting through to slack and the logs, so i should fix that up today
KevinMarks_, KevinMarks and gRegorLove joined the channel
#
Loqi
ok, I added "https://en.blog.wordpress.com/2016/12/14/reader-refresh-2017/" to the "See Also" section of /reader https://indieweb.org/wiki/index.php?diff=51244&oldid=47771
#
[eddie]
reader << Combining posts in a uninterrupted sequence from the same feed https://en.blog.wordpress.com/2017/03/21/reader-combined-cards/
#
Loqi
ok, I added "Combining posts in a uninterrupted sequence from the same feed https://en.blog.wordpress.com/2017/03/21/reader-combined-cards/" to the "See Also" section of /reader https://indieweb.org/wiki/index.php?diff=51245&oldid=51244
KevinMarks and [pfefferle] joined the channel
#
[eddie]
https://user-images.githubusercontent.com/786014/44412511-1e9a1980-a537-11e8-8777-c60aad35867f.png Added WAM support to my authorization endpoint, it works for Indigenous and Together!
#
aaronpk
oh nice
#
[eddie]
It was really easy!
#
aaronpk
can you document what you needed to do somewhere?
#
[eddie]
Sure, I can do that on the /Web_App_Manifest
#
Zegnat
[eddie], I am wondering what you use for deciding which icon to use. As Together has two listed
#
[eddie]
haha, so right now I just use the first one. But I’m thinking in the future I’d like to parse the sizes provided and go for the one closest to a specified size
#
[eddie]
But I don’t know my goal size yet so I just grab the first from the array
#
Zegnat
I wonder if someone hasn’t already figured out a nice algorithm for us to “borrow”
snarfed joined the channel
#
[eddie]
Good question
jackjamieson and [schmarty] joined the channel
#
eddiehinkle.com
edited /Web_App_Manifest (+1406) "Add preliminary notes about IndieAuth/IndieWeb usage of WAM"
(view diff)
#
[eddie]
It’s not perfect but it’s a rough sketch of what *I* check for and it can be improved as more people experiment 🙂
snarfed and gmax joined the channel
#
Zegnat
Looks like a great start, [eddie]. Especially because you already have an implementation!
#
eddiehinkle.com
edited /Web_App_Manifest (+486) "/* IndieWeb Usage */ Add Indigenous and Together as publishers."
(view diff)
#
loqi.me
created /Blogmesh (+275) "prompted by [schmarty] and dfn added by [schmarty]"
(view diff)
#
kaja.sknebel.net
edited /Blogmesh (+1) "linkify ('x is y. <url>.' pattern)"
(view diff)
#
[eddie]
Also added WAM to the Indigenous for Android website, so WAM pulls ahead 9 to 8
snarfed joined the channel
#
aaronpk
just discovered that you can use "org:username" in github search, so I can *finally* see a list of all open issues on my projects
#
Zegnat
Sadly not all the WAMs contain correct info yet
#
[eddie]
They don’t. If it’s okay with you I’m gonna change the icon on the ones that don’t work correctly to ⚠
#
[eddie]
My requirement for a manifest to get the checkmark will be that they have the accurate app name under “name” and have at least one icon in the icons array. Sound good Zegnat?
#
Zegnat
Sound good
#
Zegnat
Though I would expand that to also accept shortname, not just name
#
Zegnat
(Or is it short_name .... that one)
#
[eddie]
Oh yeah, if it had a short_name but not name that would be okay as well
#
[eddie]
So we actually have 5 implementations, which still isn’t bad for something that isn’t a thing
[iambismark] joined the channel
#
Zegnat
For sure
jackjamieson joined the channel
#
GWG
I am thinking about where to store the client data. Right now, I only store client id in the token
#
boffosocko.com
edited /Blogmesh (+283) "see also; category tags; link to GitHub repo"
(view diff)
#
GWG
Not sure I should store the name and icons there.
#
Zegnat
Depends on your usecase
#
Zegnat
Storing name and icon alongside a token to display on a token overview page makes sense. Probably don’t need to store it “in” the token itself.
#
GWG
I want to display them when authorizing and when managing
#
Zegnat
Do you have some sort of image cache implementation already? E.g. for display pictures in comments? Can you make use of that?
#
GWG
If I store it in the token I don't need to create a new place to store it
#
GWG
No, it's been on our list for 4 years
#
Zegnat
That might even be preferable over a link, as this way the user does not leak their actual IP / UA information when loading an external live image on their authentication page
#
GWG
Seems like a big thing to build just to show icons
#
GWG
Maybe I will start with names
#
Zegnat
Oh, definitely. You could just store name and image URL in the token if you want to go with as little storage as possible
#
GWG
To start
#
GWG
Image cache later
#
GWG
Possibly much later
#
GWG
What do you need for a proper image cache?
#
GWG
I am trying to design this in my mind
#
GWG
Anyone implemented one recently?
#
Zegnat
I implemented a generic HTTP request cache the other day. Basically I just store the raw response in a file where the name is a hash of the request. Same could work for images, just fetch a URL and store it locally with the name being the URL. Any time you need an image from the same URL, check if it exists in the cache already
#
GWG
Do you expire?
#
GWG
I am trying to think about expiry.
#
Zegnat
I didn’t need expiry on those HTTP requests. That’s a hard one.
#
GWG
That's
#
GWG
what makes it hard
#
GWG
I suppose I could use creation date
#
GWG
Or a database
#
Zegnat
I would probably just stick a default time on there as a first step. Say 7 days. If the same URL is requested and my cached result for it is more than 7 days old, refresh it.
#
Zegnat
Then after that start looking into HTTP cache headers and stuff. Which by itself is complex enough. What I recall of them.
#
GWG
I have looked into them for web servers
#
GWG
But I would need one for multiple projects
#
GWG
I would want it for user icons as well
KartikPrabhu, [jgmac1106], ichoquo0Aigh9ie and [kevinmarks] joined the channel
#
@rakyll
🙅‍♀️ There are two hard problems in computer science: - I have static website, serve it. - I have a stateless simple web server, take it, serve it, autoscale it.
(twitter.com/_/status/1031785226517676032)
[grantcodes] joined the channel
#
[grantcodes]
[eddie] I didn't realise your new backend did so much stuff 😄 Awesome!
#
[grantcodes]
I discussed with schmarty at some point, it would be great to have the various "indieweb endpoints" as express routers so other people can just drop them in their projects maybe your auth endpoint could be a start for that 🙂
#
[grantcodes]
I have a token endpoint built into my site, that I think is just an express router too
#
Loqi
eddie has 37 karma in this channel over the last year (56 in all channels)
koddsson joined the channel
#
[eddie]
Yeah, definitely something I could try to spin off. I try to keep everything modularized, so all the IndieAuth stuff is part of an IndieAuth module with it’s own subrouter
#
[eddie]
I’m sure there is some stuff I need to tweak but essentially the only part of the IndieAuth module that interacts with the rest of my routing system is router.use(‘/auth’, authRouter);
#
[eddie]
the only issue would probably adding some config stuff
#
aaronpk
i keep thinking about doing this for Laravel
#
[grantcodes]
For config stuff you usually just export a function that accepts a config object and returns the router
#
[eddie]
Makes sense :thumbsup:
#
[eddie]
I wonder what to do about the “view”
#
[eddie]
Right now mine uses pug
#
[grantcodes]
Yes, I was thinking about that too
#
[eddie]
although i just calls the standard res.render
#
[grantcodes]
But would any other endpoints even have a ui?
#
[eddie]
Login form needs UI (although maybe I should seperate that, login and auth endpoint), and Auth approval screen needs UI
#
[eddie]
so maybe the “template path/filename” is a config option
#
[eddie]
with documented variables that get passed into the view
#
[grantcodes]
I'm sure there must be something out there that does something similar.
#
[grantcodes]
But what would be the goal of allowing people to write their own views?
#
[eddie]
hmmm true, I guess it would be good to have the view already done
#
[eddie]
so really I just need to return HTML within the module to the response variable
#
[eddie]
Although optional view override would be a nice feature
#
[grantcodes]
If you want to make it as modular as that I think you can make it a middleware of some sort that adds properties to the request
#
[grantcodes]
Like how auth libraries like passport work
#
[eddie]
Hmmm that’s true. Interesting 🤔
#
[grantcodes]
But then you might have to mix and match a bunch of middleware and routers.
#
[eddie]
Probably best to start simple
#
[grantcodes]
For now I'd just continue down your own path
#
[eddie]
plug and play Authorization Endpoint
#
[grantcodes]
Hopefully I'll finally get my site moved to my new micropub endpoint and then I will look at making other endpoints into router packages
#
[eddie]
I have a Token Endpoint in my site too. Might be interesting to compare them as well. We might be able to combine ours into a package we could both share
#
[grantcodes]
Not sure how great mine is to be honest 😛 It's just json web tokens really
#
[grantcodes]
But I'd like one with a ui to revoke tokens
#
[eddie]
That’s definitely what I want to do with mine as well
#
[grantcodes]
Which means then it needs a database. Kind of a pain compared to the self encrypted ones
#
[eddie]
haha I… probably didn’t make the best choice but what I did was
#
[eddie]
I have JSON web tokens
#
[eddie]
and when I revoke one I add it to a plain text file
#
[eddie]
Then when verifying a token I check to see if the token has been revoked
#
[eddie]
Not optimal, but I would love to fine some file based way to manage tokens so it doesn’t require a database
#
[grantcodes]
So in your one you would have to cache or look up the token in order to add it to your blacklist?
#
[grantcodes]
I'll put my endpoint on a gist
#
[grantcodes]
The rest of my current site is private because I was bad and hard coded a bunch of passwords and stuff in there 😅
#
[eddie]
I do a bunch of poor choice when duct-taping my site together but the one thing I’m happy with is all my sensitive data is in a JSON config file
#
[eddie]
That’s mine
#
[grantcodes]
I do that now. But i'd need to start my git repo from scratch, and I've been lazy
#
[eddie]
Understandable 🙂
#
[eddie]
wow, aside from code style differences and my revoking file they seem pretty similar on initial inspection
#
[eddie]
We even use the same module for the json web tokens
#
[grantcodes]
Yep pretty similar. Think that module is just the go to jwt implementation
#
[eddie]
Alright, I’ve got a repo, now I just need to start shifting my module code into it then I’ll have to test my site with it running in a separate module. https://github.com/EdwardHinkle/indieauth-express
#
Loqi
[EdwardHinkle] indieauth-express: An IndieAuth module written in TypeScript as a Node.js Express Router module
#
[grantcodes]
The only other difference I noticed is that mine includes checking the auth endpoint (although it is hard coded) I guess yours is done elsewhere? Or even internally if you have your own now
#
[grantcodes]
Ha nice that was quick!
#
[eddie]
Yeah, the auth endpoint uses JWT as well
#
[grantcodes]
Ahh ok I get it now 🙂
#
[eddie]
But it would probably be useful to have it check the authorization endpoint dynamically to be more rounded out (in case someone decided to use just the token or just the auth, although that would probably be rare)
[pfefferle] joined the channel
#
eli.li
edited /Micropub (+257) "/* Libraries */ added an entry about Blotpub"
(view diff)
benwerd, KevinMarks and [schmarty] joined the channel
#
[schmarty]
eddie++ for indieauth-express!
#
[schmarty]
grantcodes++ for indieauth for express in a gist!
#
Loqi
grantcodes has 19 karma in this channel over the last year (28 in all channels)
#
Loqi
eddie has 38 karma in this channel over the last year (57 in all channels)
Kongaloosh_, KevinMarks, vilhalmer and [cleverdevil] joined the channel
#
Loqi
[bustle] mobiledoc-kit: A toolkit for building WYSIWYG editors with Mobiledoc
#
[cleverdevil]
Would love to see a Micropub composer with this 🙂
#
[cleverdevil]
(Quill 9.0?)
#
[cleverdevil]
(Compared to WordPress' Gutenburg, I am much more impressed...)
[kevinmarks] joined the channel
#
[kevinmarks]
I should add that indieauth express to my quick microblog thing on glitch
[grantcodes] joined the channel
#
[grantcodes]
I am just playing with ghost right now too!
#
[grantcodes]
The editor component on its own looks pretty barebones to be honest
#
[grantcodes]
In ghost the editor is nice, but actually lacking in comparison to gutenberg imo
#
[cleverdevil]
I like the architecture better, though.
#
[grantcodes]
Sure the content storage mechanism is way better than wp
#
[grantcodes]
I was looking at it for building it into my micropub extension but not sure it's worth it.
#
[grantcodes]
I don't know how you'd get stuff like the large or small images to work across sites, unless it adds classes and you either style it or you dont
#
[cleverdevil]
Yeah, same. Still, its pretty neat 🙂
#
[grantcodes]
[cleverdevil] you use safari don't you? Don't think my extension works in safari, but gives you a "medium style" editor
#
[cleverdevil]
I am strongly considering moving to Firefox.
#
[cleverdevil]
But, I really like the system-wide integration of Safari, and the privacy features.
#
[grantcodes]
I've not even looked to see if it supports web extensions yet
#
[cleverdevil]
Firefox does, but Safari doesn't.
#
[cleverdevil]
(That's my single biggest objection to it)
#
[grantcodes]
Looks like they are moving even further away from them too with native apps as extensions
#
miklb_
yes in Mojave it's all in on native apps as extensions
#
[grantcodes]
Fun times. Wonder if that'll work out well for them or not
#
miklb_
I mused last night that I would just like to be able to add Automator actions to the share sheet, and wonder if something like Shortcuts would come to macOS
#
miklb_
the closest I've come is using Alfred to trigger an action and use shpub on the url of the current Safari window, but haven't fleshed it out
Steinsplitter11 joined the channel
#
Steinsplitter11
                       ,'
barpthewire joined the channel
#
[cleverdevil]
Indiepaper has a native share sheet I built in Swift.
#
[cleverdevil]
It was pretty straightforward to create, even as a person who doesn't really know Swift very well.
#
miklb_
oh, that's right. Micropub wasn't working for me at the time and I forgot all about that.
#
[cleverdevil]
Still, the mindshare for the web itself is with JavaScript and Chrome, so its baffling why they don't support Web Extensions.
#
[cleverdevil]
I think its likely because of security concerns.
#
[grantcodes]
Probably, but seems weird that everyone else can agree on it. As long as there is a store that checks the source of the extension
[pfefferle] and barpthewire joined the channel
#
Zegnat
I find “everyone else can agree on it” a bit strong. I still bump into plenty differences between just Chrome and Firefox
#
Zegnat
But the intention is there for sure. And it is too bad Safari doesn’t seem to be tagging along
#
[grantcodes]
Well more or less. The web extension api is mostly based off the chrome api
#
[grantcodes]
Also if you are building extensions there is a polyfill that works really well!
#
Zegnat
For the last two quality of life extensions I did I just documented how they were different from the spec. So hopefully future me can get them fixed up when the spec and browsers align
#
[cleverdevil]
I wonder if someone could build a native Safari extension that loaded Web Extensions?
#
[cleverdevil]
(Not volunteering here...)
#
Zegnat
Not it.
jackjamieson joined the channel
#
miklb_
getting that through the app store would be a fun read
#
miklb_
app store approval process
#
[cleverdevil]
Heh, I am guessing Apple would have problems with it.
#
sknebel
Are they're as strict about interpreting code on desktop as on mobile?
#
[cleverdevil]
It could be released as open source for the adventurous though.
Andre483 joined the channel
#
Andre483
*p e n i s b i r d p e n i s b i r d *
#
sknebel
if I had a mac that'd sound like a really interesting insane project
#
sknebel
(if the APIs are flexible enough. stuff like content scripts might not have an equivalent in safari, no idea)
jeremycherfas, Kaja, NinjaTrappeur, wagle, miklb_, barpthewire, mblaney, mblaney1 and stephen8728 joined the channel
#
stephen8728
/\
[manton], j12t, jjuran_, mblaney, jackjamieson, globbot, acegiak, romangeeko, mblaney1, [cleverdevil], [pfefferle], [kevinmarks], [Khurt], [tantek], [eddie], [iambismark], KevinMarks_ and haza-w11 joined the channel
#
haza-w11
| / \
#
haza-w11
| __
#
haza-w11
| / \
KartikPrabhu, benwerd and sscout10 joined the channel
#
sscout10
##################################
#
sscout10
##################################
#
sscout10
##################################
KevinMarks, benwerd, jackjamieson, [jgmac1106] and snarfed joined the channel