#dev 2018-08-29

2018-08-29 UTC
KevinMarks and [kevinmarks] joined the channel
#
@ChrisAldrich
↩️ As I had mentioned to you earlier this year at #WCOC, the work on the IndieWeb concept of Microsub with respect to feed readers is continuing apace. In the last few months @aaronpk has opened up beta versions of his Aperture microsub server as [more...] https://boffosocko.com/2018/08/28/reply-to-jan-cavan-boulas-about-wordpress-microsub-feed-reader/
(twitter.com/_/status/1034603362904231936)
[kevinmarks], bear, renem, Kongaloosh, jimpick, DenSchub, [jgarber], Loqi, KartikPrabhu, barpthewire, cweiske, j12t, koddsson, AngeloGladding, barpthewire1, jeremych_, [Andy], KevinMarks_, [jgmac1106], KevinMarks, eli_oat, eli_oat1, TripFandango, [keithjgrant] and [deeden] joined the channel
eli_oat, KevinMarks, snarfed and [keithjgrant] joined the channel
#
[keithjgrant]
[grantcodes] Do I need to do anything different with your micropub lib to send HTML content? Or markdown? (Is markdown valid in micropub? That's how my site stores stuff behind the scenes)
#
[keithjgrant]
Also: damn, your docs are nice. What do you use to generate those?
[grantcodes] joined the channel
#
[grantcodes]
Markdown isn't valid. I guess it's possible or some sites to support it, but no requirement so you'd have to have a fallback which kind of negates the point of if
#
[grantcodes]
To send html is just standard micropub stuff
#
[grantcodes]
`content: [{html: '<p>Hello world</p>'}]`
#
[keithjgrant]
Oh right. I forgot I was the one building that object 😁
#
[keithjgrant]
I'm curious what my site will do with MD formatting in the plaintext...
#
[grantcodes]
And the docs are made with this: https://github.com/docsifyjs/docsify
#
Loqi
[docsifyjs] docsify: 🃏 A magical documentation site generator.
#
[grantcodes]
You might need to switch to the json format if you are using form encoded at the minute
#
Loqi
This is a markdown test. Does it make things bold? Headings (or links)[https://google.com] > blockquote > and more blockquote
#
[keithjgrant]
Looks like markdown in the plain text works for me. I messed up the URL format, but it worked in a subsequent test
#
[keithjgrant]
Oh, also, do you use Reacji in Omnibear?
#
[keithjgrant]
I'm curious how much that should be a one-click thing. Or would it be ok if it inserted the emoji in the compose window and let you edit further before submitting...?
#
pstuifzand
grantcodes re: endpoints, I need some more CORS headers there as well
AngeloGladding joined the channel
#
pstuifzand
I thought it would be possible to get them without credentials
#
pstuifzand
grantcodes: I now use micropub-helper to implement the Indieauth support in the Microsub client
jjuran joined the channel
#
[grantcodes]
[keithjgrant] I'm pretty sure if there is more than a single emoji in the content then it is not a reacji anymore
#
[keithjgrant]
Think I should keep it as a one-click to send then?
#
[grantcodes]
Probably yes
#
[keithjgrant]
Or it could double as a shortcut for using emoji in a post
#
[grantcodes]
That would also work
#
[grantcodes]
pstuifzand: Cool, I'll need to try out your microsub client. I think I have cors stuff setup on my site so it would work, but the vast majority of people do not
barpthewire joined the channel
#
Zegnat
GWG, I was just reading the backlog, interesting thoughts on securely storing tokens. There is definitely something to say for using a file-stored key to encrypt database-stored sensitive data, as that gives you some protected against leaks through SQL injections and the like.
#
Zegnat
But I think the real win is to promote minimal scopes on tokens more. If I am giving my WP blog a token that lets it automatically cross-post using micropub, how much do I trust the WP blog to only do that? I can mitigate my trust by scoping the token in such a way that it only allows "create". Even if the token were to leak now, nobody can use it to update/delete my posts.
[manton] joined the channel
#
[manton]
On Markdown being "invalid" as Micropub text, Micro.blog has been doing this and I don't think it has created any problems. I know there were some concerns and it's probably worth revisiting.
#
aaronpk
Sending markdown as text in Micropub isfine as long as your site knows to treat it as markdown
#
aaronpk
The challenge is when editing since editing clients will treat it as plaintext too. But since markdown is meant to be close to plaintext it ends up working mostly fine
#
aaronpk
So it's not that it's "invalid", it's that there is no mechanism for clients and servers to communicate that the text is markdown so it's up to the server to handle it how it wants. The nice thing is that it's your server so you can choose to make that work if you want. And chances are you're the only person sending data to your server so again it works out fine in practice.
#
[manton]
Yep, good point.
tantek__ and [jgarber] joined the channel
#
[jgarber]
This would break basically everything, but…
#
[jgarber]
The keys in the `content` array’s object _could_ map to MIME types. But even that’s fraught with peril.
#
[grantcodes]
Markdown stuff becomes more confusing when supporting editing too
#
tantek__
markdown--
#
Loqi
markdown has -1 karma in this channel over the last year (-2 in all channels)
#
tantek__
whereas if it really was just "readable plain text", then nothing would be more confusing when supporting editing
#
[jgarber]
shots fired
#
[grantcodes]
My endpoint will format plain text with markdown, but when querying the source it returns `{"content": [{"html": "<p>html content</p>"}`
#
[keithjgrant]
What about a mp server for a static site, particularly if content is stored as markdown?
#
[keithjgrant]
I would think when querying, it would return the format stored?
#
[grantcodes]
No idea, I don't know if anyone with static sites support updates?
#
[keithjgrant]
There's a ticket in on @voxpelli’s micropub-to-github lib (which I use). But I'm not sure how much he's thought it through yet
#
GWG
Zegnat, what you are saying is harder in WordPress as a plugin can ignore permissions
#
Zegnat
Permissions?
#
GWG
For a token.
#
GWG
It's complicated
#
sknebel
I'd assume quite a few sites, static or not, return the storage format for posts
#
Zegnat
I thought you were talking about storing auth tokens of external services, GWG? So it isn’t your local site that determines what is/isnot allowed with that token
#
GWG
Oh, I misunderstood. I was talking about that
#
GWG
Long day
#
GWG
I think I get your point
#
Zegnat
Basically I am saying, change the question. Rather than wondering “what to do so WP does not leak the auth token” you should wonder “what can I do so an auth token leak does the least damage possible”.
#
Zegnat
In the end, you are not going to have all to many tools to secure random WP installations on random shared hosting providers. But you may be able to push for a healthier token climate on the second question :)
#
GWG
I am more annoyed about needing these keys
#
GWG
To get the name and author of a YouTube video for citation I can't just read the page anymore
#
GWG
At least not like I did
#
GWG
So much for Google as a champion for data standards
#
GWG
I have to write custom code or get an API key
#
Zegnat
Oh, yeah, they are very protective of YT.
#
Zegnat
Do they still have the oEmbed endpoint? That might be the shortest route, if it contains stuff.
#
GWG
Yes and that actually is my plan
#
GWG
But its now a custom case
#
GWG
I hate customizing
TripFandango joined the channel
#
GWG
I realize that I am building my own xray library
#
GWG
What I am looking for is different than aaronpk, but same idea
#
Zegnat
I actually have a YouTube capable XRay fork. Sadly that one is spirit key depending
#
Zegnat
s/spirit/API/
#
Zegnat
(nice one autocorrect)
#
GWG
Well, I saw that
#
GWG
Just now
#
GWG
But I want to build my own even if I incorporate some of the xray code
[kevinmarks], dougbeal|mb1 and eli_oat1 joined the channel
#
tantek.com
edited /block (+261) "stub Mastodon"
(view diff)
[chrisaldrich] and [keithjgrant] joined the channel
#
aaronpk
spirit key 😂
barpthewire joined the channel
#
gregorlove.com
edited /Microdata (+188) "neutral dfn, link to WD, criticism section"
(view diff)
miklb_ and barpthewire joined the channel
#
@kaushalmodi
↩️ I have a @GoHugoIO generated site, and I use #Webmentions in a unique kind of way, relying on http://webmention.io, but without using any Javascript. Details: https://mastodon.technology/@kaushalmodi/100588901751077500
(twitter.com/_/status/1034870494162501633)
KevinMarks joined the channel
#
pstuifzand
grantcodes[m], I just removed the last hard coded bits from the microsub client. It should be possible now to clone the repo and npm install / npm run serve it.
jgmac1106 joined the channel
#
tantek.com
created /schema.org (+453) "prompted by [keithjgrant] dfn, summary of creation, re-use/re-invention, launch"
(view diff)
#
tantek.com
edited /Microdata (+21) "jargon"
(view diff)
#
tantek.com
edited /microformats (-268) "jargon, move "microdata" criticism to that article"
(view diff)
#
tantek.com
edited /Microdata (+321) "move specific criticism here, list"
(view diff)
#
tantek.com
edited /WebSub (+20) "jargon"
(view diff)
#
jgregorymcverry.com
edited /silo-quits (+352) "/* Silo quitters 2018 */"
(view diff)
AngeloGladding, TripFandango, jgmac1106, [jgmac1106], deathrow1, KevinMarks, deathrow1|absnt, [kevinmarks] and miklb_ joined the channel
#
@MtDragonMedia
Just 3 more days until the Goblin Queen comes to the realms! Available in Kindle! Sign up now to Pre-order the Kindle version! (link: https://www.amazon.com/dp/B07GGP7MKW) http://amazon.com/dp/B07GGP7MKW And go to my website to sign up for emails for upcoming news and book releases! #indieauth
(twitter.com/_/status/1034917379011035136)
[grantcodes] joined the channel
#
[grantcodes]
pstuifzand: I had a go, but don't think aperture allows cors requests at the moment
AngeloGladding, [kevinmarks], [manton] and [keithjgrant] joined the channel
#
loqi.me
created /screenshot_dunking (+20) "prompted by tantek__ and redirect added by tantek__"
(view diff)
#
loqi.me
created /screenshot_dunk (+20) "prompted by tantek__ and redirect added by tantek__"
(view diff)
#
loqi.me
created /dunking (+386) "prompted by tantek__ and dfn added by tantek__"
(view diff)
[aaronpk] joined the channel
#
loqi.me
edited /dunking (+254) "tantek__ added "2017-12-04 Slate: [http://www.slate.com/articles/technology/technology/2017/12/_dunking_is_delicious_and_also_probably_making_twitter_terrible.html “Dunking” Is Delicious Sport / But it might be making Twitter even more terrible.]"..."
(view diff)
KevinMarks joined the channel
#
tantek.com
edited /dunking (+782) "Blocking, Screenshot Dunking"
(view diff)
AngeloGladding and [kevinmarks] joined the channel
#
tantek.com
edited /dunking (+36) "link Krang for example dunkings"
(view diff)
#
tantek.com
edited /dunking (+86) "IndieWeb Examples"
(view diff)
KevinMarks joined the channel
#
tantek.com
edited /dunking (+79) "POSSE dunk tweet"
(view diff)
AngeloGladding joined the channel