#dev 2018-10-17

2018-10-17 UTC
[jgmac1106], [tantek], [dave] and renem joined the channel
#
@polm23 ↩️ If WebMentions could be sent via GET then wouldn't that eliminate the need for services like http://webmention.io? You could just look for requests like http://example.com/webmention?src=xxx&target=yyy (twitter.com/_/status/1052378122018938880)
#
KartikPrabhu not sure how you "send" something via GET
#
@polm23 ↩️ Sorry, I think we're still not on the same page. My concern is that if GET was acceptable a static site could just used a fixed endpoint to accept WebMentions and http://webmention.io or whatever would be unnecessary. (twitter.com/_/status/1052391615908564992)
#
@polm23 ↩️ I assume there's a significant difference in intent between ordinary links and WebMentions - in the latter case there might be structured data, an expectation/hope of reciprocation, etc. (twitter.com/_/status/1052392067752583168)
[tantek] joined the channel
#
[tantek] it's bad practice to cause state change via HTTP GET
#
jacky [tantek]: I was just thinking that
#
jacky going to reply with that
#
@polm23 ↩️ I'm mainly concerned about the practical aspects of this, but the WebMention spec already says requests should be idempotent. https://www.w3.org/TR/webmention/#updating-existing-webmentions (twitter.com/_/status/1052399210190929920)
#
KartikPrabhu also if it is a static site how would it handle the parameters in the get request?
#
Zegnat Parse the requested URL, KartikPrabhu? This idea delays all handling of the webmention to the build step, at which point you scan the server access logs for requests to the wm endpoint.
#
KartikPrabhu can't that be done with POST too?
#
KartikPrabhu log the POST request and do the same
#
jacky they just don't wanna have to handle POST
#
KartikPrabhu <shrug>
#
KartikPrabhu if you are going to scan server logs for GET might as well scan them for POST
#
KartikPrabhu or am I missing something
#
Zegnat POST parameters aren't logged (by default)
#
Zegnat Not sure how easy that is to toggle
#
KartikPrabhu oh!!
#
jacky depends on the server framework implementation
#
Zegnat Your server logs will show a lot of POST to /endpoint and no data. Otherwise would be GET /endpoint?target...
#
KartikPrabhu gotcha
#
Zegnat jacky, probably, but neither nginx nor Apache do, and that covers a lot of the web. Hehe
#
jacky right
#
jacky oh we talking like proxy server
#
jacky no like flask, etc
#
Zegnat If it is for a static site especially if expect it's just the basic one serving html files? All theoretical of course.
#
Zegnat But as I understand the tweets, scanning access logs is the crux
[schmarty] joined the channel
#
[schmarty] If they want to build webmentions from access logs they should be processing refbacks
[Rose] joined the channel
#
Zegnat That's a different thing though, [schmarty]. That's generating webmentions from visitors, they want to handle actual webmentions that have been sent irrespective of whether people have clicked the links.
mblaney joined the channel
#
mblaney I don't want to pile on that tweet, but the argument against using HTTP GET because of state change is the right one.
#
mblaney The reference in the spec about webmentions being idempotent is only referring to updates.
[tantek], [Rose], cweiske and swentel joined the channel
#
@kevinmarks ↩️ The point of webmention is that the target page fetches the source page, checks that it does link and does something in response (displaying the comment, adding to a like count, noting an rsvp etc) That needs code to run and generate new pages, so can't be done statically. (twitter.com/_/status/1052462835320676353)
[Rose] joined the channel
#
sknebel OMG, could you stop piling onto that guy...
[pfefferle], [kevinmarks] and KartikPrabhu joined the channel
#
aaronpk I was curious, so I looked up if it was possible to log the HTTP POST body, and it is :D https://stackoverflow.com/a/7473603/712641
#
[kevinmarks] I don't think responding to a comment 5 hours later counts as piling on.
sebsel joined the channel
#
cweiske what happens with POST file uploads then?
#
cweiske huge logs?
#
cweiske sensitive data like passwords logged in the log files?
#
cweiske yay
#
cweiske csrf tokens logged, yay
#
aaronpk yep but hey if you really want to, go for it :D
sebsel, [chrisburnell], [kevinmarks], jgmac1106 and [jgmac1106] joined the channel
#
petermolnar of course it's possible, at some places it's a compliance requirement
#
@polm23 ↩️ Verification doesn't have to happen on the web server - I can download the log, moderate the webmention requests, add them to my static site and build it locally, and then push it live. Of course I need my local machine for that but the web server can be completely static. (twitter.com/_/status/1052502921848315904)
#
@kevinmarks ↩️ I think we're converging on the same thing. My website http://kevinmarks.com is static, but it uses an external webmention service. I could build those in statically too, but my site is really static, it's a bunch of pages made by hand. (twitter.com/_/status/1052503890028048384)
#
@kevinmarks ↩️ If I get round to rebuilding it using a static site generator, I'd probably still use an external webmention endpoint. There a quite a few open source ones to work from: https://indieweb.org/Webmention#Services (twitter.com/_/status/1052505988249649152)
[Rose] and sl007 joined the channel
#
aaronpk sl007: regarding https://github.com/solid/webid-oidc-spec#brief-workflow-summary ...
#
Loqi [solid] webid-oidc-spec: Specs for WebID-OIDC decentralized authentication protocol (based on OAuth2/OpenID Connect)
#
sl007 yep.
#
aaronpk any time you're passing ID tokens around, you're adding a validation step that isn't necessary if you don't have the ID token
#
aaronpk indieauth avoids ID tokens by just returning the user's identifier in the code exchange step directly, rather than returning an ID token where you can extract the user identifier
#
aaronpk but yes step 3-5 there are basically the same as indieauth because that's the core OAuth 2.0 part that this spec builds on too
#
aaronpk except that in step 5, OpenID Connect and this spec return an ID token whereas IndieAuth returns the user URL itself
#
aaronpk so in indieauth, the validation and extraction step in step 6 isn't necessary
jgmac1106 joined the channel
#
sl007 I see. Can we convince Sir Timbl to just use IndieAuth ? Is HRH in Nuremberg too or should we open an issue there ?
#
aaronpk I'm not sure what it will take for them to adopt IndieAuth tbh
#
aaronpk what's HRH?
#
jeremycherfas His Royal Highness?
#
sl007 @jeremycherfas yep. Or Her Royal Highness. Well, how about the question by Dan in https://indieweb.org/WebID then ?
#
jeremycherfas I'm assuming TBL goes by he/him/his
#
aaronpk that question is more about RelMeAuth
#
GWG aaronpk: I meant to ask. Can an OAuth2 client use IndieAuth without any modification?
#
aaronpk a plain OAuth2 client won't have any of the discovery stuff, so you'd need to do that first step outside of the client
#
aaronpk there's also an open issue to consider removing the "me" parameter from the first URL, which would make it actually compatible with a generic OAuth 2 client
#
aaronpk https://github.com/indieweb/indieauth/issues/19
#
Loqi [00dani] #19 Allow the 'me' parameter to authorization endpoints to be omitted?
#
aaronpk lots of analysis in that thread
#
aaronpk apparently i've had that tab open since july, wow
#
swentel that's .. really long .. :)
#
aaronpk i'd love more feedback from anyone else who has built this stuff
#
aaronpk it's probably a good idea in general to simplify things when possible, so i'm inclined to start making that change, but it is a breaking change to the current indieauth spec so every client/server will need to update
#
aaronpk actually not every server, since a bunch of them already ignore the parameter as documented in https://github.com/indieweb/indieauth/issues/19#issuecomment-402921536
#
Loqi [aaronpk] Here's a quick survey of current implementations of token endpoints: ## Integrated Micropub/Token/Authorization Endpoints * p3k - verifies the `me` parameter exists, but does not use it for anything * Wordpress IndieAuth plugin - verifies the `m...
#
swentel hmm I should check what I did on the drupal module
#
aaronpk please do! and either comment there or let me know here and i'll add it to the list
#
swentel so, I have support for web sign - in https://github.com/swentel/indieweb/blob/master/src/Form/IndieAuthLoginForm.php - that builds the form and then creates the url
#
swentel and coming back happens in https://github.com/swentel/indieweb/blob/master/src/Controller/IndieAuthController.php
#
swentel but I ignore the me param there
#
swentel I even didn't really think of it
#
GWG I'm on Location right now. I need to code an alternate reverse geolocation provider. Annoying this happened just as I finally got all the Micropub Android location parameters I wanted.
#
aaronpk swentel: how about at the token endpoint?
#
swentel aaronpk, I don't support that yet, that's wip :)
#
aaronpk ahh ok. that's more about what the issue is about
#
swentel right
#
aaronpk I didn't do an implementation survey of the details of the authorization endpoint because we *know* it's not technically needed for the flow to work
#
aaronpk whereas with the token endpoint there is at least one use case that does require it, but it's debatable whether that's a useful use case or whether that could be accomplished some other way
#
swentel I wonder, are there some generic php libraries for indieauth available ?
#
swentel would be sweet if I don't have to code all the things
#
swentel and just add a package to composer
#
swentel and maybe some glue code
#
GWG swentel: You have a JWT token library.
#
GWG I think that is what aaronpk used in his book
#
aaronpk swentel: this library has a bunch of the discovery code written, which is where most of the work is https://github.com/indieweb/indieauth-client-php
#
Loqi [indieweb] indieauth-client-php: Sample implementation and helper methods for an IndieAuth client.
#
aaronpk just on the client side tho
#
aaronpk it's harder to make a library to implement a server without also tying it to some server framework
#
swentel yeah, can imagine
#
swentel will look at that , thanks
jgmac1106, [renem] and KevinMarks joined the channel
#
cweiske jeremycherfas, the &quot; in your post are broken
#
jeremycherfas Now fixed. WithKnown has an interesting approach to html entities and sanitation. I did go digging once to see if I could fix it without opening myself to hacks, and then forgot about it. But now that I am using Omnibear more, I need to revisit that.
#
jeremycherfas And I will be sorry not to see you.
jgmac1106 joined the channel
#
cweiske me too
eli_oat, [dave], [Rose] and [jgmac1106] joined the channel
#
[jgmac1106] [cweiske] I start every classroom from Kindergarten to College making a list of expected behaviors. Community matters. These things work. Sorry you feel Code of Conducts are too subjective to make you feel safe
#
swentel I so love aperture's ability to receive micropub requests so I see 'notifications' in indigenous .. :)
bradenslen joined the channel
#
@jgmac1106 @fourtonfish can you share the syntaxes for your favorite bot scripts? Gonna scope out a webmention badge maker/issuer bot I think we can build. (https://jgregorymcverry.com/7945-2/) (twitter.com/_/status/1052552940261658624)
#
[jgmac1106] Happy to discuss my reasonings offline or DM
#
aaronpk swentel: I just pushed up my code for my activitypub bridge if you're interested https://github.com/aaronpk/Nautilus
#
Loqi [aaronpk] Nautilus: Turn your website into an ActivityPub profile
#
swentel oh interesting!
#
aaronpk i'm hoping to eventually move all the AP code out of my own website and have it use this instead, to keep all that code in one place
#
[Rose] One more thing on my list... Thanks Aaron!
#
aaronpk it's still a little rough around the edges, but it did power the shuttlebot account during xoxo
[kevinmarks], [sebsel] and snarfed joined the channel
#
snarfed aaronpk++ !
#
Loqi aaronpk has 104 karma in this channel over the last year (319 in all channels)
#
snarfed yeah storing each user's followers, so you know where to deliver posts, is probably where bridgy fed needs to end up if it wants to propagate original posts too
#
swentel hmm, snarfed, can you see anything in the analytics of https://bridgy-fed.superfeedr.com/ ? - testing websubhubpubwhatever :)
#
swentel I've send a publish request, wondering if it went through
#
snarfed looking
#
aaronpk yeah there really isn't a better way to do that. you wouldn't want to offload that work onto the person's website since at that point they may as well build out more of the AP spec themselves too.
#
snarfed or, like i was hoping, have subscribers' instances fall back to atom + websub. not sure how long mastodon plans to keep those around
#
snarfed swentel: i see a list of subscribers in analytics, but not pings
#
snarfed i'll send you the login
#
swentel ok, that would have been my next question heh, would be great .. :)
#
aaronpk heh yeah it's unfortunate that AP puts the delivery burden on the person who created the content :(
#
swentel I could test with setting up one myself maybe, but mastodon probably has bridgy fed stored (at least that's what it should be doing), don't want to confuse it
#
snarfed heh
jgmac1106, [eddie], rhiaro_, jgmac1106_, KevinMarks and j12t joined the channel
#
jgmac1106_ [kevinmarks] [grantcodes] [schmarty] and anyone else who wants to get involved created a new glitch project for us to keep track of progress on getting an IndieWeb blog up and spinning and launched to fly.io https://glitch.com/edit/#!/join/7d019a03-344b-4a96-9192-aa0d43418c42
Ruxton joined the channel
#
dougbeal|mb1 What is fly.io
#
Loqi It looks like we don't have a page for "fly.io" yet. Would you like to create it? (Or just say "fly.io is ____", a sentence describing the term)
#
jgmac1106_ we do have page but here: io
#
jgmac1106_ oops
#
jgmac1106_ https://fly.io/
#
dougbeal|mb1 How does it differ from Heroku?
KevinMarks, jgmac1106_ and [schmarty] joined the channel
#
[schmarty] [dougbeal] fly.io is more like a proxy service. Fly.io proxying for a glitch.com app is like Heroku running a nodeJS app with a collaborative editor and hot reloading.
#
aaronpk [eddie] any chance you can add a published date to the entries on https://myurlis.com/
#
[eddie] ohhhh yeah
#
[eddie] I don’t know why I spaced on that
jackjamieson and jgmac1106_ joined the channel
#
[eddie] aaronpk Added published date
#
aaronpk yay thanks
#
aaronpk that'll work better now
#
Loqi woot
#
aaronpk i'm fixing the aperture audio url problem too
#
[eddie] 🙌
#
aaronpk there were 2 problems lol. 1) the proxy was limited to 5mb files, 2) the proxy doesn't support audio files
#
[eddie] Aha! Yeah both of those are issues 🙂
sebsel joined the channel
#
[eddie] One thing that should be really fun about My Url Is will be pushing forward IndieWeb stuff in the podcasting sphere and be able to use it as a proof of concept on various things. Of course supporting h-feed podcast listening, also it receives webmentions (doesn’t display them currently, but it does forward them to my notifications channel, and I’ll display them eventually).
#
[eddie] I also tag those involved in the podcast and send webmentions with the people tagged.
#
aaronpk nice
#
[eddie] That’s everything that’s come to mind so far, but who knows what else will come up and there will be an on-going podcast to test it out with 😄
[Rose], [schmarty], jgmac1106_, KevinMarks, [jgmac1106], KevinMarks_, gRegorLove, snarfed, [tantek] and sebsel joined the channel
#
[eddie] From #indieweb Talking about automatic listen posts of podcasts without reinventing podcast players
#
[eddie] I’m thinking about a Microsub server bridge that listens to a channel or all channels within a Microsub server and creates an rss feed for a normal podcast player
#
[eddie] If the bridge could know when a podcast episode was played, it could generate listen posts automatically
#
[eddie] although it won’t ever know when a podcast is finished playing, just when it is downloaded 😕
#
[eddie] So nevermind, I think this might be a dead end
#
[schmarty] Eddie: if it’s a Bridge it could insert a link in the episode description that would open a page to create a listen post?
#
[eddie] Hmmm true
#
[eddie] I currently have listen support in private beta in Indigenous for iOS’ share sheet
#
[eddie] it makes it easier and is similar to that approach
#
aaronpk [schmarty]: good idea!
#
[eddie] but definitely a lot different than auto-tracking
#
aaronpk that's a pretty good low tech solution
#
[eddie] Although the nice thing is that wouldn’t involve parsing the podcast player’s website
#
[eddie] Because Castro’s website was down the other day and it broke my ability to post listen posts
#
[schmarty] my “oops too hard” plan was exactly that, eddie. to make a share target to parse Overcast’s website, haha
#
[eddie] lol yeah, currently what I’m doing is in Overcast or Castro I can use their share button to share into Indigenous and select “listen”. That sends the url of their website as the listen property to my Micropub server where my server scrapes their respective website and pulls the needed info for my listen posts
#
[eddie] Eventually I had planned to add that parsing logic into Indigenous, but after it broke the other day I’m thinking against that now
#
[eddie] Plus it only works with a couple podcast players
#
[schmarty] “XRay but for podcast apps’ weird proxy pages”
#
[eddie] lol
#
[eddie] The nice thing about the RSS feed bridge is that when you clicked “listened” it could create the Micropub post AND mark your microsub post as read
#
[schmarty] A microsub client that makes an RSS feed out of a channel does sound good. I have a goofy hacked together setup for manually collecting Supporters-only posts on backer services like Patreon and Drip. It’d be sweet to be able to kick them into an Aperture channel and subscribe to that.
#
[schmarty] Different use case than easily creating listen posts, though
#
[jgmac1106] Just give us an input box for a review or comment
#
snarfed there are lots of podcast apps and third party plugins that do scrobbling. i wonder if any let you enter your own server. we could translate the scrobble (last.fm ?) protocol to micropub listen post
#
snarfed (i don't actually use or know any of this stuff, i just like bridging :P)
#
[eddie] schmarty: Different use case but still a very similar solution! Which is nice
#
snarfed example: https://play.google.com/store/apps/details?id=com.peterjosling.scroball
#
[tantek] POSSE to last.fm!
#
[schmarty] snarfed: I didn’t have much luck finding podcast apps with scrobble support. One or two on android supported libreFM but I couldn’t tell what API support it had
#
[schmarty] (LibreFM API support I mean)
#
[eddie] None of the popular iOS podcast apps have scrobble support that I know of
#
[eddie] jgmac1106: That makes sense. You could definitely make the review or comment box appear on the url when you click on the “listened” button
#
[schmarty] snarfed: that external scrobbler app is neat
#
snarfed another: https://github.com/kawaiiDango/pScrobbler
#
Loqi [kawaiiDango] pScrobbler: A last.fm scrobbler and viewer for Android
#
snarfed looks like there are many
#
jeremycherfas What is drip?
#
Loqi Drip is a crowd-based, recurring funding site created by Kickstarter to support and pay content creators https://indieweb.org/Drip
tantek__ and KevinMarks joined the channel
#
skippy anyone know off-hand if PHP's GD library supports Apple HEIF images?
#
skippy or if any of the PHP image libs support it?
#
dansup I doubt it
#
dansup http://jpgtoheif.com/ ffmpeg to the rescue!
#
jacky perhaps using a ffmpeg <-> php lib?
#
jacky hasn't worked with php in years
#
skippy no, i want to go the other way dansup : HEIF to JPEG server-side.
#
sknebel probably can turn those instructions around, seems unlikely ffmpeg does on direction but not the other
#
skippy build ffmpeg from scratch and invoke an exec() from PHP to do the conversion... Too much work.
#
[eddie] The strange thing is, I don't feel like you should have to worry about HEIF at WWDC they suggested anytime an app doesn't KNOW that the destination supports HEIF it should fallback to JPG or PNG 🤔
#
[eddie] Do you know what app is trying to send you HEIF?
#
skippy Quill via Safari.
#
swentel snarfed, I may have a lead for post discovery!
#
swentel will write it down
#
snarfed ooh great!
#
swentel I will post in #18
#
[eddie] hmmm how strange. I don't feel like Safari should be sending HEIF
#
skippy it might not be. i might be jumping to the wrong conclusions.
#
skippy but a Quill post to my test micropub install did not get the image inclueded.
#
skippy I'll try agian
#
[eddie] Hmmm, yeah, I just uploaded a photo on iPad using Quill and it worked
#
[eddie] and I don't think my media endpoint would support HEIF either
#
skippy oh look. It DID work.
#
skippy ok. thanks!
#
[eddie] Awesome :)
#
[eddie] Hmm, interestingly Quill doesn't want to finish publishing an article from the iPad though
KartikPrabhu, [Rose], jgmac1106, renem, [renem] and [schmarty] joined the channel
#
[schmarty] Not sure how hard it is to get into the beta, but this should be able to add some building blocks to GitHub pages sites. Sending webmentions, websub notifications, for starters.
#
sknebel [schmarty]: did you share an image?
#
[schmarty] Also should enable GitHub pages sites to use site generators other than Jekyll, since you can probably do build steps and push to another branch.
#
snarfed [schmarty]: yes! totally
tantek__ joined the channel
#
[schmarty] GitHub << https://css-tricks.com/introducing-github-actions/
#
Loqi ok, I added "https://css-tricks.com/introducing-github-actions/" to the "See Also" section of /GitHub https://indieweb.org/wiki/index.php?diff=52985&oldid=50283
#
@cswordpress ↩️ @justintadlock Awesome, and thumbs up to exploring webmention. (twitter.com/_/status/1052644668758994944)
eli_oat, [eddie] and [renem] joined the channel
#
snarfed renem: if you look at the "photo" property in the parsed mf2 in the bridgy log, it has only blank values: https://brid.gy/log?start_time=1539727438&key=aglzfmJyaWQtZ3lyYAsSDVB1Ymxpc2hlZFBhZ2UiOWh0dHBzOi8vcmVuZW0ubmV0L3Bob3Rvcy8yMDE4LTEwLTE2LWF1c2ZhaHJ0LW5ldWUta2FtZXJhLwwLEgdQdWJsaXNoGICAgIDAnIIKDA
[tantek] joined the channel
#
[tantek] what's the source markup?
#
snarfed discussion moved here from #indieweb. https://renem.net/photos/2018-10-16-ausfahrt-neue-kamera/
#
Loqi [René] Kurze Ausfahrt mit der neuen Kamera https://renem.net/photos/2018-10-16-ausfahrt-neue-kamera/
#
snarfed basically just <img class=u-photo data-src=...>
#
[tantek] no fancy <picture> tag?
#
jacky the picture tag shouldn't matter too much (thought that'd be nice to have in some clients for data size concerns)
#
[tantek] picture would be one way of avoiding the JS dependency
#
[tantek] basically I'm wondering if anyone is trying mf2 markup on a picture tag yet
#
[tantek] or would this be an example that could benefit from that
#
snarfed there definitely is a picture tag here
#
snarfed <picture>
#
snarfed <source media="(min-width: 535px)" data-srcset=..." type="image/jpg">
#
snarfed <source media="(max-width: 534px)" data-srcset="..." type="image/jpg">
#
snarfed <img class="u-photo" ..." data-src=...>
#
snarfed </picture>
#
gRegorLove I thought there was discussion in the mf2-parsing repo about <picture> with an example, but can't find it.
#
[tantek] maybe still on the wiki
#
snarfed the key problem still seems to be that it's JSDR, ie has data-src and data-srcset instead of src and srcset
#
[tantek] ok data-srcset makes no sense
#
[tantek] like literally the browser is supposed to handle that
#
[tantek] smarter than any JS could
#
jacky I think it's one of those polyfill things
#
[tantek] a polyfill would not depend on data-* markup
#
jacky depends on the implementation
#
jacky I'm curiousn ow
#
jacky yeah see looking at the site's code (like pre-build, I can't find this)
#
jacky maybe [renem] could give more context
#
snarfed yeah, up to renem now
[eddie] joined the channel
#
@TimSwast ↩️ @murderofcrows Some day I'll learn how to create an RSVP type post and send a webmention. (twitter.com/_/status/1052668520348057600)
jgmac1106 and [renem] joined the channel
#
[renem] Thanks for moving. I think I know what’s going on. I haven’t change the mf2 things but added a JS lazy loader which handle images differently. And I think this is a good starting point.
#
[renem] Jack pointed me in that direction because of page source/view in Firefox.
snarfed joined the channel
#
[renem] The lazy loader JavaScript replaces the data-src and data-srcset with src/srcset when the picture gets visible in the browser view. But of course this will never happen for a parser like Bridgy. I’ve to change that or add a noscript Tag as well to handle this.
[dmitshur], [eddie], [kevinmarks] and dougbeal|mb1 joined the channel
#
jacky [renem]: 👍 progressive enhancement ftw!
j12t, jgmac1106 and mblaney joined the channel
#
dougbeal Well ****, github actions: During the limited public beta, you can only configure workflows in private repositories.
j12t, j12t_ and [kiai] joined the channel