#dev 2019-03-22

2019-03-22 UTC
iasai, KartikPrabhu, [jgmac1106], [kenbauer], [kevinmarks], jjuran, jmac, sfoster, cweiske, [Rose], jimpick, Ruxton, dkm, ancarda_, jeremych-, treora_, oodani_, grantcodes[m], jgmac1106[m] and swentel joined the channel
#
GWG swentel, I am screenshotting some ideas for reader UI
iasai joined the channel
#
swentel GWG, for indigenous?
#
swentel or for wordpress?
#
GWG Indigenous
[kevinmarks] joined the channel
#
[kevinmarks] This UK petition site is really making the case for websub
#
GWG I was going to document the apps that have reader displays
#
GWG That I think might be nice
eli_oat, iasai and snarfed joined the channel
#
swentel snarfed, hi! I'm close to start testing drupal activity pub module. re: followers the you store, that's just the users canonical url, e.g. https://mastodon.social/@chrisburnell
#
swentel s/the you/you
#
snarfed he swentel! is that a question?
#
snarfed oh, which url do i store? looking
#
swentel yeah, forgot ? sorry :)
#
snarfed heh. it's the AP actor id
#
snarfed which yes is usually the canonical url
#
swentel ok, that's what I thought, just wanted to make sure
#
swentel at some point, I'm going to switch from fed.bridgy to my site, wonder if I'll be able to 'take over' the existing one
#
snarfed for mastodon those actor id urls actually usually look like https://mastodon.social/users/cbfishes
#
Loqi 🎛🎹🎚Chris Beckstrom🔊
#
snarfed ah. sure! hmm interesting
#
snarfed maybe?
#
snarfed happy to talk more about details
#
swentel snarfed, I'll ping you when I'm close that moment, finishing the basic integration now with more tests
#
snarfed sure!
jgmac1106 and [jeremycherfas] joined the channel
#
[jeremycherfas] Had to move to Slack; IRC playing up for me.
iasai, snarfed, [kimberlyhirsh] and [chrisaldrich] joined the channel
#
[jeremycherfas] Me again, still totally flummoxed. To whit:
#
[jeremycherfas] How can````
#
[jeremycherfas] }
#
[jeremycherfas] $finalarray[] = ($podcast[‘outline’][0]);
#
[jeremycherfas] if (isset($podcast[‘outline’][0]) || array_key_exists([‘outline’][0], $podcast)) {
#
[jeremycherfas] Result in “Undefined offset: 0” when I attempt to add to $finalarray?
#
[jeremycherfas] Unless those tests don’t mean what I think they do (which is entirely possible).
iasai, chrisaldrich and [deeden] joined the channel
#
[deeden] It has been a while since I phped, but `array_key_exists(['outline'][0], $podcast)` doesn’t look right to me. Firstly, do you need it is checking with `isset`, and secondly, would it not be either `array_key_exists('outline', $podcast)` or `array_key_exists(0, $podcast['outline'])`?
#
swentel yeah, the array_key_exists is weird
#
swentel also seems redundant no ?
#
[jeremycherfas] Thanks, Maybe it is redundant, but I am tearing my hair out here. I was just about to try the isset on its own.
#
swentel yeah, I think that's fine enough
#
[jeremycherfas] But my understanding is that isset does not test for NULL. That is, if something is NULL, then isset would return TRUE
#
[jeremycherfas] Well, isset on its own does seem to be working now. Thanks.
#
swentel oh hmm
#
swentel well
#
swentel if you really want to be sure it contains something
#
swentel you can just do if (!empty($podcast['outline'][0]))
#
swentel that will not throw notices if the key does not exist
#
[jeremycherfas] ok
[kenbauer] and [eddie] joined the channel
#
[eddie] !tell GWG I'd be interested in seeing those screenshots as well!
#
Loqi Ok, I'll tell them that when I see them next
#
jgmac1106 chrisalriich kimberlyhirsh had a thought but was too technical for main channel. i have been simply annotating on my own site, not using hypothesis this summer, tool over load for students and 50% will still print
#
jgmac1106 instead I am bookmarking blockquoting and comment, could someting like fragmentions work backwords? There is a link to a source on my sit. I have a bunch of blockquotes on this page…A browser plugin will highlight my blockquotes and link back to the id to the comment…or display it
iasai joined the channel
#
jgmac1106 could be just when I click the link from my site? I would have no idea how to make that work
[kevinmarks] joined the channel
#
[kevinmarks] so you link the source with a blockquote under the link?
#
[kevinmarks] you could put a fragmention on the link and encourage them to use the fragmention extension
iasai joined the channel
#
jgmac1106 yeah each blockquote on my site had an ID in the link, and lthen some browser extension, I have no ideahow the hypotbes.is proxy works, just overlays a highlight on the source text
#
jgmac1106 I really want to dig deep into fragmentions and just haven’t had the time, probably will be easier to eventually do on my wesbite and not known
#
jgmac1106 just a random idea as I have been trying to annotate on my own domain first. Trying to think if a POSSE model to a source where other people could log into coudl work….so five of my students annotated on their own site, and then indielogin to what ever this thing is that I want…all the blockquotes and u-in-reply-to display
#
jgmac1106 well I have to go write a chapter today so signing off. but kimberlyhirsh and chrisalrich for IWC New Haven judell always said if we mapped things how we want them over time he would help build a tool with their API
#
jgmac1106 would also love to do a session on mf2 and citations just to spread the workloadf of mapping those Downes and I started to contiue what zegnat and I started, but getting a form field citation (has to be human input for reliability) generator would be amazing session as well
[jgmac1106] and [eddie] joined the channel
#
[jeremycherfas] 🎉🎉🎉 It works! https://www.jeremycherfas.net/stream
gRegorLove joined the channel
#
[jeremycherfas] Heartfelt thanks to everyone here who helped though all my trials and self-induced tribulations. To [cleverdevil] for the original inspiration and to everyone else who taught m so much. Of course, I won’t know for certain until tomorrow, when I will check again, but I think all the podcasts I listen to through Overcast will now make their way to my own site.
[eddie] joined the channel
#
[eddie] awesome!
#
[eddie] jeremycherfas++
#
Loqi jeremycherfas has 11 karma in this channel over the last year (28 in all channels)
chrisaldrich joined the channel
#
GWG [eddie]: Was going to post to the wiki
#
Loqi GWG: [eddie] left you a message 1 hour, 13 minutes ago: I'd be interested in seeing those screenshots as well!
snarfed joined the channel
#
[eddie] Perfect!
#
GWG I've never studied your UI
#
[jgmac1106] jeremycherfas++
#
Loqi jeremycherfas has 12 karma in this channel over the last year (29 in all channels)
#
[jgmac1106] I want that so bad
#
GWG I still don't have a way to extract that data
#
GWG Wonder if I can claim it in a GDPR request
#
jeremych- How do you listen?
#
[eddie] GWG lol, please don't. 🙈
#
GWG Pocketcasts
#
[eddie] (about studying my UI, not about GDPR)
#
GWG Oh
#
GWG Misread that
#
GWG I don't have an iOS device anyway
#
jeremych- Oh. Sorry, don’t know that.
#
GWG I was studying mobile RSS feed readers
#
GWG Much can be learned from prior art
#
GWG https://support.pocketcasts.com/article/privacy-policy/
#
GWG I can have them email it
snarfed joined the channel
#
[jgmac1106] gwg I signed up for the paid web account and get my history now from pockecast but it isn't backfilled
#
GWG jgmac1106, how did you get your history?
#
GWG I have had an account for years
#
GWG Including the web app
#
GWG I wanted to support them
snarfed joined the channel
#
[jgmac1106] you have to buy the web app for $9.00
#
[jgmac1106] but I only get history since purchase, I wanted previous
#
GWG I have the webapp. Where in the webapp?
#
GWG I got it when it launched
snarfed, [Rose], iasai, [kimberlyhirsh] and gRegorLove_ joined the channel
#
Loqi Ok, I'll tell them that when I see them next
#
Zegnat !tell jeremycherfas For future reference: empty() actually includes the isset() check, which means you can always use that. According to the PHP manual: “empty() is essentially the concise equivalent to !isset($var) || $var == false”. (Note that $var == false takes care of the null case.)
jackjamieson, jackjami_ and snarfed joined the channel
#
AngeloGladding hey guys i believe the idea of cryptographically signing a post (or microformat structure) has come up in the past and even recently -- is there a consensus documented on the wiki somewhere?
#
AngeloGladding i'm aware of the IndieWeb (https + domain) philosophy but i'm looking specifically for that "on-the-record" feature
#
snarfed AngeloGladding: to prove authorship/provenance?
#
gRegorLove_ AngeloGladding, I think this is the only example https://indieweb.org/OpenPGP#Integrity still very much in brainstorming. Looks like the one example by KB there, the domain is under new ownership
#
AngeloGladding ideally a parsed note page -- https://testalice.cnpy.gdn/notes/2019/03/21/5xrm -- would have my specific note signed, using the key found in the authorship algorithm
#
snarfed yeah, i expect there's very little art in indieweb. we obviously lean heavily (solely) on https + domain to prove identity/authorship
#
Loqi [Alice] Hello world!
#
snarfed do you have a use case for signing that https + domain doesn't handle?
#
snarfed (in the indieweb context, at least?)
#
AngeloGladding so when i reply to someone i go ahead and cache their content -- it'd be nice to have a first-class copy of that content, obviously if and only if the original author signed it in the first place
#
snarfed ah, right. yeah we expect the verification process is to fetch from the original source domain
#
snarfed pros and cons, obviously, lots of alternatives, but that's what we've gone with
#
snarfed and once you fetch the original source, you've verified authorship, so you can cache semi-permanently
jackjami_ joined the channel
#
snarfed you can get updates/deletes via websub, or by refetching occasionally or on demand
#
gRegorLove Wouldn't signature verification mainly be useful if you'd verified a person's key via some other channel? Otherwise you're still relying on the key/signature the domain is advertising.
#
snarfed heh, key exchange and PKI are big topics, tons of prior art
#
AngeloGladding so i'm incorporating PGP's Web of Trust into the "follow" and "identify" (ie. add contact) web actions, if you will
#
AngeloGladding so it isn't just naked keys save for an unbootstrapped node
#
AngeloGladding i'm definitely sending webmentions upon update
#
AngeloGladding basically i'd like to insert the signature into the microformat namespace
#
AngeloGladding have you guys ever standardized the output of a parse?
#
Zegnat Yes and no
#
AngeloGladding what i had before was https://testalice.cnpy.gdn/notes/2019/03/21/5xrm.json and https://testalice.cnpy.gdn/notes/2019/03/21/5xrm.json.asc and just pretty-printed the JSON and took a detached signature of it
#
Zegnat The JSON (if the parser outputs that way, which most [all?] current ones do) is standardised in a way.
#
AngeloGladding but that was obviously ugly
#
Zegnat But pretty-printing is not standardised, neither is unicode use, or even which JSON standard it needs to adhere to
#
AngeloGladding right
#
AngeloGladding so it was even a working solution
#
AngeloGladding i'm thinking that by constraining it to the mf use case it could be simplified
#
Zegnat And a lot of that is actually very tricky, e.g. you can look at Scuttlebutt who did need to standardise how to format JSON before applying signature stuff
#
AngeloGladding i just opened that tab right now actually
#
AngeloGladding someone on HN barked about it so i stashed it in memory for this afternoon
#
AngeloGladding what microformat parser do you guys use for misc debugging -- i know there's xray.p3k.io
#
Zegnat Also, I am not sure I would recommend anyone signed the JSON parse output of their HTML. That feels like a DRY issue. Instead if you feel it neccessary to sign your content online, you should sign your HTML.
#
Zegnat I use php.microformats.io for “misc debugging”
#
Zegnat For signing HTML there are several prior art projects. I think a relatively recent and interesting looking one would be https://github.com/tasn/webext-signed-pages
#
Loqi [tasn] webext-signed-pages: A browser extension to verify the authenticity (PGP signature) of web pages
[eddie] joined the channel
#
[eddie] AngeloGladding one FYI, xray is jf2 as opposed to mf2, so it definitely returns similar but different content. the microformats.io one Zegnat mentioned is pure mf2. I also use pin13.net for my mf2. Which is essentially the same thing
#
sknebel xray isn't just jf2 version of a page either. it's a somewhat generic data extraction thing, not just doing microformats and afaik not having any explicit spec
#
AngeloGladding k i've got a better feel for the state of parsing now
#
AngeloGladding both those PHP sites are claiming to use the same version parser, so redundant
#
sknebel Google has been floating signatures based on HTTPS keys, I think for AMP caches ("if the origin server signs the page, we can show the cached copy exactly as if it came from the server"). And there's the signature stuff often used with ActivityPub, but I think that's tied to JSON-LD
#
AngeloGladding but appears to be the same output as my python parser
#
snarfed even concordance between parsers isn't enough though, parser output can (and does) change over time
#
snarfed Zegnat had the right idea, if you really want to be able to store content and later verify its authorship purely locally, storing the complete HTML may be the best idea. you can then re-parse it and do whatever
#
sknebel and on the formatting level, is accidential. I.e. I believe the Python parser can produce different output bytes depending on the Python version it's running on
jackjamieson joined the channel
#
AngeloGladding maybe i'm missing some simple trick here
#
AngeloGladding https://testalice.cnpy.gdn/notes/2019/03/21/5xrm is the note
#
Loqi [Alice] Hello world!
#
Zegnat Not sure the PHP one will always give the same result either. It probably just uses whatever PHP is calling “pretty” at any time. If that changes, so does the output. (E.g. it may have changed when they switched JSON implementations, which I think they did at some point to get rid of the weird JSON licence.)
#
AngeloGladding so that page is live and dynamic and the interface changes, which will obviously change the resource's signature
#
snarfed sure. the content itself can also change. you'd expect a new signature when the page changes, whether content or anythign else
#
Zegnat Signatures are only there to proof authorship, they are allowed to change because that doesn’t change their meaning.
#
AngeloGladding gee i also like the atomicity of a single request w/o a second for a detached sig
#
snarfed hell, some people here have temporary/transient webmention endpoints that change every few hours, and those show up in parsed rel values. so even their parse output will change regularly
#
snarfed sure, hence including signature in http headers, or similar
#
Zegnat Good point snarfed! The mf2 parser output contains moer than just the post data
#
AngeloGladding so if you see the parse of my page -- http://php.microformats.io/?url=https%3A%2F%2Ftestalice.cnpy.gdn%2Fnotes%2F2019%2F03%2F21%2F5xrm
#
Loqi [Alice] Hello world!
swentel joined the channel
#
AngeloGladding there's a signature stuffed into the entry
#
AngeloGladding that's just the carryover of a signature of the pretty printed JSON
#
snarfed we're kinda getting pretty far into the weeds here on a use case that people here don't have, need, or do at all
#
Zegnat Adding a signature to the mf2 output isn’t the problem, I think. The question is: what is that then a signature of.
#
snarfed apologies if that sounds rude, i definitely don't mean it that way, it just means that we just may not be too useful, or that you may know more than us
#
AngeloGladding in this example the signature would be of some concatenation of the name, url and published properties
#
AngeloGladding nothing more, ideally
#
AngeloGladding and yeah i've gotten pushback from anything Web of Trust related in the past so i'm not surprised
#
Zegnat That would work, but then of course you need to create an additional specification that documents exactly how to reproduce that concatenation
#
AngeloGladding but in terms of journalism it seems like a really nice addition
#
AngeloGladding well that's what i came here for :)
#
AngeloGladding i'm implementing it right now
#
AngeloGladding i've kinda waited and i heard you guys talking end of Feb i think
#
swentel [eddie], I brainstormed something up which you have done as well, but maybe more concrete with an actual service for push notifications :)
#
AngeloGladding the whole thing kind of rests on my underlying implementation of GPG, which none of you will have access to
#
AngeloGladding yet there /is/ a key property in the h-card spec
#
gRegorLove Yeah, and some of us advertise public key with rel=pgpkey
#
gRegorLove I do, though honestly haven't used it for anything, heh
#
snarfed right! many of us definitely do have access to and use PGP/GPG. eg indieauth/indielogin supports it as an auth mechanism.
#
AngeloGladding but the WoT part is the bridge to nowhere
#
snarfed we just don't use it for identity or authorship verification, since https + domain works well enough
#
snarfed heh, bridge to nowhere as in integrating with non http based services?
#
Zegnat AngeloGladding, all I can say is that (AFAIK) mf2 parsing does not define any output encoding and publishing date may sometimes be a little finicky depending on whether a perser decided to do normalisation (especially in case of value-class parsing). Thus I wouldn’t recommend it as a seed for anything you are planning to sign if you also want others to reproduce it and check the signature (which sounds to me like the entire purpose
#
Zegnat of signatures).
#
Zegnat s/perser/parser/
jackjami_ joined the channel
#
snarfed oh nm, got it now
[jgmac1106] joined the channel
#
[jgmac1106] i sign everyone one of my notes, with my url
#
[jgmac1106] but yeah I use hellosign and stuff all the time, a way to own this would be cool
#
[jgmac1106] and uggghhhh the signature system built in acrobat......uggggh
#
Zegnat It isn’t like we are allergic to Web-of-Trust things here, in a way Vouch builds on one of those too. But I guess nobody has really seen a use-case before for signing their posts, thus nobody has been trying to tackle this actively
#
Zegnat Add that to the fact that signing HTML is not at all an obvious or solved problem, and it becomes a very easily skipped topic ;)
#
gRegorLove Yeah I'm interested in it on a hypothetical level, but time and priorities have mostly kept it there for me.
#
AngeloGladding yeah the signing HTML part was what worried me the most
#
[eddie] swentel: What did you brainstorm up?
#
swentel [eddie], https://github.com/swentel/indigenous-android/issues/214
#
Loqi [swentel] #214 Investigate push notifications with Pushy
snarfed joined the channel
#
swentel Thinking about the server part now, I might actually start building this (I have a polling thing in indigenous now, but it works well, not so great)
#
[eddie] Cool, I'll take a read 🙂
#
[jgmac1106] ..and literally everything i electronically sign is just for someone to print our and file away....
#
Zegnat AngeloGladding, HTML signing might still be easier than defining how to turn an mf2 parser output into a byte-for-byte-canonical JSON and also defining some sort of signing scheme for said JSON ;)
#
Zegnat At least multiple people are working on HTML signing and you might be able to lift on their work
#
sknebel signing HTML is probably the easier route for *signing* (since that's something where the server is providing a clear bytestream it can provide a signature for) - the question then is what the consumer scenario looks like
chrisaldrich joined the channel
#
AngeloGladding so the problem is -- i reply to something, the original author changes their original statement without telling anyone, my software picks it up and raises a red flag in my UI, i render that to my website users in a graphical manner, but it's left to visitors to manually work through the dissonance
#
AngeloGladding twitter and screenshots..
#
AngeloGladding i mean we're all playing nice now in the IndieWeb
#
AngeloGladding and this doesn't have to be for all posts, just "on the record" type material
#
AngeloGladding i'll just come up with something simple and try to break it myself
#
AngeloGladding thanks for the input!
#
[eddie] I think alerting the user that the post content might have changed is a great idea and one I might add to my own site to implement
#
[eddie] I would probably just fall back to occasionally parsing the original source url and then comparing the mf2's name and content to what I have stored
#
[eddie] maybe the photo urls as well to make sure they don't change a photo in the event that I'm replying to a photo
#
AngeloGladding but then how to convey the data to a feed subscriber -- you'd need a "tampered/modified" field or something
#
sknebel keep us updated!
#
snarfed sounds like the big questions aren't really data updates or identity/authorship verification but UX, alerting users to changes, etc
#
snarfed ...which are orthogonal to how you verify authorship, whether https + domain or GPG
#
Zegnat Agreed with snarfed. This doesn’t sound like the problem is authorship, so the solution is probably not crypto signatures (which are specifically for proofing authorship)
#
Zegnat This may also be a case for displaying reply contexts, so your reply actually shows the post it was replying to, separate from what may currently live at the URL
#
snarfed good luck AngeloGladding! curious to see what you come up with!
#
Zegnat Definitely an interesting problem that I am not sure anyone has been actively looking into! :D
#
@bupk_es ↩️ Me too! I have had a few indie sites but dropped them all. currently learning Flask, hope to get webmentions etc sorted at some point (twitter.com/_/status/1109202170631606273)
snarfed joined the channel
#
@HazardWarning ↩️ Grief, I've never heard of that! I've done ok with my WordPress site, which serves as my http://micro.blog site. I have webmentions, but not a great deal else. I'm no coder and I grew up pre-internet so this stuff doesn't come naturally. (twitter.com/_/status/1109202855515181056)
#
snarfed oh [eddie] fwiw bridgy already does that change detection thing to figure out when silo posts have changed so it can re-send wms
#
[eddie] oh cool! That's useful to know
#
[eddie] does it compare all the attributes or only a couple specific ones?
#
snarfed [eddie]: it's for silo content, not mf2, so there are only really one or maybe two attributes at all. generally just content
#
snarfed oh, person tags etc. not sure but i doubt it
#
snarfed ah, here. checks AS type, verb, content, location, image. https://github.com/snarfed/granary/blob/master/granary/source.py#L767-L797
#
snarfed oh and recipient(s)
KartikPrabhu joined the channel
#
jacky random snarfed
#
jacky I was going to leave a !tell but lol
#
jacky can I get a profile from <silo> to MF2 using bridgy?
#
jacky I see that there's an embedded h-card
#
jacky this might be more for granary, hm
#
jacky welp
#
gRegorLove haha
#
gRegorLove That does sound like granary
snarfed joined the channel
#
snarfed jacky gRegorLove yes! granary can do that. not sure it's in the REST API though. it's definitely not in the web UI.
#
snarfed looks like xray can too. needs API tokens for twitter and FB though. (not IG)
#
snarfed for bridgy users feel free to use bridgy's h-card. https://brid.gy/about#api
[jackjamieson], snarfed and [kenbauer] joined the channel
#
GWG I have some things I need to try with granary
#
GWG Hmm...Google apologizes for rel=next/prev mixup http://feeds.searchengineland.com/~r/searchengineland/~3/RiVn5dLY-1U/google-apologizes-for-relnext-prev-mixup-314494
#
GWG Now people will stop making it easy for me to find next and prev
snarfed joined the channel
#
@WebspaceInsight b2evolution 6.11-beta with webmentions support https://ift.tt/2uoQn3C (twitter.com/_/status/1109236013866668032)
#
@bradenslen B2evolution version 6.11.0-beta adds Webmentions support for Indieweb. This is a great addition to an excellent CMS. https://b2evolution.net/news/2019/03/22/b2evolution-6-11-beta-with (twitter.com/_/status/1109241308718223360)
#
@nitinthewiz Indieweb & adjacent ppl - I see a lot of sites with webmention links, but don't want to reply full scale on my blog with 1 line comments. What's better - a separate 'blog' for comments or a page in WP that links to their post and does a 1 line comment? (twitter.com/_/status/1109242083745792000)