#dev 2019-06-07

2019-06-07 UTC
#
jacky
that _can_ be true
#
jacky
manyverse + patchwork make it a bit easier tho
#
jacky
but that's what happens when you build on top of the building blocks
#
jacky
like on launch; you have an "identity" in the ssb space with manyverse/patchwork (though the crafting of it could use some work - more guided)
#
aaronpk
Yes I specifically didn't say all of them :-)
[jgmac1106], wagle and mblaney joined the channel
#
[jgmac1106]
We also live in a country where the government does not round you up for using the web. I understand why many activist do want total anonymity and decentralization...
#
[jgmac1106]
I guess my big concern is that all this data has to go through a pipe somewhere, switches everywhere. Governments can still shut it down
#
GWG
mblaney, got a minute re SimplePie?
#
mblaney
hey GWG, sure
#
GWG
Have you given any thought to how the contributors and credit objects might map to mf2?
#
mblaney
hmmm no sorry. got a link to the spec for the rss/atom side of things for that?
#
mblaney
to answer my own question, credit is http://www.rssboard.org/media-rss#media-credit I've played a bit with storing enclosures as JSON and deciding how to render it later... I guess I would continue down that path GWG,
[tantek] joined the channel
#
[tantek]
what is a domain
#
Loqi
A personal domain is a domain name that you personally own, control, and use to represent yourself on the internet https://indieweb.org/domain
#
[tantek]
what is DNS
#
Loqi
DNS is an abbreviation for Domain Name Server and often used to refer to the configuring thereof on a domain name registrar https://indieweb.org/DNS
#
[tantek]
domain << [https://chat.indieweb.org/dev/2019-06-06/1559864962974300 Criticism of alternatives]: <blockquote>{{aaronpk}}: a big problem with the other promises of "use X so you don't have to register a domain name" is that quite often X involves a lot more work/time/money</blockquote>
#
Loqi
ok, I added "[https://chat.indieweb.org/dev/2019-06-06/1559864962974300 Criticism of alternatives]: <blockquote>{{aaronpk}}: a big problem with the other promises of "use X so you don't have to register a domain name" is that quite often X involves a lot more work/time/money</blockquote>" to the "See Also" section of /personal-domain https://indieweb.org/wiki/index.php?diff=62183&oldid=59636
#
Loqi
[aaronpk] a big problem with the other promises of "use X so you don't have to register a domain name" is that quite often X involves a lot more work/time/money
Ruxton, KartikPrabhu, [xavierroy], snarfed, treora, cweiske, gRegorLove and [kevinmarks786] joined the channel
#
[kevinmarks786]
DNS is centralized, use $new_thing - which has 0 or 1 resolvers and is either controlled by one of the advocates (and so has pretty looking names for the handful of users) or is a huge fugly hash has been part of IIW since the beginning. Meanwhile domain names are still a fungible commodity.
[xavierroy] and [fluffy] joined the channel
#
[fluffy]
how the hell is DNS considered ‘centralized’
#
[fluffy]
DNS is like the shining example of the most successful distributed cache on the entire Internet
#
Zegnat
[fluffy]: I think because authority over DNS is centralised and those authorities can set requirements for participation (e.g. for getting a domain name you may be required to make information about yourself public record)
jeremych_ and [kevinmarks786] joined the channel
#
[kevinmarks786]
That was more true before the latest tld expansion
[tonz] and [jgmac1106] joined the channel
#
@JREnslin
↩️ Das Hauptproblem ist die Moderationspflicht. Mittelfristig wäre etwas wie Webmentions (Pingback, etc.) zu implementieren wahrscheinlich sinnvoll. Aber mit v.a. ehrenamtlich Arbeitenden ist das sonst oft schlicht zu viel Arbeit. Deshalb by default: Keine Kommentarfunktion.
(twitter.com/_/status/1136936398819397637)
jgmac1106 and [grantcodes] joined the channel
[smerrill] joined the channel
#
[smerrill]
I’m a little confused on indieauth tokens. When a client app first connects to my micropub server, it does the authentication process, which creates a token, right? And that token is saved in the client app, and presented to the micropub server on future connections, right?
#
[smerrill]
I think I’ve answered my own question. Yes, the client sends an `access_token` POST parameter, which micropub then uses to check against the token endpoint.
#
GWG
Not necessarily
#
GWG
It could also be an Authorization header
rhiaro, treora and [aaronpk] joined the channel
#
[aaronpk]
Yes your description is accurate except that more often the access token is sent in the header rather than as a post body parameter
#
[smerrill]
ok. thanks. I’m fiddling with iOS Shortcuts, and trying to figure out if I can create a Shortcut that takes a photo and some text and posts it direct to my micropub endpoint. I’d need to obtain an access token and add it to the shortcut to make it all work without a login step.
#
[aaronpk]
Yea you can definitely do that!
#
[aaronpk]
What is Shortcuts?
#
Loqi
Shortcuts is an iOS app formerly known as Workflow used to automate various actions https://indieweb.org/Shortcuts
#
[aaronpk]
There's even a shortcut to do the login and get the access token https://indieweb.org/Shortcuts#IndieAuth
#
[smerrill]
oh wow
[tantek] and [jgmac1106] joined the channel
#
sebsel
I wrote it, so if you have any questions about to use it, feel free to ask :)
eli_oat joined the channel
#
sebsel
is now hacking away at implementing IndieAuth in his new microsub project
#
sebsel
trying to get my vaporware count down, but it turns out: a Microsub reader has a LOT of parts before you can show even something small that works :(
[smerrill] joined the channel
#
[smerrill]
first i need to get min-token working successfully. I’m getting HTTP 400 errors right now, so I’m doing something wrong…
#
[smerrill]
Oh, I fixed it. Hooray!
#
[smerrill]
ha! Quill worked, but now Monocle broke.
[pfefferle], [Rose], [kevinmarks786], jgmac1106 and snarfed joined the channel
#
Zegnat
Kudos for running Mintoken. Not the most friendly of install paths, but it should cover a lot of stuff when running
#
Zegnat
also pledges to fix any bugs
[smerrill] joined the channel
#
[smerrill]
thanks [Zegnat]! It works great.
#
[smerrill]
i used Quill to sign into my test micropub endpoint. I then grabbed the mintoken token that was generated, and tried to put that into my iOS Shortcut. But I keep getting “the request lacks authentication credentials”.
#
Zegnat
That is weird. Can you see what Mintoken is answering with?
#
aaronpk
did you include "Bearer" in the http header before the token?
#
[smerrill]
i tried with and wirhout
#
[smerrill]
i dont see any indication that mintoken is actually being hit….
#
Zegnat
Did you change the token_endpoint in your config from tokens.indieauth.com to your new mintoken URL?
#
Zegnat
Stupid question maybe, but hey
#
[smerrill]
yes, i have mintoken defined in my header.
gRegorLove joined the channel
#
[smerrill]
oh, wait…
#
[smerrill]
got a 401 from mintoken now.
#
[smerrill]
might this be involved? ` && function_exists('apache_request_headers')` I’m running php-fpm under Caddy, no Apache involved…
#
[smerrill]
hrm. micropub.rocks testing is now spitting “{”error”:“connection_problem”,“error_description”:“Unable to connect to token service”}” for my test endpoint. Hoooboy
#
[smerrill]
```
#
[smerrill]
Content-Type: text/html; charset=UTF-8
#
[smerrill]
HTTP/1.1 502 Bad Gateway
#
[smerrill]
Server: Caddy
#
[smerrill]
Status: 502 Bad Gateway
#
[smerrill]
X-Powered-By: PHP/7.1.17
#
[smerrill]
Date: Fri, 07 Jun 2019 15:36:33 GMT
#
[smerrill]
Content-Length: 87
#
[smerrill]
{"error":"connection_problem","error_description":"Unable to connect to token service"}
#
[smerrill]
```
#
[smerrill]
weird.
#
Zegnat
The apache line shouldn’t matter, [smerrill]. Because the line above should hopefully have read the token already
#
Zegnat
Only when it isn’t in the usual server variable do I fallback to the apache code
#
[smerrill]
ok
#
[smerrill]
why is micropub.rocks unable to connect to my token endpoint, but Quill is? What have I fouled up??
#
[smerrill]
does micropub.rocks cache the token endpoint? I did have a typo in it at first, then I fixed that, but it appears the test is still trying to access the misspelled one.
#
jacky
might be cached
#
jacky
on mp.rocks side
#
[smerrill]
yup. must be cached.
#
[smerrill]
[Zegnat] what is the proper value of the Authorization token? Is it just the hash from mintoken’s DB? or is it some combo of ID + hash?
#
aaronpk
i didn't think it caches stuff
#
aaronpk
at least if you log out and log back in it should find your new endpoint
#
[smerrill]
ok. trying to figure out what on my end isn’t working correctly. My micropub unhelpfully spits a 502 regardless of what error the token check returns. So there’s an error coming from mintoken that is getting masked by micropub. But I dont know how to test mintoken specifically.
#
Zegnat
[smerrill]: it is id followed by _ followed by a value that is stored hashed in the db
#
aaronpk
502 sounds like a gateway error, usually because php isn't running, or there is a syntax error in the php
#
Zegnat
You can do a request straight to Mintoken with the token as authoriziation header
#
Zegnat
https://indieauth.spec.indieweb.org/#access-token-verification - a GET request to the Mintoken endpoint with the Bearer token in an Authorization header should do the trick
#
Zegnat
Though getting a 502 for a token verification failure seems wrong
#
Zegnat
Aah, your micropub endpoint generates its own 502 when it can’t find the token endpoint. Interesting
#
[smerrill]
502 is on my side. right. i didnt do any useful error output there.
#
[smerrill]
ok. I took the id and the hash from the DB, and `curl -vH 'Authorization: Bearer id_hash' myendoint` and I get `www-authenticate: Bearer, error="invalid_token", error_description="The access token is malformed"`
#
Zegnat
Something about the id_hash was wrong then, as it didn’t pass the regular expression
#
[smerrill]
im copy/pasting from the output of sqlite select into my curl command, and it’s failing.
#
Zegnat
You can’t get the token from sqlite, only from an actual token request
#
Zegnat
Because security
#
Zegnat
The second part of the token is unknown to the sqlite, the sqlite only stores the hashed version of it (like with passwords)
#
Zegnat
Thus Mintoken has the property of protecting you in case of a db leak, unlike some other token implementations (basically every token is a username and password pair)
#
[smerrill]
I’m confused how i’m to get a valid token into an iOS Shortcut then, I guess?
#
aaronpk
the only time the token is returned from mintoken is in response to the POST request where the app sends the temporary authorization code
#
Zegnat
Yep. Something has to do the IndieAuth flow to request a token. And that is the only point in time that you can obtain the token.
#
Zegnat
Or if you used an app for it that can show the token to you, then you can copy one from a different app
#
Zegnat
what is gimme-a-token?
#
Loqi
gimme a token is a helper to obtain an access token from your IndieAuth endpoint: https://gimme-a-token.5eb.nl/ https://indieweb.org/gimme_a_token
#
Zegnat
That can probably be used ^^^
#
Zegnat
https://github.com/Zegnat/php-mintoken/wiki/Token-design for more information about Mintoken and how it tries to counter timing attacks and db leaks with its design
#
[smerrill]
ok. I have a token from gimme-a-token. I do this+hash from the DB?
#
[smerrill]
oh, no I use that exactly. Ok.
#
Zegnat
Yep, use exactly what gimme-a-token gives you
#
Zegnat
That is the token, and there is no way to recreate it from the database. Which is kinda the point :)
#
[smerrill]
that worked. thank you. This does not reveal to me why micropub.rocks is failing, though…
#
[smerrill]
or more specifically, why my token endpoint is failing when interacting with micropub.rocks
callMeBaby, [kimberlyhirsh], [jgmac1106], snarfed, jjuran, jackjamieson, [tantek], [dougbeal] and [chrisaldrich] joined the channel
#
[tantek]
anyone using / training any AI in their personal sites, for any reason? https://www.technologyreview.com/s/613630/training-a-single-ai-model-can-emit-as-much-carbon-as-five-cars-in-their-lifetimes/ (redirecting discussion from #indieweb)
#
[tantek]
In particular I can't wait for reports to come out about different energy use / carbon output of different JS frameworks
#
[jgmac1106]
Driving (passenger) now but I thought I saw one. Will search when I get home
[schmarty] and dougbeal|mb1 joined the channel
#
[tantek]
if no one here is personally doing it, don't bother
#
[tantek]
what is AI
#
Loqi
It looks like we don't have a page for "AI" yet. Would you like to create it? (Or just say "AI is ____", a sentence describing the term)
#
[tantek]
what is Artificial Intelligence?
#
Loqi
It looks like we don't have a page for "Artificial Intelligence" yet. Would you like to create it? (Or just say "Artificial Intelligence is ____", a sentence describing the term)
#
[tantek]
yeah so don't bother defining those if you personally are not using it on your website for now
#
[tantek]
i.e. they fall into the "wikipedia is good enough, do not duplicate" category
snarfed, eli_oat, jackjamieson, jjuran and [jgmac1106] joined the channel
#
[jgmac1106]
This is cool. Apologies if already posted https://www.zachleat.com/web/snarky/
#
[tantek]
cool enough to indienews bookmark? I like Zach
#
[tantek]
um yes, from the intro paragraph alone
#
aaronpk
amazing
#
sknebel
lol, first of the mentions "ZAcH ShARInG ANOTHER PIECE of WORk THaT MAKEs Me QUEstION why it TOOk ME SO LonG TO follow HiM" hm... might be misclassified? :D
#
aaronpk
sentiment analysis is hard lol
#
[tantek]
see also disemvowelment
snarfed and [schmarty] joined the channel
#
[schmarty]
i lol'd at that comment. i believe it was written in such a way as to trip up sentiment analysis.
[grantcodes] joined the channel
#
[grantcodes]
Can confirm https://microsub-middleware.glitch.me/ now works for rolling up likes & bookmarks in microsub channels 🙂
gRegorLove_ and leg joined the channel
#
[grantcodes]
I want to do checkins next. But I think it will be more difficult to represent multiple checkins in one post that works in readers
[Rose] joined the channel
#
[Rose]
Ooooh!
#
[grantcodes]
🤔 But I think I could maybe create a "map channel" that would only ever keep the last location of every author, so I could see a map of where people are
#
aaronpk
yeah! that'd be awesome
#
[grantcodes]
Only thing to watch out for just now if you use it is the time is based on the server time, not your own time 🤷‍♂️
snarfed, KartikPrabhu, [jgmac1106], [tantek], jackjamieson and eli_oat joined the channel