#GWGBut I think the solution is to make sure that I scope things
[dougbeal] joined the channel
#aaronpkevery 5 seconds a new entry is added to Aperture
dougbeal|mb1 joined the channel
#GWGIf an autoloader is instantiated inside a class method in PHP, won't it be scoped to the that, as opposed to globally?
[miklb] joined the channel
#[miklb]what is the problem you are trying to solve GWG?
#LoqiIt looks like we don't have a page for "problem you are trying to solve GWG" yet. Would you like to create it?_8 (Or just say "problem you are trying to solve GWG is ____", a sentence describing the term)
#GWG[miklb]: Two versions of the same library loading.
[jgmac1106] joined the channel
#GWGOne being held back by the fact the other isn't being updated
#[miklb]like if someone updates one version of a plugin but not the other?
#[miklb]that are both using the same library and that is what’s updated?
#GWGThey are using different versions of the same library
#gRegorLoveThe problem I see is you can't control plugin load order (can you?) So if plugin A has an older php-mf2 than plugin B, but loads first, then both are going to use the older version.
#[miklb]see the that explanation of how they do it
#gRegorLoveWhich may not be a huge problem, I guess. Depends how out of date it gets
#[miklb]“It establishes a version constant that is a high number for the first release (9999), and on each subsequent release, the version constant is decremented. The version number is used for the priority of the action that instantiates the main class. This ensures that the most recent version of the library is loaded.”
#aaronpkit's been a while, but the only solution i've seen for this is to rename the library you're pulling in
#GWGOr just make sure I update my stuff as fast as jackjamieson
#GWGjackjamieson keeps pulling academic examples that have multiple authors in feeds and URLs he's using my consumption code to process. So I taught it to add an array of authors. But nothing knows how to deal with that yet
#aaronpki don't know what I would do with Monocle to show multiple authors
#aaronpki think i would rather show the publication name as the author info with the icon/name/url of the publication
#GWGMany RSS feeds put the publication as the author and the authors as contributors
#aaronpkcan you capture some screenshots of how that shows up in readers?
gRegorLove_, KartikPrabhu and strugee joined the channel
#Zegnat“many people make their podcast an h-card” – which podcasts publishes microformats like that? Might be a good thing to collect
strugee joined the channel
#@andybelldesign↩️ IMO, the easier we make it for folks to have their own site, the better. Same goes for stuff like webmentions etc. If it requires hours of tinkering and messing around it’s non-inclusive by proxy. (twitter.com/_/status/1139858542662471683)
strugee and jgmac1106 joined the channel
#sknebelaaronpk: isn't microsub making a decision on multiple authors through the description of JF2?
jgmac1106 and [jgmac1106] joined the channel
#[jgmac1106]Zegnat look to podcast in the online session
#[jgmac1106]I think both eddie and aaronpk do it that way
#[jgmac1106]Much of the podcast session was discussion of the two patterns
mblaney left the channel
#@Spellacy↩️ I'm still mystified by Webmentions. I get it in principle, but implementing it seems difficult, and I'm fairly proficient. Any simple tutorials out there? (twitter.com/_/status/1139892047819804672)
[stefp] joined the channel
#aaronpksknebel: technically it's jf2 making that decision but in effect yes
#aaronpkbut if you wanted to change it, you'd change jf2, not any text in microsub
#Loqiseparation-of-concerns has 1 karma over the last year
#aaronpkmblaney: reposts have a pretty well defined structure and two authors is not part of that. The repost is an h-entry where the author is the person who's reposting something, then the repost-of property is an h-cite containing the reposted thing which includes the author of the original post in that
#ZegnatYeah, I have been doing that basically since the inception of the current design for my homepage
[jgmac1106] joined the channel
#@jaroslawjarosik↩️ I've tried working with the source and what can I say, it screams LEGACY
but if it hass all the features you need at least the API is less terrible than commercial ones so you can create a decent client with less of a headache... I'd still recommend some kind of microsub server (twitter.com/_/status/1139917840872615936)
jgmac1106 joined the channel
#@ton_zylstra↩️ yes, microsub is very much on my mind and currently a more likely path (that posting is a yr old after all). Has the added benefit of supporting json feeds more easily, and to have a client that uses micropub for various (re)actions. (twitter.com/_/status/1139922530985226241)
[fluffy] joined the channel
#GWGsknebel, I went to jf2 and aaronpk pointed out that Microsub isn't using pure jf2
[tonz] joined the channel
#[tonz]in light of the above tweets, a question about microsub: I see channels as folders. If I want to tag feeds (with ‘facets’ of people’s lives e.g. ‘coder, Berlin, Drupal, foodie, indieweb’, so I can do things like ‘from my feeds show me what foodies in Berlin are writing as I will be visiting later this week and want to explore new restaurants’) would that be something to try and solve in microsub server or in the client? And what wou
#GWGBut should the author property be an array to accommodate multiple authors?
#aaronpkGWG: I thought we came to a conclusion on this last night
#ZegnatIn my opinion, yes. But in my opinion I am not sure jf2 has much of a purpose, so do not listen to me :P (I also am not looking at implementing anything that speaks jf2 currently.)
#GWGaaronpk, the only conclusion was to punt it due lack of prior art
#GWGSo, I may need to publish citations with multiple authors before I bring it up again
#aaronpkI don't see the value in making it more complicated to consume for the 1% of posts that might have multiple authors. It's like the 80/20 rule but even more extreme
#GWGThere is the prior solution of a contributor property
#GWGWhich allows for a primary author still, a contributor being additionally credited individuals
#aaronpk[tonz]: that's a really cool idea. I would think most of the work would be done on the server, and you'd need a protocol between the app and the server to give the app a way to essentially search the content on the server
#jackyis OCAP too complex of a concept for handling authorization to content?
#jackyI'm entertaining it because then I can delegate the actual authorization work to be outside of my site
#jackylargely so people who don't have indieweb sites could see 'protected' content
#aaronpkWell google isn't turning anything up for OCAP
#aaronpkyeah I want to add twitter login to my site for that
#jackythis could be a bit like oauth2 but instead of exchanging a code for a token, you'd get back a URL
#jackyis aiming to make this something external so little changes to his site are needed
#aaronpkIf I'm reading this right, there is a fundamental difference between "access by identity" and "access by capability"
#aaronpkwhich sounds like the latest attempt at private webmentions, which avoids the whole concept of identity to fetch the private post
#jackythere is - the capability would be defined implicitly by the site's owner (that's the approach I wanted to take to so the site owner gets to control to a degree what can be done with a protected post)
#aaronpksince it works by eventually getting a token to the receiver which it can use to fetch the private post, but there's no assumption about whether that thing on the other end is a person or even who it is
#jackythat's for the case of fetching posts/content from a reader, no?
#jacky(or rather, it's optimized for that since that's more likely where people will be)
#aaronpk(I meant access by identity vs access by possession before)
[kevinmarks786] joined the channel
#[kevinmarks786]In readers, capabilities end up mapping to feed urls generated for that user
#sknebelso my understanding the key thing of the capability models is the transferability, which I'm not sure you need for just delegating authorization... but I guess you could use
#sknebel[kevinmarks786]: capability urls are not the same thing
#[kevinmarks786]That's how I've seen it done before by capability fans
#LoqiIt looks like we don't have a page for "capability url" yet. Would you like to create it?_9 (Or just say "capability url is ____", a sentence describing the term)
#LoqiCapability-URLs sometimes called hard to guess URL or secret URL and used for granting access to a resource to anyone who has the URL https://indieweb.org/capability-urls
#LoqiCapability-URLs sometimes called hard to guess URL or secret URL and used for granting access to a resource to anyone who has the URL https://indieweb.org/capability_URL
#sknebelso from my understanding with OCAP you have this concept where you can delegate permissions, which plain random tokens/capability URLs can't do. Is that delegation something you were thinking about using jacky?
#jackyTo a degree. I actually want to keep a list of people who can do what on my site but have a remote party confirm that the requester is the provided URL (or as least owns the URL in question)
#jackythat way I can leverage my nickname cache for people versus arbitrary URLs
#aaronpksknebel: I don't see why you couldn't use nearer tokens to request a downscoped bearer token, as long as the authorization server supports it of course
#aaronpkI'm reading that ocap-ld now and I feel like they're making some claims that are not really backed up by anything
[eddie] joined the channel
#[eddie]jacky It seems like “AutoAuth” would work well for confirming the requester is the provided URL. Was there something specific that caused you to not want to use that?
#sknebelaaronpk: didn't say you can't implement that model on top of OAuth terms?
#[kevinmarks786]The capability stuff I was connected to was around caja, which was for sandboxing html+css+js gadgets so that they could run in your page without taking it over. Mark Miller who is on the editor list worked on that.
#ZegnatYeah, and sounds a lot like you want them to authenticate somewhere, rather than supplying capabilities, jacky?
#ZegnatE.g. sounds closer to the AutoAuth idea where someone proofs their identity and then gets a Bearer token, and then when they request something from your site sends the Bearer token along which you can easily turn back into their URL
#sknebelalthough typically it seems to be implemented with signatures instead
#LoqiAutoAuth is the working title of an extension to IndieAuth that allows clients to authorize to other servers in the name of their user, without the user being present to confirm each individual authorization flow https://indieweb.org/AutoAuth
#sknebelI'm not sure AutoAuth is a good model here, since the delegation happens on the other side
#snarfedi'm reluctant to recommend that to indieweb though. the scope of their problem, both in use cases and data/traffic scaale, totally dwarfs what we need for a private post MVP. it'd be like boiling an egg with a nuclear bomb
#jackyI visualized that and had to put my cup down
#snarfedtotally interesting! i remember following it when they did it, and also alex roetter's and david glazer's version. but maybe not the best first model for us
#sknebelif you'd want to stick with the OAuth token model throughout, I guess the login screen needs the ability to create a token for <url> with scope: read, and then get the client to use that token, e.g. in a cookie
#Loqisknebel has 41 karma in this channel over the last year (118 in all channels)
#snarfedsknebel++ shooting sparrows with cannons is great too
snarfed, [fluffy], [frank], [kimberlyhirsh] and [Rose] joined the channel
#aaronpkugh in other news, webmention.io is kind of a mess, the tests are failing and I can't figure out why, and it's using super old deprecated libraries
#aaronpkright now i'm fighting the fact that they ignore the vendor folder you make yourself and they run composer themselves now. which does speed up deploys, but also means I can't set flags on the composer command
#aaronpkall that just to get webmention.io to handle deleted webmentions!
#aaronpkalthough I just realized that while webmention.io now deletes the webmention from its own database, it doesn't push that delete out via the webhook, so my site won't be aware of deleted webmentions