#dev 2019-07-03

2019-07-03 UTC
gRegorLove joined the channel
# 01:42 
GWG I think I have a significant problem I need to figure out.
# 01:42 
GWG I just discovered a rather significant bug.
# 01:42 
GWG But I'm not sure the logic to fix it
BenLubar joined the channel
# 01:59 
jacky wants to retroactively capture his likes and bookmarks from Instagram to his website
# 02:12 
GWG Hi, jacky
# 02:12 
jacky yo yo
# 02:14 
jacky .
valuemachine and [tantek] joined the channel
# 03:35 
[tantek] same Jacky same
valuemachine and [aaronpk] joined the channel
# 03:52 
GWG aaronpk: If I may have made a mistake in implementing IndieAuth, do you take the book back?
valuemachine and [Slackbot]1 joined the channel
# 03:52 
[Slackbot]1 aaronpk: If I may have made a mistake in implementing IndieAuth, do you take the book back?
# 03:53 
[aaronpk] haha no that means you get another copy so that you have a higher chance of reading it again?
gRegorLove joined the channel
# 03:54 
GWG [aaronpk]: Regrettably, it's a WordPress logic issue.
# 03:54 
[Slackbot]1 @aaronpk: Regrettably, it's a WordPress logic issue.
valuemachine, [aaronpk], [Slackbot]1, lza1, KartikPrabhu, [KevinMarks], [Rose], cweiske, rhiaro, petermolnar_ and gRegorLove joined the channel
# 07:08 
@Motweet ↩️ wahrscheinlich auch wieder eine automatische Lösung, aber  „Antwort an...“ ist nicht aussagekräftig. 

Finde das sehr spannend mit den Webmentions. Spätestens beim @Almcamp musst Du mir alles darüber erzählen bitte (twitter.com/_/status/1146314838735556608)
# 07:14 
[KevinMarks] I saw a polyfill for lazy loading images where you wrap them in <noscript> tags
# 07:20 
[KevinMarks] https://www.npmjs.com/package/loading-attribute-polyfill
valuemachine joined the channel
# 07:52 
jjuran So JS;DR purists still get an <img>?  Nice.
swentel, valuemachine, pierreboc[m], jeremych_, jjuran, [grantcodes] and [jgmac1106] joined the channel
# 10:39 
petermolnar_ jacky, [tantek]: does an instagram export not contain any bookmarks? The likes I'm not expecting but the bookmarks really should be in there.
# 10:43 
@voxpelli ↩️ Då tex GitHub hostear dem gratis åt en är det ett väldigt smidigt ekosystem att anpassa sig efter, vilket jag tex gör med mina IndieWeb-tjänster (Webmention och Micropub)

Min sajt har växt till lite av ett Jekyll-monster templatemässigt, men finns här: https://github.com/voxpelli/voxpelli.github.com (twitter.com/_/status/1146368736355594240)
# 10:45 
@voxpelli ↩️ @jocke @pelles Mina två större IndieWeb-projekt som lirar bra med statiska sidor:

https://github.com/voxpelli/webpage-webmentions

https://github.com/voxpelli/webpage-micropub-to-github (twitter.com/_/status/1146369272870051840)
# 11:32 
GWG I am still having trouble figuring out how to improve mapping of URLs to WordPress users for IndieAuth
# 11:32 
GWG I need an outside opinion
# 11:44 
[grantcodes] What's the actual problem?
jjuran and [aaronpk] joined the channel
# 11:45 
[aaronpk] GWG: whoever the logged in user is the URL that you should return, not the other way around
valuemachine joined the channel
# 11:47 
[aaronpk] In fact, you can pretty much just ignore the "me" URL that's in the request entirely. There's a discussion on the spec right now and it turns out that's only really useful for multi-domain authorization endpoints like IndieAuth.com
# 12:03 
GWG The issue is how you assign the root of the domain
# 12:04 
GWG If it was just using the /author/username format that WordPress uses for author archive pages...that would not be an issue
# 12:04 
GWG Also, external domains
# 12:05 
[aaronpk] I thought we talked through all this last time?
# 12:06 
GWG The issue I found yesterday makes me think I need to rewrite it again
# 12:06 
GWG And rethink the logic
# 12:07 
GWG Make it more secure
# 12:07 
GWG Also, Autoauth
# 12:07 
[aaronpk] I thought there was a toggle for "single user mode" where it always returns the Wordpress base url regardless of which Wordpress user is logged in
# 12:08 
GWG No. The Indieweb plugin has a single author setting
# 12:08 
[aaronpk] Oh right and doesn't this plugin read that setting?
# 12:08 
[aaronpk] I can't keep track of which plugin does what
# 12:09 
GWG But if it always returns the base URL.. then it issues all tokens in the credentials of that user, even if another user requested them
# 12:09 
GWG That would be bad
# 12:09 
[aaronpk] Oh I see what you mean
# 12:10 
[aaronpk] Sounds like a minor fix tho
# 12:10 
GWG Yes
# 12:11 
GWG But I'm worried now about it being insecure
# 12:11 
GWG That's why I wanted to think outside my box
# 12:12 
GWG And I need to cover all levels of user ability
# 12:13 
GWG So I need to ensure only one user can represent the root of the site
# 12:14 
GWG Or alternatively only allow the /author/username URL
# 12:15 
GWG Or something else
# 12:15 
GWG But I need to get it right and test it thoroughly
David1 joined the channel
# 12:17 
GWG Also, if I want to support IndieAuth for more than publishing... I need to rethink my definitions
# 12:18 
GWG I defined authors
# 12:18 
GWG I need to define users
# 12:20 
GWG The system now will allow a token to be issued with permissions to create posts even if the associated user does not have that permission
# 12:20 
GWG It will fail when they try to do it though
# 12:21 
GWG This is all because of Microsub and AutoAuth
# 12:21 
GWG I realized my original assumptions won't work anymore
# 12:23 
GWG https://indieweb.org/Wordpress_IndieAuth_Plugin
# 12:23 
GWG I have to update and rethink the use cases
# 12:24 
[jgmac1106] Gwg do admin, editors, authors, and users get distinctive profile urls?
# 12:26 
GWG No
# 12:26 
GWG I believe they all get /author
# 12:26 
GWG But I could also create a custom profile URL
# 12:26 
[jgmac1106] How many multiuser site requests do you get for IndieAuth.? Commonly requested feature....ouch... Difficult then
# 12:26 
GWG That isn't an archive
# 12:26 
[jgmac1106] Would have to.
# 12:26 
GWG Until this came up, not many
# 12:27 
[jgmac1106] My literacyeverday.org site is multiuser. Welcome to play there
# 12:28 
[jgmac1106] Or just say "On the IndieWeb a user is associated with their url? Therefore multi author sites are not supported?"
# 12:28 
[jgmac1106] Wonder what happens on mutli user Known sites with IndieAuth
# 12:28 
Zegnat (Same goes for granting scopes. If they control the the token endpoint URL, they control the scopes.)
# 12:28 
Zegnat Note that from a security perspective, any user with access to plugins or the theme can be allowed to authenticate as the root site. Since they are in charge of chosing the auth endpoint anyway and could swap it out for one that lets them do it.
# 12:29 
Zegnat Otherwise it gets more tricky.
# 12:29 
Zegnat Doesn’t Known by default make you authenticate as your user page with IndieAuth? Not sure how they handle tokens though
# 12:29 
[jgmac1106] https://literacyeveryday.org/
# 12:31 
[jgmac1106] So maybe that could be solution gwg, a custom endpoint created on any user page in a multiuser WP install used to log in
# 12:31 
Zegnat They don’t need custom endpoints. WP just needs to not reply with a me-value equal to the site root if the user isn’t allowed to act as the site root
# 12:32 
[jgmac1106] Ahh that would work
# 12:32 
[jgmac1106] Just a rel me to the user page created by WP?
# 12:33 
Zegnat a me-value in the authentication flow response to point to the user’s page. Yes. I believe that is what Known does.
# 12:33 
Zegnat (no rel-me in sight here)
# 12:33 
[jgmac1106] https://literacyeveryday.org/
# 12:33 
[jgmac1106] Is the site I have gwg have a staging version where you can dool around
# 12:34 
GWG I added a second user to my test site to play with this
# 12:34 
GWG One without admin privileges
# 12:34 
GWG Users don't have pages per se
# 12:35 
GWG But either way, I need to document the scenarios and write a solution that secures them all, even if I am not building out further functionality around them
# 12:35 
Zegnat Sounds like a good paper test run, GWG!
# 12:35 
GWG Yes
# 12:36 
GWG Zegnat, especially since one of the use cases is now AutoAuth
# 12:37 
[jgmac1106] Known plugin says not to use on mutliuser site
# 12:39 
GWG And I need to look at pfefferle's use case
# 12:40 
GWG He wanted to log into one of his sites using the credentials of another site
oed3[m] joined the channel
# 12:44 
GWG So...lots to map out
# 12:44 
GWG May be back for sounding board help
# 12:44 
GWG I think I need to set modes
# 12:44 
GWG For example...a strict single user setting that rejects everything but the main account
# 12:45 
GWG Etc
# 12:50 
Zegnat “ wanted to log into one of his sites using the credentials of another site” - I still think that is an entirely different thing
# 12:51 
Zegnat Then you are talking about replacing the WordPress login box. Maybe replacing it with RelMeAuth+IndieAuth. Or whatever.
# 12:52 
GWG It's web sign in
# 12:52 
GWG That part of the plugin should probably be split out
# 12:53 
GWG Again, need to think of all use cases and plan a way forward even if I don't implement
# 12:58 
[aaronpk] I really do wish that was handled by a different plugin so this one can focus on being an IndieAuth server
# 13:10 
[jgmac1106] modularity++
# 13:10 
Loqi modularity has 1 karma over the last year
valuemachine and [KevinMarks] joined the channel
# 14:26 
@nystudio107 ↩️ @dreadfullyposh Should be working now... it's an interesting one... https://github.com/aaronpk/webmention.io/issues/131#issuecomment-508116366 (twitter.com/_/status/1146425067968110592)
# 14:28 
@nystudio107 @zachleat Have you run into this with webmentions? It appears that my host has been inexplicably banned. @webmentionrocks https://github.com/aaronpk/webmention.io/issues/131 (twitter.com/_/status/1146425564569448448)
gRegorLove, [benatwork], [Rose], valuemachine, AXEL-Lee[m], [tonz] and VP-Brian[m] joined the channel
# 15:49 
@katharinabrx ↩️ @andybelldesign I’ve never used a static site generator, so that could get this off my todo list. Is it working with stuff like webmentions? (twitter.com/_/status/1146445934739501056)
Rick[m]2, CryptoEmpress[m] and fozzie[m] joined the channel
# 15:52 
@_marcusherrmann ↩️ @katharinabrx @andybelldesign Yes, @mxbck wrote about it: https://mxb.dev/blog/using-webmentions-on-static-sites/ (twitter.com/_/status/1146446580897255424)
# 15:55 
@mxbck ↩️ Works very well together IMHO! Also worth checking out https://webmention.app to handle outgoing webmentions. via @rem (twitter.com/_/status/1146447412405387266)
[tantek] joined the channel
# 16:27 
@foobartel I’ve added http://Brid.gy to enhance the webmentions on my site and this is a test tweet. Feel free to like it and we will soon find out if it actually works… Testing, testing… https://foobartel.com/notes/welcome-brid-gy (twitter.com/_/status/1146455482636197889)
# 16:27 
@foobartel I’ve added http://Brid.gy to enhance the webmentions on my site and this is a test tweet. Feel free to like it and we will soon find out if it actually works… Testing, testing… https://foobartel.com/notes/welcome-brid-gy (twitter.com/_/status/1146455482636197889)
KartikPrabhu and Trello[m] joined the channel
# 16:52 
@nhoizey ↩️ Yes, correct, it takes some time.

Most of my Webmentions are Twitter likes and retweets http://Grid.gy found and sent to my http://webmention.io endpoint, waiting for my Jekyll build to run. (twitter.com/_/status/1146461716424929280)
[snarfed] joined the channel
# 16:55 
[snarfed] CSS GRID.GY 😎
# 16:56 
[tantek] snarfed++ 😂
# 16:56 
Loqi snarfed has 49 karma in this channel over the last year (84 in all channels)
valuemachine, msena3[m], [cleverdevil] and [dogeared] joined the channel; Trello[m] left the channel
# 17:17 
[dogeared] This looks interesting: https://dev.to/teamxenox/introducing-program-an-open-source-self-hosted-instagram-2fij
# 17:25 
[tantek] Worst. SEO. Ever. 😂
valuemachine joined the channel
# 17:43 
aaronpk That does look pretty nice, at least it just publishes a static site. But anything that says "ProGram is super easy to use!" Followed by "npm -i" is out for me
# 17:44 
[tantek] to be fair, it does start with "A CLI-Based" so at least it's upfront
# 17:44 
aaronpk True
# 17:44 
[tantek] nothing CLI is "easy", much less "super easy" so your criticism of that stands
# 17:45 
[tantek] also any CTA with "simply" is problematic (probably worth reviewing our own dfns / CTAs for that)
# 17:46 
[tantek] forking that tangent to meta
JeffMaherVegas[m and [jgarber] joined the channel
# 18:25 
[jgarber] Hello, all! I’ve just pushed v1.0.0 of the Ruby webmention gem: https://github.com/indieweb/webmention-client-ruby
# 18:29 
[tantek] \o/
# 18:29 
[tantek] jgarber++
# 18:29 
Loqi jgarber has 7 karma in this channel over the last year (8 in all channels)
# 18:30 
[jgarber] Thanks, [tantek]! 😄
# 18:30 
[jgarber] It’s a significant rewrite, so definitely looking for feedback on regressions and any feature ideas for future development.
# 18:30 
[jgarber] Plus documentation gaps. Super interested to know where things are unclear.
# 18:30 
[tantek] were you able to run regression tests e.g. via webmention.rocks ?
# 18:32 
[jgarber] Endpoint discovery is handled by the indieweb-endpoints-ruby which passes all the webmention.rocks discovery tests.
# 18:32 
[jgarber] (The webmention-client-ruby gem is using the indieweb-endpoints-ruby gem under the hood for the endpoint discovery bit.)
# 18:33 
[tantek] and all the sending tests? e.g. does it pass the update / delete tests?
# 18:33 
jacky does it have a report page?
# 18:35 
[jgarber] [tantek] Good question. I’ll have to look at those tests.
# 18:36 
[jgarber] jacky: It would appear not. Assuming this is what you’re referring to? https://github.com/w3c/webmention/tree/master/implementation-reports
# 18:39 
jacky yup
[jared078], [jgmac1106], leg, [mapkyca], [Vanessa] and jenncloud[m] joined the channel