#dev 2019-07-08

2019-07-08 UTC
KartikPrabhu, fluffy, gRegorLove and mblaney joined the channel
#
Loqi
mblaney: gRegorLove left you a message 4 hours, 21 minutes ago: did my like of your post come through?
#
mblaney
hi gRegorLove yes and displaying responses is on my list of things to do.
[fluffy], valuemachine and gRegorLove joined the channel
#
[fluffy]
okay so despite OpenID 1.x being dead/dying I am implementing support for it in Authl, because Mastodon and OAuth2-based stuff is annoying me. So, in reading the spec… is it just me or is the whole “delegate” aspect incredibly insecure?
#
[fluffy]
oh wait no on a reread it’s fine
#
[fluffy]
it just like… doesn’t do anything particularly useful, is all
#
[fluffy]
wait no it does seem insecure, like there’s nothing that guarantees that the openID server being specified has anything to do with the delegated URL.
#
@AUR_updates
AUR Package Update: "perl-web-mention" (Implementation of the IndieWeb Webmention protocol) https://ift.tt/2FXXUN2
(twitter.com/_/status/1148115860114087936)
cweiske, KartikPrabhu, swentel and valuemachine joined the channel
#
@fvsch
I see a few people on the Indie Web movement adding Webmentions to their blogs and I'm wondering: it looks like they're all men? What happens _when_ (not if) you have thousands of webmentions that are 95% abuse and threats from white/male supremacists?
(twitter.com/_/status/1148159831087419392)
[fluffy] joined the channel
#
[fluffy]
!tell aaronpk If you ever want to add Mastodon login as a RelMeAuth option for IndieLogin, I’ve gotten a crappy implementation working. 🙂 https://github.com/PlaidWeb/Authl/blob/c8087e567538cb5a03c52acfb509375065ef27c1/authl/handlers/mastodon.py
#
Loqi
Ok, I'll tell them that when I see them next
[KevinMarks] joined the channel
#
[KevinMarks]
The idea of openid delegation is that if you can edit the head to put the rel link in you probably own the site. The bidirectional links in rel-me auth are a stronger version of this idea
jgmac1106, [jgmac1106], gRegorLove, valuemachine, KartikPrabhu and eli_oat joined the channel
#
@kReEsTaL
↩️ Mais bon, ce qui m’a dissuadée d’utiliser les Webmentions, c’est le fait de publier sur mon blog le tweet, le nom et l’avatar de personnes qui ne m’ont pas explicitement autorisé à le faire… Moi-même ça me lourderait d’apparaître sur le blog de je sais pas qui sans permission.
(twitter.com/_/status/1148204547950727168)
#
@kReEsTaL
↩️ Alors qu’à la base je ne fais que répondre à un tweet. Et puis quid de la politique de confidentialité, comment être au courant de qui plublie quelle Webmention, comment supprimer ces contenus, etc. etc. Trop prise de tête.
(twitter.com/_/status/1148204690317946885)
[davidmead] joined the channel
#
@WalterStephanie
↩️ Les webmentions suppriment pas la mention si tu supprimes le tweet? Hum. Du coup effectivement. Pareil du coup si tu changes d'avatar je suppose
(twitter.com/_/status/1148207119956619264)
jgmac1106, gxt and [aaronpk] joined the channel
#
[aaronpk]
Good morning
#
Loqi
[aaronpk]: [fluffy] left you a message 4 hours, 26 minutes ago: If you ever want to add Mastodon login as a RelMeAuth option for IndieLogin, I’ve gotten a crappy implementation working. 🙂 https://github.com/PlaidWeb/Authl/blob/c8087e567538cb5a03c52acfb509375065ef27c1/authl/handlers/mastodon.py
#
Loqi
good morning
#
[aaronpk]
[fluffy] you're correct, any openid server can make a claim about any URL. Delegation works because the openid client will only trust only the server that the URL delegates to
skippy joined the channel
#
[aaronpk]
I also don't want to do the little client registration dance for mastodon, or add all the mastodon specific stuff, since it would be better for everyone if mastodon adapted their OAuth API to speak IndieAuth instead.
gRegorLove, [Jay_Hoffmann], [schmarty] and [KevinMarks] joined the channel
#
[KevinMarks]
Is there anyone running their own mastodon instance that you could try that out with?
[Rose] joined the channel
#
[KevinMarks]
Does tinysubversions run one?
#
aaronpk
he shut his personal one down
[tantek] joined the channel
#
[tantek]
is there an issue filed on Mastodon core for "mastodon adapt their OAuth API to speak IndieAuth instead" ?
#
[tantek]
that we could then add to /Mastodon ?
#
skippy
only one instance of IndieAuth in the Mastodon issues: https://github.com/tootsuite/mastodon/issues/4800
#
@fvsch
I see a few people on the Indie Web movement adding Webmentions to their blogs and I'm wondering: it looks like they're all men? What happens _when_ (not if) you have thousands of webmentions that are 95% abuse and threats from white/male supremacists?
(twitter.com/_/status/1148159831087419392)
#
Loqi
[Sylvhem] #4800 Allow Mastodon to be used as an OpenID provider
#
[tantek]
comments << Concerns re: displaying aspects of comments https://twitter.com/kReEsTaL/status/1148204547950727168 translated: <blockquote>But hey, what discouraged me from using Webmentions is the fact of publishing on my blog the tweet, the name and the avatar of people who did not explicitly authorize me to do so ... Myself it would burden me to appear on the blog of I do not know who without permission.</blockquote>
#
@kReEsTaL
@WalterStephanie @fvsch Mais bon, ce qui m’a dissuadée d’utiliser les Webmentions, c’est le fait de publier sur mon blog le tweet, le nom et l’avatar de personnes qui ne m’ont pas explicitement autorisé à le faire… Moi-même ça me lourderait d’apparaître sur le blog de je sais pas qui sans permission.
(twitter.com/_/status/1148204547950727168)
#
Loqi
ok, I added "Concerns re: displaying aspects of comments https://twitter.com/kReEsTaL/status/1148204547950727168 translated: <blockquote>But hey, what discouraged me from using Webmentions is the fact of publishing on my blog the tweet, the name and the avatar of people who did not explicitly authorize me to do so ... Myself it would burden me to appear on the blog of I do not know who without permission.</blockquote>" to the "See Also" section of /comments https://indieweb.org/wiki/index.php?diff=63411&oldid=61746
[fluffy] joined the channel
#
[fluffy]
[aaronpk] yeah, the client registration dance isn’t that big a deal at least.
#
[fluffy]
but it’d be a lot better if it weren’t necessary, and if it had proper heckin’ endpoint discovery
#
[aaronpk]
It's more about the principle of the thing
#
[fluffy]
I’d estimate about 75% of the code in that thing I linked to is working around Mastodon’s meh-ness
#
[fluffy]
well, 100% of it if you consider that Mastodon could just add IndieAuth
[wtmonroe] joined the channel
#
[fluffy]
(or OIDC or whatever)
#
[aaronpk]
I keep meaning to write a blog post describing how mastodon (or any similar project) can use IndieAuth to solve their issues, complete with screenshots
#
[aaronpk]
OIDC is like a more complicated version of IndieAuth that doesn't actually give any benefit in this situation
#
[fluffy]
the Mastodon API is ridiculously poorly-documented, too, and the docs are inconsistent and sometimes even incorrect
#
[fluffy]
like there’s only one documented endpoint for actually determining the ID of whomever logged in, which requires reading *everything* about the account, and it’s documented as only needing the `read:accounts` scope but in my experience it needs the full `read` scope which is annoying
#
[fluffy]
er, `read:account`
#
[aaronpk]
Oh that's bad
#
[fluffy]
and yeah I agree that IndieAuth is a way better protocol for this but OIDC at least has mindshare and a perception of being more generally-useful (not htat I agree with that perception)
#
[aaronpk]
I don't necessarily agree with that, at least for this audience
#
[aaronpk]
I haven't seen anyone mentioning OIDC in these threads
#
[fluffy]
It’s hard to tell, issue 4800 has a bunch of confusion around OID1, OID2, and OIDC
#
[fluffy]
and the original post seems to talk about OID1 but then links to OIDC
#
[fluffy]
as always, the two hardest problems in programming are naming things, cache invalidation, and off-by-one errors.
#
[schmarty]
tantek: not sure i agree that tweet belongs on /Vouch
#
[fluffy]
oh and another really annoying thing is that Mastodon doesn’t seem to have any way of passing a state parameter into the authorize endpoint, which is why I end up registering a state-specific callback each time. But now that I’ve had some sleep I’ll try just passing in state instead. Because like, otherwise how the heck is anyone supposed to know which transaction the callback is in reference eto?
#
[schmarty]
feels like Vouch gets used as a shorthand for the entire set of solutions to the problems of spam, harassment, and more.
#
[fluffy]
I totally agree schmarty++
#
Loqi
schmarty has 10 karma in this channel over the last year (66 in all channels)
johanherman[m] joined the channel
#
aaronpk
[fluffy]: are you serious? not supporting the "state" parameter is pretty bad
#
[tantek]
schmarty — yes that's a good point, it's more importantly a user-level concern and should go at least on /abuse
#
[tantek]
what is abuse
#
Loqi
Report abuse (AKA report inappropriate) is a feature in many (most?) silos for notifying the silo owners that a specific user, post, or comment is abusive https://indieweb.org/abuse
#
[fluffy]
[aaronpk] it might support it, but it’s not documented to anywhere, nor do any of the client implementations I found use one
johanherman[m]1 joined the channel
#
aaronpk
agree about vouch, and frankly i'm skeptical that it's anything close to an answer until there are actually implementations of it beyond the 2-3 we have right now
#
[tantek]
aaronpk, no need for the "frankly", that's exactly what I meant by the needs iteration
[zach] joined the channel
#
[fluffy]
okay never mind I was wrong, `state` gets passed through just fine
#
[fluffy]
the docs suck, and the client implementations I found reflected the docs.
#
[fluffy]
mastodon--
#
Loqi
mastodon has -1 karma in this channel over the last year (0 in all channels)
#
[tantek]
abuse << Need equivalent or better UX for reporting / managing / blocking by default abuse that could happen via Webmention: https://twitter.com/fvsch/status/1148159831087419392
#
@fvsch
I see a few people on the Indie Web movement adding Webmentions to their blogs and I'm wondering: it looks like they're all men? What happens _when_ (not if) you have thousands of webmentions that are 95% abuse and threats from white/male supremacists?
(twitter.com/_/status/1148159831087419392)
#
Loqi
ok, I added "Need equivalent or better UX for reporting / managing / blocking by default abuse that could happen via Webmention: https://twitter.com/fvsch/status/1148159831087419392" to the "See Also" section of /report_abuse https://indieweb.org/wiki/index.php?diff=63412&oldid=60862
#
[tantek]
[fluffy] I feel like "docs suck" is so evergreen / universally true for 99% of OSS that I'm not sure it merits a Mastodon specific criticism / de-karmaing
#
[fluffy]
I guess, but this is such a fundamental thing to its login flow that literally everything that works with it needs to know about
#
[fluffy]
well, nearly everything, maybe not literally everything
#
[fluffy]
mobile clients don’t really need it, for example
#
[tantek]
[schmarty] I think I agree with the idea behind what you were saying re: vouch and that tweet, it belongs primarily on the UX side (problem to actually solve), *and* I think it is useful input to consider for/when implementing Vouch, for devs that may just end up on the Vouch page and would like an expanded "Why" section (which gathering in See Also is an incremental step towards)
#
[tantek]
like it's ok to capture it for citing in multiple pages for different reasons / scopes
#
[tantek]
comments << Consider potential abuse before displaying comments without any filtering / moderation UX, e.g. https://twitter.com/fvsch/status/1148159831087419392
#
@fvsch
I see a few people on the Indie Web movement adding Webmentions to their blogs and I'm wondering: it looks like they're all men? What happens _when_ (not if) you have thousands of webmentions that are 95% abuse and threats from white/male supremacists?
(twitter.com/_/status/1148159831087419392)
#
Loqi
ok, I added "Consider potential abuse before displaying comments without any filtering / moderation UX, e.g. https://twitter.com/fvsch/status/1148159831087419392" to the "See Also" section of /comments https://indieweb.org/wiki/index.php?diff=63413&oldid=63411
#
[fluffy]
I like the ideas behind vouch as a web-of-trust implementation but holy heck trying to think about how the UX would work on it makes my brain spiral
#
[tantek]
I do think this is an area where we can innovate and provide much better "safe by default" solutions on the IndieWeb than any silo reporting mechanism or server-admin-managed policies
#
[tantek]
fluffy, indeed the UX is both the most important and hardest part to get even close to right, and then to iterate on
#
[tantek]
I'm still like 3-4 steps behind even getting to that point
#
[tantek]
it's literally why I'm working on getting reply-context details "correct" before moving onto displaying facepiles or comments which will require addressing reply-context issues *plus* all the potential for abuse
#
[tantek]
others are more ahead than me
#
[fluffy]
yeah. I think that a much lower-hanging fruit for spam/abuse prevention in webmention et al is having the endpoint do greylisting stuff like what you mentioned
#
[fluffy]
like holding unknown senders in a moderation queue and then letting recipients decide what to do with it (including whitelisting)
#
[tantek]
I think a key innovation we need to figure out is some amount of automated blocking / filtering that stops stuff *before* it even hits a moderation queue. I would rather not spend much (if any) time having to manually moderate (delete / block) some of the stuff I've seen on Twitter etc.
#
[tantek]
Like even the moderation UX should be something "safe" for folks
#
[fluffy]
oh absolutely
#
[tantek]
rather than moderation being a euphemism for quarantining the most toxic things
#
[fluffy]
like greylisted stuff should be, I dunno, grouped by extracted keywords or something?
#
[fluffy]
and then there should be a bulk-delete/block option based on that
#
[fluffy]
and a place where a larger shared endpoint (like webmention.io) comes in handy for this is it’s one location that can collect a lot of aggregate information to inform predictions on the value of an incoming thing
#
[fluffy]
not that I expect machine learning to solve it, but it can at least help
#
aaronpk
heh "machine learning" is another one of those terms that gets thrown around as a solution to everything
#
[fluffy]
(A programmer has a problem that they decide to solve using machine learning. Now they have apple cow DROP TABLES problems.)
#
[fluffy]
and yeah like, machine learning is useful as a first-pass filter on things but it’s not a replacement for human intervention.
#
[fluffy]
like my email spam filter works really well but that’s because it uses a combination of ML approaches and hand-written spam tests. And my spam filter would absolutely not do anything to prevent me from getting heaps of abuse from an Internet hate squad.
#
GWG
Reading up
#
GWG
Good thoughts
#
GWG
Almost wish people would try to abuse my site so I could be motivated to deal with it
#
GWG
I haven't prioritized it
#
GWG
Right now, people comment infrequently enough that I am not pressed
#
[schmarty]
cleverdevil, jacky, (and others?) and I were discussing starting some (harmless, I hope) webmention bots that might nudge folks in that direction
#
[schmarty]
E.g. a webmention version of Loqi's meme image feature
#
[fluffy]
Please don’t inflict that on people who use webmention.io 😛
#
[fluffy]
(until aaron improves the moderation on it anyway)
#
aaronpk
i didn't want to say anything but i've definitely also thought about doing stuff like that
#
GWG
I keep getting sidetracked from my webmention project
#
GWG
This week it was IndieAuth fixed
#
GWG
fixes
#
[schmarty]
How fun would it be to receive replies like these, but for short note content instead of Wikipedia titles https://twitter.com/wiki_tmnt
#
GWG
Last two weeks prior Parsing Fixes...
dougbeal|mb1 joined the channel
#
GWG
Worried for a moment you were laughing at my sidetracking
[snarfed] joined the channel
#
[snarfed]
also re moderation and anti-abuse, it applies to everything with replies/comments, right? ie it's not webmention-specific. should we develop language around that to counter this kind of concern that webmentions are particularly vulnerable, when they're not?
#
[fluffy]
that’s a good point snarfed
#
aaronpk
that's a good point
#
aaronpk
webmention is already one level better than a comment form or even email, since it takes more work to send a webmention with actual content than send an email or fill out a comment form
#
[snarfed]
native, yes. backfeed, less so
#
[fluffy]
that’s only the case as long as webmention is the domain of indieweb nerds
#
[snarfed]
i'd love to see more thoughts around ways to share and co-create block/mute lists
#
[fluffy]
as soon as indieweb stuff gets as commonly-supported as, say, wordpress comments, it’ll get just as overrun with issues
#
[snarfed]
lol yes fluffy. i do love that afaik we've only ever seen one instance of native webmention spam in the wild so far
#
[fluffy]
[snarfed] block/mute lists as a sort of inverse of h-following maybe?
#
[fluffy]
although I’d worry a lot about privacy there
#
[snarfed]
UX first, not plumbing first
#
[snarfed]
tantek has thought a lot about this
#
[snarfed]
(vouch is nice but heavy and slow. not sure it's the future of moderation for us, or at least the one main future)
#
[fluffy]
blocktogether has a bunch of unfortunate aspects that make me not want it to be the model for how to handle things
#
[snarfed]
are those details we can fix? or core inherent flaws that are unfixable?
#
[fluffy]
That’s a good question. One of the big problems with it is the poison-pill/bad-actor thing, where sometimes a bad actor like Wil Wheaton has a personal beef with someone and then that someone ends up on a global blocklist.
#
[snarfed]
ok. worth investigating before we dismiss it altogether
#
[fluffy]
like, someone’s celebrity status ends up being used as a proxy for a level of trust in their global moderation prowess.
#
[snarfed]
understood. not ideal
#
[snarfed]
anyway. i wouldn't lead indieweb efforts around shared moderation techniques, but i'd love to see them, and i'd happily incorporate them into bridgy etc if they work!
#
[fluffy]
I’ve seen a lot of particularly bad situations where trans women were blocked by prominent Internet People because the celebrity reacted badly to complaints about transphobic language
#
[snarfed]
(also eg bridgy already suppresses backfeed from accounts you've blocked or muted in twitter, which i think people probably aren't aware of enough. https://brid.gy/about#blocked )
#
[fluffy]
or then there’s TERF Blocker which ended up being taken over by someone who started using it as a platform for their personal vendettas against non-TERFs
#
[fluffy]
I’m *still* cleaning up my twitter block list from that one 😕
#
[fluffy]
I think shared blocklists that provide insight/scoring/tags/whatever are helpful, but using them as an automated source of ground truth is hopelessly naive.
#
aaronpk
these problems with shared blocklists could be avoided if there was a quick way to un-do blocks from a particular list
#
[fluffy]
Right, or taking lists as suggestions for like “hey these 10 people say this person is bad, you might want to consider blocking them too” but only using first-order suggestions, not suggestions that were brought on second-hand.
#
@nhoizey
↩️ Vouch is not there yet indeed. But it will be even better than comments moderation. You can already moderate Webmentions manually like for comments. But it’s not yet native in CMSes, indeed.
(twitter.com/_/status/1148280259470663686)
#
[snarfed]
^ i'm not convinced. vouch is a web of trust. does anyone know of any other web-of-trust implementations (in tech) that actually succeeded and went mainstream? i'm not sure i do.
#
@jackyalcine
↩️ Receiving a Webmention doesn’t equate to presenting or rendering them. Some people (me) have it set up to only allow from specific sites. I can see a IndieWeb solution that leans on known tools like Aksimet or Cloudflare to help with this. (https://v2.jacky.wtf/post/be0d4b7d-33e6-4007-b4c0-3cf12298f6d8)
(twitter.com/_/status/1148280857586798593)
#
[tantek]
fluffy++ thank you for summarizing some of the shared blocklists problems
#
Loqi
fluffy has 6 karma in this channel over the last year (17 in all channels)
#
[tantek]
what is a blocklist
#
Loqi
A block list is a list of accounts that a user has blocked on a service or site https://indieweb.org/blocklist
#
aaronpk
keybase? not exactly mainstream, and debatable whether it's successful, but they're doing a thing
#
[snarfed]
agreed, it's great! but yeah nowhere near mainstream
#
[tantek]
yes I tend to categorize keybase as a dev-only thing
#
aaronpk
they're pushing non-dev tools like chat and file sharing, but they're nowhere near wide enough adoption to consider it mainstream
#
jacky
right
#
jacky
wants to do reacji in IRC lol
#
[tantek]
blocklist << Example of shared blocklist: https://blocktogether.org/ and criticism, it can and has been (unintentionally?) abused by those with more power (privilege? e.g. celebrity status) to [[block]] those with much less power across a wide swath of “subscribers” to those shared block lists. More: https://chat.indieweb.org/dev/2019-07-08#t1562605567076900 (feel free to extract inline here)
#
Loqi
ok, I added "Example of shared blocklist: https://blocktogether.org/ and criticism, it can and has been (unintentionally?) abused by those with more power (privilege? e.g. celebrity status) to [[block]] those with much less power across a wide swath of “subscribers” to those shared block lists. More: https://chat.indieweb.org/dev/2019-07-08#t1562605567076900 (feel free to extract inline here)" to the "See Also" section of /block_list https://indieweb.org/wiki/index.php?diff=63416&oldid=51526
#
[tantek]
jacky, you could /IRC#Brainstorm how to POSSE /reacji to IRC as an incremental addition to adding IRC posts (replies) to your own site!
#
jacky
ha that'd be wild
#
[tantek]
I think we will get there, where our sites have a "chat" UI that could be "as simple as" the UI at https://chat.indieweb.org/dev with a text field at the bottom to enter chat "posts" which get posted to one's own site and POSSE'd to IRC
#
aaronpk
not til i have some sort of access control lol, cause i certainly don't want everything i say in IRC to be publicly discoverable on my site :)
#
[tantek]
reader << Brainstorm: build a Microsub+Micropub supporting reader based on the https://chat.indieweb.org/ Web UI
#
Loqi
ok, I added "Brainstorm: build a Microsub+Micropub supporting reader based on the https://chat.indieweb.org/ Web UI" to the "See Also" section of /reader https://indieweb.org/wiki/index.php?diff=63417&oldid=62312
#
[tantek]
aaronpk, could limit to an allowlist of publicly archived channels
#
[tantek]
our web chat UI is open source AFAIK, thus someone could take that frontend, fork it, and add Microsub+Micropub support
#
[tantek]
indeed since it's on *.indieweb.org, if you've already signed-into indieweb.org with your domain, the chat UI could step up into a micropub client mode that posted what you typed into it to your own site, as well as sending it to IRC
#
aaronpk
i'm just not sure that's something i want on my website
#
jacky
random aaronpk: how/where did you get this photo for me on https://aaronparecki.com/2017/04/24/15/jf2?
#
Loqi
[Aaron Parecki] Some thoughts on the XRay and jf2 JSON formats
#
jacky
I'm guessing that the photo I had at the time
#
[tantek]
and since the web UI knows how its own post permalinks work, it could automatically add the u-syndication links to the posts on your own site via Micropub as well
#
aaronpk
i feel like there's some other model for community resources like chat that makes sense
#
[tantek]
aaronpk, the web chat UI is already a UI for only a select subset of publicly archived channels
#
aaronpk
[tantek]: right and it's on a community domain name, and I'd rather interface with that using my site as an identity instead of my site as a data store
#
[tantek]
so that "solves" the "wouldn't want everything I saw to private / unlogged IRC channels on my own site" problem
#
aaronpk
jacky: yeah my site downloads whatever avatar you have at the time and shows that
#
[tantek]
micropub clients are also others's domains names
#
[tantek]
what's the difference between Quill and chat.indieweb.org?
#
aaronpk
that doesn't solve it, because the content being public is not the only concern
#
[tantek]
or Monocle vs chat.indieweb
#
jacky
all of the data stays on chat.iw.org
#
[tantek]
the chat.indieweb Micropub UI could auto-suggest the hashtag that represents the Freenode channel name as well
#
jacky
vs monocle pulling from sites
#
[tantek]
jacky, no, once you add Micropub to chat.indieweb (note, who knows who owns iw . org)
#
[tantek]
Monocle vs chat.indieweb.org+Micropub support
#
jacky
oh I thought this was measuring them as they are now
#
[tantek]
since it already has IndieAuth support and knows if you're logged in now
#
[tantek]
no this is comparing what chat.indieweb would become with Micropub support
#
jacky
ahh okay
#
[fluffy]
argh, everything in the mastodon code indicates that read:accounts is all that’s necessary for verify_credentials, but when I try passing in the read:accounts scope it doesn’t work. Maybe the problem is elsewhere.
#
[tantek]
anyway once you add the hashtags like #indieweb or #indieweb__dev etc. then your backend could filter those accordingly if you wished (from various streams, home page etc.)
#
aaronpk
backs away from this conversation. there are _so many_ more important and interesting problems to solve before figuring out a new thing like combining group chat and personal websites
#
[tantek]
what is chat.indieweb.org
#
Loqi
Join the #indieweb discussions via the web, Slack, IRC, or Matrix interfaces now with additional channels for dev, wordpress, and meta specific chat! https://indieweb.org/chat.indieweb.org
#
GWG
aaronpk, what is next on your punch list?
#
aaronpk
good question. indieweb summit took a lot of focus, including wrap-up tasks afterwards, so i haven't sat down to re-prioritize yet
#
GWG
I have too much
KartikPrabhu joined the channel
#
GWG
I need to clear some bugs so I can add some bigger projects
#
[tantek]
GWG, see aforementioned tweet by janl that says about waiting a couple of weeks before asking event organizers about stuff after a big event 🙂
#
[tantek]
aaronpk, consider this week also as "post event" off to keep doing whatever wrap-up you feel like. I am for sure (hope to have some posts up by EOW)
#
[tantek]
further chat on event / wrap-up -> meta
#
GWG
I wasn't asking to get him to do anything
#
GWG
Just conversationally
#
GWG
But point taken
#
[tantek]
even conversationally 🙂
#
GWG
Maybe I should do a completely random thing unrelated to anything on my list
#
[tantek]
I notice that "Add Micropub support" is not yet an issue on https://github.com/indieweb/chat.indieweb.org/issues 🙂
#
GWG
I thought about doing a digital disconnect plugin
#
[tantek]
GWG, would you add it to your list before or after you start working on it?
#
GWG
Setting my website in limited mode
#
[fluffy]
Okay I figured out the problem with the OAuth scopes on the Mastodon authenticator. Turns out in *some* parts of the API the param is ‘scope’ and in other parts it’s ‘scopes’. ffs.
#
GWG
Updating my list is on my list
#
aaronpk
[fluffy]: that sounds like a good bug to file
#
[fluffy]
for some reason `scopes="read"` works for the entire read scope but for limited scopes you use `scopes` on the client registration but `scope` on the token grant.
#
[fluffy]
yeah, I’ll definitely do that
#
sebsel
[fluffy]++ for all the vouch / spam / abuse thoughts.
#
Loqi
[fluffy] has 7 karma in this channel over the last year (18 in all channels)
#
[fluffy]
ok so it *was* documented, just not very well, and I was thrown off by the fact that it defaults to `read` scope if it’s not specified. Yeesh.
#
[fluffy]
anyway I’m going to just open up a PR against the docs repo for the `state` thing.
#
[fluffy]
I take back my karma knock on mastodon++
#
Loqi
mastodon has 0 karma in this channel over the last year (1 in all channels)
#
[fluffy]
anyway, wow, this was a productive vacation for me.
mblaney1 and [KevinMarks] joined the channel
#
[KevinMarks]
the other issue with twitter blocking is Block Chain, which is used to defang pile-ons but can lead to very large blocklists
#
[KevinMarks]
it's a browser extension which will walk an account's followers and block all of them except those that you already follow
#
[KevinMarks]
so when a big account dunks on you to drown you in crap from their fanclub, it will enable you to excise them all and keep your mentions relatively sane
#
[KevinMarks]
so it's almost the opposite of vouch - marking someone as an anti-recommendation
#
[snarfed]
that name tho
#
[KevinMarks]
I'm sure it was very funny to the person who made it
gRegorLove and eli_oat1 joined the channel
#
@freekmurze
Implementing webmentions on https://freek.dev Will blog about it soon!
(twitter.com/_/status/1148322775381237760)
eli_oat and [cleverdevil] joined the channel
#
[cleverdevil]
!tell [grantcodes] I’ve archived the old GitHub project for Together. Can you add me to the new org? Thanks!
#
Loqi
Ok, I'll tell them that when I see them next
[grantcodes] joined the channel
#
[cleverdevil]
Thank you sir! Great job on v3, its awesome :)
#
aaronpk
nice update post too
#
aaronpk
i'm reading this in my reader right now :)
#
[grantcodes]
Thanks! I just went ahead and published it 😄, still need to update it before I syndicate it elsewhere. 🤔 Maybe I could have made it unlisted for a public draft
#
[grantcodes]
But there are a lot of update to a lot of projects in there. Made me realize the amount of different indieweb projects I have going
#
[cleverdevil]
Heh, I’ve already linked to it in a few places, sorry :)
#
[cleverdevil]
FWIW, its already an awesome overview!
#
[grantcodes]
Haha that's fine. It's not bad, just could add a few things
#
[cleverdevil]
Bleh. I really wish Safari on the iPad had the desktop web development tools.
#
[cleverdevil]
There used to be Firebug Lite, which at least would be a help. I guess its time to start searching the app store for a developer-focused browser!
#
[grantcodes]
I also added donation support and want to highlight that somehow, but haven't figured how to not be obnoxious about it yet. But it's in the menu for now
[wtmonroe] and [jgmac1106] joined the channel
#
[cleverdevil]
Maybe slightly unrelated, but I just found https://gear4.app which seems at least marginally interesting.
[tantek], [KevinMarks], [benatwork], wagle, [jz], Lilz|BetaMe[m], kanej[m]2 and [zach] joined the channel
#
aaronpk
[cleverdevil]: [benatwork]: since this isn't known-specific, bringing here: have either of you tried making a serverless site in AWS, using only the amazon-managed servers? that'd mean a micropub endpoint on Lambda which pushes content into some managed database, and the website itself would have to be served up from static files on S3
#
aaronpk
the webmention endpoint would also run on lambda, and would trigger a rebuild of whatever page the webmention is displayed on, etc
gRegorLove joined the channel
#
jacky
that sounds like a dance
#
aaronpk
sure does haha
#
[KevinMarks]
I've been doing a bit of lambda stuff and it is a dance. Also, you spend a lot of time giving your various bits permission to talk to each other.
#
aaronpk
oh yeah that is true, i'm always completely baffled every time i have to set up access policies
#
[cleverdevil]
@aaronpk yes I have bits and pieces working already.
#
[KevinMarks]
You could serve from a lambda too, you wouldn't need to render
#
[cleverdevil]
Its smart to use frameworks and toolkits to solve this problem, @KevinMarks.
valuemachine joined the channel
#
[cleverdevil]
There are some great options out there that will handle a lot of the complex orchestration bits for you
[manton] joined the channel
#
[cleverdevil]
[aaronpk] I still contend that static files wouldn’t be the best approach, its really limiting.
#
[cleverdevil]
Especially with all of the managed services available on AWS that make it sort of a no-brained.
#
[cleverdevil]
No-brainer.
#
[KevinMarks]
Would dynamodb be a good fit for a bunch of mf2 json? Then you could mung them through templates with a lambda
#
[cleverdevil]
It could be used, but honestly, DynamoDB is extremely picky. Its focused very heavily on very high scale performance problems, and as a result has all of these constraints in place that make it very fiddly to use.
#
[cleverdevil]
Generally speaking, I think people would be better off using RDS with PostgreSQL or MySQL or something like Aurora Serverless.
#
[KevinMarks]
It is very denormalised, but that kind of suits something that is mainly serving posts
#
[grantcodes]
Does amazon not have a mongo equivalent now that would be better for mf2 json?
#
[cleverdevil]
DocumentDB.
#
[cleverdevil]
(Its a MongoDB managed service like RDS... but based upon a fork of MongoDB since they went open-core quasi-open source)
#
[cleverdevil]
Biggest issue with that is that its not particularly affordable.
#
[zach]
Rds can be expensive if you are not careful
#
[KevinMarks]
That's why dynamodb is appealing
#
[cleverdevil]
Indeed, and Aurora Serverless eventually.
#
[zach]
Aurora Serverless seems great if it is responsive enough after a spin down. I have not tried it so I don’t know.
#
[zach]
Also have not see any test of that.
#
[cleverdevil]
It shows a lot of promise... I think that is the best I can say about it at the moment :)
#
[zach]
Lol
#
[grantcodes]
Ah didn't realise it was expensive! I actually use the official mongodb hosted service now and it's free for small databases
#
[cleverdevil]
Yeah, Atlas is awesome. I wish AWS provided something similar. I expect they will eventually.
#
[jgmac1106]
I use Atlas for ReVIEW and I love it. The extra cost is worth the savings in admin tax
#
jacky
any digitalocean managed postgres users in the haus?! lol
jgmac1106 and eli_oat joined the channel
#
@freekmurze
Webmentions are now active on my blog. If you like, respond to or retweet this tweet, your interaction will, after a few minutes, be displayed on https://freek.dev/1390-improving-assertions-on-laravel-fakes
(twitter.com/_/status/1148377805815767041)
[tantek] and [schmarty] joined the channel