• #indieweb
• #dev
• #wordpress
• #meta
• #microformats
• #known

## #dev 2019-07-16

2019-07-16 UTC
# (better for communication / understanding)
# rather than burdening the reader with trying to keep all the exceptions and details in their head when trying to learn just the definition / main purpose of the thing
# [tantek] Which is typical?
# The example on the h-feed page shows a top level h-card and a top level h-feed...
# Is that the right example?
# We are talking about h-feed.
# GWG, perhaps analyze the markup in /h-feed#IndieWeb_Examples
# to figure out what is typical
# and if the markup isn't described there, research each example a bit to see what they are doing, and document their abstract (not complete) markup in the example
# I think I will
# I look forward to feedback and further discussion
# I am always self conscious about trying to write these things
# the more you can research and confirm with citations, the less you have to make up yourself and feel self-conscious about
[jgmac1106] joined the channel
# Did we talk about Firefox ending RSS support when it happened?
# yeah 😞
# I missed have missed it
# must have missed it
# okay I’m having some weirdness with a bunch of services (ifttt, validator.w3.org/feed, feedvalidator.org) not being able to do anything with my Atom feed and not giving me any errors beside “something went wrong.” Seems that Superfeedr is also having trouble with it too. So that tells me there’s something wrong with my feed. But feedparser and SimplePie are handling it just fine.
# Anyone see anything wrong with https://beesbuzz.biz/feed ?
# the problem isn’t even with publ, if I curl the file somewhere and host it statically elsewhere, feedvalidator still horks
# it’s almost certainly something with my private posts causing a problem, because if I point the validator at feeds on my site that don’t include the blog category it’s fine
# sounds like it might be an ssl error?
# oh wait you said feed validator still fails even with that XML hosted elsewhere?
# yeah
# and it fails on regular http too
# and the feed validator succeeds on, say, https://beesbuzz.biz/music/feed
# which is going through th eexact same templates, it just doesn’t have any private entries. but there’s nothing weird about private entries in my atom feed
# the only thing I can think of is that the <content> doesn’t have a CDATA, which I could try adding to see if that magically fixes it
# but I don’t see why THIS would cause an entire ecosystem of feed parsers to fail with a mysterious non-error.
# and I can’t find any feed parsers available to me that do fail
# next guess is there is some non-utf8 character there somwhere
# I’ve rule dthat out too
# … wait no
# ffs
# ok found the entry that's causing the error
# I think I might have a stray ZWJ somewhere
# "Plaidophile: Thirds"
# oh?
# … what
# things had been working just fine with that entry around
# I’ve definitely had things post to ifttt since that entry went up and it hasn’t changed. what’s the error?
# just silent error
# but that's the only entry in the feed
# without it, the feed passes
# wtf
# if you take out all the math it works
# i'm guessing something about the math notation is messing up the CDATA end marker
# yeah that seems plausible I guess
# ughhglhl
# xml--
# xml has -1 karma over the last year
# maybe I should switch to escaping my markup instead of using CDATA
# I switched to CDATA to work around a bug in FeedOnFeeds but that’s been fixed
# weird cause CDATA is usually easier
# but it was a bug which I assumed that other readers would have trouble with too (with the way it handles entities)
# because entities are Hard
# I wonder which aspect of the math is causing problems
# that's as far as i'm willing to keep going on this :)
# yeah, understandable
# but i was just copying into the w3c validator text area
# I guess I could also disable mathjax for atom entries, it’s not like any readers are going to support it anyway
# ugh, that takes a lot more effort than I want to put in too 😛
# well, thanks for figuring that out anyway aaronpk+
# aaronpk++ even
# aaronpk has 51 karma in this channel over the last year (230 in all channels)
# ok I ended up just putting the body of the entry behind a cut and that fixed it
# yay
# giggles
# Oh wait I just remembered there is a way to do the escaping more easily in a Jinja template using a filter block
# Yeah I’ll just do that, heck
# Enough issues like this and I might start to see the light about h-feed :P
NatoBoram[m]3 and [KevinMarks] joined the channel
# Jinja++
# Jinja has 1 karma over the last year
# Also
# Nunjucks++
# Nunjucks has 1 karma over the last year
# okay so something was still non-working and I narrowed it down to this entry, oddly enough: http://beesbuzz.biz/blog/1836-Im-not-buying-a-Mac-Pro
# … I wonder if it’s because of the quote in the title
# nope, it’s something in the <content> block. What the hell is going on…
# oh well, I at least have a pointer so I can stop flooding this channel 🙂
# (I bet it turns out to be something with an img tag or something)
# hahaha no it was the <div class="images" style> thing. Which is a publ bug I hadn’t gotten around to fixing because I figured it was harmless.
# haha
# so it wasn’t the math on the ‘thirds’ entry, it was the images 😛
# ...why does that break it?
# I have no idea!
# I’m trying to figure out how to report a bug to the w3c folks but of course they make the feedback process as opaque as possible.
# And they have a link to a CVS repository for the validator so I can run it locally, which is broken.
# sweet, got a minimal repro
# oh, and the feedvalidator.org version has a public repo, yay
[tantek] and [snarfed] joined the channel
# Looks like the SAX parser is barfing on some dang regex
# ah, there’s a specific parser for the HTML style attribute, which doesn’t validate that there’s a string to begin with.
# [fluffy-critter] #38 Parser blows up on certain malformed HTML content sections
# wow
# So, not actually XML’s fault. Technically. 🙂
# IndieAuth – a federated login protocol using one's own domain name https://indieweb.org/IndieAuth (twitter.com/_/status/1150982335040348160)
[Michael_Beckwit, jwheeler[m], gRegorLove and [KevinMarks] joined the channel
# I bet that's because it predated html5lib.
ichoquo0Aigh9ie and KartikPrabhu joined the channel
# yeah it was originally written by Mark Pilgrim back when he was like Big Blogging Celebrity
# oh huh, he was also the original author of feedparser
# TIL
# Oh yes
swentel joined the channel
# IndieAuth – a federated login protocol using one's own domain name L: https://indieweb.org/IndieAuth C: https://news.ycombinator.com/item?id=20439703 (twitter.com/_/status/1151026039700762624)
# New top story on Hacker News: IndieAuth – a federated login protocol using one's own domain name https://ift.tt/2YUv4oj (twitter.com/_/status/1151026540228030465)
# New top story on Hacker News: IndieAuth – a federated login protocol using one's own domain name https://ift.tt/2YUv4oj (twitter.com/_/status/1151026714794962944)
# #NEW #TOP #STORY #ON #HACKER #NEWS: IndieAuth – a federated login protocol using one's own domain name https://news.ycombinator.com/item?id=20439703 #OMNI #POP #MAG #NEWS https://www.omnipopmag.com/ (twitter.com/_/status/1151026739159719936)
# Just Pinned to BBC NEWS PLANET: New top story on Hacker News: IndieAuth a federated login protocol using one's own domain name http://bitly.com/2k9oTNJ (twitter.com/_/status/1151026999563096066)
# IndieAuth – a federated login protocol using one's own domain name http://dlvr.it/R8V0bq (twitter.com/_/status/1151027212071497729)
# IndieAuth – a federated login protocol using one's own domain name : https://indieweb.org/IndieAuth Comments: https://news.ycombinator.com/item?id=20439703 (twitter.com/_/status/1151027442934603776)
# New top story on Hacker News: IndieAuth – a federated login protocol using one's own domain name https://ift.tt/2YUv4oj (twitter.com/_/status/1151028576831070208)
# IndieAuth – a federated login protocol using one's own domain name: https://indieweb.org/IndieAuth Comments: https://news.ycombinator.com/item?id=20439703 (twitter.com/_/status/1151028704006549504)
# IndieAuth – a federated login protocol using one's own domain name https://ift.tt/2xMT6Wa (twitter.com/_/status/1151029395311747073)
# I'm _so_ tempted to reply to that HN comment
# but _instead_, I think I'll just update the Wiki
# _now_ I'll reply with that
# and for the kicker, I'll syndicate that back to my site
# then go to bed
# nice
# not sure if I want to constantly syndicate from here to HN lol
# what is Hacker News
# Hacker News is a bookmark posting silo as well as a silo for comments on those links https://indieweb.org/Hacker_News
# jacky: actually, there's experiments with adding basic data to one of the indieauth calls
# right - but I'm pointing to current implementations (stable)
# like in the case of webmentions; I wouldn't advertise vouch until either the party expressed interest in what vouch solves
# _or_ if they didn't ask lol
# IndieAuth – a federated login protocol using one's own domain name Link: https://indieweb.org/IndieAuth Cmts: https://news.ycombinator.com/item?id=20439703 (twitter.com/_/status/1151035572913364994)
# sknebel: does that make sense?
# like I didn't want to throw everything at them
# jacky: yes. Just fear I can predict the response (which is why we've been looking at doing it as part of the protocol :D)
# IndieAuth – a federated login protocol using one's own domain name https://ift.tt/2YUv4oj 9 (twitter.com/_/status/1151038105799057408)
# feedparser is the most thorough bit of TDD I've ever seen
Yass, KartikPrabhu and [tonz] joined the channel
# IndieAuth – a federated login protocol using one's own domain name https://indieweb.org/IndieAuth #news #techno #programming (twitter.com/_/status/1151054357921718272)
# IndieAuth – a federated login protocol using one's own domain name https://indieweb.org/IndieAuth (twitter.com/_/status/1151054454717931520)
# ↩️ @newsycombinator Comments: IndieAuth – a federated login protocol using one's own domain name https://news.ycombinator.com/item?id=20439703 (twitter.com/_/status/1151054509696831488)
# IndieAuth – a federated login protocol using one's own domain name https://indieweb.org/IndieAuth (twitter.com/_/status/1151056458160705536)
# IndieAuth – a federated login protocol using one's own domain name https://indieweb.org/IndieAuth (twitter.com/_/status/1151057400855744513)
[jgmac1106] joined the channel
# I hvae an older Known site that started to get spam somehow someone injected a redirect I can't get of to sign in. https://rhizo15.jgregorymcverry.com
# weird clicking onthe link works but typing it in browser redirects, going to delete comment plugin
pierreboc[m]1 joined the channel
# !tell gRegorLove maybe add a date field to indieboookclub.biz so people can publish backdated post
# Ok, I'll tell them that when I see them next
# IndieAuth – a federated login protocol using one's own domain name http://dlvr.it/R8VXGN (twitter.com/_/status/1151077664637120514)
# IndieAuth – a federated login protocol using one's own domain name - https://indieweb.org/IndieAuth (twitter.com/_/status/1151081237391351809)
# IndieAuth a federated login protocol using one's own domain name https://indieweb.org/IndieAuth (http://bit.ly/2JAXwWT) (twitter.com/_/status/1151081504098983936)
# IndieAuth a federated login protocol using one's own domain name https://indieweb.org/IndieAuth (http://bit.ly/2JAXwWT) (twitter.com/_/status/1151096814222893061)
# IndieAuth – a federated login protocol using one's own domain name https://indieweb.org/IndieAuth #AI #news #tech (twitter.com/_/status/1151099504889720832)
# IndieAuth is a federated login protocol for Web sign-in, enabling users to use their own domain to sign in to other sites and services. IndieAuth can be used to implement OAuth2 login AKA OAuth-based login. https://indieweb.org/IndieAuth (twitter.com/_/status/1151107664979681280)
jgmac1106 joined the channel
# IndieAuth – a federated login protocol using one's own domain name https://indieweb.org/IndieAuth #technology #programmer #webdevelopment (twitter.com/_/status/1151114768759119872)
# Triggering webmentions with Gatsby and build triggers on Netlify! Great use of pairing our webhooks feature with Gatsby. https://www.knutmelvaer.no/blog/2019/06/getting-started-with-webmentions-in-gatsby/ (twitter.com/_/status/1151114767962165249)
vini2 joined the channel
#
vini2
das
[tantek] joined the channel
# jacky++ for answering the IndieAuth question on the wiki first!
# jacky has 17 karma in this channel over the last year (79 in all channels)
# Seems like there’s still confusion re IndieAuth vs OIDC. That might be worth clarifying too
# IndieAuth – a federated login protocol using one's own domain name - NewswireNow - https://www.newswirenow.com/2019/07/16/indieauth-a-federated-login-protocol-using-ones-own-domain-name/ #newswirenow (twitter.com/_/status/1151128976892596224)
# I really hope IndieAuth takes off at some point and allows us to privately host our own decentralized and federated authentication. https://indieweb.org/IndieAuth (twitter.com/_/status/1151131407890042883)
[eddie] joined the channel
# Thankfully we do have a pretty good page on that clarity: https://indieweb.org/How_is_IndieAuth_different_from_OpenID_Connect
# It was even recently updated from the QA time of aaronpk's talk from December
# So if anyone has interest in engaging in HN on the topic of OIDC, feel free to use that page
# so I am applying to a bunch of side gigs as I am looking for some summer work and finding when I add my resume sites are parsing it well. I think it is more OCR than anything though…works better with PDF than HTML.
[grantcodes] joined the channel
# I like going around all these posts of people implementing webmentions and sending them likes directly from my site to see if they notice it didn't come from twitter 😛
# grantcodes++
# grantcodes has 32 karma in this channel over the last year (46 in all channels)
jgmac1106 joined the channel
# IndieAuth a federated login protocol using one's own domain name https://indieweb.org/IndieAuth (http://bit.ly/2JAXwWT) (twitter.com/_/status/1151147396178595841)
# if you're updating your posts, please use "dt-updated", or at least use <ins> and <del> tags with datetime
# e.g. <ins datetime="2012-03-07">
# around the "see updated (link)" at the top of http://tantek.com/2011/061/b1/sxsw-packing-check-list
# [Tantek Çelik] 2011 SXSW Packing and Check List
jgmac1106, [jgmac1106], [snarfed], gRegorLove and [fluffy] joined the channel
# Love seeing HN commenters bikeshedding on their own terrible ideas about how to do auth. Extra prize goes to the person who implemented it as client-side JavaScript with a poorly-considered hashing scheme that requires passwords to be stored in plain text on the server.
# Ouch
# Most of the comments are people confused about OID vs OIDC though.
# I don't blame them
# Or wondering why we don’t just use OIDC
# Followed by other people saying OID is dead.
# I thought I answered that on the page tho
# oh maybe not on the wiki page? I know it's on IndieAuth.net
# Like people on HN actually read the link
# also for the simple cases, OIDC is just a silly base64-encoded wrapper around a JSON string that may as well have been returned in the actual response body instead oh well
# HN really is the new Slashdot
# Oh crap that reminds me I need to write a blog post before next week
# Speaking of OID confusion, did anyone ever actually use OID2?
# I think google implemented it
# briefly
# I know SimpleID got rewritten to support it and it was too much of a pain for me to bother with
# I don’t remember ever seeing any sites support it as a consumer
[eddie] joined the channel
# Could improve the OIDC vs IndieAuth page with some more tl;dr summary sentences (tweetable) for each section
# On another dev directed topic, what do people think of this framing / phrasing (not by me) https://twitter.com/mozilla/status/1151174909902692353
# Today’s big social media platforms present users with a host of problems: misinformation, invasive ads and trackers, harassment, and feelings of addiction and isolation. Mozilla Fellow @tinysubversions has a solution: build your own social media site. https://mzl.la/2lduz9I (twitter.com/_/status/1151174909902692353)
# Darius was at IndieWeb Summit
# maybe a read post is just an hentry with a child h-event, the event being when you started and/or stopped said title, no new properties and parseable data if anyone did anything with it
# meanh-entry of course
# i do think we should push forward on the path of returning more profile information about users in IndieAuth
# Darius also did the blog from Google Spreadsheet...that was awesome. That would be such a hit in K12 schools. Blogger usually not covered by the ToS
# aaronpk: I agree
# but I'm just a wee bit afraid of that being data that'd require some kind of normalization
# like if it's a jf2 representation of one's h-card, I'm all for it
# that's basically what we did so far
# ★ How to add webmentions to a Laravel powered blog https://buff.ly/2jZTQDZ (twitter.com/_/status/1151189964044025857)
# [dshanske] #31 Returning Profile Data
jackjamieson, leg and [grantcodes] joined the channel
# Wow the glitch vscode extension is awesome!
# Seriously impressed! It even includes the console and debugging!
# IndieAuth – A federated login protocol using one's own domain name https://indieweb.org/IndieAuth (twitter.com/_/status/1151203471615336448)
# IndieAuth – a federated login protocol using one's own domain name https://indieweb.org/IndieAuth (twitter.com/_/status/1151214525628190722)
# IndieAuth A federated login protocol using one's own domain name https://indieweb.org/IndieAuth (http://bit.ly/2JAXwWT) (twitter.com/_/status/1151225657751306242)
# [aaronpk] I had a thought which relates directly to the that HN summary statement "federated login protocol using one's own domain name" — OIDC is *none* of those things
# OIDC is not federated - it is proprietary string ID per provider
# OIDC is not login just like OAuth2 is not login - OIDC can be used to build a site-proprietary login but it by itself is *not* login
[aaronpk] joined the channel
# Yep
# OIDC does not use something you *own* - OIDC uses something the *provider* owns
# I tried to capture those on the wiki page but could likely use some improved wording
# OIDC does not use domain names
# The differences page
# right, see my previous comment about needing tl;dr tweetable sentences
# I added some stuff did you see?
# oooh checking history!
# Tried to keep it short and in little callout boxes
# hmm didn't see anything recent on https://indieweb.org/wiki/index.php?title=IndieAuth&action=history besides Jacky's addition
# and "OIDC" does not appear on /IndieAuth
# Yeah that page
# aaronpk++ those are nice call out boxes!
# aaronpk has 51 karma in this channel over the last year (230 in all channels)
# ok now the key is connecting /IndieAuth and that for discoverability - because everyone seeing the tweets / HN is clicking on /IndieAuth, not on the "how different" page
# Yeah, it's linked from the FAQ, not sure where else to make the link more prominent
# I can design a mini-summary/FAQ callout on /IndieAuth since the "whatabout OIDC" is *such* a common response
# also I think we should not hesitate to list what OIDC is *not* in addition to what IndieAuth *is*
# I added something to the FAW
# *FAQ
# Hm normally I'm not a huge fan of describing something in terms of what it's not, but it might make sense in this case
# jacky++
# jacky has 18 karma in this channel over the last year (81 in all channels)
# Maybe also add a link to that GitHub issue about returning profile info in the IndieAuth response?
# That's a good idea
# aaronpk, agreed on both counts. In this case it is only useful to help draw a contrast.
# does OIDC provide profile info in the response?
# Kinda yeah
# In the ID token
# Can include name, email, address, etc
# It's available in the ID token which is an additional level of indirection compared to how it should be but that's a different battle
# That's probably worth adding "Profile Information" as a separate section in https://indieweb.org/How_is_IndieAuth_different_from_OpenID_Connect since it's a way that OIDC and IndieAuth are "different" in non-obvious ways
# right
# "additional level of indirection compared to how it should be" is a valid criticism, and so is "is not yet supported in 'core IndieAuth'"
# (insert link to issue on IndieAuth to add it)
# We have an opportunity to make it way simpler than OIDC so I think we should
# agreed. worth documenting the current state though
# to be upfront / transparent about it, and frankly invite input in the issue
# Yep
KartikPrabhu, [grantcodes] and [KevinMarks] joined the channel