KartikPrabhu, imsky, [jgmac1106], [fluffy] and [tantek] joined the channel
#[tantek]Flatter is better. For publishers and consumers. Excess hierarchy and layers of abstraction typically make extra work for everyone with very little benefit.
gRegorLove, JKingWeb and cweiske joined the channel
#LoqiBlock is a feature on many silos that provides the ability for one user to "block" or prevent interactions from another user https://indieweb.org/block
#jackyI think I'm like 70% there to a MVP microsub server
#jackymore interested in the UX for following people tbh
#Zegnatjacky: yeah, I have a hard time to see a difference between a mute and a block when it comes to microsub
#cweiskewithout knowing what you're talking about: I'd expect "mute" to hide entries in the list I'm seeing, while "block" should prevent them reaching my database at all
#jackythat's the idea I've gravitated towards too!
#jackychecks to see if those pages mention this again
#ZegnatHmm, but if you do not want them in your db, wouldn’t that simply be to not subscribe to them at all?
#Loqi[cweiske] without knowing what you're talking about: I'd expect "mute" to hide entries in the list I'm seeing, while "block" should prevent them reaching my database at all
#Loqi[cweiske] without knowing what you're talking about: I'd expect "mute" to hide entries in the list I'm seeing, while "block" should prevent them reaching my database at all
#ZegnatWhile still having the ability to refer to Burger King as a big entity with multiple locations (just add more to the list)
#ZegnatNot sure anyone/anything is going to actually parse that correctly
#ZegnatXRay may parse that correctly, I think it has a thing to support fragment URLs
#vika_nezrimayaIn context of check-ins, how could you refer to a specific Burger King (e.g. in Passage mall on Moskovskaya st. in Penza - the city where I live)? Something like <div class="h-card" id="passage-mall" /> and then doing https://fireburn.ru/hcards/burger-king#passage-mall?
#ZegnatAnd that Passage Mall h-card could be nested in a p-location of the big Burger King h-card, like I did in my example with the Burger King in Gothenburg Central Station
krychu, Avabrooks and [pfefferle] joined the channel
#aaronpk[Lewis_Cowles]: sorry for the delay! I'll try to review it this week!
dopplergange and [Lewis_Cowles] joined the channel
#[Lewis_Cowles]NP, I’m a little unsure if the approach I commented in review to another PR on the repo should be put into my own contribution (have config with fallback to ENV in-situ to helper)
imsky joined the channel
#aaronpk[Lewis_Cowles]: hm yeah, I guess that could be its own PR too. I'll look at it more closely soon tho
krychu, eli_oat and [kimberlyhirsh] joined the channel
#@qubyte↩️ Ditto. I wrote a little static site generator, and as time has passed I've added some #indieweb stuff like microformats and webmentions. No stats or tracking, and no comments. Just plain old HTML and CSS with a dash of JS for a service worker. It's a lot of fun! (twitter.com/_/status/1171080962408624128)
benharri, vika_nezrimaya, [dougbeal], ntsrtoh^, jjuran_, [snarfed], gRegorLove, [tantek], [schmarty], KartikPrabhu, gxt, krychu, [jgmac1106] and t-mo joined the channel; ritewhoseDiscord left the channel
#jackyyo so re: `action=search` for microsub; there's this note: "The server may also return feeds that are already known that match the search term, for example if another user on the server has previously subscribed to a matching URL."
tmo joined the channel
#jackyyo so re: `action=search` for microsub; there's this note: "The server may also return feeds that are already known that match the search term, for example if another user on the server has previously subscribed to a matching URL."
#jackycouldn't this lead to privacy concerns with protected feeds?
#aaronpkalso the entire feed reading industry *really* needs a better solution to private feeds other than a "secret" URL that you just cross your fingers doesn't get shared around but that's a different story
#jackyI'm just a _little_ worried that people might look at that and implement as is
#[fluffy][aaronpk] yeah I’m not a fan at all of secret/“unguessable” feed URLs, which is why I’ve put off actually implementing that in Publ. Right now you *can* subscribe to private/hidden content on it if your feed reader supports a cookie jar though
#[fluffy]and AutoAuth has a lot of potential as a solution as well
#[fluffy]but getting folks on board with that is gonna be hard. Major chicken-and-egg situation combined with how scattered and fragmented the RSS ecosystem is right now.
#aaronpkyeah, we need to figure out a good workflow for that. we're so close
#[fluffy]I figure that whatever mechanism works for h-feed will also work for RSS/atom
#[fluffy]and the main sticking point is getting that supported in readers
#jackyit sucks but I feel like it might have to be strong-handed
#[fluffy]and the reader side of things feels really overwhelming with microsub et al, so if there’s a partial solution taht doesn’t require going whole-hog indieweb that would be really beneficial
#[fluffy]I mean I’ve rambled about the idea of a profile provider before and I think it’s a thing that a bunch of us have come up with
#aaronpki mean that's really the crux of this whole issue
#aaronpkit's easy to create a good user experience if you control the entire stack. this is what facebook and twitter did.
#[fluffy]meanwhile I have trouble gettin gmy AR cofounder on board with the idea of only using third-party auth for our things
#aaronpkas soon as you want to have different things interoperate, you lose control over various parts of the stack, and now you have to get them to coordinate
#aaronpkso we write specs to encourage that coordination
#[fluffy]he keeps on having reasons it won’t work, using my blog as an example, when it actually works really well on my blog? it’s just that he is too stubborn to, like, accept cookies for some reaosn
#aaronpkbut now instead of creating just one nice product, you have to create two or more
#[fluffy]he doesn’t like the emailed magic link because it’s “too slow” but he doesn’t like twitter/facebook/etc. auth because he seems to think that I’m saying that simply *having* a twitter/facebook/etc. account will grant access, and lacks imagination to understand how ACLs work 😛
#[fluffy]he “understands” username-password stuff, but doesn’t actually understand how to do it well or what goes into making it work well and all the parts you have to implement
#[fluffy]He comes from a very old-school background in terms of dev stuff and just learned, like, a minimal amount of how to make the one thing he wanted to build work back in 1999, and has been stuck there ever since
#aaronpkso someone can absolutely create a nice service that provides indieauth URLs people can use to sign in to stuff and view private content or whatever
#aaronpkthe meta issue is that doing that doesn't really encourage people to own their online identity
#[fluffy]oh neat, I just signed in to my own blog with that and it’s pretty neat how that works
#aaronpkwhich is exactly what we're seeing with mastodon, where someone signs up for an account, starts using that account to follow people, then the instance shuts down, and they lose their account
#[fluffy]yeah but like if someone has their own website, they might lose their hosting or they might forget to renew the domain
#aaronpkI do think it's better to have many small clusters of users even if those clusters frequently shut down compared to one giant pile of twitter identities
#aaronpkbut that still doesn't quite put people in control of their own online identity
#[fluffy]and at least an indieauth profile service would be way lower-overhead than a mastodon instance
#[fluffy]Most people I know have absolutely no interest in having a domain name, and most people I know with a domain name have like a dozen of them 😛
#[fluffy]I mean beesbuzz.biz isn’t even how I used to present myself online, it’s a thing I registered as a joke
#[fluffy]my confusion about autoauth is less about the ‘why’ and more the ‘how,’ like the actual auth flow, what communications happen
#aaronpkthis is also why you don't see me creating services that provide storage or identities, just services for doing things in transit like webmention sending and receiving
#[fluffy]and most of the folks I’d like to grant access to my blog wouldn’t want to have to sign up to Yet Another Profile Service to use it. If Mastodon were to support IndieAuth, though, that’d solve that problem.
#jackyright, there's no "solid" way for people to kind of "restore" their identities
#[fluffy]Most folks who authenticate to my blog do it via Mastodon
#aaronpkmastodon has no reason not to support indieauth other than it hasn't been pitched to them properly yet
#Loqi[aaronpk] I totally understand not wanting to promise that Bridgy will keep all past webmentions. I think keeping Bridgy as a transport tool is good, and leave those kinds of promises for things like webmention.io which are specifically built to store all your...
#aaronpk[snarfed]: plenty of people download their webmentions from webmention.io or use the web hook feature!
#jackyso this kind of hints at a bigger thing (I think?): durability
#[fluffy]for some stats: my users.cfg has 9 email users, 22 mastodon users, and 3 twitter users. I don’t know of any indieauth users aside from myself.
#aaronpkAnd it certainly isn't storing anything the user of it created
#[fluffy]One user is set up for both email and twitter, and one of the email and one of the mastodon users is me
#[fluffy]but in any case the vast majority of folks are fine with using mastodon as their way of identifying themselves to me for access control purposes
#jackyugh, I wish there was a structured way to poll people about this
#[fluffy]so, at least given my audience, there’d be a huge bang for the buck in getting mastodon on board with indieauth.
#[fluffy]but then also mastodon would need to support advertising microsub endpoints or whatever
#[fluffy]and that’s where the whole “no we are activitypub based!” thing starts to get in the way
#[fluffy]like we wouldn’t be asking them to support microsub in mastodon directly but bridging the understanding gap is hard
#[snarfed]indieauth doesn't require any of the other protocols or endpoints
#[fluffy]right but what’s the point to supporting autoauth if you can’t use it for your external subscriptions?
#[fluffy]Separating concerns to the point of overabstraction makes it difficult to actually move forward on having a solution that anyone wants to use though
#[snarfed]sure! and i get that you have a complete picture of your and your users' desires and situations in your head. most of us here definitely don't though. so it helps us a bit.
#[fluffy]That’s one of the issues I have with the indieweb approach in general, where like yeah you CAN put together all these lego pieces, but getting from point A to point B becomes a twisty maze of passages, all different, and gets hard to get folks on board when all they want to do is follow their friends
#[snarfed]we're more likely to be able to help with specific things than the whole thing at once
#[snarfed]true! you're also pushing on bleeding edges though. autoauth, microsub, multiple users, etc. very experimental and new right now
#[fluffy]which is why I like the idea of a profile/identity provider that just sets this stuff up for you, where you can override things as you decide to
#[snarfed]yup, we do too, hence eg micro.blog, wordpress, known
#[fluffy]wordpress has a pretty decent story for getting into indieweb stuff, but it still requires the wherewithal for someone to run their own website
#[fluffy]and that’s the roadbump that seems difficult to get people past
#[fluffy]now, if we could get wordpress.com on board, the story becomes different
#[snarfed]yup. buying a domain + DNS are still arguably the hardest parts. blog services like wp.com and micro.blog are making good progress though
#[snarfed]wp.com works great, you can run the indieweb plugins, just costs money. or you can do https://brid.gy/about#blogs for free, it's just not quite as pretty
#[fluffy]or any sort of thing that people are using as a “here is my identity” thing, getting that on board with “hey let me add in these rel links to my profile page” stuff
#beko[m]That is true. I talked to a lot of Joes over the last days. It's always the same. 1.) website costs. 2.) I'm very bad with computers. That's usualyl 2 reasons because of comfort zone.
#beko[m]I'd love to have some really nifty graphics that lay out the idea. Like the one Meep does for Okuna (former Openbook).
#[fluffy]I’m thinking that hosting-wise it can be even more basic though, like no need to have even the means of publishing updates or subscribing natively
#[fluffy]like provide that stuff as things that you can pay money for but have a “freemium” tier where it’s *just* identity services
#[fluffy]yeah tumblr would also be a great entry point
#[fluffy]like getting any of the silos on board would be a huge iwn
#[KevinMarks]that reminds me, the 'private feed URLs' thing from before was a huge issue with Google Reader when we made your likes social
#[fluffy]yeah, that’s exactly why I’m not interested in actually implementing private auth feed links 😞
#[KevinMarks]there had always been publicly visible likes and shares feeds for each user
#[fluffy]sharing an item: bad. sharing an item that links back to the original feed: disastrous.
#[fluffy]And like even if someone shares a public item on a private feed, that’s still sharing the private feed, which is a HUGE privacy failure
#[KevinMarks]but the URLs were fugly, so people assumed they were 'private' despite being linked on their profiles (people didn't look at profiles closely)
#[fluffy]A thing I was considering if I do implement it is make it so that the individual private items only get the title and link, so even if a private feed URL leaks, random people don’t get the actual private content
#[fluffy]they just get notified about private content being available without actually getting the content itself
#[KevinMarks]then Reader added star/share discovery for people you follow - which most people loved
#[fluffy]one of the things I was trying to propose earlier for this stuff is having metadata in an Atom feed that says “hey if you’re gonna share an item, share it with this feed URL” and having entries get markup that say “hey this is a private item, don’t share it.” Still requires trust from readers, though, and it’s a graceful-degradation case that still hecks up bad for things that don’t support it.
#[KevinMarks]but others who had been using stars for bookmarking and shares for research with colleagues etc got really stressed because we had leaked their thoughts to followers
#[fluffy]yeah and when twitter started treating stars as soft-retweets that got really horrible
#[fluffy]“Such-and-such liked this horrible thing” okay did they really like it or were they just bookmarking it for later?
#[fluffy]It looks like its own atom feed does set <source> but I highly doubt that it respects the <source> link from the original item.
#[fluffy]and the <source> stuff absolutely does share the originating feed, complete with subscription URL.
#[fluffy]just checked the source (ba-dum-tish), yeah it’s definitely just mirroring its own subscription URI rather than peeking into the feed’s metadata
#[fluffy]…although that might not be too hard to fix
#jackyinteresting, I'm not sure how that got stripped
#aaronpki don't really *like* that most things seem to require full second-precision, but most of the time i don't want to write code to deal with it correctly, because date math is hard
#aaronpkright now something in my stack is adding microsecond precision when it stores dates which is like ...really?
#sknebelthe trick with the error aaronpk saw in chrome is that chrome asks for the signed exchange format google is proposing now as one of the things it supports