#dev 2019-09-30

2019-09-30 UTC
# 00:18 
jgmac1106 darn broke my kirby site trying to get the commention plugin working, delete everythign I changes and still throwing an error, will revert and try again
nnst^, [Rose], krychu, cweiske, gxt, [Zegnat], olind, [JHSheridan], [frank], [pfefferle], [Lewis_Cowles], [tonz] and H joined the channel; jgmDiscord[m] left the channel
# 08:54 
[JHSheridan] [pfefferle] can you give a brief answer as to how you're syndicating to pixelfed? Maybe a link to something on the wiki that'll give me a thread to pull on?
# 08:54 
[pfefferle] hey [JHSheridan] I am using ActivityPub
# 08:56 
[JHSheridan] ok cool... thx
# 08:58 
[pfefferle] here is the code https://github.com/pfefferle/wordpress-activitypub
# 08:58 
Loqi [pfefferle] wordpress-activitypub: ActivityPub for WordPress
# 08:58 
[pfefferle] here is the spec https://www.w3.org/TR/activitypub/
# 08:59 
[pfefferle] and here is a nice fediverse resource: https://fediverse.party/
# 09:06 
[JHSheridan] awesome... thanks for the resources
# 09:42 
[pfefferle] [JHSheridan] you’re welcome 🙂 let me know if I can help with something else
# 09:48 
[Lewis_Cowles] [pfefferle] ++
# 09:48 
Loqi [pfefferle] has 2 karma in this channel over the last year (19 in all channels)
jgmac1106 and krychu joined the channel
# 09:57 
[JHSheridan] [pfefferle] ++
# 09:57 
Loqi [pfefferle] has 3 karma in this channel over the last year (20 in all channels)
[tantek] and jeremych_ joined the channel
# 10:28 
[tantek] [Anna_Dodson]++ for adding RSVP support and indie RSVPing to IndieWebCamp Amsterdam! https://aaronparecki.com/2019/09/28/1/
# 10:28 
Loqi [Anna_Dodson] has 1 karma over the last year
# 10:28 
Loqi IndieWebCamp Amsterdam https://aaronparecki.com/2019/09/28/1/map.png
# 10:29 
[tantek] Challenge to everyone else @here - indie RSVP even after the fact to ^^^ whether you went or not, or attended remotely!
[grantcodes] joined the channel
# 10:29 
[grantcodes] !tell aaronpk starting to get inconsistent data from aperture. Sometimes `photo` is a string.  Although just looks like from [calumryan] for some reason?
# 10:29 
Loqi Ok, I'll tell them that when I see them next
# 10:37 
[tantek] [aaronpk] FYI that map image on your event post makes it *very* slow to load on a slow connection and the first thing a web view does is incrementally load the map which is not ideal for an event post since the primary someone wants when looking up / viewing an event is: what (name), when, where (address they can use for nav) all of which should be simple text that is shown before waiting to load any images
# 10:37 
[tantek] I can take a screenshot
krychu joined the channel
# 10:39 
aaronpk Hoping I can add the lazy load attribute and call it a day
# 10:39 
Loqi aaronpk: [grantcodes] left you a message 9 minutes ago: starting to get inconsistent data from aperture. Sometimes `photo` is a string.  Although just looks like from [calumryan] for some reason?
# 10:39 
aaronpk [grantcodes]: hmm I did just switch aperture to not return proxy image URLs yesterday
# 10:40 
[tantek] [aaronpk] argh user error clicked wrong link in Slack. Not as bad as described
# 10:41 
[tantek] Still takes a while (over a minute) to see readable text but text does show first/above the map image
# 10:42 
[tantek] Why is such a minimal details line art image so slow to load? That should be hyper compressed
# 10:43 
aaronpk hm the image is only 90kb
# 10:45 
[grantcodes] May be related to that switch 🤷‍♀️ I fixed it in together anyway for everything that should be an array
# 10:47 
aaronpk [grantcodes]: I bet I fixed only the proxy url version to return arrays, I remember doing that a while ago
# 10:48 
[tantek] Side note: concepts: permission fatigue, and the notion of expiring permissions as described by Melanie on the browser panel here at View Source
# 10:49 
[tantek] Torgo notes a dark pattern: sites using “prove you’re not a robot” as a prompt to get users to accept web notifications! (Yikes!)
# 10:50 
aaronpk I saw that recently too! So bad!
# 10:52 
[tantek] The WiFi network and even cell data is crap here at view source and excellent testing opportunity for sites
# 10:53 
aaronpk weird it's plenty fast for me and even switching off wifi I get 3g which is surprisingly fast (i was testing my map loading speeds and couldn't get it to be slow)
# 10:53 
[tantek] IDK how I feel about web monetization. I fear it may be a distraction, lots of work for very little actual payoff
jgmac1106 and [jgmac1106] joined the channel
# 11:01 
beko[m] <[tantek] "The WiFi network and even cell d"> I use the debugger tools for this. Limiting network bandwidth is built in. There's also Chaos Engineering if you enjoy working with random hickups 🙂
[tonz], NinjaTrappeur, krychu, [aaronpk], McTaffy and [pfefferle] joined the channel
# 13:05 
McTaffy Hello, I am looking for a resource on windows sockets so that I can open some ports to listen to my apache webserver.
[schmarty] and [jgmac1106] joined the channel
# 13:14 
[jgmac1106] Agree Tantek when content is abundant it is hard to use artificial scarcity to make money. Need to think about content more as channel to drive audience to revenue making verticals
# 13:15 
[jgmac1106] That and world will revolt on the idea of 17 different $5 subscriptions a month
# 13:21 
jeremycherfas avoids any reference to Flattr
[grantcodes] joined the channel
# 14:10 
aaronpk Anyone using Micropub to post to their Eleventy website? Can you add some links for how to do that here? https://indieweb.org/Eleventy
[snarfed] joined the channel
# 14:19 
[snarfed] [tantek] this reminded me of you (and me 😁) https://twitter.com/bradfitz/status/1177795645685420032
# 14:19 
@bradfitz I miss the days when I could be proud of high uptime on a device. Nowadays all I think when I see "233 days" is "OMG how many exploits am I exposing myself to?" And yet--- if I update this, how much other stuff will break? Scary either way. https://pbs.twimg.com/media/EFhe5VSUUAExzkm.jpg (twitter.com/_/status/1177795645685420032)
[Rose] joined the channel
# 14:38 
[Lewis_Cowles] [snarfed] started a new job last year. Found a code comment celebrating pinning and never changing dependencies for “stability”
[tantek] joined the channel
# 14:41 
[tantek] [snarfed] yeah. mixed feels about all that.
# 15:06 
[snarfed] yup understood. damn tradeoffs!
# 15:07 
[snarfed] [Lewis_Cowles] they're not wrong, sadly. wearing blinders, maybe, but they do have a point
# 15:09 
[Lewis_Cowles] Oh I disagree a lot.
# 15:09 
[Lewis_Cowles] If it’s a house or pet-project, maybe it’s okay.
# 15:09 
[Lewis_Cowles] At the point you receive revenue I think pinning things enables development mistakes to happen and go unnoticed, like pinning to private API’s (python has no private or protected), it allows your caches of dependencies to remain so you don’t spot errors with packages. It encouraged the business to think they were better than they were and made those conversations really hard to have.
# 15:13 
[snarfed] oh agreed. it's a complicated tradeoff, there are points on each side. they can be right that pinning may make stability easier in some ways, but it still may be (probably is) overall the wrong thing to do
# 15:14 
[snarfed] regular upgrades definitely takes more thought and work though, ongoing, often thankless uninteresting work at that. and people are lazy. whee!
# 15:14 
[Lewis_Cowles] The person responsible who I think is a great person is lucky they now work at Google. I would have been so mad not because of the mistakes, but the self-congratulatory comments that kept them company
# 15:15 
[Lewis_Cowles] We have juniors that understood that you could pin deps, but not when it was appropriate or the machinery that should live alongside
# 15:15 
[tantek] Used this site https://netgames.io/games/ during TPAC to play Codenames — web based simple identity and collaboration using the example of turn by turn games. Feels like a bunch of the code / techniques here could be re-used for indieweb use-cases, e.g. realtime comments!
[schmarty] joined the channel
# 15:25 
[schmarty] Ooh, the lighthouse testing system has plugin infrastructure. It should be possible to build tests for mf2, for example. bit.ly/lighthouse-plugins
[Zegnat], krychu, dougbeal|mb1, jgmac1106, [jgmac1106], [tantek], [aaronpk] and gxt joined the channel
# 21:04 
@kevinmarks ↩️ Indieweb is doing this, but as composable components. So http://quill.p3k.io has a medium-like editor, but it posts with micropub to a backend. The sharing support is handled by http://brid.gy using webmentions - come talk about your case at http://chat.indieweb.org (twitter.com/_/status/1178777746606043139)
# 21:04 
@kevinmarks ↩️ Indieweb is doing this, but as composable components. So http://quill.p3k.io has a medium-like editor, but it posts with micropub to a backend. The sharing support is handled by http://brid.gy using webmentions - come talk about your case at http://chat.indieweb.org (twitter.com/_/status/1178777746606043139)
[KevinMarks], [aaronpk], [benatwork] and paulrobertlloyd joined the channel
# 21:19 
paulrobertlloyd Hello all. IndieAuth is throwing my head into a spin, and I’m need of much needed guidance! Perhaps I can start by describing what I’m trying to achieve?
# 21:21 
paulrobertlloyd I’m building a Micropub server, which I’d like to be configurable from a UI once deployed. (That and some other things later, like providing a link sharing UI). All of which requires the owner of the server to be authenticated with it.
# 21:22 
paulrobertlloyd I started out trying to integrate with IndieLogin, but that only seems to confuse matters, as that then passes data on to IndieAuth, and so following the path, and similar but subtly differing documentation has me confused!
# 21:24 
paulrobertlloyd The workflow as much as I can gather is, user enters their website’s URL into the server UI. (IndieLogin/IndieAuth) authenticates that they own that URL, and passes back a code.
# 21:26 
paulrobertlloyd At that point, I can modify my session to mark the user as authenticated. Finally, I need to request an access token so they can post to their site from the server. For this, I use the code returned from IndieAuth (?) and exchange that code with a token endpoint to get an access token. Is that correct?
# 21:26 
paulrobertlloyd Tokens, bearer token, access token, code, state… lots of codes flying about, and really hard to make head not tails of what is what! 🤪
[snarfed] joined the channel
# 21:36 
[snarfed] [Paul_Robert Lloyd] yup! that's it. at a high level, it's basically OAuth, if that helps.
# 21:37 
[snarfed] i'd wait to mark your session "authenticated" until after you've gotten an access token, but that's more of an implementation detail in your own service
[manton] joined the channel
# 21:55 
paulrobertlloyd Good to know I’m on the right track, though it’s hard to describe the issues I’m facing in the abstract! What should a correct code returned from IndieLogin/Auth look like? I take it it’s Base64 encoded…? What should the unencoded code look like?
jgmac1106 joined the channel
# 21:59 
[snarfed] access codes and tokens are opaque, but yeah, often medium to long base64
# 22:20 
[schmarty] Uhhh, woah, cloudflare! https://blog.cloudflare.com/html-rewriter-beta/
# 22:34 
paulrobertlloyd This is the type of code I get returned from IndieLogin: b04f52365611f68387de6f5cd0f4a14fb77a59345fcc0ac8d97bb3b3ba1643a7.
# 22:35 
paulrobertlloyd Decoded assuming base64, it’s by no means a token… in fact, so mangled I can’t seem to paste it in the channel!
# 22:37 
paulrobertlloyd Is the code returned from IndieLogin meant to be used as an authentication token/code?
# 22:45 
[snarfed] right, like i said, access codes and tokens are opaque. don't try to decode or parse them. just pass the code back to indielogin in your verification request
# 22:48 
paulrobertlloyd Ah, right, okay. So looking at this again, while the user’s website is using IndieAuth, I’m having them sign in to the server via IndieLogin. So who should I be passing the code back to to verify it? IndieAuth (or whatever endpoint provider they configured) or IndieLogin?
# 22:48 
[snarfed] (if you're morbidly curious, indielogin's access code is likely JWT)
# 22:49 
[snarfed] yeah, back to their endpoint, which may be indielogin/indieauth. you'll then get a response back with a `me` param (form-encoded or json), which is the verified URL
# 22:50 
[snarfed] https://www.w3.org/TR/indieauth/#authorization-request
# 22:58 
paulrobertlloyd I’m trying to use integrate this with some express routing: https://grantcodes.github.io/indieauth-helper/  I suspect I’m using it wrong.
# 22:59 
[snarfed] cc [grantcodes]
# 22:59 
paulrobertlloyd If you visit a page that requires authentication, you are redirected to the sign in page (for which `redirect_uri` is set to the referring page)
# 23:00 
paulrobertlloyd On submitting your URL, you are directed to IndieLogin, which then (in my case at least) redirects to IndieAuth, which then redirects back to IndieLogin then back to my server, with a code and state.
# 23:01 
paulrobertlloyd If the requests includes the code/state queries, I check that the state matches the saved state, and then try to authenticate the returned code.
# 23:02 
paulrobertlloyd Using any of the functions in that package return 404’s or ‘Invalid code provided’. If any that helps!!
# 23:14 
paulrobertlloyd Here’s where I’m currently at: https://gist.github.com/paulrobertlloyd/22a71f5db3dfa75c9df45e1c17a10521
# 23:38 
paulrobertlloyd Right, time for bed. Thanks for your help [snarfed], at least I know I’m on the right track 👍🏻
[adam] joined the channel
# 23:44 
[snarfed] welcome! gl!