#jgmac1106darn broke my kirby site trying to get the commention plugin working, delete everythign I changes and still throwing an error, will revert and try again
nnst^, [Rose], krychu, cweiske, gxt, [Zegnat], olind, [JHSheridan], [frank], [pfefferle], [Lewis_Cowles], [tonz] and H joined the channel; jgmDiscord[m] left the channel
#[JHSheridan][pfefferle] can you give a brief answer as to how you're syndicating to pixelfed? Maybe a link to something on the wiki that'll give me a thread to pull on?
#[pfefferle]hey [JHSheridan] I am using ActivityPub
#[tantek]Challenge to everyone else @here - indie RSVP even after the fact to ^^^ whether you went or not, or attended remotely!
[grantcodes] joined the channel
#[grantcodes]!tell aaronpk starting to get inconsistent data from aperture. Sometimes `photo` is a string. Although just looks like from [calumryan] for some reason?
#[tantek][aaronpk] FYI that map image on your event post makes it *very* slow to load on a slow connection and the first thing a web view does is incrementally load the map which is not ideal for an event post since the primary someone wants when looking up / viewing an event is: what (name), when, where (address they can use for nav) all of which should be simple text that is shown before waiting to load any images
#aaronpkHoping I can add the lazy load attribute and call it a day
#Loqiaaronpk: [grantcodes] left you a message 9 minutes ago: starting to get inconsistent data from aperture. Sometimes `photo` is a string. Although just looks like from [calumryan] for some reason?
#aaronpk[grantcodes]: hmm I did just switch aperture to not return proxy image URLs yesterday
#[tantek][aaronpk] argh user error clicked wrong link in Slack. Not as bad as described
#[tantek]Still takes a while (over a minute) to see readable text but text does show first/above the map image
#[tantek]Why is such a minimal details line art image so slow to load? That should be hyper compressed
#[grantcodes]May be related to that switch 🤷♀️ I fixed it in together anyway for everything that should be an array
#aaronpk[grantcodes]: I bet I fixed only the proxy url version to return arrays, I remember doing that a while ago
#[tantek]Side note: concepts: permission fatigue, and the notion of expiring permissions as described by Melanie on the browser panel here at View Source
#[tantek]Torgo notes a dark pattern: sites using “prove you’re not a robot” as a prompt to get users to accept web notifications! (Yikes!)
#[tantek]The WiFi network and even cell data is crap here at view source and excellent testing opportunity for sites
#aaronpkweird it's plenty fast for me and even switching off wifi I get 3g which is surprisingly fast (i was testing my map loading speeds and couldn't get it to be slow)
#[tantek]IDK how I feel about web monetization. I fear it may be a distraction, lots of work for very little actual payoff
jgmac1106 and [jgmac1106] joined the channel
#beko[m]<[tantek] "The WiFi network and even cell d"> I use the debugger tools for this. Limiting network bandwidth is built in. There's also Chaos Engineering if you enjoy working with random hickups 🙂
[tonz], NinjaTrappeur, krychu, [aaronpk], McTaffy and [pfefferle] joined the channel
#McTaffyHello, I am looking for a resource on windows sockets so that I can open some ports to listen to my apache webserver.
[schmarty] and [jgmac1106] joined the channel
#[jgmac1106]Agree Tantek when content is abundant it is hard to use artificial scarcity to make money. Need to think about content more as channel to drive audience to revenue making verticals
#[jgmac1106]That and world will revolt on the idea of 17 different $5 subscriptions a month
#[Lewis_Cowles]If it’s a house or pet-project, maybe it’s okay.
#[Lewis_Cowles]At the point you receive revenue I think pinning things enables development mistakes to happen and go unnoticed, like pinning to private API’s (python has no private or protected), it allows your caches of dependencies to remain so you don’t spot errors with packages. It encouraged the business to think they were better than they were and made those conversations really hard to have.
#[snarfed]oh agreed. it's a complicated tradeoff, there are points on each side. they can be right that pinning may make stability easier in some ways, but it still may be (probably is) overall the wrong thing to do
#[snarfed]regular upgrades definitely takes more thought and work though, ongoing, often thankless uninteresting work at that. and people are lazy. whee!
#[Lewis_Cowles]The person responsible who I think is a great person is lucky they now work at Google. I would have been so mad not because of the mistakes, but the self-congratulatory comments that kept them company
#[Lewis_Cowles]We have juniors that understood that you could pin deps, but not when it was appropriate or the machinery that should live alongside
#[tantek]Used this site https://netgames.io/games/ during TPAC to play Codenames — web based simple identity and collaboration using the example of turn by turn games. Feels like a bunch of the code / techniques here could be re-used for indieweb use-cases, e.g. realtime comments!
[schmarty] joined the channel
#[schmarty]Ooh, the lighthouse testing system has plugin infrastructure. It should be possible to build tests for mf2, for example. bit.ly/lighthouse-plugins
[Zegnat], krychu, dougbeal|mb1, jgmac1106, [jgmac1106], [tantek], [aaronpk] and gxt joined the channel
[KevinMarks], [aaronpk], [benatwork] and paulrobertlloyd joined the channel
#paulrobertlloydHello all. IndieAuth is throwing my head into a spin, and I’m need of much needed guidance! Perhaps I can start by describing what I’m trying to achieve?
#paulrobertlloydI’m building a Micropub server, which I’d like to be configurable from a UI once deployed. (That and some other things later, like providing a link sharing UI). All of which requires the owner of the server to be authenticated with it.
#paulrobertlloydI started out trying to integrate with IndieLogin, but that only seems to confuse matters, as that then passes data on to IndieAuth, and so following the path, and similar but subtly differing documentation has me confused!
#paulrobertlloydThe workflow as much as I can gather is, user enters their website’s URL into the server UI. (IndieLogin/IndieAuth) authenticates that they own that URL, and passes back a code.
#paulrobertlloydAt that point, I can modify my session to mark the user as authenticated. Finally, I need to request an access token so they can post to their site from the server. For this, I use the code returned from IndieAuth (?) and exchange that code with a token endpoint to get an access token. Is that correct?
#paulrobertlloydTokens, bearer token, access token, code, state… lots of codes flying about, and really hard to make head not tails of what is what! 🤪
[snarfed] joined the channel
#[snarfed][Paul_Robert Lloyd] yup! that's it. at a high level, it's basically OAuth, if that helps.
#[snarfed]i'd wait to mark your session "authenticated" until after you've gotten an access token, but that's more of an implementation detail in your own service
[manton] joined the channel
#paulrobertlloydGood to know I’m on the right track, though it’s hard to describe the issues I’m facing in the abstract! What should a correct code returned from IndieLogin/Auth look like? I take it it’s Base64 encoded…? What should the unencoded code look like?
jgmac1106 joined the channel
#[snarfed]access codes and tokens are opaque, but yeah, often medium to long base64
#paulrobertlloydThis is the type of code I get returned from IndieLogin: b04f52365611f68387de6f5cd0f4a14fb77a59345fcc0ac8d97bb3b3ba1643a7.
#paulrobertlloydDecoded assuming base64, it’s by no means a token… in fact, so mangled I can’t seem to paste it in the channel!
#paulrobertlloydIs the code returned from IndieLogin meant to be used as an authentication token/code?
#[snarfed]right, like i said, access codes and tokens are opaque. don't try to decode or parse them. just pass the code back to indielogin in your verification request
#paulrobertlloydAh, right, okay. So looking at this again, while the user’s website is using IndieAuth, I’m having them sign in to the server via IndieLogin. So who should I be passing the code back to to verify it? IndieAuth (or whatever endpoint provider they configured) or IndieLogin?
#[snarfed](if you're morbidly curious, indielogin's access code is likely JWT)
#[snarfed]yeah, back to their endpoint, which may be indielogin/indieauth. you'll then get a response back with a `me` param (form-encoded or json), which is the verified URL
#paulrobertlloydIf you visit a page that requires authentication, you are redirected to the sign in page (for which `redirect_uri` is set to the referring page)
#paulrobertlloydOn submitting your URL, you are directed to IndieLogin, which then (in my case at least) redirects to IndieAuth, which then redirects back to IndieLogin then back to my server, with a code and state.
#paulrobertlloydIf the requests includes the code/state queries, I check that the state matches the saved state, and then try to authenticate the returned code.
#paulrobertlloydUsing any of the functions in that package return 404’s or ‘Invalid code provided’. If any that helps!!