#dev 2019-12-25
2019-12-25 UTC
KartikPrabhu and [dmitshur] joined the channel
# [dmitshur] a neat (to me) observation. I've been going over my site's codebase planning the next move, and realizing how so many of my previous questions and uncertainties (related to /IndieAuth, /chat-names, autocompletion and address books, user identifiers, etc.) have already been answered and became things with clear steps and solutions... all thanks to me bringing up those concerns here and discussing them with people here. so, thank you all for
# [dmitshur] the help. đ
mattgorecki joined the channel
# jamietanna[m] [dmitshur] glad to hear! But we're also happy to iterate over our existing solutions so shout up if there are things to consider/change /etc
[Michael_Beckwit, KartikPrabhu and [dmitshur] joined the channel
# [dmitshur] another thought. I may have found a pretty good use case for Cloud Functions (for the first time). basically, I can use it as a "make-unauthenticated-HTTP-requests-for-me"-as-a-service.
# [dmitshur] one of the challenges of implementing an IndieAuth client is the need to make some HTTP requests, e.g., to discover the authorization_endpoint on a user-provided URL. the spec disallows URLs that are not domain name (e.g, `localhost`) or IPs (e.g. `127.0.0.1` ), and in theory it _should_ be safe to make arbitrary GET requests... but it's still potentially a little scary.
# [dmitshur] as one example of ways things can go wrong security-wise, say you have a "localhost.com -> 127.0.0.1" entry in /etc/hosts, then external users can cause your server to make local requests (which ideally should not be considered privileged, but still, they might leak internal information).
# [dmitshur] so I can "factor out" that task to an external cloud function which I know won't have any internal HTTP resources to leak, etc.
# [dmitshur] I'm still not sure if I'll do this because it adds complexity, but it's a nice option to have
# [dmitshur] made sure it actually works, http://instantshare.win/1u7kj8o8r8fpp.png
# [dmitshur] (I feel like I should say, for disclosure, Google is my employer and even though I all the indie stuff in my free time, my choice of a cloud provider may be biased.)
# marinin[t] wouldn't there be a possibility to leak some metadata between your server and a cloud function?
# [dmitshur] I'm not sure I understand what metadata exactly you're referring to (or where the leak would be), can you elaborate?
# [dmitshur] do you mean there's some metadata that may be accessible inside the cloud function execution environment? via HTTP?
# [dmitshur] I agree that in general it's not a perfect solution... but the point of doing it is to reduce the surface area that needs to be secured/considered from an entire server that hosts many services (which is what I have now) to a very narrow individual service/function
# [dmitshur] but if you have more specific thoughts on what can still leak, it'd be helpful to hear them đ
# [dmitshur] nice to hear there's precedent for this :)
# [dmitshur] I'm curious, what google cloud product/service are you using for https://xray.p3k.app/? App Engine? something else? or a combination of things
# [dmitshur] https://github.com/aaronpk/XRay/blob/master/app.yaml gives me a hint
KartikPrabhu joined the channel
# [dmitshur] I'm still far from finishing https://github.com/shurcooL/home/issues/34... but maybe not as far as I thought. http://instantshare.win/1g8cbj3riztuc.png
# [dmitshur] what has helped (speed up the process) a lot is internalizing that even though URLs can be used both for authentication (via IndieAuth) and for specifying users, it's not necessary to do both (or change to doing both) _at the same time_.
# [dmitshur] I can add support just for authentication via IndieAuth first, and consider/move towards using URLs as user IDs in the future... or not at all. they're separate matters and don't have to be coupled if you don't want them to be.
# [dmitshur] this helps me a ton right now because I'm currently specifying users by a
{ID uint64; Domain string}
pair where ID == 0 means "no user", and I'm not in a position to easily change that... that decision was made long ago in a package I'm currently sharing between far too many other things (see https://godoc.org/github.com/shurcooL/users?importers)# [dmitshur] in order to be able to change it, I'll want to make a copy that's specific to my site, start propagating and using it everywhere else, etc. that's gonna take a while
# [dmitshur] so for now I'm just going to continue to use that as is, and users that sign in via IndieAuth will be assigned an
{ID, Domain}
pair (with domain == my site), and track their IndieAuth URL for purposes of authentication separately (a change I can make much more quickly).# [dmitshur] and all those internal implementation details can be refactored and simplified over time. đ
# [dmitshur] without any visible effects on the user experience.
[KevinMarks], wgirl, KartikPrabhu, vika_nezrimaya, Nuve, marinin[t], tsrt^, [jgmac1106], [tantek], leg, asymptotically and swentel joined the channel
# vika_nezrimaya Question. The token endpoint returns a "me" parameter in response to a request that provides a "me" parameter. Is the expression `request.body.me == response.body.me` true in all cases? In which cases it is not, if it can be false?
# vika_nezrimaya oh wait
# vika_nezrimaya I think I jumbled up some flows
# vika_nezrimaya ok the question is void
# @megarush1024 âŠī¸ Regarding creation of content, micropub is a thing, microsub to subscribe, heavy use of microformats 2, CMSs for this include Known as well as others, meant to be intentionally platform-agnostic. + (twitter.com/_/status/1209858883331772416)
# @megarush1024 âŠī¸ Also webmention is key so domains/people can talk to each other regardless of platform, and also some non-Mastodon ActivityPub implementations. Hope this helps. (twitter.com/_/status/1209859218284720129)
[Sadik_Shahadu] joined the channel
# vika_nezrimaya ok I have a problem
TIMDiscord[m] and JohnAlonsoDiscor joined the channel; aflofoDiscord[m] left the channel
# vika_nezrimaya why do token endpoints not accept JSON?
# vika_nezrimaya or do they?
# vika_nezrimaya and Volley doesn't seem to parse form-encoded data
# vika_nezrimaya Volley's not a web framework
# Loqi It looks like we don't have a page for "Volley" yet. Would you like to create it? (Or just say "Volley is ____", a sentence describing the term)
# vika_nezrimaya Volley is Android's own HTTP client
# vika_nezrimaya oops
# vika_nezrimaya it's a batteries-included client :3
# vika_nezrimaya parses JSON for you
# vika_nezrimaya like requests for python
# vika_nezrimaya except I'll need a custom request type for that :3
# vika_nezrimaya No, I mean, how often you have to send one type of data to receive another one?
# vika_nezrimaya not including IndieAuth
# vika_nezrimaya ok I guess I could receive JSON and parse it in the onResponse() method
# vika_nezrimaya I still don't like Java
# vika_nezrimaya maybe I should learn Kotlin...
# vika_nezrimaya I GOT AN ACCESS TOKEN
# vika_nezrimaya Yay!
# vika_nezrimaya woot?
# vika_nezrimaya what is woot
# Loqi It looks like we don't have a page for "woot" yet. Would you like to create it? (Or just say "woot is ____", a sentence describing the term)
# vika_nezrimaya swentel: oh hey
# vika_nezrimaya I'm just designing a comptetitor for Indigenous that will send JSON responses instead of form-encoded
# vika_nezrimaya 'cause I like it more...
dckc joined the channel
# vika_nezrimaya thanks :3
# vika_nezrimaya Indigenous is a nice app but it doesn't include ability to post more... unorthodox posts. Like h-ate posts, for example...
# vika_nezrimaya Also I don't think it can post a venue h-card
# vika_nezrimaya Well, could it post an inner h-geo object? I don't think so!
# vika_nezrimaya (not without special server support at least)
# vika_nezrimaya I did that with curl previously, but I want to be able to import venues on the go
# vika_nezrimaya oh right, I've implemented it in old Kittybox already
# vika_nezrimaya but not create venues
# vika_nezrimaya It uses venues from the special query (which I do have)
# vika_nezrimaya but I want a button "New venue" which pops me to something like NewVenueActivity that will have fields, location support (with Google Maps/some other maps view)
# vika_nezrimaya and then it would post it and instantly use it
# vika_nezrimaya or this activity will be usable from the New Object menu
# vika_nezrimaya basically I have an impossible dream of a single companion app that interfaces with your website
# vika_nezrimaya slowly, but surely I could implement that
# vika_nezrimaya Overland means aaronparecki.com-like live location tracking?
# vika_nezrimaya I'm actually planning on this
# vika_nezrimaya Sometimes when I look at Google Fit, I see it tracks my location when I'm no foot
# vika_nezrimaya Maps are attached to my walking activity
# vika_nezrimaya GWG: I'm trying to make it universal and not dependent on features in Kittybox (so no proprietary stuff if possible; if not, push it as an extension of the standard)
# Loqi It looks like we don't have a page for "kittybox" yet. Would you like to create it? (Or just say "kittybox is ____", a sentence describing the term)
# vika_nezrimaya Kittybox is a Micropub server built by Vika for her website, https://fireburn.ru.
# vika_nezrimaya it
# vika_nezrimaya it's me :3
# vika_nezrimaya curl https://fireburn.ru/hcards/anticafe_krilya
# vika_nezrimaya here's a venue for you :3
# vika_nezrimaya It should have a name, preferably should have a location, also could have photos, a note and everything an h-card could have
# vika_nezrimaya Also URLs!
# vika_nezrimaya It could have one or more URLs
# vika_nezrimaya p-name, p-geo/h-geo, u-photo, p-note
# vika_nezrimaya great :3
# vika_nezrimaya we're discussing checkins
# vika_nezrimaya Location tracking could be separate but integrated with it
# vika_nezrimaya Nah
# vika_nezrimaya h=card too
# vika_nezrimaya GWG: A background service that tracks your location (using GMS to get GPS data to drain less battery - hope you have GApps 'cause I do) and sends it to an endpoint of some sort is what you want, right?
# vika_nezrimaya I think that's how aaronpk's tracker works
# vika_nezrimaya also I think when I close near a venue, I could show a notification "Check-in to <Venue name>?" with an intent to pre-filled CheckinActivity :3
# vika_nezrimaya GWG: which ones? Geolocation sending interval?
# vika_nezrimaya Aircraft data?
# vika_nezrimaya how would I get this?
# vika_nezrimaya how to determine it? is there a standard API?
# vika_nezrimaya GWG what is a trip in this context?
# vika_nezrimaya bike ride?
# vika_nezrimaya as an example
# vika_nezrimaya that's something that Google Fit already does, by the way :3
# vika_nezrimaya as a silo
# vika_nezrimaya could either build integration with it (feeding data to it and pulling back more data, e.g. from your smartwatch - sleep data like aaronpk's) or reimplement something similar
# vika_nezrimaya I would need a bike to test it though
# vika_nezrimaya Google Fit also allows to do that, I could copy the UI
# vika_nezrimaya it has bike rides though
# vika_nezrimaya that's why I'm talking about it
# vika_nezrimaya aaronpk-like map and also I want to pull sleep data from Google Fit (Xiaomi Mi Fit pushes to it, though less often than I would like)
# vika_nezrimaya maybe, just maybe I'll get some Gadgetbridge code inside so I could connect my smartwatch directly to the app
# vika_nezrimaya also checkin suggestions
# vika_nezrimaya does anyone even have checkin suggestions in their Micropub clients?
# vika_nezrimaya push notifications when near a venue
# vika_nezrimaya never taken a single flight and I don't know what you're talking about :D
# vika_nezrimaya In the summer I do get on trains usually
# vika_nezrimaya Only this year I've never travelled
# vika_nezrimaya ok I think I know the UI
# vika_nezrimaya I'll need to draw it first, it's fairly complex
# vika_nezrimaya aaronpk GWG https://fireburn.ru/posts/1577309460
# Loqi [Vika] A mockup for âTrain Tripâ screen for a location and trip tracker integrated with IndieWeb. https://fireburn.ru/media/12/3b/c0/91/ca1afb0dc54de56447eaf17646c91477d177f27e66a5e3cb21f88718
# vika_nezrimaya I made a mock-up for a screen I would use for a train trip. Suggestions?
# vika_nezrimaya Sorry it's turned sideways! on the upside, you can flex your necks a bit
# vika_nezrimaya or just cheat and turn your phone sideways, provided you lock rotation
# vika_nezrimaya For flights, I would turn on "airplane integration mode" in the service (probably) and it will poll the in-flight wifi on pre-determined list of endpoints until it encounters a valid one
# vika_nezrimaya I'll need someone to test it though, I don't fly at all!
# vika_nezrimaya Great :3 getting WiFi SSID on Android is gated by the same permissions as GPS
# vika_nezrimaya no permission problems at all!
# vika_nezrimaya is there a public list somewhere?
# vika_nezrimaya I'll bookmark it
leg joined the channel
# vika_nezrimaya Location tracking is on my roadmap after posting with fancy post types (which doesn't have a lot of complexity)
# vika_nezrimaya it has airports codes in it
# GWG Third airline.. https://gist.github.com/ef3b85f20d34ac6849616655d7dd100b
# vika_nezrimaya If there was a MF2 property for airport code I could use it to pre-fill takeoff and destination venues
# vika_nezrimaya I need something like an h-card property p-airport-code on airport venues' h-cards
# vika_nezrimaya then I could search by airport code
# vika_nezrimaya would need a Micropub extension though
# vika_nezrimaya something like ?q=geo&airport=CODE
# vika_nezrimaya returns a URL for venue with this airport code
# vika_nezrimaya or maybe ?q=airport&code=CODE
# @edent âŠī¸ @GuildOfMakers @DrLucyRogers Hello #MakersHour. I'm adding IndieWeb stuff to my websites. Learning lots about Webmention technologies. (twitter.com/_/status/1209929485488967681)
[KevinMarks] joined the channel
# @ZipperHost The IndieWeb and Webmentions #indieweb http://clintonpavlovic.co.za/the-indieweb-and-webmentions/ (twitter.com/_/status/1209957129693601797)
[grantcodes] joined the channel