#dev 2019-12-25

2019-12-25 UTC
KartikPrabhu and [dmitshur] joined the channel
#
[dmitshur] a neat (to me) observation. I've been going over my site's codebase planning the next move, and realizing how so many of my previous questions and uncertainties (related to /IndieAuth, /chat-names, autocompletion and address books, user identifiers, etc.) have already been answered and became things with clear steps and solutions... all thanks to me bringing up those concerns here and discussing them with people here. so, thank you all for
#
[dmitshur] the help. 👍
#
[snarfed] welcome!
#
[snarfed] iteration++
#
Loqi iteration has 2 karma over the last year
mattgorecki joined the channel
#
jamietanna[m] [dmitshur] glad to hear! But we're also happy to iterate over our existing solutions so shout up if there are things to consider/change /etc
[Michael_Beckwit, KartikPrabhu and [dmitshur] joined the channel
#
[dmitshur] another thought. I may have found a pretty good use case for Cloud Functions (for the first time). basically, I can use it as a "make-unauthenticated-HTTP-requests-for-me"-as-a-service.
#
[dmitshur] one of the challenges of implementing an IndieAuth client is the need to make some HTTP requests, e.g., to discover the authorization_endpoint on a user-provided URL. the spec disallows URLs that are not domain name (e.g, `localhost`) or IPs (e.g. `127.0.0.1` ), and in theory it _should_ be safe to make arbitrary GET requests... but it's still potentially a little scary.
#
[dmitshur] as one example of ways things can go wrong security-wise, say you have a "localhost.com -> 127.0.0.1" entry in /etc/hosts, then external users can cause your server to make local requests (which ideally should not be considered privileged, but still, they might leak internal information).
#
[dmitshur] so I can "factor out" that task to an external cloud function which I know won't have any internal HTTP resources to leak, etc.
#
[dmitshur] I'm still not sure if I'll do this because it adds complexity, but it's a nice option to have
#
[dmitshur] made sure it actually works, http://instantshare.win/1u7kj8o8r8fpp.png
#
[dmitshur] (I feel like I should say, for disclosure, Google is my employer and even though I all the indie stuff in my free time, my choice of a cloud provider may be biased.)
#
marinin[t] wouldn't there be a possibility to leak some metadata between your server and a cloud function?
#
[dmitshur] I'm not sure I understand what metadata exactly you're referring to (or where the leak would be), can you elaborate?
#
[dmitshur] do you mean there's some metadata that may be accessible inside the cloud function execution environment? via HTTP?
#
[dmitshur] I agree that in general it's not a perfect solution... but the point of doing it is to reduce the surface area that needs to be secured/considered from an entire server that hosts many services (which is what I have now) to a very narrow individual service/function
#
[dmitshur] but if you have more specific thoughts on what can still leak, it'd be helpful to hear them 🙂
#
aaronpk [dmitshur]: that's one of the reasons I run the public XRay instance on google cloud
#
aaronpk all the webmention verifications hat webmention.io do are requested from google cloud
#
[dmitshur] nice to hear there's precedent for this :)
#
aaronpk Doing it for IndieAuth is a good idea too :-)
#
aaronpk the indielogin.com server does it itself right now
#
[dmitshur] I'm curious, what google cloud product/service are you using for https://xray.p3k.app/? App Engine? something else? or a combination of things
#
[dmitshur] https://github.com/aaronpk/XRay/blob/master/app.yaml gives me a hint
#
aaronpk Yeah app engine
KartikPrabhu joined the channel
#
[dmitshur] I'm still far from finishing https://github.com/shurcooL/home/issues/34... but maybe not as far as I thought. http://instantshare.win/1g8cbj3riztuc.png
#
Loqi [dmitshur] #34 add support for signing in via IndieAuth
#
aaronpk Oh neat
#
[dmitshur] what has helped (speed up the process) a lot is internalizing that even though URLs can be used both for authentication (via IndieAuth) and for specifying users, it's not necessary to do both (or change to doing both) _at the same time_.
#
[dmitshur] I can add support just for authentication via IndieAuth first, and consider/move towards using URLs as user IDs in the future... or not at all. they're separate matters and don't have to be coupled if you don't want them to be.
#
[dmitshur] this helps me a ton right now because I'm currently specifying users by a {ID uint64; Domain string} pair where ID == 0 means "no user", and I'm not in a position to easily change that... that decision was made long ago in a package I'm currently sharing between far too many other things (see https://godoc.org/github.com/shurcooL/users?importers)
#
[dmitshur] in order to be able to change it, I'll want to make a copy that's specific to my site, start propagating and using it everywhere else, etc. that's gonna take a while
#
[dmitshur] so for now I'm just going to continue to use that as is, and users that sign in via IndieAuth will be assigned an {ID, Domain} pair (with domain == my site), and track their IndieAuth URL for purposes of authentication separately (a change I can make much more quickly).
#
[dmitshur] and all those internal implementation details can be refactored and simplified over time. 😄
#
[dmitshur] without any visible effects on the user experience.
[KevinMarks], wgirl, KartikPrabhu, vika_nezrimaya, Nuve, marinin[t], tsrt^, [jgmac1106], [tantek], leg, asymptotically and swentel joined the channel
#
vika_nezrimaya Question. The token endpoint returns a "me" parameter in response to a request that provides a "me" parameter. Is the expression `request.body.me == response.body.me` true in all cases? In which cases it is not, if it can be false?
#
vika_nezrimaya oh wait
#
vika_nezrimaya I think I jumbled up some flows
#
vika_nezrimaya ok the question is void
#
@megarush1024 ↩ī¸ Regarding creation of content, micropub is a thing, microsub to subscribe, heavy use of microformats 2, CMSs for this include Known as well as others, meant to be intentionally platform-agnostic. + (twitter.com/_/status/1209858883331772416)
#
@megarush1024 ↩ī¸ Also webmention is key so domains/people can talk to each other regardless of platform, and also some non-Mastodon ActivityPub implementations. Hope this helps. (twitter.com/_/status/1209859218284720129)
[Sadik_Shahadu] joined the channel
#
vika_nezrimaya ok I have a problem
TIMDiscord[m] and JohnAlonsoDiscor joined the channel; aflofoDiscord[m] left the channel
#
vika_nezrimaya why do token endpoints not accept JSON?
#
vika_nezrimaya or do they?
#
aaronpk because oauth doesn't use JSON post requests
#
vika_nezrimaya and Volley doesn't seem to parse form-encoded data
#
aaronpk it amazes me when web frameworks don't handle form-encoded data... that's just an HTML form :facepalm:
#
vika_nezrimaya Volley's not a web framework
#
aaronpk what is Volley?
#
Loqi It looks like we don't have a page for "Volley" yet. Would you like to create it? (Or just say "Volley is ____", a sentence describing the term)
#
vika_nezrimaya Volley is Android's own HTTP client
#
Loqi ok
#
vika_nezrimaya oops
#
aaronpk 😂
#
aaronpk the client shouldn't need to parse a post request...
#
vika_nezrimaya it's a batteries-included client :3
#
vika_nezrimaya parses JSON for you
#
vika_nezrimaya like requests for python
#
aaronpk the client should be sending a form-encoded POST, and it will get JSON back
#
vika_nezrimaya except I'll need a custom request type for that :3
#
aaronpk I would nope not
#
aaronpk that's pretty standard
#
vika_nezrimaya No, I mean, how often you have to send one type of data to receive another one?
#
vika_nezrimaya not including IndieAuth
#
aaronpk literally every web form
#
aaronpk also most APIs
#
vika_nezrimaya ok I guess I could receive JSON and parse it in the onResponse() method
#
vika_nezrimaya I still don't like Java
#
vika_nezrimaya maybe I should learn Kotlin...
#
vika_nezrimaya I GOT AN ACCESS TOKEN
#
vika_nezrimaya Yay!
#
Loqi woot
#
vika_nezrimaya woot?
#
vika_nezrimaya what is woot
#
Loqi It looks like we don't have a page for "woot" yet. Would you like to create it? (Or just say "woot is ____", a sentence describing the term)
#
aaronpk 🎉
#
swentel hmm yeah, volley can be tedious sometimes, I'd love to replace it in indigenous at some point
#
swentel hmm can rss feeds contain a photo for the author - checking because xray doesn't look for it atm, but I don't know if it's possible anyway :)
#
swentel hmm nvm, will do it differently :)
#
vika_nezrimaya swentel: oh hey
#
vika_nezrimaya I'm just designing a comptetitor for Indigenous that will send JSON responses instead of form-encoded
#
vika_nezrimaya 'cause I like it more...
dckc joined the channel
#
swentel good luck with that :)
#
vika_nezrimaya thanks :3
#
vika_nezrimaya Indigenous is a nice app but it doesn't include ability to post more... unorthodox posts. Like h-ate posts, for example...
#
vika_nezrimaya Also I don't think it can post a venue h-card
#
swentel well, adding that would take 10 minutes or so
#
swentel I just need to know what the screen looks like and which properties to post
#
vika_nezrimaya Well, could it post an inner h-geo object? I don't think so!
#
vika_nezrimaya (not without special server support at least)
#
vika_nezrimaya I did that with curl previously, but I want to be able to import venues on the go
#
swentel it uses the geo:uri already which works fine
#
swentel it can call for your location with a query
#
vika_nezrimaya oh right, I've implemented it in old Kittybox already
#
swentel and use venues too :)
#
vika_nezrimaya but not create venues
#
vika_nezrimaya It uses venues from the special query (which I do have)
#
GWG I am happy that the Android Micropub space has diversity
#
vika_nezrimaya but I want a button "New venue" which pops me to something like NewVenueActivity that will have fields, location support (with Google Maps/some other maps view)
#
vika_nezrimaya and then it would post it and instantly use it
#
vika_nezrimaya or this activity will be usable from the New Object menu
#
vika_nezrimaya basically I have an impossible dream of a single companion app that interfaces with your website
#
vika_nezrimaya slowly, but surely I could implement that
#
GWG I am still hoping someone will build an Overland like app for Android
#
vika_nezrimaya Overland means aaronparecki.com-like live location tracking?
#
swentel what would the location support do?
#
swentel because
#
vika_nezrimaya I'm actually planning on this
#
GWG Most of the ones on the market are focused more on hiking than life tracking
#
vika_nezrimaya Sometimes when I look at Google Fit, I see it tracks my location when I'm no foot
#
GWG vika_nezrimaya: I would be a user if it met my needs
#
vika_nezrimaya Maps are attached to my walking activity
#
vika_nezrimaya GWG: I'm trying to make it universal and not dependent on features in Kittybox (so no proprietary stuff if possible; if not, push it as an extension of the standard)
#
GWG What is kittybox?
#
Loqi It looks like we don't have a page for "kittybox" yet. Would you like to create it? (Or just say "kittybox is ____", a sentence describing the term)
#
vika_nezrimaya Kittybox is a Micropub server built by Vika for her website, https://fireburn.ru.
#
Loqi ok
#
Loqi Vika
#
vika_nezrimaya it
#
vika_nezrimaya it's me :3
#
swentel so what fields does a venue have?
#
vika_nezrimaya curl https://fireburn.ru/hcards/anticafe_krilya
#
Loqi АĐŊŅ‚иĐēĐ°Ņ„Đĩ КŅ€Ņ‹ĐģŅŒŅ
#
vika_nezrimaya here's a venue for you :3
#
vika_nezrimaya It should have a name, preferably should have a location, also could have photos, a note and everything an h-card could have
#
vika_nezrimaya Also URLs!
#
vika_nezrimaya It could have one or more URLs
#
GWG Minimal viable fields?
#
vika_nezrimaya p-name, p-geo/h-geo, u-photo, p-note
#
swentel well, if I modify the checkin activity in indigenous a bit, it would probably take me 5 minutes
#
vika_nezrimaya great :3
#
swentel hehe :)
#
swentel so h = card then?
#
swentel or what's the property there?
#
aaronpk a venue would be an h-card
#
swentel alright
#
GWG I just have nothing on the backend yet to handle h=card
#
vika_nezrimaya we're discussing checkins
#
vika_nezrimaya Location tracking could be separate but integrated with it
#
swentel vika_nezrimaya, oh ok, so you want a nested venue h-card in the checkin
#
vika_nezrimaya Nah
#
vika_nezrimaya h=card too
#
GWG vika_nezrimaya: I realized. Nested h-card my Micropub endpoint accepts, just didn't teach it how to handle top level
#
vika_nezrimaya GWG: A background service that tracks your location (using GMS to get GPS data to drain less battery - hope you have GApps 'cause I do) and sends it to an endpoint of some sort is what you want, right?
#
vika_nezrimaya I think that's how aaronpk's tracker works
#
GWG vika_nezrimaya: Yes, and yes
#
GWG But there would be some customizations Overland has that I'd like and maybe more
#
vika_nezrimaya also I think when I close near a venue, I could show a notification "Check-in to <Venue name>?" with an intent to pre-filled CheckinActivity :3
#
vika_nezrimaya GWG: which ones? Geolocation sending interval?
#
GWG Ability to queue points and send in longer intervals even if collecting in shorter ones
#
GWG Ability to store from non GPS sources, like aircraft data
#
vika_nezrimaya Aircraft data?
#
vika_nezrimaya how would I get this?
#
GWG From inflight wifi
#
aaronpk on airplane wifi there's often a URL that returns in-flight info
#
aaronpk it's accessible only from inside the plane
#
vika_nezrimaya how to determine it? is there a standard API?
#
GWG vika_nezrimaya: Also, ability to start and stop a trip within constant tracking
#
GWG vika_nezrimaya: Regrettably it varies by airline
#
aaronpk there's only a few different ones though
#
GWG I have been cataloguing them as I fly
#
aaronpk sadly the united airlines one doesn't include lat/lng
#
GWG I even send my notes to aaronpk for his future use
#
vika_nezrimaya GWG what is a trip in this context?
#
vika_nezrimaya bike ride?
#
vika_nezrimaya as an example
#
GWG vika_nezrimaya: A bike ride is a good example
#
GWG Maybe a day of sightseeing in a new city
#
GWG A train ride
#
GWG I want to be able to segment a series of points
#
vika_nezrimaya that's something that Google Fit already does, by the way :3
#
vika_nezrimaya as a silo
#
vika_nezrimaya could either build integration with it (feeding data to it and pulling back more data, e.g. from your smartwatch - sleep data like aaronpk's) or reimplement something similar
#
vika_nezrimaya I would need a bike to test it though
#
GWG vika_nezrimaya: Yes, I also would like to take advantage of Google's activity api that determines what activity is
#
GWG But also be able to manually set it as part of starting a trip
#
vika_nezrimaya Google Fit also allows to do that, I could copy the UI
#
GWG Fit is for a very different purpose though
#
vika_nezrimaya it has bike rides though
#
vika_nezrimaya that's why I'm talking about it
#
GWG vika_nezrimaya: What are you thinking for yourself?
#
GWG As in, what would you want in such an app?
#
vika_nezrimaya aaronpk-like map and also I want to pull sleep data from Google Fit (Xiaomi Mi Fit pushes to it, though less often than I would like)
#
GWG aaronpk: Re this, could you send me a snippet of what your flight data looks like when it hits the database?
#
vika_nezrimaya maybe, just maybe I'll get some Gadgetbridge code inside so I could connect my smartwatch directly to the app
#
aaronpk GWG: I only have it working with alaska airlines
#
GWG aaronpk: I want to see about standardizing the properties.
#
vika_nezrimaya also checkin suggestions
#
aaronpk I first mash the data into the format that Compass expects (GeoJSON), and I add all the extra properties from the flight JSON as GeoJSON properties
#
vika_nezrimaya does anyone even have checkin suggestions in their Micropub clients?
#
aaronpk I haven't attempted to store any of the stuff like flight number in any standardized format
#
vika_nezrimaya push notifications when near a venue
#
GWG aaronpk: That's what I would like to think on
#
aaronpk vika_nezrimaya: if I didn't use Swarm I would definitely pursue that, but Swarm is good enough for me still
#
GWG I noticed you send speed as mph and I send it as m/s
#
vika_nezrimaya never taken a single flight and I don't know what you're talking about :D
#
aaronpk GWG: hm I thought I was storing it as meters per second
#
GWG I just looked at the Overland readme, so I am not sure
#
GWG That might be the app display, not storage
#
aaronpk overland displays speed in mph or km/h depending on the phone's locale
#
GWG vika_nezrimaya: Have you been on a train?
#
vika_nezrimaya In the summer I do get on trains usually
#
aaronpk "trains, or as I like to call them, ground planes"
#
GWG Exactly
#
vika_nezrimaya Only this year I've never travelled
#
GWG Same experience in terms of tracking
#
vika_nezrimaya ok I think I know the UI
#
vika_nezrimaya I'll need to draw it first, it's fairly complex
#
GWG The issue on planes is that GPS reception is limited, so aaronpk and I both poll the in flight WiFi to find the location
#
GWG aaronpk: If I write up my thoughts on tracking properties, would you comment as the only other person I know doing this?
#
aaronpk sure
#
GWG The reason I want to standardize is that I use Compass as a source in WordPress and it shouldn't just work for my implementation
#
GWG I have it generating a location description differently if it is on a plane now
#
aaronpk ah yeah I did that too, but now I forget how I find the flight number
#
GWG It even polls the airport database to get the proper name
#
aaronpk nice
#
GWG aaronpk: Thanks for some inspiration, by the way
#
GWG vika_nezrimaya: Tell me if I can help
#
vika_nezrimaya aaronpk GWG https://fireburn.ru/posts/1577309460
#
Loqi [Vika] A mockup for “Train Trip” screen for a location and trip tracker integrated with IndieWeb. https://fireburn.ru/media/12/3b/c0/91/ca1afb0dc54de56447eaf17646c91477d177f27e66a5e3cb21f88718
#
vika_nezrimaya I made a mock-up for a screen I would use for a train trip. Suggestions?
#
vika_nezrimaya Sorry it's turned sideways! on the upside, you can flex your necks a bit
#
vika_nezrimaya or just cheat and turn your phone sideways, provided you lock rotation
#
GWG Looks good so far
#
vika_nezrimaya For flights, I would turn on "airplane integration mode" in the service (probably) and it will poll the in-flight wifi on pre-determined list of endpoints until it encounters a valid one
#
vika_nezrimaya I'll need someone to test it though, I don't fly at all!
#
GWG vika_nezrimaya: You can determine by wifi ssid and I keep getting new examples, or others will
#
vika_nezrimaya Great :3 getting WiFi SSID on Android is gated by the same permissions as GPS
#
vika_nezrimaya no permission problems at all!
#
vika_nezrimaya is there a public list somewhere?
#
vika_nezrimaya I'll bookmark it
leg joined the channel
#
GWG vika_nezrimaya: No, but I keep instructions in my gists
#
vika_nezrimaya Location tracking is on my roadmap after posting with fancy post types (which doesn't have a lot of complexity)
#
GWG For example, this is what one airline returns when you discover the right endpoint
#
GWG https://gist.github.com/953d217f3050ff9695e4a2ed81951d70
#
GWG https://gist.github.com/91350f141a091d403d5c667fd003ec3d
#
GWG Different airline
#
vika_nezrimaya it has airports codes in it
#
GWG Third airline.. https://gist.github.com/ef3b85f20d34ac6849616655d7dd100b
#
GWG So, you see the difference in level of detail
#
vika_nezrimaya If there was a MF2 property for airport code I could use it to pre-fill takeoff and destination venues
#
GWG vika_nezrimaya: This is what I was discussing with aaronpk... standardizing the properties... even if they are still draft
#
GWG Although aaronpk does have h-trip
#
vika_nezrimaya I need something like an h-card property p-airport-code on airport venues' h-cards
#
vika_nezrimaya then I could search by airport code
#
vika_nezrimaya would need a Micropub extension though
#
vika_nezrimaya something like ?q=geo&airport=CODE
#
vika_nezrimaya returns a URL for venue with this airport code
#
vika_nezrimaya or maybe ?q=airport&code=CODE
#
GWG I would add it to geo
#
GWG If possible
#
swentel so, looking at checkin indigenious: if I copy that, add a name textfield and send h=card instead of h=entry, then I'd have a venue right?
#
GWG Yes.
#
swentel ok
#
swentel ready
#
swentel just need to fine a nice icon :)
#
GWG Looking at flightaware's API
#
swentel https://postimg.cc/fkjVNtXW/7952a5e8
#
swentel can't choose between appartement or house for the icon
#
swentel opinions? :)
#
swentel ok, went for business icon, much better (not on that screenshot)
#
swentel ok perfect, any other post type screens ? ;)
#
swentel if not, I'll release
#
GWG Such as?
#
swentel well, I'm always open to add other post type/kinds screens in indigenous if I now the properties to send
#
swentel anyway, I'll push this one as a christmas present :)
#
GWG For vika_nezrimaya? I don't have card capabilities yet
#
swentel well, you can test now :)
#
swentel it's pushed into the store now
#
GWG Card is something that would need a new data structure for me
#
GWG How do you tell a venue from a person
#
aaronpk you don't
#
aaronpk it's not necessary to
#
swentel a person probably doesn't have a location?
#
aaronpk don't introducs typed data structures when you don't need to IMO
#
aaronpk my nicknames cache stores h-cards and it doesn't care whether that happens to represent a person or venue or business
#
swentel hmm right, makes sense indeed
#
swentel I was looking at my nicknames cache too
#
swentel in drupal
#
swentel and it can listen to hcard from indigenous (or any other)
#
aaronpk see also: does twitter care whether twitter accounts are people or venues or businesses? not really, you can mention accounts or tag accounts in photos all the same
#
swentel but would currently ignore location stuff, I just need to store that as well if it's available
#
swentel indeed
#
swentel cool
#
swentel less work :)
#
swentel ok, back to multi-user drupal indieweb
#
@edent ↩ī¸ @GuildOfMakers @DrLucyRogers Hello #MakersHour. I'm adding IndieWeb stuff to my websites. Learning lots about Webmention technologies. (twitter.com/_/status/1209929485488967681)
#
GWG I need to because of how I want to store them.
#
GWG I want to store people in the user table.
#
GWG But I suppose I could reconsider
#
swentel hmm, I have a seperate entity/storage for contacts in drupal
#
swentel because they aren't really system users
#
swentel and it makes it easy now to add a location field/storage too (although that would work on users too, doesn't matter that much in Drupal)
[KevinMarks] joined the channel
#
GWG swentel: I just don't want to create custom tables
#
swentel oh ok, yeah, I don't even have to maintain that
#
GWG The nice thing about making nicknames users is that I could use that for private posts in the future.
#
swentel mm because you'd mark the post as private, and the owner of the post is a user then?
#
GWG swentel: Basically
#
@ZipperHost The IndieWeb and Webmentions #indieweb http://clintonpavlovic.co.za/the-indieweb-and-webmentions/ (twitter.com/_/status/1209957129693601797)
[grantcodes] joined the channel