#dev 2019-12-25

2019-12-25 UTC
KartikPrabhu and [dmitshur] joined the channel
#
[dmitshur]
a neat (to me) observation. I've been going over my site's codebase planning the next move, and realizing how so many of my previous questions and uncertainties (related to /IndieAuth, /chat-names, autocompletion and address books, user identifiers, etc.) have already been answered and became things with clear steps and solutions... all thanks to me bringing up those concerns here and discussing them with people here. so, thank you all for
#
[dmitshur]
the help. 👍
#
[snarfed]
welcome!
#
[snarfed]
iteration++
#
Loqi
iteration has 2 karma over the last year
mattgorecki joined the channel
#
jamietanna[m]
[dmitshur] glad to hear! But we're also happy to iterate over our existing solutions so shout up if there are things to consider/change /etc
[Michael_Beckwit, KartikPrabhu and [dmitshur] joined the channel
#
[dmitshur]
another thought. I may have found a pretty good use case for Cloud Functions (for the first time). basically, I can use it as a "make-unauthenticated-HTTP-requests-for-me"-as-a-service.
#
[dmitshur]
one of the challenges of implementing an IndieAuth client is the need to make some HTTP requests, e.g., to discover the authorization_endpoint on a user-provided URL. the spec disallows URLs that are not domain name (e.g, `localhost`) or IPs (e.g. `127.0.0.1` ), and in theory it _should_ be safe to make arbitrary GET requests... but it's still potentially a little scary.
#
[dmitshur]
as one example of ways things can go wrong security-wise, say you have a "localhost.com -> 127.0.0.1" entry in /etc/hosts, then external users can cause your server to make local requests (which ideally should not be considered privileged, but still, they might leak internal information).
#
[dmitshur]
so I can "factor out" that task to an external cloud function which I know won't have any internal HTTP resources to leak, etc.
#
[dmitshur]
I'm still not sure if I'll do this because it adds complexity, but it's a nice option to have
#
[dmitshur]
(I feel like I should say, for disclosure, Google is my employer and even though I all the indie stuff in my free time, my choice of a cloud provider may be biased.)
#
marinin[t]
wouldn't there be a possibility to leak some metadata between your server and a cloud function?
#
[dmitshur]
I'm not sure I understand what metadata exactly you're referring to (or where the leak would be), can you elaborate?
#
[dmitshur]
do you mean there's some metadata that may be accessible inside the cloud function execution environment? via HTTP?
#
[dmitshur]
I agree that in general it's not a perfect solution... but the point of doing it is to reduce the surface area that needs to be secured/considered from an entire server that hosts many services (which is what I have now) to a very narrow individual service/function
#
[dmitshur]
but if you have more specific thoughts on what can still leak, it'd be helpful to hear them 🙂
#
aaronpk
[dmitshur]: that's one of the reasons I run the public XRay instance on google cloud
#
aaronpk
all the webmention verifications hat webmention.io do are requested from google cloud
#
[dmitshur]
nice to hear there's precedent for this :)
#
aaronpk
Doing it for IndieAuth is a good idea too :-)
#
aaronpk
the indielogin.com server does it itself right now
#
[dmitshur]
I'm curious, what google cloud product/service are you using for https://xray.p3k.app/? App Engine? something else? or a combination of things
#
aaronpk
Yeah app engine
KartikPrabhu joined the channel
#
[dmitshur]
I'm still far from finishing https://github.com/shurcooL/home/issues/34... but maybe not as far as I thought. http://instantshare.win/1g8cbj3riztuc.png
#
Loqi
[dmitshur] #34 add support for signing in via IndieAuth
#
aaronpk
Oh neat
#
[dmitshur]
what has helped (speed up the process) a lot is internalizing that even though URLs can be used both for authentication (via IndieAuth) and for specifying users, it's not necessary to do both (or change to doing both) _at the same time_.
#
[dmitshur]
I can add support just for authentication via IndieAuth first, and consider/move towards using URLs as user IDs in the future... or not at all. they're separate matters and don't have to be coupled if you don't want them to be.
#
[dmitshur]
this helps me a ton right now because I'm currently specifying users by a {ID uint64; Domain string} pair where ID == 0 means "no user", and I'm not in a position to easily change that... that decision was made long ago in a package I'm currently sharing between far too many other things (see https://godoc.org/github.com/shurcooL/users?importers)
#
[dmitshur]
in order to be able to change it, I'll want to make a copy that's specific to my site, start propagating and using it everywhere else, etc. that's gonna take a while
#
[dmitshur]
so for now I'm just going to continue to use that as is, and users that sign in via IndieAuth will be assigned an {ID, Domain} pair (with domain == my site), and track their IndieAuth URL for purposes of authentication separately (a change I can make much more quickly).
#
[dmitshur]
and all those internal implementation details can be refactored and simplified over time. 😄
#
[dmitshur]
without any visible effects on the user experience.
[KevinMarks], wgirl, KartikPrabhu, vika_nezrimaya, Nuve, marinin[t], tsrt^, [jgmac1106], [tantek], leg, asymptotically and swentel joined the channel
#
vika_nezrimaya
Question. The token endpoint returns a "me" parameter in response to a request that provides a "me" parameter. Is the expression `request.body.me == response.body.me` true in all cases? In which cases it is not, if it can be false?
#
vika_nezrimaya
oh wait
#
vika_nezrimaya
I think I jumbled up some flows
#
vika_nezrimaya
ok the question is void
#
@megarush1024
↩ī¸ Regarding creation of content, micropub is a thing, microsub to subscribe, heavy use of microformats 2, CMSs for this include Known as well as others, meant to be intentionally platform-agnostic. +
(twitter.com/_/status/1209858883331772416)
#
@megarush1024
↩ī¸ Also webmention is key so domains/people can talk to each other regardless of platform, and also some non-Mastodon ActivityPub implementations. Hope this helps.
(twitter.com/_/status/1209859218284720129)
[Sadik_Shahadu] joined the channel
#
vika_nezrimaya
ok I have a problem
TIMDiscord[m] and JohnAlonsoDiscor joined the channel; aflofoDiscord[m] left the channel
#
vika_nezrimaya
why do token endpoints not accept JSON?
#
vika_nezrimaya
or do they?
#
aaronpk
because oauth doesn't use JSON post requests
#
vika_nezrimaya
and Volley doesn't seem to parse form-encoded data
#
aaronpk
it amazes me when web frameworks don't handle form-encoded data... that's just an HTML form :facepalm:
#
vika_nezrimaya
Volley's not a web framework
#
aaronpk
what is Volley?
#
Loqi
It looks like we don't have a page for "Volley" yet. Would you like to create it? (Or just say "Volley is ____", a sentence describing the term)
#
vika_nezrimaya
Volley is Android's own HTTP client
#
vika_nezrimaya
oops
#
aaronpk
😂
#
aaronpk
the client shouldn't need to parse a post request...
#
vika_nezrimaya
it's a batteries-included client :3
#
vika_nezrimaya
parses JSON for you
#
vika_nezrimaya
like requests for python
#
aaronpk
the client should be sending a form-encoded POST, and it will get JSON back
#
vika_nezrimaya
except I'll need a custom request type for that :3
#
aaronpk
I would nope not
#
aaronpk
that's pretty standard
#
vika_nezrimaya
No, I mean, how often you have to send one type of data to receive another one?
#
vika_nezrimaya
not including IndieAuth
#
aaronpk
literally every web form
#
aaronpk
also most APIs
#
vika_nezrimaya
ok I guess I could receive JSON and parse it in the onResponse() method
#
vika_nezrimaya
I still don't like Java
#
vika_nezrimaya
maybe I should learn Kotlin...
#
vika_nezrimaya
I GOT AN ACCESS TOKEN
#
vika_nezrimaya
Yay!
#
Loqi
woot
#
vika_nezrimaya
woot?
#
vika_nezrimaya
what is woot
#
Loqi
It looks like we don't have a page for "woot" yet. Would you like to create it? (Or just say "woot is ____", a sentence describing the term)
#
aaronpk
🎉
#
swentel
hmm yeah, volley can be tedious sometimes, I'd love to replace it in indigenous at some point
#
swentel
hmm can rss feeds contain a photo for the author - checking because xray doesn't look for it atm, but I don't know if it's possible anyway :)
#
swentel
hmm nvm, will do it differently :)
#
vika_nezrimaya
swentel: oh hey
#
vika_nezrimaya
I'm just designing a comptetitor for Indigenous that will send JSON responses instead of form-encoded
#
vika_nezrimaya
'cause I like it more...
dckc joined the channel
#
swentel
good luck with that :)
#
vika_nezrimaya
thanks :3
#
vika_nezrimaya
Indigenous is a nice app but it doesn't include ability to post more... unorthodox posts. Like h-ate posts, for example...
#
vika_nezrimaya
Also I don't think it can post a venue h-card
#
swentel
well, adding that would take 10 minutes or so
#
swentel
I just need to know what the screen looks like and which properties to post
#
vika_nezrimaya
Well, could it post an inner h-geo object? I don't think so!
#
vika_nezrimaya
(not without special server support at least)
#
vika_nezrimaya
I did that with curl previously, but I want to be able to import venues on the go
#
swentel
it uses the geo:uri already which works fine
#
swentel
it can call for your location with a query
#
vika_nezrimaya
oh right, I've implemented it in old Kittybox already
#
swentel
and use venues too :)
#
vika_nezrimaya
but not create venues
#
vika_nezrimaya
It uses venues from the special query (which I do have)
#
GWG
I am happy that the Android Micropub space has diversity
#
vika_nezrimaya
but I want a button "New venue" which pops me to something like NewVenueActivity that will have fields, location support (with Google Maps/some other maps view)
#
vika_nezrimaya
and then it would post it and instantly use it
#
vika_nezrimaya
or this activity will be usable from the New Object menu
#
vika_nezrimaya
basically I have an impossible dream of a single companion app that interfaces with your website
#
vika_nezrimaya
slowly, but surely I could implement that
#
GWG
I am still hoping someone will build an Overland like app for Android
#
vika_nezrimaya
Overland means aaronparecki.com-like live location tracking?
#
swentel
what would the location support do?
#
swentel
because
#
vika_nezrimaya
I'm actually planning on this
#
GWG
Most of the ones on the market are focused more on hiking than life tracking
#
vika_nezrimaya
Sometimes when I look at Google Fit, I see it tracks my location when I'm no foot
#
GWG
vika_nezrimaya: I would be a user if it met my needs
#
vika_nezrimaya
Maps are attached to my walking activity
#
vika_nezrimaya
GWG: I'm trying to make it universal and not dependent on features in Kittybox (so no proprietary stuff if possible; if not, push it as an extension of the standard)
#
GWG
What is kittybox?
#
Loqi
It looks like we don't have a page for "kittybox" yet. Would you like to create it? (Or just say "kittybox is ____", a sentence describing the term)
#
vika_nezrimaya
Kittybox is a Micropub server built by Vika for her website, https://fireburn.ru.
#
Loqi
Vika
#
vika_nezrimaya
it
#
vika_nezrimaya
it's me :3
#
swentel
so what fields does a venue have?
#
Loqi
АĐŊŅ‚иĐēĐ°Ņ„Đĩ КŅ€Ņ‹ĐģŅŒŅ
#
vika_nezrimaya
here's a venue for you :3
#
vika_nezrimaya
It should have a name, preferably should have a location, also could have photos, a note and everything an h-card could have
#
vika_nezrimaya
Also URLs!
#
vika_nezrimaya
It could have one or more URLs
#
GWG
Minimal viable fields?
#
vika_nezrimaya
p-name, p-geo/h-geo, u-photo, p-note
#
swentel
well, if I modify the checkin activity in indigenous a bit, it would probably take me 5 minutes
#
vika_nezrimaya
great :3
#
swentel
hehe :)
#
swentel
so h = card then?
#
swentel
or what's the property there?
#
aaronpk
a venue would be an h-card
#
swentel
alright
#
GWG
I just have nothing on the backend yet to handle h=card
#
vika_nezrimaya
we're discussing checkins
#
vika_nezrimaya
Location tracking could be separate but integrated with it
#
swentel
vika_nezrimaya, oh ok, so you want a nested venue h-card in the checkin
#
vika_nezrimaya
Nah
#
vika_nezrimaya
h=card too
#
GWG
vika_nezrimaya: I realized. Nested h-card my Micropub endpoint accepts, just didn't teach it how to handle top level
#
vika_nezrimaya
GWG: A background service that tracks your location (using GMS to get GPS data to drain less battery - hope you have GApps 'cause I do) and sends it to an endpoint of some sort is what you want, right?
#
vika_nezrimaya
I think that's how aaronpk's tracker works
#
GWG
vika_nezrimaya: Yes, and yes
#
GWG
But there would be some customizations Overland has that I'd like and maybe more
#
vika_nezrimaya
also I think when I close near a venue, I could show a notification "Check-in to <Venue name>?" with an intent to pre-filled CheckinActivity :3
#
vika_nezrimaya
GWG: which ones? Geolocation sending interval?
#
GWG
Ability to queue points and send in longer intervals even if collecting in shorter ones
#
GWG
Ability to store from non GPS sources, like aircraft data
#
vika_nezrimaya
Aircraft data?
#
vika_nezrimaya
how would I get this?
#
GWG
From inflight wifi
#
aaronpk
on airplane wifi there's often a URL that returns in-flight info
#
aaronpk
it's accessible only from inside the plane
#
vika_nezrimaya
how to determine it? is there a standard API?
#
GWG
vika_nezrimaya: Also, ability to start and stop a trip within constant tracking
#
GWG
vika_nezrimaya: Regrettably it varies by airline
#
aaronpk
there's only a few different ones though
#
GWG
I have been cataloguing them as I fly
#
aaronpk
sadly the united airlines one doesn't include lat/lng
#
GWG
I even send my notes to aaronpk for his future use
#
vika_nezrimaya
GWG what is a trip in this context?
#
vika_nezrimaya
bike ride?
#
vika_nezrimaya
as an example
#
GWG
vika_nezrimaya: A bike ride is a good example
#
GWG
Maybe a day of sightseeing in a new city
#
GWG
A train ride
#
GWG
I want to be able to segment a series of points
#
vika_nezrimaya
that's something that Google Fit already does, by the way :3
#
vika_nezrimaya
as a silo
#
vika_nezrimaya
could either build integration with it (feeding data to it and pulling back more data, e.g. from your smartwatch - sleep data like aaronpk's) or reimplement something similar
#
vika_nezrimaya
I would need a bike to test it though
#
GWG
vika_nezrimaya: Yes, I also would like to take advantage of Google's activity api that determines what activity is
#
GWG
But also be able to manually set it as part of starting a trip
#
vika_nezrimaya
Google Fit also allows to do that, I could copy the UI
#
GWG
Fit is for a very different purpose though
#
vika_nezrimaya
it has bike rides though
#
vika_nezrimaya
that's why I'm talking about it
#
GWG
vika_nezrimaya: What are you thinking for yourself?
#
GWG
As in, what would you want in such an app?
#
vika_nezrimaya
aaronpk-like map and also I want to pull sleep data from Google Fit (Xiaomi Mi Fit pushes to it, though less often than I would like)
#
GWG
aaronpk: Re this, could you send me a snippet of what your flight data looks like when it hits the database?
#
vika_nezrimaya
maybe, just maybe I'll get some Gadgetbridge code inside so I could connect my smartwatch directly to the app
#
aaronpk
GWG: I only have it working with alaska airlines
#
GWG
aaronpk: I want to see about standardizing the properties.
#
vika_nezrimaya
also checkin suggestions
#
aaronpk
I first mash the data into the format that Compass expects (GeoJSON), and I add all the extra properties from the flight JSON as GeoJSON properties
#
vika_nezrimaya
does anyone even have checkin suggestions in their Micropub clients?
#
aaronpk
I haven't attempted to store any of the stuff like flight number in any standardized format
#
vika_nezrimaya
push notifications when near a venue
#
GWG
aaronpk: That's what I would like to think on
#
aaronpk
vika_nezrimaya: if I didn't use Swarm I would definitely pursue that, but Swarm is good enough for me still
#
GWG
I noticed you send speed as mph and I send it as m/s
#
vika_nezrimaya
never taken a single flight and I don't know what you're talking about :D
#
aaronpk
GWG: hm I thought I was storing it as meters per second
#
GWG
I just looked at the Overland readme, so I am not sure
#
GWG
That might be the app display, not storage
#
aaronpk
overland displays speed in mph or km/h depending on the phone's locale
#
GWG
vika_nezrimaya: Have you been on a train?
#
vika_nezrimaya
In the summer I do get on trains usually
#
aaronpk
"trains, or as I like to call them, ground planes"
#
GWG
Exactly
#
vika_nezrimaya
Only this year I've never travelled
#
GWG
Same experience in terms of tracking
#
vika_nezrimaya
ok I think I know the UI
#
vika_nezrimaya
I'll need to draw it first, it's fairly complex
#
GWG
The issue on planes is that GPS reception is limited, so aaronpk and I both poll the in flight WiFi to find the location
#
GWG
aaronpk: If I write up my thoughts on tracking properties, would you comment as the only other person I know doing this?
#
GWG
The reason I want to standardize is that I use Compass as a source in WordPress and it shouldn't just work for my implementation
#
GWG
I have it generating a location description differently if it is on a plane now
#
aaronpk
ah yeah I did that too, but now I forget how I find the flight number
#
GWG
It even polls the airport database to get the proper name
#
GWG
aaronpk: Thanks for some inspiration, by the way
#
GWG
vika_nezrimaya: Tell me if I can help
#
vika_nezrimaya
aaronpk GWG https://fireburn.ru/posts/1577309460
#
Loqi
[Vika] A mockup for “Train Trip” screen for a location and trip tracker integrated with IndieWeb. https://fireburn.ru/media/12/3b/c0/91/ca1afb0dc54de56447eaf17646c91477d177f27e66a5e3cb21f88718
#
vika_nezrimaya
I made a mock-up for a screen I would use for a train trip. Suggestions?
#
vika_nezrimaya
Sorry it's turned sideways! on the upside, you can flex your necks a bit
#
vika_nezrimaya
or just cheat and turn your phone sideways, provided you lock rotation
#
GWG
Looks good so far
#
vika_nezrimaya
For flights, I would turn on "airplane integration mode" in the service (probably) and it will poll the in-flight wifi on pre-determined list of endpoints until it encounters a valid one
#
vika_nezrimaya
I'll need someone to test it though, I don't fly at all!
#
GWG
vika_nezrimaya: You can determine by wifi ssid and I keep getting new examples, or others will
#
vika_nezrimaya
Great :3 getting WiFi SSID on Android is gated by the same permissions as GPS
#
vika_nezrimaya
no permission problems at all!
#
vika_nezrimaya
is there a public list somewhere?
#
vika_nezrimaya
I'll bookmark it
leg joined the channel
#
GWG
vika_nezrimaya: No, but I keep instructions in my gists
#
vika_nezrimaya
Location tracking is on my roadmap after posting with fancy post types (which doesn't have a lot of complexity)
#
GWG
For example, this is what one airline returns when you discover the right endpoint
#
GWG
Different airline
#
vika_nezrimaya
it has airports codes in it
#
GWG
So, you see the difference in level of detail
#
vika_nezrimaya
If there was a MF2 property for airport code I could use it to pre-fill takeoff and destination venues
#
GWG
vika_nezrimaya: This is what I was discussing with aaronpk... standardizing the properties... even if they are still draft
#
GWG
Although aaronpk does have h-trip
#
vika_nezrimaya
I need something like an h-card property p-airport-code on airport venues' h-cards
#
vika_nezrimaya
then I could search by airport code
#
vika_nezrimaya
would need a Micropub extension though
#
vika_nezrimaya
something like ?q=geo&airport=CODE
#
vika_nezrimaya
returns a URL for venue with this airport code
#
vika_nezrimaya
or maybe ?q=airport&code=CODE
#
GWG
I would add it to geo
#
GWG
If possible
#
swentel
so, looking at checkin indigenious: if I copy that, add a name textfield and send h=card instead of h=entry, then I'd have a venue right?
#
GWG
Yes.
#
swentel
just need to fine a nice icon :)
#
GWG
Looking at flightaware's API
#
swentel
can't choose between appartement or house for the icon
#
swentel
opinions? :)
#
swentel
ok, went for business icon, much better (not on that screenshot)
#
swentel
ok perfect, any other post type screens ? ;)
#
swentel
if not, I'll release
#
GWG
Such as?
#
swentel
well, I'm always open to add other post type/kinds screens in indigenous if I now the properties to send
#
swentel
anyway, I'll push this one as a christmas present :)
#
GWG
For vika_nezrimaya? I don't have card capabilities yet
#
swentel
well, you can test now :)
#
swentel
it's pushed into the store now
#
GWG
Card is something that would need a new data structure for me
#
GWG
How do you tell a venue from a person
#
aaronpk
you don't
#
aaronpk
it's not necessary to
#
swentel
a person probably doesn't have a location?
#
aaronpk
don't introducs typed data structures when you don't need to IMO
#
aaronpk
my nicknames cache stores h-cards and it doesn't care whether that happens to represent a person or venue or business
#
swentel
hmm right, makes sense indeed
#
swentel
I was looking at my nicknames cache too
#
swentel
in drupal
#
swentel
and it can listen to hcard from indigenous (or any other)
#
aaronpk
see also: does twitter care whether twitter accounts are people or venues or businesses? not really, you can mention accounts or tag accounts in photos all the same
#
swentel
but would currently ignore location stuff, I just need to store that as well if it's available
#
swentel
indeed
#
swentel
less work :)
#
swentel
ok, back to multi-user drupal indieweb
#
@edent
↩ī¸ @GuildOfMakers @DrLucyRogers Hello #MakersHour. I'm adding IndieWeb stuff to my websites. Learning lots about Webmention technologies.
(twitter.com/_/status/1209929485488967681)
#
GWG
I need to because of how I want to store them.
#
GWG
I want to store people in the user table.
#
GWG
But I suppose I could reconsider
#
swentel
hmm, I have a seperate entity/storage for contacts in drupal
#
swentel
because they aren't really system users
#
swentel
and it makes it easy now to add a location field/storage too (although that would work on users too, doesn't matter that much in Drupal)
[KevinMarks] joined the channel
#
GWG
swentel: I just don't want to create custom tables
#
swentel
oh ok, yeah, I don't even have to maintain that
#
GWG
The nice thing about making nicknames users is that I could use that for private posts in the future.
#
swentel
mm because you'd mark the post as private, and the owner of the post is a user then?
#
GWG
swentel: Basically
[grantcodes] joined the channel