#dev 2020-01-18

2020-01-18 UTC
[kimberlyhirsh] joined the channel
# 00:14 
@ctietze The IndieWeb and Webmentions https://buff.ly/38lkdYR by @ttscoff

Hmm ... integrating social media activity and webmentions (modern day pingbacks) with a static website through 3rd party services never occured to me, but it sounds easy enough! (twitter.com/_/status/1218325630380539906)
[snarfed] and [AlisonW] joined the channel
# 01:01 
[AlisonW] Just thinking about identity markers, I think there's a qualitative difference between the following, but is there really?
# 01:01 
[AlisonW] * domain.tld
# 01:01 
[AlisonW] * subdom.domain.tld
# 01:01 
[AlisonW] * domain.tld/sub
# 01:01 
[AlisonW] * domain.tld/~sub
# 01:01 
[AlisonW] and if a / is accepted is there a limit of just one, or more? What about obvious get parameters (?,&, ;)
# 01:08 
aaronpk in the context of what exactly?
# 01:08 
aaronpk have you read this section that talks about indieauth profile URLs? https://indieauth.spec.indieweb.org/#user-profile-url
# 01:11 
[AlisonW] Around the idea of provable control / ownership / identity issues. Hadn't looked closely at spec - will do so.
# 01:12 
aaronpk yeah we tried to address that kind of thing in indieauth, but there was also that issue that was brought up here a couple days ago
jenelizabeth joined the channel
# 01:15 
[AlisonW] Yes, seeing that discussion pass by when catching up prompted my thought. Interesting that IP address is banned as my IPs are more fixed than the domains which may point out them!
# 01:15 
[AlisonW] Point _to_ them
# 01:17 
[AlisonW] And of course many IPv6 adresses use the MAC which is pretty fixed too. 😀
[KevinMarks] joined the channel
# 01:28 
[KevinMarks] Well, MAC addresses are modifiable in software.
[dmitshur] joined the channel
# 01:30 
[dmitshur] this is an interesting read (at least for me). https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang
jgmac1106, superjen96 and jenelizabeth joined the channel
# 02:21 
@jeremyfelt Webmentions work log 20200117 https://jeremyfelt.com/2020/01/17/webmentions-work-log-20200117/ (twitter.com/_/status/1218357794161643526)
kitt, [Michael_Beckwit, nickodd, chrisaldrich and [snarfed] joined the channel
# 05:52 
@__Sun__ #TIL Webmentions

https://alistapart.com/article/webmentions-enabling-better-communication-on-the-internet/ (twitter.com/_/status/1218410852547645440)
# 06:21 
@__Sun__ this is a test tweet for webmentions

https://mrsunshyne.gitlab.io/blog/degit (twitter.com/_/status/1218418045070143488)
[Michael_Beckwit, __sun__, KartikPrabhu, jenelizabeth, superjen96, jeneliza_, jolvera, jgmac1106, Pacer and [jgmac1106] joined the channel
# 11:20 
@kevinmarks ↩️ @fvsch You could use http://brid.gy to get webmention notifications about it. (twitter.com/_/status/1218493416994152448)
# 11:20 
@kevinmarks ↩️ @fvsch You could use http://brid.gy to get webmention notifications about it. (twitter.com/_/status/1218493416994152448)
# 11:27 
@fvsch ↩️ Does it make a kind of report page or dashboard I can read? I'm not interested in adding webmentions to the bottom of my articles. (twitter.com/_/status/1218495135501242368)
# 11:31 
@kevinmarks ↩️ It calls your webmention endpoint, what you do with them is up to you. http://Brid.gy does have a summary page. You can delegate to http://webmention.io or http://mention.tech which than have json endpoints for you to check, or write your own. (twitter.com/_/status/1218496061523791873)
# 11:31 
@kevinmarks ↩️ It calls your webmention endpoint, what you do with them is up to you. http://Brid.gy does have a summary page. You can delegate to http://webmention.io or http://mention.tech which than have json endpoints for you to check, or write your own. (twitter.com/_/status/1218496061523791873)
scandichainDisco, [jgmac1106], jgmac1106, gxt, [chrisaldrich], nickodd, [Sadik_Shahadu], chrisaldrich, [snarfed] and techlifeweb joined the channel
# 17:27 
techlifeweb [snarfed]: I'll check with my host about the 406 error Bridgy is getting with techlifeweb.com. What's odd to me is that Bridgy, Twitter and my site work fine. Instagram, not so much.
techlifeweb and NinjaTrappeur joined the channel
# 17:45 
[snarfed] [techlifeweb] thanks! and it looks like your bridgy twitter stopped working years ago: https://brid.gy/twitter/techlifeweb
# 17:45 
[snarfed] unless you mean a different account?
# 17:50 
GWG aaronpk: That idea for a draft scope for IndieAuth Micropub...where is a good idea to document it?
# 17:51 
aaronpk https://github.com/indieweb/micropub-extensions/issues
# 17:51 
[snarfed] [techlifeweb] feel free to reconnect your bridgy twitter, just click the pause button on that page. login should work fine since it's different than Instagram, but it'll be a good test to see if webmentions etc work
# 17:55 
GWG Okay, so under there.Good
# 17:56 
[snarfed] oh nm, sorry, your Twitter is fine after all. https://brid.gy/twitter/TechLifeWeb
# 17:56 
[snarfed] damn case sensitivity bug https://github.com/snarfed/bridgy/issues/884
# 17:56 
Loqi [snarfed] #884 usernames should be case insensitive
# 18:02 
[snarfed] and you're right, oddly bridgy twitter is fetching https://techlifeweb.com/ just fine. confirmed in this log of it doing OPD just now: https://brid.gy/log?start_time=1579367598&key=agdicmlkLWd5chgLEgdUd2l0dGVyIgtUZWNoTGlmZVdlYgw (apologies it's slow, need to add caching)
# 18:02 
[snarfed] that is so weird
# 18:09 
techlifeweb [snarfed]: heh, never noticed I had that old lowercase version of twitter on bridgy
# 18:12 
[snarfed] my fault. sadly not easy to fix systemically. (see issue above.) sigh
[dmitshur] joined the channel
# 18:16 
[dmitshur] A small realization about the reversal of order when working with IndieAuth compared to OAuth 2.0.
# 18:16 
[dmitshur] nothing too profound, but I thought it was neat.
# 18:16 
[dmitshur] when authenticating a user via OAuth 2.0, you generally "authenticate" first, and learn information about the user second. then you have an authenticated user.
# 18:16 
[dmitshur] when authenticating a user via IndieAuth, you _first_ discover information about the user, before they're authenticated. then you authenticate them. finally you have an authenticated user.
# 18:18 
[dmitshur] (I'm aware that authenticating users via OAuth 2.0 is kinda abusing it because it's a protocol designed for authorization...)
# 18:21 
@ChrisAldrich I realized that I haven’t been syndicating content to http://Mastodon.social in a while, but now that I’ve made some changes to my site and now get responses back via http://Brid.gy, perhaps I’ll change that? (https://boffosocko.com/?p=55764956) (twitter.com/_/status/1218599273769709568)
henkvuitton joined the channel
# 18:28 
aaronpk [dmitshur]: yes except that with OAuth you first are making an assumption about what server the user is on
# 18:29 
aaronpk if you wanted to avoid that you'd have to have some initial step that asks the user what server they're on, and then that starts to look similar to IndieAuth
# 18:32 
[dmitshur] yeah. I should've been more specific in my example by saying "when authenticating a GitHub user via OAuth 2.0".
# 18:33 
[dmitshur] Aaron, have you learned if you'll be able to join https://events.indieweb.org/2020/01/indieweb-meetup-nyc-3Ss2mFU4CVfj?
# 18:34 
[dmitshur] :crossed_fingers:
# 18:34 
aaronpk ohh definitely not next week, but I will be in NY in feb!
# 18:35 
[dmitshur] ah okay
# 18:35 
[dmitshur] I hope we have another HWC event by then
# 18:35 
aaronpk although my schedule got complicated that week so I can't remember if i'm going to be there on wednesday evening specifically
# 18:36 
chrisaldrich Snarfed, I suspect it's not a mark up issue, but the case that Brid.gy doesn't support/use fragmentions to allow the parsing of WordPress comments to reply to/thread Twitter conversations? example: https://boffosocko.com/2020/01/18/55764956/#comment-275545
# 18:36 
Loqi [Chris Aldrich] It’s been a while since I’ve used it, but I notice that Mastodon Autopost, a WordPress plugin, wants to include titles now (but cleverly ignores them if they don’t exist), but will include an excerpt as the body. It also now allows for hashtags...
# 18:36 
[dmitshur] our HWCs have been happening on weekdays or weekends depending on when more people can make it, so I hope we can accommodate your schedule!
# 18:43 
[snarfed] [chrisaldrich] you mean for publish? yeah not supported right now, https://github.com/snarfed/bridgy/issues/445 , but I'd happily accept a PR!
# 18:43 
Loqi [csarven] #445 publish: support fragment for identifying individual entry
# 18:44 
chrisaldrich thanks snarfed! I figured as much. :)
# 18:44 
chrisaldrich snarfed++ for brid.gy
# 18:44 
Loqi snarfed has 50 karma in this channel over the last year (89 in all channels)
# 19:04 
techlifeweb Got the 406 fixed but now I'm getting another mod_security error. Sigh.
# 19:06 
techlifeweb Though this one is probably related to indieauth in general because I could never get things like OwnYourGram working
# 19:07 
aaronpk possibly blocking the Authorization header then?
# 19:08 
techlifeweb For the sake of future searches, these where the mod_security ids they had to whitelist for brid.gy to stop returning a 406: 340157, 9009999,380122 and 340016
# 19:08 
techlifeweb aaronpk possibly. I don't know enough about that stuff.
# 19:12 
techlifeweb I enter my URL on https://brid.gy/instagram/start?feature=listen&x=126&y=23&scope= and I get a page saying "An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security." not too much to go on other than Mod_Security issue.
krychu joined the channel; techlifeweb left the channel
# 19:33 
sknebel what is mod_security?
# 19:33 
Loqi mod_security is a web application firewall for the Apache web server https://indieweb.org/mod_security
# 19:33 
sknebel mod_security << https://chat.indieweb.org/dev/2020-01-18/1579374490093200
# 19:33 
Loqi ok, I added "https://chat.indieweb.org/dev/2020-01-18/1579374490093200" to a new "See Also" section of /mod_security https://indieweb.org/wiki/index.php?diff=67932&oldid=64204 
KartikPrabhu, gRegorLove, jenelizabeth, superjen96, DigDug, techlifeweb, wagle, [snarfed], [Michael_Beckwit and [dmitshur] joined the channel; nickodd and techlifeweb left the channel
# 23:18 
[dmitshur] ok, believe it or not, I might be nearly done with my web sign in support for IndieAuth (and RelMeAuth with GitHub).
# 23:18 
[dmitshur] what's next is reviewing and cleaning up the code.
# 23:18 
[dmitshur] if anyone wants to try to sign in to https://dev.dmitri.shuralyov.com/login with your site and let me know how it goes, I'd appreciate it.
# 23:18 
[dmitshur] but  I don't see any large remaining things to implement and it seems to work securely as far as I can tell.
# 23:28 
aaronpk [dmitshur]: cool!
# 23:28 
aaronpk I just tried it and I have some legacy code in mine but it caused an error
# 23:28 
aaronpk if you add Accept: application/json to the auth code verification request then it'll work
# 23:28 
[dmitshur] do you mind sharing what the error was?
# 23:28 
[dmitshur] got it; let me try
# 23:29 
aaronpk because the first draft of indieauth used form-encoded responses, I had to make my site return that by default unless explicitly asked for json
# 23:29 
aaronpk i'm definitely an edge case here because it's been a while since that was the default
dmcweeney joined the channel
# 23:30 
[dmitshur] I do see `Accept: application/json` header shown in the example at https://indieauth.spec.indieweb.org/#authorization-code-verification and I have no problem with being more explicit in my request.
# 23:31 
[dmitshur] especially since I check that the response has Content-Type json hehe
# 23:31 
aaronpk 👍
# 23:32 
dmcweeney Does anyone know how I would remove sidebars from this page: https://drewmcweeney.com/category/freeyourmindblog/ ... I removed the sidebars for the rest of my site but this category page has sidebars. I used CSS to get rid of all the sidebars on my website so is the CSS the same? And if so, would I need a page ID to do it? How do I access a page ID from a category page?
# 23:34 
dmcweeney My CSS that I generated to remove sidebars is (this is an example for one page): /* Remove sidebars from page "Electronic Music" */ .page-id-4048 sidebar.s1.collapsed, .page-id-4048 .sidebar.s1.collapsed, .single-post .sidebar.s1.collapsed { 	display: none; } .page-id-4048 sidebar.s2.collapsed, .page-id-4048 .sidebar.s2.collapsed, .single-post .sidebar.s2.collapsed { 	display: none; }
chrisaldrich joined the channel
# 23:37 
[dmitshur] [aaronpk] thanks for catching that. it should be fixed now, can you try again?
techlifeweb joined the channel
# 23:49 
chrisaldrich dmcweeney, how did you remove them from the rest of the site?
# 23:50 
chrisaldrich When I look at your site at 100% zoom in chrome, it shows up so large as to cut the sidebars off, but it looks wonky as a result.
# 23:51 
dmcweeney I did this for the rest of the site:
# 23:51 
dmcweeney .page-id-4048 sidebar.s1.collapsed, .page-id-4048 .sidebar.s1.collapsed, .single-post .sidebar.s1.collapsed { display: none; } .page-id-4048 sidebar.s2.collapsed, .page-id-4048 .sidebar.s2.collapsed, .single-post .sidebar.s2.collapsed { display: none; }
# 23:52 
dmcweeney except each page had a different id #
# 23:53 
chrisaldrich which theme are you using?
# 23:54 
dmcweeney Humean theme - If you go to this link: drewmcweeney.com/category/freeyourmindblog ... you will see the two sidebars, yet all other pages don't have the two sidebars
# 23:54 
chrisaldrich while you're using display: none, the data still all appears, it just doesn't render. You'd probably be better off removing the code that renders the sidebars altogether.
# 23:56 
dmcweeney  snipboard.io/Bm6TlW.jpg
# 23:57 
dmcweeney this is an image of what it looks like
# 23:57 
dmcweeney *that
# 23:59 
chrisaldrich dmcweeney, this may be a simpler way of removing the sidebars everywhere: https://www.wpbeginner.com/wp-themes/how-to-remove-the-sidebar-in-wordpress/