#dev 2020-03-24

2020-03-24 UTC
[tantek] joined the channel
#
[tantek] Lol that's been proven false with plenty of js;dr sites
#
[tantek] "generally able" nah
#
[tantek] to answer your question gRegorLove, well to force everyone to duplicate their js;dr content into JSON-LD data islands
#
[tantek] sometimes able
waterbadger, [snarfed], [chrisaldrich], gRegorLove, nickodd, Kongaloosh, leg, KartikPrabhu, loicm, sscarfe and [g33kcentric] joined the channel
#
[g33kcentric] For aquasitions, would h-cite for the product itself make sense?
swentel, [jgmac1106], sscarfe, KartikPrabhu and [jeremycherfas] joined the channel
#
[jeremycherfas] !tell schmarty In checking out indiewebring, per Beko'
#
Loqi Ok, I'll tell them that when I see them next
#
[jeremycherfas] Sticky fingers.
#
[jeremycherfas] !tell schmarty In checking out indiewebring, per beko’s post, I discovered that you aren’t detecting the h-card on my home page, even though indiewebify me does find it. Anything I should do?
#
Loqi Ok, I'll tell them that when I see them next
#
sknebel [jeremycherfas]: for your homepage? I suspect it doesn't like that the h-card doesn't have a url pointing to the page again
#
[jeremycherfas] Wouldn’t that be an endless loop?
#
[jeremycherfas] There arre already 7 links there. I suppose an eighth, invisible, wouldn’t hurt.
sscarfe joined the channel
#
sknebel [jeremycherfas]: to be sure, which page are we talking about?
#
[jeremycherfas] https://jeremycherfas.net
#
[jeremycherfas] I’m thinking now that the test itself may be wrong.
#
sknebel I think so too
#
[jeremycherfas] my h-card has p-name and u-url for my name and my /about page. But the microformats page says my name should link to that home page. prefereably with u-uid as well. So I think the best option now might be to remove the bit that has my name as a link to my /about page and put it outside the h-=card, and then put my name with u-url and u-uid into the h-card.
#
sknebel you can also just add a link with u-url to the homepage
#
sknebel having the visible link to your about page IMHO makes sense as a pattern for a human reading
#
[jeremycherfas] That’s what I thought 🙂
#
sknebel then keep it that way, and make the link to make the machine happy hidden or elsewhere :)
[Cheuk] joined the channel
#
[jeremycherfas] I did. Added `<a href="https://jeremycherfas.net" class="u-url u-uid"></a>` to my h-card and now all works fine. But I’m still not sure whether indiewebify.me’s test for a representative h-card was wrong, or I was.
#
sknebel think the test is wrong, but didn't see where in the code on a quick glance :/
#
[jeremycherfas] So, let’s call it a workaround.
mastermidn13, hs0ucy, KartikPrabhu, sscarfe, waterbadger and [jgmac1106] joined the channel
#
aaronpk Instagram is turning off their old api, so a ton of tools will stop working this month
#
aaronpk https://www.instagram.com/developer/
loicm, mastermidn13, jenelizabeth, superjen96 and [schmarty] joined the channel
#
[schmarty] [grantcodes] have you been getting warnings about the minimist package for any of your indieauth JS packages?
#
Loqi [schmarty]: [jeremycherfas] left you a message 4 hours, 4 minutes ago: In checking out indiewebring, per Beko'
#
Loqi [schmarty]: [jeremycherfas] left you a message 4 hours, 3 minutes ago: In checking out indiewebring, per beko’s post, I discovered that you aren’t detecting the h-card on my home page, even though indiewebify me does find it. Anything I should do?
#
[schmarty] nearest i can tell the best way forward is to upgrade babel from 6.x to 7.x but there are incompatibilities in how they're configured
#
[schmarty] (the infamous javascript build stack bit rot problem)
#
[schmarty] wonders if he can port the code so it doesn't require a build tool.
#
Zegnat I was getting security warnings for that one inside my website archiver, I believe. But I mostly decided not to care as none of the code is frontfacing, there is a PHP app that sends commands to it over beanstalkd
[grantcodes] joined the channel
#
[grantcodes] No, not seen anything yet
#
[grantcodes] I think some of the security warnings aren't really that relevant, it's almost certainly in the build, not the actual end package
#
Zegnat Is your code actually affected by the problem, [schmarty]?
#
Zegnat https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 is the actual vulnerability. It can merge slightly too much into an object thus changing its prototype.
#
Zegnat But that may not affect your actual use
#
[schmarty] zegnat: to be honest, i consider the "problem" to be that github is sending me vulnerability emails
#
[schmarty] minimist is way down in the dependency tree so i am not sure how it is used
#
[schmarty] this is in my indieauth-authentication plugin which i derived from some grantcodes plugin (indieauth-micropub ?)
#
[schmarty] so i didn't set up the es6 pipeline and therefore don't understand it 😅
#
Zegnat If you are not sending any public-supplied strings to be parsed by minimist (and minimist is usually for parsing commands passed over CLI, which you are probably also not doing) there should be no vulnerability on your end
#
Zegnat At least that is why I decided to ignore it in my project for now ;)
#
[schmarty] heh. it is very tempting to tell gh to shush about it.
#
[grantcodes] Especially if it's in the dev dependencies
nickodd joined the channel
#
[schmarty] good point - it is a dev dependency and not a prod dependency.
#
[schmarty] but it does get me a little grumpy about how mushy these dependency trees become over time.
#
[grantcodes] Is there such a thing as perfect package management? 😛
#
aaronpk the best code is no code
#
[schmarty] no package management 😛
#
[schmarty] ^^
#
Zegnat For those interested in knowing what the problem at the root of this minimist thing is, this is an OK summary of how it bit many other libraries throughout the years: https://medium.com/intrinsic/javascript-prototype-poisoning-vulnerabilities-in-the-wild-7bc15347c96
#
Zegnat So much so that some frameworks use a drop-in replacement for JSON.parse() to make sure they do not make the same mistake: https://github.com/hapijs/bourne
#
Loqi [hapijs] bourne: :office: JSON.parse() drop-in replacement with prototype poisoning protection
#
Zegnat (Fun fact when I first learned about that, I immediately went on to bypass their protection: https://github.com/hapijs/bourne/pull/10)
#
Loqi [Zegnat] #10 Fix uppercase hex strings validating as safe
#
aaronpk lol nice
KartikPrabhu joined the channel
#
@JmacDotOrg What started as a quick “I should list three Webmention-using websites I like, just showing examples of webmentions in practice” blog post has mutated into a booklet-length Explainer and after three hours I have the outline mostly done. So y’all have that to look forward to. (twitter.com/_/status/1242471759405895681)
sscarfe, gRegorLove, Nuve and [tantek] joined the channel
#
[tantek] Salt[m], you were asking about contacts/calendar for IndieWeb
#
[tantek] I definitely think there is a spectrum of features, from easy/simple to complete replacement of all silo/device defaults for contacts/calendar for the IndieWeb
#
[tantek] start with /contact (a page on your site for contacting *you*), and /event posts
#
[tantek] building those will help you understand some more of the problem space, and get you something tangible you can incrementally use
#
jacky no code?!!
#
jacky but but my RNA?!
#
jacky lol
#
superkuh No code is how I do webmentions.
sscarfe, loicm, KartikPrabhu, beko and [LewisCowles] joined the channel
#
[LewisCowles] aaronpk++ nocode
#
Loqi aaronpk has 57 karma in this channel over the last year (204 in all channels)
#
[LewisCowles] Also NoUI++
#
Loqi NoUI has 1 karma over the last year
#
gRegorLove Re: https://chat.indieweb.org/dev/2020-03-24#t1585051879918100
#
Loqi [[jeremycherfas]] I did. Added `<a href="https://jeremycherfas.net" class="u-url u-uid"></a>` to my h-card and now all works fine. But I’m still not sure whether indiewebify.me’s test for a representative h-card was wrong, or I was.
#
[LewisCowles] What is NoUI?
#
Loqi It looks like we don't have a page for "NoUI" yet. Would you like to create it? (Or just say "NoUI is ____", a sentence describing the term)
#
gRegorLove [jeremycherfas], can you let me know what the markup was on your homepage before? I'll check on the indiewebify.me test. It's been updated in the last year to fix some representative h-card issues
#
@Geek_Centric Webmention test, like and comment! https://itsjustk.com/2020/03/24/2 (twitter.com/_/status/1242510512543457280)
[jeremycherfas] joined the channel
#
[jeremycherfas] Sure.
#
[LewisCowles] NoUI is the absence of need for a user interface, with automated actions or derived fields. You may setup computed fields which save users input. Perhaps if they are logged in using IndieAuth, the username field or email is pre-populated. Unless control is necessary avoiding the cognitive load to design and present it is best spent on making it not needed.
#
Loqi ok
#
[jeremycherfas] !tell gregorlove https://gist.github.com/jeremycherfas/b1b11412635a02fd3f8c87124dd06627
#
Loqi Ok, I'll tell them that when I see them next
#
gRegorLove thanks!
#
[jeremycherfas] And when I added `<a href="<https:jeremycherfas.net>" class="u-url u-uid"></a>` at the end of the list, indiewebring treated it as a representative h-card.
#
gRegorLove ah, and indiewebify.me was reporting it as represenative before you added that, right?
#
gRegorLove I think that's correct because you have one or more u-url matching a rel-me
#
gRegorLove "if the page contains an h-card with a url property value which also has a rel=me relation (i.e. matches a URL in parse_results.rels.me), the first such h-card is the representative h-card"
#
gRegorLove not sure if indiewebring is doing representative h-card or authorship algorithm
#
gRegorLove hm, webring is doing representative h-card parsing and it looks correct at a glance, but not sure.
[kimberlyhirsh] joined the channel; nickodd left the channel
#
jacky what is the command line
#
Loqi It looks like we don't have a page for "command line" yet. Would you like to create it? (Or just say "command line is ____", a sentence describing the term)
#
jacky hm
#
jacky I want something to like automate backporting my Twitter posts to my site
#
jacky might have to hand roll this one
[KevinMarks] joined the channel
#
gRegorLove you mean PESOS or a one-time dump?
#
jacky one time dump
#
jacky I got my archive downloading right now
#
jacky the goal is to back-fill all of my old posts (only original ones for now)
#
[tantek] what is backfill
#
Loqi backfill is the action of importing all your past posts, typically from a social media silo, into your own site https://indieweb.org/backfill
#
jacky that + enabling auto-deletion of tweets is the only thing preventing me from making twitter write-only
#
sknebel gRegorLove: ah yeah, that's what I missed - I somehow thought it had to be to the current page too
#
jacky that tumblr import link for wordpress seems a bit irrelevant and is cluttering :(
#
jacky oh is it documenting the _process_?
#
sknebel and I supose the webring wants a canonical h-card *for the specific url*, not just any
#
gRegorLove jacky, there is https://github.com/sferik/t#using-t-for-backup (no personal experience with it)
#
Loqi [sferik] t: A command-line power tool for Twitter.
#
[tantek] I've used that to get a dump in the past, i.e. all my pre-2010 tweets. it was quite efficient
[aaronpk] joined the channel
#
jacky ahhh I remember this
#
jacky I've already begun the export process (currently downloading 20 gigs of data)
#
[tantek] wow
#
[tantek] I don't think I need to export anything since 2010 however since it's all on my own site.
#
[tantek] maybe dms if I really cared?
#
jacky yeah
#
jacky I keep those (for now) but I might go through it and delete some
#
jacky side effects of all or nothing approach
[jgmac1106] joined the channel
#
[jgmac1106] jmac not on the wild at all, but an example of builiding a quick Graph from tomorrow's credweb W3c community group:
#
[jgmac1106] The person who posts at URL [ https://twitter.com/Craig_A_Spencer ] is a professional [ Emergency Room Doctor ] according to the page at URL [ https://www.mailman.columbia.edu/people/our-faculty/cs2941 ] which I find credible.
#
[jgmac1106] if that doesn't sound like a perfect job for a webmention
[snarfed] joined the channel
#
[snarfed] huh that's rel-me discovery/verification, right? not webmention?
#
jacky ^
#
[jgmac1106] no they are using JSON-LD and RDFa to build graphs...just discussion level stuff added to quick agenda
#
[jgmac1106] but my thought was a bit of rel=me between the h-card and the webpage, but knowing how fast pages change if I was said Dr, Id want a webmention
loicm and [LewisCowles] joined the channel
#
jacky re: u-{photo,motif,...}
#
jacky using u-photo keeps it predictable!
#
[LewisCowles] tantek++
#
Loqi tantek has 21 karma in this channel over the last year (118 in all channels)
#
gRegorLove h-card has u-logo as well
Nuve, geoffo and [aaronpk] joined the channel
#
GWG gRegorLove: I forgot about u-logo
#
GWG Is anyone active here using it?
#
jacky for my apps (that are down), yeah
#
jacky i think quill does too
#
[LewisCowles] I found u-logo, it's more that I have two and one is a motif (closest to logo) and the other is an avatar
#
[LewisCowles] the avatar was literally created from a photo of me by me
#
[LewisCowles] the logo motif is just 2 letters that are visually distinctive
#
[LewisCowles] @GWG I will be using it
#
GWG When I was converting JSON-LD into MF2, I used photo inside an org h-card. Wondering if I should have used logo
#
gRegorLove I've used u-logo for some work projects where the h-card represents an org
#
[LewisCowles] I suppose so long as the parser is permissive I can mark-up what I like
#
gRegorLove Sure, the question is always "what is the consuming use-case?"
#
jacky ^
#
[LewisCowles] Someone that wants a representation of me, to be most specific from least specific, with cascade order
#
[LewisCowles] u-photo
#
[LewisCowles] u-avatar
#
[LewisCowles] u-logo
#
[LewisCowles] what I look like
#
[LewisCowles] a consistent simple graphic to serve as a sign / symbol of me
#
[LewisCowles] a representation I've chosen of me (doesn't have to be human but can be more complex, just not photo realistic)
#
[LewisCowles] it happens to be my avatar is simple, but avatars can be complex. Confusingly they can also be photo-realistic
[chrisaldrich] joined the channel
#
[LewisCowles] I don't want a photo so IndieWeb in slack shows me with an avatar
#
[LewisCowles] But My facebook has a photo
#
[LewisCowles] and my website has a logo
#
jacky tbh this is an interesting case
#
[LewisCowles] It's probably a sign of how much neuroticism I've spent over the years. The good news is I've not made a new one since 2014
#
[LewisCowles] I stopped at 3 levels
#
[LewisCowles] 😂
#
gRegorLove hehe
#
GWG There's a u-avatar?
#
GWG I missed that.
#
[LewisCowles] There is not. I'm kinda going to mark one up though
#
[LewisCowles] It could be a case of "Hi, I'm {name} <photo>. You may know me as {tag} <avatar> [maybe context?], I work for <logo>"
#
gRegorLove Hm, not sure I follow the distinction between photo and avatar. Like anything that someone would upload to a social media profile would be u-photo to me.
#
gRegorLove Regardless if it's an actual self photo or some stylistic graphic
#
GWG gRegorLove: I agree with your statements
#
gRegorLove My favicon is a lowercase g, so I'd be more likely to set that as u-logo (thoug I don't think I do, yet)
#
jacky (or u-icon since it's like a rel=icon!)
#
jacky also for custom properties, they're conventionally marked up as `${type}-x-${field}` (like h-x-app or p-x-generator)
#
jacky uses the generator because he plans to use it to check in his editor if the provided generator is the same as the one creating for potential warnings about compatibility
#
gRegorLove [LewisCowles], Here's an attempt of what I'd markup for what you described http://php.microformats.io/?id=20200324225123155
#
gRegorLove jacky, not sure there's consumers for u-icon?
#
gRegorLove There's mixed opinions on recommended use of `-x`
#
gRegorLove oops, missed the u-photo in the top-level h-card. That could go after the nickname in that example
#
jacky web browsers :)
#
jacky (that's being pedantic at that point tho)
#
jacky I agree toh
#
jacky *tho
#
[LewisCowles] I quite like it, and jacky, I'd totally settle on u-icon if it worked, but u-x-avatar will work for me too
#
jacky tbh as someone working on a reader, the less things to 'resolve', the easier to build
#
sknebel since I just looked it up: the microformatswiki says "u-logo - a logo representing the person or organization (e.g. a face icon)" vs. "u-photo - a photo of the person or organization "
#
[LewisCowles] [gRegorLove] ++ for the example and the extension representation
#
Loqi [gRegorLove] has 11 karma in this channel over the last year (73 in all channels)
#
sknebel but maybe that's worth updating
#
jacky hmmm
#
gRegorLove yeah, I noticed that ambiguity, heh
#
[LewisCowles] I am sorry that I engage in this level of specificity
#
jacky nah it's good
#
jacky if not you
#
jacky then someone else would have :)
#
gRegorLove no apology needed, that's what dev is for :)
#
jacky this way, they'll have an answer
#
sknebel no need to apologize for this!
#
jacky joins in a group hug
#
gRegorLove stands 2m back from the hug
#
jacky lmfao
#
jacky I am curious tho
#
jacky if I came across a h-card that had multiple photos and avatars, which one should I use?
#
[LewisCowles] it's okay, but it might violate a few CoC too
#
jacky I _could_ pick just the first one
#
[LewisCowles] photo if provided
#
jacky hm
#
[LewisCowles] avatar if no photo as it's explicitly saying, I prefer this
#
jacky so I remembered just now that rel=me does this thing with `authn` https://indieweb.org/RelMeAuth
#
jacky might be interesting to 'overload' here?
#
jacky like the specified one is the 'authoritative' (authv?) image to use?
#
[LewisCowles] then logo arguably could be additional to either, or as a fallback the user has set before app fallback
#
[LewisCowles] they should be stored in one place totally
#
sknebel (good night everyone, I will read backlog tomorrow)
#
jacky o/
#
[LewisCowles] to avoid a runtime cascade. It's a parse-time cascade I'm describing
#
jacky oh this is something I'd write to do one
#
jacky like I'd assoc a image URI to a uid once this algo runs
#
jacky and not do it again
#
[LewisCowles] that sounds beautiful
#
jacky the goal was to only check for h-card changes if the page it's defined on doesn't expire (with a default window of 30 days so I'm not like hammering a site)
#
[LewisCowles] I tried to sell the idea of idempotent / predictable avatar paths where I used to work when they pivoted to a "[social]-network", and it hurt me so much everyone wanted to go to rails->db->rails->s3->rails->json->users
#
jacky gotta store all the data
#
[LewisCowles] just overwrite {storage}/public/{user_pk}/avatar.ext
#
[LewisCowles] I understand representing all 3 would be mad
#
[LewisCowles] but having that level of creative control is what makes me excited about tooling
#
jacky tbh
#
jacky now I want multiple photos
#
jacky I can see this being done to make an animated h-card of sorts
#
[LewisCowles] ❤ I will enjoy seeing that
#
[LewisCowles] I'll totally follow suit if I see a way that isn't confusing, I've just never seen one yet
#
[LewisCowles] a bit like the evolution from being known for our profession, vs our chosen name, vs our chosen identity
[jacky] and [jgmac1106] joined the channel
#
jacky lol so I just looked out of the window
#
jacky and had a thought about hosting video on my site
#
jacky I don't _have_ to lol
#
jacky like all of the posts can point to media held elsewhere
#
jacky like I can look for some server to hold m3u8/HLS and AV1 file data that's more resilient to load than my site can handle
#
jacky I should probably look into proxying out my images that way too
#
jacky yeah just need a fast media endpoint for video
#
jacky and perhaps some way to query back a 'format' for a particular url (if it supports it) so I can present options to the viewer
#
jacky plots
#
[jgmac1106] wants to see how people handle the data, at least I have now solid estimates of what hosting video would cost on AWS or something...ISP won't let me serve that much bandwidth I doubt....will keep rocking Reclaim...started using University Servers back down to 40-50 gigs a day
#
gRegorLove I was wondering about that for doing /story video posts
#
[jgmac1106] I thought at somepoint they would cut me off for pushing limits of "unlimited" but never did,
#
[jgmac1106] one off videos so easy to host on the page, my video page is a basic fork of your photo page gRegor
#
gRegorLove Dreamhost is "unlimited" too, but I'm also on shared. idk, doubt I'd get heavy traffic on it
#
gRegorLove what is reclaim hosting
#
Loqi Reclaim Hosting is a web hosting company focused on the education sector to provide educators and instutitions an easy way to offer their students domains and web hosting that they own and control https://indieweb.org/Reclaim_Hosting
#
[jgmac1106] dreamhost has a specific message about their "unlimited" and don'
#
[jgmac1106] t be a 1% jerk who streams audio and video
#
[jgmac1106] but the occasional video/story post be easy peasy
#
jacky gRegorLove: same
#
gRegorLove Suppose it depends how ephemeral I make them
#
[jgmac1106] they made it a bit more specific: https://www.dreamhost.com/legal/unlimited-policy/
#
jacky it's becoming more important for me as I being to seriously consider either deleting or downgrading my Instagram usage to a kinda public PASTA approach)
#
[jgmac1106] I don't see explicit comments about streaming video, unless it's video people really want
#
gRegorLove what is pasta
#
Loqi PASTA is an acronym/abbreviation for Publish Anywhere, Save To (private) Archive, the practice of automatically saving a copy of whatever you post on (social media) silos to someplace else under your own control, like a private directory on your own server, or a local folder on your laptop that is less vulnerable to site-death https://indieweb.org/PASTA
#
[jgmac1106] this line in in the Dreamhost policy is what turned me off, "File upload / sharing / archive / backup / mirroring / distribution sites." I do all that except distribute sites
#
jacky had to look that one tbh
#
gRegorLove I'm more worried about performance than hitting DH's limits
#
jacky simplest thing for me to do right now is to change my site to allow for me to use a different endpoint for media
#
jacky that way I can let that endpoint handle the storage and processing
#
[jgmac1106] gRegorLove I had degradation to subdirectory performance, only got rate limited once, only one pingdom warning, I did 170 gigs of bandwidth that day though
#
gRegorLove too many things. I need to focus on a few indieweb things instead of going on these rabbit trails, haha
#
gRegorLove [jgmac1106], you're on reclaim though, right? Shared or VPS?
#
[jgmac1106] if it is just a story/video, just think of it as one large photo file
#
[jgmac1106] yeah shared...was afraid they would make be bump up to an enterprise level
#
[jgmac1106] i prolly deserved it....
#
[jgmac1106] I do only shoot at 720p but as much more my students and mainly bc I am using crappy iMac camera