#dev 2020-03-24

2020-03-24 UTC
[tantek] joined the channel
#
[tantek]
Lol that's been proven false with plenty of js;dr sites
#
[tantek]
"generally able" nah
#
[tantek]
to answer your question gRegorLove, well to force everyone to duplicate their js;dr content into JSON-LD data islands
#
[tantek]
sometimes able
waterbadger, [snarfed], [chrisaldrich], gRegorLove, nickodd, Kongaloosh, leg, KartikPrabhu, loicm, sscarfe and [g33kcentric] joined the channel
#
[g33kcentric]
For aquasitions, would h-cite for the product itself make sense?
swentel, [jgmac1106], sscarfe, KartikPrabhu and [jeremycherfas] joined the channel
#
[jeremycherfas]
!tell schmarty In checking out indiewebring, per Beko'
#
Loqi
Ok, I'll tell them that when I see them next
#
[jeremycherfas]
Sticky fingers.
#
[jeremycherfas]
!tell schmarty In checking out indiewebring, per beko’s post, I discovered that you aren’t detecting the h-card on my home page, even though indiewebify me does find it. Anything I should do?
#
Loqi
Ok, I'll tell them that when I see them next
#
sknebel
[jeremycherfas]: for your homepage? I suspect it doesn't like that the h-card doesn't have a url pointing to the page again
#
[jeremycherfas]
Wouldn’t that be an endless loop?
#
[jeremycherfas]
There arre already 7 links there. I suppose an eighth, invisible, wouldn’t hurt.
sscarfe joined the channel
#
sknebel
[jeremycherfas]: to be sure, which page are we talking about?
#
[jeremycherfas]
I’m thinking now that the test itself may be wrong.
#
sknebel
I think so too
#
[jeremycherfas]
my h-card has p-name and u-url for my name and my /about page. But the microformats page says my name should link to that home page. prefereably with u-uid as well. So I think the best option now might be to remove the bit that has my name as a link to my /about page and put it outside the h-=card, and then put my name with u-url and u-uid into the h-card.
#
sknebel
you can also just add a link with u-url to the homepage
#
sknebel
having the visible link to your about page IMHO makes sense as a pattern for a human reading
#
[jeremycherfas]
That’s what I thought 🙂
#
sknebel
then keep it that way, and make the link to make the machine happy hidden or elsewhere :)
[Cheuk] joined the channel
#
[jeremycherfas]
I did. Added `<a href="https://jeremycherfas.net" class="u-url u-uid"></a>` to my h-card and now all works fine. But I’m still not sure whether indiewebify.me’s test for a representative h-card was wrong, or I was.
#
sknebel
think the test is wrong, but didn't see where in the code on a quick glance :/
#
[jeremycherfas]
So, let’s call it a workaround.
mastermidn13, hs0ucy, KartikPrabhu, sscarfe, waterbadger and [jgmac1106] joined the channel
#
aaronpk
Instagram is turning off their old api, so a ton of tools will stop working this month
loicm, mastermidn13, jenelizabeth, superjen96 and [schmarty] joined the channel
#
[schmarty]
[grantcodes] have you been getting warnings about the minimist package for any of your indieauth JS packages?
#
Loqi
[schmarty]: [jeremycherfas] left you a message 4 hours, 4 minutes ago: In checking out indiewebring, per Beko'
#
Loqi
[schmarty]: [jeremycherfas] left you a message 4 hours, 3 minutes ago: In checking out indiewebring, per beko’s post, I discovered that you aren’t detecting the h-card on my home page, even though indiewebify me does find it. Anything I should do?
#
[schmarty]
nearest i can tell the best way forward is to upgrade babel from 6.x to 7.x but there are incompatibilities in how they're configured
#
[schmarty]
(the infamous javascript build stack bit rot problem)
#
[schmarty]
wonders if he can port the code so it doesn't require a build tool.
#
Zegnat
I was getting security warnings for that one inside my website archiver, I believe. But I mostly decided not to care as none of the code is frontfacing, there is a PHP app that sends commands to it over beanstalkd
[grantcodes] joined the channel
#
[grantcodes]
No, not seen anything yet
#
[grantcodes]
I think some of the security warnings aren't really that relevant, it's almost certainly in the build, not the actual end package
#
Zegnat
Is your code actually affected by the problem, [schmarty]?
#
Zegnat
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 is the actual vulnerability. It can merge slightly too much into an object thus changing its prototype.
#
Zegnat
But that may not affect your actual use
#
[schmarty]
zegnat: to be honest, i consider the "problem" to be that github is sending me vulnerability emails
#
[schmarty]
minimist is way down in the dependency tree so i am not sure how it is used
#
[schmarty]
this is in my indieauth-authentication plugin which i derived from some grantcodes plugin (indieauth-micropub ?)
#
[schmarty]
so i didn't set up the es6 pipeline and therefore don't understand it 😅
#
Zegnat
If you are not sending any public-supplied strings to be parsed by minimist (and minimist is usually for parsing commands passed over CLI, which you are probably also not doing) there should be no vulnerability on your end
#
Zegnat
At least that is why I decided to ignore it in my project for now ;)
#
[schmarty]
heh. it is very tempting to tell gh to shush about it.
#
[grantcodes]
Especially if it's in the dev dependencies
nickodd joined the channel
#
[schmarty]
good point - it is a dev dependency and not a prod dependency.
#
[schmarty]
but it does get me a little grumpy about how mushy these dependency trees become over time.
#
[grantcodes]
Is there such a thing as perfect package management? 😛
#
aaronpk
the best code is no code
#
[schmarty]
no package management 😛
#
Zegnat
For those interested in knowing what the problem at the root of this minimist thing is, this is an OK summary of how it bit many other libraries throughout the years: https://medium.com/intrinsic/javascript-prototype-poisoning-vulnerabilities-in-the-wild-7bc15347c96
#
Zegnat
So much so that some frameworks use a drop-in replacement for JSON.parse() to make sure they do not make the same mistake: https://github.com/hapijs/bourne
#
Loqi
[hapijs] bourne: :office: JSON.parse() drop-in replacement with prototype poisoning protection
#
Zegnat
(Fun fact when I first learned about that, I immediately went on to bypass their protection: https://github.com/hapijs/bourne/pull/10)
#
Loqi
[Zegnat] #10 Fix uppercase hex strings validating as safe
#
aaronpk
lol nice
KartikPrabhu joined the channel
#
@JmacDotOrg
What started as a quick “I should list three Webmention-using websites I like, just showing examples of webmentions in practice” blog post has mutated into a booklet-length Explainer and after three hours I have the outline mostly done. So y’all have that to look forward to.
(twitter.com/_/status/1242471759405895681)
sscarfe, gRegorLove, Nuve and [tantek] joined the channel
#
[tantek]
Salt[m], you were asking about contacts/calendar for IndieWeb
#
[tantek]
I definitely think there is a spectrum of features, from easy/simple to complete replacement of all silo/device defaults for contacts/calendar for the IndieWeb
#
[tantek]
start with /contact (a page on your site for contacting *you*), and /event posts
#
[tantek]
building those will help you understand some more of the problem space, and get you something tangible you can incrementally use
#
jacky
no code?!!
#
jacky
but but my RNA?!
#
superkuh
No code is how I do webmentions.
sscarfe, loicm, KartikPrabhu, beko and [LewisCowles] joined the channel
#
[LewisCowles]
aaronpk++ nocode
#
Loqi
aaronpk has 57 karma in this channel over the last year (204 in all channels)
#
[LewisCowles]
Also NoUI++
#
Loqi
NoUI has 1 karma over the last year
#
Loqi
[[jeremycherfas]] I did. Added `<a href="https://jeremycherfas.net" class="u-url u-uid"></a>` to my h-card and now all works fine. But I’m still not sure whether indiewebify.me’s test for a representative h-card was wrong, or I was.
#
[LewisCowles]
What is NoUI?
#
Loqi
It looks like we don't have a page for "NoUI" yet. Would you like to create it? (Or just say "NoUI is ____", a sentence describing the term)
#
gRegorLove
[jeremycherfas], can you let me know what the markup was on your homepage before? I'll check on the indiewebify.me test. It's been updated in the last year to fix some representative h-card issues
[jeremycherfas] joined the channel
#
[LewisCowles]
NoUI is the absence of need for a user interface, with automated actions or derived fields. You may setup computed fields which save users input. Perhaps if they are logged in using IndieAuth, the username field or email is pre-populated. Unless control is necessary avoiding the cognitive load to design and present it is best spent on making it not needed.
#
Loqi
Ok, I'll tell them that when I see them next
#
[jeremycherfas]
And when I added `<a href="<https:jeremycherfas.net>" class="u-url u-uid"></a>` at the end of the list, indiewebring treated it as a representative h-card.
#
gRegorLove
ah, and indiewebify.me was reporting it as represenative before you added that, right?
#
gRegorLove
I think that's correct because you have one or more u-url matching a rel-me
#
gRegorLove
"if the page contains an h-card with a url property value which also has a rel=me relation (i.e. matches a URL in parse_results.rels.me), the first such h-card is the representative h-card"
#
gRegorLove
not sure if indiewebring is doing representative h-card or authorship algorithm
#
gRegorLove
hm, webring is doing representative h-card parsing and it looks correct at a glance, but not sure.
[kimberlyhirsh] joined the channel; nickodd left the channel
#
jacky
what is the command line
#
Loqi
It looks like we don't have a page for "command line" yet. Would you like to create it? (Or just say "command line is ____", a sentence describing the term)
#
jacky
I want something to like automate backporting my Twitter posts to my site
#
jacky
might have to hand roll this one
[KevinMarks] joined the channel
#
gRegorLove
you mean PESOS or a one-time dump?
#
jacky
one time dump
#
jacky
I got my archive downloading right now
#
jacky
the goal is to back-fill all of my old posts (only original ones for now)
#
[tantek]
what is backfill
#
Loqi
backfill is the action of importing all your past posts, typically from a social media silo, into your own site https://indieweb.org/backfill
#
jacky
that + enabling auto-deletion of tweets is the only thing preventing me from making twitter write-only
#
sknebel
gRegorLove: ah yeah, that's what I missed - I somehow thought it had to be to the current page too
#
jacky
that tumblr import link for wordpress seems a bit irrelevant and is cluttering :(
#
jacky
oh is it documenting the _process_?
#
sknebel
and I supose the webring wants a canonical h-card *for the specific url*, not just any
#
gRegorLove
jacky, there is https://github.com/sferik/t#using-t-for-backup (no personal experience with it)
#
Loqi
[sferik] t: A command-line power tool for Twitter.
#
[tantek]
I've used that to get a dump in the past, i.e. all my pre-2010 tweets. it was quite efficient
[aaronpk] joined the channel
#
jacky
ahhh I remember this
#
jacky
I've already begun the export process (currently downloading 20 gigs of data)
#
[tantek]
I don't think I need to export anything since 2010 however since it's all on my own site.
#
[tantek]
maybe dms if I really cared?
#
jacky
I keep those (for now) but I might go through it and delete some
#
jacky
side effects of all or nothing approach
[jgmac1106] joined the channel
#
[jgmac1106]
jmac not on the wild at all, but an example of builiding a quick Graph from tomorrow's credweb W3c community group:
#
[jgmac1106]
The person who posts at URL [ https://twitter.com/Craig_A_Spencer ] is a professional [ Emergency Room Doctor ] according to the page at URL [ https://www.mailman.columbia.edu/people/our-faculty/cs2941 ] which I find credible.
#
[jgmac1106]
if that doesn't sound like a perfect job for a webmention
[snarfed] joined the channel
#
[snarfed]
huh that's rel-me discovery/verification, right? not webmention?
#
[jgmac1106]
no they are using JSON-LD and RDFa to build graphs...just discussion level stuff added to quick agenda
#
[jgmac1106]
but my thought was a bit of rel=me between the h-card and the webpage, but knowing how fast pages change if I was said Dr, Id want a webmention
loicm and [LewisCowles] joined the channel
#
jacky
re: u-{photo,motif,...}
#
jacky
using u-photo keeps it predictable!
#
Loqi
tantek has 21 karma in this channel over the last year (118 in all channels)
#
gRegorLove
h-card has u-logo as well
Nuve, geoffo and [aaronpk] joined the channel
#
GWG
gRegorLove: I forgot about u-logo
#
GWG
Is anyone active here using it?
#
jacky
for my apps (that are down), yeah
#
jacky
i think quill does too
#
[LewisCowles]
I found u-logo, it's more that I have two and one is a motif (closest to logo) and the other is an avatar
#
[LewisCowles]
the avatar was literally created from a photo of me by me
#
[LewisCowles]
the logo motif is just 2 letters that are visually distinctive
#
[LewisCowles]
@GWG I will be using it
#
GWG
When I was converting JSON-LD into MF2, I used photo inside an org h-card. Wondering if I should have used logo
#
gRegorLove
I've used u-logo for some work projects where the h-card represents an org
#
[LewisCowles]
I suppose so long as the parser is permissive I can mark-up what I like
#
gRegorLove
Sure, the question is always "what is the consuming use-case?"
#
[LewisCowles]
Someone that wants a representation of me, to be most specific from least specific, with cascade order
#
[LewisCowles]
what I look like
#
[LewisCowles]
a consistent simple graphic to serve as a sign / symbol of me
#
[LewisCowles]
a representation I've chosen of me (doesn't have to be human but can be more complex, just not photo realistic)
#
[LewisCowles]
it happens to be my avatar is simple, but avatars can be complex. Confusingly they can also be photo-realistic
[chrisaldrich] joined the channel
#
[LewisCowles]
I don't want a photo so IndieWeb in slack shows me with an avatar
#
[LewisCowles]
But My facebook has a photo
#
[LewisCowles]
and my website has a logo
#
jacky
tbh this is an interesting case
#
[LewisCowles]
It's probably a sign of how much neuroticism I've spent over the years. The good news is I've not made a new one since 2014
#
[LewisCowles]
I stopped at 3 levels
#
GWG
There's a u-avatar?
#
GWG
I missed that.
#
[LewisCowles]
There is not. I'm kinda going to mark one up though
#
[LewisCowles]
It could be a case of "Hi, I'm {name} <photo>. You may know me as {tag} <avatar> [maybe context?], I work for <logo>"
#
gRegorLove
Hm, not sure I follow the distinction between photo and avatar. Like anything that someone would upload to a social media profile would be u-photo to me.
#
gRegorLove
Regardless if it's an actual self photo or some stylistic graphic
#
GWG
gRegorLove: I agree with your statements
#
gRegorLove
My favicon is a lowercase g, so I'd be more likely to set that as u-logo (thoug I don't think I do, yet)
#
jacky
(or u-icon since it's like a rel=icon!)
#
jacky
also for custom properties, they're conventionally marked up as `${type}-x-${field}` (like h-x-app or p-x-generator)
#
jacky
uses the generator because he plans to use it to check in his editor if the provided generator is the same as the one creating for potential warnings about compatibility
#
gRegorLove
[LewisCowles], Here's an attempt of what I'd markup for what you described http://php.microformats.io/?id=20200324225123155
#
gRegorLove
jacky, not sure there's consumers for u-icon?
#
gRegorLove
There's mixed opinions on recommended use of `-x`
#
gRegorLove
oops, missed the u-photo in the top-level h-card. That could go after the nickname in that example
#
jacky
web browsers :)
#
jacky
(that's being pedantic at that point tho)
#
jacky
I agree toh
#
[LewisCowles]
I quite like it, and jacky, I'd totally settle on u-icon if it worked, but u-x-avatar will work for me too
#
jacky
tbh as someone working on a reader, the less things to 'resolve', the easier to build
#
sknebel
since I just looked it up: the microformatswiki says "u-logo - a logo representing the person or organization (e.g. a face icon)" vs. "u-photo - a photo of the person or organization "
#
[LewisCowles]
[gRegorLove] ++ for the example and the extension representation
#
Loqi
[gRegorLove] has 11 karma in this channel over the last year (73 in all channels)
#
sknebel
but maybe that's worth updating
#
gRegorLove
yeah, I noticed that ambiguity, heh
#
[LewisCowles]
I am sorry that I engage in this level of specificity
#
jacky
nah it's good
#
jacky
if not you
#
jacky
then someone else would have :)
#
gRegorLove
no apology needed, that's what dev is for :)
#
jacky
this way, they'll have an answer
#
sknebel
no need to apologize for this!
#
jacky
joins in a group hug
#
gRegorLove
stands 2m back from the hug
#
jacky
lmfao
#
jacky
I am curious tho
#
jacky
if I came across a h-card that had multiple photos and avatars, which one should I use?
#
[LewisCowles]
it's okay, but it might violate a few CoC too
#
jacky
I _could_ pick just the first one
#
[LewisCowles]
photo if provided
#
[LewisCowles]
avatar if no photo as it's explicitly saying, I prefer this
#
jacky
so I remembered just now that rel=me does this thing with `authn` https://indieweb.org/RelMeAuth
#
jacky
might be interesting to 'overload' here?
#
jacky
like the specified one is the 'authoritative' (authv?) image to use?
#
[LewisCowles]
then logo arguably could be additional to either, or as a fallback the user has set before app fallback
#
[LewisCowles]
they should be stored in one place totally
#
sknebel
(good night everyone, I will read backlog tomorrow)
#
[LewisCowles]
to avoid a runtime cascade. It's a parse-time cascade I'm describing
#
jacky
oh this is something I'd write to do one
#
jacky
like I'd assoc a image URI to a uid once this algo runs
#
jacky
and not do it again
#
[LewisCowles]
that sounds beautiful
#
jacky
the goal was to only check for h-card changes if the page it's defined on doesn't expire (with a default window of 30 days so I'm not like hammering a site)
#
[LewisCowles]
I tried to sell the idea of idempotent / predictable avatar paths where I used to work when they pivoted to a "[social]-network", and it hurt me so much everyone wanted to go to rails->db->rails->s3->rails->json->users
#
jacky
gotta store all the data
#
[LewisCowles]
just overwrite {storage}/public/{user_pk}/avatar.ext
#
[LewisCowles]
I understand representing all 3 would be mad
#
[LewisCowles]
but having that level of creative control is what makes me excited about tooling
#
jacky
now I want multiple photos
#
jacky
I can see this being done to make an animated h-card of sorts
#
[LewisCowles]
❤ I will enjoy seeing that
#
[LewisCowles]
I'll totally follow suit if I see a way that isn't confusing, I've just never seen one yet
#
[LewisCowles]
a bit like the evolution from being known for our profession, vs our chosen name, vs our chosen identity
[jacky] and [jgmac1106] joined the channel
#
jacky
lol so I just looked out of the window
#
jacky
and had a thought about hosting video on my site
#
jacky
I don't _have_ to lol
#
jacky
like all of the posts can point to media held elsewhere
#
jacky
like I can look for some server to hold m3u8/HLS and AV1 file data that's more resilient to load than my site can handle
#
jacky
I should probably look into proxying out my images that way too
#
jacky
yeah just need a fast media endpoint for video
#
jacky
and perhaps some way to query back a 'format' for a particular url (if it supports it) so I can present options to the viewer
#
jacky
plots
#
[jgmac1106]
wants to see how people handle the data, at least I have now solid estimates of what hosting video would cost on AWS or something...ISP won't let me serve that much bandwidth I doubt....will keep rocking Reclaim...started using University Servers back down to 40-50 gigs a day
#
gRegorLove
I was wondering about that for doing /story video posts
#
[jgmac1106]
I thought at somepoint they would cut me off for pushing limits of "unlimited" but never did,
#
[jgmac1106]
one off videos so easy to host on the page, my video page is a basic fork of your photo page gRegor
#
gRegorLove
Dreamhost is "unlimited" too, but I'm also on shared. idk, doubt I'd get heavy traffic on it
#
gRegorLove
what is reclaim hosting
#
Loqi
Reclaim Hosting is a web hosting company focused on the education sector to provide educators and instutitions an easy way to offer their students domains and web hosting that they own and control https://indieweb.org/Reclaim_Hosting
#
[jgmac1106]
dreamhost has a specific message about their "unlimited" and don'
#
[jgmac1106]
t be a 1% jerk who streams audio and video
#
[jgmac1106]
but the occasional video/story post be easy peasy
#
jacky
gRegorLove: same
#
gRegorLove
Suppose it depends how ephemeral I make them
#
jacky
it's becoming more important for me as I being to seriously consider either deleting or downgrading my Instagram usage to a kinda public PASTA approach)
#
[jgmac1106]
I don't see explicit comments about streaming video, unless it's video people really want
#
gRegorLove
what is pasta
#
Loqi
PASTA is an acronym/abbreviation for Publish Anywhere, Save To (private) Archive, the practice of automatically saving a copy of whatever you post on (social media) silos to someplace else under your own control, like a private directory on your own server, or a local folder on your laptop that is less vulnerable to site-death https://indieweb.org/PASTA
#
[jgmac1106]
this line in in the Dreamhost policy is what turned me off, "File upload / sharing / archive / backup / mirroring / distribution sites." I do all that except distribute sites
#
jacky
had to look that one tbh
#
gRegorLove
I'm more worried about performance than hitting DH's limits
#
jacky
simplest thing for me to do right now is to change my site to allow for me to use a different endpoint for media
#
jacky
that way I can let that endpoint handle the storage and processing
#
[jgmac1106]
gRegorLove I had degradation to subdirectory performance, only got rate limited once, only one pingdom warning, I did 170 gigs of bandwidth that day though
#
gRegorLove
too many things. I need to focus on a few indieweb things instead of going on these rabbit trails, haha
#
gRegorLove
[jgmac1106], you're on reclaim though, right? Shared or VPS?
#
[jgmac1106]
if it is just a story/video, just think of it as one large photo file
#
[jgmac1106]
yeah shared...was afraid they would make be bump up to an enterprise level
#
[jgmac1106]
i prolly deserved it....
#
[jgmac1106]
I do only shoot at 720p but as much more my students and mainly bc I am using crappy iMac camera