#dev 2020-04-10

2020-04-10 UTC
TGiske, KartikPrabhu, flex14, dckc and [tantek] joined the channel
#
[tantek] The ol' microsub path
[Michael_Beckwi], [LewisCowles], [bonkerfield] and [Aaron_Klemm] joined the channel
#
[Aaron_Klemm] Would anyone know how to reach the developers of the Indigenous iOS app? I have indieauth working on my domain and successfully logged into several sites with it, but I cannot proceed in this app as it gives the following error after I put in my domain: "Token Endpoint not found on "
[prtksxna] joined the channel
#
[prtksxna] [Aaron_Klemm] It think it is maintained by [eddie] (but see https://indiewebcamp.slack.com/archives/C1PA11USK/p1586464941017200)
nickodd, [snarfed] and KartikPrabhu joined the channel
#
[Aaron_Klemm] Bad news, but thanks for clarifying.
#
[LewisCowles] maybe as we look to using more services and contributing back https://particular.net/adsd (currently free) might be of some help
#
[snarfed] fun! probably overkill for almost everything here, but can't hurt to learn
#
[snarfed] unrelated...holy crap pixelfed's oauth access tokens are long. 1084 chars! must be JWT with a bunch of stuff inside
#
@bonkerfield I'm have my site sending #webmentions and pulling from twitter thanks to http://brid.gy and the #indieweb, thanks @snarfed and @indiewebcamp https://bonkerfield.org/2020/04/getting-so-so-social/ (twitter.com/_/status/1248482603226677249)
#
@bonkerfield I'm have my site sending #webmentions and pulling from twitter thanks to http://brid.gy and the #indieweb, thanks @snarfed and @indiewebcamp https://bonkerfield.org/2020/04/getting-so-so-social/ (twitter.com/_/status/1248482603226677249)
#
[LewisCowles] snarfed I'm not sure. The hypertext interconnected indieweb is definitely a distributed system Lessons and background free knowledge never harm, but I won't strong arm anyone into it
#
[LewisCowles] RE: JWT. JWT's and all FE session get crazy big.
#
[LewisCowles] One of our apps had a single auth-endpoint rather than a carrier token to each app, and we had to alter a strangler BFF (middleware) application to allow it to process > 16kb headers. I prefer backend session-based tokens
#
@traderjosephina Can someone find the creator of this? This 18 second clip is better than thousands of 2hr films Ive seen https://twitter.com/unclesteveabbey/status/1248375149159518209/video/1 (twitter.com/_/status/1248442465234882561)
#
jacky content: https://twitter.com/traderjosephina/status/1248442465234882561
#
jacky oof wrong channel my fault
#
jacky https://norde.io/ nice icon library project
[tantek], [prtksxna], [xavierroy], loicm, KartikPrabhu, swentel, jgmac1106, gxt, hs0ucy and deathrow1 joined the channel
#
sknebel this is interesting: bug tracking stored in a git repo, with *import/export* to github/gitlab/... - could be interesting to keep backup of discussions around a repo
loicm and [LewisCowles] joined the channel
#
[LewisCowles] sknebel, you got a link?
#
sknebel ops
#
sknebel https://github.com/MichaelMure/git-bug
#
Loqi [MichaelMure] git-bug: Distributed, offline-first bug tracker embedded in git, with bridges
#
sknebel sorry :D
#
[LewisCowles] sknebel++
#
Loqi sknebel has 18 karma in this channel over the last year (57 in all channels)
[Suw] joined the channel
#
@dmitshur ↩️ Have you considered using IndieAuth (https://indieauth.spec.indieweb.org) which does the same now? I’ve implemented it on my personal site (https://github.com/shurcooL/home/issues/34) and I’m very happy with it. Especially during GitHub outages. (twitter.com/_/status/1248596283536834560)
[schmarty] joined the channel
#
[schmarty] sknebel: reminds me of ticgit https://github.com/jeffWelling/ticgit
#
Loqi [jeffWelling] ticgit: Git based distributed ticketing system, including a command line client and web viewer
#
sknebel yeah, there's a few projects trying to do tickets in the repo
[KevinMarks], vika_nezrimaya, flex14 and swentel joined the channel
#
jeremycherfas !tell aaronpk I'm cleaning up some old notes to my7self and found something about being able to send an email to a specific address at `ownyourgram.com` that will then create a micropub request. I can't find anything like that in the docs. Did I dream it?
#
Loqi Ok, I'll tell them that when I see them next
#
aaronpk quill i think
#
aaronpk if you're logged in you should see info here https://quill.p3k.io/email
#
jeremycherfas Hmmn. My note must be wrong. Let me look at Quill docs.
#
Loqi Quill
#
jeremycherfas Yup, that is it. I wonder what made me write the domain down wrong. Not that it matters.
[Michael_Beckwi] joined the channel
#
aaronpk apparently the stripe APIs i'm using are now deprecated
#
aaronpk i don't really want to upgrade this today
jamietanna joined the channel
#
jamietanna Is there any steer on what a Micropub server should do if trying to update a post that's been deleted?
#
jamietanna Because the post still exists in my Git repo, I was thinking of allowing updates, as long as the client has the `undelete` scope
#
aaronpk that makes sense
#
jamietanna The spec doesn't seem to be 100% clear on what should be returned if a post you're trying to update isn't found - I would assume a 400 because the client is requesting something invalid?
#
aaronpk yeah it's not unique to updates, all error responses are described here https://www.w3.org/TR/micropub/#error-response
vika_nezrimaya and nickodd joined the channel
#
jamietanna Cool, ty for clarification!
#
swentel hmm I should probably change the code then in drupal
#
swentel in case of trying to delete a post which doesn't exist anymore
#
swentel I return a 404 then :)
#
aaronpk 404 would tell the client the micropub endpoint doesn't exist
#
aaronpk ugh i am not interested in getting into an email vs url debate on twitter right now
#
aaronpk shakes fist at [dmitshur] lol
#
Zegnat ?
#
aaronpk see thread: https://twitter.com/apenwarr/status/1248636365153218560
#
@apenwarr @aaronpk @dmitshur @bradfitz @skarra @evntdrvn @davidcrawshaw @rstropek @schlagfell @Tailscale If login were automated like credit card forms, it would fail about 50% of the time and need me to enter a page full of unnecessary personal information by hand. That’s not a good model. Why not let me enter an email address instead? That has a domain in it. (twitter.com/_/status/1248636365153218560)
#
swentel oh right, makes sense
#
Zegnat Do we have any sort of answer as to why URL > email address?
#
Zegnat actually does not mind login that only requires their email address
#
aaronpk https://indieweb.org/Why_web_sign-in#Why_not_email
#
aaronpk kinda the same reason activitypub identities don't make sense for personal instances too
#
aaronpk e.g. i'm @aaronpk@aaronparecki.com which is redundant
#
aaronpk this is also a great point: https://twitter.com/bradfitz/status/1248489373055631361
#
@bradfitz @skarra @apenwarr @evntdrvn @davidcrawshaw @rstropek @schlagfell @Tailscale Yes, it used URLs instead of email addresses. It was ahead of its time. (Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email) Relying Parties balked at not having an email address to spam with. (twitter.com/_/status/1248489373055631361)
#
aaronpk "Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email"
#
aaronpk why web sign-in << https://twitter.com/bradfitz/status/1248489373055631361 "Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email"
#
@bradfitz @skarra @apenwarr @evntdrvn @davidcrawshaw @rstropek @schlagfell @Tailscale Yes, it used URLs instead of email addresses. It was ahead of its time. (Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email) Relying Parties balked at not having an email address to spam with. (twitter.com/_/status/1248489373055631361)
#
Loqi ok, I added "https://twitter.com/bradfitz/status/1248489373055631361 "Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email"" to the "See Also" section of /Why_web_sign-in https://indieweb.org/wiki/index.php?diff=69443&oldid=48240
[tantek] and [fluffy] joined the channel
#
Zegnat Oooh, I like that one. And it is right. Though the same “non-nerds” are not likely to share the actual URLs in my experience. Just handles/names
KartikPrabhu joined the channel
#
aaronpk hmm all that work on the payment request API was apparently for nothing
#
aaronpk i have to rip it out in order to use the simpler stripe integration
#
aaronpk cause now i have to redirect the user over to stripe and they handle the whole thing
KartikPrabhu joined the channel
#
Zegnat Hmm, wonder if the abuse would calm down if you put something like recaptcha in front of it, aaronpk
#
aaronpk probably not
#
aaronpk this is someone who bought a bunch of credit cards and is trying them out with low value transactions to see if they work, before then using them to buy actual things
#
aaronpk so they are motivated
#
Zegnat Yeah, I guess I am questioning to what extend it is manual labour.
#
aaronpk pretty sure it is
#
Zegnat Wouldn’t help then, no :(
[chrisaldrich], Lilz|BetaMeDisco, denzukoDiscord[m, chris[m], lamborghiniDisco, khalnayakDiscord, jolvera, placer141276[m], atj[m], daveatQCDiscord[, jessicaschilling, M4star3starDisco, lyon[m], kppDiscord[m]1, n9tDiscord[m], ZipperSKDiscord[, [schmarty], vika_nezrimaya, gRegorLove, [LewisCowles], OlegStotskyDisc4, MesaDiscord[m], sblinnDiscord[m], SpidermanDiscord, ambackDiscord[m], Canti0001[m], Mairkur[m], armaniferranteDi, ttocslliwDiscord, baluptonDiscord[, JonwelDiscord[m], gorhgorh[m]1, LuutheCoolDiscor, GiyomuDiscord[m], raulDiscord[m], celsoDiscord[m], virtual_vagrantD, andrewxhill[m], HaybalesDiscord[, pbvieDiscord[m], TristanDiscord[m, aaronpk[m], pvienhageDiscord, ithithDiscord[m], janttoDiscord[m], dy5es41Discord[m, anthony-albertor, skillman623Disco, bostaDiscord[m], macerbi[m], dhenz3SpeakDisco, JD9Discord[m], TianyiDiscord[m], felixschlDiscor4, jwheelerDiscord[, chmanieDiscord[4, amimDiscord[m], gmelodieDiscord[, doopDiscord[m], cesarosumDiscord, M011000100111010, Nebulous[m], distributedjoseD, pcowgillDiscord[, funwhilelostDisc, BossMANDiscord[m, JungleHeartDisco, jmank88Discord[m, nrtxrmndDiscord[, realChainDiscord, JorropoDiscord[m, drbh[m], matyas_mustohaDi, carsonfarmer[m], jimpick[m], DioBrandonDiscor, ritewhose[m], DreamingInCodeDi, mikealDiscord[m], snoopdoggydogDis, TimeOnDiscord[m], SenshiDiscord[m], SpicoliWhiteDisc, AXEL-Brian[m], Imnotsoimpressed, SnoochToTheNooch, ReallySnazzyDisc, sbpDiscord[m], KubeDiscord[m], olizillaDiscord[, prtfwDiscord[m], SuikaDiscord[m], XierumengDiscord, tobowersDiscord[, fexra|TRTLDiscor, hazDiscord[m], JustMaierDiscord, CyOp0x00Discord[, fozzie[m], mZ[m], HenniDiscord[m], arjanvaneerselDi, emersen234Discor, gunttedDiscord[m, mhzDiscord[m], M123897974564Dis, nebulerDiscord[m, aeddiDiscord[m], chmanieDiscord[m, godparticleDisco, chrisDiscord[m], raisDiscord[m], l^discordDiscord, RichardLittDisco, icaruszDiscord[4, aswiththewildDis, touzaikokonDisco, DavidFalconDisco, tplookerDiscord[, HyunwooLeeDiscor, CryptoEmpress[m], mikeal[m], thesage1014Disco, PermawebMatrixBr, kppDiscord[m], jmac and [dmitshur] joined the channel
#
[dmitshur] lol Aaron.
#
aaronpk hey at least we got someone from google to reply
nickodd left the channel
#
[dmitshur] The ability to split identifier from means of contact is the biggest motivating reason for me. It provides a means to access user contact info if the user chooses to make it accessible. If I’m sharing an invite list, I’m more comfortable sharing 50 URLs than 50 emails.
#
[dmitshur] It takes people a lot time to realize that (it took me a lot of thinking about it).
#
aaronpk tbh i think we're going to end up with something a lot more like webauthn than using any sort of shared user identifier going forward
godparticleDisco, jessicaschilling, JungleHeartDisco, JD9Discord[m], raulDiscord[m], baluptonDiscord[, realChainDiscord, JorropoDiscord[m, CyOp0x00Discord[, tobowersDiscord[, M011000100111010, SnoochToTheNooch, SpidermanDiscord, JustMaierDiscord, distributedjoseD, touzaikokonDisco, cesarosumDiscord, MesaDiscord[m], SpicoliWhiteDisc, olizillaDiscord[, dhenz3SpeakDisco, hazDiscord[m], anthony-albertor, mhzDiscord[m], matyas_mustohaDi, LuutheCoolDiscor, kppDiscord[m], pcowgillDiscord[, gorhgorh[m]1, ttocslliwDiscord, M123897974564Dis, daveatQCDiscord[, TimeOnDiscord[m], funwhilelostDisc, l^discordDiscord, sbpDiscord[m], GiyomuDiscord[m], chrisDiscord[m], icaruszDiscord[4, nebulerDiscord[m, bostaDiscord[m], XierumengDiscord, jwheelerDiscord[, celsoDiscord[m], OlegStotskyDisc4, amimDiscord[m], SuikaDiscord[m], fexra|TRTLDiscor, ambackDiscord[m], TianyiDiscord[m], dy5es41Discord[m, armaniferranteDi, arjanvaneerselDi, BossMANDiscord[m, denzukoDiscord[m, RichardLittDisco, mikealDiscord[m], DreamingInCodeDi, JonwelDiscord[m], jmank88Discord[m, gmelodieDiscord[, tplookerDiscord[, emersen234Discor, felixschlDiscor4, pbvieDiscord[m], chmanieDiscord[m, nrtxrmndDiscord[, TristanDiscord[m, Imnotsoimpressed, KubeDiscord[m], HyunwooLeeDiscor, SenshiDiscord[m], gunttedDiscord[m, sblinnDiscord[m], ReallySnazzyDisc, DavidFalconDisco, HaybalesDiscord[, HenniDiscord[m], raisDiscord[m], aeddiDiscord[m], pvienhageDiscord, janttoDiscord[m], doopDiscord[m], snoopdoggydogDis, virtual_vagrantD, prtfwDiscord[m], aswiththewildDis, DioBrandonDiscor, ithithDiscord[m], skillman623Disco, chmanieDiscord[4 and thesage1014Disco joined the channel
#
@dmitshur ↩️ The original tweet was asking about making it _possible_ to use a product without requiring third-party account, which I think is what IndieAuth enables. It's not a goal to require everyone to use it. E.g., most people still sign in to my site via GitHub, and that's fine with me. (twitter.com/_/status/1248677212439613441)
[snarfed] joined the channel
#
KartikPrabhu [dmitshur]++ nicely put
#
Loqi [dmitshur] has 10 karma in this channel over the last year (12 in all channels)
#
[dmitshur] I agree WebAuthn has a better chance of being friendly to mass adoption by non-technical users in the long term. But for now I enjoy using IndieAuth for my needs and I see WebAuthn as a tool I can use for hardening security via an additional factor.
#
Zegnat https://webauthn.io/ is one nicely designed site
moppy joined the channel
#
aaronpk the webauthn API needs some work too, it's really hard to use right now
#
Zegnat Yeah, I remember having some troubles when I played with it
SenshiDiscord[m], M123897974564Dis, SpidermanDiscord, yjhmelodyDiscord, reddDiscord[m], RomaricDiscord[m, sekiDiscord[m]1, drbhDiscord[m], zcopleyDiscord[m, JoejoeDiscord[m], pierreboc[m], MisterGoreDiscor, HeysteinDiscord[, swentel and ben_thatmustbeme joined the channel
#
gRegorLove aaronpk, ouch about the cc fraud through your credit card form. Does Stripe have velocity filters? With Authorize.net some clients have set theirs to only capture up to X transactions a day, all the rest are only authorized
#
aaronpk not that i can find, at least not without upgrading to this https://stripe.com/radar/fraud-teams
#
gRegorLove Did you remove it from the /pay page? Only seeing Square, Venmo, Paypal
#
aaronpk yes
#
aaronpk just commented out for now. i'm rewriting it to redirect to stripe using their new api too
#
gRegorLove Cool, yeah was going to suggest their new-ish Stripe-hosted Checkout
#
aaronpk that alone doesn't really change anything, but i should update to that anyway
#
gRegorLove I figured theirs has better support against automated POST requests
#
aaronpk well it's always sent the CC data directly to stripe
#
aaronpk plus i don't think this is automated
#
gRegorLove Ah, gotcha
[chrisaldrich], moppy and [fluffy] joined the channel
#
@skarra ↩️ I did not read it thoroughly, but indieauth looks interesting. Is there a 240 char summary of how it's diff from putting together OIDC discovery+dynamic client reg specs? :+) (twitter.com/_/status/1248707963121848322)
#
@aaronpk ↩️ https://indieweb.org/How_is_IndieAuth_different_from_OpenID_Connect and more background here: https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web (twitter.com/_/status/1248709053242462208)
#
@apenwarr ↩️ Just to be extra clear, I'm not opposed to indieauth here. I think it's a great core idea and I really want them to make it over the finish line. But I just don't think pasting URLs into text boxes is it. (twitter.com/_/status/1248713497237741568)
#
aaronpk :sigh:
#
aaronpk i'm done
#
GWG aaronpk: Insert virtual supportive pat on back here
#
Zegnat I find it weird how dividing that seems to be. Also just how far some people go with uri-as-identity, both in the pro and con.
#
aaronpk in other news, something broke on my laptop with my dev environment
#
aaronpk i think i was trying to install a new ruby version and it updated openssl and now my php is broken?
#
aaronpk reinstalls everything
#
Zegnat Wow. I hate when that happens.
#
Zegnat Though I have had very little of those type of issues since trying to keep all the installations purely through brew
#
aaronpk that's what i did
#
Zegnat Surprising
#
Zegnat I wonder if you may be able to protect from that by using `brew pin` a little more liberally. Have you used that, aaronpk? I do not see many people use it, but I have pinned certain packages just so I would not accidentally upgrade it while other things depend on it. SQLite comes to mind.
#
aaronpk hm ive never used that
#
Zegnat Obviously will not help retroactively. But maybe worth to think about after a full reinstall.
#
Zegnat now considers pinning ssl packages
#
aaronpk welp brew upgrade is really upgrading everything lol
#
aaronpk guess i'm getting php 7.4 now
loicm joined the channel
#
aaronpk i think i am back
#
Zegnat Yes, a bare brew upgrade without specifying what to upgrade is, uuh, harsh
#
aaronpk what's confusing is i thought i already had done this when i upgraded to catalina
Giske joined the channel
#
jacky ooh I should do that
#
aaronpk oboy
#
aaronpk something about redis changed
#
jacky yup
#
jacky a coworker ran into that at work
#
jacky something about needing to change a config
#
aaronpk yea
[fluffy] joined the channel
#
aaronpk hm possibly just restarting redis fixed it
[KevinMarks] joined the channel
#
[KevinMarks] https://twitter.com/kevinmarks/status/1248732551470080001?s=20
#
@kevinmarks @apenwarr @evntdrvn @dmitshur @aaronpk @bradfitz @skarra @davidcrawshaw @rstropek @schlagfell @Tailscale Well, we could revive another Brad project and convert profile names to urls with SGNodeMapper Meanwhile ~20 other people called Kevin Marks manage to register for services with my email address and I get their flights, bank statements and in one case divorce papers. (twitter.com/_/status/1248732551470080001)
#
aaronpk lol
[schmarty] joined the channel
#
[schmarty] lol at the idea that IndieAuth means copy-pasting URLs. Good thing usernames and emails are always simple to remember and type! :zany_face:
#
aaronpk yeah i stopped arguing with him when i realized he's stuck in the openid/email wars
#
aaronpk woohoo
#
aaronpk prettied up my tip jar
#
Loqi 😃
#
aaronpk https://aaronparecki.com/tip/
#
Loqi [Aaron Parecki] Tip Jar
#
aaronpk ok fixed that, emailed stripe to see if they'll refund me