#dev 2020-04-10

2020-04-10 UTC
TGiske, KartikPrabhu, flex14, dckc and [tantek] joined the channel
#
[tantek]
The ol' microsub path
[Michael_Beckwi], [LewisCowles], [bonkerfield] and [Aaron_Klemm] joined the channel
#
[Aaron_Klemm]
Would anyone know how to reach the developers of the Indigenous iOS app? I have indieauth working on my domain and successfully logged into several sites with it, but I cannot proceed in this app as it gives the following error after I put in my domain: "Token Endpoint not found on "
[prtksxna] joined the channel
#
[prtksxna]
[Aaron_Klemm] It think it is maintained by [eddie] (but see https://indiewebcamp.slack.com/archives/C1PA11USK/p1586464941017200)
nickodd, [snarfed] and KartikPrabhu joined the channel
#
[Aaron_Klemm]
Bad news, but thanks for clarifying.
#
[LewisCowles]
maybe as we look to using more services and contributing back https://particular.net/adsd (currently free) might be of some help
#
[snarfed]
fun! probably overkill for almost everything here, but can't hurt to learn
#
[snarfed]
unrelated...holy crap pixelfed's oauth access tokens are long. 1084 chars! must be JWT with a bunch of stuff inside
#
@bonkerfield
I'm have my site sending #webmentions and pulling from twitter thanks to http://brid.gy and the #indieweb, thanks @snarfed and @indiewebcamp https://bonkerfield.org/2020/04/getting-so-so-social/
(twitter.com/_/status/1248482603226677249)
#
@bonkerfield
I'm have my site sending #webmentions and pulling from twitter thanks to http://brid.gy and the #indieweb, thanks @snarfed and @indiewebcamp https://bonkerfield.org/2020/04/getting-so-so-social/
(twitter.com/_/status/1248482603226677249)
#
[LewisCowles]
snarfed I'm not sure. The hypertext interconnected indieweb is definitely a distributed system Lessons and background free knowledge never harm, but I won't strong arm anyone into it
#
[LewisCowles]
RE: JWT. JWT's and all FE session get crazy big.
#
[LewisCowles]
One of our apps had a single auth-endpoint rather than a carrier token to each app, and we had to alter a strangler BFF (middleware) application to allow it to process > 16kb headers. I prefer backend session-based tokens
#
@traderjosephina
Can someone find the creator of this? This 18 second clip is better than thousands of 2hr films Ive seen https://twitter.com/unclesteveabbey/status/1248375149159518209/video/1
(twitter.com/_/status/1248442465234882561)
#
jacky
oof wrong channel my fault
#
jacky
https://norde.io/ nice icon library project
[tantek], [prtksxna], [xavierroy], loicm, KartikPrabhu, swentel, jgmac1106, gxt, hs0ucy and deathrow1 joined the channel
#
sknebel
this is interesting: bug tracking stored in a git repo, with *import/export* to github/gitlab/... - could be interesting to keep backup of discussions around a repo
loicm and [LewisCowles] joined the channel
#
[LewisCowles]
sknebel, you got a link?
#
Loqi
[MichaelMure] git-bug: Distributed, offline-first bug tracker embedded in git, with bridges
#
sknebel
sorry :D
#
Loqi
sknebel has 18 karma in this channel over the last year (57 in all channels)
[Suw] joined the channel
#
@dmitshur
↩️ Have you considered using IndieAuth (https://indieauth.spec.indieweb.org) which does the same now? I’ve implemented it on my personal site (https://github.com/shurcooL/home/issues/34) and I’m very happy with it. Especially during GitHub outages.
(twitter.com/_/status/1248596283536834560)
[schmarty] joined the channel
#
Loqi
[jeffWelling] ticgit: Git based distributed ticketing system, including a command line client and web viewer
#
sknebel
yeah, there's a few projects trying to do tickets in the repo
[KevinMarks], vika_nezrimaya, flex14 and swentel joined the channel
#
jeremycherfas
!tell aaronpk I'm cleaning up some old notes to my7self and found something about being able to send an email to a specific address at `ownyourgram.com` that will then create a micropub request. I can't find anything like that in the docs. Did I dream it?
#
Loqi
Ok, I'll tell them that when I see them next
#
aaronpk
quill i think
#
aaronpk
if you're logged in you should see info here https://quill.p3k.io/email
#
jeremycherfas
Hmmn. My note must be wrong. Let me look at Quill docs.
#
Loqi
Quill
#
jeremycherfas
Yup, that is it. I wonder what made me write the domain down wrong. Not that it matters.
[Michael_Beckwi] joined the channel
#
aaronpk
apparently the stripe APIs i'm using are now deprecated
#
aaronpk
i don't really want to upgrade this today
jamietanna joined the channel
#
jamietanna
Is there any steer on what a Micropub server should do if trying to update a post that's been deleted?
#
jamietanna
Because the post still exists in my Git repo, I was thinking of allowing updates, as long as the client has the `undelete` scope
#
aaronpk
that makes sense
#
jamietanna
The spec doesn't seem to be 100% clear on what should be returned if a post you're trying to update isn't found - I would assume a 400 because the client is requesting something invalid?
#
aaronpk
yeah it's not unique to updates, all error responses are described here https://www.w3.org/TR/micropub/#error-response
vika_nezrimaya and nickodd joined the channel
#
jamietanna
Cool, ty for clarification!
#
swentel
hmm I should probably change the code then in drupal
#
swentel
in case of trying to delete a post which doesn't exist anymore
#
swentel
I return a 404 then :)
#
aaronpk
404 would tell the client the micropub endpoint doesn't exist
#
aaronpk
ugh i am not interested in getting into an email vs url debate on twitter right now
#
aaronpk
shakes fist at [dmitshur] lol
#
@apenwarr
@aaronpk @dmitshur @bradfitz @skarra @evntdrvn @davidcrawshaw @rstropek @schlagfell @Tailscale If login were automated like credit card forms, it would fail about 50% of the time and need me to enter a page full of unnecessary personal information by hand. That’s not a good model. Why not let me enter an email address instead? That has a domain in it.
(twitter.com/_/status/1248636365153218560)
#
swentel
oh right, makes sense
#
Zegnat
Do we have any sort of answer as to why URL > email address?
#
Zegnat
actually does not mind login that only requires their email address
#
aaronpk
kinda the same reason activitypub identities don't make sense for personal instances too
#
aaronpk
e.g. i'm @aaronpk@aaronparecki.com which is redundant
#
@bradfitz
@skarra @apenwarr @evntdrvn @davidcrawshaw @rstropek @schlagfell @Tailscale Yes, it used URLs instead of email addresses. It was ahead of its time. (Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email) Relying Parties balked at not having an email address to spam with.
(twitter.com/_/status/1248489373055631361)
#
aaronpk
"Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email"
#
aaronpk
why web sign-in << https://twitter.com/bradfitz/status/1248489373055631361 "Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email"
#
@bradfitz
@skarra @apenwarr @evntdrvn @davidcrawshaw @rstropek @schlagfell @Tailscale Yes, it used URLs instead of email addresses. It was ahead of its time. (Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email) Relying Parties balked at not having an email address to spam with.
(twitter.com/_/status/1248489373055631361)
#
Loqi
ok, I added "https://twitter.com/bradfitz/status/1248489373055631361 "Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email"" to the "See Also" section of /Why_web_sign-in https://indieweb.org/wiki/index.php?diff=69443&oldid=48240
[tantek] and [fluffy] joined the channel
#
Zegnat
Oooh, I like that one. And it is right. Though the same “non-nerds” are not likely to share the actual URLs in my experience. Just handles/names
KartikPrabhu joined the channel
#
aaronpk
hmm all that work on the payment request API was apparently for nothing
#
aaronpk
i have to rip it out in order to use the simpler stripe integration
#
aaronpk
cause now i have to redirect the user over to stripe and they handle the whole thing
KartikPrabhu joined the channel
#
Zegnat
Hmm, wonder if the abuse would calm down if you put something like recaptcha in front of it, aaronpk
#
aaronpk
probably not
#
aaronpk
this is someone who bought a bunch of credit cards and is trying them out with low value transactions to see if they work, before then using them to buy actual things
#
aaronpk
so they are motivated
#
Zegnat
Yeah, I guess I am questioning to what extend it is manual labour.
#
aaronpk
pretty sure it is
#
Zegnat
Wouldn’t help then, no :(
[chrisaldrich], Lilz|BetaMeDisco, denzukoDiscord[m, chris[m], lamborghiniDisco, khalnayakDiscord, jolvera, placer141276[m], atj[m], daveatQCDiscord[, jessicaschilling, M4star3starDisco, lyon[m], kppDiscord[m]1, n9tDiscord[m], ZipperSKDiscord[, [schmarty], vika_nezrimaya, gRegorLove, [LewisCowles], OlegStotskyDisc4, MesaDiscord[m], sblinnDiscord[m], SpidermanDiscord, ambackDiscord[m], Canti0001[m], Mairkur[m], armaniferranteDi, ttocslliwDiscord, baluptonDiscord[, JonwelDiscord[m], gorhgorh[m]1, LuutheCoolDiscor, GiyomuDiscord[m], raulDiscord[m], celsoDiscord[m], virtual_vagrantD, andrewxhill[m], HaybalesDiscord[, pbvieDiscord[m], TristanDiscord[m, aaronpk[m], pvienhageDiscord, ithithDiscord[m], janttoDiscord[m], dy5es41Discord[m, anthony-albertor, skillman623Disco, bostaDiscord[m], macerbi[m], dhenz3SpeakDisco, JD9Discord[m], TianyiDiscord[m], felixschlDiscor4, jwheelerDiscord[, chmanieDiscord[4, amimDiscord[m], gmelodieDiscord[, doopDiscord[m], cesarosumDiscord, M011000100111010, Nebulous[m], distributedjoseD, pcowgillDiscord[, funwhilelostDisc, BossMANDiscord[m, JungleHeartDisco, jmank88Discord[m, nrtxrmndDiscord[, realChainDiscord, JorropoDiscord[m, drbh[m], matyas_mustohaDi, carsonfarmer[m], jimpick[m], DioBrandonDiscor, ritewhose[m], DreamingInCodeDi, mikealDiscord[m], snoopdoggydogDis, TimeOnDiscord[m], SenshiDiscord[m], SpicoliWhiteDisc, AXEL-Brian[m], Imnotsoimpressed, SnoochToTheNooch, ReallySnazzyDisc, sbpDiscord[m], KubeDiscord[m], olizillaDiscord[, prtfwDiscord[m], SuikaDiscord[m], XierumengDiscord, tobowersDiscord[, fexra|TRTLDiscor, hazDiscord[m], JustMaierDiscord, CyOp0x00Discord[, fozzie[m], mZ[m], HenniDiscord[m], arjanvaneerselDi, emersen234Discor, gunttedDiscord[m, mhzDiscord[m], M123897974564Dis, nebulerDiscord[m, aeddiDiscord[m], chmanieDiscord[m, godparticleDisco, chrisDiscord[m], raisDiscord[m], l^discordDiscord, RichardLittDisco, icaruszDiscord[4, aswiththewildDis, touzaikokonDisco, DavidFalconDisco, tplookerDiscord[, HyunwooLeeDiscor, CryptoEmpress[m], mikeal[m], thesage1014Disco, PermawebMatrixBr, kppDiscord[m], jmac and [dmitshur] joined the channel
#
[dmitshur]
lol Aaron.
#
aaronpk
hey at least we got someone from google to reply
nickodd left the channel
#
[dmitshur]
The ability to split identifier from means of contact is the biggest motivating reason for me. It provides a means to access user contact info if the user chooses to make it accessible. If I’m sharing an invite list, I’m more comfortable sharing 50 URLs than 50 emails.
#
[dmitshur]
It takes people a lot time to realize that (it took me a lot of thinking about it).
#
aaronpk
tbh i think we're going to end up with something a lot more like webauthn than using any sort of shared user identifier going forward
godparticleDisco, jessicaschilling, JungleHeartDisco, JD9Discord[m], raulDiscord[m], baluptonDiscord[, realChainDiscord, JorropoDiscord[m, CyOp0x00Discord[, tobowersDiscord[, M011000100111010, SnoochToTheNooch, SpidermanDiscord, JustMaierDiscord, distributedjoseD, touzaikokonDisco, cesarosumDiscord, MesaDiscord[m], SpicoliWhiteDisc, olizillaDiscord[, dhenz3SpeakDisco, hazDiscord[m], anthony-albertor, mhzDiscord[m], matyas_mustohaDi, LuutheCoolDiscor, kppDiscord[m], pcowgillDiscord[, gorhgorh[m]1, ttocslliwDiscord, M123897974564Dis, daveatQCDiscord[, TimeOnDiscord[m], funwhilelostDisc, l^discordDiscord, sbpDiscord[m], GiyomuDiscord[m], chrisDiscord[m], icaruszDiscord[4, nebulerDiscord[m, bostaDiscord[m], XierumengDiscord, jwheelerDiscord[, celsoDiscord[m], OlegStotskyDisc4, amimDiscord[m], SuikaDiscord[m], fexra|TRTLDiscor, ambackDiscord[m], TianyiDiscord[m], dy5es41Discord[m, armaniferranteDi, arjanvaneerselDi, BossMANDiscord[m, denzukoDiscord[m, RichardLittDisco, mikealDiscord[m], DreamingInCodeDi, JonwelDiscord[m], jmank88Discord[m, gmelodieDiscord[, tplookerDiscord[, emersen234Discor, felixschlDiscor4, pbvieDiscord[m], chmanieDiscord[m, nrtxrmndDiscord[, TristanDiscord[m, Imnotsoimpressed, KubeDiscord[m], HyunwooLeeDiscor, SenshiDiscord[m], gunttedDiscord[m, sblinnDiscord[m], ReallySnazzyDisc, DavidFalconDisco, HaybalesDiscord[, HenniDiscord[m], raisDiscord[m], aeddiDiscord[m], pvienhageDiscord, janttoDiscord[m], doopDiscord[m], snoopdoggydogDis, virtual_vagrantD, prtfwDiscord[m], aswiththewildDis, DioBrandonDiscor, ithithDiscord[m], skillman623Disco, chmanieDiscord[4 and thesage1014Disco joined the channel
#
@dmitshur
↩️ The original tweet was asking about making it _possible_ to use a product without requiring third-party account, which I think is what IndieAuth enables. It's not a goal to require everyone to use it. E.g., most people still sign in to my site via GitHub, and that's fine with me.
(twitter.com/_/status/1248677212439613441)
[snarfed] joined the channel
#
KartikPrabhu
[dmitshur]++ nicely put
#
Loqi
[dmitshur] has 10 karma in this channel over the last year (12 in all channels)
#
[dmitshur]
I agree WebAuthn has a better chance of being friendly to mass adoption by non-technical users in the long term. But for now I enjoy using IndieAuth for my needs and I see WebAuthn as a tool I can use for hardening security via an additional factor.
#
Zegnat
https://webauthn.io/ is one nicely designed site
moppy joined the channel
#
aaronpk
the webauthn API needs some work too, it's really hard to use right now
#
Zegnat
Yeah, I remember having some troubles when I played with it
SenshiDiscord[m], M123897974564Dis, SpidermanDiscord, yjhmelodyDiscord, reddDiscord[m], RomaricDiscord[m, sekiDiscord[m]1, drbhDiscord[m], zcopleyDiscord[m, JoejoeDiscord[m], pierreboc[m], MisterGoreDiscor, HeysteinDiscord[, swentel and ben_thatmustbeme joined the channel
#
gRegorLove
aaronpk, ouch about the cc fraud through your credit card form. Does Stripe have velocity filters? With Authorize.net some clients have set theirs to only capture up to X transactions a day, all the rest are only authorized
#
aaronpk
not that i can find, at least not without upgrading to this https://stripe.com/radar/fraud-teams
#
gRegorLove
Did you remove it from the /pay page? Only seeing Square, Venmo, Paypal
#
aaronpk
just commented out for now. i'm rewriting it to redirect to stripe using their new api too
#
gRegorLove
Cool, yeah was going to suggest their new-ish Stripe-hosted Checkout
#
aaronpk
that alone doesn't really change anything, but i should update to that anyway
#
gRegorLove
I figured theirs has better support against automated POST requests
#
aaronpk
well it's always sent the CC data directly to stripe
#
aaronpk
plus i don't think this is automated
#
gRegorLove
Ah, gotcha
[chrisaldrich], moppy and [fluffy] joined the channel
#
@skarra
↩️ I did not read it thoroughly, but indieauth looks interesting. Is there a 240 char summary of how it's diff from putting together OIDC discovery+dynamic client reg specs? :+)
(twitter.com/_/status/1248707963121848322)
#
@apenwarr
↩️ Just to be extra clear, I'm not opposed to indieauth here. I think it's a great core idea and I really want them to make it over the finish line. But I just don't think pasting URLs into text boxes is it.
(twitter.com/_/status/1248713497237741568)
#
aaronpk
:sigh:
#
aaronpk
i'm done
#
GWG
aaronpk: Insert virtual supportive pat on back here
#
Zegnat
I find it weird how dividing that seems to be. Also just how far some people go with uri-as-identity, both in the pro and con.
#
aaronpk
in other news, something broke on my laptop with my dev environment
#
aaronpk
i think i was trying to install a new ruby version and it updated openssl and now my php is broken?
#
aaronpk
reinstalls everything
#
Zegnat
Wow. I hate when that happens.
#
Zegnat
Though I have had very little of those type of issues since trying to keep all the installations purely through brew
#
aaronpk
that's what i did
#
Zegnat
Surprising
#
Zegnat
I wonder if you may be able to protect from that by using `brew pin` a little more liberally. Have you used that, aaronpk? I do not see many people use it, but I have pinned certain packages just so I would not accidentally upgrade it while other things depend on it. SQLite comes to mind.
#
aaronpk
hm ive never used that
#
Zegnat
Obviously will not help retroactively. But maybe worth to think about after a full reinstall.
#
Zegnat
now considers pinning ssl packages
#
aaronpk
welp brew upgrade is really upgrading everything lol
#
aaronpk
guess i'm getting php 7.4 now
loicm joined the channel
#
aaronpk
i think i am back
#
Zegnat
Yes, a bare brew upgrade without specifying what to upgrade is, uuh, harsh
#
aaronpk
what's confusing is i thought i already had done this when i upgraded to catalina
Giske joined the channel
#
jacky
ooh I should do that
#
aaronpk
something about redis changed
#
jacky
a coworker ran into that at work
#
jacky
something about needing to change a config
[fluffy] joined the channel
#
aaronpk
hm possibly just restarting redis fixed it
[KevinMarks] joined the channel
#
@kevinmarks
@apenwarr @evntdrvn @dmitshur @aaronpk @bradfitz @skarra @davidcrawshaw @rstropek @schlagfell @Tailscale Well, we could revive another Brad project and convert profile names to urls with SGNodeMapper Meanwhile ~20 other people called Kevin Marks manage to register for services with my email address and I get their flights, bank statements and in one case divorce papers.
(twitter.com/_/status/1248732551470080001)
[schmarty] joined the channel
#
[schmarty]
lol at the idea that IndieAuth means copy-pasting URLs. Good thing usernames and emails are always simple to remember and type! :zany_face:
#
aaronpk
yeah i stopped arguing with him when i realized he's stuck in the openid/email wars
#
aaronpk
woohoo
#
aaronpk
prettied up my tip jar
#
Loqi
😃
#
Loqi
[Aaron Parecki] Tip Jar
#
aaronpk
ok fixed that, emailed stripe to see if they'll refund me