#dev 2020-06-07

2020-06-07 UTC
KartikPrabhu, djmoch and [snarfed] joined the channel
#
[snarfed] knative is making good progress on standardizing serverless, a bit like docker didfor VPSes
#
[snarfed] aaronpk if you let likes through with hand moderating each one (eg i assume you do that), and you facepile and ellipsize them (which the wordpress synd links plugin does by default), the experience takes zero effort
#
[snarfed] they are on wordpress, so either they didn't have synd links on or were hand moderating every webmention. which...yeah, that'll be a bad time
#
[snarfed] sounds like the latter
#
aaronpk makes sense
#
aaronpk i'm up to 300+ likes on that one reply, and thinking i need to not show every face in the facepile
#
aaronpk time for some smart sorting I guess... "x, y, z, and 300 others liked this"?
#
aaronpk guess this is a design question tho
#
[snarfed] yup
#
[tantek] oh hey I have opinions about that, want?
#
[tantek] (design)
#
[tantek] aaronpk, gotten any "questionable" images in the facepile yet?
[KevinMarks] joined the channel
#
GWG [snarfed]: I really need to get back to the webmentions project
#
jacky tbh this is on my backlog; I was going to favor people I have in my contact lists in the facepile first then randomly sort from there
#
aaronpk I want to also prioritize people I've interacted with even if they're not explicitly in my contact list
#
[tantek] yeah that's a good start
#
[KevinMarks] The social media answer is to show each viewer the people in the facepile that they already know. But that needs a lot of graph data.
#
[tantek] and is creepier
#
[tantek] we can do better than silos with less information
#
[tantek] aaronpk, that is pretty amazing facegrid https://aaronparecki.com/2020/06/04/29/
#
[tantek] BTW I've heard more than a few times from new folks that "facepile" is either disconcerting or an awkwardly humorous term
#
[tantek] Has anyone else had odd or otherwise unexpected reactions to the term "facepile"?
#
jacky I haven't (yet)
#
[tantek] I've gotten expressions of shock like wait what did you just say?!?
geoffo joined the channel
#
[KevinMarks] Mine are mostly failed image loads because no cache of twitter images.
#
GWG [KevinMarks]: That issue has been on my list since 2014
#
[KevinMarks] People should follow my example https://twitter.com/kevinmarks/status/1269343533581971467?s=20
#
@kevinmarks Busted - my profile photo is eight years old today. https://pbs.twimg.com/media/EZ2dE-zXQAcFrg5.jpg (twitter.com/_/status/1269343533581971467)
#
[tantek] aaronpk one problem of the facepiles / likes in general that are from Twitter, linking to the relevant Tweet is next to useless. like nearly 300 links to the POSSE tweet? why?!?
#
[tantek] it doesn't provide proof or good UX
#
[snarfed] it's up to the web site to choose what to link each face to
#
[snarfed] eg mine links to their web site or silo profile
#
[snarfed] example: https://snarfed.org/2020-05-27_flow-vs-yagni#comment-2769861
#
[tantek] that makes more sense for Twitter likes
#
[tantek] oh hey that's a good way to sort also
#
[snarfed] likes in general
#
[tantek] indie likes in the facegrid/list before Twitter likes
#
aaronpk Hm maybe I should special case twitter likes for that
#
aaronpk its more useful to link to the like permalink for indie likes IMO
#
[tantek] right, for indie likes it provides proof of like
#
[tantek] without need a blockchain 😉
#
[tantek] or a JSON blob of cryptic hashes
#
aaronpk and some code to verify them
#
[snarfed] aaronpk maybe not even special case twitter. ie at least in facepiles, link to web site for all likes
#
[snarfed] up to you though
#
[snarfed] you can verify independently of what the UI links to
#
aaronpk no I definitely want to link to the permalink of the like for indie likes tho that's what I mean
#
[snarfed] i know, verifiability for users is nice, but probably almost never intentionally used
#
[snarfed] i expect most visitors want to know "who is that?" way more often than "prove to me they actually liked this"
#
aaronpk Verifiability isn't the only reason to link to it
#
GWG [snarfed]: This has come up a few times in the WordPress implementation, to the point I think I have an issue to make it an option
#
[snarfed] and yes, hopefully you can navigate to who they are from the like permalink, but still, less obvious
#
aaronpk but maybe I should review some actual examples to see how it works
#
[tantek] "navigate to who they are from the like permalink" is literally not your problem
#
[tantek] that's up to their site to get right!
#
[snarfed] sure. again, hopefully doable, and up to their site, but still UX friction, since the common use case is "who is that?"
#
[snarfed] fortunately this all falls squarely in let a thousand flowers bloom, we all get to choose on our own sites
#
aaronpk Twitter << https://blog.twitter.com/engineering/en_us/topics/insights/2017/using-deep-learning-at-scale-in-twitters-timelines.html
#
Loqi ok, I added "https://blog.twitter.com/engineering/en_us/topics/insights/2017/using-deep-learning-at-scale-in-twitters-timelines.html" to the "See Also" section of /Twitter https://indieweb.org/wiki/index.php?diff=70245&oldid=70180
#
aaronpk this is also definitely not dev
#
[KevinMarks] Tempted to just link to one of those stylegan face pages for when the avatar is gone
#
[tantek] Yeah I’m having to rethink a lot of like / likes UI thoughts / brainstorms because of the design for “reaction” insights
#
[tantek] Now that Twitter allows limited reacji on DM messages, I’m also wondering when they’ll show up on tweets
gxt joined the channel
#
[KevinMarks] Did you see the avatar upsampling using stylegan? https://twitter.com/ak92501/status/1267609424597835777?s=20
#
@ak92501 colab: https://colab.research.google.com/drive/1-cyGV0FoSrHcQSVq3gKOymGTMt0g63Xc?usp=sharing#sandboxMode=true https://pbs.twimg.com/tweet_video_thumb/EZd0BOtXsAI6gxX.jpg (twitter.com/_/status/1267609424597835777)
dckc joined the channel
#
jacky [tantek]: from what I know, that won't happen
#
jacky or at least, it won't be a set of options but something you'd have a default to select and would have to do work to switch
gxt joined the channel
#
@Gusfrin92486024 【PSA】「サブトランク」に組み込まれたアンプを搭載したJL Audioサブウーファーエンクロージャー https://i.imgur.com/haFKNhQ.jpg JL Audio 12インチMicroSub + https://www.jlaudio.com/products/acp112lg-tw1-car-audio-microsub-amplified-subwoofer-systems-93333 #モデル3 (twitter.com/_/status/1269483684387631105)
gxt and [schmarty] joined the channel
#
[schmarty] Raising my hand to say I was initially very unhappy to learn the term facepile
#
[schmarty] As a real-world metaphor the nicest thing I could think of was like a pile of headshots that a casting director might look through
#
[schmarty] (The first thing I thought was something like "that sounds like a descriptive name for the serial killer in a bad horror story")
#
KartikPrabhu what about "headstack" ? ;)
[snarfed] joined the channel
#
[snarfed] "facebook" 😎
#
KartikPrabhu lololol
nickodd, [jeremycherfas] and [tantek] joined the channel; nickodd left the channel
#
[tantek] [schmarty] I do vaguely remember we might have discussed it at the last IWC NYC
[fluffy] joined the channel
#
@Aniuchaaja Jumping Into Webmentions With #NextJS (or Not) https://css-tricks.com/jumping-into-webmentions-with-nextjs-or-not/?ref=webdesignernews.com (twitter.com/_/status/1269533490527318017)
#
@DavidDeAngelis This is my #11thtwitteranniversary, yes, my #11anniversary or #11twitteraniversary, or just say, my #11twitterversary #MyTwitterAnniversary Whichever be stated, I espouse my 11th anniversary on twitter #webmention #followme #comefollowme or just celebrate! Ty be well & be safe!XO (twitter.com/_/status/1269538837967052800)
moppy, jeremy, shrysr, gxt, Kongaloosh, Kongaloosh_, Salt[m]1, KartikPrabhu, leg, nekr0z, [jgmac1106] and neonkit joined the channel
#
@FullstackDevJS Jumping Into Webmentions With NextJS (or Not) #Frontend #devTips #Devlife #Design #Css #HTML https://css-tricks.com/jumping-into-webmentions-with-nextjs-or-not/ (twitter.com/_/status/1269600009508528129)
jeremycherfas and [LewisCowles] joined the channel
#
@aswath ↩️ EnThinnai is counter to network effects and so designed a proto-webrtc and advocated triangular conn model. There is no moat in SSO. There are OpenID, Indieauth and webID. (twitter.com/_/status/1269640584718954505)
#
@pawelgrzybek I have been planning to explore Webmentions and potentially implement it on my personal website. Any recommended go… https://twitter.com/i/web/status/1269619538158592001 (twitter.com/_/status/1269619538158592001)
joshproehl, [schmarty], [prtksxna] and [tantek] joined the channel
#
@fluffy ↩️ For receiving them most people use http://webmention.io, and for displaying them there’s a bunch of approaches. I wrote a simple client-side presentation thing that’s pretty popular as a starting point, http://GitHub.com/PlaidWeb/webmention.js (twitter.com/_/status/1269654558243872768)
[fluffy] joined the channel
#
[fluffy] Is the webmention notification stuff in monocle et al part of the webmention spec or is that functionality specific to webmention.io?
#
[fluffy] Like is there a standard “give me a jf2 feed” thing that the endpoint is supposed to do?
#
aaronpk there's no expectation that a webmention receiver will make the webmentions available via an API
#
aaronpk but it would probably be useful to standardize an API for that use case if a receiver wants to expose the webmentions via an API
[KevinMarks] joined the channel
#
[KevinMarks] We do have a few of them now though - is it worth converging them?
#
[KevinMarks] Jinx
#
[tantek] what does it mean to "make the webmentions available via an API"? you mean like look for an h-feed of responses inside an h-entry permalink?
#
aaronpk no like how webmention.io has an API that returns all the webmentions in JSON form
#
[fluffy] I mean like the way that mention notifications propagate to Microsub readers.
#
aaronpk either to import into your site, or to render client-side in JS
#
[tantek] anytime you find yourself asking is there a standard "give me JSON for ...", ask yourself instead, where in the HTML is that information already and if so, how can I parse it out
#
[KevinMarks] As do webmention.herokuapp.com and mention.tech
#
aaronpk there is no HTML already, it's stored internally
#
[tantek] so for proxies / services / intermediaries?
#
[KevinMarks] Returning a standard html could make sense too
#
[fluffy] I’m mostly just wondering how the mention notifications show up in the social readers which support it.
#
[tantek] is there a UI equivalent is the next question then
#
[tantek] i.e. even as a dev, how do you inspect what you're looking for?
#
[tantek] are there similar UI constructs already?
#
[tantek] build the inspection page first
#
[KevinMarks] Firefox json view?
#
[tantek] is this different from a marked up /notifications page?
#
aaronpk i guess I do already have an HTML notifications page in webmention.io
#
[fluffy] Like I’m thinking of making my own “actor” (in the activitypub sense) that supports webmention and activitypub and a few other things and it’d be great to have a means for it to provide user notifications in a manner consistent to what the social readers expect.
#
[tantek] and many have /notifications pages on their personal sites
#
aaronpk it's not great: https://webmention.io/api/mentions.html?token=wCT_EkgHnGP83H7FTHYbgw
#
aaronpk but it is an h-feed and can be subscribed to in a reader
#
[tantek] +1
#
[fluffy] I use the mentions.html h-feed to get my replies in my feed reader (via granary)
#
[tantek] you could do the streams thatmustbe hack and allow a stylesheet parameter
#
[tantek] then leave it up to others to style it rather than having to style it yourself
#
aaronpk eh that's what the JSON API is for
#
aaronpk people use that to render comments via JS on static sites
#
[fluffy] yeah, that isn’t standardized AFAIK but that’s also outside of the scope of what I’m asking about
#
[fluffy] huh… monocle isn’t letting me sign in anymore.
#
[fluffy] " indieauth_error The authorization code was not able to be verified
#
aaronpk at least it's telling you why
#
[tantek] errormessages++
#
Loqi errormessages has 1 karma over the last year
#
[fluffy] yeah but… my indieauth login is working everywhere else
#
[fluffy] oh, I bet it doesn’t like that my token_endpoint has changed to be the Publ built-in one
#
[fluffy] indieauth tokens for users vs. resources is kinda confusing
#
[fluffy] yep monocle is asking for a token, that must be it
[snarfed] and [LewisCowles] joined the channel
#
[fluffy] So what’s the use case for monocle asking for a specific token endpoint when it seems to expect a specific one to be used? Or am I completely misunderstanding something as usual?
#
[fluffy] Like it seems to me that monocle should be using its own specific token endpoint that’s relative to itself as the resource, rather than requesting an arbitrary token for the user that it can only validate/use if it’s a specific one.
#
aaronpk not sure what you mean? monocle is a micropub and microsub client so it needs a token from your token endpoint
#
[fluffy] Okay so. I’m using aperture as my microsub endpoint. But I’m using a separate thing (yet to be written but will be a plug-in for Publ) for micro pub.
#
aaronpk that's fine
#
[fluffy] There is only one token_endpoint declared for beesbuzz.biz, which happens to be publ’s
#
[fluffy] I am unable to log in to monocle, and something on its server is requesting a token from Publ
#
aaronpk that's correct
#
[fluffy] Which is presumably not compatible with Aperture
#
aaronpk aperture will go ask your token endpoint to validate tokens
#
[fluffy] How does the token endpoint validate tokens? I feel like we had this conversation at one point before and the answer was “that’s specific to the thing” like it isn’t specified as part of indie Auth
#
aaronpk there's a section on indieauth that talks about it
#
[fluffy] Okay so nothing is making the GET request to my endpoint, it’s only doing the POST.
#
aaronpk right, POST is when it requests a token, GET is for verifying
#
[fluffy] But I’m also not sure if I’ve implemented that part since I think I was confused by the spec.
#
[fluffy] As far as I’ve been able to tell my endpoint implements the POST part correctly.
#
[fluffy] and nothing is ever making a GET request to the endpoint to verify the token
#
aaronpk that's the part monocle is complaining about
#
aaronpk it's saying it wasn't able to get a token from your token endpoint
#
[fluffy] Is there any way to get more error information about why it was unable to?
#
[fluffy] The error message says it’s unable to verify the token, but as far as I can tell it’s not even trying to.
#
aaronpk you should be seeing a POST request
#
[fluffy] Yes, I’m seeing a POST request, and it returns 200 and presumably a token.
#
aaronpk i thought there was some more details shown but maybe not
#
Loqi +1
#
[fluffy] so monocle is being granted a token. but it’s not attempting to verify it, and the error message is that it was not able to be verified.
#
aaronpk you said the error was "indieauth_error The authorization code was not able to be verified"
#
[fluffy] yes
#
aaronpk that means it's not able to get a token using the authoriation code
#
[fluffy] oh wait
#
[fluffy] right
#
aaronpk dev
#
aaronpk oops
#
[fluffy] okay so what’s its expectation for being able to verify the authorization code?
#
aaronpk https://indieauth.spec.indieweb.org/#token-request
#
[fluffy] I’m looking at the part of the spec starting at https://indieauth.spec.indieweb.org/#authorization-code-verification-0
#
[fluffy] The authorization code verification is, as far as I know, correctly implemented in Publ. At the very least, https://gimme-a-token.5eb.nl/ works correctly with it.
#
[fluffy] And monocle is making a request to it and getting a 200 response, which only can happen if my endpoint has provided a token after verifying the authorization code.
#
[fluffy] so yea
#
[fluffy] oops
#
[fluffy] okay so yeah I’m not implementing the token verification part correctly BUT monocle isn’t getting to that point as far as I can tell
#
[fluffy] it’s doing the authorization code, my endpoint is verifying the authorization code and returning a 200 response. Maybe there’s something missing in the payload that monocle is expecting.
#
aaronpk yeah that's where the disconnect is
#
[fluffy] … oh for fuck’s sake, I see the problem 😛
#
aaronpk that's why monocle says it's unable to verify the auth code
#
[fluffy] I’m forgetting to pass back ‘me’
#
aaronpk that would do it!
#
[fluffy] Is there a standardized test suite for this stuff? gimme-a-token.5eb.nl seems to be incomplete
#
[fluffy] I see indieauth.rocks is “in progress”
#
aaronpk "in progress" in quotes for sure
#
[fluffy] yeah the github source is a bit… sparse 🙂
#
[fluffy] I guess I’ll target getting this working with monocle. Just wish I had an easier way to test it as a standalone thing, but oh well.
#
@pawelgrzybek ↩️ Thats so cool. I am exploring the subject. I came across http://webmention.io, http://webmention.app and http://brid.gy. I am going to write an article about it. As a good IndieWeb citizen, on my own website of course :) Thanks for a tip @fluffy. (twitter.com/_/status/1269673146480762882)
#
@pawelgrzybek ↩️ Thats so cool. I am exploring the subject. I came across http://webmention.io, http://webmention.app and http://brid.gy. I am going to write an article about it. As a good IndieWeb citizen, on my own website of course :) Thanks for a tip @fluffy. (twitter.com/_/status/1269673146480762882)
nickodd joined the channel
#
@fluffy ↩️ Oh, for sending webmentions you might also look into my tool Pushl, https://github.com/PlaidWeb/Pushl - it'll parse an RSS/atom/etc. feed and generate webmentions automagically from that. (twitter.com/_/status/1269675757720055808)
[email096] joined the channel
#
@bmann ↩️ check out WebMentions, an #IndieWeb standard that allows for comments elsewhere, including on Twitter, to be aggregated back. WP has a plug-in that makes it easy, can work with any web page with https://webmention.io/ (twitter.com/_/status/1269689037788454915)
#
[fluffy] Sweet, I got it all working. Log in to monocle as https://dev.beesbuzz.biz (which doesn’t require a password for the indieauth endpoint) to see.
#
[fluffy] Thanks for being patient with my usual misunderstandings of indieauth flow 🙂
#
[fluffy] aaronpk++
#
Loqi aaronpk has 64 karma in this channel over the last year (225 in all channels)
#
aaronpk 🎉 congrats!
#
@ysamjo ↩️ I'm aware of WebMentions. But as with other Microformats, I don't think they stand a chance without active pushing by big players. I mean it's already late in the game. For example, why are those things not the standard for every wordpress com account? (twitter.com/_/status/1269693680396447746)
#
jacky ^ that kind of logic is more lazier than I expected lol
#
[tantek] aaronpk, fluffy, this sounds like a reasonable misunderstanding (of indieauth flow). Is there some way we could add trouble-shooting or something to the wiki to help make it more discoverable / clearer?
#
[tantek] jacky, lol it's appeal to authority faulty reasoning
#
[tantek] "big players"
#
[tantek] big players pushing standards often either make them massively bloated (all the XML attempts, schema org etc.), OR they end up killing them (see aaronpk's post on how many metadata formats Google has killed), or BOTH (OpenSocial)
#
[tantek] However there is one legitimate hard question in that tweet
#
[tantek] "why are those things not the standard for every wordpress com account"
#
[tantek] because, simply, Webmention is not spam-proof enough on its own to be able to withstand that big of a target. Something like Vouch or Vouch itself is necessary for Webmention to be able to withstand (most) spam/abuse by default, and provide a smooth & unburdensome UX for both folks replying to blog posts, and folks receiving those replies/comments
leg joined the channel; nickodd left the channel
#
[fluffy] [tantek] having a working indieauth.rocks suite with full diagnosis messages and warnings of noncompliance would be helpful.
#
[fluffy] Also some of the wording in the spec was a bit weird and threw me off. Like in 6.3.4:
#
[fluffy] > The token endpoint verifies the access token using (how this verification is done is up to the implementation), and returns information about the token
#
[fluffy] Gimme-a-token is an okay starting point but it missed that I wasn’t returning `me` in the token grant and it does nothing for token verification. Which is straightforward to do manually but I had no prompting to actually implement it.
#
[fluffy] I would also hope that indieauth.rocks would have autoauth tests as well because that’s still a big open ??????
[KevinMarks], gRegorLove and KartikPrabhu joined the channel
#
[KevinMarks] The opensocial lesson was also that with one big player adopting it, another big player declares war on it and fights it as a giant threat.
#
[KevinMarks] Then the other player picks up that mood and drops the standards support
#
[KevinMarks] https://onezero.medium.com/dear-facebook-employees-7d01761e591f#:~:text=humiliated&text=trounced
#
[KevinMarks] http://slides.kevinmarks.com/2020trends.html#/4/2
nekr0z, [jeremycherfas], [schmarty], [schmarty]1, [LewisCowles], marinin[m], Salt[m]1, hamnox[m], zootella, danyao, jbove, mattl, peterrother, MrHyde_, vilhalmer, dansup, Rixon, callMeBaby, MylesBraithwaite, ben_thatmustbeme, blueyed, deltab, myfreeweb, bear and rhiaro joined the channel
#
[fluffy] like if I enter my profile URL as `http://beesbuzz.biz` and my endpoint responds that my URL is `https://beesbuzz.biz`
[fluffy] joined the channel
#
[fluffy] Another IndieAuth question… I forget what the thoughts were regarding scheme change in identity validation. Are they allowed or not? I think that was something that wasn’t particularly clear from the spec.
#
Loqi fluffy
#
[fluffy] ah, no, I reread section 5.4, scheme changes are explicitly allowed
peterrother, vilhalmer, justache, crazed, atj[m], marinin[m], Salt[m]1, hamnox[m], edrex, [KevinMarks] and jamietanna[m] joined the channel
#
@gRegorLove ↩️ I haven't tested it in that setup or done a lot of multilang in PW. Would it be a separate PW page for each translation? Generally I would expect it to work. Webmentions are saved to a specific page ID. (twitter.com/_/status/1269757847568437248)
fredcy_ and Rixon joined the channel