#Loqi[fluffy] This year IndieWeb Summit was canceled1, and some pretty good conversations took place. As usual my biggest interest was in doing authenticated, secure sharing of private posts, which has been a huge focus in how I’ve been building Publ.
I wasn’t...
#GWGaaronpk: Still hoping to go through the Micropub list one of these days as well.
maxwelljoslyn and [Paulo_Pinto] joined the channel
#[fluffy][aaronpk] so one thing I’m wondering… with how many people are starting to adopt webmention.js, is this going to start causing problems with the API constantly being hit by every blog entry? I assume you’ve got some level of caching that makes it not a major problem, but I hope this doesn’t have long-term impact issues.
#aaronpki mean... it clearly hasn't been a problem yet, but that code is so old that I can barely actually work on it anymore
#[fluffy]yeah I’d love to see the implementation and simplification of autoauth even if we’ve collectively decided that autoauth itself isn’t the best path forward for this stuff
#[fluffy]also have you had a chance to read the blog post I hurriedly wrote up post-session?
#[fluffy]I feel like it’s not too dissimilar from one of my previous proposals but it’s nice to have some talking-about-it to have proven it out a bit.
#[fluffy]plus being in a state where I’m much closer to being able to implement it 🙂
#[fluffy](as a bonus, my bearer tokens work with any auth mechanism supported by Authl, not just IndieAuth, so this works for twitter/email/etc. users too)
#[fluffy]Hmm, isn’t it implied that the ticket in step 2 is tied to the user already? Wouldn’t it be up to the ticket endpoint to look up the attached user? or is this just another safety net to prevent basic spoofing?
#GWG[fluffy]: I was asking about the possibility that your endpoint is used by multiple people...
#aaronpkwell the access token represents that someone has access to some data
#aaronpkif you change the state of that access (revoke, change permissions), then the self-encoded token is now out of date and can't be updated
#[fluffy]right, that’s what I meant with “sucks for revocation” :)
#[fluffy]in Publ’s case the token only includes the validated identity and nothing about the identity. All auth decisions are made in the request router.
#[fluffy]it doesn’t matter what your access level is at the time that you get the token, because it’s the request router which decides what the group membership is
#[fluffy]and yeah, people do unfortunate things with cookies/tokens.
#aaronpkin that case you gain very little benefit of using self-encoded tokens at all tho
#[fluffy]like the age-old antipattern of storing the username and password in it
#[fluffy](which is at least not as bad as the even older antipattern of storing the username and password in hidden form parameters)
#[fluffy]but anyway, yeah, the downside to the way my tokens work is I can’t revoke someone’s token if it leaks without resetting my signing secret (and thus logging EVERYONE out), but I can always revoke their access.
#[fluffy]and that’s just the default stuff, someone could set Publ to use a more traditional session table or whatever.
#[fluffy]okay so I’m thinking about the UX for how this will actually work in a manual ticket-granting flow, and I’m not really liking it. I feel like the entire initial ticket should be in URL form, so that it can be pasted as a single thing into the reader app.
#[fluffy]and if it gets a GET or is missing the correct POST data it can put up an error message saying “Please provide this URL to sign in to your feed reader” or whatever
#[fluffy]I dunno how much I’m making sense here. Is there an appropriate way to hash out these things on the wiki itself? I don’t feel like talk pages get used much.
#GWGThe purpose of the wiki is to brainstorm ideas... why would we have talk pages if the whole wiki is talk?
#[fluffy]Sometimes things feel like they’re declarations of protocol rather than discussion of emerging ideas
#[fluffy]I mean I know that when the spec is actually formalized it goes into a W3C proposal or whatever
#[fluffy]and the wiki links to that. But still, there’s this psychological barrier to me, anyway.
#[fluffy]oh wait okay I just reread the thing and my UX concerns are moot
#[fluffy]rather, what you’re proposing is different than how I was thinking about how things could work, in that I was thinking this wouldn’t require the reader to be part of IndieWeb
#[fluffy]like I was thinking of user-driven interactions that didn’t require Alice to send a ticket to Bob’s endpoint, but instead made a ticket available to Bob as soon as Bob’s identity was known (regardless of authentication mechanism)
#[fluffy]This does seem to be a pretty good protocol for IndieWeb-specific stuff that would work within the IndieWeb. I guess my proposal is somewhat orthogonal in that it’s a thing I want to be able to graft onto legacy readers and arbitrary auth mechanisms.
#[fluffy]and there’s no reason I couldn’t support them both
#[fluffy]your step 2 is an alternate to my steps 1-3. We have the same step 4.
#[fluffy]er, my step 4 is the same as your step 3 🙂
#aaronpkyeah because we all agree on using bearer tokens to fetch feeds :)
#[fluffy]yes. 🙂 Just different approaches to providing those bearer tokens.
#[fluffy]This is feeling like a combinatorial explosion of moving parts to me, where it’s getting difficult to implement just one piece of the puzzle when it’s up to the specific implementations of the different pieces to work together.
#aaronpkthe benefit of splitting it like this is it means fewer specs to follow if you have a tight coupling
#[fluffy]okay, so is the intention that there’d be a future spec for the separate parts to talk to each other down the road?
#[fluffy]like when there’s implementations in the wild, we revisit it?
#aaronpki'm feeling pretty good about this, i think i'm going to build it into my site to test it. that'll be a good real-world test of adding support for this
#[tantek]worth moving it to an actual top level wiki page in a "Brainstorming" section
#[fluffy]yeah, I’ve updated my blog entry with my thoughts on this stuff. 🙂 tl;dr is I’ll be happy to support it when there’s something to support, it seems pretty straightforward.
#aaronpk"straightforward" is what i'm going for here
#[tantek]^^^ fluffy, brainstorming is a good way to distinguish proposals, ideas, of any random state, from things being prototyped, from actual specs
#[fluffy]what do you think of the idea of Publ just immediately sending a ticket grant to anyone who signs in, if they have a ticket endpoint?
#[fluffy]like, that fits Publ’s security model perfectly
#aaronpktheir software may or may not surface that token to the user, which you wouldn't know
#[fluffy]okay yeah this actually works really well, if I’m going to build Subl (my long-put-off next-gen feed reader) with this stuff in mind then Subl can also be a ticket endpoint, yessss
#[fluffy]there’s a few UX things I want to do where Subl is going to be the reader AND the subscription thing and I want it to be pretty much standalone, but I do intend for it to also work as a microsub endpoint eventually
#[fluffy](and it’ll also be a micropub client eventually too)
#[fluffy]I’ve been thinking about Subl for as long as I have been thinking about Publ. I mean, the names even go together. 🙂
#[fluffy]meanwhile, I feel like there should be a way to formally propose the tiny Atom extension I’m suggesting. Or maybe there’s an existing allowed link rel that is more suitable.
#[fluffy]rel=“alternate” is so ridiculously overloaded at this point…
#[fluffy]I wonder if Ben Trott would be willing to chat with me about this tomorrow 🙂
#[fluffy]Hmm, the link relation registration process seems straightforward enough. Looks like some of y’all have already gone through that with some of the IndieWeb rels 🙂
#[tantek]depends on where you use the rel 🙂 if in HTML, then the microformats wiki, which we're working on transitioning servers
#[tantek]and separately there's been a request (and subsequent plan) to move the rel-registry from the wiki into a github repo, that's also still in-progress (so many things)
#[fluffy]yeah I specifically want to use it in atom/rss feeds
#[fluffy]to provide an informational URL where someone can retrieve a bearer token after logging in.
#[tantek]I do like the incremental feature enablement methodology. I think that helps shake out / explore a lot of UX approaches
#[fluffy]yeah. the UX I have in mind is: feed reader knows that it can use a bearer token to get better access, it prompts the user for the bearer token and that prompt can include a link to the provided page.
#[tantek]yeah because I found the need to invent a new calendaring system just so I could have an "easier" storage system / index for my blogging "CMS"
#[tantek]oh yeah, I'd already previous invented CASSIS which isn't technically a "new" programming language since it's "just" an intersection of two existing programming languages
#[fluffy]in my college networking class one of the more open-ended questions was asking how one might go about managing IPv6 address registrations and I came up with a location-based scheme which also allowed for galactic coordinates. I indicated that once we get inter-galactic we might want to consider a larger address space, assuming TCP/IP is even feasible at that point.
#[fluffy](I am old enough that it was still called IPng at the time though)
#[fluffy]the networking professor was also still looking forward to a widespread deployment of TCP Vegas since that would completely improve everything
#aaronpksecond day 2 project complete, only 5 hours late
#[chrisaldrich]It's alright. As the archiver of the video, you could always record a demo and slip it into the original and maybe no one would notice. 😉
#GWGI think, just putting some things on the calendar to talk about things, would clear out a lot of things we keep meaning to do
#aaronpkSince we're clearly not going to have the regular pace of in person IndieWebCamps this year maybe we should try to schedule more frequent specific focused popup sessions
#GWGaaronpk: That is what I was thinking. I know [chrisaldrich] may do LMS....but I know we have people who want to try to iterate on Micropub, Microsub, IndieAuth....
#GWGI think that idea of having a talk, deciding we're going to work on supporting X on our sites at the same time could work.
#GWGThat 10AM Pacific one seemed to work for a lot of different timezones.
#[chrisaldrich]Having a couple of weeks' notice (and Friday newsletter announcements) helps too... Having a specific sub-topic also draws a more focused crowd.
#[chrisaldrich]And focus will help on some of those particular topics...
#aaronpkI think I want to try this idea of focused subtopic popups
#LoqiIt looks like we don't have a page for "pop-ups" yet. Would you like to create it? (Or just say "pop-ups is ____", a sentence describing the term)
#LoqiIt looks like we don't have a page for "Pop-ups" yet. Would you like to create it? (Or just say "Pop-ups is ____", a sentence describing the term)
#[chrisaldrich]I think as long as they're messaged up front which audience is being catered to while still leaving them open to people who would like to attend...
opengoody, cweiske, gRegorLove, swentel, [fluffy], lahacker, moppy and [KevinMarks] joined the channel
#sknebelaaronpk: to be fair in the comparison, a fully integrated thing doesn't need the polling/callback client->auth_endpoint part of AutoAuth either. without that, it's just 3 requests between two components too
#[jgmac1106]<<I would by happy to attend a micropub session to lurk and see if I can pick up a few tips to fix Known....though a lot of that if TinyMCE and HTML Sanitization collisions
#[jgmac1106]<< gwg we are doing a pop up LMS and #DoOO session, just haven't booked it yet. We found most people in this space didn't want to meet on weekends
#jgmac1106I have treid flex-direction: column but that messes up the transformation on the roation. It is a flex layout with the grid….seems complicate…but trying to see if I can do this no JS
#jgmac1106I don’t really understand the CSS but if I switch card-body to a grid and lay it out things get messy, and changes to the flex layout mess it up…will keep trying…or use js
#jgmac1106did get to learn about transform-style…so bonus even if I do fail
#[Murray]so if I change .card-front to flex-direction: column; it seems to work fine, but not sure what you were seeing as an issue on the transformation
#[Murray]Hmm, I guess one thing it does is cause the cards to be quite large, so their hitboxes overlap. If you're not hovering right in the center of the card there's a chance as it swings around it triggers the other card, steals focus, and causes the animation to falter, but that's a size thing
[jgmac1106] joined the channel; cweiske left the channel
#jgmac1106I need to start the work day…gotta remind myself…not late…this is second demo….played baseball outside with kids before my sinuses were ready and lost all my hack time
#[Murray]just as a useful shorthand, if you're setting a grid to multiple equal-sized columns you can use the repeat(3, 1fr) syntax
#[Murray]I *think* that you can even set the column number then to a CSS variable (definitely can in Sass) so that you just need to change that in a media query
#[Murray]there are a lot of ways to do anything in Grid hah
#jgmac1106autofill in minmax often get me in trouble different broswerss…I really want to spend time learning more about CSS variableas
#jgmac1106yeah Grid helps lower the bar…it did for me…I am just starting to learn it
#[Murray]yeah, tbh I get so used to using Firefox (which has superb grid support) that I end up having to rewrite code during testing when I load it in Chrome
dckc joined the channel
#jgmac1106except for something with auto-fill or auto-fit…one of the two do not work in FF . I messed up my article cards…but I may replace my article cards with these add a p-summary on the back I kinda get addicted to cards…easier for me to imagine designs
#jgmac1106well I goota stop indiewebing and getting some work…luckily it is digital literacies week so I can say Iam working on a “mentor text” for an example
#aaronpkAren't there better things to spend time on? I feel like the parser is one of the few components that's the least opinionated. Compare XRay for example which bakes in plenty of opinions which I definitely understand if people don't agree with
#Loqiaaronpk has 65 karma in this channel over the last year (234 in all channels)
#[snarfed](but also let a thousand flowers bloom and all, if you're doing it to learn, or for fun, etc, you get to if you want to!)
fredcy_, Salt[m], plindner[m], JK_na, edrex, samwilson, marinin[m], jamietanna[m], Rixon, mykiwi, atj[m], KartikPrabhu, nickodd, HbHighland, [fluffy], [jgmac1106], b3u, omz13, [hibs], [tantek], [chrisaldrich], gRegorLove, twomanytacos, hs0ucy and [christopherche] joined the channel
#[christopherche]New here and so thankful for all this community does. Here’s my question: I’ve tried to follow [the directions ](https://indieweb.org/rel-canonical) but can’t figure out how to get canonical urls automatically added to tweets that have been cross-posted from micro.blog. Any suggestions?
hs0ucy joined the channel; nickodd left the channel
#jgmac1106unweidly stylesheets or lots of smaller stylesheets? opinions or pros and cons on each
#jgmac1106maybe just <style></style> in the HTML…or go crazy and just use inline...I do lots of weird stuff….means lots of riles…my main style sheet is too long now for me to be efficient…that I never organized it logically
#jgmac1106..plus always checking for selector collisions…started to make more smaller stylesheets…was asking if there are any consequences or pros and cons to either
#KartikPrabhujgmac1106: with many smaller stylesheets the browser has to make a connection to get each of them. Further, depending on the ordering some CSS rules could be overridden in the cascade
#jgmac1106this helping me a ton…never understood how to use .scss files…
#KartikPrabhujumping to scss is not a good idea unless you are comfortable with css first
#[KevinMarks]also, a lot of the extra features SCSS added are now in CSS too
#jgmac1106okayish with CSS if that is something someone can be…need to start learning how variables work next…I think…till then continue breaking as I go
#jgmac1106it is enough to record foran IWC West demo…this is what I wanted (codepen) this is where I got my website