Loqi[fluffy] This year IndieWeb Summit was canceled1, and some pretty good conversations took place. As usual my biggest interest was in doing authenticated, secure sharing of private posts, which has been a huge focus in how I’ve been building Publ.
I wasn’t...
[fluffy][aaronpk] so one thing I’m wondering… with how many people are starting to adopt webmention.js, is this going to start causing problems with the API constantly being hit by every blog entry? I assume you’ve got some level of caching that makes it not a major problem, but I hope this doesn’t have long-term impact issues.
[fluffy]yeah I’d love to see the implementation and simplification of autoauth even if we’ve collectively decided that autoauth itself isn’t the best path forward for this stuff
[fluffy](as a bonus, my bearer tokens work with any auth mechanism supported by Authl, not just IndieAuth, so this works for twitter/email/etc. users too)
[fluffy]Hmm, isn’t it implied that the ticket in step 2 is tied to the user already? Wouldn’t it be up to the ticket endpoint to look up the attached user? or is this just another safety net to prevent basic spoofing?
[fluffy]in Publ’s case the token only includes the validated identity and nothing about the identity. All auth decisions are made in the request router.
[fluffy]it doesn’t matter what your access level is at the time that you get the token, because it’s the request router which decides what the group membership is
[fluffy]but anyway, yeah, the downside to the way my tokens work is I can’t revoke someone’s token if it leaks without resetting my signing secret (and thus logging EVERYONE out), but I can always revoke their access.
[fluffy]okay so I’m thinking about the UX for how this will actually work in a manual ticket-granting flow, and I’m not really liking it. I feel like the entire initial ticket should be in URL form, so that it can be pasted as a single thing into the reader app.
[fluffy]and if it gets a GET or is missing the correct POST data it can put up an error message saying “Please provide this URL to sign in to your feed reader” or whatever
[fluffy]I dunno how much I’m making sense here. Is there an appropriate way to hash out these things on the wiki itself? I don’t feel like talk pages get used much.
[fluffy]rather, what you’re proposing is different than how I was thinking about how things could work, in that I was thinking this wouldn’t require the reader to be part of IndieWeb
[fluffy]like I was thinking of user-driven interactions that didn’t require Alice to send a ticket to Bob’s endpoint, but instead made a ticket available to Bob as soon as Bob’s identity was known (regardless of authentication mechanism)
[fluffy]This does seem to be a pretty good protocol for IndieWeb-specific stuff that would work within the IndieWeb. I guess my proposal is somewhat orthogonal in that it’s a thing I want to be able to graft onto legacy readers and arbitrary auth mechanisms.
[fluffy]This is feeling like a combinatorial explosion of moving parts to me, where it’s getting difficult to implement just one piece of the puzzle when it’s up to the specific implementations of the different pieces to work together.
aaronpki'm feeling pretty good about this, i think i'm going to build it into my site to test it. that'll be a good real-world test of adding support for this
[fluffy]yeah, I’ve updated my blog entry with my thoughts on this stuff. 🙂 tl;dr is I’ll be happy to support it when there’s something to support, it seems pretty straightforward.
[fluffy]okay yeah this actually works really well, if I’m going to build Subl (my long-put-off next-gen feed reader) with this stuff in mind then Subl can also be a ticket endpoint, yessss
[fluffy]there’s a few UX things I want to do where Subl is going to be the reader AND the subscription thing and I want it to be pretty much standalone, but I do intend for it to also work as a microsub endpoint eventually
[fluffy]meanwhile, I feel like there should be a way to formally propose the tiny Atom extension I’m suggesting. Or maybe there’s an existing allowed link rel that is more suitable.
[fluffy]Hmm, the link relation registration process seems straightforward enough. Looks like some of y’all have already gone through that with some of the IndieWeb rels 🙂
[tantek]and separately there's been a request (and subsequent plan) to move the rel-registry from the wiki into a github repo, that's also still in-progress (so many things)
[fluffy]yeah. the UX I have in mind is: feed reader knows that it can use a bearer token to get better access, it prompts the user for the bearer token and that prompt can include a link to the provided page.
[tantek]oh yeah, I'd already previous invented CASSIS which isn't technically a "new" programming language since it's "just" an intersection of two existing programming languages
[fluffy]in my college networking class one of the more open-ended questions was asking how one might go about managing IPv6 address registrations and I came up with a location-based scheme which also allowed for galactic coordinates. I indicated that once we get inter-galactic we might want to consider a larger address space, assuming TCP/IP is even feasible at that point.
[chrisaldrich]It's alright. As the archiver of the video, you could always record a demo and slip it into the original and maybe no one would notice. 😉
aaronpkSince we're clearly not going to have the regular pace of in person IndieWebCamps this year maybe we should try to schedule more frequent specific focused popup sessions
GWGaaronpk: That is what I was thinking. I know [chrisaldrich] may do LMS....but I know we have people who want to try to iterate on Micropub, Microsub, IndieAuth....
[chrisaldrich]Having a couple of weeks' notice (and Friday newsletter announcements) helps too... Having a specific sub-topic also draws a more focused crowd.
[chrisaldrich]I think as long as they're messaged up front which audience is being catered to while still leaving them open to people who would like to attend...
sknebelaaronpk: to be fair in the comparison, a fully integrated thing doesn't need the polling/callback client->auth_endpoint part of AutoAuth either. without that, it's just 3 requests between two components too
[jgmac1106]<<I would by happy to attend a micropub session to lurk and see if I can pick up a few tips to fix Known....though a lot of that if TinyMCE and HTML Sanitization collisions
[jgmac1106]<< gwg we are doing a pop up LMS and #DoOO session, just haven't booked it yet. We found most people in this space didn't want to meet on weekends
jgmac1106I have treid flex-direction: column but that messes up the transformation on the roation. It is a flex layout with the grid….seems complicate…but trying to see if I can do this no JS
jgmac1106I don’t really understand the CSS but if I switch card-body to a grid and lay it out things get messy, and changes to the flex layout mess it up…will keep trying…or use js
[Murray]so if I change .card-front to flex-direction: column; it seems to work fine, but not sure what you were seeing as an issue on the transformation
[Murray]Hmm, I guess one thing it does is cause the cards to be quite large, so their hitboxes overlap. If you're not hovering right in the center of the card there's a chance as it swings around it triggers the other card, steals focus, and causes the animation to falter, but that's a size thing
[jgmac1106] joined the channel; cweiske left the channel
jgmac1106I need to start the work day…gotta remind myself…not late…this is second demo….played baseball outside with kids before my sinuses were ready and lost all my hack time
[Murray]I *think* that you can even set the column number then to a CSS variable (definitely can in Sass) so that you just need to change that in a media query
[Murray]yeah, tbh I get so used to using Firefox (which has superb grid support) that I end up having to rewrite code during testing when I load it in Chrome
jgmac1106except for something with auto-fill or auto-fit…one of the two do not work in FF . I messed up my article cards…but I may replace my article cards with these add a p-summary on the back I kinda get addicted to cards…easier for me to imagine designs
jgmac1106well I goota stop indiewebing and getting some work…luckily it is digital literacies week so I can say Iam working on a “mentor text” for an example
aaronpkAren't there better things to spend time on? I feel like the parser is one of the few components that's the least opinionated. Compare XRay for example which bakes in plenty of opinions which I definitely understand if people don't agree with
[christopherche]New here and so thankful for all this community does. Here’s my question: I’ve tried to follow [the directions ](https://indieweb.org/rel-canonical) but can’t figure out how to get canonical urls automatically added to tweets that have been cross-posted from micro.blog. Any suggestions?
hs0ucy joined the channel; nickodd left the channel
jgmac1106maybe just <style></style> in the HTML…or go crazy and just use inline...I do lots of weird stuff….means lots of riles…my main style sheet is too long now for me to be efficient…that I never organized it logically
jgmac1106..plus always checking for selector collisions…started to make more smaller stylesheets…was asking if there are any consequences or pros and cons to either
KartikPrabhujgmac1106: with many smaller stylesheets the browser has to make a connection to get each of them. Further, depending on the ordering some CSS rules could be overridden in the cascade
jgmac1106okayish with CSS if that is something someone can be…need to start learning how variables work next…I think…till then continue breaking as I go
[fluffy] I wrote a blog post about the auth thing: https://beesbuzz.biz/blog/5711-Access-token-grants-for-feed-readers
[KevinMarks] loqi sees an mf2 summary?
Loqi Yarns Microsub Server or Yarns for short, is a Microsub Server plugin for WordPress https://indieweb.org/Yarns
aaronpk ok moved to here under a brainstorming header https://indieweb.org/IndieAuth_Ticket_Auth
[georgenancejr] Does anyone know if there is anything like a web browser that tries to do what Pico 8 does ?
[chrisaldrich] tantek, I had a physics professor who was big into calendar reform: https://en.wikipedia.org/wiki/Hanke%E2%80%93Henry_Permanent_Calendar
gRegorLove Ticket Auth looks interesting. Is it a new endpoint, rel=ticket_endpoint?
@fortysevenfx ↩️ There are other issues, the biggest being gatekeeping comments to Twitter users, and the lack of edition.
I've seen a lot of indie blogs giving webmentions a try:
https://webmention.net/draft / http://webmention.io (twitter.com/_/status/1277538374270795780)
@kevinmarks ↩️ and you can use http://brid.gy to turn tweeted comments into webmentions too (twitter.com/_/status/1277543001959661568)
[jgmac1106] <<I would by happy to attend a micropub session to lurk and see if I can pick up a few tips to fix Known....though a lot of that if TinyMCE and HTML Sanitization collisions
[grantcodes] What image?
[Murray] Hmm, I guess one thing it does is cause the cards to be quite large, so their hitboxes overlap. If you're not hovering right in the center of the card there's a chance as it swings around it triggers the other card, steals focus, and causes the animation to falter, but that's a size thing
ben_thatmustbeme lol
KartikPrabhu jgmac1106: with many smaller stylesheets the browser has to make a connection to get each of them. Further, depending on the ordering some CSS rules could be overridden in the cascade
@jackyalcine Interesting. It doesn’t look like Lighthouse is actually sending out Webmentions. Ugh. (https://v2.jacky.wtf/post/7588b56f-b16b-4bbc-95e4-0909b3ad60cd) (twitter.com/_/status/1277710005773520896)
[schmarty] KevinMarks: wow that encoding fixer!!!!