#dev 2020-07-01

2020-07-01 UTC
hs0ucy, [schmarty], geoffo, gRegorLove, nickodd and gRegorLove_ joined the channel
#
jacky what are content warnings
#
Loqi It looks like we don't have a page for "content warnings" yet. Would you like to create it? (Or just say "content warnings is ____", a sentence describing the term)
#
jacky what are content warning
#
Loqi content warning is a feature of a post create UI where an author can hide by default some or all of the primary content of a post due to some concern about the nature of the content https://indieweb.org/content_warning
#
jacky content warnings are content warning
#
Loqi ok
#
jacky what are content warnings
#
Loqi content warnings are content warning https://indieweb.org/content_warnings
#
jacky oh I have to slash it
#
jacky what are content warnings
#
Loqi It looks like we don't have a page for "content warnings" yet. Would you like to create it? (Or just say "content warnings is ____", a sentence describing the term)
#
jacky content warnings are /content warning
#
Loqi ok
#
jacky what are content warnings
#
Loqi content warnings are /content warning https://indieweb.org/content_warnings
#
jacky grrr lol
#
sivy hellooooo
#
sivy hi jacky
#
sivy content warning page deleted?
#
sivy ah singuler
#
sivy im gud speler
#
sivy so, my webmention server is spawning an entire webmention client
#
sivy which does both sides
#
sivy sending of mentions, but also validating and parsing incoming
#
sivy (i’m so deep in the rabbit hole right now I may never deploy this)
#
jacky hey sivy
#
jacky oh I'm there too right now sivy lol
#
sivy haha
#
sivy i made all these cool updates to my DB layer but they’re intermixed with this WM code so i *have* to finish this to fix my DB issues :facepalm:
gRegorLove_, [gRegorLove] and [schmarty] joined the channel
#
sivy comin up with a sensible API for this client has been really hard.
#
sivy also since i’m writing in a language I’m still learning (golang)
#
sivy i’m at the point where i’m trying to make sure i have individual function tests done before I start trying to write the main “does this blargh of HTML return the right data object”
#
sivy sigh
sivy and [KevinMarks] joined the channel; nickodd left the channel
#
gRegorLove I'm working on making the first-time indiebookclub sign in more user friendly and adding delete scope as an option. Thoughts on this? https://imgur.com/sfxhAj1
#
gRegorLove and I've lost track of time, so I'll check back in the morning :)
[tantek], KartikPrabhu, swentel, moppy, dckc and [KevinMarks] joined the channel
#
@grantcodes #100days 60 - Made a small but long overdue change to my site, so that it only sends me notifications about new webmentions. My notifications were filling up with duplicate mentions because of people sending them every time they build their site (which is totally fine) (twitter.com/_/status/1278250750930489347)
KartikPrabhu, [jgmac1106], [itsjustk], [Ana_Rodrigues], hs0ucy, [fluffy], [KevinMarks], Zegnat and Kaja_ joined the channel
#
@mcintyre321 ↩️ We should all switch to self hosted blogs, with WebMention based 'following' widgets, and RSS reader driven off those. i.e. replicate a friend list / feed using open standards (twitter.com/_/status/1278296178665324544)
[jgmac1106], [itsjustk], sknebel, Zegnat, [jeremycherfas], hs0ucy and geoffo joined the channel
#
sivy > “duplicate mentions because of people sending them every time they build their site” OH GOD NOT ANOTHER FAILURE CASE
[snarfed] joined the channel
#
[snarfed] lol. not really a failure case though, anyone can (re)send any webmention at any time, arbitrarily often
#
[snarfed] idempotence!
dckc joined the channel
#
aaronpk Also the intended behavior when someone updates a post
twomanytacos joined the channel
#
@depone @tazgezwitscher eben gesehen, dass Sie aktuell die Kommentarfunktion pausieren. Eventuell wäre für die Zukunft auch die Verwendung von Webmentions (https://webmention.net/draft/) ein Ansatz um Austausch zu den Texten sichtbar zu machen. (twitter.com/_/status/1278343744715096064)
wombelix, hs0ucy, [chrisaldrich] and [tantek] joined the channel
#
[tantek] I feel there are some important lessons here that we can pre-emptively learn from both for individual projects and IndieWeb dev stuff in general.
#
[tantek] Not sure where to put this, figured I’d start here since it’s dev-centric: https://twitter.com/mountain_ghosts/status/1278336761849171969
#
@mountain_ghosts it turns out that accommodating aggressive bullies harms the long-term health of your project? https://twitter.com/TheRegister/status/1277929458809344001 (twitter.com/_/status/1278336761849171969)
#
[tantek] I’m wondering if we can perhaps develop a proactively anti-bullying “how to contribute code to IndieWeb” kinda guide for developers perhaps that has all the developer-specific stuff that we don’t need to confuse the general code of conduct with
[KevinMarks] and gRegorLove joined the channel
#
cjw6k the suggestion is that the aggressive bully is Torvalds, on the receiving end of contributions
#
cjw6k but not to split hairs, I think some anti-bullying towards a 'how to participate in coding with the IndieWeb' or similar would be great
#
cjw6k I find that part personally awkward, would follow some guidelines if available, dev-centric, etc.
dansup, [fluffy], aaronpk, moppy, mlncn, jacky, geoffo, petermolnar, Zegnat, tinfoil-hat, IWSlackGateway, dopplergange, shrysr, IWSlackGateway1, [itsjustk], [schmarty], [Ana_Rodrigues], [JuJu], swentel and gbmor joined the channel
#
[tantek] Exactly cjw6k, it's awkward messy unobvious stuff that if we were to help with even minimal guidelines, it would helps set more positive defaults, so that at least folks that want to do the right thing but aren't sure how would have some guidance they could use.
#
[tantek] interesting insight that perhaps the aggressive bully is Torvalds himself, and in that case a good warning against BDFL-style governance in general
KartikPrabhu and geoffo joined the channel
#
gRegorLove Any thoughts on https://chat.indieweb.org/dev/2020-07-01#t1593584554546100?
#
Loqi [gRegorLove] I'm working on making the first-time indiebookclub sign in more user friendly and adding delete scope as an option. Thoughts on this? https://imgur.com/sfxhAj1
#
swentel hmm, never looked at this from that perspective. I just send all scopes, but then I assume that the user is able to untoggle the asked scopes on their authorize form.
#
swentel (with Indigenous that is)
#
swentel maybe add descriptions too explaining what the scope is for?
#
swentel for create: create posts containing title, body etc
#
jacky ^
#
jacky that wouild be dope
#
jacky I need to do that for my apps too
#
swentel yeah, damn, another idea for indigenous crap
#
swentel I should've gone to bed ;)
#
jacky lol
[schmarty] joined the channel
#
[tantek] or consider progressive scoping? that is start with only create scope, and then if/when a user tries to delete something on indiebookclub, then and only then ask for the delete scope (since then it's tied to an immediate user-expressed need/task)
#
[tantek] really bugs me when any "auth this app to do x,y,z with your account" asks for more x,y,z than they need
#
gRegorLove ooh, good point
#
[tantek] I'm like woah let's get to know each other first
#
gRegorLove I took some inspiration from the screenshots on /scope
#
aaronpk there's a google spec about this
#
aaronpk "incremental authorization"
#
swentel hmm but than you have to perform the authorize dance again?
#
aaronpk yes
#
aaronpk https://tools.ietf.org/html/draft-ietf-oauth-incremental-authz-04
#
gRegorLove swentel, if they're using indieauth.com or indielogin.com I don't think they can untoggle scopes
#
aaronpk indielogin.com has nothing to do with scopes
#
aaronpk but yeah that feature isn't in indieauth.com
#
swentel gRegorLove, ah, good point
#
swentel ok, definitely something to built into indigenous
#
[tantek] I wrote UI flow for this with Twitter a while ago and it's totally doable
#
swentel *build
#
aaronpk google is encouraging it in their docs too
#
aaronpk https://developers.google.com/identity/sign-in/web/incremental-auth
#
[tantek] what is incremental authorization
#
Loqi incremental authorization is the practice, even pattern, of only requesting permissions when they are needed for the current user-action, for example, when requesting OAuth authorization, read, write, delete permission, or similarly with Micropub https://indieweb.org/incremental_authorization
#
gRegorLove Cool, I'll read up and implement that
#
swentel so, you then also store the scopes in the client, so you know which features might not work right?
#
swentel goes reading the google doc
#
[tantek] incremental authorization << https://developers.google.com/identity/sign-in/web/incremental-auth
#
Loqi ok, I added "https://developers.google.com/identity/sign-in/web/incremental-auth" to the "See Also" section of /incremental_authorization https://indieweb.org/wiki/index.php?diff=71024&oldid=14752
#
@steveivy ↩️ That’s my #webmention support branch (twitter.com/_/status/1278434125381279745)
#
[tantek] incremental authorization << https://tools.ietf.org/html/draft-ietf-oauth-incremental-authz-04
#
Loqi ok, I added "https://tools.ietf.org/html/draft-ietf-oauth-incremental-authz-04" to the "See Also" section of /incremental_authorization https://indieweb.org/wiki/index.php?diff=71025&oldid=71024
#
jacky hmm this is good context y'all
#
jacky this makes me want to do only the ID flow with stuff and then 'upgrade' to other scopes in apps
#
swentel very interesting indeed
#
swentel again, should 've gone to bed haha :p
#
swentel which I will do now, night all :)
KartikPrabhu, airDale and [jgmac1106] joined the channel
#
[tantek] jacky exactly!
#
[tantek] when I first used Twitter auth for RelMeAuth sign-in, I started with just ID-only auth, then provided a flow for users to upgrade to posting access
jjuran joined the channel
#
jacky I'll have to look into how to implement that for my projects in a reusable way
#
@ChrisAldrich ↩️ @mrkrndvs One of the things I’ve seen hiding around is how http://Brid.gy does mentions, and I’m guessing it’s for platforms that handle salmentions. In replies to multiple people it includes blank anchor tags with links to the URLs of [more...] https://boffosocko.com/2020/06/28/outline-for-webmentions-in-conjunction-with-academic-citations/?replytocom=296276#respond (twitter.com/_/status/1278449754914066434)
#
@ChrisAldrich ↩️ @mrkrndvs One of the things I’ve seen hiding around is how http://Brid.gy does mentions, and I’m guessing it’s for platforms that handle salmentions. In replies to multiple people it includes blank anchor tags with links to the URLs of [more...] https://boffosocko.com/2020/06/28/outline-for-webmentions-in-conjunction-with-academic-citations/?replytocom=296276#respond (twitter.com/_/status/1278449754914066434)
Hi, [chrisaldrich] and [snarfed] joined the channel
#
[snarfed] re incremental authorization, bridgy does a very coarse version of this, initially just read permissions for backfeed, later upgradeable to write for publish
#
[chrisaldrich] [gRegorLove] I like the look of it, but you might want to use a word other than "scopes" which seems more dev and less user-friendly. Maybe something like "access to"...
#
KartikPrabhu or "permission to" ?
#
jacky ^
#
gRegorLove It's "permissions that indiebookclub will request"
#
gRegorLove with incremental auth though, it won't show them there though, since it's only create permission at first.
#
jacky oh I see
#
jacky it might be safe then to just do a request for "create" and moving forward though
#
jacky granted, that'd require you to do some sort of an alert to ask for it before stuff
#
gRegorLove Yeah, first time someone clicks "delete" they'll see something similar to that screenshot, but with "indiebookclub needs permission to delete posts on your site." and the authorize button again.
#
gRegorLove Then the app will keep that permission, so subsequent deletes will just work (tm)
#
jacky yup!
#
[snarfed] yup. the app (ie indiebookclub) does ideally need to track which permissions/scopes it's been granted so far though
#
[snarfed] to avoid re-prompting
#
gRegorLove Yeah, it does
#
[snarfed] or we'd need some new "which scopes does this token have?" query ability that afaik doesn't exist yet
#
[snarfed] (it does exist in platforms like android)
#
gRegorLove The settings page shows the scopes you've granted, and an option to reset entirely to remove them
#
jacky this is actually one of the times a jwt helps out (it stuffs that kind of info inside the token)
#
jacky (well not really helps but would have made simple)
#
[snarfed] oh yeah, there's UI, but not programmatic/API query, which would let you avoid sending the user there in the first place
#
[snarfed] yeah jwt is nice on the auth/site side, but on the client side you can't assume anything about the token internals
#
jacky true
#
[snarfed] (which is good imho, there are benefits to storing all of a token's state on the server, not in the token itself)
#
jacky indeed! makes editing their ACL very easy
#
[snarfed] and revocation etc
xsteadfastx and [KevinMarks] joined the channel
#
[KevinMarks] Apps now add extra dialogs beforehand explaining what they are asking for and why, because if you click "block" they can't ask again.