#dev 2020-07-01

2020-07-01 UTC
hs0ucy, [schmarty], geoffo, gRegorLove, nickodd and gRegorLove_ joined the channel
#
jacky
what are content warnings
#
Loqi
It looks like we don't have a page for "content warnings" yet. Would you like to create it? (Or just say "content warnings is ____", a sentence describing the term)
#
jacky
what are content warning
#
Loqi
content warning is a feature of a post create UI where an author can hide by default some or all of the primary content of a post due to some concern about the nature of the content https://indieweb.org/content_warning
#
jacky
content warnings are content warning
#
jacky
what are content warnings
#
Loqi
content warnings are content warning https://indieweb.org/content_warnings
#
jacky
oh I have to slash it
#
jacky
what are content warnings
#
Loqi
It looks like we don't have a page for "content warnings" yet. Would you like to create it? (Or just say "content warnings is ____", a sentence describing the term)
#
jacky
content warnings are /content warning
#
jacky
what are content warnings
#
jacky
grrr lol
#
sivy
hellooooo
#
sivy
hi jacky
#
sivy
content warning page deleted?
#
sivy
ah singuler
#
sivy
im gud speler
#
sivy
so, my webmention server is spawning an entire webmention client
#
sivy
which does both sides
#
sivy
sending of mentions, but also validating and parsing incoming
#
sivy
(i’m so deep in the rabbit hole right now I may never deploy this)
#
jacky
hey sivy
#
jacky
oh I'm there too right now sivy lol
#
sivy
haha
#
sivy
i made all these cool updates to my DB layer but they’re intermixed with this WM code so i *have* to finish this to fix my DB issues :facepalm:
gRegorLove_, [gRegorLove] and [schmarty] joined the channel
#
sivy
comin up with a sensible API for this client has been really hard.
#
sivy
also since i’m writing in a language I’m still learning (golang)
#
sivy
i’m at the point where i’m trying to make sure i have individual function tests done before I start trying to write the main “does this blargh of HTML return the right data object”
#
sivy
sigh
sivy and [KevinMarks] joined the channel; nickodd left the channel
#
gRegorLove
I'm working on making the first-time indiebookclub sign in more user friendly and adding delete scope as an option. Thoughts on this? https://imgur.com/sfxhAj1
#
gRegorLove
and I've lost track of time, so I'll check back in the morning :)
[tantek], KartikPrabhu, swentel, moppy, dckc and [KevinMarks] joined the channel
#
@grantcodes
#100days 60 - Made a small but long overdue change to my site, so that it only sends me notifications about new webmentions. My notifications were filling up with duplicate mentions because of people sending them every time they build their site (which is totally fine)
(twitter.com/_/status/1278250750930489347)
KartikPrabhu, [jgmac1106], [itsjustk], [Ana_Rodrigues], hs0ucy, [fluffy], [KevinMarks], Zegnat and Kaja_ joined the channel
#
@mcintyre321
↩️ We should all switch to self hosted blogs, with WebMention based 'following' widgets, and RSS reader driven off those. i.e. replicate a friend list / feed using open standards
(twitter.com/_/status/1278296178665324544)
[jgmac1106], [itsjustk], sknebel, Zegnat, [jeremycherfas], hs0ucy and geoffo joined the channel
#
sivy
> “duplicate mentions because of people sending them every time they build their site” OH GOD NOT ANOTHER FAILURE CASE
[snarfed] joined the channel
#
[snarfed]
lol. not really a failure case though, anyone can (re)send any webmention at any time, arbitrarily often
#
[snarfed]
idempotence!
dckc joined the channel
#
aaronpk
Also the intended behavior when someone updates a post
twomanytacos joined the channel
#
@depone
@tazgezwitscher eben gesehen, dass Sie aktuell die Kommentarfunktion pausieren. Eventuell wäre für die Zukunft auch die Verwendung von Webmentions (https://webmention.net/draft/) ein Ansatz um Austausch zu den Texten sichtbar zu machen.
(twitter.com/_/status/1278343744715096064)
wombelix, hs0ucy, [chrisaldrich] and [tantek] joined the channel
#
[tantek]
I feel there are some important lessons here that we can pre-emptively learn from both for individual projects and IndieWeb dev stuff in general.
#
[tantek]
Not sure where to put this, figured I’d start here since it’s dev-centric: https://twitter.com/mountain_ghosts/status/1278336761849171969
#
@mountain_ghosts
it turns out that accommodating aggressive bullies harms the long-term health of your project? https://twitter.com/TheRegister/status/1277929458809344001
(twitter.com/_/status/1278336761849171969)
#
[tantek]
I’m wondering if we can perhaps develop a proactively anti-bullying “how to contribute code to IndieWeb” kinda guide for developers perhaps that has all the developer-specific stuff that we don’t need to confuse the general code of conduct with
[KevinMarks] and gRegorLove joined the channel
#
cjw6k
the suggestion is that the aggressive bully is Torvalds, on the receiving end of contributions
#
cjw6k
but not to split hairs, I think some anti-bullying towards a 'how to participate in coding with the IndieWeb' or similar would be great
#
cjw6k
I find that part personally awkward, would follow some guidelines if available, dev-centric, etc.
dansup, [fluffy], aaronpk, moppy, mlncn, jacky, geoffo, petermolnar, Zegnat, tinfoil-hat, IWSlackGateway, dopplergange, shrysr, IWSlackGateway1, [itsjustk], [schmarty], [Ana_Rodrigues], [JuJu], swentel and gbmor joined the channel
#
[tantek]
Exactly cjw6k, it's awkward messy unobvious stuff that if we were to help with even minimal guidelines, it would helps set more positive defaults, so that at least folks that want to do the right thing but aren't sure how would have some guidance they could use.
#
[tantek]
interesting insight that perhaps the aggressive bully is Torvalds himself, and in that case a good warning against BDFL-style governance in general
KartikPrabhu and geoffo joined the channel
#
Loqi
[gRegorLove] I'm working on making the first-time indiebookclub sign in more user friendly and adding delete scope as an option. Thoughts on this? https://imgur.com/sfxhAj1
#
swentel
hmm, never looked at this from that perspective. I just send all scopes, but then I assume that the user is able to untoggle the asked scopes on their authorize form.
#
swentel
(with Indigenous that is)
#
swentel
maybe add descriptions too explaining what the scope is for?
#
swentel
for create: create posts containing title, body etc
#
jacky
that wouild be dope
#
jacky
I need to do that for my apps too
#
swentel
yeah, damn, another idea for indigenous crap
#
swentel
I should've gone to bed ;)
[schmarty] joined the channel
#
[tantek]
or consider progressive scoping? that is start with only create scope, and then if/when a user tries to delete something on indiebookclub, then and only then ask for the delete scope (since then it's tied to an immediate user-expressed need/task)
#
[tantek]
really bugs me when any "auth this app to do x,y,z with your account" asks for more x,y,z than they need
#
gRegorLove
ooh, good point
#
[tantek]
I'm like woah let's get to know each other first
#
gRegorLove
I took some inspiration from the screenshots on /scope
#
aaronpk
there's a google spec about this
#
aaronpk
"incremental authorization"
#
swentel
hmm but than you have to perform the authorize dance again?
#
gRegorLove
swentel, if they're using indieauth.com or indielogin.com I don't think they can untoggle scopes
#
aaronpk
indielogin.com has nothing to do with scopes
#
aaronpk
but yeah that feature isn't in indieauth.com
#
swentel
gRegorLove, ah, good point
#
swentel
ok, definitely something to built into indigenous
#
[tantek]
I wrote UI flow for this with Twitter a while ago and it's totally doable
#
swentel
*build
#
aaronpk
google is encouraging it in their docs too
#
[tantek]
what is incremental authorization
#
Loqi
incremental authorization is the practice, even pattern, of only requesting permissions when they are needed for the current user-action, for example, when requesting OAuth authorization, read, write, delete permission, or similarly with Micropub https://indieweb.org/incremental_authorization
#
gRegorLove
Cool, I'll read up and implement that
#
swentel
so, you then also store the scopes in the client, so you know which features might not work right?
#
swentel
goes reading the google doc
#
Loqi
ok, I added "https://developers.google.com/identity/sign-in/web/incremental-auth" to the "See Also" section of /incremental_authorization https://indieweb.org/wiki/index.php?diff=71024&oldid=14752
#
@steveivy
↩️ That’s my #webmention support branch
(twitter.com/_/status/1278434125381279745)
#
Loqi
ok, I added "https://tools.ietf.org/html/draft-ietf-oauth-incremental-authz-04" to the "See Also" section of /incremental_authorization https://indieweb.org/wiki/index.php?diff=71025&oldid=71024
#
jacky
hmm this is good context y'all
#
jacky
this makes me want to do only the ID flow with stuff and then 'upgrade' to other scopes in apps
#
swentel
very interesting indeed
#
swentel
again, should 've gone to bed haha :p
#
swentel
which I will do now, night all :)
KartikPrabhu, airDale and [jgmac1106] joined the channel
#
[tantek]
jacky exactly!
#
[tantek]
when I first used Twitter auth for RelMeAuth sign-in, I started with just ID-only auth, then provided a flow for users to upgrade to posting access
jjuran joined the channel
#
jacky
I'll have to look into how to implement that for my projects in a reusable way
#
@ChrisAldrich
↩️ @mrkrndvs One of the things I’ve seen hiding around is how http://Brid.gy does mentions, and I’m guessing it’s for platforms that handle salmentions. In replies to multiple people it includes blank anchor tags with links to the URLs of [more...] https://boffosocko.com/2020/06/28/outline-for-webmentions-in-conjunction-with-academic-citations/?replytocom=296276#respond
(twitter.com/_/status/1278449754914066434)
#
@ChrisAldrich
↩️ @mrkrndvs One of the things I’ve seen hiding around is how http://Brid.gy does mentions, and I’m guessing it’s for platforms that handle salmentions. In replies to multiple people it includes blank anchor tags with links to the URLs of [more...] https://boffosocko.com/2020/06/28/outline-for-webmentions-in-conjunction-with-academic-citations/?replytocom=296276#respond
(twitter.com/_/status/1278449754914066434)
Hi, [chrisaldrich] and [snarfed] joined the channel
#
[snarfed]
re incremental authorization, bridgy does a very coarse version of this, initially just read permissions for backfeed, later upgradeable to write for publish
#
[chrisaldrich]
[gRegorLove] I like the look of it, but you might want to use a word other than "scopes" which seems more dev and less user-friendly. Maybe something like "access to"...
#
KartikPrabhu
or "permission to" ?
#
gRegorLove
It's "permissions that indiebookclub will request"
#
gRegorLove
with incremental auth though, it won't show them there though, since it's only create permission at first.
#
jacky
oh I see
#
jacky
it might be safe then to just do a request for "create" and moving forward though
#
jacky
granted, that'd require you to do some sort of an alert to ask for it before stuff
#
gRegorLove
Yeah, first time someone clicks "delete" they'll see something similar to that screenshot, but with "indiebookclub needs permission to delete posts on your site." and the authorize button again.
#
gRegorLove
Then the app will keep that permission, so subsequent deletes will just work (tm)
#
[snarfed]
yup. the app (ie indiebookclub) does ideally need to track which permissions/scopes it's been granted so far though
#
[snarfed]
to avoid re-prompting
#
gRegorLove
Yeah, it does
#
[snarfed]
or we'd need some new "which scopes does this token have?" query ability that afaik doesn't exist yet
#
[snarfed]
(it does exist in platforms like android)
#
gRegorLove
The settings page shows the scopes you've granted, and an option to reset entirely to remove them
#
jacky
this is actually one of the times a jwt helps out (it stuffs that kind of info inside the token)
#
jacky
(well not really helps but would have made simple)
#
[snarfed]
oh yeah, there's UI, but not programmatic/API query, which would let you avoid sending the user there in the first place
#
[snarfed]
yeah jwt is nice on the auth/site side, but on the client side you can't assume anything about the token internals
#
[snarfed]
(which is good imho, there are benefits to storing all of a token's state on the server, not in the token itself)
#
jacky
indeed! makes editing their ACL very easy
#
[snarfed]
and revocation etc
xsteadfastx and [KevinMarks] joined the channel
#
[KevinMarks]
Apps now add extra dialogs beforehand explaining what they are asking for and why, because if you click "block" they can't ask again.