#dev 2020-07-04

2020-07-04 UTC
flex14 joined the channel
#
jacky [chrisaldrich]++ to that grid layout
#
Loqi [chrisaldrich] has 7 karma in this channel over the last year (54 in all channels)
[dave], flex14 and [tantek] joined the channel
#
[tantek] almost looks a little too overwhelming
#
[tantek] there's definitely something there though, for comparing different services / projects, once you have picked an approach (service, CMS, your own project)
#
jacky wants the table to be a bit wider so it can breath a bit but that's me
geoffo joined the channel
#
jacky looks like WebSub has some concept of authorization (w.r.t private posts): https://www.w3.org/TR/websub/#authenticated-content-distribution
#
jacky but that's more for signing the notifications it seems
#
jacky actually no, this might help
#
sknebel yes, that's just verifying that a ping the subscriber gets actually is from the hub
#
jacky ah damn then lol
#
jacky thinks he should still be using something like that though
#
sknebel if you are a server you "MUST" support that, says spec :)
#
jacky hmmm
#
aaronpk sknebel: have you had a chance to look at https://indieweb.org/IndieAuth_Ticket_Auth any further?
#
[tantek] In case you were going to put a list of countries in your UI, you may want to consider time travel (lolol) https://www.independent.co.uk/news/uk/politics/coronavirus-quarantine-uk-government-travel-form-rhodesia-a9568991.html
#
[tantek] a UI that changed the list of countries based on the date in the browser would be kind of amazing
#
aaronpk so it turns out Laravel by default serves content at both `/path/` and `/path` grr
#
aaronpk it will only generate urls without the slash, but it accepts requests to both
[chrisaldrich] joined the channel
#
[tantek] heh
#
GWG They shut down Wikimedia Maps for Third-Party use
#
GWG Why is location an arms race?
#
aaronpk cause creating that data is expensive
#
GWG Time to deprecate a provider.
treora, lahacker and [tw2113] joined the channel
#
GWG Anyone have a php function to calculate a bounding box based on an array of coordinates?
#
dansup GWG: https://github.com/jsor/geokit#boundingbox ?
#
Loqi [jsor] geokit: Geo-Toolkit for PHP.
#
@_HarshilShah TIL: Webmentions is a thing. Scroll to the end of this post for a demo (also read the post while you're doing that because it's good) (twitter.com/_/status/1279273682595004418)
lahacker joined the channel
#
GWG It's too late for math
#
dansup haha
#
GWG The people at Wikimedia Maps may have stopped offering me maps...
#
GWG But I'll have Yandex, and Geoapify and Maptiler
[benatwork] and [KevinMarks] joined the channel
#
[KevinMarks] A bounding box in what projection?
#
[KevinMarks] If you're using leaflet you can add the points to a group and then zoom to that group
nickodd joined the channel
#
jacky what is jf2
#
Loqi jf2 is a working prototype of a simpler JSON serialization of microformats2 intended to be easier to consume than the standard Microformats JSON representation https://indieweb.org/jf2
#
jacky hmm is it a prototype if it's a w3c spec?
#
jacky oh this is a 'note'?
#
jacky aaronpk: if you had to redo the API for webmention.io; would you have done it with jf2?
#
jacky I'm formulating Lighthouse's API to be around that right now and I can't see a reference not to
#
jacky yeah I think jf2 will be it for me
moppy, [dave] and [KevinMarks] joined the channel
#
[KevinMarks] I thought webmention.io did return jf2? When I copied the api I used my mf2 to jf2 converter
#
jacky it does but like if it went through a strict parser, it wouldn't be valid IIRC
#
jacky there's like extra keys in there
#
jacky like if it went through a JSON-LD parser
#
[KevinMarks] Probably worth a wiki page documenting the specific format is there's 3 of us returning it
[jgmac1106] joined the channel
#
sknebel aaronpk: I think my remaining questions are all mentioned (how to get it to clients, how to control which clients can access what, how does it work for access for many individual pages), and I'm not sure its easier once those are solved
#
sknebel but the principle could work
#
@calum_ryan Testing out sending webmentions on my new Kirby site (https://calumryan.com/notes/3533) (twitter.com/_/status/1279398947048603648)
#
GWG [KevinMarks]: To pass into a static map API
#
[KevinMarks] so in lat, long?
#
GWG [KevinMarks]: As in an array of lat,longs
#
[KevinMarks] the bounding box is pretty much [min(lats),min(longs),max(lats),max(longs)]
#
[KevinMarks] you can do it with a for loop easily enough
#
[KevinMarks] lats=[]; longs=[];
#
[KevinMarks] array_push(longs,latlong[1]);
#
[KevinMarks] } return
#
[KevinMarks] for (latlong in points) {
#
[KevinMarks] array_push(lats,latlong[0]);
#
[KevinMarks] oop
#
[KevinMarks] return [min(lats),min(longs),max(lats),max(longs)]
#
[KevinMarks] or you could do it with min and max variables for each in the loop, if you don't want to copy the coords
#
aaronpk jacky: yes I even have a secondary api for webmention.io that is jf2
#
GWG Yes, I just wonder how much larger than the minimum and maximum I should make it
#
sknebel try a few percentages and see what looks good?
#
GWG sknebel: Hopefully someone will use it
#
sknebel aaronpk: to expand on the earlier comment: in both cases, to me the main complexity right now seems to be about a) the clients and b) managing the existing permissions and tokens, and I'm not sure either approach makes a big difference there once you get into renewal, revocation, ...
#
sknebel and it'd be interesting to what degree they can overlap. I.e. if I support both, and a client makes an AutoAuth request, I could consider giving it a token I got via ticket auth earlier. and reverse potentially. needs some fleshing out of those APIs
[tantek] joined the channel
#
aaronpk yeah i guess we just need to keep prototyping stuff
#
sknebel yes. hope I find some more motivation for that
#
[tantek] Would be worth publishing an updated jf2 spec draft (that supersedes the W3C note) with what we’ve learned. Publish on spec.indieweb.org
nickodd joined the channel
#
[tantek] [KevinMarks] can you control the head of your blogger template?
#
[tantek] Can you remove the explicit meta viewport ?
#
[KevinMarks] i just tried that
#
[KevinMarks] though the theme is very oldschool
#
[tantek] Hmm getting odd results on refresh. Will need to investigate this some more
#
[tantek] Do you have Firefox focus installed [KevinMarks] ? With content blockers turned on?
#
[KevinMarks] On desktop?
Ki and [jgmac1106] joined the channel
#
[jgmac1106] Kevin would need to switch blogger themes...which makes mf2 harder
#
[jgmac1106] or style it himself
#
[jgmac1106] in fact only way to add mf2 now is to install the classic theme Kevin used...I never tested their responsiveness
#
[jgmac1106] chrisaldrich convince threaderapp to make a tool for the irc chatlogs, you can select a date and time range, people, perhaps each h-entry
#
[jgmac1106] do something like: https://jgregorymcverry.com/whyithread
KartikPrabhu joined the channel
#
aaronpk i kinda want to start posting my conference proposals on my website just so that i have a record of them all in one place
#
aaronpk but I don't necessarily want them to be public
#
aaronpk maybe once they're accepted i can turn them into a public post
[chrisaldrich] joined the channel
#
aaronpk actually i guess i already kind of have this at https://aaronparecki.com/presentations
#
Loqi [Aaron Parecki] How to Hack OAuth
#
aaronpk except those are only the ones that have happened
[tw2113], flex14, KartikPrabhu and [fluffy] joined the channel
#
[fluffy] I just want to verify something: a successful IndieAuth code verification request must result in an HTTP 200 to be valid, right? 202 isn’t appropriate for something that returns an actual response body that is to be used?
#
[fluffy] I’m debugging an issue with someone who’s unable to login to my site with their IndieAuth endpoint and the issue is their code verification request is returning 202 Accepted (with the verification body) instead of 200 OK, and they say that they’re able to log in to a bunch of other sites with this implementation. But the IndieAuth spec doesn’t say what HTTP codes are allowed, it just implies 200.
#
[fluffy] per https://indieauth.spec.indieweb.org/#authorization-code-verification
#
aaronpk yeah 202 is to say "I'm working on this"
#
[fluffy] yeah that’s what I thought
#
[fluffy] ok I’ll link them to this chat as well 🙂
#
aaronpk looks like indieauth isn't specific about the http code to return, but also the only thing oauth and indieauth say about http codes really is that errors should be returned with http 400
#
aaronpk everything else would fall back to http semantics, in which case 202 is not an appropriatee response for an operation that is complete
#
[fluffy] yeah, but we can infer from the HTTP spec that 202 is not an appropriate response code for a code verification.
#
[fluffy] yeah
#
[fluffy] I wonder what other implementations they did authorize against and if those implementations were just like “oh it’s a 2xx, ’sall good”
#
[fluffy] I know a lot of people are pretty lenient about that in general.
#
aaronpk i'm betting mine looks for a 400 and considers everything else okay
#
[fluffy] Well, I’ve let them know where the error is and it’s up to them to decide to return the correct HTTP code. 🙂
#
aaronpk is it an indieauth endpoint used by others? or built into their site?
#
aaronpk always curious to hear about new implementations :)
[tantek] joined the channel
#
[fluffy] They’re “in stealth mode” and getting ready to launch it. I’m sure they’ll be making an announcement soon enough. I’m flattered they decided to use mine as a reference for verification. 🙂
#
[fluffy] The impression I get is that it’s an endpoint that’s to be used by others.
#
aaronpk awesome
#
aaronpk i really wish i had a test suite
#
[fluffy] yeah, I have pretty robust unit tests for Authl as a client, but that mocks out the endpoint.
nickodd left the channel
#
[tantek] [KevinMarks] Firefox Focus is a mobile app, on at least iOS (might still be available on Android? not sure. I was testing on iOS)
[KevinMarks], lahacker and [grantcodes] joined the channel
#
[grantcodes] Yeah it's on Android too
geoffo joined the channel
#
[KevinMarks] It switches to mobile view by default for me there
#
[KevinMarks] On iOS you'll be using safari though. Firefox and chrome on android get to ship their own engines
#
[KevinMarks] I should check it on my iOS devices
#
Loqi agreed.
#
[tantek] +1
KartikPrabhu joined the channel
#
jacky aaronpk: ah okay
#
jacky I might have something to demo for the next hwc
#
jacky _might_
#
jacky tl;dr: a drop-in component for webmention services that expose jf2 for a page (right now focusing on likes)
#
jacky trying to make something that I can just drop on any page so I don't have to worry too much about presentation
#
jacky and it works in 'real-time'
#
jacky similar to https://github.com/PlaidWeb/webmention.js
#
Loqi [PlaidWeb] webmention.js: Client-side library for rendering webmentions from webmention.io
[dave] joined the channel
#
@snellingio Been thinking more about what I’d like in a social network. You can create or follow any number of feeds (public or private). All RSS compatible. No tracking. Comments via Webmentions only. No DMs (twitter.com/_/status/1279563564827713536)