#dev 2020-07-10

2020-07-10 UTC
#
jacky what are locations
#
Loqi location is a key aspect of checkin and event posts https://indieweb.org/locations
#
jacky what is weather
#
Loqi Weather is the state of the atmosphere at a place and time as regards heat, dryness, sunshine, wind, rain, etc https://indieweb.org/weather
#
jacky that was a lil' slow
#
jacky hmm I'm going to ignore weather since it seems a bit more ad-hoc of an attribute
#
[tantek] GWG has opinions about weather
#
jacky hm lemme rephrase
#
jacky I'm going to punt on working on it for this client because it doesn't make contextually sense yet
#
jacky *make sense contextually
#
GWG jacky: What opinions do you need!
[chrisaldrich], crab and nickodd joined the channel
#
jacky only the one posted above
#
jacky but I'm thinking that's for something that's more of a mobile client
#
jacky https://chat.indieweb.org/dev/2020-07-09#t1594338835888600
#
Loqi [jacky] okay needing some feedback from people who add weather and location info to posts: would it make sense for a Micropub editor to allow for one to add multiple locations / weather bits?
#
jacky what is visibility
#
Loqi https://indieweb.org/visibility
#
jacky yes
#
jacky but what _is_ it
#
jacky lol
#
jacky ah it's a sub section of a page
vika_nezrimaya and [schmarty] joined the channel
#
jacky what are quotations
#
Loqi A quotation is a type of response post that is primarily a subset of the contents of another post, and often has a citation of that other post https://indieweb.org/quotations
#
jacky hmmm
#
jacky so _technically_ (technically!) if I wanted to quote a passage from a book, I should be using https://indieweb.org/quotation#bookmark ?
#
jacky like I'm thinking about this as I'm reading Parable of the Sower (really good read!) and I want to transfer my highlights to my site
#
jacky this is actually _way_ better tbh
#
jacky I can make a canonical post about a book and just send bookmarks to it as a reaction to note my progress in it
#
jacky lmfaoo at this https://aaronparecki.com/2014/05/15/9/headline-news (saw it here https://indieweb.org/quotation#photo)
#
Loqi [Aaron Parecki] "Hackers holding computers hostage" #headline #news https://aaronparecki.com/img/1240x0/2014/05/15/9/photo.jpeg
KartikPrabhu joined the channel
#
aaronpk what haha
#
aaronpk how on earth did you dig that up
#
jacky lol it's listed as an example of a "photo quotation"
#
aaronpk lol! i never knew that
[chrisaldrich], kingpapa, KartikPrabhu, dopplerg-, petermolnar, oodani, shrysr, willnorris, strugee, moppy, IWSlackGateway1, nloadholtes, nekr0z, myfreeweb, globbot, superkuh, nsh, fredcy_, marinin[m], joshproehl, gRegorLove, jbove, lahacker, jeremycherfas, aaronpk, dansup, ludovicchabant, vilhalmer, cjw6k, blueyed, ketudb, rhiaro, callMeBaby, bear, crab, danyao, dietricha, peterrother, deathrow1, genehack, crazed, sebsel, cjav_dev, vika_nezrimaya1, MrHyde_, geoffo, Ruxton, oenone, sknebel, dckc, HbHighland, raucao, gbmor, justache, [schmarty], GWG, treora, deltab_, jacky, omz13, jjuran, Kaja, kiero_, shakeel, plindner[m], edrex, JK_na, samwilson, Salt[m], Rixon, jamietanna[m], [ColinMorris], vika_nezrimaya, [tantek], [tw2113] and [fluffy] joined the channel; nickodd left the channel
#
[tantek] yeah I like to pick funny examples like that as easter eggs 😄
gRegorLove_, treora, swentel, vika_nezrimaya, vika_nezrimaya1, KartikPrabhu and dckc joined the channel
#
jacky this should be done by next HWC! https://v2.jacky.wtf/post/cbbd1b57-b9da-4dd3-96c3-8068f4476fac
#
Loqi [Jacky Alciné] So far, so good! This is what the side panel for Koype Publish looks like so far. I’m working on keeping this in line with the expectation of what Microformats2 expects so I can dynamically have them come and go depending on what properties a Micro... https://v2.jacky.wtf/media/image/entry%24cbbd1b57-b9da-4dd3-96c3-8068f4476fac/Screenshot_20200710_003710.png?v=original
moppy joined the channel
#
vika_nezrimaya jacky: oo, wow, content warnings! Did you come up with this idea independently or grabbed it from the previous versions of my software? It definitely had content warnings at some point!
#
jacky there's a discussion about adding it as a MF2 property! :)
#
jacky lemme find the link
#
jacky https://github.com/microformats/h-entry/issues/19
#
Loqi [jk-na] #19 p-content-warning proposal
#
jacky if you have screenshots / info of your site using it; def add that to the wiki and the issue so we can have some examples
[KevinMarks] joined the channel
#
[KevinMarks] That reminds me of inkstone jacky
#
vika_nezrimaya p-content-warning? Wait, I've had an exact same idea! That was my idea! I think
#
vika_nezrimaya let me find it real quick
#
vika_nezrimaya YESSSSS!!! I proposed it first at 2018-12-14T14:10:13+03:00
#
vika_nezrimaya let me see if I have a web.archive.org link here
#
vika_nezrimaya 'cause my site is down
#
vika_nezrimaya ugh, I do not have a wayback machine snapshot there but I do have a backup of my site and I could quote it from there :3
#
vika_nezrimaya Oh, my tweet about that is still live! https://twitter.com/kisik21/status/1073535641919647744
#
@kisik21 I think IndieWeb needs more content warning like in mastodon. I propose `p-content-warning` for this and I'll try to implement this at least on my own website. (twitter.com/_/status/1073535641919647744)
#
vika_nezrimaya thanks Loqi
#
Loqi you're welcome
#
[KevinMarks] Yay convergence. That's a good sign if we're using the same name.
#
Loqi 😊
#
vika_nezrimaya Done! I've even included a link to the sample implementation included in the older version of my templates
#
jacky vika_nezrimaya++
#
Loqi vika_nezrimaya has 4 karma in this channel over the last year (9 in all channels)
#
vika_nezrimaya i'm feeling good right now because even though my website is down I'm doing something great by participating in IndieWeb and Microformats standartization!
#
vika_nezrimaya uwu
#
petermolnar !tell [tantek] re disaled stylesheets: on <style> elements <style disabled> doesn't seem to work, but it does trigger with JS e.disabled = true; I'm still trying to make sense of it...
#
Loqi Ok, I'll tell them that when I see them next
[jgmac1106] joined the channel
#
Zegnat petermolnar: disabled is part of the Stylesheet object (as defined by CSSOM) but not part of the HTMLStyleElement object (as defined by HTML).
#
Zegnat So it is correct that you cannot set it through HTML
#
petermolnar erm
#
petermolnar so... is there any way to set it without js?
#
Zegnat Not according to the HTML spec
#
Zegnat Or, hmm, HTML does include the disabled attribute on <link> elements. So maybe if you <link> the stylesheet instead of embedding it
#
sknebel ah hm, yeah, only done that with <link>ed stylesheet, not inline
#
sknebel hey, no fair, jinxed by network lag
#
Zegnat Hahaha
#
Loqi rofl
#
Zegnat petermolnar: whenever a style element is turned to a stylesheet in browser (see step 6) the disabled flag is always left to its default and never specifically set: https://html.spec.whatwg.org/multipage/semantics.html#update-a-style-block
#
Zegnat Maybe you might be able to extract some techniques from https://github.com/filamentgroup/loadCSS
#
Loqi [filamentgroup] loadCSS: Load CSS asynchronously
#
petermolnar hmm
#
petermolnar so <style> either needs `disabled` allowed on it or `media` needa a `none` option
KartikPrabhu joined the channel
#
Zegnat just using "none" as media does not work?
KartikPrabhu joined the channel
#
Zegnat Hmm. media seems to have a "not" clause. So I wonder if "not screen and not print" would be valid. Or even just "not all"
#
petermolnar oh, it works. it's just not valid :D
#
Zegnat petermolnar: `<style media="not all">` is valid per the nuhtml checker and my reading of the MQ spec. At least in Firefox it also seems to correctly disable the CSS within the style element.
#
Zegnat So that is probably the "correct" way of saying none
#
Zegnat https://drafts.csswg.org/mediaqueries/#mq-not
#
Zegnat for all your “technically valid” solutions :D
#
petermolnar a'ight, lemme test it
KartikPrabhu, MrHyde_, geoffo and swentel joined the channel
#
petermolnar yep, that's working
#
petermolnar thank you
#
petermolnar thing is, following the html 4.01 specs was a breeze; trying to find the current, working documentation for these kinds of edge cases is surprisingly hard these days
#
Zegnat I find CSS specs to be somewhat hard to follow because of all the modules. But in a lot of cases the HTML spec will actually link you to the things you want to read, in my experience.
[jgmac1106], leg, zootella_, shakeel, Rixon, Zegnat, swentel, deathrow1, swentie, [tw2113], geoffo and dckc joined the channel
#
jacky up early hacking on my micropub editor
#
jacky this stuff did _not_ need any client side frameworks at all
#
jacky it does rely on JavaScript to send the form (I might be able to refactor away from that) but it sends only what it needs to the upstream server
justache and [tantek] joined the channel
#
[tantek] Petermolnar in which browser(s) did <style disabled > not work? Pretty sure I implemented it in ie5mac lol
#
[tantek] Also could be a reasonable proposal
#
[tantek] Seems like a good thing to add to the HTML spec. Want to try?
#
petermolnar latest ff
#
petermolnar but Zegnat's idea ('not all') works just fine
#
petermolnar that one works even in ie8
#
Zegnat disabled is not an attribute on the style element at all, if I look at the HTML spec, [tantek]. So might have been dropped somewhere along the way
#
[tantek] It “works” but it’s a hack
#
[tantek] Zegnat more likely forgotten. Odd to have that inconsistency between style and link elements
#
[tantek] I probably implemented it at the time because it made sense, and couldn’t get it changed in HTML4 which was already done, and then never got around to it years later when HTML5 was first published
[fluffy] joined the channel
#
Zegnat HTML spec is fairly specific about the fact that the disabled flag is always set to its default value when a <style> element is parsed. Nothing about setting it, sadly. It does not even seem to exist in the DOM definition of the element, only exists in the CSSOM definition of Stylesheet. So it is very easy to set with JavaScript, but that is of course *after* the browser has already done the initial parse.
#
Zegnat I do admit "not all" is a bit of a hack, but a very straightforward one at it, hehe
[chrisaldrich] joined the channel
#
petermolnar I honestly don't see it as a hack
#
petermolnar that's exactly what media queries are for
#
petermolnar and those who can't parse media queries will interpret it as bad, so they'll throw it a away
[KevinMarks] and ketudb joined the channel
#
Zegnat jacky: are you still running everything for your site through Dokku? I am looking for a thing to manage what I run on my server, and the idea that something that overs one-click-Heroku-deploy might be able to also be self-hosted is intriguing to me.
#
jacky that's all I use!
#
jacky for my personal site / single apps that is
#
jacky (which is everything)
#
Zegnat Any tips on getting started with it? I was thinking just getting a cheap VPS at a standard hosting provider and giving it a try.
#
Zegnat There was a project I wanted to try (https://github.com/strapi/strapi) that seems to have an Heroku template. So would be even better if I could get it setup on a short timespan. And I think it might encourage me to make all my own projects one-click-deployable too, where possible.
#
Loqi [strapi] strapi: 🚀 Open source Node.js Headless CMS to easily build customisable APIs
#
jacky that's exactly what I di
#
jacky *did
#
jacky I got a $10 VPS on DigitalOcean running everything now
#
jacky I did a $30 one at first but scaled it down when I knew how much 'power' I needed
[grantcodes] joined the channel
#
[grantcodes] Quite like the alternative I'm using which has a UI.
#
[grantcodes] What is caprover?
#
Loqi https://indieweb.org/CapRover
#
[grantcodes] But there are also UIs for dokku I think
#
jacky there is but there's work to remove it because most people forget that they're there and it can be used as an attack vector
#
jacky (at least the installer one)
#
jacky looking at the homepage, CapRover is more opinionated (which makes the install flow probably a bit more controlled by them)
#
jacky like you have to install LetsEncrypt support for Dokku (via a plugin)
#
[grantcodes] Yeah I'm not a huge fan of how it handles deployment, but once it's set up it works
#
jacky that's all that matters
#
Zegnat I am not sure how important a GUI installer is for me specifically. Because I would not go through the trouble of getting my own code accepted into it, I think.
#
Zegnat But I will add CapRover to the list!
#
jacky what is ios
#
Loqi iOS is the operating system that runs on the Apple iPhone, iPad, and iPod Touch https://indieweb.org/iOS
#
jacky hmm yeah aaronpk IndieWebKit is it, no?
#
jacky what is IndieWebKit
#
Loqi IndieWebKit is a Swift library that provides client APIs for interacting with IndieAuth, Micropub, and Microsub from apps in the Apple ecosystem https://indieweb.org/IndieWebKit
#
aaronpk there we go
sp1ff joined the channel
#
jacky that reminds me to get that set up on my macbook
#
jacky wanna use that and play with the swift macos stuff
#
[grantcodes] Well the GUI has one click installs for strapii and others
[jgmac1106] joined the channel
#
jacky oh then that might be way easier lol
#
jacky that's something I've wanted for Dokku; a way to define a manifest that leans into what Heroku uses (thought it's not stable) for apps
#
jacky so one could do `dokku apps:install my-blog https://git.jacky.wtf/me/new-app` and go from there
nickodd joined the channel
#
aaronpk upgrading to laravel 7 was relatively painless
#
aaronpk i should really get in the habit of doing these upgrades when the new versions come out instead of waiting until i'm like 5 versions behind
#
Loqi I agree
[schmarty] joined the channel
#
aaronpk Zegnat: what does this return for you? (new Date("2020-07-22T18:00:00-07:00")).toLocaleTimeString([], {hour:'2-digit', minute: '2-digit'})
#
Zegnat In the Firefox console: 03:00
#
aaronpk nice
#
Zegnat makes notes to change the clock on his site
#
petermolnar Zegnat: how cheap? For high computational power/low cost, see /Hetzner ; for quick tests, Digitalocean is good
#
Zegnat I am already hosted on Hetzner, so most likely I spin up an extra VPS there
#
Zegnat Looking at CapRover that might be the easier one to start playing with, actually. We'll see. Will probably spin something up tomorrow.
#
petermolnar oh, I meant https://www.hetzner.com/dedicated-rootserver
#
petermolnar and https://www.hetzner.com/sb
#
petermolnar 27,29 €/month => Core i7-2600, 2x 2 TB Ent. HDD, 16 GB RAM
#
Zegnat That seems like overkill for running some sites/apps/whatchamacallem
twomanytacos and KartikPrabhu joined the channel; nickodd left the channel
#
@wolframkriesing ↩️ I was actually looking for ways to asynchronous, loosely coupled connecting systems, like git commits, tweets, blog post releases, etc. I investigated #WebMention, but that’s not it. https://twitter.com/wolframkriesing/status/1280534218184052737 2/ (twitter.com/_/status/1281679022271889408)
#
[tantek] Hmm, sorta? For some of those, WebSub is more appropriate, e.g. as broader notifications to any parties interested (that you might not even know about).
justache joined the channel
#
[schmarty] aaronpk: indieauth.spec.indieweb.org does not mention PKCE (because it was published before that spec was a REC, i imagine). maybe a silly question but is it "cool" to have an auth endpoint support PKCE? seems like the token endpoint (if they're not the same) would need to know to pass long the values?
#
aaronpk yeah i want to do a revision of indieauth that includes PKCE
#
aaronpk PKCE is already an OAuth extension, so it's definitely possible to also do PKCE with indieauth right now
#
aaronpk OAuth 2.1 includes PKCE by default, so after that's a bit farther along I'll probably write up an IndieAuth 1.1 that extends OAuth 2.1, whereas the current IndieAuth extends OAuth 2.0
#
[schmarty] i think supporting it for authentication flow is pretty straightforward for an auth endpoint. for an authorization token i only see the wrinkle that the token endpoint needs to recognize and pass along the nonce.
#
aaronpk (code verifier, not nonce. nonce is from openid connect)
#
[schmarty] oops thanks. hazards of working from memory rather than looking at the dang spec. yes the code verifier!
#
aaronpk yeah i'd have to think through how our separation of token endpoint and authorization endpoint affects that
[Jose_Leiva] joined the channel
#
[Jose_Leiva] given that https://ownyourgram.com/ is not accepting new accounts, what’s a good alternative?
#
[tantek] do we need an ownyourounce?
[KevinMarks] joined the channel
#
[KevinMarks] Unfortunately instagram is working diligently to stop you getting your photos back from them
#
aaronpk best alternative is probably downloading your instagram export and using a tool like the one manton built for micro.blog
#
aaronpk it's unlikely any automated alternative will continue to work much longer
#
[Jose_Leiva] yeah, I was reading the API docs trying to figure out why an IFTTT that I have isn’t working anymore
vika_nezrimaya joined the channel
#
aaronpk wow even IFTTT stopped working?
#
[tantek] no pay, no API
#
sknebel apparently the ifttt-instagram integration has been wonky a few times recently, yeah. don't think there's a clear "this fixes it" given
#
sknebel (might be for ~2 weeks now? unclear)
#
jacky reminds himself to check out PKCE
#
[KevinMarks] What is pkce?
#
Loqi PKCE, Proof-Key for Code Exchange, (pronounced "pixie") is an extension to OAuth 2.0 that protects against intercepted authorization codes during the OAuth flow https://indieweb.org/PKCE
[jgmac1106] and [schmarty] joined the channel
#
vika_nezrimaya Returning to a year-old codebase: launching a new venv, pip install -r requirements.txt, python -m pytest... 14 errors. Then remembering that I was on a feature branch, switching back to master, all tests are green :3
#
vika_nezrimaya jacky: oh, this PKCE thing is nice, and already has support, I might need to implement it
#
@kevinmarks ↩️ We have this in #indieweb 1. Verify domain url and bidirectional rel=me links 2. Links from domain url to email to send token (or webfist to reverse) 3. Use webmentions instead 4. This is harder, but once you can verify domain ownership you can limit by it. (twitter.com/_/status/1281710717960413185)
#
@kevinmarks ↩️ We have this with webmention now - it includes the link but do you click on it? Or, worse, in the silo world where most links are shared because of the preview, not the content. And previews are per silo. http://www.kevinmarks.com/partialsilos.html (twitter.com/_/status/1281718944181690368)
#
GWG aaronpk: Would you document what might be in IndieAuth 1.1 so we can be ahead of the curve?
#
aaronpk the goal would be to follow the current oauth best practices, which are being collected in oauth 2.1, extending it with what we need for indieauth
#
GWG aaronpk: What about expiring tokens? Do we have any outstanding items we might want to put in?
#
aaronpk technically nothing is stopping anyone from currently implementing tokens that expire
#
GWG aaronpk: Except no client support
#
[tantek] tests?
#
GWG aaronpk: By the way, have you added your +1 to https://indieweb.org/2020/Pop-up/Sessions
#
aaronpk there is nothing to support in clients except for starting the indieauth flow over if a token expires
#
GWG [tantek]: Same question.
#
aaronpk what i mean is that these issues are not unique to indieauth, they are considerations for all oauth clients
#
GWG aaronpk: I may be thinking of refresh tokens
#
GWG aaronpk: Understood, just looking to get something started.
sp1ff joined the channel
#
GWG Thus reminding everyone that we have popup proposals to consider
[fluffy] and strugee joined the channel
#
jmac Hi folks... helping another friend debug their Microformats (not that they've asked for my help yet, but they sent me a webmention so they're getting it anyway). Am I right that http://pin13.net/mf2-dev/?id=20200710234939260 isn't a well-formed "in-reply-to" because that property appears one level too deep? That is, it's a property of an h-cite within an h-entry, and not the h-entry directly?
#
KartikPrabhu jmac: it is a well-formed reply. But the reply post is the h-cite not the h-entry
#
KartikPrabhu an fix is to do the following: add a "in-reply-to" directly to the h-cite, and change the "u-in-reply-to" to a "u-url"
#
aaronpk jmac: this is what they meant: http://pin13.net/mf2-dev/?id=20200710235904215
#
KartikPrabhu that ^ is what I was saying :P
#
KartikPrabhu aaronpk++ for actual example :)
#
Loqi aaronpk has 63 karma in this channel over the last year (233 in all channels)
#
aaronpk (moved u-in-reply-to onto h-cite so the entire h-cite becomes the in-reply-to value)