#dev 2020-07-15

2020-07-15 UTC
KartikPrabhu joined the channel
#
[tantek]
really glad you took a close look at this aaronpk
#
[tantek]
if you think there's a chance to adjust/fix it so it works smoothly with IndieAuth, I think that's worth putting time into
#
[tantek]
aaronpk, how would you answer this question? What's a good estimate of the size of the end user population for IndieAuth IDP’s? (I'm thinking roughly micro.blog users + Known users + WordPress IndieAuth plugin installs?)
#
GWG
IDP?
#
[tantek]
well at least we're in the right channel for that
#
[tantek]
what is an IDP
#
Loqi
It looks like we don't have a page for "IDP" yet. Would you like to create it? (Or just say "IDP is ____", a sentence describing the term)
#
[tantek]
what is an identity provider
#
Loqi
It looks like we don't have a page for "identity provider" yet. Would you like to create it? (Or just say "identity provider is ____", a sentence describing the term)
#
[tantek]
well then
#
aaronpk
hmm does manton publish any info on the number of micro.blog users?
#
aaronpk
obligatory link to bridgy stats to see if there's anything there that might help https://snarfed.org/2020-06-27_bridgy-stats-update-5
#
aaronpk
so i think i know why that question is being asked, and i would like to challenge the assumption there
#
GWG
The install base of IndieAuth for WordPress is 500+
#
aaronpk
given that this proposal will require changes to OpenID Connect itself, I don't think it's fair to compare end user metrics in the first place
#
aaronpk
his diagram of the number of IdPs vs RPs vs Users still holds in the IndieAuth model, although it's more like IdP software rather than IdPs, and more like O(100) instead of O(10)
#
aaronpk
IndieAuth will require some amount of changes to work in this model as well
#
aaronpk
rather than think about it as "but what about IndieAuth", it's more helpful to think about the underlying problem IndieAuth is solving and make sure that this new thing can also solve that
#
aaronpk
I could write a new version of this post that talks about the problem the same way but inserts this WebID thing into the mix
#
aaronpk
if the browser can participate in the flow as a first-class citizen, then the whole step of the website showing a URL field to ask the user to enter their URL goes away and it can happen automatically
#
[tantek]
That's a great way to reframe it
#
[tantek]
Would that be an IndieAuth extension? Or a feature added to IndieAuth?
#
aaronpk
probably depends on what the changes are to OpenID Connect and OAuth
#
aaronpk
if it can be done as an extension to OAuth and OpenID Connect, then it could be done as an extension to IndieAuth as well
#
[tantek]
I guess I mean from a browser pesrpective
[tw2113] joined the channel
#
aaronpk
ideally I'd like the WebID API to not make the assumption that the RP will be deciding the provider ahead of time, and provide a mechanism for the user to establish one or more IdPs with the browser directly, so that the RP can ask the browser to "just authenticate the user somehow please"
#
aaronpk
we'd take that mechanism and add back in the IndieAuth bits of user IDs being URLs
#
aaronpk
I say it this way because I know that there's no point in arguing things like "user IDs must be URLs" since that is a pointless battle that we will not win
#
[tantek]
I like that aspect of putting the user more in direct control via the browser
#
[tantek]
That's a very appealing way to design it
#
aaronpk
there will of course be exceptions where that won't be possible, but i want to make sure it's an option
#
aaronpk
for example some apps will want to limit the IdPs they trust for various reasons. so it should be possible for an app to say "i want the user to log in with any of these providers: google, apple, twitter"
#
aaronpk
as well as be able to ask "I just want the user to log in, i don't care what provider they use"
#
[tantek]
right, and with enough default examples (Monocle?) that do that, it becomes the norm
#
[tantek]
I'll leave it to aaronpk if he wants to click the links above and add IndieWeb-specific definitions with references to IndieAuth and common services / implications
#
[tantek]
implementations*
#
aaronpk
what is IdP?
#
Loqi
It looks like we don't have a page for "IdP" yet. Would you like to create it? (Or just say "IdP is ____", a sentence describing the term)
#
GWG
The biggest issue I see for me getting more adoption on my IndieAuth implementation isn't an IndieAuth issue...so many people are blocking auth headers.
#
aaronpk
good enough for now
#
jacky
aaronpk++ for inter-operable thoughtfulness on WebID + IndieAuth
#
Loqi
aaronpk has 65 karma in this channel over the last year (235 in all channels)
sp1ff joined the channel
#
@kixiQu
↩️ are responses a la webmentions necessarily "post"-type content rather than page-type? but then isn't the point of the web non linear asynchrony?
(twitter.com/_/status/1283209411859640323)
#
KartikPrabhu
what's that tweet trying to say?
#
KartikPrabhu
I understand each statement/question but why are they together?
#
jacky
me when I try to understand science
#
KartikPrabhu
jacky: now that insulting! ;)
#
jacky
lol I almost always fail
#
jacky
but yeah I wanna break that down a bit
#
jacky
like I don't understand what's being asked in the first bit tbh
#
jacky
but I think the latter bit (there's no thread of origin in a completely federated web, just ideas of one)
#
jacky
makes sense
#
vilhalmer
I think it's getting at webmentions being context-sensitive?
#
KartikPrabhu
right. The first bit is probably due to some frameworks/CMS making a "hard distinciton" between posts vs pages
#
vilhalmer
as opposed to "page-type" being just some static content
#
KartikPrabhu
but webmentions are from any URL to another
#
KartikPrabhu
I think I mostly don't understand the "but" conjunction. Those questions are independent as far as I see
#
vilhalmer
I think they're trying to reconcile the post as a more ephemeral thing with the concept of updates to a static page
#
vilhalmer
like, "webmentions seem like the right way to notify of updates, but are intended for standalone content"
#
jacky
grr static pages
#
KartikPrabhu
so it is seems like a misunderstanding of webmentions
#
KartikPrabhu
jacky: all pages are static unless updated :P
#
vilhalmer
all pages are dynamic but stale ;)
#
vilhalmer
this is the dichotomy of the web
#
vilhalmer
I have one actual Page just because I felt like it fit the aesthetic https://vil.lv/sc3k.html
#
vilhalmer
it's not linked anywhere because it's not done
nickodd and [fluffy] joined the channel
#
[fluffy]
The WebID discussion reminded me of the current gap in the IndieAuth spec that I wanted to see addressed. I finally responded to the most recent comment on it, both with why I don’t think why the query parameters need to be handled, and with an actual in-the-wild example of how it’s a problem. https://github.com/indieweb/indieauth/issues/35
#
aaronpk
It's not a flaw
#
aaronpk
the assumption in the current version is that the security is modeled at the domain level
#
aaronpk
So yes if you try to do things that break that assumption then it looks like it's a flaw
#
aaronpk
but you have to decide a security boundary at some point, and where we drew the line is at the domain
#
aaronpk
the precedent in this is the same origin policy in browsers
#
aaronpk
you see the same things with cookies
#
aaronpk
a page at `/user/` can set a cookie at `/`
#
aaronpk
That's one of the reasons github switched hosting github pages at github.io instead of github.com
#
[fluffy]
I see it as a flaw though. There are a lot of people who don’t want to get their own domain, and who might want to participate in the indieweb from a site like tilde.club.
#
[fluffy]
Like, yeah, it’s how the current version is modeled, and I’m suggesting that maybe a new version should not model it that way.
#
[fluffy]
Obviously it’s less of a concern for most things like Mastodon or whatever where there’s a single authority for the entire domain, but tilde.club or academic homepages or whatever deserve to be part of the indieweb too.
#
GWG
Time to start planning the IndieAuth popup date?
nickodd left the channel
#
nekr0z
[fluffy]: isn't the cornerstone and the proper ID for IndieWeb the personal domain, though? I mean, the first thing the Getting Started wiki page says is 'get your own domain'.
#
[fluffy]
I feel like that cornerstone is unnecessarily exclusionary.
KartikPrabhu joined the channel
#
vilhalmer
the personal domain is necessarily exclusionary as it nearly universally costs something
#
vilhalmer
unless some change appears that allows the acquisition of a domain for free, this will always be the case
#
vilhalmer
and it has to come with some kind of guarantee that it won't vanish unexpectedly
#
[fluffy]
Right, but I mean, things like tilde.club/tilde.town exist, and academic homepages are still a thing.
#
[fluffy]
Heck, doesn’t Dreamhost still provide a dreamhosters.com/~username thing?
#
vilhalmer
yeah, definitely!
#
vilhalmer
and we should support those methods of interacting with the indieweb
#
[fluffy]
admittedly, there are free domain providers though like freenom.com, but you still need hosting.
#
vilhalmer
since the gtld appeared, one of my dreams has been a tld that offers a free domain to anyone, at the expense of it being effectively random
#
superkuh
tor onions, vilhalmer.
#
[fluffy]
.name? 😉
#
vilhalmer
that would allow a guaranteed identity on the web, if not a "preferred" one
#
vilhalmer
sure, but tor is not accessible on the outer web
#
vilhalmer
somethign with a <sha265>.somedomain would be awesome
#
superkuh
Unfortunately, because it's better. You own the domain instead of lease it on the whim of some easily pressured corp.
#
[fluffy]
yeah, and hosting stuff on it still has a pretty steep barrier to entry as well
#
vilhalmer
even if you pointed it at wordpress or something else at least it would offer a more or less permanent identity against potential hosting changes
#
superkuh
The way I do webmentions can accept from .onion for my .onion(s). But that's because I cheat and just log POST, remove any that dupe 3 times, and then read manually with eyes in a text editor.
#
[fluffy]
yeah, tumblr is a good choice for that too
#
[fluffy]
tumblr’s templating is flexible enough that I bet one could do a fully indieweb thing on it too. I mean, assuming external endpoints, of course.
#
[fluffy]
which reminds me, I was meaning to open an Authl issue about allowing Tumblr as an identity provider too
#
vilhalmer
at some point we want to be able to include people who don't want to care what a POST is
#
vilhalmer
it's a ways off, for sure
#
vilhalmer
but even the domain could potentially become an implementation detail eventually
#
vilhalmer
as it was always intended to be
#
[fluffy]
yeah, like, I absolutely agree with the ideal world where everyone owns their own Internet presence but that’s a long ways off, and there’s also aesthetic reasons why people might want to be on a shared domain without a shared underlying platform. (like, again, tilde.club)
#
[fluffy]
I realize that’s a very marginal use case but it’s still a use case.
#
jacky
I don't think it's marginal
#
jacky
if anything, it's the use case most people are currently acquainted to
#
jacky
it's a lot less effort for someone to sign up and grab a URL from a service versus grabbing a domain and hosting provider
#
jacky
granted, you can def get the latter going a _lot_ easier now too
#
jacky
but the former doesn't (usually) cost money for people - it comes at the loss of a bit of individuality
#
[fluffy]
yeah, but msot of those services give you a subdomain, not a tilde-name
#
[fluffy]
tumblr and wordpress.com being key examples
#
jacky
I'm almost certain tumblr had one at a point
#
jacky
ah no - it's for like blog-specific things
#
jacky
regarding this URL thing, it _kinda_ makes sense why the whole webfinger / user resolution thing exists now
#
jacky
like it didn't matter how it was represented, it could be relatively idempotent when it's called
#
[fluffy]
I am extremely not a fan of webfinger 😞
#
[fluffy]
I mean, I support it in Authl, because why wouldn’t I, but… still.
#
[fluffy]
anyway at least this discussion led to a simpler-to=implement-and-codify possible solution. Inspired by your token_endpoint observation! jacky++
#
Loqi
jacky has 29 karma in this channel over the last year (110 in all channels)
dckc, moppy and [KevinMarks] joined the channel
#
[KevinMarks]
Webfinger--
#
Loqi
Webfinger has -1 karma over the last year
#
KartikPrabhu
what is webfinger
#
Loqi
WebFinger is a discovery protocol for the web that uses email address-like identifiers to get info about users https://indieweb.org/WebFinger
#
Loqi
ok, I added "https://www.w3.org/wiki/Socialwg/AccountDiscovery" to a new "See Also" section of /WebFinger https://indieweb.org/wiki/index.php?diff=71417&oldid=45812
#
[KevinMarks]
The idea of what a domain is depends on the public suffix list now though https://publicsuffix.org/
#
KartikPrabhu
lol! the actual list is a ".dat" file
#
[KevinMarks]
Sgnodemapper was a superset of this idea where the structure of each silo's user urls was described. (it also dealt with the id vs name mapping)
IWSlackGateway and [jgmac1106] joined the channel
#
Zegnat
Since the conception of IndieAuth, I have run it for a path rather than a domain (vanderven.se/martijn/) and even hosted the endpoint under that path and not on the main domain. Nothing is stopping you from doing that.
#
Zegnat
I think the way IndieAuth puts the line at domain is correct, because it makes it clear that the domain owner is still the one with final control. They could easily interject and “MITM” your endpoint if you host it on a path.
#
Zegnat
I think just writing in the spec that IndieAuth needs to be path based might give people the wrong impression of how the web is actually protecting them.
#
Zegnat
Much as how aaronpk said re cookies and other in-browser limitations.
#
sknebel
Zegnat: but a path owner can pretend to be any other path owner - that is different
#
Zegnat
True. But is that a problem? The domain owner can also pretend to be any path owner, right? I think it is good to make clear to people that paths are not actually selfcontained.
#
sknebel
yes, the domain owner can pretend to be any path owner. but in a bunch of scenarios (i.e. the ones fluffy listed) the relationship between domain owner and path owner is different from the relationship between individual path owners
#
sknebel
I'm not saying IndieAuh necessarily *has to* handle that, but it's IMHO not a foregone conclusion, feels kinda like an artificial restriction and not what my mental model of it was
#
Zegnat
I guess my take was always that nothing in IndieAuth is stopping you from using paths, but IndieAuth makes it pretty clear that in the end the domain owner is in control. Which is correct.
#
Zegnat
So I guess the argument is: we agree the domain owner is always in control. But even with that, we may still want different path owners to be separated?
#
[KevinMarks]
This was an issue with multiuser Known wasn't it?
#
sknebel
Zegnat: that's the argument, yes
KartikPrabhu, [mapkyca], gxt, [jgmac1106], joshghent, Lucas-C, [schmarty], swentel and dckc joined the channel
#
GWG
[manton]++ for reading Micropub proposals
#
Loqi
[manton] has 19 karma in this channel over the last year (56 in all channels)
twomanytacos and [manton] joined the channel
#
[manton]
GWG: 🙂 I just reviewed the dozen proposals that you linked from the pop-up description and added a few more comments on GitHub. There are a few proposals that I’m really interested in “finalizing” as much as possible, because I’ve implemented them in the “2.0" versions of the Micro.blog apps, which will ship in 1-2 months. After the apps ship, it will suck to change the implementation.
#
GWG
[manton]: Add them in...the list I added was based on whether it seemed we could get through them quickly or they needed work but seemed to have interest...so the list is up for debate.
#
[manton]
The list is great. The ones I care about are on the list already.
#
[manton]
I’m also going to be documenting everything Micro.blog supports with examples, so that it’s easier to get a sense of the scope of the various parts of the API, in one place.
[tantek] joined the channel
#
[tantek]
yes to an IndieAuth popup sooner rather than later
[fluffy] joined the channel
#
GWG
[tantek]: Proposals is there... just need a date
nickodd and flex14 joined the channel
#
[fluffy]
Insisting that the domain owner be in control of all things IndieAuth has a rather alarming set of side effects. Like, that implies that on shared-domain static hosting, it’s up to the domain owner to select a specific IndieAuth endpoint and inject the headers/link tags into all pages being served up, or to actively filter out such things from hosted content if they don’t want to take the responsibility.
#
[fluffy]
Again, tilde.club is my go-to example of this. It is a static-hosting dumping ground. The folks who run it very specifically do not want to insist on a particular “stack” for member pages to run, and I doubt they’d have any interest in managing anything IndieAuth-related.
#
[fluffy]
So, no, I do not agree that the domain owner is always in control.
#
[fluffy]
Like, sure, the domain owner CAN be in control, but that’s putting a lot of burden on the domain owner, when all they’re trying to do is offer a nice place for people to have an old-school ~username website.
#
Zegnat
But they are? The domain owner picks the server it points at, and at that server they run the software they chose, and that software can MITM anything anyone else is doing.
#
Zegnat
My point is not that a domain owner is going to take control, my point is that control starts with them and they can give it to others, but they can at any point take back that control.
#
[fluffy]
Yes, but the implication is that for IndieAuth specifically they *have* to
#
[fluffy]
This is a sharp corner that can end up causing big problems for some people.
#
[fluffy]
As it stands, tilde.club is not doing anything to rewrite members’ HTML files. Anyone can declare an IndieAuth endpoint. And that endpoint has no guarantees of being legitimate.
#
[fluffy]
Go to webmention.io and sign in as https://tilde.club/~fluffy/ - but on the authorization confirmation tell it that you’re, say, https://tilde.club/~root/
#
[fluffy]
tilde.club has no official indieauth support, and they aren’t in the situation that they’re going to provide it. But people on tilde.club might want to join in on the indieweb, which means using indieauth.
#
Zegnat
Maybe. I kind of like it because it makes it clear in the spec that domain level is how things are segregated on the web. Not saying there is no reason for IndieAuth to segregate on path. But then I would like to see a big warning somewhere to inform people that as soon as the owner of one path-level up decides to do so, they can hijack your auth.
#
[fluffy]
Any given tilde.club user might, for example, use RelMeAuth along with indielogin.com as their endpoint, not realizing that any other tilde.club user can trivially forge their identity.
#
[fluffy]
A warning is better than the current state of affairs, but where does that warning go?
#
[fluffy]
Like, sure, it can go on the wiki page for IndieAuth, but it also needs to be disclosed for every externally-hosted endpoint.
#
[fluffy]
Like someone goes to indielogin.com and goes “oh hey that sounds cool” and sets it up on their site.
#
[fluffy]
I guess my bigger question is: what do we lose by adding a small additional security check to the protocol?
#
[fluffy]
Like, on the github issue I have proposed two approaches we could take to make the protocol itself more secure against trivial identity hijacks on shared domains. What problems are caused, vs. what they solve?
#
[fluffy]
Like yes they lose some small amount of flexibility in the protocol, but is that flexibility needed? Especially weighed against the overall flexibility gained by allowing users of shared domains to use whatever IndieAuth endpoint they want?
#
Zegnat
I am not sure where or how a warning would go. That is one of the reasons I hesitate to add things. I do think that domain based is not the same as URL based logins (see my own identity not being domain based). But from the security aspect the back of my mind keeps shouting at me that only domain-based is secure simply because of how WWW infrastructure is done.
#
Zegnat
But as you said, maybe the fact that IndieAuth is domain-based is already not clear to people? In which case we may be doing more harm than good right out of the gate already
#
[fluffy]
Right, and I reject the notion that IndieAuth should be domain-based, especially since it’s designed to be modular and easy to add into any HTML page.
#
[fluffy]
And again, there’s an inclusiveness thing. We want users who don’t have the knowledge/ability/financial resources to set up their own domain and hosting.
#
[fluffy]
Wouldn’t it be great if college classes that involve building a webpage were able to include a bit on “and here’s how to use the indieweb so you can log in to other peoples’ sites as https://example.edu/~username“?
#
[fluffy]
(without adding an IT support burden such as requiring their already-stretched-thin webserver admins to do all of the things to make that safe)
#
Zegnat
But I can totally see how, right now, it would be based on an "honor system" if multiple paths hosted their own auth endpoints. And by containing the auth endpoints to paths that would disappear. The only trust level left would be you trusting top-level is not going to add an auth endpoint.
#
Zegnat
No arguments there. I would love to see it. I identify everywhere as vanderven.se/martijn (I should maybe make a ~martijn alias [thinking emoji]). The only issue I see is from the infrastructure and security point of view.
#
[fluffy]
I think the relative harm caused by the top-level domain adding an endpoint is a lot less than the relative harm caused by spoofing exploits. Like, if a domain admin is seeing that hey, everyone’s using IndieAuth! Here’s a new endpoint to use! doesn’t actually hurt anything, assuming users are still able to log in to the things they log into.
#
[fluffy]
(and that endpoint is itself secure, of course)
#
[fluffy]
I guess the possibility might be that the domain admin might decide that *nobody* should use IndieAuth and then they add a Link: header that goes to an endpoint that denies all requests, or something.
#
[fluffy]
But that also feels far-fetched.
#
vilhalmer
if you don't trust your admin you probably shouldn't be using that site as your identity in any capacity anyway
[manton]1 and [Ana_Rodrigues] joined the channel
[jgmac1106], [tw2113] and [KevinMarks] joined the channel
#
[KevinMarks]
The other big case is mastodon etc - there the domain host does have some specific admin duties.
#
[tantek]
all the .well-known stuff depends on the domain owner doing things at the root, completely out of control of any "owner" of a path etc.
#
[tantek]
(part of why I dislike all the .well-known stuff)
leg joined the channel
#
[fluffy]
yeah that’s my main objection to it too
#
[fluffy]
anyway mastodon is way less interesting from the path-based ownership perspective because it’s already running on a site-wide stack. There’s already a single point of authority for an identity.
#
[fluffy]
like, at the domain level.
#
[fluffy]
at least at present, people are not able to define their own <link rel=“authorization_endpoint”>
nickodd left the channel
#
jacky
I should note that you can define a endpoint in both the _headers_ as well as the HTML of a page
#
jacky
so a site admin _could_ inject headers when serving a site (or strip them out as "foreign" values)
#
jacky
I'm sure tilde.club doesn't do this but I can see other shared hosting services potentially doing this under a "security" claim
#
Loqi
it is probable
#
jacky
glares at Loqi
#
[fluffy]
Yeah, I mean that seemed like the most likely avenue for tilde.club to do it, rather than rewriting HTML
[Murray] joined the channel
#
[Murray]
is there any way to send a webmention without rendering it to a page i.e. from a form? Fairly certain the answer is no (can't think how it would work) but just want to confirm
#
jacky
wait why would it need to render a page?
#
jacky
it doesn't have to
#
jacky
it could be a empty page with a 200
[snarfed] joined the channel
#
[snarfed]
the source page needs to be an HTTP-fetchable URL that at least contains the target URL
#
[Murray]
^ that's what I meant
#
jacky
ah okay
#
jacky
then yeah plz make it on the Web lol
#
[snarfed]
[Murray] we do have some services that render semi-transient source pages, eg https://brid.gy/ , if that helps for inspiration
#
[Murray]
Yes, I was just looking into how Bridgy did that (or at least noticing it mentioned in a few places). I was already thinking about a self-destructing page of some kind to make this work, but I might go a different route entirely
djmoch joined the channel
#
[Murray]
And tbc the aim here is definitely to make it on the Web 😂 I'm just trying to come up with a way for people to interact with my webmention endpoint (?) without actually having to setup webmentions themselves
#
[Murray]
i.e. through a form
#
[snarfed]
if you're hosting all of those parts, it will probably be easier to just have the form write straight new comments to your site's storage, and not try to use the protocol at all
#
[Murray]
static site 😉 that's the problem. I've got a database, but elsewhere haha
#
jacky
quietly does a static-site-- lol
#
[Murray]
pretty much every week I yo-yo between wanting to go back to a fully dynamic site and hating that idea...
#
[Murray]
I was hoping there _might_ be some way to just stick all the relevant information into the URL somehow, but no worries, thanks for confirming my suspicions
#
Zegnat
What is commentparade?
#
Loqi
commentpara.de is an anonymous commenting system for the indieweb https://indieweb.org/commentparade
#
Zegnat
There is a comments hosting thing that sends webmentions, [Murray] ^^^
#
Zegnat
I think I have seen some blogs link to it with a "reply here" type link, for people who cannot write on their own sites
#
Zegnat
Some examples of that are linked on the wiki page
#
aaronpk
[Murray]: that sounds like trackback, which sends the contents of the comment in the POST request itself. the problem with that is it's too easy to spam.
#
[Murray]
Oh cool, thanks [Zegnat] will definitely give that a look
#
[Murray]
Yeah [aaronpk] I was thinking spam would be a likely issue, guess I'd hoped I might fly under the radar (not like my personal site gets a lot of traffic), but from a protocol perspective that makes sense
#
jacky
murphy's law
[chrisaldrich] and KartikPrabhu joined the channel
#
[fluffy]
So I just posted a test comment via commentpara.de, and I noticed that the comment pages are sequentially-increasing numerically. So I looked at the most recent 10 comments, all of which were “testing” or “does this work?”
#
[fluffy]
oh wait no here’s an actual comment: https://commentpara.de/comment/621.htm
#
jacky
so I'm working on /Koype/Publish and I'm curious: how "bad" of an idea is it to send a whole page as a update to a micropub endpoint? Like I can work on doing tracked changes so like I'd only send partial changes when one chooses to submit them but :thinking:
#
jacky
I want the latter because I do have a longer term goal to keep changes I make in my micropub endpoint stored against an entry as something that's timestamp-versioned to make a bit of a trail
#
jacky
is going to lean towards incremental changes
#
[jgmac1106]
chrisaldrich zegnat and I have a long and storied past exploring /citation will have to add to page
[tantek] joined the channel
#
[tantek]
jacky, I think that's literally how you implement "wiki-page" like editing in Micropub. Send the whole page
#
[tantek]
also what's the difference between "sending the whole page" and a "root" h-entry at a permalink?
#
jacky
so sending the whole page would be a combination of fetching the page from micropub, having the client edit some parts of it and then resending it
#
jacky
versus doing something like https://micropub.net/draft/#add (when you only have a partial change)
#
jacky
like that makes more sense if I'm just changing a title or adding a new tag
#
jacky
versus doing a https://micropub.net/draft/#replace of the whole page
#
jacky
the latter seems a bit wasteful no? I'd understand if this is a way to _insure_ that the client's changes are the resulting changes
[schmarty], geoffo, gbmor and raucao joined the channel
#
@w3bk3rn3l
Using Yarns Microsub Server to subscribe to RSS Feeds and Monocle to read them. Nice and cool solution. #indieweb #rss #microsub #yarns #monocle
(twitter.com/_/status/1283526600223600640)
Zegnat and Frosti joined the channel
#
Frosti
Has anyone had any experience creating a way for writers/poets to publish their work digitally without any noise?
#
Frosti
I'm looking for something that's like an image URL for stories.