#dev 2020-07-21

2020-07-21 UTC
sp1ff` and strugee joined the channel
#
GWG Can I prevail on someone to approve a PR?
#
GWG It's a typo: https://github.com/indieweb/wordpress-indieauth/pull/178
#
GWG I want to push this, and pfefferle usually does my approvals, but he's likely asleep
#
GWG gRegorLove: Could you?
#
Loqi [dshanske] #178 Need capitalization
[tw2113] joined the channel
#
[tw2113] got you covered GWG
#
GWG Thank you
#
GWG It isn't a code change at least
#
[tw2113] brb, heard a really loud boom just now 😄 jk
#
GWG [tw2113]: Not till I push it
prologic joined the channel
#
prologic jacky hi 👋
#
jacky hey! so what's the thing you're trying to solve for prologic?
#
jacky like discover-ability of the feed puller?
#
prologic yeah pretty much
#
prologic not sure if you read the issue or my own twtxt.net posts on this
#
prologic btu the technical details are easy to solve
#
prologic just rip the data out of `User-Agent` of fetches of feeds from the instance
#
prologic My point of discussion however is how to present this in some meaningful/useful way
#
prologic I'll copy/paste my ideas:
#
prologic 2020-07-21T00:20:42Z [Discovering new twtxt users User-Agent data](https://github.com/prologic/twtxt/issues/14) is something I want to discuss with the wider community. The technical impl details are easy, but I'm not sure how to present the data on [twtxt](https://twtxt.net). Thoughts?
#
prologic 2020-07-21T00:22:33Z (re Discovering new twtxt users): Some ideas: 1) A new dedicated view/page 2) A "special" internal/builtin feed you can follow 3) Inject discovered users directly into the [/discover](https://twtxt.net/discover) view 4) Something else?
#
jacky is proof-of-delivery important? because someone can just throw an address in a user-agent (the problem with them today)
#
jacky I just read the issue
#
prologic Good question
#
prologic That's the same/similar problem I have with feeds.twtxt.net which I haven't solved yet
#
prologic effectively fighting "bad data"
#
jacky I would say that verification is a non-problem but can result in bad stats
#
jacky right
#
prologic So... What do we do?
#
prologic Try to contact the TwtURI see if its valid?
#
prologic I'd basically run it through a Twtxt parser fully
#
prologic and if there was no error its valid
#
jacky so I need to learn a bit more about the flow / mannerism of twtxt tbh
#
prologic sure :)
#
prologic Also play with https://twtxt.net/ too if you aren't already
#
prologic And you can poke about the source code too
#
prologic some of which is directly borrowed from quite's (on #twtxt)'s twet CLI client
#
jacky hm okay
#
jacky https://twtxt.net/u/jackyalcine 500's (I thought that was my username but it's not lol)
#
jacky so https://twtxt.net/u/jacky seems like a feed of plain text updates?
#
prologic Hmm depends what you signed up with :)
#
prologic I had some bad data in the first version versions and so wrote automated mgiration code to migrate bad account data and feeds transparenelt
#
prologic I may not have done this as perfectly as I wanted :)
#
prologic Anyway...
#
prologic Yes the URI https://twtxt.net/u/<user> is the twtxt.txt feed itself
#
prologic I'm considering breaking this though with https://github.com/prologic/twtxt/issues/15
#
prologic And making it in line with feeds.twtxt.net whereby all twtxt.txt feeds are of the form schema://<domain>/<user>/twtxt.txt
#
Loqi [prologic] #15 [BREAKING CHANGE]: Profile page vs. Twtxt feed URL?
#
prologic anyway I assume you're just trying to get familiar and up-to-speed so we can actually discuss things at the same level :)
#
jacky yup yup
#
prologic *nods*
#
jacky ah I followed myself and now I can't unfollow D:
gRegorLove joined the channel
#
prologic you actually cannot unfollow yourself :)
#
prologic its an implied thing with twtxt.net
#
jacky hmm okay
#
prologic I didn't think it was necessary to make that configurable :)
#
prologic i.e: when you post, it updates youru won feed right there
#
prologic so you don't have to wait for the next feed update (~5m by default)
#
jacky I was wondering what would be classed as a client, I'm guessing https://github.com/buckket/twtxt does?
#
prologic the twtxt spec itself is very light
#
prologic mostly just a file format really
#
Loqi [buckket] twtxt: Decentralised, minimalist microblogging service for hackers.
#
prologic so clients/servers are free (within reason) to do what they want or present things in interesting ways :)
#
prologic at least this is my understanidn :D
#
prologic jacky yes that's the cannonical client way back when
#
prologic there is also https://github.com/quite/twet
#
prologic of course https://github.com/prologic/twtxt (Hosted at https://twtxt.net)
#
prologic and a few others
#
Loqi [quite] twet: A client in go for twtxt -- the decentralised, minimalist microblogging service https://twtxt.readthedocs.org/en/stable/
#
prologic I put more (maintained) clients on that IndieWeb twtxt page :)
#
prologic of the ones I know are still maintained and work
#
Loqi [prologic] twtxt: 📕 a twtxt client in the form of a web application and hosted service that provides a self-hosted, decentralised micro-blogging platform. No ads, no tracking, your content!
#
prologic Yes thank you Loqi :)
#
prologic good 'lil bot :)
#
prologic Oh I just realized a minor cache bug
#
prologic and worked out why/how it happens
#
prologic I'll fix it (embarrasing) and redeploy shortly
#
jacky will reply with thoughts on the GitHub issue
#
jacky but tbh I think that discoverability, in general, is hard
#
jacky and I also do think that placing it in the user agent will potentially allow for spoofing :(
[tantek] joined the channel
#
[tantek] yup, can't depend on UA for anything like that
#
aaronpk the trick is to stop thinking about the user agent header as something special, it's just unvalidated external input when it's received, just like anything else
#
prologic jacky Thanks!
#
prologic Yeah youre all right of course
#
prologic But the spec does say to put the twtxt client in the UA header
#
prologic this is optional on some (most?) clients
#
prologic But its nonetheless useful/valid if you can trust that most people won't be "bad actors" and fuck with it
#
prologic so IHMO its "okay" from that perspective
#
prologic And yes its hard to solve for perfectly, but maybe we don't have to?
nickodd, gxt, cweiske and prologic joined the channel; nickodd left the channel
#
Zegnat I think UA is as valid as any HTTP header, as aaronpk said, if you are on the receiving end you just need to treat it as any other random input.
#
Zegnat Feed fetchers have been using UA to both identify themselves but also give information about how many singular subscribers a feed has on their end, that has been working well from what I understand. Have not heard of anyone spoofing those.
swentel, gRegorLove, dckc and gxt joined the channel
#
Ruxton the addition of github profile readme's is gonna allow even more rel="me" links :O
gRegorLove joined the channel
#
prologic Zegnat I agree
#
Zegnat Ruxton: oooh, I had not thought of that! They do not strip the attribute?
#
Ruxton yeah they do :(
#
Ruxton they replace it wth rel="nofollow"
#
Ruxton just tried it after writing it
moppy joined the channel
#
Zegnat Not too surprising, but a little sad.
#
Zegnat Thinking they go the better-safe-than-sorry route when it comes to embedding content on profile pages
GWG_ and [KevinMarks] joined the channel
#
[KevinMarks] Twtxt.net does that too
cjw6k, KartikPrabhu and jjuran joined the channel
#
prologic Does what?
[KevinMarks] joined the channel
#
[KevinMarks] turns rel="me" into rel="nofollow"
#
[KevinMarks] maybe in the markdown library you're using?
[pfefferle] joined the channel
#
Zegnat Now I am wondering, are there any unsafe rel values that absolutely must be sanitised?
#
[KevinMarks] it depends on how you're using it - you do want to remove rel="me" and rel="canonical" etc if its, say, someone else's comment embedded on your blog
#
prologic I'm not familiar enough with the rel attr sorry
#
prologic But yes its configurable behaviour for sure
#
prologic if you use twtxt.net or want to use the software itself and run it yourself
#
prologic please by all means files issues or contribute via PRs :)
deltab, jeremych_ and [tantek] joined the channel
#
[tantek] prologic, if you check your web access logs, you'll likely see that most "people" are bad actors, that is bots lying with their user agent string. it's basically noise.
#
prologic I'm not talking about UA in general
#
prologic but for a specific purpose
#
prologic twtxt defines the standard such that clients _should_ identify themselves with a special sring in the UA
#
prologic often clients make this an option feature
#
prologic I think therefore it can be relied on as long as people use well-formed/written client software
#
aaronpk But that's the problem :-)
#
aaronpk if everyone used well written software there would be no spam
#
aaronpk as soon as you give people a mechanism that can be gamed people will take advantage of it
#
aaronpk Mastodon stats are another example of this. There's a special url a server can host that describes the instance reporting things like number of users and number of posts. That gets aggregated on some websites to show total mastodon users. But it's trivial to make a fake one and report 1,000,000,000 users if you wanted to
#
prologic I see what you're saying :)
#
prologic Nevertheless this is as good as it gets I think for the time being
#
prologic twtxt.net is already a nice client
#
prologic so if everyone in thw twtxt community just used it or ran their own problem half solved :)
#
aaronpk As long as you trust that everyone will play nice
#
aaronpk and not modify it for fun or personal gain
#
aaronpk and no bad actors will try to mimic the software to insert their own messages
#
prologic those are all valid concerns
#
prologic especially the last one
dckc and [schmarty] joined the channel
#
craftyphotons I tend to follow a paranoid approach when it comes to this stuff, even for personal projects if they're internet-accessible
#
craftyphotons Never trust the client and all that
#
aaronpk ☝️
#
craftyphotons Fun side thing I'd like to do with my personal stuff is add webauthn to everything of mine for MFA so I can use my Yubikeys
#
craftyphotons The Ruby world has a good reference Webauthn gem out there it looks like so it should be pretty easy to add to anything on Rails/Sinatra/etc
KartikPrabhu, nickodd and [tantek] joined the channel
#
[tantek] craftyphotons++ for skepticism and defensive design thinking
#
Loqi craftyphotons has 1 karma over the last year
#
@0daysfordays Whenever something I've written ends up on the HackerNews front page, I get blasted with Webmentions from sites that seem to repost scraped content. Is that... profitable? Is there some cool SEO scam I'm missing out on? (twitter.com/_/status/1285609773686304768)
#
jjuran I heard if you do that you get double the webmentions back
cjw6k joined the channel
#
GWG_ I am thinking of writing a post on how people don't understand what IndieAuth is
jeremych_ joined the channel
#
jeremycherfas I'd read it!
[Jose_Leiva] joined the channel
#
[Jose_Leiva] +1
[tw2113] joined the channel
#
[tw2113] it’s very likely a needed thing
#
[tw2113] bonus points for straddling easy to understand for “joe user” while also getting technical where needed
nickodd left the channel
#
[tantek] GWG, maybe start by documenting IndieAuth misconceptions on the wiki? We can help with the copy-editing
#
[tantek] dev folks, you may be interested in this (just hearing about it myself, openly on the Twitters, no direct involvement) https://twitter.com/brennan_mike/status/1285575787349975040
#
@brennan_mike We are launching a new effort w/ @mozilla @SloanFoundation @OpenSociety @opencollect to fund research & implementation of open source digital infrastructure! The RFP is now live. Join us Thursday @ 12:30pm ET to learn more: https://www.fordfoundation.org/digitalinfrastructure (twitter.com/_/status/1285575787349975040)
#
GWG_ [tantek]: I may do both
#
[tantek] jacky, fluffy in particular ^
gRegorLove, KartikPrabhu and [pfefferle] joined the channel
#
craftyphotons Whoa Netlify just cut their pricing by more than half
[chrisaldrich], [manton] and KartikPrabhu joined the channel
#
@RubygemsN indieweb-endpoints (4.0.0): Discover a URL’s IndieAuth, Micropub, Microsub, and Webmention endpoints. https://rubygems.org/gems/indieweb-endpoints (twitter.com/_/status/1285679654511226886)
[jgmac1106] and [arush] joined the channel
#
kiero_ hi, what free landing page builder service do you recommend? Can output website to host on own server
[KevinMarks] joined the channel
#
[KevinMarks] Not sure we have a category for that - maybe static site generators
#
[KevinMarks] What is static site generator?
#
Loqi Static site generators are programs that take a set of flat text files on disk and transforms them into a set of static html files ready to be served by a standard web server, or some variation of this example https://indieweb.org/static_site_generator
#
[KevinMarks] Is that what you mean, or are you thinking more about a single page creator?
#
kiero_ [KevinMarks]: it can be static site generator but I'm looking for something with predefined templates
#
kiero_ so I can build website from blocks
#
kiero_ it can be html snippets
#
kiero_ so I can change text and some elements
#
kiero_ but css need to make it nice and look like landing page
geoffo joined the channel
#
[KevinMarks] Something like https://mavo.io/
#
kiero_ [KevinMarks]: something like Froala Design Blocks, but they set of blocks are poor
[chrisaldrich], gbmor and [tw2113] joined the channel; prologic left the channel