#dev 2020-07-23

2020-07-23 UTC
[chrisaldrich] and kupad joined the channel
# 01:35 
@dshanske People Seem Confused about IndieAuth: https://di5.us/b/x9 (twitter.com/_/status/1286111550965788682)
beko, nickodd, sp1ff, [tantek], swentel and [tw2113] joined the channel; nickodd left the channel
# 07:35 
@mxbck ↩️ It fetches webmentions on build and then refreshes them on page load, but only if the last build happened more than 48 hours ago.

Using this preact app: https://github.com/maxboeck/mxb/blob/master/src/assets/scripts/webmentions/index.js (twitter.com/_/status/1286202397610647558)
cweiske and dckc joined the channel
# 07:55 
@azzamsyawqi ↩️ I was looking around trying to find your Preact implementation. It's not in your "eleventy-webmentions template". So I am going to write it my self. Turns out http://mxb.dev is open source :).

Some people use Cron and WebSocket, but I prefer this preact approach :). (twitter.com/_/status/1286208060759842816)
KartikPrabhu and moppy joined the channel
# 08:05 
@mxbck ↩️ No that's a bug with http://brid.gy - it sometimes misses tweets and doesn't generate a webmention for them. (twitter.com/_/status/1286209997458804736)
# 08:05 
@mxbck ↩️ No that's a bug with http://brid.gy - it sometimes misses tweets and doesn't generate a webmention for them. (twitter.com/_/status/1286209997458804736)
KartikPrabhu, gRegorLove, [pfefferle] and [KevinMarks] joined the channel
# 09:44 
[KevinMarks] Well, more a bug with twitter api
KartikPrabhu and treora joined the channel
# 10:28 
petermolnar thought: avatar cache sould apply this on the images: http://sandlab.cs.uchicago.edu/fawkes/
souramoo, KartikPrabhu, [grantcodes], deltab and [Erik] joined the channel
# 12:52 
Loqi Ok, I'll tell them that when I see them next
# 12:52 
jeremycherfas !tell aaronpk I just saw notice of a plugin for Grav that implements simpleSAML. Looking at simpleSAML, I see it supports OAuth. Do you think it might be worth my looking into so I could use my Grav site without relying on rel="me"?
[pfefferle] and [Rose] joined the channel
# 13:00 
[Rose] SSP is a bit complex
# 13:00 
[Rose] What problem are you trying to solve Jeremy?
# 13:00 
[Rose] We just launched a new SSO solution at work with SimpleSAMLphp, and so I may have some insight
# 13:01 
aaronpk that's an idea
# 13:01 
Loqi aaronpk: jeremycherfas left you a message 8 minutes ago: I just saw notice of a plugin for Grav that implements simpleSAML. Looking at simpleSAML, I see it supports OAuth. Do you think it might be worth my looking into so I could use my Grav site without relying on rel="me"?
# 13:01 
aaronpk but yeah what is the end goal here?
# 13:02 
jeremycherfas Not relying on rel="me" ???
# 13:02 
aaronpk for what?
# 13:02 
aaronpk what's the thing you're *trying* to do, not *not* trying to do
# 13:03 
jeremycherfas Use that domain to authenticate
# 13:03 
aaronpk for indieauth stuff?
# 13:04 
jeremycherfas Yes.
# 13:04 
aaronpk ah so you need an indieauth plugin for Grav ok
# 13:04 
jeremycherfas But as I continue to read the docs, probably too complex for me.
# 13:05 
aaronpk the oauth plugin won't work out of the box, it would need some modifications
# 13:06 
jeremycherfas There is an existing plugin, by metbril, and it works through indielogin.com.
# 13:07 
jeremycherfas I was wondering, after reading GWG's recent post, whether this might offer an alternative.
# 13:08 
jeremycherfas Or rather, the plugin I have works, as tested at indielogin.com
# 13:09 
aaronpk looks
[jgmac1106] joined the channel
# 13:13 
aaronpk i see, that plugin delegates to indieauth.com
# 13:13 
jeremycherfas Right.
# 13:16 
aaronpk it's a start. it'd be a good idea to integrate selfauth and mintoken into this project to replace its use of indieauth.com
# 13:17 
jeremycherfas Into metbril's project? Not to go with simpleSAML?
# 13:17 
aaronpk right
# 13:17 
[Rose] I wouldn't go with SSP
# 13:17 
aaronpk adding saml into the mix is going to be way too heavy
# 13:18 
[Rose] It's like using a canon to try and kill a fly
# 13:18 
aaronpk ^^
# 13:18 
jeremycherfas Okey dokey. Thanks both. And welcome back [Rose]
# 13:19 
[Rose] I'm still mostly in lurk mode. And off to chat I go for it 😉
prologic joined the channel
# 13:26 
prologic Sure I'm here
# 13:26 
Zegnat https://github.com/prologic/rss2twtxt/blob/3ac9b4c9b9a8da1af19e44eb8ceb8f5478191cf4/feeds.go#L54
# 13:26 
prologic Of course you could submit a PR :)
# 13:26 
Zegnat I think that is what [pfefferle] was talking about?
# 13:26 
Zegnat The little squigly symbol (I forget the name) in between title and URL
# 13:27 
prologic Oh
# 13:27 
Zegnat Seems not like something specced, or something from the XKCD feed, just something you chose to do for rss2twtxt
# 13:27 
prologic Man you are right!
# 13:27 
prologic I am doing this :)
# 13:27 
prologic I must have written that line half asleep :P
# 13:27 
[pfefferle] ok
# 13:27 
prologic Is it a problem?
# 13:27 
[pfefferle] 😉
# 13:27 
[pfefferle] but I like the separation
# 13:27 
prologic I do too :)
# 13:27 
prologic I think that's why I put it there
# 13:28 
[pfefferle] https://notiz.blog/feed/twtxt 🙂
# 13:31 
prologic this is your feed?
# 13:32 
Zegnat jeremycherfas: had you done any Grav plugin work before? It may be easier to implement selfauth than you think. And for first version, you could still outsource token endpoint to https://tokens.indieauth.com/ if you did not want to also merge in full token handling
# 13:34 
jeremycherfas Thanks for the encouragement zegnat. I did take a close look at some plugins a while ago, when I tried to figure out the webmention plugin. For now, this will have to be quite a lot priority. I should update my itches.
# 13:39 
Zegnat It would be nice, as Grav has 2FA and flood protection (against password guessing) build in. Automatic step up from selfauth's protections
# 13:39 
Zegnat idly browses through Grav documentation
KartikPrabhu joined the channel
# 13:44 
jeremycherfas Well, as Mr Mintoken, maybe you should take it on. I'd be happy to collaborate.
# 13:44 
Zegnat My fear is that it would end up unsupported. As I would not be eating my own cooking.
# 13:45 
jeremycherfas Ah, but I would definitely eat it, and alert you to any cases of malnutrition of incipient food poisoning.
# 13:45 
Zegnat Hahaha
# 13:45 
Loqi Zegnat: lol
KartikPrabhu, swentel and dckc joined the channel
# 13:59 
jamietanna[m] For this weekend's Micropub pop up session, can we possibly go through https://github.com/w3c/Micropub/pulls and getting them merged?
# 13:59 
jamietanna[m] Also, what's the process for getting more contributor access on the Micropub spec?
# 13:59 
jamietanna[m] (not necessarily for me, just in general)
# 14:01 
jacky ^ curious about that too
# 14:07 
aaronpk on the w3c org? not sure actually since we're not an active group
# 14:08 
aaronpk if we end up forming a new community group that might help
# 14:09 
[pfefferle] @*prologic* yes 🙂
# 14:09 
prologic Ahh nice :)
# 14:10 
prologic I started following your feed today :D
# 14:11 
[pfefferle] It is a simple wordpress plugin
zenen and [arush] joined the channel
# 14:46 
prologic Ahh yes I've seen that actually
# 14:46 
prologic I really like that Wordpress has such a thing!
# 14:46 
prologic very cool
# 14:46 
GWG Did I miss a thing? What thing does WordPress have?
# 14:46 
prologic a twtxt plugin
# 14:46 
prologic Maybe  you missed all the hype over at https://twtxt.net/ too :)
# 14:47 
prologic its really taking off!
# 14:47 
prologic ~12k hits/day now, 1-3 new users and activity!
# 14:47 
prologic since launch I think the twtxt community has grown by about ~20 :)
# 14:49 
[pfefferle] nice!
# 14:52 
GWG No, I caught twtxt...missed the WordPress plugin
[Zegnat] and [schmarty] joined the channel
# 15:49 
zenen does anyone get kind of overwhelmed at the amount of knowledge required to build a webpage from the ground up?
# 15:49 
Loqi zenen: [LewisCowles] left you a message on 2020-04-09 at 7:06am UTC: I think when borrowing design, it also helps to keep the wrote copy local to your PC, and then experiment with a design
# 15:50 
aaronpk <html> done
# 15:50 
zenen lol
[manton] joined the channel
# 15:50 
zenen i'm trying to dive into some of the common tools that people use
# 15:51 
zenen django and bootstrap at this point
# 15:51 
zenen I've learned a bit of django, but integrating new tools into it is a whole new ball game
# 16:15 
jacky yeah
Jibbles, [chrisaldrich] and [KevinMarks] joined the channel
# 17:07 
[KevinMarks] Bootstrap is a lot of ceremony
tinfoil-hat joined the channel
# 17:08 
[KevinMarks] You could try https://newcss.net/ as a starting point
[jgmac1106], nickodd and [michael_lewis] joined the channel
# 17:31 
[michael_lewis] And instead of Django you could take a look at Flask. It is a micro framework, and anything with micro in the name is usually good. Convention over configuration and all that.
[fluffy] and [benatwork] joined the channel
# 18:44 
craftyphotons I'm trying https://bulma.io for my website now, liking it so far — CSS only and no JS which aligns well with my goal of having my site be JS-free if I can help it
[chrisaldrich], TakeV and TakeV1 joined the channel; nickodd left the channel
# 20:06 
TakeV1 [KevinMarks]: Epic suggestion for newcss. This is exactly the kind of thing I've been looking for.
[KevinMarks] joined the channel
# 20:10 
[KevinMarks] I did like https://v1.shoelace.style/ too, but that had gone a different way now to web components https://shoelace.style/
# 20:10 
[KevinMarks] Not necessarily a bad idea, but a stronger dependency on a particular model
jamietanna and [fluffy] joined the channel
# 20:29 
aaronpk attempts to catch up on some of the micropub discussions before the weekend
zenen joined the channel; builder left the channel
# 20:49 
[fluffy] Seconding Flask, it’s what I use to build all of my personal websites these days. Well, most of them are using Publ which is built on Flask, but I have a few plain Flask things too. 🙂
# 20:49 
[fluffy] It’s really easy to get started with and it gives you a lot of lego bricks out of the box without forcing you to do things in one particular way.
# 20:50 
[fluffy] http://flrig.beesbuzz.biz/ is probably my most-popular site and it’s just a single Flask route and a simple template.
# 20:58 
[fluffy] also wow new.css is pretty
[tantek] joined the channel
# 21:12 
[tantek] aaronpk, pretty sure you can merge things as you see fit into the Micropub Editor's Draft, however I'd advise not merging anything other than editorial changes for that fork
# 21:13 
[tantek] and instead, fork the Micropub spec to github.com/indieweb org, and transfer normative issues and pull requests accordingly, and then serve *that* version from micropub.spec.indieweb.org
# 21:14 
aaronpk probably a good call
# 21:14 
GWG There was some discussion with Angelo last night on the HWC on Micropub
# 21:14 
[tantek] I can give reasons why you should do (and not do) what to the /w3c org fork of Micropub vs a /indieweb fork of Micropub
# 21:15 
[tantek] I know all the process / IP nuances there (many of which you may recall, though I may be more recently aware since knowing that stuff is now literally (again) part of my day job as an Advisory Board member)
# 21:15 
[tantek] That might be a good topic for the popup
# 21:15 
[tantek] do we have a draft agenda for the Micropub popup?
# 21:15 
[tantek] Separately, I think I'm going to start recommending non-realtime POSSE to Twitter because of this: https://theintercept.com/2020/07/09/twitter-dataminr-police-spy-surveillance-black-lives-matter-protests/
# 21:16 
aaronpk can github issues be transferred only between repos in the same org?
# 21:17 
[tantek] POSSE << Recommend non-realtime POSSE to [[Twitter]] and other [[social media]] due to their active use as part of the surveillance apparatus of local and national law enforcement: https://theintercept.com/2020/07/09/twitter-dataminr-police-spy-surveillance-black-lives-matter-protests/
# 21:17 
Loqi ok, I added "Recommend non-realtime POSSE to [[Twitter]] and other [[social media]] due to their active use as part of the surveillance apparatus of local and national law enforcement: https://theintercept.com/2020/07/09/twitter-dataminr-police-spy-surveillance-black-lives-matter-protests/" to the "See Also" section of /POSSE https://indieweb.org/wiki/index.php?diff=71557&oldid=70411 
# 21:17 
[tantek] aaronpk I've seen people transfer repos *with* issues across orgs, e.g. a personal GH repo for a draft proposal and the WICG org
# 21:17 
aaronpk oh transferring the whole repo
# 21:17 
[tantek] but that requires a complete transfer of the repo I think, rather than a fork
# 21:18 
aaronpk i could move w3c/micropub to indieweb/micropub then fork it back to w3c
# 21:18 
[tantek] what you want to do in this case is fork, in order to track separate sets of issues in both
# 21:18 
[tantek] that's a reasonable way to do it too
# 21:18 
[tantek] and that way you only have to copy over the editorial issues (if there are any)
# 21:18 
aaronpk there are currently 15 open issues, many of which were opened after the w3c publication
# 21:19 
[tantek] makes sense since you had to resolve all the issues before the REC publication at W3C 🙂
# 21:25 
aaronpk ah shoot i don't have permission to create repos in the w3c org anymore
# 21:25 
aaronpk i used to be an admin of it :)
# 21:26 
aaronpk that throws a wrench into the plan of swapping via that fork method
djmoch joined the channel
# 21:36 
aaronpk i'm thinking about indieauth now too
# 21:36 
aaronpk especially after 2 days of this oauth conf
# 21:39 
GWG [tantek]: Did you check the event page for the website URL?
# 21:39 
aaronpk mainly i want to catch it up to the current oauth best practices, which the biggest change will be adding PKCE
# 21:41 
aaronpk there's also a functional difference i want to make which would essentially remove a whole section of the spec to make it simpler, but i'm a little worried about that because i don't quite see how to do that in a way where both can be supported simultaneously
# 21:41 
aaronpk at least with PKCE it was designed to be backwards compatible so that clients can roll it out even if the servers don't support it
geoffo and KartikPrabhu joined the channel
# 21:52 
craftyphotons Is there a reasonable way to do automated POSSE to Instagram these days?
# 21:53 
craftyphotons My current goals as I get my site set up are articles to Medium and Dev.to, notes to Micro.blog and Twitter, and photos to Instagram and Flickr
[grantcodes] joined the channel
# 21:53 
[grantcodes] Don't think there ever was or will be again 😑
# 21:53 
aaronpk there has never been a way to do automated POSSE to instagram
# 21:54 
[grantcodes] There was, I did it and it worked. But is wasn't "reasonable". And now it doesn't work 😂
# 21:55 
craftyphotons I remember there being some third party extension someone made for Lightroom once that led me to believe there was some way to fool their API with some user agent trickery or something like that
# 21:56 
aaronpk well, undocumented hacks yeah
# 21:56 
craftyphotons Oh well then, I can settle for automation to Flickr and leave IG as a hand curated silo I suppose
# 21:57 
aaronpk yep and sadly they're making it hard to even pull photos out anymore, so PESOS is becoming less and less possible
# 21:58 
craftyphotons Oh yeah that was going to be my next question and then I remembered that thing they did recently on the web version where you need to be authenticated even to look below the fold on someone's public profile
# 21:58 
craftyphotons Which.. suppose you could write a full on scraper with Selenium or something and authenticate yourself
# 22:00 
aaronpk yeah...not fun
# 22:00 
craftyphotons I think what I'd ultimately want to do there though even if that's possible would be to come up with a hashtag convention to ID my IG photos to the scraper and tie them back to the originals I would've posted on my site
# 22:11 
aaronpk hmm, adopting the Pushed Authorization Request spec would also be a breaking change so maybe IndieAuth 1.1 or 2 or whatever this is should just go for it
[schmarty] joined the channel
# 22:14 
[schmarty] ooh first i've heard of that one
# 22:15 
aaronpk it's still pretty new
# 22:15 
aaronpk the short version is you first POST to the auth endpoint with the details of your request, and you get back a string that you use when you redirect the user's browser
# 22:15 
[schmarty] oh it's a way of reducing the stuff sent in the URL bar of the initial auth request
# 22:15 
aaronpk yeah
# 22:17 
aaronpk 1: it improves security, 2: it opens up the possibility of including a lot more detail in that request, which is being used for things like authorizing a request to move money between specific bank accounts
# 22:18 
[schmarty] this helped me get it, i think! https://medium.com/@darutk/illustrated-par-oauth-2-0-pushed-authorization-requests-652d71ed5cfb
[schmarty] and [KevinMarks] joined the channel
# 22:46 
aaronpk attempts to start a discussion on PAR to simplify IndieAuth's potential use of it
# 22:51 
aaronpk https://mailarchive.ietf.org/arch/msg/oauth/79nGXobUIW3itGQ7mRzGS2ojRfI/
# 22:58 
GWG aaronpk: Good opportunity to pick a time for an IndieAuth session
# 23:05 
@jackyalcine ↩️ Yes and no! My site’s a hand-rolled experimental form of https://koype.net but you can do what I do with something like 11ty or Gatsby and https://brid.gy (Bridgy scans my site and handles my Twitter and Mastodon posting).

I do have an… https://v2.jacky.wtf/post/8046e370-fdff-491b-9267-aa2dbe87e512 (twitter.com/_/status/1286436177042649088)
# 23:07 
aaronpk ok how do we pick a date
# 23:07 
GWG aaronpk: Someone breaks down and does it
# 23:08 
GWG That's what happened last time
# 23:08 
aaronpk let's wait til saturday and see how it goes, and maybe we can even decide on a date then because i suspect it'll be a lot of the same people interested
# 23:08 
GWG Okay
# 23:08 
GWG Good idea
[chrisaldrich] and [Will_Monroe] joined the channel
# 23:37 
zenen if I'm building a web development portfolio, what are the most important skills to showcase?