#dev 2020-08-10

2020-08-10 UTC
geoffo, beko, nickodd and KartikPrabhu joined the channel; nickodd left the channel
#
hirusi[m]
The "This version" link isn't really a permalink to "this version" -- only the current latest version. How do I get a link to _this version_?
#
Zegnat
hirusi[m]: like with HTML as well as microformats, the plan is to only have a single version (a “living standard”). We may add snapshots of how the spec looked like at certain times, but for now, it is just the one document.
#
Zegnat
https://indieauth.spec.indieweb.org/#change-log gives the quick overview of the sort of changes that have happened to the document in the last 2 years
moppy, swentel and gxt joined the channel
#
@AdamBrodziak
Webmention is used for a growing federated network of comments, likes, reposts, and other rich interactions across the decentralized social web. ”… an @ mention that works across websites; so that you don't feel immovable from Twitter or Fb.” https://indieweb.org/Webmention
(twitter.com/_/status/1292753019226984448)
#
hirusi[m]
<Zegnat "hirusi: like with HTML as well a"> That makes sense, thank you. I did not know this is what Living Standard meant.
#
Zegnat
https://whatwg.org/faq#living-standard is a pretty good description imo
#
Zegnat
On the Popup call we had we did briefly discuss versioning. But we will revisit the in the future instead when we are looking at actual breaking changes
[KevinMarks], [jgmac1106], KartikPrabhu, swentel and dckc joined the channel
#
aaronpk
There's no permalink for this version until there's a next version
#
aaronpk
But I could change that and give it a permalink
geoffo and [tb] joined the channel
#
[tb]
[aaronpk] did you say before you'd be interested in having someone take on https://github.com/aaronpk/omniauth-indieauth?
#
Loqi
[aaronpk] omniauth-indieauth: IndieAuth strategy for OmniAuth
#
aaronpk
yes! I don't really do much ruby stuff anymore
#
[tb]
Cool! Since most of my IndieWeb stuff is going to be in Ruby and some of it is going to be federated out from my main backend monolith right now I just realized I was going to end up using this gem heavily for my auxiliary services to auth
#
aaronpk
oof i just realized all the wiki pages on indieauth are gonna need some updating too https://indieweb.org/Category:IndieAuth
#
[tb]
This has also gotten me thinking about how the OmniAuth strategy here would do PKCE (i.e. where would it store the code verifier, in a cookie?)
#
aaronpk
same place it stores the state ;-)
#
[tb]
Ah yeah looks like the omniauth-oauth2 strategy just stores it in the Rack session as I suspected https://github.com/omniauth/omniauth-oauth2/blob/master/lib/omniauth/strategies/oauth2.rb#L52
#
aaronpk
makes sensee
#
aaronpk
PKCE should already be in the core omniauth library to
#
aaronpk
grr this keyboard
#
Loqi
[jessedoyle] #131 OAuth2 - PKCE
#
[tb]
That gem appears to be slowly maintained these days 😞
#
aaronpk
is there some other oauth gem that's more popular these days?
#
[tb]
Not in the way that the omniauth gems are meant to be used AFAIK
#
[tb]
There's always been https://github.com/oauth-xx/oauth2
#
Loqi
[oauth-xx] oauth2: A Ruby wrapper for the OAuth 2.0 protocol.
[jeremycherfas] joined the channel
#
[tb]
Oh also [aaronpk] one confusing bit when I forked and cloned omniauth-indieauth just now — the LICENSE file is MIT but the readme says it's Apache 😄
leg joined the channel
#
[tb]
Looks like you have it licensed Apache in the gemspec as well
#
aaronpk
lemme go fix that up...
#
aaronpk
gonna fix up the branch name too
#
aaronpk
you may want to delete and re-fork
[chrisaldrich], swentel, [jgmac1106], [fluffy], [tantek] and swentie joined the channel
#
jacky
so I'm reworking some of my pages for reactions (like, bookmarks, etc)
#
jacky
what is rel=canonical
#
Loqi
rel=canonical is a way to indicate that a hyperlink links to the original and canonical version of the current page https://indieweb.org/rel-canonical
#
jacky
so I'm wondering if I should actually have a rel=canonical on those pages to point to the content being 'reacted' to versus a canonical form of my reaction
#
jacky
I can see it _not_ being a valid usecase if it's like a syndicated reaction
#
aaronpk
not sure what you mean
#
jacky
like okay
#
aaronpk
rel=canonical is pretty specifically defined
#
jacky
I think it's me reading n+3 levels too deep into it lol
#
aaronpk
yeah don't overthink it :)
#
jacky
modprobe -D overthink
[snarfed] joined the channel
#
[snarfed]
jacky++ #indieweb-dev indeed
#
Loqi
jacky has 32 karma in this channel over the last year (115 in all channels)
#
jacky
now for another thing
#
jacky
aspect ratios
#
@AtokNiiro
Don't want Twitter to crop your images in the preview? Use these aspect ratios: https://pbs.twimg.com/media/Ee7KStrWAAAGUOJ.png
(twitter.com/_/status/1292279430199431168)
#
jacky
is looking for a official doc on this
#
jacky
my interest is if there's a way to surface things like this in a micropub client when posting
#
jacky
twitter doesn't but like if I could not only have this but have it also help with auto-cropping / auto-resizing, that'd increase the chance of posting it well the first time around
#
jacky
hm that I'll table
#
jacky
what are salmentions
#
jacky
the horror of the link of dfn lol
#
jacky
*lack of
gRegorLove, nickodd, [Rose] and swentel joined the channel
#
jacky
what is a reaction
#
Loqi
reactions refer to the subset of responses/interactions with a post that are quicker, more impulsive, but still a conscious act, typically a simple UI gesture without writing any content, such as likes (reacji), reposts, bookmarks, or perhaps multiple simple UI gestures, such as selection a text range and posting a quotation of part of a post, or picking a person from a list to post an invitation as a response to seeing an event https://indieweb.org/reaction
#
jacky
did not expect that phrasing to work
#
jacky
found that link via some wiki splunking
#
jacky
lol wow you can't even see the name of the article in that screencap
#
jacky
so I'm thinking about CTA to interact with things on my site when they're visited. this is what I have so far http://noctule.jacky.wtf:443/s/PWQZKKfrrLHYztd
#
Loqi
376532884/bot/internet
#
jacky
grumbles at the exposed port info stuff
#
jacky
but I think it's too "feed me Seymour" for interactions lol
#
jacky
granted I've looked at how Mastodon does this
#
jacky
but it also assumes that you have a AP-friendly account (like there's no 'onboarding' path for people who don't have one)
#
aaronpk
343 likes
#
aaronpk
194 reposts
#
aaronpk
i really need to not show them alllll at the same timee
#
aaronpk
that is too many faces
#
@rMdes_
↩️ Fiy : Another brick of #Indieweb is called #indieauth = your site is your identity to login to other #Indieweb enabled site to react or use the wiki http://indieweb.org Also check out #micropub and #microsub regarding RSS/syndication & following other blogs :)
(twitter.com/_/status/1292886620211945473)
[KevinMarks], lahacker, leg, enpo, geoffo and [tb] joined the channel; nickodd left the channel
#
[tb]
Made a little foundational PR to start with [aaronpk] https://github.com/aaronpk/omniauth-indieauth/pull/4
#
Loqi
[craftyphotons] #4 Add CI, linting, and test harness
[tantek] joined the channel
#
[tb]
Three things I can see to add right now are: 1) Support for PKCE 2) Parsing the h-card data we talked about in the popup on Saturday 3) Having this fetch a token instead of just doing the authentication flow (or giving the option to either of one)
#
aaronpk
first thing to add is endpoint discovery :)
#
aaronpk
right now it's just a wrapper around the indieauth.com API effectively
#
[tb]
Oh right the biggest first thing to do!
#
jacky
okay that bot is _horrible_
#
jacky
like god forbid some of these tokens are legit
#
[tb]
I was gonna say haha
#
aaronpk
lol! is it shaming people for including secrets in source code commits?
#
[tb]
That's what it looks like, though was it Loqi who handed off my PR to the bot? 😄
#
aaronpk
i'm betting it uses the github api
#
geman
does anyone know, it seems granary.io does not support fetching like'd tweets from my twitter account (this is maybe a limitation of the twitter api?)
geoffo joined the channel
#
jacky
geman: that's something brid.gy can do
#
jacky
granary kinda just 'transforms' pages into other formats
[snarfed] joined the channel
#
[snarfed]
well, pages including social media
#
[snarfed]
geman: when granary fetches tweets, it includes their likes, ie the users that have liked them. it doesn’t have a way to fetch only tweets with likes, though, or the tweets that you yourself have liked
#
jacky
woah technically I could use granary as like my way to view my timeline
#
geman
ah sorry my bad, I wanted to fetch my likes, not who liked my tweets, i.e. my "favourites"
#
geman
I have not seen brid.gy before, need to look at that, this place is a gold mine for these glue-services :-)
#
geman
thanks
#
jacky
hmm logging into Instagram doesn't seem to work (for reasons) but explicitly it's asking for a scope
#
geman
ah, brid.gy seems to allow me to send likes of my tweets to my micrblog, but I don't see any ability to do things based on my favourites, no idea if it's possible
#
geman
so to be clear, my goal is to "archive" all my likes somewhere, preferably as they happen, and if possible archive the whole thread, with for example the threadreader
#
geman
if anyone knows if this is possible or how to do this, I'm all ears
#
aaronpk
this is why I POSSE my likes instead of try to pull them from twitter
#
geman
clearly there seems to be an API for this https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/get-favorites-list , so there should be some service that can do this, seems IFFTF has some offers
#
aaronpk
yes, but you'll be at the mercy of api rate limits, whether you can get an api key, etc
#
Zegnat
Hmm, Nitter seems to show the number of likes, but not an overview of what someone liked. Else that could have been a way
#
[snarfed]
ifttt, zapier, integromat are all good candidates
#
[snarfed]
also i use this minimal homegrown service to do what you want, geman: https://github.com/snarfed/ownyourresponses
#
Loqi
[snarfed] ownyourresponses: Creates posts on your web site for your likes, replies, reshares, and event RSVPs on social networks.
#
geman
cool, thanks I will take a look
#
geman
never heard about integromat before
#
geman
meh, so far both IFFTF and Integromat wants _full_ access to my twitter account
#
jacky
that's probably because the integration doesn't do some fine-grain permissioning
#
geman
I kind of understand why, I guess it's easier for them, but for example brid.gy did the right thing and separate read and write access
#
jacky
and plus Twitter doesn't have fine grain permissioning lol
#
geman
yeah, this is a really surprising thing for _a lot_ of services, they 1. don't provide fine grained access and even when they do, the app developers are generally lazy and ask for *
#
jacky
catch-22
#
geman
as always you peps has thought about this :-)
#
aaronpk
there's even an IETF draft about it
#
geman
oh wow... zapier is even worse, really ugly dark pattern for following their twitter account
#
[tb]
aaronpk++ thanks for the merge
#
Loqi
aaronpk has 68 karma in this channel over the last year (246 in all channels)
#
aaronpk
thank you!
#
[tb]
Dependabot is gonna start bugging with PRs now it looks like haha
#
[tb]
But I'll get to work on the endpoint discovery piece now
#
[tb]
I need all this functionality so I can make other stuff I have in the works talk to my hub 😄
lahacker joined the channel
#
jacky
I know that feel
#
jacky
I am also very comfortable with Ruby so if you want, I can take a look at some PRs, [tb]!
#
[tb]
Great to hear [jacky] I'll certainly take you up on it
#
[tb]
I don't do Ruby anymore for work as of a few years ago and so all of these IndieWeb side projects have really been reviving my old favorite language for me
#
[tb]
Seems like PHP is pretty prevalent around here! I'll admit I haven't done much with PHP going on a decade now — I've heard it's quite the different language nowadays
#
aaronpk
yeah basically every criticism of php hasn't been true for a while now ;-)
#
jacky
PHP today is not the PHP of 2013 (the last time I worked on PHP)
#
aaronpk
and even in 2013 it wasn't as bad as people were making it out to be
#
[tb]
I'll have to take a look here sometime and see what's new (or I guess old by now but new for me)
#
[tantek]
I still like a subset of PHP 2009 myself.
#
geman
IMO PHP was never bad, but you could write some horrible things with it if you wanted, just like most other languages
#
aaronpk
yeah mostly that
#
aaronpk
there are some strange inconsistencies too, but most languages have stuff like that too
#
[tb]
Yeah
#
[tantek]
I think some of it was elitism frankly. PHP lowered the barrier to writing bad code 😂
#
[tb]
Like Java is a fine language until you start running into FactoryBuilderAdapterGenericSpringBeans
#
geman
still few (any?) languages which can beat it when it comes to deploying small web projects or web-glue
#
[tantek]
it was always more the Java ceremonies and IDEs and such
#
[tantek]
of course today's JS Toolchains make Eclipse look super simple and blazingly fast
#
[tb]
Yeah because you can still just drop PHP right onto a shared web host without worrying about app servers right?
#
[tantek]
more to the point. you can rename a .html file in to .php, add some code, and it *just works*
#
[tantek]
setup? what's that? ceremony? what's that?
#
geman
and the isolation, it crashed? no worries, nothing is down, just try again
#
geman
anyways, It seems I need to look at either deploying ownyourresponses myself or trusting IFTTT or Integromat but not today, thanks for the help everyone, have a good one
#
[tb]
I am like 19% of the way to owning my reponses
#
[tb]
I have a basic webmention receiver now that does some quick verification and then shoves it into a manual approval queue for me, but nothing to present them in my Hugo site yet
geoffo and sp1ff joined the channel
#
GWG
[tantek]: I added something to your GUTS section
#
[tantek]
hah maybe GUTS is better than GUST
#
[tantek]
"Grand Unified Theory of Status"
#
GWG
[tantek]: I was pondering events again
#
GWG
I am still wondering about event vocabulary and concepts if you think of reading, watching and issues like an event
#
GWG
They have a start, and end...
#
[tb]
Oh phew... [jgarber]++ and thank you for https://github.com/jgarber623/link-header-parser-ruby
#
Loqi
[jgarber623] link-header-parser-ruby: A Ruby gem for parsing HTTP Link headers.
[jgarber] joined the channel
#
[jgarber]
[tb] You’re welcome!
#
[jgarber]
…and hello, everyone! It’s been a while. 😄
#
[tb]
This is going to be a big help on both omniauth-indieauth as well as my own webmention implementation
#
GWG
Hi, [jgarber]
#
[jgarber]
Fantastic! Looking forward to seeing what you do with it. Feedback is always appreciated.
#
[tb]
So the first thing is going to be the IndieAuth endpoint discovery I'm working on adding to omniauth-indieauth
#
[tb]
Actually now that I'm looking at your repos you have a lot of things I've been building into my own backend haha
#
[tb]
But much farther along than I am
cjw6k joined the channel
#
[jgarber]
Please use them if they suit your needs! All of those were building blocks toward projects I haven’t had the time to implement.
#
jacky
reusability++
#
Loqi
reusability has 1 karma over the last year
#
[tb]
Hehe like my own graveyard of dead repos [jgarber] 😄
#
[tb]
I did pull one thing out of my monolith this weekend, my URL shortener — https://github.com/brvs-io/brvs
#
Loqi
[brvs-io] brvs: Own your links! Free, open source URL shortening and branded link management application
#
[tb]
This is going to be the first home for the work I'm doing in omniauth-indieauth
#
[jgarber]
Very cool!
#
[tb]
There's a ton of OSS link shorteners/branded URL managers out there but not a lot of them overengineered to include an entire OAuth2 provider!
#
[jgarber]
You’ve found a very, very specific niche! 😂
#
jacky
lmfaoo
geoffo joined the channel
#
[tb]
🤣
#
[tb]
So was thinking some about PKCE just now — a client that supports PKCE should be able to safely send PKCE parameters in both the authorization and token requests even if the provider doesn't support it, since the provider should just silently drop the `code_challenge` / `code_challenge_method` / `code_verifier` parameters if that's the case?
#
aaronpk
yes, that's by design
#
aaronpk
basically all oauth clients should be adding those parameters