#dev 2020-08-10

2020-08-10 UTC
geoffo, beko, nickodd and KartikPrabhu joined the channel; nickodd left the channel
#
hirusi[m] https://indieauth.spec.indieweb.org/
#
hirusi[m] The "This version" link isn't really a permalink to "this version" -- only the current latest version. How do I get a link to _this version_?
#
Zegnat hirusi[m]: like with HTML as well as microformats, the plan is to only have a single version (a “living standard”). We may add snapshots of how the spec looked like at certain times, but for now, it is just the one document.
#
Zegnat https://indieauth.spec.indieweb.org/#change-log gives the quick overview of the sort of changes that have happened to the document in the last 2 years
moppy, swentel and gxt joined the channel
#
@AdamBrodziak Webmention is used for a growing federated network of comments, likes, reposts, and other rich interactions across the decentralized social web. ”… an @ mention that works across websites; so that you don't feel immovable from Twitter or Fb.” https://indieweb.org/Webmention (twitter.com/_/status/1292753019226984448)
#
hirusi[m] <Zegnat "hirusi: like with HTML as well a"> That makes sense, thank you. I did not know this is what Living Standard meant.
#
Zegnat https://whatwg.org/faq#living-standard is a pretty good description imo
#
Zegnat On the Popup call we had we did briefly discuss versioning. But we will revisit the in the future instead when we are looking at actual breaking changes
[KevinMarks], [jgmac1106], KartikPrabhu, swentel and dckc joined the channel
#
aaronpk There's no permalink for this version until there's a next version
#
aaronpk But I could change that and give it a permalink
geoffo and [tb] joined the channel
#
[tb] [aaronpk] did you say before you'd be interested in having someone take on https://github.com/aaronpk/omniauth-indieauth?
#
Loqi [aaronpk] omniauth-indieauth: IndieAuth strategy for OmniAuth
#
aaronpk yes! I don't really do much ruby stuff anymore
#
[tb] Cool! Since most of my IndieWeb stuff is going to be in Ruby and some of it is going to be federated out from my main backend monolith right now I just realized I was going to end up using this gem heavily for my auxiliary services to auth
#
aaronpk oof i just realized all the wiki pages on indieauth are gonna need some updating too https://indieweb.org/Category:IndieAuth
#
[tb] This has also gotten me thinking about how the OmniAuth strategy here would do PKCE (i.e. where would it store the code verifier, in a cookie?)
#
aaronpk same place it stores the state ;-)
#
[tb] Ah yeah looks like the omniauth-oauth2 strategy just stores it in the Rack session as I suspected https://github.com/omniauth/omniauth-oauth2/blob/master/lib/omniauth/strategies/oauth2.rb#L52
#
aaronpk makes sensee
#
aaronpk PKCE should already be in the core omniauth library to
#
aaronpk grr this keyboard
#
aaronpk ah it's in a PR https://github.com/omniauth/omniauth-oauth2/pull/131
#
Loqi [jessedoyle] #131 OAuth2 - PKCE
#
[tb] That gem appears to be slowly maintained these days 😞
#
aaronpk is there some other oauth gem that's more popular these days?
#
[tb] Not in the way that the omniauth gems are meant to be used AFAIK
#
[tb] There's always been https://github.com/oauth-xx/oauth2
#
Loqi [oauth-xx] oauth2: A Ruby wrapper for the OAuth 2.0 protocol.
[jeremycherfas] joined the channel
#
[tb] Oh also [aaronpk] one confusing bit when I forked and cloned omniauth-indieauth just now — the LICENSE file is MIT but the readme says it's Apache 😄
#
aaronpk lol
leg joined the channel
#
[tb] Looks like you have it licensed Apache in the gemspec as well
#
aaronpk lemme go fix that up...
#
aaronpk gonna fix up the branch name too
#
aaronpk you may want to delete and re-fork
#
aaronpk done
[chrisaldrich], swentel, [jgmac1106], [fluffy], [tantek] and swentie joined the channel
#
jacky so I'm reworking some of my pages for reactions (like, bookmarks, etc)
#
jacky what is rel=canonical
#
Loqi rel=canonical is a way to indicate that a hyperlink links to the original and canonical version of the current page https://indieweb.org/rel-canonical
#
jacky so I'm wondering if I should actually have a rel=canonical on those pages to point to the content being 'reacted' to versus a canonical form of my reaction
#
jacky I can see it _not_ being a valid usecase if it's like a syndicated reaction
#
aaronpk not sure what you mean
#
jacky like okay
#
aaronpk rel=canonical is pretty specifically defined
#
jacky I think it's me reading n+3 levels too deep into it lol
#
aaronpk yeah don't overthink it :)
#
jacky modprobe -D overthink
[snarfed] joined the channel
#
[snarfed] jacky++ #indieweb-dev indeed
#
Loqi jacky has 32 karma in this channel over the last year (115 in all channels)
#
jacky :D
#
jacky now for another thing
#
jacky aspect ratios
#
jacky https://twitter.com/AtokNiiro/status/1292279430199431168
#
@AtokNiiro Don't want Twitter to crop your images in the preview? Use these aspect ratios: https://pbs.twimg.com/media/Ee7KStrWAAAGUOJ.png (twitter.com/_/status/1292279430199431168)
#
jacky is looking for a official doc on this
#
jacky I only see https://help.twitter.com/en/managing-your-account/common-issues-when-uploading-profile-photo
#
jacky my interest is if there's a way to surface things like this in a micropub client when posting
#
jacky twitter doesn't but like if I could not only have this but have it also help with auto-cropping / auto-resizing, that'd increase the chance of posting it well the first time around
#
jacky hm that I'll table
#
jacky what are salmentions
#
Loqi https://indieweb.org/salmentions
#
jacky the horror of the link of dfn lol
#
jacky *lack of
gRegorLove, nickodd, [Rose] and swentel joined the channel
#
jacky what is a reaction
#
Loqi reactions refer to the subset of responses/interactions with a post that are quicker, more impulsive, but still a conscious act, typically a simple UI gesture without writing any content, such as likes (reacji), reposts, bookmarks, or perhaps multiple simple UI gestures, such as selection a text range and posting a quotation of part of a post, or picking a person from a list to post an invitation as a response to seeing an event https://indieweb.org/reaction
#
jacky did not expect that phrasing to work
#
jacky lol the facepile wallllll https://aaronparecki.com/2019/01/11/28/
#
jacky found that link via some wiki splunking
#
jacky lol wow you can't even see the name of the article in that screencap
#
jacky so I'm thinking about CTA to interact with things on my site when they're visited. this is what I have so far http://noctule.jacky.wtf:443/s/PWQZKKfrrLHYztd
#
Loqi 376532884/bot/internet
#
jacky grumbles at the exposed port info stuff
#
jacky but I think it's too "feed me Seymour" for interactions lol
#
jacky granted I've looked at how Mastodon does this
#
aaronpk omg
#
jacky but it also assumes that you have a AP-friendly account (like there's no 'onboarding' path for people who don't have one)
#
aaronpk 343 likes
#
aaronpk 194 reposts
#
aaronpk i really need to not show them alllll at the same timee
#
aaronpk that is too many faces
#
@rMdes_ ↩️ Fiy : Another brick of #Indieweb is called #indieauth = your site is your identity to login to other #Indieweb enabled site to react or use the wiki http://indieweb.org Also check out #micropub and #microsub regarding RSS/syndication & following other blogs :) (twitter.com/_/status/1292886620211945473)
[KevinMarks], lahacker, leg, enpo, geoffo and [tb] joined the channel; nickodd left the channel
#
[tb] Made a little foundational PR to start with [aaronpk] https://github.com/aaronpk/omniauth-indieauth/pull/4
#
Loqi [craftyphotons] #4 Add CI, linting, and test harness
[tantek] joined the channel
#
@havemysecrets [token] in PR by craftyphotons https://github.com/aaronpk/omniauth-indieauth/pull/4 Sample: ` 'change_me'` (twitter.com/_/status/1292911134589300738)
#
[tb] Three things I can see to add right now are: 1) Support for PKCE 2) Parsing the h-card data we talked about in the popup on Saturday 3) Having this fetch a token instead of just doing the authentication flow (or giving the option to either of one)
#
aaronpk first thing to add is endpoint discovery :)
#
aaronpk right now it's just a wrapper around the indieauth.com API effectively
#
[tb] Oh right the biggest first thing to do!
#
jacky okay that bot is _horrible_
#
jacky like god forbid some of these tokens are legit
#
[tb] I was gonna say haha
#
aaronpk lol! is it shaming people for including secrets in source code commits?
#
[tb] That's what it looks like, though was it Loqi who handed off my PR to the bot? 😄
#
aaronpk i'm betting it uses the github api
#
geman does anyone know, it seems granary.io does not support fetching like'd tweets from my twitter account (this is maybe a limitation of the twitter api?)
geoffo joined the channel
#
jacky geman: that's something brid.gy can do
#
jacky granary kinda just 'transforms' pages into other formats
[snarfed] joined the channel
#
[snarfed] well, pages including social media
#
jacky ^
#
[snarfed] geman: when granary fetches tweets, it includes their likes, ie the users that have liked them. it doesn’t have a way to fetch only tweets with likes, though, or the tweets that you yourself have liked
#
jacky TIL
#
jacky woah technically I could use granary as like my way to view my timeline
#
geman ah sorry my bad, I wanted to fetch my likes, not who liked my tweets, i.e. my "favourites"
#
geman I have not seen brid.gy before, need to look at that, this place is a gold mine for these glue-services :-)
#
geman thanks
#
jacky hmm logging into Instagram doesn't seem to work (for reasons) but explicitly it's asking for a scope
#
geman ah, brid.gy seems to allow me to send likes of my tweets to my micrblog, but I don't see any ability to do things based on my favourites, no idea if it's possible
#
geman so to be clear, my goal is to "archive" all my likes somewhere, preferably as they happen, and if possible archive the whole thread, with for example the threadreader
#
geman if anyone knows if this is possible or how to do this, I'm all ears
#
aaronpk this is why I POSSE my likes instead of try to pull them from twitter
#
geman clearly there seems to be an API for this https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/get-favorites-list , so there should be some service that can do this, seems IFFTF has some offers
#
aaronpk yes, but you'll be at the mercy of api rate limits, whether you can get an api key, etc
#
Zegnat Hmm, Nitter seems to show the number of likes, but not an overview of what someone liked. Else that could have been a way
#
[snarfed] ifttt, zapier, integromat are all good candidates
#
[snarfed] also i use this minimal homegrown service to do what you want, geman: https://github.com/snarfed/ownyourresponses
#
Loqi [snarfed] ownyourresponses: Creates posts on your web site for your likes, replies, reshares, and event RSVPs on social networks.
#
geman cool, thanks I will take a look
#
geman never heard about integromat before
#
geman meh, so far both IFFTF and Integromat wants _full_ access to my twitter account
#
jacky that's probably because the integration doesn't do some fine-grain permissioning
#
geman I kind of understand why, I guess it's easier for them, but for example brid.gy did the right thing and separate read and write access
#
jacky and plus Twitter doesn't have fine grain permissioning lol
#
geman yeah, this is a really surprising thing for _a lot_ of services, they 1. don't provide fine grained access and even when they do, the app developers are generally lazy and ask for *
#
jacky catch-22
#
aaronpk https://indieweb.org/incremental_authorization
#
geman as always you peps has thought about this :-)
#
aaronpk there's even an IETF draft about it
#
geman oh wow... zapier is even worse, really ugly dark pattern for following their twitter account
#
[tb] aaronpk++ thanks for the merge
#
Loqi aaronpk has 68 karma in this channel over the last year (246 in all channels)
#
aaronpk thank you!
#
[tb] Dependabot is gonna start bugging with PRs now it looks like haha
#
[tb] But I'll get to work on the endpoint discovery piece now
#
[tb] I need all this functionality so I can make other stuff I have in the works talk to my hub 😄
lahacker joined the channel
#
jacky I know that feel
#
jacky I am also very comfortable with Ruby so if you want, I can take a look at some PRs, [tb]!
#
[tb] Great to hear [jacky] I'll certainly take you up on it
#
[tb] I don't do Ruby anymore for work as of a few years ago and so all of these IndieWeb side projects have really been reviving my old favorite language for me
#
[tb] Seems like PHP is pretty prevalent around here! I'll admit I haven't done much with PHP going on a decade now — I've heard it's quite the different language nowadays
#
aaronpk yeah basically every criticism of php hasn't been true for a while now ;-)
#
jacky PHP today is not the PHP of 2013 (the last time I worked on PHP)
#
aaronpk and even in 2013 it wasn't as bad as people were making it out to be
#
[tb] I'll have to take a look here sometime and see what's new (or I guess old by now but new for me)
#
[tantek] I still like a subset of PHP 2009 myself.
#
geman IMO PHP was never bad, but you could write some horrible things with it if you wanted, just like most other languages
#
aaronpk yeah mostly that
#
aaronpk there are some strange inconsistencies too, but most languages have stuff like that too
#
[tb] Yeah
#
[tantek] I think some of it was elitism frankly. PHP lowered the barrier to writing bad code 😂
#
[tb] Like Java is a fine language until you start running into FactoryBuilderAdapterGenericSpringBeans
#
geman still few (any?) languages which can beat it when it comes to deploying small web projects or web-glue
#
[tantek] it was always more the Java ceremonies and IDEs and such
#
[tantek] of course today's JS Toolchains make Eclipse look super simple and blazingly fast
#
[tb] Yeah because you can still just drop PHP right onto a shared web host without worrying about app servers right?
#
[tantek] more to the point. you can rename a .html file in to .php, add some code, and it *just works*
#
[tantek] setup? what's that? ceremony? what's that?
#
geman and the isolation, it crashed? no worries, nothing is down, just try again
#
geman anyways, It seems I need to look at either deploying ownyourresponses myself or trusting IFTTT or Integromat but not today, thanks for the help everyone, have a good one
#
[tb] I am like 19% of the way to owning my reponses
#
[tb] I have a basic webmention receiver now that does some quick verification and then shoves it into a manual approval queue for me, but nothing to present them in my Hugo site yet
geoffo and sp1ff joined the channel
#
GWG [tantek]: I added something to your GUTS section
#
[tantek] hah maybe GUTS is better than GUST
#
[tantek] "Grand Unified Theory of Status"
#
GWG [tantek]: I was pondering events again
#
GWG I am still wondering about event vocabulary and concepts if you think of reading, watching and issues like an event
#
GWG They have a start, and end...
#
[tb] Oh phew... [jgarber]++ and thank you for https://github.com/jgarber623/link-header-parser-ruby
#
Loqi [jgarber623] link-header-parser-ruby: A Ruby gem for parsing HTTP Link headers.
[jgarber] joined the channel
#
[jgarber] [tb] You’re welcome!
#
[jgarber] …and hello, everyone! It’s been a while. 😄
#
[tb] This is going to be a big help on both omniauth-indieauth as well as my own webmention implementation
#
GWG Hi, [jgarber]
#
[jgarber] Fantastic! Looking forward to seeing what you do with it. Feedback is always appreciated.
#
[tb] So the first thing is going to be the IndieAuth endpoint discovery I'm working on adding to omniauth-indieauth
#
[tb] Actually now that I'm looking at your repos you have a lot of things I've been building into my own backend haha
#
[tb] But much farther along than I am
cjw6k joined the channel
#
[jgarber] Please use them if they suit your needs! All of those were building blocks toward projects I haven’t had the time to implement.
#
jacky reusability++
#
Loqi reusability has 1 karma over the last year
#
[tb] Hehe like my own graveyard of dead repos [jgarber] 😄
#
[tb] I did pull one thing out of my monolith this weekend, my URL shortener — https://github.com/brvs-io/brvs
#
Loqi [brvs-io] brvs: Own your links! Free, open source URL shortening and branded link management application
#
[tb] This is going to be the first home for the work I'm doing in omniauth-indieauth
#
[jgarber] Very cool!
#
[tb] There's a ton of OSS link shorteners/branded URL managers out there but not a lot of them overengineered to include an entire OAuth2 provider!
#
[jgarber] You’ve found a very, very specific niche! 😂
#
jacky lmfaoo
geoffo joined the channel
#
[tb] 🤣
#
[tb] So was thinking some about PKCE just now — a client that supports PKCE should be able to safely send PKCE parameters in both the authorization and token requests even if the provider doesn't support it, since the provider should just silently drop the `code_challenge` / `code_challenge_method` / `code_verifier` parameters if that's the case?
#
aaronpk yes, that's by design
#
aaronpk basically all oauth clients should be adding those parameters