#dev 2020-11-29

2020-11-29 UTC
strugee joined the channel
# 00:33 
aaronpk the next question is whether i want to go full client-side and have the extension make the post request itself, risking other people having CORS issues if their servers don't support it, or have the extension send the contents to my server and make the request from my server
# 00:38 
aaronpk i wasn't going to go to the trouble of figuring out the client side indieauth flow for this cause i'm not that good at javascript, but if I had a server-side component i could make the whole setup experience a lot smoother for others
# 00:49 
aaronpk omg it works
# 00:52 
vilhalmer server seems fine, people who mind that sort of thing can probably spin up their own instance
fauno joined the channel
# 00:57 
jacky word
# 01:01 
[tantek] is this the new IG PESOS approach then?
[grantcodes] joined the channel
# 01:02 
[grantcodes] [aaronpk] I think at some point I found that js fetch requests are all fine with cors from an extension but couldn't read response headers. But the older xmlhttprequest could
# 01:03 
aaronpk true vilhalmer
# 01:03 
[grantcodes] But omnibear and postrchild both are fully client side extensions without cors issues
# 01:03 
aaronpk [grantcodes]:  oh yeah i was reading that about Fetch, but my XMLHTTPRequest one can read the location header no problem
# 01:04 
aaronpk maybe i can convince someone who's better with javascript to touch this code up and make the indieauth flow work better :)
# 01:05 
[grantcodes] They both use my micropub script which does indieauth too. It's on npm or is a single modern js class
# 01:06 
aaronpk ooh
# 01:06 
aaronpk looks
# 01:09 
aaronpk good docs [grantcodes]++
# 01:09 
Loqi [grantcodes] has 7 karma in this channel over the last year (17 in all channels)
# 01:09 
aaronpk https://grantcodes.github.io/micropub/
# 01:09 
[grantcodes] Or it might be the other way round to be honest. Written for node and compiled for browser. But should be minimal changes either way
# 01:11 
aaronpk i don't see a single file download, just npm instructions
# 01:11 
aaronpk and yarn
# 01:12 
[grantcodes] Yeah it's honestly easier to provide that than a single file that's always up to date
# 01:12 
aaronpk can't you make github actions make a build or something?
# 01:12 
aaronpk i've never used yarn and i try to avoid npm if possible
# 01:14 
[grantcodes] Probably. This is from before github actions
# 01:16 
[grantcodes] I should probably rewrite it now to be browser & modern node js without any compiling or other garbage
# 01:18 
aaronpk this looks good though, looks pretty straightforward to use
# 01:19 
[grantcodes] Other issue is not much unit tests. But real world tested 😅
# 01:21 
aaronpk we've got a few spec changes to keep in mind now too :)
# 01:22 
aaronpk i should probably do a blog post writeup of that so you don't have to read through all the spec diffs
# 01:22 
[grantcodes] Indieauth changes rather than micropub right?
# 01:22 
aaronpk yea
# 01:23 
Loqi I agree
# 01:28 
[grantcodes] Actually have a separate indieauth library that's very similar to the auth part of the micropub library but a bit more correct and I've been meaning to offload the auth stuff in micropub to that library but want to have unit tests first and never got around to finishing them
# 01:28 
aaronpk ahh
# 01:31 
[grantcodes] The classic time and motivation factors have held that back
[snarfed] joined the channel
# 02:05 
vilhalmer a blog post would be good, I read through the entire github issue to get background on the reasoning for the change
# 02:05 
vilhalmer which worked, but is not the smoothest method :)
# 02:06 
aaronpk yeah, i feel like we've finally hit a mostly stable spot with things now too
# 02:07 
vilhalmer I spent some time self-confused about how it was intended to work without the me param because I forgot my implementation is weird by not having a box to type your url into
# 02:07 
vilhalmer but in the end I was able to delete a bunch of code like you expected
# 02:07 
vilhalmer though implementing the code challenge made it about even
# 03:37 
sebbu Zegnat, before i get ready to re-do my auth tommorow, is there any more fix to selfauth and mintoken apart from the 2 other branchs (the pull requests) ? especially since i heard the indieauth spec was modified a few days/weeks ago and thoses fix are already 3 months old
# 03:49 
sebbu (this is for selfauth, for mintoken there seems to be no update apart from thoses old branches, older than the default)
[snarfed] joined the channel
# 06:25 
@leozera Today's work: added webmentions support to my website based on @shindakun post https://bit.ly/3fNzpD2 and @mxbck https://bit.ly/3lhKsWa

Here is one example: https://bit.ly/2E32HP9

#webmentions (twitter.com/_/status/1332932991463538691)
# 08:52 
sebbu damn bitly, hate thoses ad-filled redirectors websites that 99% of the time don't work on mobile
# 08:54 
sebbu (or adf.ly)
schmudde and [KevinMarks] joined the channel
# 11:09 
Zegnat sebbu: I do not think selfauth needed anymore patching. I have not really ran into any problems. But that said, I am writing a full replacement so it is not at the foremost of my mind.
# 11:10 
Zegnat I am currently not running MinToken as I have no need for tokens. So I would not be surprised if something breaks there, honestly. I am merging it into my selfauth replacement, so I am not sure what sort of updates I would be putting into it.
# 11:11 
Zegnat If it has been working for you a week or 2 ago, it should still work. We did not touch token endpoint logic in the latest indieauth release.
# 11:11 
Zegnat Mintoken probably does not do the new(ish) profile scope yet. But I also do not know how many apps are even asking for that.
# 11:14 
sebbu what's/where's the replacement ? :D
# 11:15 
Zegnat In a private repo :P I hoped to get it done during IWC East, but didn't make it. So currently it is just screenshots from the hack day that go around, haha
# 11:29 
Zegnat sebbu: it looks very much like Selfauth. So if you are on Selfauth/Mintoken, chances are this will be a very simple switch over (if that is what you want to do) https://indieweb.org/consent_screen#Martijn_van_der_Ven
[suze_shardlow1], ethanyoo and [eddie] joined the channel
# 13:31 
[eddie] Hmm, I get the feeling Slack image uploads to IRC is broken 🤔
# 13:31 
[eddie] Yep it is
# 13:31 
[eddie] Working on image optimization so I'm not shipping huge photos to my website. Something I haven't bothered with until now. For my Watch Posts I often show the TV/Movie cover art, and for Play posts, I show the game art. These three images are the game art for Zelda: Link's Awakening. Original JPG: 1mb, Optimized JPG: 218k, Optimized WebP: 168k. I can't believe that, 1mb to 168k!
# 13:31 
sebbu hum
# 13:31 
[eddie] Looking at the images in Google Chrome on my Retina MBP I can see no visible difference... 😲
# 13:32 
sebbu using a self-signed, expired certificate on https://localhost/ doesn't help me debug ssl issues :D
[jgmac1106] joined the channel
# 13:39 
[jgmac1106] okay wiki all fixed. dokuwiki, or at least my installatron install versions sets all users, without authentication, to have all rights
# 13:50 
[eddie] Lol isn’t that... dangerous?? 😄
# 14:26 
sebbu ( ! ) Warning: array_merge(): Expected parameter 2 to be an array, null given in D:\htdocs\auth2\php-mintoken\endpoint.php on line 281
# 14:26 
sebbu i'm failing in php-mintoken, there doesn't seems to be a 'me' $_GET parameter
# 14:26 
sebbu (or any GET parameter)
# 14:28 
sebbu Zegnat, ?
# 14:28 
Zegnat Oh, did I make the me still be required? Thought I fixed that.
# 14:30 
Zegnat I'll check my code, might be a simple patch
# 14:30 
sebbu it was removed in selfauth, but not mintoken ?
# 14:31 
Zegnat Selfauth does not talk to Mintoken at all. Mintoken needs to check the access code with Selfauth before it can issue a token.
# 14:31 
Zegnat That was a weird quirk where IndieAuth was speccing things that OAuth clients did not support by default, so it was removed. Mintoken may be relying on the quirk though.
# 14:31 
Zegnat It is not a problem when token endpoint and auth endpoint are the same service. Which is one of the reasons I am merging them.
# 14:32 
sebbu well, i'm testing with indieweb/indieauth-client-php right now (so fully on localhost for the tests)
# 14:33 
sebbu i even added my localhost root CA to my local cacert.pem file, so that i don't have to turn off ssl verifications
# 14:34 
Zegnat Interesting that it throws an error on array_merge(). Thought it would just give an "invalid_request" as response if it failed
# 14:36 
Zegnat Alright, I think I know what I need to change. Just need to decide if I still want Mintoken to work for multiple sites from one instance, or just have it work for one site per installation
# 14:37 
sebbu well, it throws an invalid request afterwards
# 14:37 
sebbu it's a warning, not a (fatal) error
# 14:37 
Zegnat Step 3 of the setup, where you add the endpoints it should check for, is currently impossible because IndieAuth clients no longer tell you an endpoint (they no longer send me)
# 14:38 
Zegnat So instead of matching the me, Mintoken should just always immediately go to your configured endpoint to exchange the code. And fail if that fails, or issue the token.
# 14:40 
Zegnat Let me see if I can do a relatively quick fix for this ...
# 14:50 
Zegnat sebbu: you could try this branch https://github.com/Zegnat/php-mintoken/tree/no-more-me
# 14:50 
Zegnat Currently do not have a testing flow setup myself ... like it says in the project README, I am not a very active user myself
# 14:52 
Zegnat you should be able to just swap out endpoint.php files and see if it fixes it. If not, I will have to have a sitdown at my proper environment tomorrow. I am not really available this weekend :(
# 14:52 
Loqi definitely
geoffo joined the channel
# 15:12 
sebbu Zegnat, verifyCode returns null
# 15:12 
Zegnat Huh
# 15:16 
Zegnat that should not happen unless selfauth is giving a wrong response
# 15:17 
sebbu the $endpoint seems to contains my $clientID instead of the $authorization_endpoint
# 15:18 
sebbu so, the json_decode fails
# 15:19 
Zegnat Does the new getTrustedEndpoint not work? That should be getting the endpoint you have set in your sqllite file
# 15:19 
sebbu i'll redo the sqlite
# 15:19 
Zegnat Do you have an SQLite gui installed so you can easily check the db?
# 15:21 
sebbu no, but i know how to use the cli
# 15:24 
sebbu seems to work :)
# 15:26 
Zegnat Cool
# 15:27 
Zegnat I am looking forward to finish up merging it and selfauth into one single thing that I can actually keep support up on
# 15:30 
sebbu Your IndieAuth server did not return a valid response.
# 15:30 
sebbu Response Code: 307
# 15:30 
sebbu Maximum (8) redirects followed
# 15:30 
sebbu Error Details
# 15:30 
sebbu :(
# 15:30 
sebbu indieauth.com works, indielogin.com doesn't
# 15:32 
Zegnat Maximum redirects does not sound like an Selfauth/Mintoken issue
# 15:32 
Zegnat I don't think either do 3xx responses
# 15:32 
sebbu arf, forgot the INPUT_SERVER issue
# 15:34 
Zegnat Ah, haha, yeah
# 15:37 
sebbu well
# 15:37 
sebbu works with indieauth-client-php
# 15:37 
sebbu but still not with indielogin.com
# 15:40 
sebbu aaronpk, any idea ?
# 15:44 
aaronpk What error message is indielogin showing you?
# 16:07 
Zegnat Interesting that indielogin.com is failing. That is not doing a scoped request, is it, aaronpk? So it does not go against the token endpoint? Then it should only be talking to selfauth...
# 16:22 
sebbu 307 max redirect
# 16:44 
sebbu indieauth-client-php also works hosted on my site
[tantek] joined the channel
# 17:02 
[tantek] aaronpk, are the IndieAuth 2020-11-26 version fairly apparent from the changes section? or would it be better to wait for a blog post?
# 17:03 
[tantek] I'm asking because I'd like to get a blurb / summary about this IndieAuth spec update into the Redecentralize digest for November
# 17:03 
[tantek] (assuming their last day for submissions is tomorrow)
# 17:04 
[tantek] just to give you something to contrast with, almost the first third of last month's newsletter was spent on SSI — without anything practical for anyone as far as I can tell: https://redecentralize.org/redigest/2020/10
# 17:05 
[tantek] so I'm assuming we could write something up that's much more significant / applicable / real / implementable about IndieAuth in contrast
[Raphael_Luckom], nickodd and ethanyoo joined the channel
# 17:25 
aaronpk the changes are all listed out in the changelog, but i'd probably recommend waiting until i can write a blog post, i'm planning on writing it in a much more actionable "how to update to this version" kind of way
# 17:25 
aaronpk also describing some of the motivations for the changes
# 17:31 
[tantek] We can always talk about it twice
# 17:31 
[tantek] first as a minor update (summary of changes from the changelog)
# 17:31 
[tantek] and then later when you blog about it, that can be a featured thing
# 17:31 
[tantek] people like ongoing narratives like that
# 17:46 
Loqi Ok, I'll tell them that when I see them next
# 17:46 
jeremycherfas !tell zegant can I talk to you about the `core.js` you use on your `weight` page? In DM if you prefer.
# 17:49 
[Raphael_Luckom] petermolnar: when I was looking at exif stuff, there was some proprietary field that could be in the MBs range I think
# 17:49 
petermolnar emphasis on "could"
# 17:50 
[Raphael_Luckom] It was the "MakerNote" field
# 17:50 
petermolnar but I sort of doubt exif would allow that
# 17:50 
petermolnar are you sure it's not xml or iptc?
# 17:50 
[Raphael_Luckom] https://en.wikipedia.org/wiki/Exif#MakerNote_data
# 17:52 
petermolnar ah, those. Yes, I know about the provider blobs
# 17:53 
sebbu http://ozhiker.com/electronics/pjmt/jpeg_info/makernotes.html
# 17:53 
sebbu they've been reverse-engineer'ed
# 17:54 
sebbu https://www.tawbaware.com/990exif.htm
# 17:55 
sebbu amongst other thing, i might contain your camera serial number or GPS coordinates
# 17:55 
sebbu it*
[jgmac1106] joined the channel
# 17:59 
[Raphael_Luckom] yeah, it's really annoying when they stick gps in there. There's already a location field in exif proper--it's the first thing you want to set for recodkeeping, or delete for privacy. Adding it in obfuscated form in some other place breaks both those use cases
schmudde and [chrisaldrich] joined the channel
# 18:07 
jeremycherfas !tell Zegnat can I talk to you about the core.js you use on your `weight` page? In DM if you prefer.
# 18:07 
Loqi Ok, I'll tell them that when I see them next
# 18:11 
Zegnat !tell jeremycherfas of course! Always happy to discuss my own code :D If it does not feel like it is something others can use, happy to take it outside of this channel
# 18:11 
Loqi Ok, I'll tell them that when I see them next
# 18:11 
Loqi Zegnat: jeremycherfas left you a message 4 minutes ago: can I talk to you about the core.js you use on your `weight` page? In DM if you prefer.
# 18:20 
jeremycherfas It’s about how you build the page. I’ll go to DM
# 18:20 
Loqi jeremycherfas: Zegnat left you a message 9 minutes ago: of course! Always happy to discuss my own code :D If it does not feel like it is something others can use, happy to take it outside of this channel
geoffo and [tw2113_Slack_] joined the channel; nickodd left the channel
# 19:35 
[Raphael_Luckom] I think I finally wrapped my head around the HATEOAS part of REST: https://www.raphaelluckom.com/posts/revenge_of_hateoas.html
[KevinMarks] joined the channel
# 19:45 
[KevinMarks] This seems similar to that discussion https://twitter.com/eaton/status/1333126544848523264?s=20
# 19:45 
@eaton Because it's evergreen, I find myself writing up another explanation of the distinctions between a Domain model, a Content model, and a Data model. For most folks this doesn't matter, but for some teams, it's a point of contention! (twitter.com/_/status/1333126544848523264)
# 19:45 
[KevinMarks] (a key reason mf2 parses out the rel-urls is how handy they are for that kind of thing)
dylanharris joined the channel
# 19:55 
[Raphael_Luckom] cool, thanks!
schmudde, jamietanna, silo, [chrisaldrich], [jgmac1106], ethanyoo and geoffo joined the channel