#ZegnatHmm. HTML scraping might be out as well, does not give me what I need. So my new flow is going to be: Google Takeout -> convert JSON to OPML -> import in feed reader.
#ZegnatGoing to need to either get the API working or find a better way to manage YouTube subscriptions
#ZegnatIf anyone has a functioning API setup for YouTube, I would love some debugging help tomorrow.
geoffo, ShadowKyogre and [dmitshur] joined the channel
#[dmitshur]hmm, does the current indielogin.com IndieAuth client implementation not set the (newly mandatory! or mandatory-ish lol) grant_type parameter when redeeming the authorization code at the authorization endpoint?
#[dmitshur]asking (sorta a rhetorical question) to confirm my findings are accurate.
#Loqi[dmitshur] #43 indieauth: update implementation for 2020 spec changes
#[dmitshur]Assuming I only support the S256 code_challenge_method, I wonder if there'd be any problem with doing the code_verifier check by base64-decoding the code_challenge to precompute the expected sha256 sum of the code_verifier, then doing a sha256(code_verifier) == wantsum check. (It relies on base64 encoding/decoding being 1:1.) https://tools.ietf.org/html/rfc7636#section-4.6 doesn't go into low-level details about how the comparison should be
#[dmitshur]made. As far as I can tell it should be equivalent, but I'll want to do more reading up on PKCE before making any kind of final decision.
[asuh], ShadowKyogre and gRegorLove joined the channel; ShadowKyogre left the channel
#aaronpk[dmitshur]: I'm not sure I understand what you're trying to do. The verification should be pretty straightforward, you do the same sha256 calculation of the value you get in the token request and compare the hash with what came in the request
#[dmitshur]I'm just trying to challenge my understanding of things by thinking through a slightly unusual approach.
#[dmitshur]I was just curious how unusual it is to do the verification that way.
KartikPrabhu joined the channel
#[dmitshur]I'm probably not going do that in the end, but I'll keep thinking for now and as I do more research/learning.
#aaronpkI don't think these operations work the way algebraic operations work
dhanesh, [cleverdevil] and KartikPrabhu joined the channel
#[dmitshur]Agree about that in the general case (e.g., can open up timing or DoS attacks). But I haven’t found a concrete way it’s a bad idea in this specific case, other than the general “factors I haven’t considered” angle.
peterrother, dhanesh, ludovicchabant, themaxdavitt, raucao, swentel, KartikPrabhu, [tantek] and ShadowKyogre joined the channel; ShadowKyogre left the channel
#@EatPodcast↩️ I wonder whether that might have been an error from the 3rd-party app I use for webmentions. In any case, it got through. Unlike my attempt to DM you. (twitter.com/_/status/1343520209324417026)
[tantek] joined the channel
#Zegnat[dmitshur] there should not be any reason why that should not work. I think I would mostly just find it unneccessary to do any processing on the originally provided code_challenge value. Especially since both inputs code_challenge and code_verifier are untrusted. I would say it is better to SHA-hash an untrusted value, than to (try to) decode an untrusted value.
[Ana_Rodrigues], [Rose], [jgmac1106], ShadowKyogre, [Raphael_Luckom] and [KevinMarks] joined the channel; ShadowKyogre left the channel
#jeremycherfasOut of my depth again, so ... by my understanding, there shouldn't be any problems with loading js from anywhere in my site. And yet, I get a 404 when I try. One thought was CORS, but that can't be it from the same site, can it?
#jeremycherfasBy in my site, I mean, in the domain that hosts my site.
#ZegnatYou are correct, jeremycherfas. The path to the JS file should not matter, as long as the file is there.
#ZegnatYou are sure you have uploaded it to a publicly accessible folder?
#jeremycherfasIf it is local, isn't it all public? I better check.
#jeremycherfasGrav people are suggesting to copy my stuff out of `/node_modules` and into `/js` instead. I may as well give that a try.
#[Raphael_Luckom]I have some time to help if I can be useful, but I'm not familiar with Grav. If you wanted to start a zoom or equivalent, or if there's something else I could do to help, I'd be happy to
#jeremycherfasMany thank [Raphael_Luckom] but let me give this latest suggestion a go first.
#[Raphael_Luckom]yeah, sometimes you just need to agitate it until it works 😄
#ZegnatFolder name should not make a difference, unless Grav does not allow access of folders that it does not know about
ShadowKyogre left the channel
#jeremycherfasWell, I'm none the wiser, but it worked all the same. So, progress, of a kind. Now asking the Grav people why that was.
#[Raphael_Luckom]changing things in general sometimes fixes problems because it provokes revisiting things you might not have thought were the problem
ShadowKyogre joined the channel
#swentelyeah, there might be rule (e.g. in a htaccess file) to prevent accessing files in certain folders, node_modules usually is a good idea to deny access :)
ShadowKyogre joined the channel; ShadowKyogre left the channel
#ZegnatOooh, it looks like I need Google to verify me for using OAuth. There is a 100 requests life-time quota before being verified, if I am understanding this right. I bet the old keys had gotten stuck on that.
#ZegnatI guess that is one way to gatekeep against private apps
#ZegnatThe problem is I cannot really find it documented anywhere outside of this one-time popup you get when you create credentials: https://i.imgur.com/VOkEruK.png
#Zegnat(No worries, credentials created specifically for this screenshot, that secret is not in use.)
#LoqiOPML stands for Outline Processor Markup Language, an XML-based format and defacto standard used for feed lists interchange https://indieweb.org/OPML
#ZegnatHmm. Was wondering if anyone ever documented the standard for feed lists
#LoqiZegnat has 35 karma in this channel over the last year (95 in all channels)
#ZegnatThis has not left me a big fan of Google APIs, I have to say. Unlikely I will host this publicly for people to make use of.
[Raphael_Luckom] joined the channel
#[Raphael_Luckom]their gsuite / oauth stuff is their worst
swentel joined the channel
#[Raphael_Luckom]some of the cloud infrastructure stuff is ok (and I think but can't really demonstrate that their cdn game is ahead of aws's) but their identity and authn / authz products suffer horribly because they're still tied to roots as email addresses and mailing lists.
#aaronpkZegnat: that's the same reason i'm hesitating publishing some of my tools for dealing with youtube stuff too
#ZegnatDo not know about Google infrastructure at all, I am only speaking of APIs into their own services like YouTube
#Zegnataaronpk: I think it is fine if you can get away with only using endpoints that do not require authorization. I had no real issue when I was working on getting YouTube into XRay
#aaronpkyeah and they do have an "api key" that you can generate as a user and it works for some methods but not all
#aaronpkbut once you get into the rate limited and restricted APIs, the rate limiting is super harsh until you get your app approved and stuff
[Ana_Rodrigues] and [tw2113_Slack_] joined the channel
#GWGWondering if I can figure it out from this wikipedia table
[plenglin] joined the channel
#jeremycherfasWell, my ongoing project of the past few days is up and working, although I don't expect anyone to notice. There are still a couple of rough edges to smooth off, but I am glad to have got it done before 2021-01-01. Thanks everyone for help and support.
[snarfed] and [KevinMarks] joined the channel
#[KevinMarks]Xoxo was an alternative to opml, and originally I translated opml into it
#ZegnatBut XOXO was never used as an interchange format for feed subscriptions, right? Only OPML?
#ZegnatI am most interested in the interchange format ... having a hard time finding that one documented.
#ZegnatOPML as the outlining spec is simple enough to find
gxt joined the channel
#Zegnat!tell jeremycherfas I think Grav is still in some sort of debug mode? I get a debugging bar at the bottom on your site. Also: pagination links on https://www.jeremycherfas.net/blog seem to be broken?
#[tantek]Zegnat, indeed there's scant formal documentation of the interchange format, what implements it etc. If only the developers of the spec kept such things on an easily web search discoverable wiki
#[tantek]And absent that, might as well start documenting your interchange format use-case needs and come up with something more minimal/modern than a subset of OPML for that
#[tantek]an undocumented spec is not a spec at all, and is unlikely to have actually been properly implemented
#[tantek]thus a bit of poking in the dark to both implement yourself and attempt any degree of interop
#ZegnatThe problem as far as I can see is specifically with the interchange format. I can find outliners that still use OPML, and there are plenty copies of the pure OPML spec that you can find (it is mostly just an XML vocab afterall). But does seem like I would need to create a handful of different nesting and naming combinations and start importing in multiple readers to figure out interop for the feed-subscription interchange format
#ZegnatWill see if I can find the motivation to do that research. Chances are no. As I do not switch between readers a lot. I think I have only done one major switch, from Google Reader to Feedbin.
gRegorLove and [jeremycherfas] joined the channel
#[jeremycherfas]!tell zegnat Rats! I always forget to disable the debugging. It will have to wait until tomorrow.
#Loqi[jeremycherfas]: Zegnat left you a message 2 hours, 4 minutes ago: I think Grav is still in some sort of debug mode? I get a debugging bar at the bottom on your site. Also: pagination links on https://www.jeremycherfas.net/blog seem to be broken?
jolvera, [KevinMarks] and ShadowKyogre joined the channel; ShadowKyogre left the channel
#@houshuang↩️ I'd be happy to discuss cognitive stuff any day. Also very interested in the idea of linking digital gardens - have been discussing some prototype with @JoelChan86 using webmentions, and actually tried building something 7 yrs ago based on PhD students reading identical papers. (twitter.com/_/status/1343680383930527749)