#dev 2021-03-03

2021-03-03 UTC
# 00:00 
@kevinmarks ↩️ They're doing different things. There's a long doc that explains the different protocols and approaches here https://w3c-social.github.io/social-web-protocols/#swwg-drafts but broadly AP is a monolithic protocol model and webmention is part of a composable set of simpler ones (twitter.com/_/status/1366900661410033666)
[KevinMarks] joined the channel
# 00:14 
[KevinMarks] Context https://twitter.com/acute_aura/status/1366892654252982275?s=20
# 00:14 
@acute_aura @weh_kaniini I'll be completely honest, I gave up on AP and W3C huge committee seemingly designed to be implemented as big java blob standard, I like to point to json-ld normalization algo for how not to design for adoption Doesn't help AS is somewhat attached to tootsuite at the hip either. (twitter.com/_/status/1366892654252982275)
# 00:14 
aaronpk heh
# 00:15 
@kevinmarks ↩️ Sorry, I know kaniini, but I don't think we've met before. There was a split in approach in the social web working group that that document explains to some extent. Webmention is from the non JSON-LD side of the split. (twitter.com/_/status/1366904359502626817)
# 00:16 
aaronpk yeah i definitely do not have the patience or desire to engage with that
Ruxton joined the channel
# 00:20 
@weh_kaniini ↩️ but microformats is just a different form of semantic web craziness.  parsing HTML or XML is expensive by comparison to just using JSON everywhere.  it really is the right way to do it, and the AP spec is far more elegant than WebMention and friends. (twitter.com/_/status/1366905785310183429)
# 00:24 
jacky yeah
# 00:24 
jacky tbh one day
# 00:24 
jacky I wanna do a 'race' between which one can get started first
# 00:25 
jacky from like a machine on the public Web running just nginx to a 'working' system
# 00:25 
jacky you can _literally_  get "IndieWeb support" (whatever that means) as soon as you save a static HTML file with a h-card and some endpoints
# 00:27 
aaronpk gargron's tutorial on setting up activitypub was the best i've seen, it's still quite a bit of work and some fiddly cryptography bits that you need to find the right libraries for to get the message signing right
# 00:27 
aaronpk but at least it was a good demo of the bare minimum you need to get something to show up in mastodon
# 00:27 
jacky I think I remember the one you're speaking of
# 00:28 
aaronpk first search result for "activitypub tutorial" heh
# 00:28 
aaronpk https://blog.joinmastodon.org/2018/06/how-to-implement-a-basic-activitypub-server/
# 00:29 
aaronpk and I do understand the appeal of JSON from the perspective of people building the plumbing
# 00:32 
jacky yeah
# 00:32 
jacky it's "easy"
# 00:32 
jacky it's a dictionary in code
# 00:33 
jacky but like the fact that you can't even insure the same _sorting_ when used threw me off (I remember this being an issue with JSON-LD signatures for some time - I think they have an approach now but it dealt with n+1 parsing of the object recursively)
# 00:33 
jacky which is (puts on glasses) expensive
# 00:33 
aaronpk haha those glasses look good on you
# 00:33 
jacky that said, I _do_ want to try out making a small AP proxy for my site
# 00:34 
jacky mainly to learn it more and understand it
# 00:34 
aaronpk that's why i did it
# 00:34 
aaronpk you know what, now that i think about it, i'm pretty sure JSON-LD was the absolute wrong choice for AP and they should have stuck with JWTs instead
# 00:34 
jacky hmmmm
# 00:34 
aaronpk there's already good JWT libraries out there, and the signature bit is solved
# 00:35 
@kevinmarks ↩️ Indieweb uses JSON where it makes sense - in Micropub and Microsub for example; Webmention was designed to work with any web resource, not just JSON ones.
Microformats define a way to get consistent JSON out of HTML web pages, and plenty of tooling to do it (twitter.com/_/status/1366909146369581056)
# 00:35 
aaronpk it's all a key management problem at the end of the day and it's not like JSON-LD helps solve that anyway
# 00:35 
[KevinMarks] JSON dictionaries don't round trip unless you add sorting rules, yes, as different languages do different things with key order -php and js are the order you create them in, python in hash order, Go deliberately randomised
# 00:35 
aaronpk [KevinMarks]: right and yet all those languages have JWT libraries that work...
# 00:37 
[KevinMarks] yes,  'just use json' is a start but you hit other constraints
# 00:37 
aaronpk JWT/JWS/JOSE is its own mess of stuff but at least it's not like you're making up your own signing algorithm that way
# 00:37 
aaronpk i'm just thinking that AP would have been a lot easier if they were pushing JWS blobs around instead of a combination of JSON-LD plus HTTP message signing
# 00:38 
aaronpk plus then you get the benefit of being able to hand off the signed objects to others, "forwarding" as they call it
[snarfed] joined the channel
# 00:41 
[snarfed] (not to mention, the continued incomplete standardization of HTTP sigs feels icky to implement)
# 00:43 
aaronpk don't even get me started
# 00:43 
aaronpk there's like 3 different versions, one of which is marked "do not use", mastodon went and added stuff to the draft they found when they picked it up. I happen to be talking with some people who are continuing another fork of it at the IETF which should hopefully pick up some steam again soon
# 00:46 
aaronpk i do actually hope some day that http message signing is broadly available and built into the lowest level of the stack like curl
# 00:47 
aaronpk because it should not be something developers have to think about in order to use
# 00:58 
[KevinMarks] I fervently agree with that, but it always seems to end up even more complicated, from salmon to web bundles
# 01:06 
[KevinMarks] as you say, some of that is inevitable as when you sign anything you end up with key management entailed. I wish we could get hashing more unified too
[tantek], petermolnar, [snarfed], benwerd, shoesNsocks and [fluffy] joined the channel
# 06:14 
[fluffy] Okay so I’ve just added the whoosh full-text index to Publ and it works amazingly well. But now I’m trying to figure out, from an API standpoint, if I should expose the search result metadata, or if it should just be a list of entries. Does anyone have any strong opinions? I don’t really see the value in exposing the actual metadata except for extreme nerdiness, like I don’t see the user story for letting people know the match score or
# 06:14 
[fluffy] whatever.
# 06:15 
[fluffy] Really the search score is the only thing that would be worth exposing, and it seems fairly arbitrary.
# 06:17 
[fluffy] well, I guess I could also expose the hit excerpt fragment except that has certain implications I’d rather not deal with
deathrow1 and jamietanna joined the channel
# 08:42 
jamietanna aaronpk are you talking about https://tools.ietf.org/html/draft-richanna-http-message-signatures-00 as one of those specs? I've recently implemented it and it's pretty decent, excited for when it becomes a full standard!
mxd and shoesNsocks joined the channel
# 14:18 
aaronpk Yep that one is the most recent
[jgmac1106] and [KevinMarks] joined the channel
# 15:27 
jacky is curious about HTTP signatures
[jacky] joined the channel
# 15:29 
[jacky] hmm what supercedes that doc?
# 15:31 
aaronpk this is the older one that mastodon based theirs off of https://tools.ietf.org/html/draft-cavage-http-signatures-12
# 15:31 
aaronpk oh here's the latest version of annabelle's https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures-01
# 15:31 
aaronpk notably this one has been adopted by the HTTP working group
# 15:33 
jacky noted
# 15:34 
jacky oh this isn't a quick read lol
# 15:35 
aaronpk lol
# 15:44 
jacky something I found interesting - NewsBlur passes in the link of what your feed looks like in their User-Agent
# 15:44 
jacky https://www.newsblur.com/site/7675934/untitled
# 15:44 
jacky that's mine but I broke the feed URL (going to fix)
# 15:44 
jacky I think I might snag this idea
# 15:44 
aaronpk whoa huh
# 15:46 
jacky I noticed it when I was grepping my access logs after reading https://darekkay.com/blog/rss-subscriber-count/ on micro.blog
# 15:46 
jacky (full IndieWeb circle, lol)
# 15:46 
Loqi [Darek Kay] How many people subscribed to your RSS feed?
# 15:49 
jacky wow I keep forgetting that newsblur is like alive and kicking
# 15:49 
jacky def motivation to continue working on a social reader
# 15:51 
jacky wait they have youtube support?
# 15:59 
GWG Didn't [snarfed] write a Newsblur to Microsub bridge?
[Murray] and [chrisaldrich] joined the channel
# 16:17 
[chrisaldrich] I recall something like that: https://snarfed.org/microsub-bridge
# 16:17 
[chrisaldrich] What is Baffle?
# 16:17 
Loqi Baffle is a bridge that makes traditional feed readers like NewsBlur and Feedly support Microsub https://indieweb.org/Baffle
# 16:18 
sknebel i really should do something with my half-finished inoreader bridge...
# 16:20 
[chrisaldrich] sknebel, don't think I'm still over here holding my breath waiting for that. (Sometimes I turn blue and fall off my chair.) 🙂
# 16:20 
sknebel lol
# 16:20 
sknebel I totally had forgotten I even started the thing until just now
[calumryan] joined the channel
# 16:31 
jacky perhaps?
# 16:31 
jacky ahhh
# 16:31 
jacky backlog lag
# 16:32 
aaronpk apparently the httpbis message signatures draft is actually in use right now (i'm guessing somewhere deep within amazon)
# 16:32 
[KevinMarks] would that make websub fat pings make sense again?
# 16:34 
aaronpk it would at least mean websub doesn't need its own signing mechanism
# 16:34 
aaronpk signing/hash
# 16:36 
[KevinMarks] not sure it could save salmon
Ruxton, mxd, shoesNsocks, [chrisaldrich], [chrisaldrich]1, [jacky], gRegorLove, LB, KartikPrabhu, [tantek], [KevinMarks] and [tw2113_Slack_] joined the channel
# 20:33 
aaronpk TIL responsive iframes https://www.benmarshall.me/responsive-iframes/
# 20:33 
aaronpk neat trick
[snarfed] joined the channel
# 20:35 
[snarfed] 😮
jamietanna joined the channel
# 20:55 
jamietanna interesting so httpbis and richanna are now competing to be picked up based off cavage-12? :thinking:
# 20:58 
aaronpk no they are the same
# 20:58 
aaronpk annabelle got her draft adopted by the http working group
# 21:01 
jamietanna ah gotcha, sorry totally didn't read the preamble of the spec properly
# 21:03 
aaronpk But I was just talking with Justin this morning and that version is about to change significantly so don't get too attached to it just yet
# 21:05 
jacky noooo
# 21:05 
jacky I actually want to add some sort of signature support on my site
# 21:05 
jacky to give external parties some sense of confidence in the content being delivered
# 21:05 
jacky but tbh, it'd probably be against the MF2 representation of stuff, the HTML changes too much
# 21:05 
aaronpk this is for the other way around
# 21:05 
aaronpk this is for signing requests, not responses
# 21:06 
jacky exposes how far he read into the spec lol
[Nuno_Donato] joined the channel
# 21:07 
[Nuno_Donato] folks, I'm trying to understand the requirements to implement and endpoint for webmentions. From the docs I get 3 things:
# 21:07 
[Nuno_Donato] • <a> with rel="webmention" in the content
# 21:07 
[Nuno_Donato] • "link" in http response header
# 21:07 
[Nuno_Donato] • <link> with rel="webmention" in the content
# 21:07 
[Nuno_Donato] is this correct?
# 21:07 
[Nuno_Donato] is it an AND or an OR?
# 21:08 
jacky it's a OR
# 21:08 
jacky like if you want, you can do all three (I do b/c YOLO)
# 21:08 
jacky but I started with just the <link rel="webmention">
# 21:09 
[Nuno_Donato] then the docs are not clear at all
# 21:09 
[Nuno_Donato] or maybe i'm just reading it wrong
# 21:09 
[Nuno_Donato] anyway, thanks 🙂 I did the header part, so I'll leave that for now
# 21:09 
aaronpk is curious what docs you found
# 21:09 
jacky yeah, that's my next question
# 21:10 
[Nuno_Donato] https://www.w3.org/TR/webmention/#sender-discovers-receiver-webmention-endpoint-p-1
# 21:10 
aaronpk yeah it's written in speclish
# 21:11 
jacky lol
# 21:11 
[Nuno_Donato] I'm awful at speclish :')
# 21:11 
jacky [Nuno_Donato]: me too tbh
# 21:11 
aaronpk most people are
# 21:12 
[Nuno_Donato] whats the best way to test this stuff on local environment? I can't pass endpoints for localhost to webmention.rocks 😕
# 21:15 
aaronpk probably grab a library that's easy for you and run that locally https://indieweb.org/Webmention-developer#Libraries
# 21:15 
aaronpk or run webmention.rocks locally
# 21:15 
aaronpk or use something like ngrok to expose your local stuff to the internet
# 21:15 
jacky you can also utilize something like https://ngrok.io on their free tier
# 21:17 
[Nuno_Donato] oh right, I can set up webmention.rocks locally, thats awesome since I will be doing lots of testing
# 21:18 
[Nuno_Donato] oh, no php8 support 😕
# 21:19 
aaronpk at all?
# 21:19 
aaronpk i havent tried yet but i'd be surprised if it completely fails
# 21:22 
[Nuno_Donato] i still have 7.4 around, so I forced to use that...
# 21:23 
[Nuno_Donato] yeah a few requirements fail. league/container, league/plates...
# 21:24 
jacky PR time
# 21:24 
[Nuno_Donato] alright, its up! that was fast 🙂
# 21:25 
jacky is curious about setting up webmention.rocks locally too
# 21:27 
[Nuno_Donato] oh... it requires sign it in order to send webmentions to the site... 😕
# 21:28 
jacky anti-spam measure
# 21:29 
[Nuno_Donato] is there a switch to turn this off locally?
# 21:32 
aaronpk I think so
# 21:32 
aaronpk there is in Micropub.rocks anyway
KartikPrabhu joined the channel
# 23:17 
jacky this is interesting
# 23:17 
jacky https://developer.twitter.com/en/docs/twitter-api/v1/direct-messages/welcome-messages/overview
# 23:17 
jacky like if there's a way to do this for sending a private Webmention for the first time to someone
# 23:17 
jacky maybe sniffing some info from their contact page (if any)?
# 23:22 
jacky agh I hate how I can't use the `client_id:client_secret` approach for Twitter's API
# 23:22 
jacky GitHub lets me do it for app-only auth so I can do some better sniffing for Web sign-in but grr