#dev 2021-03-03

2021-03-03 UTC
#
@kevinmarks
↩️ They're doing different things. There's a long doc that explains the different protocols and approaches here https://w3c-social.github.io/social-web-protocols/#swwg-drafts but broadly AP is a monolithic protocol model and webmention is part of a composable set of simpler ones
(twitter.com/_/status/1366900661410033666)
[KevinMarks] joined the channel
#
@acute_aura
@weh_kaniini I'll be completely honest, I gave up on AP and W3C huge committee seemingly designed to be implemented as big java blob standard, I like to point to json-ld normalization algo for how not to design for adoption Doesn't help AS is somewhat attached to tootsuite at the hip either.
(twitter.com/_/status/1366892654252982275)
#
@kevinmarks
↩️ Sorry, I know kaniini, but I don't think we've met before. There was a split in approach in the social web working group that that document explains to some extent. Webmention is from the non JSON-LD side of the split.
(twitter.com/_/status/1366904359502626817)
#
aaronpk
yeah i definitely do not have the patience or desire to engage with that
Ruxton joined the channel
#
@weh_kaniini
↩️ but microformats is just a different form of semantic web craziness. parsing HTML or XML is expensive by comparison to just using JSON everywhere. it really is the right way to do it, and the AP spec is far more elegant than WebMention and friends.
(twitter.com/_/status/1366905785310183429)
#
jacky
tbh one day
#
jacky
I wanna do a 'race' between which one can get started first
#
jacky
from like a machine on the public Web running just nginx to a 'working' system
#
jacky
you can _literally_ get "IndieWeb support" (whatever that means) as soon as you save a static HTML file with a h-card and some endpoints
#
aaronpk
gargron's tutorial on setting up activitypub was the best i've seen, it's still quite a bit of work and some fiddly cryptography bits that you need to find the right libraries for to get the message signing right
#
aaronpk
but at least it was a good demo of the bare minimum you need to get something to show up in mastodon
#
jacky
I think I remember the one you're speaking of
#
aaronpk
first search result for "activitypub tutorial" heh
#
aaronpk
and I do understand the appeal of JSON from the perspective of people building the plumbing
#
jacky
it's "easy"
#
jacky
it's a dictionary in code
#
jacky
but like the fact that you can't even insure the same _sorting_ when used threw me off (I remember this being an issue with JSON-LD signatures for some time - I think they have an approach now but it dealt with n+1 parsing of the object recursively)
#
jacky
which is (puts on glasses) expensive
#
aaronpk
haha those glasses look good on you
#
jacky
that said, I _do_ want to try out making a small AP proxy for my site
#
jacky
mainly to learn it more and understand it
#
aaronpk
that's why i did it
#
aaronpk
you know what, now that i think about it, i'm pretty sure JSON-LD was the absolute wrong choice for AP and they should have stuck with JWTs instead
#
jacky
hmmmm
#
aaronpk
there's already good JWT libraries out there, and the signature bit is solved
#
@kevinmarks
↩️ Indieweb uses JSON where it makes sense - in Micropub and Microsub for example; Webmention was designed to work with any web resource, not just JSON ones. Microformats define a way to get consistent JSON out of HTML web pages, and plenty of tooling to do it
(twitter.com/_/status/1366909146369581056)
#
aaronpk
it's all a key management problem at the end of the day and it's not like JSON-LD helps solve that anyway
#
[KevinMarks]
JSON dictionaries don't round trip unless you add sorting rules, yes, as different languages do different things with key order -php and js are the order you create them in, python in hash order, Go deliberately randomised
#
aaronpk
[KevinMarks]: right and yet all those languages have JWT libraries that work...
#
[KevinMarks]
yes, 'just use json' is a start but you hit other constraints
#
aaronpk
JWT/JWS/JOSE is its own mess of stuff but at least it's not like you're making up your own signing algorithm that way
#
aaronpk
i'm just thinking that AP would have been a lot easier if they were pushing JWS blobs around instead of a combination of JSON-LD plus HTTP message signing
#
aaronpk
plus then you get the benefit of being able to hand off the signed objects to others, "forwarding" as they call it
[snarfed] joined the channel
#
[snarfed]
(not to mention, the continued incomplete standardization of HTTP sigs feels icky to implement)
#
aaronpk
don't even get me started
#
aaronpk
there's like 3 different versions, one of which is marked "do not use", mastodon went and added stuff to the draft they found when they picked it up. I happen to be talking with some people who are continuing another fork of it at the IETF which should hopefully pick up some steam again soon
#
aaronpk
i do actually hope some day that http message signing is broadly available and built into the lowest level of the stack like curl
#
aaronpk
because it should not be something developers have to think about in order to use
#
[KevinMarks]
I fervently agree with that, but it always seems to end up even more complicated, from salmon to web bundles
#
[KevinMarks]
as you say, some of that is inevitable as when you sign anything you end up with key management entailed. I wish we could get hashing more unified too
[tantek], petermolnar, [snarfed], benwerd, shoesNsocks and [fluffy] joined the channel
#
[fluffy]
Okay so I’ve just added the whoosh full-text index to Publ and it works amazingly well. But now I’m trying to figure out, from an API standpoint, if I should expose the search result metadata, or if it should just be a list of entries. Does anyone have any strong opinions? I don’t really see the value in exposing the actual metadata except for extreme nerdiness, like I don’t see the user story for letting people know the match score or
#
[fluffy]
whatever.
#
[fluffy]
Really the search score is the only thing that would be worth exposing, and it seems fairly arbitrary.
#
[fluffy]
well, I guess I could also expose the hit excerpt fragment except that has certain implications I’d rather not deal with
deathrow1 and jamietanna joined the channel
#
jamietanna
aaronpk are you talking about https://tools.ietf.org/html/draft-richanna-http-message-signatures-00 as one of those specs? I've recently implemented it and it's pretty decent, excited for when it becomes a full standard!
mxd and shoesNsocks joined the channel
#
aaronpk
Yep that one is the most recent
[jgmac1106] and [KevinMarks] joined the channel
#
jacky
is curious about HTTP signatures
[jacky] joined the channel
#
[jacky]
hmm what supercedes that doc?
#
aaronpk
this is the older one that mastodon based theirs off of https://tools.ietf.org/html/draft-cavage-http-signatures-12
#
aaronpk
notably this one has been adopted by the HTTP working group
#
jacky
noted
#
jacky
oh this isn't a quick read lol
#
jacky
something I found interesting - NewsBlur passes in the link of what your feed looks like in their User-Agent
#
jacky
that's mine but I broke the feed URL (going to fix)
#
jacky
I think I might snag this idea
#
aaronpk
whoa huh
#
jacky
I noticed it when I was grepping my access logs after reading https://darekkay.com/blog/rss-subscriber-count/ on micro.blog
#
jacky
(full IndieWeb circle, lol)
#
Loqi
[Darek Kay] How many people subscribed to your RSS feed?
#
jacky
wow I keep forgetting that newsblur is like alive and kicking
#
jacky
def motivation to continue working on a social reader
#
jacky
wait they have youtube support?
#
GWG
Didn't [snarfed] write a Newsblur to Microsub bridge?
[Murray] and [chrisaldrich] joined the channel
#
[chrisaldrich]
What is Baffle?
#
Loqi
Baffle is a bridge that makes traditional feed readers like NewsBlur and Feedly support Microsub https://indieweb.org/Baffle
#
sknebel
i really should do something with my half-finished inoreader bridge...
#
[chrisaldrich]
sknebel, don't think I'm still over here holding my breath waiting for that. (Sometimes I turn blue and fall off my chair.) 🙂
#
sknebel
I totally had forgotten I even started the thing until just now
[calumryan] joined the channel
#
jacky
perhaps?
#
jacky
backlog lag
#
aaronpk
apparently the httpbis message signatures draft is actually in use right now (i'm guessing somewhere deep within amazon)
#
[KevinMarks]
would that make websub fat pings make sense again?
#
aaronpk
it would at least mean websub doesn't need its own signing mechanism
#
aaronpk
signing/hash
#
[KevinMarks]
not sure it could save salmon
Ruxton, mxd, shoesNsocks, [chrisaldrich], [chrisaldrich]1, [jacky], gRegorLove, LB, KartikPrabhu, [tantek], [KevinMarks] and [tw2113_Slack_] joined the channel
#
aaronpk
neat trick
[snarfed] joined the channel
jamietanna joined the channel
#
jamietanna
interesting so httpbis and richanna are now competing to be picked up based off cavage-12? :thinking:
#
aaronpk
no they are the same
#
aaronpk
annabelle got her draft adopted by the http working group
#
jamietanna
ah gotcha, sorry totally didn't read the preamble of the spec properly
#
aaronpk
But I was just talking with Justin this morning and that version is about to change significantly so don't get too attached to it just yet
#
jacky
noooo
#
jacky
I actually want to add some sort of signature support on my site
#
jacky
to give external parties some sense of confidence in the content being delivered
#
jacky
but tbh, it'd probably be against the MF2 representation of stuff, the HTML changes too much
#
aaronpk
this is for the other way around
#
aaronpk
this is for signing requests, not responses
#
jacky
exposes how far he read into the spec lol
[Nuno_Donato] joined the channel
#
[Nuno_Donato]
folks, I'm trying to understand the requirements to implement and endpoint for webmentions. From the docs I get 3 things:
#
[Nuno_Donato]
• <a> with rel="webmention" in the content
#
[Nuno_Donato]
• "link" in http response header
#
[Nuno_Donato]
• <link> with rel="webmention" in the content
#
[Nuno_Donato]
is this correct?
#
[Nuno_Donato]
is it an AND or an OR?
#
jacky
it's a OR
#
jacky
like if you want, you can do all three (I do b/c YOLO)
#
jacky
but I started with just the <link rel="webmention">
#
[Nuno_Donato]
then the docs are not clear at all
#
[Nuno_Donato]
or maybe i'm just reading it wrong
#
[Nuno_Donato]
anyway, thanks 🙂 I did the header part, so I'll leave that for now
#
aaronpk
is curious what docs you found
#
jacky
yeah, that's my next question
#
aaronpk
yeah it's written in speclish
#
[Nuno_Donato]
I'm awful at speclish :')
#
jacky
[Nuno_Donato]: me too tbh
#
aaronpk
most people are
#
[Nuno_Donato]
whats the best way to test this stuff on local environment? I can't pass endpoints for localhost to webmention.rocks 😕
#
aaronpk
probably grab a library that's easy for you and run that locally https://indieweb.org/Webmention-developer#Libraries
#
aaronpk
or run webmention.rocks locally
#
aaronpk
or use something like ngrok to expose your local stuff to the internet
#
jacky
you can also utilize something like https://ngrok.io on their free tier
#
[Nuno_Donato]
oh right, I can set up webmention.rocks locally, thats awesome since I will be doing lots of testing
#
[Nuno_Donato]
oh, no php8 support 😕
#
aaronpk
at all?
#
aaronpk
i havent tried yet but i'd be surprised if it completely fails
#
[Nuno_Donato]
i still have 7.4 around, so I forced to use that...
#
[Nuno_Donato]
yeah a few requirements fail. league/container, league/plates...
#
jacky
PR time
#
[Nuno_Donato]
alright, its up! that was fast 🙂
#
jacky
is curious about setting up webmention.rocks locally too
#
[Nuno_Donato]
oh... it requires sign it in order to send webmentions to the site... 😕
#
jacky
anti-spam measure
#
[Nuno_Donato]
is there a switch to turn this off locally?
#
aaronpk
I think so
#
aaronpk
there is in Micropub.rocks anyway
KartikPrabhu joined the channel
#
jacky
this is interesting
#
jacky
like if there's a way to do this for sending a private Webmention for the first time to someone
#
jacky
maybe sniffing some info from their contact page (if any)?
#
jacky
agh I hate how I can't use the `client_id:client_secret` approach for Twitter's API
#
jacky
GitHub lets me do it for app-only auth so I can do some better sniffing for Web sign-in but grr