#dev 2021-03-25

2021-03-25 UTC
shoesNsocks1, Seirdy, Ethan[m], maxwelljoslyn, [tantek], jacky and alex11 joined the channel
#
@call_user_func indieweb/wordpress-indieauth IndieAuth Endpoints and Authentication for WordPress https://github.com/indieweb/wordpress-indieauth (twitter.com/_/status/1374996200840175616)
dhanesh, Zenyattus, [KevinMarks], [kimberlyhirsh], [Rose] and [scojjac] joined the channel
#
beko bridgy webmention sending seems to hang. Stuff seems to pile up in a queue. Is that just me?
Zenyattus, [tantek], [scojjac], mxd, anon_CWEJRrIS, nolith3 and [snarfed] joined the channel; NinjaTrappeur left the channel
#
[snarfed] beko: thanks for the nudge, i’ll look
#
beko 👍
#
@tomlarkworthy Finished 1st step building an #opensource IndieAuth authorization server on @observablehq. Oauth clients: https://observablehq.com/@tomlarkworthy/oauth-examples. Usable as-is but true purpose is providing "login with URL" for ZERO personal information disclosure on my OPEN and SAFE cloud. #buildinpublic (twitter.com/_/status/1375121759926632450)
[KevinMarks], ShadowKyogre, [Ana_Rodrigues], [schmarty], kitt, Kaja, djmoch, sumner, dckc, tinfoil-hat_, timotimo, joshproehl, petermolnar, blueyed, micahrl, wagle, bhavin192, enpo, smacko, ben_thatmustbeme, petermolnar_, AkyRhO, omz13, leo60228 and kiero joined the channel; ShadowKyogre left the channel
#
@JamieTanna ↩️ You may be able to follow @CodeFoodPixels's article https://lukeb.co.uk/blog/2021/03/15/no-comment-adding-webmentions-to-my-site/ to get Webmentions sending automagically on builds of your site, which would integrate with https://brid.gy to publish a note - I'm using a different Webmention sending… https://www.jvt.me/mf2/2021/03/1jycx/ (twitter.com/_/status/1375139288782884870)
#
@JamieTanna ↩️ You may be able to follow @CodeFoodPixels's article https://lukeb.co.uk/blog/2021/03/15/no-comment-adding-webmentions-to-my-site/ to get Webmentions sending automagically on builds of your site, which would integrate with https://brid.gy to publish a note - I'm using a different Webmention sending… https://www.jvt.me/mf2/2021/03/1jycx/ (twitter.com/_/status/1375139288782884870)
Loqi, superkuh, sebbu, ben_thatmustbeme, strugee, oenone, nsh, Paul[m]1, oodani, voxpelli, willnorris, shakeel, unrelentingtech, rrix, j605, alex11, DanC, Seirdy, jbove, lanodan, genehack, ludovicchabant, peterrother, mattl, deathrow1, enpo, stevestreza, Zegnat, gbmor, [schmarty], nolith3, rhiaro, blueyed, jjuran, smacko, lahacker and [Rose] joined the channel
#
[KevinMarks] Substack replacement use case again https://twitter.com/girlziplocked/status/1374835605788626946?s=20
#
@girlziplocked As soon as someone builds an alternative to @substack that lets me maintain my own list of subscribers, I'll leave the platform in a heartbeat. I left @Medium for @substack for that reason and I'm not married to the service platform at all. (twitter.com/_/status/1374835605788626946)
sebsel, jbove, voxpelli, willnorris, mattl, Paul[m]1, shoesNsocks, jimpick, oenone, Loqi, themaxdavitt, dansup, ben_thatmustbeme, Paul[m]11, nekr0z, JackyAlcin[m], Salt[m], edsu, jamietanna[m], atj[m], reed, mindranger[m], fredcy_, astrojl_matrix, joshghent[m], forest[m], JohnConway[m], Ethan[m], batkin[m], bw3, smacko[m], solari[m] and wombelix joined the channel
#
[KevinMarks] https://twitter.com/girlziplocked/status/1374839976660189192?s=20
#
@girlziplocked The part of all of this that no one wants to talk about is that it used to be possible to just email a bunch of people and call that a newsletter until spammers ruined the entire concept of mass email. Hence why we need platforms in the first place. (twitter.com/_/status/1374839976660189192)
aciccarello[m], Caleb[m], AkyRhO, geman, doosboox, [KevinMarks]1, tinfoil-hat_, djmoch, bhavin192, wagle, jacky, nekr0z, GWG, batkin[m], atj[m], superkuh, kiero, lahacker, mindranger[m], joshghent[m], astrojl_matrix, JackyAlcin[m], wombelix, reed, jamietanna[m], edsu, Salt[m], smacko[m], Paul[m]11, bw3, solari[m], fredcy_, JohnConway[m] and tomlarkworthy joined the channel
#
tomlarkworthy I want to try and reuse indielogin.com where possible. I look at the source code of "https://indieauth.com/auth" but I can't find that code in Github
#
sknebel indielogin.com != indieauth.com - https://github.com/aaronpk/IndieLogin.com and https://github.com/aaronpk/indieauth.com
#
tomlarkworthy e.g. this function is very core to indieauth "function verify_link_back(me, link, i, use_cached)"
#
Loqi [aaronpk] indielogin.com: Sign in with your domain name
#
tomlarkworthy I realise this but I got the impression indielogin was self hostable and the source code should be somewhere? Maybe I am confused...
#
sknebel the first link is the link to the indielogin source code?
Ethan[m] joined the channel
#
tomlarkworthy The source code is dependent on my attempting a genuine login, but when I do I see JS code for verifying the rel=me backlinks called things like "verify_link_back"
#
sknebel (also careful with the terms, the rel=me and link back logic is not the IndieAuth protocol (yes, that's somewhat confusing, one of the reasons indieauth.com is being replaced by something with a different name))
forest[m] joined the channel
#
tomlarkworthy which bit is indieauth then? The authorization_endpoint nomination by the homepage (and downstream Oauth machinery)
#
sknebel right, authorization_endpoint and how to talk to one
#
sknebel https://indieauth.net/
#
tomlarkworthy ahhh yeah, I see, yeah it never mentions the rel bit in that doc
#
sknebel What is RelMeAuth?
#
Loqi RelMeAuth is an authentication method that uses personal URL for identity that rel-me link to established OAuth provider(s) to perform the actual authentication https://indieweb.org/RelMeAuth
#
sknebel that's what we call that part usually
#
tomlarkworthy ok I am writing an autheorization server, which is the bit behoind the auth_endpoint so I guess I am really writing a RelMeAuth endpoint then
#
tomlarkworthy So indielogin is really a relmeauth provider then
[jacky] joined the channel
#
[jacky] yeah
#
tomlarkworthy cool, I will try not to add to the confusion :)
#
tomlarkworthy cool, I will try not to add to the confusion :)
#
tomlarkworthy cool, I will try not to add to the confusion :)
#
sknebel indielogin.com can both do RelMeAuth and IndieAuth, depending on what it finds on the url someone tries to log in with
#
sknebel i.e. if the site declares an authorization_endpoint, it'll use indieauth against that. if the site has rel=me links to sites it understands, it'll over OAuth login against those
#
sknebel because indielogin wants to offer all options for "authenticate by providing your personal URL"
#
tomlarkworthy ok I see. Anyway, I assumed the source code for indielogin was here:- https://github.com/aaronpk/indielogin.com
#
Loqi [aaronpk] indielogin.com: Sign in with your domain name
#
sknebel it is
#
tomlarkworthy but I can;t find the front end crawling logic like "verify_link_back"
#
sknebel > "I look at the source code of "https://indieauth.com/auth" bu"
#
tomlarkworthy so I guess it must be elsewhere does anybody know
#
sknebel thats indieauth.com, not indielogin.com
#
tomlarkworthy OH SHOOT
#
sknebel :D
#
tomlarkworthy good one
#
aaronpk i decided to do that verification check server-side and not on the front-end before the authentication happens in indielogin.com, which is definitely how i'd recommend it going forward
#
sknebel know that way to well... deep in to many things with similar names
#
aaronpk in fact that's the reason twitter is broken on indieauth.com right now because they keep changing their HTML and doing bot detection stuff
#
aaronpk so it's all here and below for twitter: https://github.com/aaronpk/indielogin.com/blob/main/app/Provider/Twitter.php#L47
#
aaronpk I would *not* recommend doing the frontend crawling to look for backlinks anymore
#
sknebel the js code is also just asking the backend to go fetch it though, isn't it?
#
aaronpk (kind of breaks down the literal concept of RelMeAuth but that's just the world we live in now. RelMeAuth still works in spirit)
#
aaronpk yeah but it's fetching it from the HTML before it has authenticated the user at that provider so it's screen scraping
#
sknebel ah, nevermind, misunderstood what you mean
#
sknebel yeah
#
sknebel "on the frontend" confused me
#
aaronpk yea sorry i should have made that clearer
#
tomlarkworthy ok but the interesting thing about serverless-cells is they are headless chrome backends :/
#
tomlarkworthy so I am definately doing it in chrome, perhaps not in the user browser though
#
sknebel (sorry, gotta leave - will read backlog in the morning and see if theres stuff I can still help with)
#
tomlarkworthy see ya, so the source code of that crawler might be helpful anyway... is that open source? Is it licenese MIT as well?
#
aaronpk indieauth.com is here https://github.com/aaronpk/indieauth.com
#
aaronpk but it's a giant mess
#
tomlarkworthy Lol, I realize I could of sworn it was indielogin coz the page title is "login with indielogin.com" on indieauth.com URL, LOL
#
Loqi [aaronpk] IndieAuth.com: This service is being discontinued in favor of indielogin.com
#
aaronpk https://github.com/aaronpk/IndieAuth.com/blob/main/views/auth.erb#L189
#
aaronpk but that just calls the backend
#
tomlarkworthy yeah it might be pointless but its good to follow anyway
#
aaronpk https://github.com/aaronpk/IndieAuth.com/blob/main/controllers/auth-web.rb#L444
#
tomlarkworthy ah yeah thats awesome
#
tomlarkworthy thanks a ton
#
[KevinMarks]1 If you want a clientside one that's the verify-me browser plugin
#
[KevinMarks]1 https://github.com/indieweb/verify-me
#
[KevinMarks]1 But as Aaron says, that's not much help for twitter or Facebook any more
#
Loqi [indieweb] verify-me: A plugin that checks all rel="me" links are reciprocal, doing distributed verification
#
aaronpk or google 😂
#
aaronpk rip google+
[fluffy] joined the channel
#
[fluffy] Hey, even in the year 2021 Google+ helped us to diagnose a problem with our link crawler at moz
shoesNsocks1, [tantek], petermolnar and [suze_shardlow1] joined the channel
#
@ChrisAldrich ↩️ I’ve wanted @mention/Webmention support on http://Hypothes.is for a long time. I had URL hacked my way into a solution a while back but never wrote about it. I was reminded today that one can subscribe to an RSS/ATOM feed of annotations on their… https://boffosocko.com/?p=55788983 (twitter.com/_/status/1375197279808856069)
[tw2113_Slack_] joined the channel
#
[tantek] yup: https://twitter.com/EmilyKager/status/1375161995721203714
#
@EmilyKager consider abuse and safety as part of any new social feature/product MVP challenge (twitter.com/_/status/1375161995721203714)
tomlarkworthy joined the channel
#
tomlarkworthy teaser: https://endpointservice.web.app/notebooks/@endpointservices/relmeauth/deploys/auth/mods/X
#
tomlarkworthy whats the technical issue with crawling twitter? If its CORS I don't have that problem
#
aaronpk twitter doesn't like it
#
aaronpk they actively prevent it from working
#
aaronpk they'll return different HTML depending on whether they think you're a real person on a computer or not
#
aaronpk it's not worth fighting it, trust me
#
tomlarkworthy ok
[snarfed] joined the channel
#
[snarfed] scraping--
#
Loqi scraping has -2 karma in this channel over the last year (-3 in all channels)
#
[snarfed] (not low enough)
#
[tantek] maybe we should start some guidance on adversarial interoperability
#
[snarfed] oof. not sure i’d want to encourage us to spend much or any time on it
#
tomlarkworthy you could get the homepage link out the profile *after authenticating, but I guess thats a major refactor to all involved.
#
tomlarkworthy but anyway twitter is the least interesting for observable users who already auth with github
maxwelljoslyn joined the channel
#
[tantek] snarfed, I mean both negative and positive guidance, i.e. what to not bother with as well as what to try/do "under the radar", or creatively (e.g. via a browser add-on 😄 )
#
[snarfed] ah ok!
#
[tantek] what is adversarial interoperability
#
Loqi It looks like we don't have a page for "adversarial interoperability" yet. Would you like to create it? (Or just say "adversarial interoperability is ____", a sentence describing the term)
#
[tantek] adversarial interoperability is the practice of writing code to interoperate with a site or service that is explicitly not designed for interop, like scraping of a website, that has been sometimes necessary to synthesize IndieWeb compatible access.
#
Loqi ok
#
[tantek] adversarial interoperability << Example: don't bother trying to scrape Twitter profiles as they actively seek to recognize such behavior, sending different content and/or block such access.
#
Loqi ok, I added "Example: don't bother trying to scrape Twitter profiles as they actively seek to recognize such behavior, sending different content and/or block such access." to a brand new "See Also" section of /adversarial_interoperability https://indieweb.org/wiki/index.php?diff=75019&oldid=75018
[scojjac] joined the channel
#
[tantek] what is an add-on
#
Loqi It looks like we don't have a page for "add-on" yet. Would you like to create it? (Or just say "add-on is ____", a sentence describing the term)
#
[tantek] add-on is /browser_extension
#
Loqi ok
#
[tantek] adversarial interoperability << Example: Browser [[add-on]]s can be designed and built for users to extract their own information from services they sign into, such as the [[Bridgy]] add-on.
#
Loqi ok, I added "Example: Browser [[add-on]]s can be designed and built for users to extract their own information from services they sign into, such as the [[Bridgy]] add-on." to the "See Also" section of /adversarial_interoperability https://indieweb.org/wiki/index.php?diff=75021&oldid=75019
#
[tantek] snarfed ^ make sense? Please feel free to add or edit!
#
[snarfed] thanks! definitely makes sense, thanks for starting them
#
aaronpk tomlarkworthy: the way I do it now I get the links from the user's profile from the API response
#
[tantek] adversarial interoperability << standards
#
Loqi ok, I added "[[specifications]]" to the "See Also" section of /adversarial_interoperability https://indieweb.org/wiki/index.php?diff=75022&oldid=75021