#dev 2021-04-30

2021-04-30 UTC
minoru_shiraeesh, KartikPrabhu, [chrisaldrich], Ruxton, alex11 and superkuh joined the channel
#
petermolnar TIL: https://html.com/tags/samp/
doosboox, KartikPrabhu and minoru_shiraeesh joined the channel; ShadowKyogre left the channel
#
jeremycherfas Who knew? I've always used <pre>, seldom <code> (because I seldom code).
[grantcodes] joined the channel
#
[grantcodes] I like that micropub preview talk from yesterday. I'm still fond of my way of doing it but has it's issues - still never released a new version of it. In the static site generator world there is starting to be a little bit of work around around preview links by netlify, nextjs, gatsby etc.
#
doosboox jeremycherfas: I've been told that <pre><code> is the way to go to ensure monospace font :P There are waaaay too many tags for almost-identical purposes in HTML XD
#
jeremycherfas I do sometimes wonder whether people use pre and code to style similar things differently
[KevinMarks] joined the channel
#
doosboox quite possibly
swentel joined the channel
#
[KevinMarks] code works inline if you're quoting a small snippet too
#
doosboox [KevinMarks]: so that's a span element?
#
@maetl ↩️ RSS & Atom are still there, there are other ways of doing it using HTML/JSON or whatever. Point is for sites without webmention support (or some way of hosting functions in the cloud, etc) something like RSS is still useful as a way to provide a changelog or frontpage of stories. (twitter.com/_/status/1388108748690915329)
shoesNsocks, KartikPrabhu and alex11 joined the channel
#
@petermolnar ↩️ RSS and Webmentions are for different things: one is not, in any form, a replacement for the other. I don't understand the correlation in your sentence. (twitter.com/_/status/1388120291981897728)
minoru_shiraeesh, jevdemon, [grantcodes], [kimberlyhirsh], ShadowKyogre, KartikPrabhu and [aciccarello] joined the channel; ShadowKyogre left the channel
#
KartikPrabhu HTML elements are not meant to be used for styling
#
KartikPrabhu use <pre> when you want the text to display exactly as written in the HTML, use <code> to indicate that it really is some programming code
#
[KevinMarks] They convey a meaning that has some implied style
#
KartikPrabhu sure, but the "meaning" is the important part
#
KartikPrabhu <code> can be in cursive you want
#
KartikPrabhu one shouldn't use <code> to change the font to monospace
[chrisaldrich] joined the channel
#
[KevinMarks] yes, fair.
tomlarkworthy joined the channel
#
tomlarkworthy If an idenity, q, with a rel=me linked profile, z, has an rel=authorization_endpoint, can I login q using indieauth on z?
#
tomlarkworthy normally you login z using the auth_endpoint at z, but I am thinking the authorization_endpoint elevates z to a well known oauth provider so it should be valid for relmeauth
#
tomlarkworthy ok the algorithm says "if has oauth endpoint => do oauth" so I guess IndieAuth would count http://microformats.org/wiki/RelMeAuth
#
Loqi Tantek Çelik
Ruxton and jjuran joined the channel
#
tomlarkworthy I also see step 1 was changed to exclude silo domains, which I think is a mistake, for one thing a decentralised protocol should not have a big list of consensus silo domains (see public suffix list), its an implementation wart and vague. Plus the example did it anyway? Thus demonstrating its usefulness from day 1 ? Don't let politics mar a good algorithm.
alex11 joined the channel
#
aaronpk where does the example do that?
#
jacky how is that political?
jjuran joined the channel
#
@anarchivist Because my Sourcery post was so controversial^W popular I had to adjust the Webmention configuration to show more replies. Nice problem to have, I guess? (https://matienzo.org/2021/120/wmbump/) (twitter.com/_/status/1388204759560118284)
sparseMatrix and [tantek] joined the channel
#
jacky heh
__minoru__shirae, [kimberlyhirsh], [KevinMarks] and [jeremycherfas] joined the channel
#
petermolnar regarding some domain question from the main channel: I'm guessing - can't yet verify - that indieauth.com doesn't work with a .onion tor address (yet). Is this something that should/could/would be a thing?
#
petermolnar why: .onion is basically the only kind of domain that one simly generates for themselves - no registry, no registrar, no cost.
#
aaronpk i would have to add an onion client to indielogin.com
#
aaronpk i have no idea how to do that
#
aaronpk can you build a custom version of curl that does it/
#
aaronpk ?
#
petermolnar https://stackoverflow.com/questions/15445285/how-can-i-connect-to-a-tor-hidden-service-using-curl-in-php
#
superkuh onion support would be nice.
#
aaronpk wait do you also have to install some sort of onion proxy server too then?
#
aaronpk weird
#
superkuh I think you'd just install tor then do lookups through the default config proxy on 9050.
#
aaronpk i've never installed tor before, it runs a service on port 9050?
#
superkuh Yep.
#
petermolnar it's a SOCKS proxy
#
[tantek] wait onion v2 or v3 tho?
#
aaronpk heh
#
[tantek] I'd kinda pushback on any protocol that is happy to destroy all prior instances with a version update
#
aaronpk same tbh
#
superkuh Destroy? They work side by side.
#
superkuh Not many people on v3 due to the ddos vulnerability.
#
aaronpk not according to https://blog.torproject.org/v2-deprecation-timeline
#
petermolnar I don't know enough about v2 vs v3
#
superkuh wut
#
superkuh !
#
petermolnar any good resources?
#
superkuh That *is* bullshit.
#
aaronpk "July 15, 2021: Tor will no longer support v2 and support will be removed from the code base"
#
superkuh Wow, I had no idea.
#
jacky lol
#
superkuh I've been mining tor v3 vanity domains since oct 2019 but I still haven't got one as good as my v2.
#
superkuh I run something like 5 onions services.
#
[tantek] let me put it another way, any URL scheme that is by design ephemeral is not well suited for identity
#
[tantek] therefore .onion has proven itself unsuitable for IndieAuth
#
[tantek] 💁‍♂️🔥
#
superkuh ephemeral? As in once every 20 years it changes?
#
[tantek] ephemeral as in terminal, not just "changes". HTTP has had "changes". DNS has had "changes". none of them broke prior URLs that used them.
#
aaronpk the non-ephemeral way to have done that would be to route v2 addresses over v3
#
[tantek] terminal as in dead, not VT100
#
aaronpk but when you tie the website address to the routing protocol like onion did, you end up with this v2/v3 split
#
aaronpk notice that DNS works just as well with HTTP1.1, HTTP2, and non-HTTP protcols
#
aaronpk because the website address is not tied to the routing protocol
#
petermolnar [tantek]: your points are all valid, yet registering a domain still costs money, whereas starting a .onion does not
#
aaronpk DIDs have a similar problem
#
[tantek] important lesson in modular design for right there in what aaronpk said ^
#
aaronpk literally the first thing in the DID address is the routing protocol 🤦
[schmarty] joined the channel
#
[schmarty] some domains have been politically terminated! (see .eu domains for UK residents!)
#
[tantek] petermolnar the cost aspect is true but orthogonal. also I see that as something that will be resolved (so to speak) as part of governments providing UBS
#
[schmarty] but yeah it is super weird that V2 to V3 onions means _all sites must move_
#
petermolnar well, there are things that break backwards compatibility: TLS is one, for example.
#
petermolnar a modern, SNI TLS 1.2 can't be viewed with old clients
#
aaronpk backwards compatibility is different from *identity*
#
petermolnar besides the cost, .onion is actually owned, unless a domain, which is rented - this is parallel to the cost, orthogonal to the v2/v3 thing
#
[tantek] [schmarty] true! re: .eu https://indieweb.org/short-domains#eu (though I encourage any real world such domain losses to be documented there!)
#
[tantek] that's a very good point aaronpk, that the .onion domain termination in progress demonstrates an architectural design flaw which is shared by DID which indicates that a similar level of (dis)trust is warranted about DIDs
#
aaronpk especially ironic that the entire point of DIDs is for identity, whereas you could argue onion never claimed to be about identity
#
[tantek] ooof yeah
#
[tantek] I don't think anyone else has connected the dots like that before
#
[tantek] That's worth at least a brief note if not a short (or medium lol) length blog post
#
[schmarty] ooh good point aaronpk. and that rings true for .onion as far as i have learned over the years of being a minor Tor nerd!
#
aaronpk i'm going to have to do some research to see if anyone has a proposed solution to this problem before i post about it
#
[tantek] you could start with the musing "is this a problem?" style post which allows for correction / new information before doing that research
#
[tantek] and then follow-up
#
[tantek] THAT would also be a great thing to get included in the Redecentralize newsletter
#
[tantek] definitely the broader kind of crowd who would both be able to help answer the question, and amplify it if it really is the fundamental flaw that it appears to be
#
@ChrisAldrich ↩️ Bridgy is great, but if I’m understanding your question, I’m not sure how it could be used to display your Webmentions on your site. Anything is possible, but that functionality may be way out of its scope. It’s primarily used to do two things: [more...] (https://boffosocko.com/2021/04/27/55790622/?replytocom=320714#respond) (twitter.com/_/status/1388235386514640896)
#
[tantek] "Does hardcoding routing method into a URL make it too fragile to use for identity?"
#
aaronpk another interesting thought, "http" vs "https"... but there is no TLS version specified in the scheme
#
aaronpk so "https" is assumed to mean "best current version of SSL/TLS" i guess?
#
[schmarty] i think it means: "good luck i hope your TLS stack is compatible with theirs*"
#
aaronpk and if something ever replaces http, I guess "https://aaronparecki.com" wouldn't be valid anymore, but at least the domain name would be
#
[tantek] I'm presuming there's an RFC for the "https" scheme which answers that question
#
aaronpk good luck searching for that haha
#
aaronpk oh i found it
#
aaronpk https://tools.ietf.org/html/rfc7230#section-2.7.2
#
[schmarty] nice and broad: "the user
#
[schmarty] agent MUST ensure that its connection to the origin server is secured
#
[schmarty] the first HTTP request"
#
[schmarty] through the use of strong encryption, end-to-end, prior to sending
#
aaronpk https over onion? :troll:
#
[tantek] that's not bad for a module boundary (as in modular design)
#
[schmarty] aaronpk: "https over onion :trollface:" has been totally a real thing tbh
#
[schmarty] because browsers are like "we're hardcoded so that only https:// is considered secure!"
#
[tantek] ok because it's in context and has been discussed so much
#
[tantek] what is onion
#
Loqi It looks like we don't have a page for "onion" yet. Would you like to create it? (Or just say "onion is ____", a sentence describing the term)
#
[schmarty] and .onion is like: "but our routing system provides almost the same guarantees as TLS!"
#
[tantek] resists a connection to "garden"
#
[KevinMarks] Alec Muffet did a lot of the work on that
#
[schmarty] and facebook was like: "we don't care we just want it to work who can we give cash to to get a TLS cert for our .onion so we can do both?"
#
[schmarty] and just a month ago these finally became more widely available: https://blog.torproject.org/tls-certificate-for-onion-site
#
petermolnar > whereas you could argue onion never claimed to be about identity - that seriously depends on how one describes identity, because along this line, a pseudonym or a nickname can't be about identity either.
#
aaronpk sure it can
[tw2113_Slack_] joined the channel
#
jacky `.onion` domains def do give you more ownership than renting a domain (the equivalent would be having your own registrar for a gTLD that you use for everything (like `.jackyalcine`) tbh)
tomlarkworthy joined the channel
#
tomlarkworthy oinion addresses are like URLs are addresses which can be used as identity if you decide to do so. I also don;t get the resistance against onion address jsut coz they had a migration once.
#
[schmarty] tomlarkworthy: that's not the only reason but it is an interesting one.
#
jacky yeah, nicknames and pseduonyms would be an alias to a known (or unknown!) identity
#
jacky I think the stuff with GNUNet is closer to a practical approach to owning an address that resembles DNS but without the 'ownership'/renting issues
#
jacky (ignore the gnu bit tbh)
#
petermolnar what is GNUNet?
#
Loqi GNUnet is a free software project for building applications with privacy by design https://indieweb.org/GNUnet
#
[schmarty] i don't know enough about the V2 to V3 protocols to be sure but i thought the major change in domain length was so they could essentially fit more names. like i wonder if you could actually reuse your V2 onion public/private keypair for a V3 onion. the domains would be different but the "identity" would be the same.
#
jacky namely https://gnunet.org/en/gns.html
#
petermolnar what is the v2/v3 migration so different from any domain migration that might happen? https://en.wikipedia.org/wiki/Country_code_top-level_domain#Historical_ccTLDs
#
Loqi It looks like we don't have a page for "v2/v3 migration so different from any domain migration that might happen" yet. Would you like to create it? (Or just say "v2/v3 migration so different from any domain migration that might happen is ____", a sentence describing the term)
#
petermolnar *why is
#
jacky just added some stuff to /GNUNet to highlight that
#
[tantek] what is a hidden service
#
Loqi It looks like we don't have a page for "hidden service" yet. Would you like to create it? (Or just say "hidden service is ____", a sentence describing the term)
#
[tantek] hidden service is /Tor#Hidden_Services
#
Loqi ok
#
jacky backward compatibility would be an issuing of aliasing for identity (this is the whole thing around IPFS - leveraging its approach with multi-hashing)
#
[tantek] Tor << 2020-07-02 [https://blog.torproject.org/v2-deprecation-timeline Onion Service version 2 deprecation timeline]
#
Loqi ok, I added "2020-07-02 [https://blog.torproject.org/v2-deprecation-timeline Onion Service version 2 deprecation timeline]" to the "See Also" section of /Tor https://indieweb.org/wiki/index.php?diff=75531&oldid=69588
[snarfed], [aciccarello], aaronpk and jamietanna joined the channel
#
petermolnar I'm unable to find a list of deprecated/dead TLDs
#
petermolnar I'd like to know how common it is
#
petermolnar so far, there is .an <https://en.wikipedia.org/wiki/.an> .bu <https://en.wikipedia.org/wiki/.mm> .cs <https://en.wikipedia.org/wiki/.cs> .dd <https://en.wikipedia.org/wiki/.dd> .tp <https://en.wikipedia.org/wiki/.tp> .um .yu <https://en.wikipedia.org/wiki/.yu> .zr <https://en.wikipedia.org/wiki/.zr> at country level
shoesNsocks joined the channel
#
sknebel a bunch of the new gTLDs also got shut down. although I think most of them were never open for general registration
#
[schmarty] wikipedia says there are "68 that are not assigned (revoked), 8 that are retired and 11 test domains" but doesn't link to any list for them https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains
shoesNsocks joined the channel
#
jacky that's trash
#
petermolnar I've found this: https://www.icann.org/resources/pages/gtld-registry-agreement-termination-2015-10-09-en
#
@ArtPunkDude <a href="https://brid.gy/publish/twitter"></a> A Good Misery, is a Bad Misery, because it is Bad the it is Good. *tune in next time on ArtPunk Reads his old handwritten notes. (https://timeline.artpunk.net/2021/04/30/a-good-misery-is-a-bad-misery) (twitter.com/_/status/1388251216254275585)
[chrisaldrich] joined the channel
#
superkuh After a talk with the tor devs on oftc I changed my mind. You're right. It makes no sense for indieweb auth to support tor onion addresses.
#
jacky curious about their reasoning
#
jacky (this is also worthy of a blog post tbh)
#
[tantek] I believe aaronpk is now working on that
#
aaronpk i don’t know if I ama haha
#
superkuh They just said that security/safety is the #1 priority and it's worth destroying all the v2 web between sites for it and they'll do it again if required.
#
[tantek] That's some good transparency
#
[tantek] when is IIW?
#
Loqi https://indieweb.org/IIW
#
[snarfed] reminds me of https://vimeo.com/230142234 , one of my favorite eng talks ever. they clearly identified their prioritized values, followed through on them, and communicated it
#
[tantek] wow they've gone full js;dr
#
[tantek] they = IIW
#
[tantek] aaronpk do you still participate in IIW? that'd be a good reason write up a blog post on that whole ephemerality of URLs vs identity thing with Onion and DID as case studies
#
aaronpk i did give an OAuth presentation there last week
#
aaronpk i wasn’t able to attend the rest of the event
[manton] joined the channel
#
[manton] [aaronpk] Did you notice or read anything about how Spotify is going to use OAuth to allow podcasters to tell Spotify what users have access to paid podcasts? I haven’t found any technical details yet.
[aaronpk] joined the channel
#
[aaronpk] oh dear i haven’t been following
#
[aaronpk] “We’re also working on technology that will let your listeners hear your content on Spotify using your existing login system”
#
[aaronpk] https://newsroom.spotify.com/2021-04-27/spotify-ushers-in-new-era-of-podcast-monetization-with-new-tools-for-all-creators/
#
[manton] It’s part of that “Spotify Open Access Platform” section. I guess no technical details yet.
#
aaronpk I’m going to ask around in some backchannels
#
[manton] I only knew it was based on OAuth from Ben Thompson’s Stratechery newsletter.
#
[manton] Cool.
#
sparseMatrix Am I here now
#
sparseMatrix ?
#
sparseMatrix seems so xD