#dev 2021-05-15

2021-05-15 UTC
dirtythinkpad, [jacky], alex11, [tantek] and [fluffy] joined the channel; dirtythinkpad left the channel
#
[fluffy] [tantek] regarding UID stuff I added examples to /uid and also a note about the parsing thing to /u-uid
#
[tantek] nice. well at least we a publishing example! now we need a consuming example to make sure it works as expected
#
[fluffy] Yeah. Also it’s generally a good idea for consumers to still namespace the UID to the site in some way, to prevent various attacks where a malicious site purposefully uses the same UUID as an article on another site
#
[fluffy] (or to prevent honest mistakes like both sites use small autoincrement entry IDs for the UID)
#
[fluffy] also with Publ I could *technically* just declare a u-uid of the entry ID and then it’d be a resolvable URL that will chase its way to the final permalink.
#
[fluffy] like <a class=“u-uid” href=“10425">
#
[fluffy] but I feel like since I provide proper UUIDs for my Atom feed it’s a good idea to make them nominally match the h-feed.
#
[fluffy] although that might also be a weird assumption, and maybe it’s okay if the generated uuid4 UUIDs only exist for Atom?
#
[fluffy] oh and I guess href=“/10425” so that it’s not relative to the entry’s category page.
#
[fluffy] Also, is it obvious why I was deliberate about which example entry I used? 😉
#
[tantek] "malicious site purposefully uses the same UUID as an article on another site" agree with that scenario, however: "namespace the UID to the site in some way" <- wait doesn't that defeat the whole assumption that feed GUIDs are independent of domain?!?
#
[fluffy] Namespacing doesn’t have to be based on the URL
#
[fluffy] like FeedOnFeeds associates the UID with the subscription
#
[fluffy] for example the database row will be like feed_id=274 entry_id=387293 uuid=‘abcd1234-789789789’
#
[fluffy] feed_id and entry_id being internal to FeedOnFeeds and uuid coming from the feed
#
[tantek] also this use of GUIDs (to work across domain changes) in feeds was designed before modern cross-origin understandings & boundaries
#
[fluffy] yeah
#
[tantek] so I don't think that works any more
#
[fluffy] yeah you can’t treat a GUID as, um, G
#
[tantek] I mean, GUIDs can still work for your use-case of changing /blog to /article in permalinks
#
[tantek] so maybe we should set expectations accordingly
#
[fluffy] yeah. my point is that the feed reader should only treat the UID as an opaque identifier *within the context of that subscription* and not as a globally-unique identifier.
#
[tantek] and explicitly debunk the assumption (in their aspirational design) that it can de-dupe across domains, because that's a cross-origin violation
#
[fluffy] and that should probably be captured in /uid and/or /u-uid
#
[tantek] yeah this is the first time I've seen someone point it out
#
[fluffy] I”m kind of low on spoons right now though
#
[tantek] yeah totally
#
[fluffy] I think even in the case of u-uid you still need to be careful about how you treat it, like a malicious site alice.example.com could still provide a u-uid of https://bob.example.com/12345
#
[tantek] uid << Limitation: GUIDs on the web are not "G". While RSS & Atom assert that post GUIDs (and thus a h-entry uid) can be used to de-dupe entries (avoid new unreads) when a feed moves across domains, that assertion violates modern understanding and restrictions of cross-origin semantics, and cannot be expected to work. Assume such post GUIDs only work in the context of their domain.
#
Loqi ok, I added "Limitation: GUIDs on the web are not "G". While RSS & Atom assert that post GUIDs (and thus a h-entry uid) can be used to de-dupe entries (avoid new unreads) when a feed moves across domains, that assertion violates modern understanding and restrictions of cross-origin semantics, and cannot be expected to work. Assume such post GUIDs only work in the context of their domain." to the "See Also" section of /uid https://indieweb.org/wiki/index.php?diff=75685&oldid=75683
#
[fluffy] heh, you added that just as I was about to add a similar thing to that same page
#
[tantek] uid << Caution for 'uid' consuming applications: Even if you use a URL as your uid / GUID, you still need to be careful about how you treat it, like a malicious site alice.example.com could still provide a u-uid of https://bob.example.com/12345 and attempt to "overwrite" a post from another domain
#
Loqi ok, I added "Caution for 'uid' consuming applications: Even if you use a URL as your uid / GUID, you still need to be careful about how you treat it, like a malicious site alice.example.com could still provide a u-uid of https://bob.example.com/12345 and attempt to "overwrite" a post from another domain" to the "See Also" section of /uid https://indieweb.org/wiki/index.php?diff=75686&oldid=75685
#
[fluffy] thanks tantek++
#
Loqi tantek has 19 karma in this channel over the last year (71 in all channels)
#
[tantek] fluffy, here to spare some spoons 🤝
#
[tantek] appreciate the insights
#
aaronpk interesting!
[snarfed] joined the channel
#
[snarfed] oh bridgy and granary have also been publishing mf2 uids for a long time now. generally tag URIs
[tw2113_Slack_], tomlarkworthy, [chrisaldrich] and [KevinMarks] joined the channel
#
[KevinMarks] Well, if you use content hashes as guids you can dedupe across domains, but in practice a lot of posts end up with the domain url in them somewhere.
#
[KevinMarks] And redesigning your template then changes all the guids
Caleb[m]1, dhanesh and [fluffy] joined the channel
#
[fluffy] And that still doesn’t address the possibility of a malicious spoofed UID
dhanesh, alex11, [dianoetic_net] and sparseMatrix joined the channel
#
sparseMatrix Ok, so I 98% got it working, just in the past few minutes.
#
sparseMatrix The last bit is getting it to fly with https
#
sparseMatrix oh and the socket perms are still a pain point
#
sparseMatrix there's your 2&
#
sparseMatrix 2%
#
sparseMatrix it turns out there was nothing at all wrong with the configuration. In fact, we've probably tested a dozen configurations, all that would have at least worked.
#
sparseMatrix as it happens, the problem was in the invocation of uwsgi\
#
sparseMatrix in this invocation: uwsgi --protocol=http -w wsgi --ini uwsgi.ini, typical of what we were attempting yesterday, we weren't actually getting http all the way down the wire to nginx. That in spite of the '--protocol=http'. Hence the premature termination of the connection reported in the nginx logs.
#
sparseMatrix in THIS invocation: uwsgi --socket 0.0.0.0:8080 --http-socket --ini uwsgi.ini, we do, in fact, get http end to end through the gateway.
#
sparseMatrix Though I had to manually set perms on the socket, and cannot yet hit it with a web browser (at some point in transit the browser trries to force the connection to https), I am consistently able to access the content via curl from within my domain. Curl will probably work for any of y'all that want to test it as well.
#
sparseMatrix The URL I'm using to test is http://reader.code4peeps.life/reader/index.md
#
sparseMatrix Confirmation from anyone out in the world would be considered bonus :D
[snarfed] joined the channel
#
[snarfed] Congrats! I'm getting a 502 right now though
#
[snarfed] (in browser, but still just http)
#
sparseMatrix I've got some stuff to do around the tiny compound this morning (yard work and gardening), but afterwords the plan is to fully transcribe my current configs to some kb artifacts for reference and annotation, and then move on with refinements
#
sparseMatrix @[snarfed] if you're dancing with uwsgi it could be a similar problem
#
[snarfed] Oh no, i was just trying your url q
#
sparseMatrix oh I see, cool :D
#
sparseMatrix yeah, you'll wanna try it with curl for immediate gratification
#
[snarfed] Surprising. My browser is definitely loading http only, not https
#
sparseMatrix interesting
#
sparseMatrix oh duh
#
sparseMatrix one sec
#
sparseMatrix uwsgi is not running, I stopped it cut and paste the commandlines
#
sparseMatrix try it now
#
[snarfed] Same 😐
#
sparseMatrix ack, me too now'
#
sparseMatrix Dangol socket perms
#
sparseMatrix one more time FTW
#
[snarfed] Works!
#
sparseMatrix : D
#
sparseMatrix it's funny because I am still only about half awake
#
sparseMatrix you were able to get it in your browser?
#
sparseMatrix it should be noted that when the folks here started helping me out a few days ago (thanks to lahacker and sknebel (sp?)) I had a MULTITUDE of problems. It was only with their patient and persistent assistance that I got down to this one final issue that I eventually drilled down to and resolved. Thanks y'all!\
#
[snarfed] Yup, in browser
#
sparseMatrix bad to the bone
#
sparseMatrix thanks for the confirmation @[snarfed]
barnabywalters and [KevinMarks] joined the channel
#
[dianoetic_net] Not sure where this thought should go so I'm trying it here... category names. Plural or singular? When you go to someone's website and want to subscribe to a feed, do you click on "note" or "notes"?
#
[dianoetic_net] Apparently I'm bored.
#
sparseMatrix I'll bite: 'feed' kinder implies multiples, so if I'm looking for a feed, I'd probably be most inclined towards notes.
#
[dianoetic_net] ^‿^ Makes sense
shoesNsocks and superkuh joined the channel
#
@JamieTanna I'm looking forward to the #IndieWeb pop-up session tonight (https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA) to talk about how we can improve the #Webmention experience for new IndieWeb folks (https://www.jvt.me/mf2/2021/05/gahrb/) (twitter.com/_/status/1393587303466012677)
[chrisaldrich] joined the channel
#
jacky this is about CSS but for the bookshelving people, this looks like a neat interface https://mxb.dev/blog/container-queries-web-components/
shoesNsocks joined the channel
#
sparseMatrix @jacky what are 'bookshelving people'?
#
sparseMatrix I'm not sure I are one, but man, that looks like some shiny new CSS tech right there...
Seirdy joined the channel
#
jacky I meant like those who are interested in owning their bookshelves / library records (like Goodreads and friends)
Seirdy joined the channel
#
@ChrisAldrich ↩️ Inserting them relies on people building tools using those services’ APIs to watch for them and send them. (This is what http://Brid.gy does btw if you’d like to help or see how it’s done.) Hop into the IWC online dev chat channel for more [...] https://boffosocko.com/2021/04/27/55790622/?replytocom=321824#respond (twitter.com/_/status/1393600730636771331)
#
barnabywalters anyone know why the syndicate-to information appears in both ?q=config and ?q=syndicate-to micropub configuration queries?
#
barnabywalters is it a back compat thing?
Seirdy joined the channel
#
jacky I think so but also like a simple way to get it in one go. IIRC the first thing most Micropub clients do is call `?q=config`
#
barnabywalters yeah, having ?q=syndicate-to additionally seems weirdly redundant
#
jacky so ?q=syndicate-to could be used to include more info
#
jacky personally, I'd like for ?q=config > syndicate-to to only return a list of UIDs and have the clients ask about each one
#
jacky (or a set of them)
#
jacky barnabywalters: there's a chance that depending on the client used, one could change that set as well
#
jacky this is something I was literally thinking last night but having my consent screen also show what syndication targets should be available to a particular client
#
barnabywalters according to the spec, the syndicate-to data in q=config and q=syndicate-to should be the same
#
jacky the spec can be changed ;)
#
barnabywalters or at least that’s implied
#
jacky but yeah
#
barnabywalters I’m mostly trying to decide whether the two methods should get different callbacks in my micropub adaptor
#
barnabywalters I think for the moment I’ll go with just having a configuration query callback, and the syndicate to callback will call that internally and extract the syndicate-to data
#
barnabywalters untill I can see a compelling reason for the two queries to return different data
Seirdy joined the channel
#
barnabywalters the spec also doesn’t mention what to do if the url requested by a q=source query doesn’t exist, or if the user doesn’t have sufficient permissions to access it
#
barnabywalters I assume we just just regular 404 and 403 in those cases
#
barnabywalters ah yeah it does mention those, just not in the querying section
#
jacky good note re: that
#
jacky might be a chance to tidy that part of the Wiki
#
jacky and yeah that's similar to what I did with the older form of my site and doing now
[snarfed] and [KevinMarks] joined the channel
#
@RaineyCode I have an idea for webmention. Who's built something with it and any gotchas to look out for or tutorials/ blogs you'd recommend? (twitter.com/_/status/1393609936505036802)
#
jacky ^ just invited them lol
#
aaronpk good timing haha
#
@jackyalcine ↩️ I'll do you one better - we're running a event in like two hours _about_ Webmentions! https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA There's also the wealth of info at https://indieweb.org/Webmention! (twitter.com/_/status/1393612336800301063)
#
sknebel well, maybe not the best place for someone starting out
#
sknebel unless I missunderstood the topic
#
@ChrisAldrich Excited for the IndieWebCamp pop-up session Webmentions Beyond http://Webmention.io in a bit. https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA (https://boffosocko.com/?p=55791171) (twitter.com/_/status/1393616981748760580)
#
jacky sknebel: fair! I didn't parse their note as a beginner-y thing
#
[chrisaldrich] What is a personal library?
#
Loqi A personal library is an online collection of books that reflects either physical or digital items one owns, wants to acquire, has bookmarked to read, is currently reading, or read in the past https://indieweb.org/personal_library
#
[chrisaldrich] is a bookshelving person 🙂 cc: sparseMatrix ^^
#
sparseMatrix xD
[jacky] joined the channel
#
[jacky] that's the term lol
#
[chrisaldrich] jacky++ for looking out for the bookshelving people
#
Loqi jacky has 30 karma in this channel over the last year (110 in all channels)
#
sparseMatrix man I may never get logged in here
#
sparseMatrix Oh Wait there I go hahah
#
sparseMatrix (I've moved out to the garage with the web-pi and my biggish AMD 6x
#
sparseMatrix )
#
sparseMatrix do we have an etherpad hashtag for the webmentioons meeting yet?
#
[chrisaldrich] For convenience for the Webmentions session https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA, here's the etherpad link: https://etherpad.indieweb.org/Beyond_Webmention.io
#
sparseMatrix Thanks @[chrisaldritch]
#
sparseMatrix when I try to log in via the link on the web site, it tells me the host has another meeting in progress
#
sparseMatrix I need to do it that way on the iPad, as it's the system where I run the zoom
[girrodocus] joined the channel
#
[girrodocus] I’m experimenting with a DigitalOcean droplet running Ubuntu, nginx, and node.js via pm2. So far I’ve enabled SSH, disabled password login, made a sudo user, and set ufw (firewall) to block all incoming except 80 (http) and 443 (https) and another port for SSH. Does anyone know of any beginner-friendly resources I could follow to ensure my server is secure? Right now I don’t know if it’s secure and also don’t know how I’d find o
#
[girrodocus] been compromised. I am a noob.
#
barnabywalters I’d join but zoom tends to have terrible audio/video quality for me (compared to jitsi), so there’s not much point. I’ll keep an eye on the etherpad
#
sparseMatrix all hail girrodocus
#
sparseMatrix hails girrodocus
#
sparseMatrix honestly, you've done most of the usual thing @girrodocus
#
sparseMatrix if I were to suggest *one more thing* it would be to install fail2ban alongside ufw
[Ana_Rodrigues] joined the channel
#
[snarfed] girrodocus sure! update your OS and packages (eg openssh), turn on unattended-upgrades so you get security patches automatically, and turn off password auth in ssh (you’d then ssh in with a key instead)
#
[snarfed] oh nm, you already disabled password, :thumbsup:
gRegorLove and ColinWalker joined the channel
#
ColinWalker Can't make the meeting but I'll be keeping an eye on the etherpad
#
[girrodocus] Thank you sparseMatrix and snarfed. I will add fail2ban, and I’ve already turned on unattended-upgrades (but not sure if my config settings are good). When I first set it up it used to say OpenSSH for port 22 when I did ‘ufw status’ but now I’ve denied that and instead opened another port for my SSH, but it doesn’t say OpenSSH any more. It works… but maybe that port could be open for other things too?
#
[girrodocus] Oh I also disabled ping. So when you ping my IP it doesn’t work.
#
sknebel if you block too much of ICMP you can easily subtly break access to your site, so I'd be careful with that. and ping really doesnt hurt
#
[girrodocus] I’ve been following YouTube tutorials for hacker kiddies and I’m not sure how much of what I’ve done is good and how much just feels useful without actually being useful as discussed here https://youtu.be/fKuqYQdqRIs
#
[girrodocus] Ah ok maybe I should put ping back. And also Google ICMP and find out what that is (noob alert)
#
sknebel ah sorry. the protocol family ping belongs to
#
[girrodocus] Aha thank you
#
sknebel and while there are some risks in that, any modern linux is going to have sane defaults there, so you don't need to worry. and if you block to much of it, you block useful parts
#
sknebel (e.g. PMTU discovery relies on it, and that can cause weird bugs if its broken. (no need to know what that is, unless you are curious and want to look it up ;))
ghosthell joined the channel; ghosthell left the channel
#
[girrodocus] Thanks for telling me this. The tutorial I followed didn’t mention any downsides, and being a total noob I don’t even know what I don’t know.
[fluffy], shoesNsocks, Seirdy, [schmarty] and jamietanna joined the channel
#
barnabywalters aaronpk/anyone: if a micropub endpoint receives a request which it doesn’t support, what’s the correct response? HTTP 400 with 'invalid_request', or HTTP 501 NOT IMPLEMENTED with a corresponding error and description?
#
aaronpk i think 5xx errors are never supposed to be considered part of normal application logic flow
#
[schmarty] https://webmention.net/draft/#error-responses-p-1
#
aaronpk https://micropub.spec.indieweb.org/#error-response
#
barnabywalters hmm okay. there are so many optional things in micropub that I’d have thought suggesting a “not_implemented” error in the spec would be useful
#
barnabywalters for the moment I’ll go with 400 and a “not implemented” error description
#
sknebel that's not what 501 means!
#
[schmarty] lol oops i replaced micropub with webmention in my brain 😂
#
sknebel 501 *METHOD* speciically refers to GET/POST/...
#
barnabywalters sknebel: what nuance am I missing out on? “501 Not Implemented means that the server does not support the functionality required to fulfill the request” seems suitable to me?
#
sknebel it refers to HTTP method
#
barnabywalters ah it’s only for the method, okay
#
barnabywalters thanks
Seirdy joined the channel
#
[snarfed] wait no, 405 is method not supported, right?
#
petermolnar from the meeting: ( /me ducks in advance) trying to agree on the output jf2 for webmentions almost sounds like we are about to define an RDF Schema...
Seirdy joined the channel
#
barnabywalters [snarfed]: I think 501 is “unknown or completely unsupported method” and 405 is “we know about this method, but this particular resource doesn’t support it”
#
barnabywalters neither of which are what I was looking for :P
#
[snarfed] feature unknown, maybe yes, but probably not method unknown
#
[snarfed] since the set of HTTP methods is fully specified
#
[KevinMarks] I need to sign out for a bit to sort house stuff out - possible diagram https://indieweb.org/graphics#Illustrations_and_Sketch_Notes
#
[snarfed] KevinMarks++
#
Loqi KevinMarks has 12 karma in this channel over the last year (59 in all channels)
#
barnabywalters right, so 501 would be a suitable response to a request with a method of BANANA or something
#
jacky ha
#
[snarfed] if you’re writing a web server or framework, yes. hopefully those would catch and handle BANANA before your app ever saw it though? 🤷
#
[snarfed] seems like a pretty uncommon situation you could safely ignore
#
barnabywalters or a legacy server responding to a new, unsupported HTTP method?
#
[snarfed] did this happen? curious how/why we’re trying to handle this
#
barnabywalters nope, I was looking for a way to return a “feature not implemented” response in a micropub endpoint and briefly thought that there was an HTTP code for the occasion
#
barnabywalters but it looks like that isn’t the case so I’ll just use 400 with a descriptive error message
#
aaronpk i'm a big fan of keeping HTTP codes out of application logic :) HTTP is a transport protocol after all
#
barnabywalters yeah, agreed
#
barnabywalters but if there had been one which was suitable I would have used it
#
barnabywalters I’m about half way through writing my micropub adapter
#
barnabywalters I have all the GET behaviour handled, now moving on to the POST behaviour
#
barnabywalters what response would you expect for a valid action=delete request to a resource which is already deleted? a no-op success, as the resource is already deleted?
sparseMatrix joined the channel
#
sparseMatrix Sorry folks, had to bail as iPad battery was out of juice :/
jeremycherfas joined the channel
#
jacky no prob!
maxwelljoslyn, jeremycherfas and lahacker joined the channel
#
jacky https://github.com/indieweb/webmention-ecosystem/issues/1
#
Loqi [jalcine] #1 Defining the Retrieval Format for Webmentions
#
jacky and https://github.com/indieweb/webmention-ecosystem/issues/2
#
jacky lemme know if the bodys of those need some proofreading
#
jacky or like rephrasing
#
gRegorLove first one looks good, not sure I followed the discussion for #2
#
aaronpk "how would a client-side rendering library know the URL to go fetch the comments from"
#
gRegorLove Ah, like a rel value to discover `https://webmention.io/api/mentions.jf2` for example?
#
aaronpk interestingly, there's a discussion about a similar issue for OAuth right now
#
jacky gRegorLove: yeah!
#
aaronpk https://mailarchive.ietf.org/arch/msg/oauth/6lfqd3n8O196a3Om9HxVfCFLLQk/
#
@erikkroes Don't mind me. Testing webmentions. https://www.erikkroes.nl/blog/i-made-this-website-with-html/ (twitter.com/_/status/1393664742439464970)
#
jacky gonna link that as potential prior art
#
jacky I do think those things mentioned as the bits of webmention.io could be added to its Wiki page as well
#
aaronpk good idea
#
jacky mainly for people to conceptualize all of the stuff it does with a word to each part
#
aaronpk https://indieweb.org/webmention.io#What_does_Webmention.io_do.3F
#
jacky heh just saw that
#
jacky nice
#
sparseMatrix my hot-take on the meeting goes something like this: as a community of self-hosters and technology (early?) adopters, we need a reference specification to follow for webmentions.
#
barnabywalters well there is a webmention spec already https://www.w3.org/TR/webmention/
#
aaronpk yep, but for more than just the "webmention" part, which already does have a spec and test
#
sparseMatrix Webmentions are fairly complex, and there are a few disparate implementations, but webmentions.io covers pretty much all the bases
#
sparseMatrix @aaronpk: noted
#
barnabywalters but a lot of the behaviour we associate with webmention is out of its scope
#
aaronpk turns out webmention by itself is only a tiny part of it
#
barnabywalters yeah, webmention itself is really only a way of letting one URL know that another URL linked to it
#
barnabywalters everything else is built on top of that
#
sparseMatrix still, it boils down to this choice: either we take the best experiences of our luminaries and move forward with it, on a more or less experimental basis
#
barnabywalters what we need next is a clear implementation guide for receiving and displaying responses to a post
#
jacky I think receiving is something to be done but I'm hesitant on defining what it should look like on a site
#
sparseMatrix or we come up with a specification that provides the implementor a methodology for representing the content visually
#
jacky I feel like that's a hyper-specific thing
#
jacky also sparseMatrix, you might want to follow https://github.com/indieweb/webmention-ecosystem now
#
jacky that'll be the place to discuss/propose things around Webmention
#
jacky that's a brand new repo :)
#
sparseMatrix I can dig it :D I just wanted to get that out there, while it was still fresh
#
barnabywalters I’m not talking about defining what it should look like, but having a reference for exactly how to perform each step in the process from handling a webmention to displaying the reply it represents on your site
#
sparseMatrix right
#
aaronpk we missed you in the discussion barnabywalters!
#
barnabywalters i.e. a prose description of whatever it is webmention.io is doing under the hood
#
sparseMatrix I wonder if we aren't overthinking some of that representation bit though
#
[Ana_Rodrigues] Right, so I understand things better in pseudo-code too
#
barnabywalters aaronpk: I would have joined but have only had bad experiences with zoom :( I read and wrote a bit in the etherpad though
#
sparseMatrix it almost feels like something that could be answered with some themes or something
#
sparseMatrix sorry, just riffing :)
#
aaronpk ah strange, zoom has been one of the best for handling poor connections for me
#
barnabywalters and I was deep in micropub adapter development
#
barnabywalters at least within europe, I’ve always had better experiences with jitsi
#
aaronpk strange, jitsi has been one of the worst for me too
#
barnabywalters but maybe I’ll give zoom a go next time we have one of these meetups
#
barnabywalters I guess it depends a lot on where you are
#
aaronpk jitsi is fine with like 3-4 people but beyond that it becomes a mess
#
[Ana_Rodrigues] and, my understanding, is that this is as well what Rainey was asking: like a way, either diagram or like barnabywalters says, a prose description of what happens under the hood.
#
jacky ah yes [Ana_Rodrigues] you're right
#
barnabywalters I’m a big fan of prose specs like the mf2 parsing spec
#
barnabywalters I think I will make one for micropub once my adapter is working
#
barnabywalters because it’s quite a lot of work to get from the formal spec to a series of conditions which cover every case properly
#
[Ana_Rodrigues] in a way that anyone, regardless of what language people write in, can follow through and write something.
#
barnabywalters [Ana_Rodrigues]: yep, exactly!
#
sparseMatrix +1 for good textual documentation
#
sparseMatrix Seeing is nice, but reading is learning
#
[Ana_Rodrigues] fwiw, this is as well where I struggle with doing my own micropub endpoint.
#
barnabywalters [Ana_Rodrigues]: what language are you programming your micropub endpoint in?
#
[Ana_Rodrigues] I haven’t built it yet but I only know javascript (besides html and css)
[dmitshur] joined the channel
#
[dmitshur] Question about events.indieweb.org. In the RSVPs section (e.g. https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA#rsvps) some entries have a name and photo, some just a URL. Is there a good way to learn what it takes to get one's name/photo to appear? I didn't find it documented on the site, and the site's source isn't available to read AFAICT (https://github.com/indieweb/events.indieweb.org). So my best ideas
#
[dmitshur] so far is experimentation and/or asking its creator hehe.
#
barnabywalters [dmitshur]: I think the URL-only RSVPs are either people who are logged into the wiki and clicked on the RSVP button, or people who sent an rsvp via webmention but didn’t provide an h-card with details
#
aaronpk speaking of webmentions
#
aaronpk yes if your RSVP post has an h-card and all that it'll show up with the photo
#
aaronpk nothing specific to RSVPs or events.indieweb.org, it's all part of the same way all responses are handled, and this is exactly what i'd expect to see in a more detailed "how to webmention" guide :)
#
[dmitshur] I used the "log in via wiki and press the RSVP button" path. Is it only possible to provide a name/photo via the other path?
#
aaronpk also the source code is here https://github.com/aaronpk/Meetable
#
Loqi [aaronpk] Meetable: a minimal website for posting events
#
aaronpk it'll look for an h-card on your home page when you log in
#
barnabywalters aaronpk: it didn’t find mine, so I assume it’s a naieve search and doesn’t find my homepage .h-feed > p.author.h-card?
#
[dmitshur] Thanks for that info, very helpful!
#
[dmitshur] Is there caching involved perhaps? I added an h-card to my home page recently, tried logging in/out to indieweb.org and remove/re-add RSVP, but didn't notice a difference so far.
#
aaronpk let me check the logs
#
aaronpk barnabywalters: it should be pretty aggressive about finding the photo
#
aaronpk https://xray.p3k.app/parse?pretty=true&url=https%3A%2F%2Fdmitri.shuralyov.com%2F
#
aaronpk i see it there
jeremycherfas joined the channel
#
aaronpk ah looks like on barnabywalters' site i need to go a little further with the logic to find the h-card there
#
barnabywalters my getAuthor function should handle most cases https://github.com/barnabywalters/php-mf-cleaner/blob/master/src/BarnabyWalters/Mf2/Functions.php#L115
#
gRegorLove I still have the situation where the h-card on my homepage is part of the h-feed so I don't think it gets pulled out as my RSVP author
#
barnabywalters I think it’s a superset of the authorship algorithm to try to aggressively handle all possible cases
#
aaronpk ah shoot, looks like it's not looking for the photo after logging in, only the first time the user is found
#
[dmitshur] ah, a bug. thanks for spotting it!
#
GWG barnabywalters: Thanks for mf cleaner, by the way.. I still use some of it
#
gRegorLove oh looks like barnaby's is similar, so that bug fix might work for me too
#
barnabywalters GWG: good to know it’s useful! it probably needs updating with some new helper functions
#
GWG barnabywalters: Maybe I should backport some of my mods
#
gRegorLove I thought that was fixed in https://github.com/aaronpk/XRay/issues/95 though
#
Loqi [gRegorLove] #95 Missing author
#
gRegorLove oh, different thing I think. That was for authorship running Xray on a permalink
#
@bnijenhuis ↩️ Recently wrote something about it: https://bnijenhuis.nl/notes/2021-05-03-implementing-clientside-webmentions/ (twitter.com/_/status/1393677889728663552)
#
jacky interesting
#
jacky that post led me to https://github.com/sw-yx/domainblocklist
#
Loqi [sw-yx] domainblocklist: domains that are mostly just automated reposts of content sites like CSS Tricks
#
aaronpk oh wow hah
#
jacky I kinda wish there was a way to comb people's experiences like this with Webmentions
#
jacky eh not really lol
#
[Ana_Rodrigues] throwback to when all the websites like that spammed our meta channel because of my article in Smashing Magazine 😭
#
aaronpk haha yes
#
barnabywalters micropub implementors: do you use the micropub endpoint as a media endpoint, perhaps with a URL parameter differentiating it, or do you have a completely separate endpoint for it?
#
aaronpk totally separate, actually on a different domain even :)
#
barnabywalters I’m trying to figure out the best way of handling the media endpoint in my adapter
#
barnabywalters okay, good to know
#
barnabywalters but to simplify my adapter, it should be okay to default to having both endpoints the same, and detecting media endpoint requests based on the presence of a file parameter, right?
#
aaronpk i suppose so!
#
barnabywalters and the user of my adapter can just decide whether they want to implement the file uploading callback, and return a different URL at the discovery stage if they want to implement it elsewhere
#
barnabywalters aaronpk: do you think it would make sense to add file to the list of reserved properties, to guarantee that it’s possible to use the micropub endpoint as a media endpoint?
#
aaronpk probbaly yes
#
barnabywalters AFAIK there are no mf2 vocabularies with a property called file
#
barnabywalters should I raise this as an issue somewhere?
#
jacky barnabywalters: I've been torn on implementing a separate Micropub media endpoint
#
jacky currently, I've baked it into my site but I can see the appeal for having it separated
#
barnabywalters I definitely want to give potential users of my adapter code the possibility to do both
#
barnabywalters but I think having them both be the exact same URL is sane default
gRegorLove_ joined the channel
#
barnabywalters so it’d be good to bake that into the spec to guarantee that it’s possible
#
jacky I don't know if baking into the spec is necessarily the route
#
jacky IIRC you can also specify the media endpoint in `?q=config`
#
barnabywalters when I say “bake into spec”, all I mean is reserving the 'file' form body parameter
#
jacky Ah
#
jacky gotcha
#
barnabywalters that’s all which is required to guarantee that micropub endpoints *can* be used as media endpoints, without requiring or recommending it
#
jacky fair point
#
barnabywalters welp, first draft is complete https://github.com/Taproot/micropub-adapter/blob/main/src/MicropubAdapter.php
#
barnabywalters now to test it
#
aaronpk nice
#
barnabywalters I’ve barely even used rust and yet somehow I already miss its enums when writing code like this
#
barnabywalters pity there isn’t a really ergonomic PHP alternative
#
aaronpk i feel like php 8 is adding a bunch of new features, does that not exist in 8 yet?
#
barnabywalters it may well be, but I don’t want to limit this library to PHP 8 users
#
aaronpk ah
#
barnabywalters oh yeah it has unions https://php.watch/versions/8.0/union-types
#
barnabywalters although without a corresponding match {} equivalent, they’re not so useful
#
[KevinMarks] The closest thing to a file parameter in microformats is enclosure in hAtom
#
barnabywalters good thing hAtom is mostly irrelevant for micropub then!
#
[KevinMarks] https://microformats.org/wiki/rel-enclosure
#
[KevinMarks] Yeah, legacy
#
sknebel feel like we discussed a generic "attachment" property a few times. but even so, it never would conflict with the file upload syntax due to any valid MP request having other properties (h=, action=) too?
#
sknebel I.e. not sure reserving "file" is the correct thing?
#
aaronpk oh good point
#
aaronpk also it's only a potential conflict in form-encoded mode, which would have the h=
[dianoetic_net] joined the channel
#
gRegorLove aaronpk, can I have https://dev.indiebookclub.biz/ and https://indiebookclub.biz/ registered as a client for indielogin.com? Latter may already be.
barnabywalters joined the channel
#
barnabywalters as far as I can tell, according to the spec, requests without h= or action= are treated as if they had h=entry by default
#
barnabywalters and the reserved properties only apply in form-encoded and multipart requests anyway
#
sknebel true
#
barnabywalters it’s still easy to identify media endpoint requests, as they would *only* contain a file upload called 'file' and absolutely nothing else
#
barnabywalters but reserving the 'file' property in form-encoded requests would guarantee that this functionality is possible
#
sknebel yeah, capturing that in some way does make sense I think
timculverhouse and [chrisaldrich] joined the channel