#dev 2021-05-15
2021-05-15 UTC
dirtythinkpad, [jacky], alex11, [tantek] and [fluffy] joined the channel; dirtythinkpad left the channel
# [fluffy] I think even in the case of u-uid you still need to be careful about how you treat it, like a malicious site alice.example.com could still provide a u-uid of https://bob.example.com/12345
# [tantek] uid << Limitation: GUIDs on the web are not "G". While RSS & Atom assert that post GUIDs (and thus a h-entry uid) can be used to de-dupe entries (avoid new unreads) when a feed moves across domains, that assertion violates modern understanding and restrictions of cross-origin semantics, and cannot be expected to work. Assume such post GUIDs only work in the context of their domain.
# Loqi ok, I added "Limitation: GUIDs on the web are not "G". While RSS & Atom assert that post GUIDs (and thus a h-entry uid) can be used to de-dupe entries (avoid new unreads) when a feed moves across domains, that assertion violates modern understanding and restrictions of cross-origin semantics, and cannot be expected to work. Assume such post GUIDs only work in the context of their domain." to the "See Also" section of /uid https://indieweb.org/wiki/index.php?diff=75685&oldid=75683
# [tantek] uid << Caution for 'uid' consuming applications: Even if you use a URL as your uid / GUID, you still need to be careful about how you treat it, like a malicious site alice.example.com could still provide a u-uid of https://bob.example.com/12345 and attempt to "overwrite" a post from another domain
# Loqi ok, I added "Caution for 'uid' consuming applications: Even if you use a URL as your uid / GUID, you still need to be careful about how you treat it, like a malicious site alice.example.com could still provide a u-uid of https://bob.example.com/12345 and attempt to "overwrite" a post from another domain" to the "See Also" section of /uid https://indieweb.org/wiki/index.php?diff=75686&oldid=75685
[snarfed] joined the channel
[tw2113_Slack_], tomlarkworthy, [chrisaldrich] and [KevinMarks] joined the channel
# [KevinMarks] Well, if you use content hashes as guids you can dedupe across domains, but in practice a lot of posts end up with the domain url in them somewhere.
# [KevinMarks] And redesigning your template then changes all the guids
Caleb[m]1, dhanesh and [fluffy] joined the channel
dhanesh, alex11, [dianoetic_net] and sparseMatrix joined the channel
# sparseMatrix Ok, so I 98% got it working, just in the past few minutes.
# sparseMatrix The last bit is getting it to fly with https
# sparseMatrix oh and the socket perms are still a pain point
# sparseMatrix there's your 2&
# sparseMatrix 2%
# sparseMatrix it turns out there was nothing at all wrong with the configuration. In fact, we've probably tested a dozen configurations, all that would have at least worked.
# sparseMatrix as it happens, the problem was in the invocation of uwsgi\
# sparseMatrix in this invocation: uwsgi --protocol=http -w wsgi --ini uwsgi.ini, typical of what we were attempting yesterday, we weren't actually getting http all the way down the wire to nginx. That in spite of the '--protocol=http'. Hence the premature termination of the connection reported in the nginx logs.
# sparseMatrix in THIS invocation: uwsgi --socket 0.0.0.0:8080 --http-socket --ini uwsgi.ini, we do, in fact, get http end to end through the gateway.
# sparseMatrix Though I had to manually set perms on the socket, and cannot yet hit it with a web browser (at some point in transit the browser trries to force the connection to https), I am consistently able to access the content via curl from within my domain. Curl will probably work for any of y'all that want to test it as well.
# sparseMatrix The URL I'm using to test is http://reader.code4peeps.life/reader/index.md
# sparseMatrix Confirmation from anyone out in the world would be considered bonus :D
[snarfed] joined the channel
# sparseMatrix I've got some stuff to do around the tiny compound this morning (yard work and gardening), but afterwords the plan is to fully transcribe my current configs to some kb artifacts for reference and annotation, and then move on with refinements
# sparseMatrix @[snarfed] if you're dancing with uwsgi it could be a similar problem
# sparseMatrix oh I see, cool :D
# sparseMatrix yeah, you'll wanna try it with curl for immediate gratification
# sparseMatrix interesting
# sparseMatrix oh duh
# sparseMatrix one sec
# sparseMatrix uwsgi is not running, I stopped it cut and paste the commandlines
# sparseMatrix try it now
# sparseMatrix ack, me too now'
# sparseMatrix Dangol socket perms
# sparseMatrix one more time FTW
# sparseMatrix : D
# sparseMatrix it's funny because I am still only about half awake
# sparseMatrix you were able to get it in your browser?
# sparseMatrix it should be noted that when the folks here started helping me out a few days ago (thanks to lahacker and sknebel (sp?)) I had a MULTITUDE of problems. It was only with their patient and persistent assistance that I got down to this one final issue that I eventually drilled down to and resolved. Thanks y'all!\
# sparseMatrix bad to the bone
# sparseMatrix thanks for the confirmation @[snarfed]
barnabywalters and [KevinMarks] joined the channel
# [dianoetic_net] Not sure where this thought should go so I'm trying it here... category names. Plural or singular? When you go to someone's website and want to subscribe to a feed, do you click on "note" or "notes"?
# [dianoetic_net] Apparently I'm bored.
# sparseMatrix I'll bite: 'feed' kinder implies multiples, so if I'm looking for a feed, I'd probably be most inclined towards notes.
# [dianoetic_net] ^‿^ Makes sense
shoesNsocks and superkuh joined the channel
# @JamieTanna I'm looking forward to the #IndieWeb pop-up session tonight (https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA) to talk about how we can improve the #Webmention experience for new IndieWeb folks (https://www.jvt.me/mf2/2021/05/gahrb/) (twitter.com/_/status/1393587303466012677)
[chrisaldrich] joined the channel
# jacky this is about CSS but for the bookshelving people, this looks like a neat interface https://mxb.dev/blog/container-queries-web-components/
shoesNsocks joined the channel
# sparseMatrix @jacky what are 'bookshelving people'?
# sparseMatrix I'm not sure I are one, but man, that looks like some shiny new CSS tech right there...
Seirdy joined the channel
Seirdy joined the channel
# @ChrisAldrich ↩️ Inserting them relies on people building tools using those services’ APIs to watch for them and send them. (This is what http://Brid.gy does btw if you’d like to help or see how it’s done.) Hop into the IWC online dev chat channel for more [...]
https://boffosocko.com/2021/04/27/55790622/?replytocom=321824#respond (twitter.com/_/status/1393600730636771331)
# barnabywalters anyone know why the syndicate-to information appears in both ?q=config and ?q=syndicate-to micropub configuration queries?
# barnabywalters is it a back compat thing?
Seirdy joined the channel
# barnabywalters yeah, having ?q=syndicate-to additionally seems weirdly redundant
# barnabywalters according to the spec, the syndicate-to data in q=config and q=syndicate-to should be the same
# barnabywalters or at least that’s implied
# barnabywalters I’m mostly trying to decide whether the two methods should get different callbacks in my micropub adaptor
# barnabywalters I think for the moment I’ll go with just having a configuration query callback, and the syndicate to callback will call that internally and extract the syndicate-to data
# barnabywalters untill I can see a compelling reason for the two queries to return different data
Seirdy joined the channel
# barnabywalters the spec also doesn’t mention what to do if the url requested by a q=source query doesn’t exist, or if the user doesn’t have sufficient permissions to access it
# barnabywalters I assume we just just regular 404 and 403 in those cases
# barnabywalters ah yeah it does mention those, just not in the querying section
[snarfed] and [KevinMarks] joined the channel
# @RaineyCode I have an idea for webmention. Who's built something with it and any gotchas to look out for or tutorials/ blogs you'd recommend? (twitter.com/_/status/1393609936505036802)
# @jackyalcine ↩️ I'll do you one better - we're running a event in like two hours _about_ Webmentions! https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA
There's also the wealth of info at https://indieweb.org/Webmention! (twitter.com/_/status/1393612336800301063)
# @ChrisAldrich Excited for the IndieWebCamp pop-up session Webmentions Beyond http://Webmention.io in a bit.
https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA (https://boffosocko.com/?p=55791171) (twitter.com/_/status/1393616981748760580)
# [chrisaldrich] What is a personal library?
# Loqi A personal library is an online collection of books that reflects either physical or digital items one owns, wants to acquire, has bookmarked to read, is currently reading, or read in the past https://indieweb.org/personal_library
# [chrisaldrich] is a bookshelving person 🙂 cc: sparseMatrix ^^
# sparseMatrix xD
[jacky] joined the channel
# [chrisaldrich] jacky++ for looking out for the bookshelving people
# sparseMatrix man I may never get logged in here
# sparseMatrix Oh Wait there I go hahah
# sparseMatrix (I've moved out to the garage with the web-pi and my biggish AMD 6x
# sparseMatrix )
# sparseMatrix do we have an etherpad hashtag for the webmentioons meeting yet?
# [chrisaldrich] For convenience for the Webmentions session https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA, here's the etherpad link: https://etherpad.indieweb.org/Beyond_Webmention.io
# sparseMatrix Thanks @[chrisaldritch]
# sparseMatrix when I try to log in via the link on the web site, it tells me the host has another meeting in progress
# sparseMatrix I need to do it that way on the iPad, as it's the system where I run the zoom
[girrodocus] joined the channel
# [girrodocus] I’m experimenting with a DigitalOcean droplet running Ubuntu, nginx, and node.js via pm2. So far I’ve enabled SSH, disabled password login, made a sudo user, and set ufw (firewall) to block all incoming except 80 (http) and 443 (https) and another port for SSH. Does anyone know of any beginner-friendly resources I could follow to ensure my server is secure? Right now I don’t know if it’s secure and also don’t know how I’d find o
# [girrodocus] been compromised. I am a noob.
# barnabywalters I’d join but zoom tends to have terrible audio/video quality for me (compared to jitsi), so there’s not much point. I’ll keep an eye on the etherpad
# sparseMatrix all hail girrodocus
# sparseMatrix hails girrodocus
# sparseMatrix honestly, you've done most of the usual thing @girrodocus
# sparseMatrix if I were to suggest *one more thing* it would be to install fail2ban alongside ufw
[Ana_Rodrigues] joined the channel
gRegorLove and ColinWalker joined the channel
# ColinWalker Can't make the meeting but I'll be keeping an eye on the etherpad
# [girrodocus] Thank you sparseMatrix and snarfed. I will add fail2ban, and I’ve already turned on unattended-upgrades (but not sure if my config settings are good). When I first set it up it used to say OpenSSH for port 22 when I did ‘ufw status’ but now I’ve denied that and instead opened another port for my SSH, but it doesn’t say OpenSSH any more. It works… but maybe that port could be open for other things too?
# [girrodocus] Oh I also disabled ping. So when you ping my IP it doesn’t work.
# [girrodocus] I’ve been following YouTube tutorials for hacker kiddies and I’m not sure how much of what I’ve done is good and how much just feels useful without actually being useful as discussed here https://youtu.be/fKuqYQdqRIs
# [girrodocus] Ah ok maybe I should put ping back. And also Google ICMP and find out what that is (noob alert)
# [girrodocus] Aha thank you
ghosthell joined the channel; ghosthell left the channel
# [girrodocus] Thanks for telling me this. The tutorial I followed didn’t mention any downsides, and being a total noob I don’t even know what I don’t know.
[fluffy], shoesNsocks, Seirdy, [schmarty] and jamietanna joined the channel
# barnabywalters aaronpk/anyone: if a micropub endpoint receives a request which it doesn’t support, what’s the correct response? HTTP 400 with 'invalid_request', or HTTP 501 NOT IMPLEMENTED with a corresponding error and description?
# barnabywalters hmm okay. there are so many optional things in micropub that I’d have thought suggesting a “not_implemented” error in the spec would be useful
# barnabywalters for the moment I’ll go with 400 and a “not implemented” error description
# [schmarty] lol oops i replaced micropub with webmention in my brain 😂
# barnabywalters sknebel: what nuance am I missing out on? “501 Not Implemented means that the server does not support the functionality required to fulfill the request” seems suitable to me?
# barnabywalters ah it’s only for the method, okay
# barnabywalters thanks
Seirdy joined the channel
# petermolnar from the meeting: ( /me ducks in advance) trying to agree on the output jf2 for webmentions almost sounds like we are about to define an RDF Schema...
Seirdy joined the channel
# barnabywalters [snarfed]: I think 501 is “unknown or completely unsupported method” and 405 is “we know about this method, but this particular resource doesn’t support it”
# barnabywalters neither of which are what I was looking for :P
# [KevinMarks] I need to sign out for a bit to sort house stuff out - possible diagram https://indieweb.org/graphics#Illustrations_and_Sketch_Notes
# barnabywalters right, so 501 would be a suitable response to a request with a method of BANANA or something
# barnabywalters or a legacy server responding to a new, unsupported HTTP method?
# barnabywalters nope, I was looking for a way to return a “feature not implemented” response in a micropub endpoint and briefly thought that there was an HTTP code for the occasion
# barnabywalters but it looks like that isn’t the case so I’ll just use 400 with a descriptive error message
# barnabywalters yeah, agreed
# barnabywalters but if there had been one which was suitable I would have used it
# barnabywalters I’m about half way through writing my micropub adapter
# barnabywalters I have all the GET behaviour handled, now moving on to the POST behaviour
# barnabywalters what response would you expect for a valid action=delete request to a resource which is already deleted? a no-op success, as the resource is already deleted?
sparseMatrix joined the channel
# sparseMatrix Sorry folks, had to bail as iPad battery was out of juice :/
jeremycherfas joined the channel
maxwelljoslyn, jeremycherfas and lahacker joined the channel
# gRegorLove first one looks good, not sure I followed the discussion for #2
# gRegorLove Ah, like a rel value to discover `https://webmention.io/api/mentions.jf2` for example?
# @erikkroes Don't mind me. Testing webmentions.
https://www.erikkroes.nl/blog/i-made-this-website-with-html/ (twitter.com/_/status/1393664742439464970)
# sparseMatrix my hot-take on the meeting goes something like this: as a community of self-hosters and technology (early?) adopters, we need a reference specification to follow for webmentions.
# barnabywalters well there is a webmention spec already https://www.w3.org/TR/webmention/
# sparseMatrix Webmentions are fairly complex, and there are a few disparate implementations, but webmentions.io covers pretty much all the bases
# sparseMatrix @aaronpk: noted
# barnabywalters but a lot of the behaviour we associate with webmention is out of its scope
# barnabywalters yeah, webmention itself is really only a way of letting one URL know that another URL linked to it
# barnabywalters everything else is built on top of that
# sparseMatrix still, it boils down to this choice: either we take the best experiences of our luminaries and move forward with it, on a more or less experimental basis
# barnabywalters what we need next is a clear implementation guide for receiving and displaying responses to a post
# sparseMatrix or we come up with a specification that provides the implementor a methodology for representing the content visually
# jacky also sparseMatrix, you might want to follow https://github.com/indieweb/webmention-ecosystem now
# sparseMatrix I can dig it :D I just wanted to get that out there, while it was still fresh
# barnabywalters I’m not talking about defining what it should look like, but having a reference for exactly how to perform each step in the process from handling a webmention to displaying the reply it represents on your site
# sparseMatrix right
# barnabywalters i.e. a prose description of whatever it is webmention.io is doing under the hood
# sparseMatrix I wonder if we aren't overthinking some of that representation bit though
# [Ana_Rodrigues] Right, so I understand things better in pseudo-code too
# barnabywalters aaronpk: I would have joined but have only had bad experiences with zoom :( I read and wrote a bit in the etherpad though
# sparseMatrix it almost feels like something that could be answered with some themes or something
# sparseMatrix sorry, just riffing :)
# barnabywalters and I was deep in micropub adapter development
# barnabywalters at least within europe, I’ve always had better experiences with jitsi
# barnabywalters but maybe I’ll give zoom a go next time we have one of these meetups
# barnabywalters I guess it depends a lot on where you are
# [Ana_Rodrigues] and, my understanding, is that this is as well what Rainey was asking: like a way, either diagram or like barnabywalters says, a prose description of what happens under the hood.
# barnabywalters I’m a big fan of prose specs like the mf2 parsing spec
# barnabywalters I think I will make one for micropub once my adapter is working
# barnabywalters because it’s quite a lot of work to get from the formal spec to a series of conditions which cover every case properly
# [Ana_Rodrigues] in a way that anyone, regardless of what language people write in, can follow through and write something.
# barnabywalters [Ana_Rodrigues]: yep, exactly!
# sparseMatrix +1 for good textual documentation
# sparseMatrix Seeing is nice, but reading is learning
# [Ana_Rodrigues] fwiw, this is as well where I struggle with doing my own micropub endpoint.
# barnabywalters [Ana_Rodrigues]: what language are you programming your micropub endpoint in?
# [Ana_Rodrigues] I haven’t built it yet but I only know javascript (besides html and css)
[dmitshur] joined the channel
# [dmitshur] Question about events.indieweb.org. In the RSVPs section (e.g. https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA#rsvps) some entries have a name and photo, some just a URL. Is there a good way to learn what it takes to get one's name/photo to appear? I didn't find it documented on the site, and the site's source isn't available to read AFAICT (https://github.com/indieweb/events.indieweb.org). So my best ideas
# [dmitshur] so far is experimentation and/or asking its creator hehe.
# barnabywalters [dmitshur]: I think the URL-only RSVPs are either people who are logged into the wiki and clicked on the RSVP button, or people who sent an rsvp via webmention but didn’t provide an h-card with details
# [dmitshur] I used the "log in via wiki and press the RSVP button" path. Is it only possible to provide a name/photo via the other path?
# aaronpk also the source code is here https://github.com/aaronpk/Meetable
# barnabywalters aaronpk: it didn’t find mine, so I assume it’s a naieve search and doesn’t find my homepage .h-feed > p.author.h-card?
# [dmitshur] Thanks for that info, very helpful!
# [dmitshur] Is there caching involved perhaps? I added an h-card to my home page recently, tried logging in/out to indieweb.org and remove/re-add RSVP, but didn't notice a difference so far.
jeremycherfas joined the channel
# barnabywalters my getAuthor function should handle most cases https://github.com/barnabywalters/php-mf-cleaner/blob/master/src/BarnabyWalters/Mf2/Functions.php#L115
# gRegorLove I still have the situation where the h-card on my homepage is part of the h-feed so I don't think it gets pulled out as my RSVP author
# barnabywalters I think it’s a superset of the authorship algorithm to try to aggressively handle all possible cases
# [dmitshur] ah, a bug. thanks for spotting it!
# gRegorLove oh looks like barnaby's is similar, so that bug fix might work for me too
# barnabywalters GWG: good to know it’s useful! it probably needs updating with some new helper functions
# gRegorLove I thought that was fixed in https://github.com/aaronpk/XRay/issues/95 though
# gRegorLove oh, different thing I think. That was for authorship running Xray on a permalink
# @bnijenhuis ↩️ Recently wrote something about it: https://bnijenhuis.nl/notes/2021-05-03-implementing-clientside-webmentions/ (twitter.com/_/status/1393677889728663552)
# jacky that post led me to https://github.com/sw-yx/domainblocklist
# [Ana_Rodrigues] throwback to when all the websites like that spammed our meta channel because of my article in Smashing Magazine 😭
# barnabywalters micropub implementors: do you use the micropub endpoint as a media endpoint, perhaps with a URL parameter differentiating it, or do you have a completely separate endpoint for it?
# barnabywalters I’m trying to figure out the best way of handling the media endpoint in my adapter
# barnabywalters okay, good to know
# barnabywalters but to simplify my adapter, it should be okay to default to having both endpoints the same, and detecting media endpoint requests based on the presence of a file parameter, right?
# barnabywalters and the user of my adapter can just decide whether they want to implement the file uploading callback, and return a different URL at the discovery stage if they want to implement it elsewhere
# barnabywalters aaronpk: do you think it would make sense to add file to the list of reserved properties, to guarantee that it’s possible to use the micropub endpoint as a media endpoint?
# barnabywalters AFAIK there are no mf2 vocabularies with a property called file
# barnabywalters should I raise this as an issue somewhere?
# barnabywalters I definitely want to give potential users of my adapter code the possibility to do both
# barnabywalters but I think having them both be the exact same URL is sane default
gRegorLove_ joined the channel
# barnabywalters so it’d be good to bake that into the spec to guarantee that it’s possible
# barnabywalters when I say “bake into spec”, all I mean is reserving the 'file' form body parameter
# barnabywalters that’s all which is required to guarantee that micropub endpoints *can* be used as media endpoints, without requiring or recommending it
# barnabywalters welp, first draft is complete https://github.com/Taproot/micropub-adapter/blob/main/src/MicropubAdapter.php
# barnabywalters now to test it
# barnabywalters I’ve barely even used rust and yet somehow I already miss its enums when writing code like this
# barnabywalters pity there isn’t a really ergonomic PHP alternative
# barnabywalters it may well be, but I don’t want to limit this library to PHP 8 users
# barnabywalters oh yeah it has unions https://php.watch/versions/8.0/union-types
# barnabywalters although without a corresponding match {} equivalent, they’re not so useful
# [KevinMarks] The closest thing to a file parameter in microformats is enclosure in hAtom
# barnabywalters good thing hAtom is mostly irrelevant for micropub then!
# [KevinMarks] Yeah, legacy
[dianoetic_net] joined the channel
# gRegorLove aaronpk, can I have https://dev.indiebookclub.biz/ and https://indiebookclub.biz/ registered as a client for indielogin.com? Latter may already be.
barnabywalters joined the channel
# barnabywalters as far as I can tell, according to the spec, requests without h= or action= are treated as if they had h=entry by default
# barnabywalters and the reserved properties only apply in form-encoded and multipart requests anyway
# barnabywalters it’s still easy to identify media endpoint requests, as they would *only* contain a file upload called 'file' and absolutely nothing else
# barnabywalters but reserving the 'file' property in form-encoded requests would guarantee that this functionality is possible
timculverhouse and [chrisaldrich] joined the channel