#dev 2021-05-15

2021-05-15 UTC
dirtythinkpad, [jacky], alex11, [tantek] and [fluffy] joined the channel; dirtythinkpad left the channel
#
[fluffy]
[tantek] regarding UID stuff I added examples to /uid and also a note about the parsing thing to /u-uid
#
[tantek]
nice. well at least we a publishing example! now we need a consuming example to make sure it works as expected
#
[fluffy]
Yeah. Also it’s generally a good idea for consumers to still namespace the UID to the site in some way, to prevent various attacks where a malicious site purposefully uses the same UUID as an article on another site
#
[fluffy]
(or to prevent honest mistakes like both sites use small autoincrement entry IDs for the UID)
#
[fluffy]
also with Publ I could *technically* just declare a u-uid of the entry ID and then it’d be a resolvable URL that will chase its way to the final permalink.
#
[fluffy]
like <a class=“u-uid” href=“10425">
#
[fluffy]
but I feel like since I provide proper UUIDs for my Atom feed it’s a good idea to make them nominally match the h-feed.
#
[fluffy]
although that might also be a weird assumption, and maybe it’s okay if the generated uuid4 UUIDs only exist for Atom?
#
[fluffy]
oh and I guess href=“/10425” so that it’s not relative to the entry’s category page.
#
[fluffy]
Also, is it obvious why I was deliberate about which example entry I used? 😉
#
[tantek]
"malicious site purposefully uses the same UUID as an article on another site" agree with that scenario, however: "namespace the UID to the site in some way" <- wait doesn't that defeat the whole assumption that feed GUIDs are independent of domain?!?
#
[fluffy]
Namespacing doesn’t have to be based on the URL
#
[fluffy]
like FeedOnFeeds associates the UID with the subscription
#
[fluffy]
for example the database row will be like feed_id=274 entry_id=387293 uuid=‘abcd1234-789789789’
#
[fluffy]
feed_id and entry_id being internal to FeedOnFeeds and uuid coming from the feed
#
[tantek]
also this use of GUIDs (to work across domain changes) in feeds was designed before modern cross-origin understandings & boundaries
#
[tantek]
so I don't think that works any more
#
[fluffy]
yeah you can’t treat a GUID as, um, G
#
[tantek]
I mean, GUIDs can still work for your use-case of changing /blog to /article in permalinks
#
[tantek]
so maybe we should set expectations accordingly
#
[fluffy]
yeah. my point is that the feed reader should only treat the UID as an opaque identifier *within the context of that subscription* and not as a globally-unique identifier.
#
[tantek]
and explicitly debunk the assumption (in their aspirational design) that it can de-dupe across domains, because that's a cross-origin violation
#
[fluffy]
and that should probably be captured in /uid and/or /u-uid
#
[tantek]
yeah this is the first time I've seen someone point it out
#
[fluffy]
I”m kind of low on spoons right now though
#
[tantek]
yeah totally
#
[fluffy]
I think even in the case of u-uid you still need to be careful about how you treat it, like a malicious site alice.example.com could still provide a u-uid of https://bob.example.com/12345
#
[tantek]
uid << Limitation: GUIDs on the web are not "G". While RSS & Atom assert that post GUIDs (and thus a h-entry uid) can be used to de-dupe entries (avoid new unreads) when a feed moves across domains, that assertion violates modern understanding and restrictions of cross-origin semantics, and cannot be expected to work. Assume such post GUIDs only work in the context of their domain.
#
Loqi
ok, I added "Limitation: GUIDs on the web are not "G". While RSS & Atom assert that post GUIDs (and thus a h-entry uid) can be used to de-dupe entries (avoid new unreads) when a feed moves across domains, that assertion violates modern understanding and restrictions of cross-origin semantics, and cannot be expected to work. Assume such post GUIDs only work in the context of their domain." to the "See Also" section of /uid https://indieweb.org/wiki/index.php?diff=75685&oldid=75683
#
[fluffy]
heh, you added that just as I was about to add a similar thing to that same page
#
[tantek]
uid << Caution for 'uid' consuming applications: Even if you use a URL as your uid / GUID, you still need to be careful about how you treat it, like a malicious site alice.example.com could still provide a u-uid of https://bob.example.com/12345 and attempt to "overwrite" a post from another domain
#
Loqi
ok, I added "Caution for 'uid' consuming applications: Even if you use a URL as your uid / GUID, you still need to be careful about how you treat it, like a malicious site alice.example.com could still provide a u-uid of https://bob.example.com/12345 and attempt to "overwrite" a post from another domain" to the "See Also" section of /uid https://indieweb.org/wiki/index.php?diff=75686&oldid=75685
#
[fluffy]
thanks tantek++
#
Loqi
tantek has 19 karma in this channel over the last year (71 in all channels)
#
[tantek]
fluffy, here to spare some spoons 🤝
#
[tantek]
appreciate the insights
#
aaronpk
interesting!
[snarfed] joined the channel
#
[snarfed]
oh bridgy and granary have also been publishing mf2 uids for a long time now. generally tag URIs
[tw2113_Slack_], tomlarkworthy, [chrisaldrich] and [KevinMarks] joined the channel
#
[KevinMarks]
Well, if you use content hashes as guids you can dedupe across domains, but in practice a lot of posts end up with the domain url in them somewhere.
#
[KevinMarks]
And redesigning your template then changes all the guids
Caleb[m]1, dhanesh and [fluffy] joined the channel
#
[fluffy]
And that still doesn’t address the possibility of a malicious spoofed UID
dhanesh, alex11, [dianoetic_net] and sparseMatrix joined the channel
#
sparseMatrix
Ok, so I 98% got it working, just in the past few minutes.
#
sparseMatrix
The last bit is getting it to fly with https
#
sparseMatrix
oh and the socket perms are still a pain point
#
sparseMatrix
there's your 2&
#
sparseMatrix
2%
#
sparseMatrix
it turns out there was nothing at all wrong with the configuration. In fact, we've probably tested a dozen configurations, all that would have at least worked.
#
sparseMatrix
as it happens, the problem was in the invocation of uwsgi\
#
sparseMatrix
in this invocation: uwsgi --protocol=http -w wsgi --ini uwsgi.ini, typical of what we were attempting yesterday, we weren't actually getting http all the way down the wire to nginx. That in spite of the '--protocol=http'. Hence the premature termination of the connection reported in the nginx logs.
#
sparseMatrix
in THIS invocation: uwsgi --socket 0.0.0.0:8080 --http-socket --ini uwsgi.ini, we do, in fact, get http end to end through the gateway.
#
sparseMatrix
Though I had to manually set perms on the socket, and cannot yet hit it with a web browser (at some point in transit the browser trries to force the connection to https), I am consistently able to access the content via curl from within my domain. Curl will probably work for any of y'all that want to test it as well.
#
sparseMatrix
The URL I'm using to test is http://reader.code4peeps.life/reader/index.md
#
sparseMatrix
Confirmation from anyone out in the world would be considered bonus :D
[snarfed] joined the channel
#
[snarfed]
Congrats! I'm getting a 502 right now though
#
[snarfed]
(in browser, but still just http)
#
sparseMatrix
I've got some stuff to do around the tiny compound this morning (yard work and gardening), but afterwords the plan is to fully transcribe my current configs to some kb artifacts for reference and annotation, and then move on with refinements
#
sparseMatrix
@[snarfed] if you're dancing with uwsgi it could be a similar problem
#
[snarfed]
Oh no, i was just trying your url q
#
sparseMatrix
oh I see, cool :D
#
sparseMatrix
yeah, you'll wanna try it with curl for immediate gratification
#
[snarfed]
Surprising. My browser is definitely loading http only, not https
#
sparseMatrix
interesting
#
sparseMatrix
oh duh
#
sparseMatrix
one sec
#
sparseMatrix
uwsgi is not running, I stopped it cut and paste the commandlines
#
sparseMatrix
try it now
#
[snarfed]
Same 😐
#
sparseMatrix
ack, me too now'
#
sparseMatrix
Dangol socket perms
#
sparseMatrix
one more time FTW
#
sparseMatrix
: D
#
sparseMatrix
it's funny because I am still only about half awake
#
sparseMatrix
you were able to get it in your browser?
#
sparseMatrix
it should be noted that when the folks here started helping me out a few days ago (thanks to lahacker and sknebel (sp?)) I had a MULTITUDE of problems. It was only with their patient and persistent assistance that I got down to this one final issue that I eventually drilled down to and resolved. Thanks y'all!\
#
[snarfed]
Yup, in browser
#
sparseMatrix
bad to the bone
#
sparseMatrix
thanks for the confirmation @[snarfed]
barnabywalters and [KevinMarks] joined the channel
#
[dianoetic_net]
Not sure where this thought should go so I'm trying it here... category names. Plural or singular? When you go to someone's website and want to subscribe to a feed, do you click on "note" or "notes"?
#
[dianoetic_net]
Apparently I'm bored.
#
sparseMatrix
I'll bite: 'feed' kinder implies multiples, so if I'm looking for a feed, I'd probably be most inclined towards notes.
#
[dianoetic_net]
^‿^ Makes sense
shoesNsocks and superkuh joined the channel
#
@JamieTanna
I'm looking forward to the #IndieWeb pop-up session tonight (https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA) to talk about how we can improve the #Webmention experience for new IndieWeb folks (https://www.jvt.me/mf2/2021/05/gahrb/)
(twitter.com/_/status/1393587303466012677)
[chrisaldrich] joined the channel
#
jacky
this is about CSS but for the bookshelving people, this looks like a neat interface https://mxb.dev/blog/container-queries-web-components/
shoesNsocks joined the channel
#
sparseMatrix
@jacky what are 'bookshelving people'?
#
sparseMatrix
I'm not sure I are one, but man, that looks like some shiny new CSS tech right there...
Seirdy joined the channel
#
jacky
I meant like those who are interested in owning their bookshelves / library records (like Goodreads and friends)
Seirdy joined the channel
#
@ChrisAldrich
↩️ Inserting them relies on people building tools using those services’ APIs to watch for them and send them. (This is what http://Brid.gy does btw if you’d like to help or see how it’s done.) Hop into the IWC online dev chat channel for more [...] https://boffosocko.com/2021/04/27/55790622/?replytocom=321824#respond
(twitter.com/_/status/1393600730636771331)
#
barnabywalters
anyone know why the syndicate-to information appears in both ?q=config and ?q=syndicate-to micropub configuration queries?
#
barnabywalters
is it a back compat thing?
Seirdy joined the channel
#
jacky
I think so but also like a simple way to get it in one go. IIRC the first thing most Micropub clients do is call `?q=config`
#
barnabywalters
yeah, having ?q=syndicate-to additionally seems weirdly redundant
#
jacky
so ?q=syndicate-to could be used to include more info
#
jacky
personally, I'd like for ?q=config > syndicate-to to only return a list of UIDs and have the clients ask about each one
#
jacky
(or a set of them)
#
jacky
barnabywalters: there's a chance that depending on the client used, one could change that set as well
#
jacky
this is something I was literally thinking last night but having my consent screen also show what syndication targets should be available to a particular client
#
barnabywalters
according to the spec, the syndicate-to data in q=config and q=syndicate-to should be the same
#
jacky
the spec can be changed ;)
#
barnabywalters
or at least that’s implied
#
jacky
but yeah
#
barnabywalters
I’m mostly trying to decide whether the two methods should get different callbacks in my micropub adaptor
#
barnabywalters
I think for the moment I’ll go with just having a configuration query callback, and the syndicate to callback will call that internally and extract the syndicate-to data
#
barnabywalters
untill I can see a compelling reason for the two queries to return different data
Seirdy joined the channel
#
barnabywalters
the spec also doesn’t mention what to do if the url requested by a q=source query doesn’t exist, or if the user doesn’t have sufficient permissions to access it
#
barnabywalters
I assume we just just regular 404 and 403 in those cases
#
barnabywalters
ah yeah it does mention those, just not in the querying section
#
jacky
good note re: that
#
jacky
might be a chance to tidy that part of the Wiki
#
jacky
and yeah that's similar to what I did with the older form of my site and doing now
[snarfed] and [KevinMarks] joined the channel
#
@RaineyCode
I have an idea for webmention. Who's built something with it and any gotchas to look out for or tutorials/ blogs you'd recommend?
(twitter.com/_/status/1393609936505036802)
#
jacky
^ just invited them lol
#
aaronpk
good timing haha
#
@jackyalcine
↩️ I'll do you one better - we're running a event in like two hours _about_ Webmentions! https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA There's also the wealth of info at https://indieweb.org/Webmention!
(twitter.com/_/status/1393612336800301063)
#
sknebel
well, maybe not the best place for someone starting out
#
sknebel
unless I missunderstood the topic
#
jacky
sknebel: fair! I didn't parse their note as a beginner-y thing
#
[chrisaldrich]
What is a personal library?
#
Loqi
A personal library is an online collection of books that reflects either physical or digital items one owns, wants to acquire, has bookmarked to read, is currently reading, or read in the past https://indieweb.org/personal_library
#
[chrisaldrich]
is a bookshelving person 🙂 cc: sparseMatrix ^^
#
sparseMatrix
xD
[jacky] joined the channel
#
[jacky]
that's the term lol
#
[chrisaldrich]
jacky++ for looking out for the bookshelving people
#
Loqi
jacky has 30 karma in this channel over the last year (110 in all channels)
#
sparseMatrix
man I may never get logged in here
#
sparseMatrix
Oh Wait there I go hahah
#
sparseMatrix
(I've moved out to the garage with the web-pi and my biggish AMD 6x
#
sparseMatrix
)
#
sparseMatrix
do we have an etherpad hashtag for the webmentioons meeting yet?
#
sparseMatrix
Thanks @[chrisaldritch]
#
sparseMatrix
when I try to log in via the link on the web site, it tells me the host has another meeting in progress
#
sparseMatrix
I need to do it that way on the iPad, as it's the system where I run the zoom
[girrodocus] joined the channel
#
[girrodocus]
I’m experimenting with a DigitalOcean droplet running Ubuntu, nginx, and node.js via pm2. So far I’ve enabled SSH, disabled password login, made a sudo user, and set ufw (firewall) to block all incoming except 80 (http) and 443 (https) and another port for SSH. Does anyone know of any beginner-friendly resources I could follow to ensure my server is secure? Right now I don’t know if it’s secure and also don’t know how I’d find o
#
[girrodocus]
been compromised. I am a noob.
#
barnabywalters
I’d join but zoom tends to have terrible audio/video quality for me (compared to jitsi), so there’s not much point. I’ll keep an eye on the etherpad
#
sparseMatrix
all hail girrodocus
#
sparseMatrix
hails girrodocus
#
sparseMatrix
honestly, you've done most of the usual thing @girrodocus
#
sparseMatrix
if I were to suggest *one more thing* it would be to install fail2ban alongside ufw
[Ana_Rodrigues] joined the channel
#
[snarfed]
girrodocus sure! update your OS and packages (eg openssh), turn on unattended-upgrades so you get security patches automatically, and turn off password auth in ssh (you’d then ssh in with a key instead)
#
[snarfed]
oh nm, you already disabled password, :thumbsup:
gRegorLove and ColinWalker joined the channel
#
ColinWalker
Can't make the meeting but I'll be keeping an eye on the etherpad
#
[girrodocus]
Thank you sparseMatrix and snarfed. I will add fail2ban, and I’ve already turned on unattended-upgrades (but not sure if my config settings are good). When I first set it up it used to say OpenSSH for port 22 when I did ‘ufw status’ but now I’ve denied that and instead opened another port for my SSH, but it doesn’t say OpenSSH any more. It works… but maybe that port could be open for other things too?
#
[girrodocus]
Oh I also disabled ping. So when you ping my IP it doesn’t work.
#
sknebel
if you block too much of ICMP you can easily subtly break access to your site, so I'd be careful with that. and ping really doesnt hurt
#
[girrodocus]
I’ve been following YouTube tutorials for hacker kiddies and I’m not sure how much of what I’ve done is good and how much just feels useful without actually being useful as discussed here https://youtu.be/fKuqYQdqRIs
#
[girrodocus]
Ah ok maybe I should put ping back. And also Google ICMP and find out what that is (noob alert)
#
sknebel
ah sorry. the protocol family ping belongs to
#
[girrodocus]
Aha thank you
#
sknebel
and while there are some risks in that, any modern linux is going to have sane defaults there, so you don't need to worry. and if you block to much of it, you block useful parts
#
sknebel
(e.g. PMTU discovery relies on it, and that can cause weird bugs if its broken. (no need to know what that is, unless you are curious and want to look it up ;))
ghosthell joined the channel; ghosthell left the channel
#
[girrodocus]
Thanks for telling me this. The tutorial I followed didn’t mention any downsides, and being a total noob I don’t even know what I don’t know.
[fluffy], shoesNsocks, Seirdy, [schmarty] and jamietanna joined the channel
#
barnabywalters
aaronpk/anyone: if a micropub endpoint receives a request which it doesn’t support, what’s the correct response? HTTP 400 with 'invalid_request', or HTTP 501 NOT IMPLEMENTED with a corresponding error and description?
#
aaronpk
i think 5xx errors are never supposed to be considered part of normal application logic flow
#
barnabywalters
hmm okay. there are so many optional things in micropub that I’d have thought suggesting a “not_implemented” error in the spec would be useful
#
barnabywalters
for the moment I’ll go with 400 and a “not implemented” error description
#
sknebel
that's not what 501 means!
#
[schmarty]
lol oops i replaced micropub with webmention in my brain 😂
#
sknebel
501 *METHOD* speciically refers to GET/POST/...
#
barnabywalters
sknebel: what nuance am I missing out on? “501 Not Implemented means that the server does not support the functionality required to fulfill the request” seems suitable to me?
#
sknebel
it refers to HTTP method
#
barnabywalters
ah it’s only for the method, okay
Seirdy joined the channel
#
[snarfed]
wait no, 405 is method not supported, right?
#
petermolnar
from the meeting: ( /me ducks in advance) trying to agree on the output jf2 for webmentions almost sounds like we are about to define an RDF Schema...
Seirdy joined the channel
#
barnabywalters
[snarfed]: I think 501 is “unknown or completely unsupported method” and 405 is “we know about this method, but this particular resource doesn’t support it”
#
barnabywalters
neither of which are what I was looking for :P
#
[snarfed]
feature unknown, maybe yes, but probably not method unknown
#
[snarfed]
since the set of HTTP methods is fully specified
#
[KevinMarks]
I need to sign out for a bit to sort house stuff out - possible diagram https://indieweb.org/graphics#Illustrations_and_Sketch_Notes
#
[snarfed]
KevinMarks++
#
Loqi
KevinMarks has 12 karma in this channel over the last year (59 in all channels)
#
barnabywalters
right, so 501 would be a suitable response to a request with a method of BANANA or something
#
[snarfed]
if you’re writing a web server or framework, yes. hopefully those would catch and handle BANANA before your app ever saw it though? 🤷
#
[snarfed]
seems like a pretty uncommon situation you could safely ignore
#
barnabywalters
or a legacy server responding to a new, unsupported HTTP method?
#
[snarfed]
did this happen? curious how/why we’re trying to handle this
#
barnabywalters
nope, I was looking for a way to return a “feature not implemented” response in a micropub endpoint and briefly thought that there was an HTTP code for the occasion
#
barnabywalters
but it looks like that isn’t the case so I’ll just use 400 with a descriptive error message
#
aaronpk
i'm a big fan of keeping HTTP codes out of application logic :) HTTP is a transport protocol after all
#
barnabywalters
yeah, agreed
#
barnabywalters
but if there had been one which was suitable I would have used it
#
barnabywalters
I’m about half way through writing my micropub adapter
#
barnabywalters
I have all the GET behaviour handled, now moving on to the POST behaviour
#
barnabywalters
what response would you expect for a valid action=delete request to a resource which is already deleted? a no-op success, as the resource is already deleted?
sparseMatrix joined the channel
#
sparseMatrix
Sorry folks, had to bail as iPad battery was out of juice :/
jeremycherfas joined the channel
#
jacky
no prob!
maxwelljoslyn, jeremycherfas and lahacker joined the channel
#
Loqi
[jalcine] #1 Defining the Retrieval Format for Webmentions
#
jacky
lemme know if the bodys of those need some proofreading
#
jacky
or like rephrasing
#
gRegorLove
first one looks good, not sure I followed the discussion for #2
#
aaronpk
"how would a client-side rendering library know the URL to go fetch the comments from"
#
gRegorLove
Ah, like a rel value to discover `https://webmention.io/api/mentions.jf2` for example?
#
aaronpk
interestingly, there's a discussion about a similar issue for OAuth right now
#
jacky
gRegorLove: yeah!
#
jacky
gonna link that as potential prior art
#
jacky
I do think those things mentioned as the bits of webmention.io could be added to its Wiki page as well
#
aaronpk
good idea
#
jacky
mainly for people to conceptualize all of the stuff it does with a word to each part
#
jacky
heh just saw that
#
sparseMatrix
my hot-take on the meeting goes something like this: as a community of self-hosters and technology (early?) adopters, we need a reference specification to follow for webmentions.
#
barnabywalters
well there is a webmention spec already https://www.w3.org/TR/webmention/
#
aaronpk
yep, but for more than just the "webmention" part, which already does have a spec and test
#
sparseMatrix
Webmentions are fairly complex, and there are a few disparate implementations, but webmentions.io covers pretty much all the bases
#
sparseMatrix
@aaronpk: noted
#
barnabywalters
but a lot of the behaviour we associate with webmention is out of its scope
#
aaronpk
turns out webmention by itself is only a tiny part of it
#
barnabywalters
yeah, webmention itself is really only a way of letting one URL know that another URL linked to it
#
barnabywalters
everything else is built on top of that
#
sparseMatrix
still, it boils down to this choice: either we take the best experiences of our luminaries and move forward with it, on a more or less experimental basis
#
barnabywalters
what we need next is a clear implementation guide for receiving and displaying responses to a post
#
jacky
I think receiving is something to be done but I'm hesitant on defining what it should look like on a site
#
sparseMatrix
or we come up with a specification that provides the implementor a methodology for representing the content visually
#
jacky
I feel like that's a hyper-specific thing
#
jacky
also sparseMatrix, you might want to follow https://github.com/indieweb/webmention-ecosystem now
#
jacky
that'll be the place to discuss/propose things around Webmention
#
jacky
that's a brand new repo :)
#
sparseMatrix
I can dig it :D I just wanted to get that out there, while it was still fresh
#
barnabywalters
I’m not talking about defining what it should look like, but having a reference for exactly how to perform each step in the process from handling a webmention to displaying the reply it represents on your site
#
sparseMatrix
right
#
aaronpk
we missed you in the discussion barnabywalters!
#
barnabywalters
i.e. a prose description of whatever it is webmention.io is doing under the hood
#
sparseMatrix
I wonder if we aren't overthinking some of that representation bit though
#
[Ana_Rodrigues]
Right, so I understand things better in pseudo-code too
#
barnabywalters
aaronpk: I would have joined but have only had bad experiences with zoom :( I read and wrote a bit in the etherpad though
#
sparseMatrix
it almost feels like something that could be answered with some themes or something
#
sparseMatrix
sorry, just riffing :)
#
aaronpk
ah strange, zoom has been one of the best for handling poor connections for me
#
barnabywalters
and I was deep in micropub adapter development
#
barnabywalters
at least within europe, I’ve always had better experiences with jitsi
#
aaronpk
strange, jitsi has been one of the worst for me too
#
barnabywalters
but maybe I’ll give zoom a go next time we have one of these meetups
#
barnabywalters
I guess it depends a lot on where you are
#
aaronpk
jitsi is fine with like 3-4 people but beyond that it becomes a mess
#
[Ana_Rodrigues]
and, my understanding, is that this is as well what Rainey was asking: like a way, either diagram or like barnabywalters says, a prose description of what happens under the hood.
#
jacky
ah yes [Ana_Rodrigues] you're right
#
barnabywalters
I’m a big fan of prose specs like the mf2 parsing spec
#
barnabywalters
I think I will make one for micropub once my adapter is working
#
barnabywalters
because it’s quite a lot of work to get from the formal spec to a series of conditions which cover every case properly
#
[Ana_Rodrigues]
in a way that anyone, regardless of what language people write in, can follow through and write something.
#
barnabywalters
[Ana_Rodrigues]: yep, exactly!
#
sparseMatrix
+1 for good textual documentation
#
sparseMatrix
Seeing is nice, but reading is learning
#
[Ana_Rodrigues]
fwiw, this is as well where I struggle with doing my own micropub endpoint.
#
barnabywalters
[Ana_Rodrigues]: what language are you programming your micropub endpoint in?
#
[Ana_Rodrigues]
I haven’t built it yet but I only know javascript (besides html and css)
[dmitshur] joined the channel
#
[dmitshur]
Question about events.indieweb.org. In the RSVPs section (e.g. https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA#rsvps) some entries have a name and photo, some just a URL. Is there a good way to learn what it takes to get one's name/photo to appear? I didn't find it documented on the site, and the site's source isn't available to read AFAICT (https://github.com/indieweb/events.indieweb.org). So my best ideas
#
[dmitshur]
so far is experimentation and/or asking its creator hehe.
#
barnabywalters
[dmitshur]: I think the URL-only RSVPs are either people who are logged into the wiki and clicked on the RSVP button, or people who sent an rsvp via webmention but didn’t provide an h-card with details
#
aaronpk
speaking of webmentions
#
aaronpk
yes if your RSVP post has an h-card and all that it'll show up with the photo
#
aaronpk
nothing specific to RSVPs or events.indieweb.org, it's all part of the same way all responses are handled, and this is exactly what i'd expect to see in a more detailed "how to webmention" guide :)
#
[dmitshur]
I used the "log in via wiki and press the RSVP button" path. Is it only possible to provide a name/photo via the other path?
#
aaronpk
also the source code is here https://github.com/aaronpk/Meetable
#
Loqi
[aaronpk] Meetable: a minimal website for posting events
#
aaronpk
it'll look for an h-card on your home page when you log in
#
barnabywalters
aaronpk: it didn’t find mine, so I assume it’s a naieve search and doesn’t find my homepage .h-feed > p.author.h-card?
#
[dmitshur]
Thanks for that info, very helpful!
#
[dmitshur]
Is there caching involved perhaps? I added an h-card to my home page recently, tried logging in/out to indieweb.org and remove/re-add RSVP, but didn't notice a difference so far.
#
aaronpk
let me check the logs
#
aaronpk
barnabywalters: it should be pretty aggressive about finding the photo
#
aaronpk
i see it there
jeremycherfas joined the channel
#
aaronpk
ah looks like on barnabywalters' site i need to go a little further with the logic to find the h-card there
#
gRegorLove
I still have the situation where the h-card on my homepage is part of the h-feed so I don't think it gets pulled out as my RSVP author
#
barnabywalters
I think it’s a superset of the authorship algorithm to try to aggressively handle all possible cases
#
aaronpk
ah shoot, looks like it's not looking for the photo after logging in, only the first time the user is found
#
[dmitshur]
ah, a bug. thanks for spotting it!
#
GWG
barnabywalters: Thanks for mf cleaner, by the way.. I still use some of it
#
gRegorLove
oh looks like barnaby's is similar, so that bug fix might work for me too
#
barnabywalters
GWG: good to know it’s useful! it probably needs updating with some new helper functions
#
GWG
barnabywalters: Maybe I should backport some of my mods
#
gRegorLove
I thought that was fixed in https://github.com/aaronpk/XRay/issues/95 though
#
Loqi
[gRegorLove] #95 Missing author
#
gRegorLove
oh, different thing I think. That was for authorship running Xray on a permalink
#
jacky
interesting
#
Loqi
[sw-yx] domainblocklist: domains that are mostly just automated reposts of content sites like CSS Tricks
#
aaronpk
oh wow hah
#
jacky
I kinda wish there was a way to comb people's experiences like this with Webmentions
#
jacky
eh not really lol
#
[Ana_Rodrigues]
throwback to when all the websites like that spammed our meta channel because of my article in Smashing Magazine 😭
#
aaronpk
haha yes
#
barnabywalters
micropub implementors: do you use the micropub endpoint as a media endpoint, perhaps with a URL parameter differentiating it, or do you have a completely separate endpoint for it?
#
aaronpk
totally separate, actually on a different domain even :)
#
barnabywalters
I’m trying to figure out the best way of handling the media endpoint in my adapter
#
barnabywalters
okay, good to know
#
barnabywalters
but to simplify my adapter, it should be okay to default to having both endpoints the same, and detecting media endpoint requests based on the presence of a file parameter, right?
#
aaronpk
i suppose so!
#
barnabywalters
and the user of my adapter can just decide whether they want to implement the file uploading callback, and return a different URL at the discovery stage if they want to implement it elsewhere
#
barnabywalters
aaronpk: do you think it would make sense to add file to the list of reserved properties, to guarantee that it’s possible to use the micropub endpoint as a media endpoint?
#
aaronpk
probbaly yes
#
barnabywalters
AFAIK there are no mf2 vocabularies with a property called file
#
barnabywalters
should I raise this as an issue somewhere?
#
jacky
barnabywalters: I've been torn on implementing a separate Micropub media endpoint
#
jacky
currently, I've baked it into my site but I can see the appeal for having it separated
#
barnabywalters
I definitely want to give potential users of my adapter code the possibility to do both
#
barnabywalters
but I think having them both be the exact same URL is sane default
gRegorLove_ joined the channel
#
barnabywalters
so it’d be good to bake that into the spec to guarantee that it’s possible
#
jacky
I don't know if baking into the spec is necessarily the route
#
jacky
IIRC you can also specify the media endpoint in `?q=config`
#
barnabywalters
when I say “bake into spec”, all I mean is reserving the 'file' form body parameter
#
jacky
gotcha
#
barnabywalters
that’s all which is required to guarantee that micropub endpoints *can* be used as media endpoints, without requiring or recommending it
#
jacky
fair point
#
barnabywalters
now to test it
#
barnabywalters
I’ve barely even used rust and yet somehow I already miss its enums when writing code like this
#
barnabywalters
pity there isn’t a really ergonomic PHP alternative
#
aaronpk
i feel like php 8 is adding a bunch of new features, does that not exist in 8 yet?
#
barnabywalters
it may well be, but I don’t want to limit this library to PHP 8 users
#
barnabywalters
although without a corresponding match {} equivalent, they’re not so useful
#
[KevinMarks]
The closest thing to a file parameter in microformats is enclosure in hAtom
#
barnabywalters
good thing hAtom is mostly irrelevant for micropub then!
#
[KevinMarks]
Yeah, legacy
#
sknebel
feel like we discussed a generic "attachment" property a few times. but even so, it never would conflict with the file upload syntax due to any valid MP request having other properties (h=, action=) too?
#
sknebel
I.e. not sure reserving "file" is the correct thing?
#
aaronpk
oh good point
#
aaronpk
also it's only a potential conflict in form-encoded mode, which would have the h=
[dianoetic_net] joined the channel
#
gRegorLove
aaronpk, can I have https://dev.indiebookclub.biz/ and https://indiebookclub.biz/ registered as a client for indielogin.com? Latter may already be.
barnabywalters joined the channel
#
barnabywalters
as far as I can tell, according to the spec, requests without h= or action= are treated as if they had h=entry by default
#
barnabywalters
and the reserved properties only apply in form-encoded and multipart requests anyway
#
barnabywalters
it’s still easy to identify media endpoint requests, as they would *only* contain a file upload called 'file' and absolutely nothing else
#
barnabywalters
but reserving the 'file' property in form-encoded requests would guarantee that this functionality is possible
#
sknebel
yeah, capturing that in some way does make sense I think
timculverhouse and [chrisaldrich] joined the channel