#dev 2021-05-16
2021-05-16 UTC
jeremycherfas joined the channel
# [dianoetic_net] Thanks! 😄 I’m working on this (https://github.com/dianoetic/indiefeed) so that’s very helpful!
# [dianoetic_net] I have to rejigger a bit, the h2 is actually in my content right now...
gRegorLove and dckc joined the channel
# jacky might be interesting for folks who have containerized forms of their services and want to demo it https://labs.play-with-docker.com/
dckc, IWSlackGateway and [Tim_Culverhous] joined the channel
# [Tim_Culverhous] I read (most) of the notes from the webmention meetup and saw that there was an ask for other tools like webmention.io....I’m working on a netlify hosted receiver. I’m hoping I can just throw a “deploy to netlify” button in the repo and anyone can be up and running their own self-hosted receiver in just a few minutes.
# [Tim_Culverhous] Oh I missed that! I’ll read some more :)
# [Tim_Culverhous] Found it the relevant part, and saw Max Boeck’s 11ty implementation referenced too. Happens to be exactly how I’m handling wm’s too.
# [Tim_Culverhous] It would be really easy to wrap up a netlify based webmention receiver (and micropub server too) into a single 11ty starter repo and have it all work out of the box
# [Tim_Culverhous] Now just to find the time!
gRegorLove, [dianoetic_net] and dckc joined the channel
# [dianoetic_net] [Tim_Culverhous] that would be amazing! I’m hoping IndieFeed can be a starter repo for folks so a simple “deploy to Netlify” is a great idea
dhanesh joined the channel
# jamietanna[m] Barnabywalters I have a media endpoint on a separate url, but also have multipart form uploads so a client can send it to the micropub non-media endpoint too
barnabywalters joined the channel
# barnabywalters so, reading through the micropub extension page quickly makes it clear that all the media endpoint extensions assume that the media endpoint is separate to the micropub endpoint
# barnabywalters which makes me think that combining the two should actively be discouraged
# jamietanna[m] That's an interesting point that I'm not sure we'd considered - extensions should only be via the separate media endpoint
# jamietanna[m] But we still want to allow folks to use their main endpoint for uploads if they so wish
# barnabywalters to be clear, I’m not talking about form/multipart requests, only media-endpoint file uploads
# barnabywalters I had initially thought that it was possible to have one endpoint be both the mp endpoint and the media endpoint, as per the spec there’s no overlap between MP requests and media endpoint requests
# barnabywalters but that’s no longer true once you consider many of the extensions, e.g. the media endpoint query extension
dckc joined the channel
# jamietanna[m] Yep, so we'd need one non-media endpoint (plus query) and one media endpoint (plus query)
[dianoetic_net] joined the channel
# [dianoetic_net] Submitted IndieFeed to Hugo :crossed_fingers: ≧◡≦
saptaks, barnabywalters and jamietanna joined the channel
# jamietanna Hey aaronpk aside from you is anyone able to have a look at https://github.com/aaronpk/micropub.rocks/pull/87 ?
[KevinMarks] joined the channel
# [KevinMarks] ooh nice [dianoetic_net] - I made an indieweb friendly one based on Tufte-CSS for a friend a while ago, but haven't done a proper release https://github.com/ChristopherA/LifeWithAlacrityBlog/tree/master/blog/themes/indie-tufte
# [KevinMarks] this was meant for his rather more essay-like posting style
# [dianoetic_net] [KevinMarks] That looks excellent! If you wanted to release it I bet people would use it. More IndieWeb SSG themes, I say! \(^-^)/
# [KevinMarks] What's the best way to do that, make a repo more like yours and promote it to Hugo folks?
# [KevinMarks] hm, talking of adding mf2 markup, seems like mastodon explore pages could maybe benefit from h-card
tomlarkworthy, [dmitshur] and [chee] joined the channel
# [dmitshur] Copying my h-card questions from #indieweb:
# [dmitshur] > https://microformats.org/wiki/h-card describes `u-uid` property as "universally unique identifier, preferably canonical URL". Is it meant to be a unique identifier for the person the h-card describes, or for the h-card itself? Is there a way it differs from `u-url`, which is described as "home page or other URL representing the person or organization"? What benefit is there in specifying `u-uid` compared to leaving it out?
# [dmitshur] > I suspect it might be related to the concept of a "representative h-card", https://microformats.org/wiki/representative-h-card-parsing, which I'm reading now.
# [dmitshur] My best understanding so far is that `u-uid` may make make a difference only when you have >1 h-card on a page. So I'll probably use my usual strategy of not using things I don't fully understand/need until I encounter a concrete reason, and specify `u-url` only.
# [dmitshur] Ah. So in that case `u-uid` would be equivalent to your primary identity. So it's still information about the person, not the h-card.
# [dianoetic_net] [KevinMarks] There's guidelines from Hugo for submitting your theme: https://github.com/gohugoio/hugoThemes#adding-a-theme-to-the-list
# [dianoetic_net] It would need a separate repository, yes. Basically you need to add the metadata file `theme.toml` and a couple screenshots to their specs, then open an issue on their repo.
# [dmitshur] Thanks sknebel.
# [dianoetic_net] [dmitshur] It took me a few tries but I found the h-card parser at https://indiewebify.me/ to be helpful
# [dmitshur] I've been using that one too.
# [dmitshur] I also found https://microformats.org/wiki/hcard-faq#Can_an_hCard_have_multiple_URLs and https://microformats.org/wiki/hcard-singular-properties#uid to be helpful re my original questions.
KartikPrabhu and [tantek] joined the channel
# [tantek] on a separate topic/thread that I wanted to capture here from #microformats earlier (yesterday? Friday?) https://chat.indieweb.org/microformats/2021-05-15/1621105675842000
[fluffy] joined the channel
# Loqi It looks like we don't have a page for "hashweb" yet. Would you like to create it? (Or just say "hashweb is ____", a sentence describing the term)
# Loqi blockchain is a technology in search of a problem to solve, pushed by ideology into areas where the unsolved problems aren’t technological https://indieweb.org/blockchain
# Loqi singleton is in the context of the indieweb, or decentralized web in general, a shared (effectively centralized) data structure (like a blockchain ledger) or database (like the consequence of assuming a specific hashing algorithm) being used by (and thus a limitation of) an otherwise seemingly distributed system https://indieweb.org/singleton
# [tantek] hashweb << Criticism: not actually practical for many web use-cases: https://chat.indieweb.org/microformats/2021-05-15/1621105675842000 <blockquote>I don’t want the page ID to change every time I fix a typo, and I also don’t want caching to completely break whenever a prev/next link or “12 hours ago” or whatever changes</blockquote> and thus not a "solution" for any kind of user-centric "decentralized web"
# Loqi ok, I added "Criticism: not actually practical for many web use-cases: https://chat.indieweb.org/microformats/2021-05-15/1621105675842000 <blockquote>I don’t want the page ID to change every time I fix a typo, and I also don’t want caching to completely break whenever a prev/next link or “12 hours ago” or whatever changes</blockquote> and thus not a "solution" for any kind of user-centric "decentralized web"" to a brand new "See Also" section of /hashweb https://indieweb.org/wiki/index.php?diff=75720&oldid=75719
# [fluffy] trying to find that turned up this article in which they keep on calling it “ETAg” for some reason: https://www.ghacks.net/2017/12/09/a-solution-to-etag-tracking-in-firefox/
# Loqi etag is a header sent in an HTTP response to allow future fetches of the same URL to be skipped if nothing has changed https://indieweb.org/etag
# [fluffy] ETag << Criticism: Some websites have been found to use ETags to track users, by generating user-specific ETag headers for static assets (e.g. images) and using the If-None-Match header to track their subsequent accesses to that asset; this technique has been referred to as “super cookies”
# Loqi ok, I added "Criticism: Some websites have been found to use ETags to track users, by generating user-specific ETag headers for static assets (e.g. images) and using the If-None-Match header to track their subsequent accesses to that asset; this technique has been referred to as “super cookies”" to the "See Also" section of /etag https://indieweb.org/wiki/index.php?diff=75723&oldid=29034
# [tantek] stating their names here for at least some discoverability: WebComment, WebLike, WebRepost, WebRSVP: https://indieweb.org/User:Tantek.com#inbox
# @voxpelli ↩️ Or use Authorization header to show that you are authorized and WWW-Authenticate to show what authentication is needed?
Authorization retrieved through payments shouldn’t be different than those achieved through other means?
(See eg https://indieweb.org/private-webmention-brainstorming)
/cc @julien51 (twitter.com/_/status/1394001171946295302)
# [KevinMarks] I think there is some value in a hash cache able web. And etag as content hash is part of that. I spent some time trying to get Internet Archive to work on this after their first decentralized web conf, as they have a reverse index if hash to urls (though theirs is sha1 at the moment)
sparseMatrix joined the channel
# sparseMatrix That scuttlebutt looks pretty interesting
# voxpelli jacky: was my https://webmention.herokuapp.com/ mentioned?
# @voxpelli @mankins @julien51 @UnlockProtocol @Coil @brave I think step 1 would be to draft what the desired UX would be for these ones and then one can find what existing and/or new standards that are needed. Are there any such? (twitter.com/_/status/1394016050807820294)
# [KevinMarks] I was praising your endpoint, voxpelli - it's more turnkey then webmention.io in some ways, except it's throttled by github login and a quota
# [KevinMarks] but it does do more out of the box with the built-in comment injection
# [KevinMarks] you do more of these steps than other solutions https://indieweb.org/2021/Pop-ups/Webmentions_Beyond_Webmention.io#Steps_from_Webmention_to_comment_display
# [KevinMarks] part of the discussion was breaking out some of these into independent components to fit together more
# [tantek] dev folks, this is an intersesting discussion/dialog about the interaction / co-dependency between open standards and open source: https://lists.w3.org/Archives/Member/w3c-ac-forum/2021JanMar/0098.html
# [tantek] got it, all the topics in that email are covered in these handful of public GitHub issues: https://github.com/w3c/oss-relations/issues
# jacky another resource (thought it's fixed on 'popular' CSS frameworks') https://shuffle.dev/
[chee] joined the channel
barnabywalters and sparseMatrix joined the channel
# sparseMatrix The problem I've encountered with the browser and generating 'recognition' tags -- I did something used to make a zero-interaction sign-up/sign-in workflow -- was storage. I eventually settled on a solution where I wrote the tag into a cookie, and it worked fairly well; but it only worked from the specific browser that had that cookie set. Visit the 'service' with a different browser or device and it would generate credentials for a new
# sparseMatrix account, and set them in a new cookie, on the new browser.
# sparseMatrix hrm. curl gives me a 302 when I hit my site with https; the browser gives me a 404.
# sparseMatrix it's the result of a redirect, I think -- http redirects to https, and https is returning the 404
# sparseMatrix now to figure out why https is giving me a 404
# sparseMatrix (static sites are working well with http redirects to https btw)
# sparseMatrix the link in question is a flask app running through a socket/uwsgi to nginx
# sparseMatrix I've just introduced the talisman https lib for python into the mix, and it seems it is not quite as drop-in capable as advertised
# sparseMatrix I think the request isn't making it out of nginx, as there would be some logging anticipated on the uwsgi console
# sparseMatrix I just found some new documentation goodness, stay tuned
# sparseMatrix heh. I think I need some https-socket up in my uwsgi config.
[dianoetic_net] joined the channel
# sparseMatrix yeah, that invocation/configuration requires specification of the various cert files, either on the command line, or in the ini. Thing is, those are only readable for root... and of course my code is running in user-space in a virtual environment.
# sparseMatrix I'm starting to think I need it this way for development purposes, and a system-wide uwsgi for deployment purposes.
# sparseMatrix the uwsgi doc literally says that uid and gid options are available to specify downgraded permissions post-launch
[KevinMarks] joined the channel
# [KevinMarks] I used the same format for content integrity hashes for etags (as there are too many hash formats)
# sparseMatrix There's some sort of unique browser identifier, the details of which I've since forgotten (been a couple years ago), but I hashed it with a type I uuid. The service never checked the validity of the hash when it was used to make content requests. Instead, it used the has to form directory names for the user's content.
# sparseMatrix A functioning URL was a validated URL.
# sparseMatrix and because of the entropy in the type 1 UUID the chances of it ever being guessed before the heat death of the universe are pretty slim, heh.
barnabywalters joined the channel
# sparseMatrix the service was consumed by a client for purposes of presentation, the typical content being a series of sorted 'slides' in the form of images.
# sparseMatrix point of consumption being a scripted device in a virtual world.
# sparseMatrix I did the client script in a unity-embedded lua.
# sparseMatrix I thought it was fairly clever, heh. It really baffled the users that they had a full service account that had no credentials
# sparseMatrix oh yeah the service was written in node
# sparseMatrix it was a fun project that really leveraged the crap out of simple math