#dev 2021-05-16

2021-05-16 UTC
jeremycherfas joined the channel
#
aaronpk
[dianoetic_net]: one suggestion for your markup, move your p-name class onto the h2 element since your post has a title
#
[dianoetic_net]
Thanks! 😄 I’m working on this (https://github.com/dianoetic/indiefeed) so that’s very helpful!
#
[dianoetic_net]
I have to rejigger a bit, the h2 is actually in my content right now...
#
Loqi
[dianoetic] indiefeed: A static site generator theme for #IndieWeb with support for Webmentions, social readers, POSSE, and IndieAuth.
gRegorLove and dckc joined the channel
#
jacky
might be interesting for folks who have containerized forms of their services and want to demo it https://labs.play-with-docker.com/
dckc, IWSlackGateway and [Tim_Culverhous] joined the channel
#
[Tim_Culverhous]
I read (most) of the notes from the webmention meetup and saw that there was an ask for other tools like webmention.io....I’m working on a netlify hosted receiver. I’m hoping I can just throw a “deploy to netlify” button in the repo and anyone can be up and running their own self-hosted receiver in just a few minutes.
#
jacky
[Tim_Culverhous]: amazing! that's quite on the nose of what [snarfed] mentioned too iirc
#
[Tim_Culverhous]
Oh I missed that! I’ll read some more :)
#
[Tim_Culverhous]
Found it the relevant part, and saw Max Boeck’s 11ty implementation referenced too. Happens to be exactly how I’m handling wm’s too.
#
[Tim_Culverhous]
It would be really easy to wrap up a netlify based webmention receiver (and micropub server too) into a single 11ty starter repo and have it all work out of the box
#
[Tim_Culverhous]
Now just to find the time!
gRegorLove, [dianoetic_net] and dckc joined the channel
#
[dianoetic_net]
[Tim_Culverhous] that would be amazing! I’m hoping IndieFeed can be a starter repo for folks so a simple “deploy to Netlify” is a great idea
dhanesh joined the channel
#
jamietanna[m]
Barnabywalters I have a media endpoint on a separate url, but also have multipart form uploads so a client can send it to the micropub non-media endpoint too
barnabywalters joined the channel
#
barnabywalters
so, reading through the micropub extension page quickly makes it clear that all the media endpoint extensions assume that the media endpoint is separate to the micropub endpoint
#
barnabywalters
which makes me think that combining the two should actively be discouraged
#
jamietanna[m]
That's an interesting point that I'm not sure we'd considered - extensions should only be via the separate media endpoint
#
jamietanna[m]
But we still want to allow folks to use their main endpoint for uploads if they so wish
#
barnabywalters
to be clear, I’m not talking about form/multipart requests, only media-endpoint file uploads
#
barnabywalters
I had initially thought that it was possible to have one endpoint be both the mp endpoint and the media endpoint, as per the spec there’s no overlap between MP requests and media endpoint requests
#
barnabywalters
but that’s no longer true once you consider many of the extensions, e.g. the media endpoint query extension
dckc joined the channel
#
jamietanna[m]
Yep, so we'd need one non-media endpoint (plus query) and one media endpoint (plus query)
[dianoetic_net] joined the channel
#
[dianoetic_net]
Submitted IndieFeed to Hugo :crossed_fingers: ≧◡≦
saptaks, barnabywalters and jamietanna joined the channel
#
jamietanna
Hey aaronpk aside from you is anyone able to have a look at https://github.com/aaronpk/micropub.rocks/pull/87 ?
#
Loqi
[jamietanna] #87 New test case for multiple authentication methods being sent
[KevinMarks] joined the channel
#
[KevinMarks]
ooh nice [dianoetic_net] - I made an indieweb friendly one based on Tufte-CSS for a friend a while ago, but haven't done a proper release https://github.com/ChristopherA/LifeWithAlacrityBlog/tree/master/blog/themes/indie-tufte
#
[KevinMarks]
this was meant for his rather more essay-like posting style
#
[dianoetic_net]
[KevinMarks] That looks excellent! If you wanted to release it I bet people would use it. More IndieWeb SSG themes, I say! \(^-^)/
#
[KevinMarks]
What's the best way to do that, make a repo more like yours and promote it to Hugo folks?
#
[KevinMarks]
hm, talking of adding mf2 markup, seems like mastodon explore pages could maybe benefit from h-card
tomlarkworthy, [dmitshur] and [chee] joined the channel
#
[dmitshur]
Copying my h-card questions from #indieweb:
#
[dmitshur]
> https://microformats.org/wiki/h-card describes `u-uid` property as "universally unique identifier, preferably canonical URL". Is it meant to be a unique identifier for the person the h-card describes, or for the h-card itself? Is there a way it differs from `u-url`, which is described as "home page or other URL representing the person or organization"? What benefit is there in specifying `u-uid` compared to leaving it out?
#
[dmitshur]
> I suspect it might be related to the concept of a "representative h-card", https://microformats.org/wiki/representative-h-card-parsing, which I'm reading now.
#
Loqi
Tantek Çelik
#
[dmitshur]
My best understanding so far is that `u-uid` may make make a difference only when you have >1 h-card on a page. So I'll probably use my usual strategy of not using things I don't fully understand/need until I encounter a concrete reason, and specify `u-url` only.
#
sknebel
you might have many u-urls if you have many sites
#
sknebel
but the h-card is supposed to only have one u-uid
#
[dmitshur]
Ah. So in that case `u-uid` would be equivalent to your primary identity. So it's still information about the person, not the h-card.
#
[dianoetic_net]
[KevinMarks] There's guidelines from Hugo for submitting your theme: https://github.com/gohugoio/hugoThemes#adding-a-theme-to-the-list
#
[dianoetic_net]
It would need a separate repository, yes. Basically you need to add the metadata file `theme.toml` and a couple screenshots to their specs, then open an issue on their repo.
#
Loqi
[gohugoio] hugoThemes: A curated directory of Hugo themes
#
[dmitshur]
Thanks sknebel.
#
[dianoetic_net]
[dmitshur] It took me a few tries but I found the h-card parser at https://indiewebify.me/ to be helpful
#
[dmitshur]
I've been using that one too.
KartikPrabhu and [tantek] joined the channel
#
[tantek]
wow great discussions this weekend!
#
[tantek]
on a separate topic/thread that I wanted to capture here from #microformats earlier (yesterday? Friday?) https://chat.indieweb.org/microformats/2021-05-15/1621105675842000
#
Loqi
[[fluffy]] Like I don’t want the page ID to change every time I fix a tpyo, and I also don’t want caching to completely break whenever a prev/next link or “12 hours ago” or whatever changes.
#
[tantek]
^ these are great examples that are a big part of the reason I don't see the "hashweb" (IPFS etc.) as actually being user-centric answers to any kind of practical "decentralized web"
#
[tantek]
and for that matter, strongly disagree with any attempts to conflate the two (hashweb and dweb)
[fluffy] joined the channel
#
[fluffy]
yeah content hashes are not a great identifier
#
[fluffy]
It’s also important to remember what the purpose of a UID is… it’s declaring “hey this object has this opaque identity”
#
[fluffy]
I really dislike how the mf2 uid property defaults to a u- property and implies that it should be a resolvable URL, to that end
#
[fluffy]
like, that’s just a repeat of RSS’s useless <guid isPermalink=true> thing
#
[tantek]
differently but IMO just as bad as the blockchainers calling themselves the "decentralized web". uh, no you're not, you're dependent on a singleton (see SSB critque) and open source monoculture. What about centralized data and source code do you think makes you decentralized?
#
[fluffy]
yeah, most dweb things seem to be a repeat of freenet, which was also bad.
#
[fluffy]
and the popular conflation of dweb and indieweb is especially frustrating
#
[tantek]
the hashweb can have uses yes, but "the decetnralized web" is not one of them
#
[tantek]
hashweb != dweb
#
[tantek]
despite all the marketing, which I see has seeped into our pop-ups now
#
[fluffy]
I’m not entirely clear on what you mean by hashweb
#
[fluffy]
is that a generalized version of blockchains, or something else?
#
[tantek]
what is the hashweb
#
Loqi
It looks like we don't have a page for "hashweb" yet. Would you like to create it? (Or just say "hashweb is ____", a sentence describing the term)
#
[fluffy]
My intuition would be that ‘hashweb’ means using the content hash as the identifier for the object, like what ipfs does
#
[fluffy]
(and also many blockchain systems, e.g. git)
#
[tantek]
hashweb is shorthand for content addressable web, a more directly meaningful term for the set of technologies attempting to define a identifiers for content based purely on some hash of the content, such as [[IPFS]].
#
[tantek]
nothing to do with blockchains
#
jacky
SSB's designed without a singleton architecture, IIRC
#
jacky
like as opposed to IPFS, it auto-seeds everyone back to their systemes
#
[fluffy]
just to clarify, SSB meaning secure scuttlebutt? or something else?
#
[tantek]
jacky, SSB has a critque of blockchains due to their singletons
#
[tantek]
what is a blockchain
#
Loqi
blockchain is a technology in search of a problem to solve, pushed by ideology into areas where the unsolved problems aren’t technological https://indieweb.org/blockchain
#
jacky
[fluffy]: yeah
#
[tantek]
what is a singleton
#
Loqi
singleton is in the context of the indieweb, or decentralized web in general, a shared (effectively centralized) data structure (like a blockchain ledger) or database (like the consequence of assuming a specific hashing algorithm) being used by (and thus a limitation of) an otherwise seemingly distributed system https://indieweb.org/singleton
#
[tantek]
^ links there
#
jacky
and whoever made that critique then hasn't used or looked at SSB lol
#
jacky
like there's a whole page explaining how SSB avoids it
#
jacky
that's one of the bigger reasons why I'm invested in seeing that environment grow
#
[tantek]
hashweb << Criticism: not actually practical for many web use-cases: https://chat.indieweb.org/microformats/2021-05-15/1621105675842000 <blockquote>I don’t want the page ID to change every time I fix a typo, and I also don’t want caching to completely break whenever a prev/next link or “12 hours ago” or whatever changes</blockquote> and thus not a "solution" for any kind of user-centric "decentralized web"
#
Loqi
ok, I added "Criticism: not actually practical for many web use-cases: https://chat.indieweb.org/microformats/2021-05-15/1621105675842000 <blockquote>I don’t want the page ID to change every time I fix a typo, and I also don’t want caching to completely break whenever a prev/next link or “12 hours ago” or whatever changes</blockquote> and thus not a "solution" for any kind of user-centric "decentralized web"" to a brand new "See Also" section of /hashweb https://indieweb.org/wiki/index.php?diff=75720&oldid=75719
#
[tantek]
jacky, you've got the criticism reversed
#
[tantek]
it's not a criticism of SSB, it's a criticism by the SSB folks (of other systems like blockchain)
#
[tantek]
that very link you gave in chat is linked in the article already
#
[fluffy]
no it’s tpyo, that was purposeful 😛
#
[tantek]
lol I got it though I thought it was too subtle for the casual reader to "get" for the purposes of quoting
#
[fluffy]
looks like loqi automatically added the actual chat message anyway
#
jacky
my fault
#
jacky
oof yeah I think I didn't see the link and only saw that bit re: singletons
#
[fluffy]
the thing I’ve always wondered about with content-hash-as-address is how is it supposed to handle things like “here’s an index of blog entries,” like how are things meant to be discovered in the first place.
#
[tantek]
[fluffy] it breaks down quickly in LOTS of user-centric scenarios
#
[fluffy]
freenet had a concept of ‘names’ that would be an alias that could be updated but I was never clear on how that could be done securely
#
[tantek]
it's useful as another form of distributed caching plumbing, that's kinda in IMO
#
[fluffy]
I think there was some convoluted GPG signing thing
#
[tantek]
right, ltos of people have reinvented DNS badly
#
[fluffy]
but yeah hashweb is great for building a CDN, not great for building a website
#
[tantek]
exactly
#
[tantek]
this is part of the reason early on we (IndieWeb starters) chose to stay out of the "alternatives to DNS" game. that crowd has a very bad track record of privileged time-wasting with crappier solutions
#
[fluffy]
The levels of confusion I see over concepts like UID and ETag and content hash and so on makes me think that this is a fundamentally difficult thing to wrap one’s brain around
#
[tantek]
whereas we're trying to provide approachable solutions to people to solve their actual daily identity and content needs
#
[fluffy]
yeah, and that’s why I love indieweb
#
[fluffy]
especially how it’s made to be modular and you can pick-and-choose the things you care about
#
[tantek]
the problem I have with optimistic technical-centric descriptions of (G)UID or ETag is that they almost always neglect the power dynamics context in which they're deployed
#
[tantek]
e.g. the whole security problem of other domains faking "new" permalinks to your content
#
[fluffy]
right, and ETags are prone to abuse for other things like user tracking
#
[tantek]
ugh, that's true too
#
[fluffy]
which is a shame, ETag is basically the only workable caching mechanism for HTTP that doesn’t totally suck 😛
#
[tantek]
anyway, my partial response to the IPFS/dweb marketing hype is to label it what it actually functionally is, hence "hashweb" as an attempt to more clearly/accurately talk about it
#
[fluffy]
Yeah, makes sense. Hopefully that terminology catches on, because it’s a lot more clear what you’re talking about.
#
[tantek]
because we should be able to have accurate/meaningful technical discussions
#
[tantek]
and we should pushback/dismantle marketing hype from technologies
#
[tantek]
including when they attempt to hijack various terms to appear more than they are
#
jacky
wow I never considered that for ETags
#
jacky
wowww that really just kinda galaxy-brain'd me lol
#
[fluffy]
yeah several years ago there was a pretty big scandal when it turned out some major website was abusing ETag as basically a super-cookie.
#
[fluffy]
trying to find that turned up this article in which they keep on calling it “ETAg” for some reason: https://www.ghacks.net/2017/12/09/a-solution-to-etag-tracking-in-firefox/
#
[fluffy]
which makes me think that they saw someone’s typo of it and then thought it was an acronym like eta-g instead of e-tag
#
[tantek]
what is an ETag
#
Loqi
etag is a header sent in an HTTP response to allow future fetches of the same URL to be skipped if nothing has changed https://indieweb.org/etag
#
[tantek]
^ [fluffy] I don't quite understand the user-tracking scenario enough to summarize. if you can "one-sentence" it (maybe with that link), worth < < adding as "Criticism:"
#
[fluffy]
ETag << Criticism: Some websites have been found to use ETags to track users, by generating user-specific ETag headers for static assets (e.g. images) and using the If-None-Match header to track their subsequent accesses to that asset; this technique has been referred to as “super cookies”
#
Loqi
ok, I added "Criticism: Some websites have been found to use ETags to track users, by generating user-specific ETag headers for static assets (e.g. images) and using the If-None-Match header to track their subsequent accesses to that asset; this technique has been referred to as “super cookies”" to the "See Also" section of /etag https://indieweb.org/wiki/index.php?diff=75723&oldid=29034
#
[tantek]
fluffy++
#
Loqi
fluffy has 10 karma in this channel over the last year (54 in all channels)
#
[tantek]
back on webmentions
#
[tantek]
yes this is something we have discussed many many years ago, and at the time I captured it as a series of proposed spec names to build on Webmentions. Though because it was in my user: page inbox, none of it was discoverable 😕
#
jacky
needs to finish writing a re-cap post of yesterday's event
#
[tantek]
stating their names here for at least some discoverability: WebComment, WebLike, WebRepost, WebRSVP: https://indieweb.org/User:Tantek.com#inbox
#
[tantek]
apparently I added those back in fall of 2017, as we were wrapping up the Social Web WG docs/specs, as potential next step specs to write-up
#
@voxpelli
↩️ Or use Authorization header to show that you are authorized and WWW-Authenticate to show what authentication is needed? Authorization retrieved through payments shouldn’t be different than those achieved through other means? (See eg https://indieweb.org/private-webmention-brainstorming) /cc @julien51
(twitter.com/_/status/1394001171946295302)
#
[tantek]
avoids a blockchain related thread 🙈
#
[tantek]
anyways, I still got stuck on the storage / update / delete aspects of handling webmentions (the IWS 2019 conversation I had with [schmarty] and jacky on day 2), nevermind helping write-up the higher level specs for WebComment, WebLike, WebRepost, WebRSVP
#
[tantek]
considering starting over conceptually as jacky reminded me, from the perspective of first explicitly inviting people to my website, instead of attempting to design & build an infrastructure to receive webmentions from anyone.
#
[KevinMarks]
I think there is some value in a hash cache able web. And etag as content hash is part of that. I spent some time trying to get Internet Archive to work on this after their first decentralized web conf, as they have a reverse index if hash to urls (though theirs is sha1 at the moment)
#
[tantek]
sure [KevinMarks], there is "some value", no one said otherwise. It's just not a "decentralized web" by any reasonable user-centric definition.
#
[tantek]
And frankly, the very framing of "value in a hash cache able web" is a "solution looking for a problem / value" approach which is methdologically flawed (unless your paycheck depends on adoption of the solution)
#
[tantek]
jacky++ for the webmention ecosystem issues, good capturing of key aspects of needs to find common guidance
#
Loqi
jacky has 31 karma in this channel over the last year (118 in all channels)
sparseMatrix joined the channel
#
sparseMatrix
That scuttlebutt looks pretty interesting
#
voxpelli
[tantek]: was the blockchain in regards to my tweet? ;P
#
voxpelli
feels like he missed an important event in the IndieWeb space in general and in regards to WebMention in particular
#
[tantek]
voxpelli, yeah, or rather, the thread.
#
voxpelli
[tantek]: my Flattr experience makes me object whenever someone wants to do a payment focused access framework 😝
#
voxpelli
Why is it different whether I get access to something by paying or by eg. being invited to read it? It’s conflating the what with the how
#
[tantek]
yes and no
#
[tantek]
by paying for it, there's is a greater expectation of customer service, and thus a different UX can be expected
#
[tantek]
by being invited to read it, it's more like a, here if you like (and want to spare your time), you may check this out, but there's no expectations being set either way
#
jacky
voxpelli: there was a pop-up about Webmentions (mainly about what would it take to build something like webmention.io, what makes it so popular, etc, etc)
#
[tantek]
I don't know if that translates to anything different at the protocol level, however the interaction semantic difference between paying for something (transacting) and being invited to experience something is quite big.
#
Loqi
A WebMention Endpoint
#
jacky
it was actually hah!
#
voxpelli
[tantek]: depends on whether one buys it through a subscription or through a one-to-one access payment. The subscription model would closely match any group membership and is what eg Patreon implements
#
voxpelli
should update his WebMention endpoint
#
[tantek]
voxpelli, yes there are many variants like that
#
voxpelli
Even deciding what’s a “payment” and what’s a “donation” / “gift” is at times hard
#
voxpelli
We tried to ensure Flattr could only be used for donations, not for payment, as we were anti-paywall and pro-openweb
#
[tantek]
yes! and those require a different UX a well. Kickstarter is a good example of trying to communicate these ambiguities
#
voxpelli
I guess it’s as you always say [tantek]: Don’t start with the plumbing. Start with the use cases.
#
voxpelli
Those tweets are plumbing for something the use case isn’t clearly written for
#
[tantek]
yeah, that's the problem when your technology/startup is plumbing that you're trying to sell
#
@voxpelli
@mankins @julien51 @UnlockProtocol @Coil @brave I think step 1 would be to draft what the desired UX would be for these ones and then one can find what existing and/or new standards that are needed. Are there any such?
(twitter.com/_/status/1394016050807820294)
#
voxpelli
needs a tantek rubber duck to tell him to get out of plumbing and back to documenting and exploring use cases
#
[KevinMarks]
I was praising your endpoint, voxpelli - it's more turnkey then webmention.io in some ways, except it's throttled by github login and a quota
#
[KevinMarks]
but it does do more out of the box with the built-in comment injection
#
voxpelli
[KevinMarks]: yay, thanks! I do have a much more recent base framework I want to move that endpoint into, which would make it much more manageable
#
Loqi
giggles
#
voxpelli
I hope I can get some time for it inbetween assignments now that I freelance again
#
[KevinMarks]
part of the discussion was breaking out some of these into independent components to fit together more
#
[tantek]
voxpelli++ well wrapped up
#
Loqi
voxpelli has 2 karma in this channel over the last year (6 in all channels)
#
[tantek]
dev folks, this is an intersesting discussion/dialog about the interaction / co-dependency between open standards and open source: https://lists.w3.org/Archives/Member/w3c-ac-forum/2021JanMar/0098.html
#
sknebel
it's also behind a login wall
#
[tantek]
gosh darnit. apologies
#
[tantek]
let me see if I can find a public version
#
[tantek]
while we're fortunate to have many open source implementations of IndieWeb building blocks, there's still examples in our community of particularly dominant implementations (WordPress, Mastodon, etc.) that can be potentially challenging for some of the reasons mentioned in thread.
#
[tantek]
got it, all the topics in that email are covered in these handful of public GitHub issues: https://github.com/w3c/oss-relations/issues
#
[tantek]
thx for the quick catch sknebel.
#
voxpelli
very interesting [tantek]!
#
jacky
another resource (thought it's fixed on 'popular' CSS frameworks') https://shuffle.dev/
[chee] joined the channel
#
[chee]
I'm interested in the idea of the server declaring the etag hashing mechanism it's using so the browser can check it. then the server would need to also generate unique content for each resource in order to be able to track users with it
#
[chee]
that was a thought I spent 1 second on so might be untenable
#
sknebel
would be a pretty big change, since etag is now intentionally designed to be opaque and doesn't have to be a hash
barnabywalters and sparseMatrix joined the channel
#
sparseMatrix
The problem I've encountered with the browser and generating 'recognition' tags -- I did something used to make a zero-interaction sign-up/sign-in workflow -- was storage. I eventually settled on a solution where I wrote the tag into a cookie, and it worked fairly well; but it only worked from the specific browser that had that cookie set. Visit the 'service' with a different browser or device and it would generate credentials for a new
#
sparseMatrix
account, and set them in a new cookie, on the new browser.
#
sparseMatrix
hrm. curl gives me a 302 when I hit my site with https; the browser gives me a 404.
#
sknebel
cached 301 in the browser?
#
sknebel
(i.e. is the browser 404 for the exact url or after a redirect?)
#
sparseMatrix
it's the result of a redirect, I think -- http redirects to https, and https is returning the 404
#
sparseMatrix
now to figure out why https is giving me a 404
#
sparseMatrix
(static sites are working well with http redirects to https btw)
#
sparseMatrix
the link in question is a flask app running through a socket/uwsgi to nginx
#
sparseMatrix
I've just introduced the talisman https lib for python into the mix, and it seems it is not quite as drop-in capable as advertised
#
sparseMatrix
I think the request isn't making it out of nginx, as there would be some logging anticipated on the uwsgi console
#
sparseMatrix
I just found some new documentation goodness, stay tuned
#
sparseMatrix
heh. I think I need some https-socket up in my uwsgi config.
[dianoetic_net] joined the channel
#
sparseMatrix
yeah, that invocation/configuration requires specification of the various cert files, either on the command line, or in the ini. Thing is, those are only readable for root... and of course my code is running in user-space in a virtual environment.
#
sparseMatrix
I'm starting to think I need it this way for development purposes, and a system-wide uwsgi for deployment purposes.
#
sparseMatrix
the uwsgi doc literally says that uid and gid options are available to specify downgraded permissions post-launch
[KevinMarks] joined the channel
#
[KevinMarks]
I used the same format for content integrity hashes for etags (as there are too many hash formats)
#
sparseMatrix
There's some sort of unique browser identifier, the details of which I've since forgotten (been a couple years ago), but I hashed it with a type I uuid. The service never checked the validity of the hash when it was used to make content requests. Instead, it used the has to form directory names for the user's content.
#
sparseMatrix
A functioning URL was a validated URL.
#
sparseMatrix
and because of the entropy in the type 1 UUID the chances of it ever being guessed before the heat death of the universe are pretty slim, heh.
barnabywalters joined the channel
#
sparseMatrix
the service was consumed by a client for purposes of presentation, the typical content being a series of sorted 'slides' in the form of images.
#
sparseMatrix
point of consumption being a scripted device in a virtual world.
#
sparseMatrix
I did the client script in a unity-embedded lua.
#
sparseMatrix
I thought it was fairly clever, heh. It really baffled the users that they had a full service account that had no credentials
#
sparseMatrix
oh yeah the service was written in node
#
sparseMatrix
it was a fun project that really leveraged the crap out of simple math