#dev 2021-07-09

2021-07-09 UTC
shoesNsocks and [fluffy] joined the channel
#
[fluffy]
Hm, weird. Any logged messages/errors?
#
GWG
[fluffy]: Not sure, will be looking later. Need more error logging
#
[fluffy]
is there an IP address I could look for in my logs?
#
GWG
Yes, it's coming from wpdev.gwg.us, will have to look up the ip
#
[fluffy]
ah I found that in my logs
#
GWG
I'm not sure what's going on
#
[fluffy]
my logs say you’re getting a 202 on the initial GET of _tokens?me=https://wpdev.gwg.us but I’m not seeing any subsequent activity
#
[fluffy]
oh, is your thing maybe expecting a strict 200 back?
#
[fluffy]
also it’s possible my async queue stuff is barfing, I haven’t actually tested that part
#
GWG
No, it should accept any 200 series
#
[fluffy]
guess I need better logging on my end then 😛
#
GWG
Me too
#
GWG
I just fixed a bug
[jacky] joined the channel
#
[fluffy]
okay I’m running it with verbose debugging right now from a console instead of systemd, so I should be able to see all logs as they happen. could you run the thing now?
#
GWG
In a few, beating family at Ticket to Ride
#
[fluffy]
oh I guess I could initiate the request from my end too 🙂
#
GWG
You can
#
GWG
I autoredeem
#
GWG
But why it isn't finding a token endpoint seems to be me
#
[fluffy]
yeah. so anyway the response I got back was ‘cannot find token endpoint’. Are you looking at link headers, or just tags?
#
[fluffy]
My page responds with the following link header: link: <https://dev.beesbuzz.biz/_tokens>, rel=“token_endpoint”
#
[fluffy]
oh, god damnit
#
[fluffy]
that should be a ;
#
[fluffy]
it’s always the stupid things 😛
#
[fluffy]
okay, now I’m getting a 400 from your end
#
GWG
[fluffy]: Beat family. Back at desk. Got ticket. Expires in a month
#
[fluffy]
when I try initiating another request I still get a 400 back from your ticket endpoint, which is concerning.
#
[fluffy]
and I don’t see any subsequent request to the token endpoint
#
GWG
[fluffy]: Interesting.
#
GWG
And it is showing two different tokens
#
GWG
You issue refresh tokens.
#
GWG
I'm looking at the raw saw, as opposed to the UI I built.
#
[fluffy]
oh wait actually I don’t have any logging on the token grant path, oops.
#
GWG
Which doesn't show refresh tokens.
#
GWG
I was debating yesterday what I could do to demo that the token was usable.
#
[fluffy]
okay this is interesting, I’m getting an apparently valid redemption from you, but your endpoint is returning 400 after it does the redemption
#
[fluffy]
also there’s an obvious annoying deadlock condition on the Publ server which could happen if there’s too many requests happening in parallel, so, that’s fun.
#
[fluffy]
someday I need to look into moving publ over to asyncio
#
[fluffy]
but that’s an *entirely* whole other thing in python 😕
#
[fluffy]
oh wait never mind, that’s why I put ticket requests into a separate threadpool, so it doesn’t lock render threads.
#
[fluffy]
sometimes I’m smart enough to think ahead on these things 😛
#
GWG
[fluffy]: It is. I forgot to tell it to return something on success.
#
GWG
Fixing that
#
GWG
Did we say what a ticket endpoint should return?
#
GWG
We did not
#
GWG
No wonder I forgot
#
GWG
So, you are doing 202? That makes sense.
#
GWG
I think I will add that to the page
#
[fluffy]
On the initial ticket request I discover the ticket endpoint, and if that’s successful return a 202 and enqueue the ticket grant, if it fails you get a 400
#
[fluffy]
On the “automatically send a ticket if someone logs in” flow it just enqueues the ticket grant (since it already knows the endpoint) and lets the rest of the login flow happen normally
#
GWG
That isn't what the ticket endpoint should return.
#
GWG
Going to add this. Not sure if there should be a response body. "When a ticket is sent, the ticket endpoint MUST return an HTTP 200 OK code."
[schmarty] joined the channel
#
[fluffy]
I’d say maybe “When a ticket is successfully received, ”
#
[fluffy]
becuase like, failures could still happen. If the ticket endpoint fails to redeem the ticket from the token endpoint, for example
#
[fluffy]
and if the ticket endpoint is going to asynchronously make the token request it should return a 202
#
[fluffy]
in an ideal world all of these things would be async
capjamesg and jamietanna joined the channel
#
jamietanna
my POC returns synchronously (with the exchanged token endpoint response) but I wonder if maybe an HTTP 204 No Content makes more sense
#
jamietanna
I wonder if the caller doesn't need to know anything about whether the ticket endpoint accepted it correctly - they'll either see a ticket being redeemed, or they won't, so can go from there
#
jamietanna
it also has the opportunity of hiding, to maybe bad actors, whether tickets were redeemed - as it may allow them to discover lengths of `ticket`s, etc - but not sure how much of a problem that could actually be
#
@sprucekhalifa
↩️ I'm using this medium to test the final version of webmentions in my site
(twitter.com/_/status/1413384742834216961)
hendursa1, jeremycherfas, nsh, gRegor, nekr0z, hendursaga and chenghiz_ joined the channel
#
sknebel
[fluffy] that all lives in authl for your site, correct?
#
GWG
jamietanna: The worst a bad actor could find out is whether the tickets are processed synchronously or asynchronously.
#
GWG
jamietanna: There is also the question of whether you want to return something for rate limiting or such
jeremycherfas and [snarfed] joined the channel
#
[snarfed]
conclusions: 1) caching webmention endpoints by domain is technically non-compliant but a huge efficiency/scaling win in practice. 90+% of bridgy’s wm endpoint discovery is currently cached
#
[snarfed]
2) webmention sending itself is a bit all over the place. mostly 201 vs 200, but often dependent on which user(s) are currently receiving most of them
#
[snarfed]
3) twitter is by far the biggest silo by # of wms. instagram and mastodon occasionally show up, but only very occasionally
#
GWG
[snarfed]: Re caching..that would be a great thing to start a discussion on
#
GWG
I know you have a protocol
#
GWG
The only question I wonderbis should a webmention endpoint be able to tell you how long to cache it and the realm it covers
#
GWG
Might make for a good extension
#
[snarfed]
I’m not at all looking to standardize the caching, I don’t know that we have many other wm senders at scale dealing with this. seems too early or incomplete to try to come up with any protocol or standard
#
[snarfed]
another way to put that is, if a site said “don’t cache my wm endpoint,” or “only cache it for 5s,” I doubt I’d make Bridgy obey that
#
sknebel
bridgy is also special in that it is something the webmention receiver signs up for
#
sknebel
so it having non-standard expectations is fine
#
GWG
I'm just really thinking about a parameter on the link
#
[snarfed]
sure. my points were unrelated to the specific form of that expiration/caching hint though
#
GWG
I understand
[fluffy] joined the channel
#
[fluffy]
[sknebel] Authl handles user login and profile parsing, but the actual ticket auth stuff lives in Publ
#
[fluffy]
Authl is JUST a login flow wrapper, for user-initiated logins.
#
GWG
sknebel: You around tomorrow, maybe we'll breakout and talk auth?
#
sknebel
maybe, depends on the mood I'm in tomorrow
j9hs1, capjamesg, j9hs and [chrisaldrich] joined the channel
#
GWG
sknebel: What mood is conducive to auth talk?
[tw2113_Slack_] joined the channel
#
GWG
I'm thinking of updating my resume with Microformats
#
GWG
What is resume?
#
Loqi
A resumé or curriculum vitae (CV) is a document that represents a person's background and skills, commonly used to secure employment https://indieweb.org/resume
#
jamietanna
do it GWG! I had fun doing mine, especially so I could get it up to date :)
#
GWG
jamietanna: I haven't in too long
#
GWG
I need to study h-resume
#
GWG
[fluffy]: Now that I've proven my identity to your site, what else can I do there?
#
[fluffy]
You can look at /profile to see what additional stuff I know about you, and I can decide to give you access to private posts.
#
[snarfed]
are there any h-resume consumers?
#
[fluffy]
And logging in should have issued another ticket renewal which you can poot into your feed reader
#
[fluffy]
h-resume feels aspirational rather than practical.
#
[fluffy]
Given most hiring processes still want a word doc
#
GWG
[fluffy]: If I am doing it,. might as well shoot for the moon
#
[fluffy]
Like if the intention is for an indieweb replacement for monster/indeed/Glassdooretc that requires indieweb-savvy hiring processes that are then heavily biased towards members of a very specific technical community
capjamesg joined the channel
#
GWG
I figured that I want the page to look better, so I have to add new css, so why not some extra classes
#
[fluffy]
Sure, I mean, might as well add the mf2 if you’re building the HTML in the first place
#
[fluffy]
I’m just saying that it seems very unlikely that it’ll ever be consumed in any way other than a “look at this” demo
j9hs joined the channel
#
GWG
[fluffy]: I figured
#
GWG
I might get some karma points
#
[fluffy]
someday I’ll get around to adding h-resume to my resume but it’s been a low priority, what with not even wanting to be employed in the first place
#
[fluffy]
also unlike most of my site, the resume is all handwritten HTML
#
[fluffy]
I mean if I wanted to be really fancy I could build it out as a series of nested Publ templates but, ugh, no
#
GWG
Welcome to the Indieweb, where our dreams are limited by time
[jgmac1106], j9hs and [jacky] joined the channel
#
[jacky]
same re: resume
#
[jacky]
I should prob check that out
#
Loqi
definitely
rockorager joined the channel
#
rockorager
re: resume, I did mine in LaTeX about 7 years ago and was 1 for 1 on getting the job
#
Zegnat
catches up on all the auth talk
j9hs joined the channel
#
GWG
Zegnat: Welcome to Auth Talk... what's on your mind?
#
Zegnat
Hahaha
#
Zegnat
Nothing, just catching up with chat and my own thoughts.
#
Loqi
rofl
#
Zegnat
On my mind is mostly token verification at the moment, but I need a little more time to simmer out coherent thoughts
#
@BillSeitz
For @flux_garden I think I'm going to ignore WebMentions and just put in Twitter post+search links, like @fredwilson does on http://avc.com posts.
(twitter.com/_/status/1413571701263192064)
rockorager joined the channel
#
[snarfed]
^ interesting, I think that “View discussions” button on avc.com is new. example: https://avc.com/2021/07/betting-on-the-price-of-carbon/
#
[snarfed]
interesting form of very cheap backfeed. not actually backfeed, but a step toward acknowledging and using it
capjamesg, KartikPrabhu and j9hs joined the channel