#dev 2021-10-18

2021-10-18 UTC
# 02:30 
@jackyalcine ↩️ This feels slightly (very slightly) similar to some thoughts around TicketAuth (https://indieweb.org/IndieAuth_Ticket_Auth) as a basis for consent for content access (twitter.com/_/status/1449924883366834178)
# 03:33 
aaronpk Weird, my iOS "like" shortcut stopped working randomly and there's no indication of where it's failing or how to fix it
# 03:52 
GWG https://github.com/indieweb/indieauth/pull/102#discussion_r730551098 - Thinking about this. Should a requirement from the inspiring draft designed to allow disabling a security feature be present when the spec requires the feature going forward?
[jacky], hoenir, Nezteb9000[d], corenominal[d], eco, push-f and chee1 joined the channel
# 05:19 
[tantek] aaronpk, one of the reasons I gave up on iOS shortcuts was the absolutely zero indication of when/why things went wrong. silent failure only
[jeremycherfas] joined the channel
# 05:23 
[jeremycherfas] Is there anything general to be said about rate limiting, like the kind of time period over which it is calculated. I am currently rate limited on a download and wonder how long to leave it before trying again.
[fluffy], jonnybarnes, jeremycherfas, kogepan, KartikPrabhu, alex_ and hendursa1 joined the channel
# 08:07 
jeremycherfas I don't think there is a retry-after in the headers.
# 08:34 
Zegnat jeremycherfas: I do not think there is some form of generic advise. Other than some form of exponentialy increasing wait time. If it did not work after 1 minute, try again after 5 not after 2, then maybe give it 15 etc.
kogepan joined the channel
# 09:02 
jeremycherfas Right. I was going to leave it for 24 hours before retrying.
# 09:03 
jeremycherfas Seems oodd though, because capjamesg[d] got rate limited when he tested my code, and about 18 hours later I was still rate limited. So maybe Marco is especially strict.
# 09:26 
capjamesg[d] How many times did you run your program jeremycherfas?
# 09:26 
capjamesg[d] Because it downloads the .opml file, I only needed to run the "get .opml" part of the code once.
# 09:26 
capjamesg[d] But it wouldn't have mattered anyway because I was rate limited after that.
# 09:30 
jeremycherfas I confess, I am lazy and so download it every time I made a change. I can definitely see the point of using the saved OPML file in future. Might be worth seeing whether it exists and deleting it at the end of the script.
# 09:30 
capjamesg[d] I think that might be a good idea for testing.
# 09:30 
capjamesg[d] In production, you'll need to fetch it every time so you can get the most recent data.
# 09:30 
capjamesg[d] But for testing there's no need to make that API call every time.
# 09:35 
jeremycherfas Right. In production I don't anticipate running it more than once a day.
# 09:37 
jeremycherfas As I say, pure laziness and failure to consider being rate limited.
# 09:47 
[KevinMarks] can you do an etg/lastmodified fetch?
# 09:48 
jeremycherfas I don't know, but I think that is an overcomplex approach, for me at least. As capjamesg[d] said, I don't need to fetch while I am testing, and thereafter will fetch only once a day.
# 09:57 
capjamesg[d] [KevinMarks] good suggestion.
# 09:58 
capjamesg[d] I have implemented etag/lastmodified fetches before jeremycherfas: https://github.com/capjamesg/microsub/blob/main/poll_feeds.py#L162
# 09:58 
capjamesg[d] If you do go down that route, let me know and I'll try and help you 🙂
# 09:58 
capjamesg[d] s[2] is equal to the etag stored in a database.
# 09:59 
[KevinMarks] That's less likely to get you rate limited
# 10:00 
jeremycherfas Studying your code, and will bear that in mind if I go further.
tetov-irc, jjuran, schmudde, kogepan and hendursa1 joined the channel
# 12:36 
capjamesg[d] [fluffy] Do you have any experience working with Flask session?
# 12:37 
capjamesg[d] For some reason, my flask session is not accessible in a module.
# 12:39 
jeremycherfas !tell capjamesg[d] Strange, but my CMS does not seem able to route to the url with 10 added characters. The most it will do is 2. But if I am adding the random characters per your suggestion, then I can get rid of the hours and minutes from the slug, which will give me a few more random to add, I hope.
# 12:39 
Loqi Ok, I'll tell them that when I see them next
# 12:39 
capjamesg[d] You could just make the slug a random string without the date, yes.
# 12:39 
capjamesg[d] I don't think two random characters adds enough space to prevent collisions.
# 12:40 
jeremycherfas There's something I clearly don't understand about how Overcast implements the time of userUpdateDate
# 12:40 
jeremycherfas I want the at least the day in there. And yes, two is not enough. So, rejigging slightly now.
# 12:41 
jeremycherfas It does seem an odd limitation, and much longer slugs are routed perfectly well.
Ramon[d] joined the channel
# 12:46 
Zegnat jeremycherfas: sounds weird that you would run into some slug limitation. What are you trying to do?
# 12:48 
jeremycherfas It is weird. I build a folder name from the date on which I updated details of a podcast. So, typically, 2021-10-15, and in PHP it was relatively easy to increment that to 2021-10-15-1 etc if I updated more than one on the same day. In Python I have not yet found a good way to increment the folder name in that fashion if it already exists.
# 12:49 
jeremycherfas So capjamesg[d] suggested I just add a random string to the slug to avoid duplicates.
# 12:49 
jeremycherfas But strangely, Grav does not seem to like long random strings, and rather than find out why that may be, I've been trying to find the shortest random string that grav will process.
# 12:53 
capjamesg[d] I have a snippet for you...
# 12:53 
capjamesg[d] https://gist.github.com/capjamesg/ba9d17cb650ccbf760be44a0b4ae72ad
# 12:53 
capjamesg[d] You can keep track of all the slugs in a dictionary.
# 12:54 
capjamesg[d] If a date is in the dict, you can change the key value to count how many have been stored. And then change the slug so that it is date + number of times used.
# 12:54 
capjamesg[d] That will give you an incrementing logic.
# 12:54 
capjamesg[d] Where "slug" is equal to the one your logic already creates.
# 12:55 
capjamesg[d] That code should not add much onto your execution time. Dictionaries are very efficient for this sort of thing.
# 12:56 
jeremycherfas Does the dictionary not need to be stored from run to run?
# 12:56 
capjamesg[d] It would need to be, yes. Ah, I didn't think about that.
# 12:56 
capjamesg[d] But in any case, you could just store it in a .json file.
# 12:56 
capjamesg[d] Read the file at the start, save at the end.
# 12:57 
jeremycherfas I think a better option is for me to look more closely at the meaning of the date I am using to build the slug. I'm even wondering if it might make a difference to have the random digits in front of the date.
# 13:00 
jeremycherfas Doesn't seem to make any difference
# 13:03 
jeremycherfas Even weirder. Seems that it Grav will process effectively; I had to clear the cache. But the very weird part is that those items should never have been part of the cache as they had never before been called.
kogepan and alex11 joined the channel
# 14:09 
[fluffy] [capjamesg] i use flask.session a lot but only from the top level app. never used it in a blueprint. not sure what you mean by a module in this context
# 14:39 
capjamesg[d] I have a file accessing session (what I meant by "a module") and for some reason session is always blank when I access it in that file.
# 14:40 
capjamesg[d] I haven't dug deep enough yet though. I might be missing something obvious.
# 14:55 
[KevinMarks] does the route need to pass the session info down? (I've had that issue with other frameworks)
# 15:05 
capjamesg[d] That might be the issue.
schmudde joined the channel
# 15:05 
capjamesg[d] I'll need to see how Flask treats wrapper functions and session inheritance.
# 15:15 
@DenverProphitJr ↩️ Create <aside> https://gist.github.com/inetbiz/dbeac8261949a30324cbb455d1588bb8 to notify new webmention. 4/4 @5t3ph (twitter.com/_/status/1450117007400218625)
# 15:15 
@DenverProphitJr ↩️ I'd say fork https://github.com/martymcguire/morris convert to JavaScript. Extend extra JSON fields for extraction. Base64 pet image to keep storage low/XSS injections. 3/4 https://gist.github.com/inetbiz/dbeac8261949a30324cbb455d1588bb8 to notify new webmention. @5t3ph (twitter.com/_/status/1450117003944017927)
# 15:15 
@DenverProphitJr ↩️ @5t3ph JSON store in-reply-to with custom artifacts. Store the pet bio on their site. They just need to mention your URL as a webmention. Negates having to fork repo. 2/4 (twitter.com/_/status/1450117000605442049)
# 15:15 
@DenverProphitJr @5t3ph I read https://css-tricks.com/a-community-driven-site-with-eleventy-building-the-site/ Have you thought about implimenting https://daily-dev-tips.com/posts/implementing-webmentions-on-a-11ty-blog/ by @DailyDevTips1 1/4 (twitter.com/_/status/1450116996536877058)
hs0ucy joined the channel
# 16:07 
[jacky] let's say I received a Webmention whose page has a limited visibility (like if in order to access it, we have to go through a TicketAuth dance), how would I show that on _my_ site? I immediately went to thinking "I'd probably need to allow people to sign into my site so I can probably begin some sort of 'authorization' on content"
# 16:07 
[jacky] But that gets a bit tricky if my Webmentions are stored _externally_ of my site, no?
# 16:07 
[jacky] And of course, I wouldn't want to show a 'hint' that there's more content if you sign in mainly out of respect of said limited content
# 16:08 
[jacky] (At first, I thought this wouldn't work for static sites but one could use JavaScript to get these mentions and dynamically render them, tbh!)
# 16:40 
@DenverProphitJr ↩️ @DailyDevTips1 Using what I described, do you think that would be a better solution than a #github fork? Create your pet page on your on website and web mention it to her project. Send extra Json fields in #webmention to populate her pages (twitter.com/_/status/1450138492655349760)
KartikPrabhu and jonnybarnes joined the channel
# 17:15 
@DailyDevTips1 ↩️ Would be an option, but you loose all control that way.
Not sure if that's the goal, but indeed you could enable webmentions for people to add a very specific string of elements. (twitter.com/_/status/1450148262586028035)
# 17:16 
[tantek] I'm a little confused by these two tweets
# 17:18 
hs0ucy pwd
# 17:18 
hs0ucy ls -la
# 17:19 
hs0ucy oups
# 17:19 
hs0ucy sorry
# 17:19 
hs0ucy ^^
# 17:19 
hs0ucy wrong pane
# 17:19 
hs0ucy first time this year
# 17:21 
capjamesg[d] 😄
# 17:22 
capjamesg[d] Today I learned the Linux Kernel can "oops" 😄
# 17:22 
capjamesg[d] (I didn't recognize oups as a command so I googled it)
# 17:22 
capjamesg[d] "An "oops" is a Linux kernel problem bad enough that it may affect system reliability."
# 17:22 
capjamesg[d] https://unix.stackexchange.com/questions/91854/whats-the-difference-between-a-kernel-oops-and-a-kernel-panic
gRegor joined the channel
# 17:26 
hs0ucy capjamesg[d]: good to know :P
gRegor joined the channel
# 17:30 
@DenverProphitJr ↩️ The json could be stored for admin approval then move json to approve. There is a domain block list that can be submitted to http://webmention.io linked to your account. (twitter.com/_/status/1450151141522780170)
kogepan and sp1ff joined the channel
# 19:11 
capjamesg[d] Is there any easy way to do Yubikey auth in the browser?
# 19:12 
capjamesg[d] I found a Webauthn Python library but it wasn’t what I was looking for.
# 19:12 
aaronpk easy no
# 19:13 
capjamesg[d] Yeah. I thought that might be the case.
# 19:14 
capjamesg[d] I just thought it would be a cool IndieAuth extension for my server.
# 19:14 
aaronpk it would!
hendursaga joined the channel
# 19:25 
[jacky] WebAuthn would be the "way" but it's tricky to debug locally
Darius_Dunlap[d], jonnybarnes and [chrisaldrich] joined the channel
# 20:20 
capjamesg[d] https://webauthn.guide/
# 20:20 
capjamesg[d] It’s not impossible but looks very difficult.
# 20:28 
aaronpk my thoughts exactly every time i open up that site
# 20:32 
capjamesg[d] I am not going to implement that 😦
# 20:33 
aaronpk "The WebAuthn specification describes a 19-point procedure to validate the registration data"
# 20:33 
capjamesg[d] I saw that line and was very discouraged,
# 20:33 
aaronpk haha
# 20:34 
capjamesg[d] And all of that would need tested.
# 20:34 
capjamesg[d] Rigorously.
# 20:34 
capjamesg[d] When I could just use another auth provider.
# 20:34 
capjamesg[d] I have great appreciation for services that implement 2FA via physical key auth.
# 20:34 
capjamesg[d] Google, GitHub, etc.
# 20:34 
capjamesg[d] And now I know why more sites don’t support it,
# 20:36 
capjamesg[d] There is an issue on GitHub about h-x-app and indieauth. I was wondering if implementing on my clients it made sense.
# 20:36 
capjamesg[d] Ah, mobile typing! Always a mistake.
# 20:37 
capjamesg[d] Is h-x-app likely to be removed? I liked the ideas about having some kind of manifest rather than microformats.
# 20:40 
gRegor Not sure if indexing any -x properties is worthwhile since it's experimental, but maybe.
# 20:40 
capjamesg[d] This isn’t for indexing, rather for my own consumption.
# 20:41 
capjamesg[d] I would add the markup to my Micropub server, etc. so that my indieauth server can read the data.
# 20:42 
capjamesg[d] I am not going to index any right now. Angelo got me thinking about /store. It’s such a promising idea but we would need more adoption of a common markup / manifest.
jamietanna joined the channel
# 21:27 
jamietanna I think the discussion last time was call it h-app and h-x-app with the preference that we stop using x- experimental as it takes a while to get folks moved once its no longer experimental
# 21:28 
jamietanna But also yes, add it! More folks using it leads to more consumers ☺
# 21:37 
gRegor Sounds right. I think that's why I used h-app and h-x-app on indiebookclub.
# 21:41 
GWG I still would like to propose moving to Web Manifests over h-app. But that's me
# 21:43 
[tantek] that could be more than necessary
# 21:43 
[tantek] I'd advocate re-assessing the minimum viable needs of the use-case
# 21:43 
GWG This is the only time I have advocated for a side file, I think.
# 21:44 
[tantek] the common problem/challenge here seems to be one of overdesigned solutions
# 21:44 
GWG [tantek]: How so?
# 21:45 
GWG I'm just not sure h-app works for this purpose.
# 21:45 
[tantek] I'm not disagreeing with that
# 21:45 
GWG [tantek]: What would you propose? You are an out of the box thinker.
# 21:46 
GWG This is for an indieauth endpoint to get information about a client accessing it
# 21:46 
[tantek] GWG, see above: "re-assessing the minimum viable needs of the use-case"
# 21:46 
[tantek] ^ then document that
# 21:48 
GWG Well, minimum viable is similar to what you'd expect on an h-card
# 21:48 
GWG Name, URL, icon(as opposed to photo)
# 21:48 
GWG Probably a client summary
KartikPrabhu joined the channel
# 22:10 
[tantek] h-card has a lot, so "similar to what you'd expect" is not at all *minimum*
tetov-irc joined the channel
# 22:14 
GWG [tantek]: Yes. I meant minimum h-card.
# 22:14 
GWG But what else might be needed for an application
# 22:15 
GWG Trying to think, everything else seems extra
# 22:20 
[tantek] GWG, re-using from h-card is good, however just saying "minimum h-card" doesn't actually say much more than "minimum"
# 22:20 
[tantek] as in, you need to figure out why (for what use-cases) you need specific properties
# 22:21 
[tantek] rather than saying, start with the format/protocol
# 22:21 
GWG I think I will... it's a problem I have
# 22:29 
gRegor I think the minimum need for an IndieAuth server is: URL (client_id). Nice to haves: app logo, app name.
# 22:32 
GWG gRegor: Good point
# 23:02 
[jacky] think there's a typo in https://www.w3.org/TR/webmention/#webmention-verification-p-3
# 23:02 
[jacky] it mentions `<img href="*">` but that doesn't seem to be a valid property of `<img>`
rockorager joined the channel
# 23:08 
[tantek] jacky++ indeed, that should be img src
# 23:08 
Loqi jacky has 17 karma in this channel over the last year (60 in all channels)
# 23:08 
[tantek] file the issue! 🙂
# 23:09 
[tantek] in other news, I think I finally have a solid use-case for implementing reacji backfeed display, this comment got more reactions than I think anything I've posted to GitHub: https://github.com/mozilla/standards-positions/issues/453#issuecomment-888225596
# 23:09 
Loqi [tantek] I have user-surveillance and user-control concerns about the Idle Detection API. Even with the required 60 second mitigation, it can be used for monitoring a user’s usage patterns, and manipulating them accordingly. (Also noted in Mozilla’s forma...
# 23:13 
[tantek] what are reactions
# 23:13 
Loqi reactions refer to the subset of responses/interactions with a post that are quicker, more impulsive, but still a conscious act, typically a simple UI gesture without writing any content, such as likes (reacji), reposts, bookmarks, or perhaps multiple simple UI gestures, such as selection a text range and posting a quotation of part of a post, or picking a person from a list to post an invitation as a response to seeing an event https://indieweb.org/reactions
# 23:15 
[tantek] First cut I'm thinking of filtering everything through an allowlist
# 23:15 
[tantek] based on the kinda nonsense that happens on Twitter these days. Can't trust / expect that any particular icon / alias / profile URL won't have something nasty/spammy in it
# 23:16 
[tantek] kinda mixed on whether to show counts or not (e.g. like GitHub does for /reacji)
[snarfed] joined the channel
# 23:18 
[snarfed] [tantek] ruh roh, I don't think Bridgy backfeeds emoji reactions on GH comments right now, just issues/PRs
# 23:21 
[snarfed] looks like they're in the API, https://docs.github.com/en/rest/reference/reactions#list-reactions-for-an-issue-comment . feel free to file a feature request!
# 23:24 
[tantek] oh hey! thanks snarfed
# 23:44 
[tantek] done! https://github.com/snarfed/bridgy/issues/1076
# 23:44 
Loqi [tantek] #1076 Feature request: Bridgy backfeed reacjis on POSSEd comments