#dev 2021-10-20

2021-10-20 UTC
angelo, gRegorLove_, [timothy_chambe] and maxwelljoslyn[d] joined the channel
#
@ruxton ↩️ It's still going places, so far it's resulted in tools and W3C Recommendations for implementations. https://www.w3.org/TR/micropub/ https://www.w3.org/TR/indieauth/ https://www.w3.org/TR/webmention/ https://www.w3.org/TR/websub/ (twitter.com/_/status/1450693551130484741)
nertzy, nertzy_ and jonnybarnes joined the channel
#
capjamesg[d] I can't believe this: https://twitter.com/pythonanywhere/status/1450423670611095556
#
@pythonanywhere We're updating our systems tomorrow in the US at 06:00 UTC. We expect around 30m downtime. EU sites will not be affected. (twitter.com/_/status/1450423670611095556)
#
capjamesg[d] I went to my Micropub endpoint and noticed it was "down for maintenance."
#
capjamesg[d] So is my webmention receiver. microsub server, and IndieAuth server.
#
Ruxton whats not to believe? ;)
#
capjamesg[d] I didn't expect to see my sites down for maintenance when it was the provider who was down for maintenance.
#
capjamesg[d] 😄
#
Ruxton I dont understand why more live production sites dont do zero-downtime deploys
#
capjamesg[d] I was a bit confused because I haven't seen this on any other provider before.
#
capjamesg[d] But then again I only use PythonAnywhere for "site hosting" and have servers for everything else.
_kimberlyhirsh[d, rhiaro_, lanodan_ and mikeputnam1 joined the channel
#
@capjamesg Building a “boutique” search engine is difficult but worth it if you have a clear goal in mind. I am building one for the #indieweb community: All the code is open-sourced too :) (https://jamesg.blog/webmentions/2021-10-20-579) https://twitter.com/sariazout/status/1450456864949407745 (twitter.com/_/status/1450720252497641472)
hala-bala[m] and LaBcasse[m] joined the channel
#
[tantek] capjamesg[d]++
#
Loqi capjamesg[d] has 15 karma in this channel over the last year (30 in all channels)
#
[tantek] For those of you following along on the web technologies / sustainability debates (which I figure most #indieweb-devfolks are), I organized and led the first (AFAIK) W3C session on Environmental Concerns and Sustainability (s12y) of Web Technologies tonight at this week's TPAC. Minutes here: https://www.w3.org/2021/10/19-sustainability-minutes.html (it gets a bit contentious at times)
#
capjamesg[d] [tantek] I just sent you a Yo.
#
[tantek] Am I supposed to respond with a Lo?
#
capjamesg[d] A yo is fine 😄
kogepan joined the channel
#
Ruxton cheers
#
Ruxton thats a great topic of convo tantek
hendursa1 joined the channel
#
@fullofdev Free webmention service for dev http://dlvr.it/S9wzW7 (twitter.com/_/status/1450743100322639873)
Jamietanna1, [snarfed]1, [calumryan]1, [timothy_chambe], schmudde, [grantcodes], tetov-irc, Nuve, jjuran and akevinhuang joined the channel
#
@pstuifzand I just noticed Home Assistant supports Indieauth to get access tokens. That's great! https://p83.nl/p/1611 (twitter.com/_/status/1450791003779182603)
schmudde and Nuve joined the channel
#
@fundor333 Webmentions for your Static Site https://buff.ly/2Z4QpAk (twitter.com/_/status/1450809089555107859)
#
capjamesg[d] Interesting. https://www.flickr.org/
[manton] joined the channel
#
[manton] That sounds great.
#
[KevinMarks] thats a good idea, there is a chunk of web tech history that is well documented on flickr
jonnybarnes joined the channel
#
[manton] It makes me want to support pushing photos to Flickr automatically as an extra backup. Always nice to see companies committed to long-term storage.
#
[jacky] Indeed!
#
Murray[d] Makes me wish they could somehow absorb the old Arkive archive (which I truly hope is saved *somewhere* 😦 )
hans1963[d], hendursaga and schmudde joined the channel
#
[tantek] That's pretty impressive. It's like the opposite of a "This has been a great journey" type announcement
#
[fluffy] My brain immediately went to “imagine a Tumblr foundation”
[Jason_Heppler] joined the channel
#
[Jason_Heppler] Wow. As someone who works adjacent to the cultural heritage world, this is pretty exciting.
#
[schmarty] oof, i am having trouble with my (old and spec-rotted?) indieauth endpoint for a site and quill 🤔
#
[schmarty] upon redirect back to quill i get: invalid_request Invalid code provided.
#
aaronpk here's the major diffs https://aaronparecki.com/2020/12/03/1/indieauth-2020
#
aaronpk shouldn't be too much to change
#
Loqi [Aaron Parecki] IndieAuth Spec Updates 2020
#
[schmarty] i see the code has an encoded %3A (':') in it. maybe that's the source of the issue?
#
aaronpk that's odd
#
aaronpk the authorization code?
#
@typlog In case you don’t know, Typlog can receive tweets as comments. Check out https://typlog.com/integrations/webmention (twitter.com/_/status/1450849398531915779)
#
[schmarty] yeah, the code looks to be two hex-encoded sections and the scopes string, joined by ':' chars which get encoded
#
[schmarty] (this is from my extremely quick-and-messy port of the PHP standalone auth endpoint + mintoken)
#
[schmarty] example code value in the URL (sorry) `17c9e63008f%3A82365156c67d784549767be53b8966315a6888eb4473d51e75dc4d36cf8dcdb4%3Acreate update media`
#
aaronpk i suspect the space might be messing it up
#
[schmarty] good call. spec shows an example with spaces encoded as + so i will go for that.
#
aaronpk yeah if the auth code has a space in it, then it will need to be urlencoded by the time it's used in a url. either + or %20 should work
#
aaronpk i hope that middle chunk is a signature tho otherwise you have a big problem with putting scopes in that authorization code itself
#
[schmarty] yeah, it's an expiry:signature:scopes string.
#
[schmarty] really weird that these spaces aren't getting encoded. this is using node's querystring.stringify 🤔
#
[KevinMarks] [capjamesg] you should have a response to your yo
#
[schmarty] aaronpk: ah, my browser is showing these as spaces in the URL bar but the `location` header from the endpoint is encoding them as `%20`
gRegor joined the channel
#
[schmarty] i can't seem to find where the exact error message "Invalid code provided" comes from. it's not a string match in any of the repos i guessed 🤔 aaronpk/Quill, indieweb/indieauth-client-php, or aaronpk/p3k-utils
#
aaronpk Is it coming from your auth endpoint?
#
[schmarty] hahahaha great question. it is not! my endpoint would have responded with "Verification Failed" "Given Code Was Invalid"
#
Loqi nice
#
[schmarty] wonder if i'm gonna have to take this thing apart and put it back together.
hendursaga joined the channel
#
[schmarty] oh! hmm. i was incorrect before - this is _only_ an auth endpoint. this site is set up to use tokens.indiauth.com/token as its token endpoint. was the old token endpoint<=>auth endpoint functionality removed once it was removed from the spec? 🤔
#
[schmarty] oh weird. the current indieauth-client-php doesn't mention "Invalid code provided" but it seems to be in older versions, like this one vendored into Inkblot https://github.com/dissolve/Inkblot/blob/32fee18df253457d1e625c7cc0fad3d427fd01e3/libraries/indieauth-client-php/README.md
jonnybarnes joined the channel
#
aaronpk i haven't touched tokens.indieauth.com it should still be working
#
[jacky] heh "touched"
#
[jacky] sounds like it's slightly out of fear
#
[schmarty] strange. i can confirm that neither quill nor micropublish.net actually make a POST to redeem the code at the auth endpoint 🤔
#
[schmarty] but my older client https://screech.schmarty.net/ does.
#
[schmarty] actually i should check to see where that request is coming _from_.
#
aaronpk wait, quill will want an access token so it will be exchanging the auth code at the token endpoint
#
[schmarty] right. then i'd expect the token endpoint to make the request to the auth endpoint to verify the code before making the token.
#
aaronpk tokens.indieauth.com should be doing that yeah
#
[schmarty] well i had a theory that tokens.indieauth.com is having trouble talking to the auth endpoint server but since an older client is able to finish the token process then i guess that can't be true...
#
capjamesg[d] You sent me a sheep [KevinMarks] 🐑
KartikPrabhu joined the channel
#
aaronpk hm i did make one change to tokens.indieauth.com in nov 2020 for compatibility
#
[schmarty] nothing in that diff jumps out at me. 🤔
#
nekr0z [snarfed]1: Mastodon gives Bridgy Fed a 401 again: https://fed.brid.gy/log?key=https%3A%2F%2Fevgenykuznetsov.org%2Fen%2Fposts%2F2021%2Fcovid%2F+https%3A%2F%2Ffed.fab.industries%2Finbox&start_time=1634743151
#
[tantek] sheep reacji posts could be the modern (less violent?) equivalent of throwing sheep
#
[snarfed]1 nekr0z ugh sorry, thanks for the heads up
#
sknebel Hm, there should be a "flying" modifier for Emojis.
#
capjamesg[d] Oh, i get the reference now.
#
aaronpk [schmarty]: i'm seeing a bunch of requests in the logs to tokens.indieauth.com from between 15:39 and 16:15 UTC was that you?
#
aaronpk (1+ hour ago)
#
[schmarty] could be! that sounds like the time period within which i have been trying to sign into quill. i was doing so with regular browser sign-in flow, so "a bunch" would be on the order of low dozens if they were from me.
#
aaronpk sounds right
#
capjamesg[d] I just responded to your sheep [KevinMarks].
#
[snarfed]1 nekr0z I followed up in https://github.com/snarfed/bridgy-fed/issues/77#issuecomment-947874773
#
Loqi [snarfed] Looked at this again just now, and compared against the Mastodon req'ts in https://github.com/snarfed/bridgy-fed/issues/73#issuecomment-752368299 . Both of these URLs are redirecting to Bridgy Fed ok and serving a valid Webfinger response with public...
#
Loqi [snarfed]1 has 2 karma over the last year
#
nekr0z [snarfed]1++
#
capjamesg[d] [KevinMarks] It is easy for me to send Yos now: https://jamesg.blog/assets/UEFzZ-micropub.png
#
capjamesg[d] One button click and I can populate a Yo.
#
[KevinMarks] Previously http://www.kevinmarks.com/notinourstars.html
#
Loqi Not in our Stars 2015-11-08
#
capjamesg[d] I just sent a Reacji to that post.
#
capjamesg[d] I thought it was fitting.
#
capjamesg[d] Oh, it's not sent yet. It will be sent soon.
#
aaronpk [schmarty]: i just added some verbose logging, can you try logging in real quick?
#
[schmarty] aaronpk: done!
#
aaronpk aha
#
aaronpk quill is doing the new thing of not sending the "me" parameter to the token endpoint, so tokens.indieauth.com now falls back to using indieauth.com as the auth endpoint
#
aaronpk so "Invalid code provided" is coming from indieauth.com/auth
#
[schmarty] ahaaaaaaaaaaaaaaaaaa 🤔
#
aaronpk so basically new indieauth clients don't work with indieauth servers that don't coordinate on splitting the token/auth endpoints
#
[KevinMarks] In theory I can see the reacji come in in réal time
#
aaronpk e.g. if you want to use a standalone token endpoint, you need to have a way to tell that token endpoint where your auth endpoint is
#
[schmarty] aaronpk: i can't imagine that tokens.indieauth.com is ready with a workaround for this, so i'll need my own token endpoint that knows where this auth endpoint lives.
#
[schmarty] KevinMarks 😂
#
aaronpk i mean i could do a cheap workaround
#
[tantek] This whole "post a reacji (to an indieweb post)" rabbithole has led me to finally considering a "[x] Syndicate to Twitter" checkbox, and what its default state should be (guessing my desired intent), and are there cases where it should be completely hidden (because it would be nonsensical or bad to syndicate a specific post to Twitter)
#
[schmarty] something like including the auth endpoint URL as a parameter in the tokens.indieauth.com endpoint URL?
#
aaronpk like adding the authorization endpoint in the query string of your token endpoint, so you'd update your token endpoint to https://tokens.indieauth.com/?authorization_endpoint=https://befitting-price.glitch.me/
#
aaronpk i think that would not require any changes in quill or other indieauth clients
#
[tantek] who here has such an option in their posting UIs? "[x] Syndicate to Twitter" - besides [Jeremy_Keith] (who has a nice slick slider thingie). Micropub clients?
#
[tantek] will wait for the IndieAuth chat to conclude first
#
[schmarty] aaronpk: i'd be entirely willing to try that out if you're game. trying to think through the security implications. it feels a liiiiittle weird to me.
#
aaronpk definitely weird
#
nekr0z [tantek]: I do have exactly that, but my posting UI is not Micropub.
#
aaronpk i'm also not sure it's necessarily worse than what we have today 😂
#
[schmarty] tantek: Quill, Micropublish, and other Micropub clients often have checkboxes to syndicate based on the syndication options in your Micropub config.
#
aaronpk well this is a quick thing to try right now
#
aaronpk [schmarty]: k try now
#
[schmarty] one sec, gotta update my token endpoint descriptor!
pstuifzand joined the channel
#
aaronpk [tantek]: micropub has a mechanism for the server to send a list of places to syndicate to so the client can show those checkboxes! works great
#
[schmarty] fun! i got an UI change to quill when signing in - it asked what scopes it should ask for.
#
[schmarty] /hacker voice: i'm in/
#
aaronpk well cool
#
[schmarty] aaronpk++ gosh thank you soooo much for helping debug that.
#
Loqi aaronpk has 34 karma in this channel over the last year (111 in all channels)
#
aaronpk hopefully i didn't just create a giant security hole
#
aaronpk if that ends up being a bad idea i can do something with hardcoded values that will be safer
#
[schmarty] hahaha, yeah, i am not sure. i am tempted to suggest encoding the `me` value in the token_endpoint URL, instead, but that would require tokens.indieauth.com to do discovery to find the authorization_endpoint.
#
Loqi ahahahaha
#
[jacky] Loqi, that's a bit mean, lol
#
[schmarty] (which maybe it should do anyway in order to verify that it is supposed to be handling tokens for that site? 🤔)
#
capjamesg[d] [tantek] I have a syndicate dropdown in my Micropub client. Currently I can only syndicate to one place though which is fine because I only support Twitter syndication. I should make it a checkbox instead of a dropdown.
#
[tantek] nekr0z, awesome, can you add a screenshot of your posting UI to /create#IndieWeb_Examples
#
capjamesg[d] Hm. I just found /microsyntax. (it was linked in one of your blog posts [KevinMarks] Super cool!
#
aaronpk adding `me` to the token endpoint URL would be more similar to how it worked before the nov 2020 change
#
nekr0z [tantek], my UI is a Hugo source file opened in vim. The front matter part contains 'posse_twitter = true' by default :-)
#
capjamesg[d] Keeping it simple nekr0z 🙂
#
[snarfed]1 afaik Known, GWG's WordPress plugins, and a number of other posting UIs have checkboxes for syndicating to various silos, including Twitter
#
[tantek] nekr0z++ awesome
#
Loqi nekr0z has 6 karma in this channel over the last year (7 in all channels)
#
[snarfed]1 and obviously lots of silo UI examples too
#
[tantek] snarfed, looking for screenshots of said syndication UIs 🙂
#
[schmarty] ahahaha well after all that it looks like my janky micropub endpoint isn't quite rendering templates correctly so i confirmed that quill did all the right things but the whole post just became "undefined".
#
aaronpk ooooops
#
[schmarty] marvels at the bit rot
#
[snarfed]1 let's see. not seeing any screenshots on https://wordpress.org/plugins/syndication-links/ but I bet GWG has some
#
Loqi [David Shanske] Description It supports adding rel-syndication/u-syndication links to your WordPress posts, pages, and comments, indicating where a syndicated copy is, in the form of a text or icon link. You can do this manually and some plugins support automatica...
#
[snarfed]1 second screenshot on https://boren.blog/2018/03/10/posse-wordpresscom-microblog-twitter/ is wp.com/Jetpack's
#
[tantek] and looks like adactio's screenshots /create aren't rendering for some reason
#
[snarfed]1 screenshots on https://help.micro.blog/t/cross-posting-to-twitter-medium-mastodon-and-more imply that micro.blog doesn't have per-post checkboxes, only always-on? not sure, cc [manton]
#
[snarfed]1 Known screenshots: https://withknown.com/guides/beginner/social-connections/#publishing-to-social-networks
#
[tantek] I do like the sliders that light-up with a color when "on" that adactio has: https://indieweb.org/create#per_silo_POSSE_toggles
#
[snarfed]1 silo UI screenshots (eg Instagram's) left as an exercise for the reader 😎
#
[tantek] agreed. In that regard I like Swarm's UX
#
[KevinMarks] didn't Known deprecate that?
#
[schmarty] whew. fixed up my janky micropub endpoint.
kogepan joined the channel
#
GWG Note to self, add screenshots
#
aaronpk screenshots++
#
Loqi screenshots has 1 karma over the last year
#
[manton] [snarfed] That’s correct about no per-post option for POSSE. You can disable it and then enable it again as a work-around. I get this request pretty often, and there are 2 reasons I haven’t done it: 1) I feel like it adds a little extra fiction when writing if you think about the target audience too much; and 2) Because it works with any feed anywhere, it’s a bit tricky to keep track of what post needs to be cross-posted, e.g.
#
[manton] write in Micro.blog iOS, post to WordPress, then M.b sucks the RSS/JSON feed back in and figures out whether to send it to Twitter.
Darius_Dunlap[d] joined the channel
#
[tantek] [manton] I can relate to some of those challenges. I built my posting system with the assumption that everything by default would be syndicated to Twitter, and unwinding that assumption has been a challenge.
#
[tantek] It's like baked into every post is a sense of "has this been syndicated to Twitter yet?" "if not then when should it be"
#
[tantek] I'm wondering about capturing the authortime intention of "no I don't want this syndicated to Twitter etc." on a post so that it's not even something I'm asked in the UI
#
[tantek] re: "figures out whether to send it to Twitter"
jonnybarnes, tetov-irc and [aciccarello] joined the channel
#
GWG [tantek]: That's why I don't autoposse to anywhere. I'm waiting for better logic
#
[tantek] GWG, that makes sense also
#
GWG [tantek]: I think I told you the LiveJournal import story, didn't I?
#
[tantek] not that I remember
#
GWG I thought you were at a session when I said it
#
[tantek] oh maybe in-person?
#
GWG Yes, in person. When I imported my 10 year old LJ entries to my site, it triggered Twitter autoposse
#
[tantek] if this is about importing posts causing all the same effects as an author creating new posts, then that's a bug in the import code.
#
GWG I had to quickly delete the tweets
#
GWG It was, but I turned off auto posting and never turned it back on after that, which was 2004
#
GWG Still nervous about it without better code
#
GWG Also, we discussed one aspect of it during the Micropub pop-up last year... adding post type to the Micropub syndication target query to get results more customized to the type
#
[tantek] backfill << Pro-tip: do not treat or implement backfilling or any kind of importing as posts as any kind of scripted or automated creating of posts. There's a huge difference between an author creating a post (e.g. via Micropub), and creating post entries directly into storage and rebuilding any indices or archive pages accordingly. Be sure to do the latter, not the former.
#
Loqi ok, I added "Pro-tip: do not treat or implement backfilling or any kind of importing as posts as any kind of scripted or automated creating of posts. There's a huge difference between an author creating a post (e.g. via Micropub), and creating post entries directly into storage and rebuilding any indices or archive pages accordingly. Be sure to do the latter, not the former." to the "See Also" section of /backfill https://indieweb.org/wiki/index.php?diff=77553&oldid=68109
#
[tantek] "auto posting" is only symptom of that mistake, and turning off auto posting is not actually fixing the problem.
#
[tantek] If import/backfill is implemented as "create post" in the same way that a user creates posts, then it's a buggy implementation and it will have a lot of potentially problematic side-effects
#
GWG I turned off the code, which I didn't write, and wrote my own. I just never added that feature. But I did at a...don't publish anything with a publish date of more than X number of minutes check
#
[tantek] turned off which code, the import code?
#
GWG [tantek]: WordPress plugin I was using. I switched to using my own code to trigger Bridgy