#dev 2022-04-02

2022-04-02 UTC
darkkirb, johnnrs[d], cybi, jacky, p, hans63us[d] and angelo joined the channel
#
[fluffy] yeah I’ve long maintained that sqlite is actually a pretty good db system for much larger scale than people give it credit for
#
[fluffy] I’ve never even bothered setting up postgres or mysql on my server because I just plain haven’t needed it, despite the *dire warnings* from nextcloud
#
[fluffy] well, that’s not quite true, at one point I installed postgres just to keep nextcloud happy, but the performance was no better and it crapped itself during an upgrade, so I went back to sqlite 😛
cybi, mro, gRegor, angelo and tetov-irc joined the channel
#
beler hi all, there is this login with domain functionality in indieweb. is is possible to support multiple users per domain? maybe something like user1@domain.tld, user2@domain.tld,... as a username ?
#
sknebel login is with urls, not domains
#
sknebel so yes, you can do domain.tld/user1, domain.tld/user2, ...
#
beler is it possible to use email-adress style also?
#
sknebel no
#
beler whats the reson indieweb dont support that?
#
sknebel its not needed
#
sknebel and adds an extra layer of complexity of "how do you get from that to a URL"
#
beler it doesn matter with url path I choose right? can also be /.../..../user1
#
sknebel yes
#
sknebel you can also set it up so that long path gets discovered during the login process. so the user starts authentication by putting in "example.com", and then during the login example.com figures out "ok, this is user1", and then at the end tells the site you are logging into the full path for user1
mro joined the channel
#
beler interessting,can you elaborate that user writes domain.tld , press login, then ..how is the user path found?
#
beler without further user interactions, maybe using browser cookies?
cybi joined the channel
#
beler does redirection plays a role?
#
sknebel to verify the user the authorization endpoint at the site the user put in gets called
#
sknebel that then checks "yes, that is indeed a user I know and they confirm their identity"
#
sknebel and confirms that to the site thats being logged into
#
sknebel and as part of the confirmation it provides the site with the identity for the user
#
sknebel (to compare it with a standard OAuth2 flow, it's similar: if you do a "login with Google" on some site, the site also doesnt know who you are. it sends you to Google to confirm the login, and then Google tells the site "this is user XYZ")
#
sknebel IndieAuth modifies OAuth2 in that the site doesnt have a fixed list of "Login with XYZ" providers it supports
#
sknebel but the user provides which site/URL they want to login with
#
beler so I can put <link rel="me" href="https://domain.tld/authEndpoint" /> on https://domain.tld and the user can now login with "https://domain.tld" which is then redirected to the authEndpoint for this domain
#
beler on the endpoint it is figured out which user it is
#
beler after that the endpoint confirms to the app login was successfull or not
#
sknebel ah, confusion what we are talking about. the rel=me thing is not our main concept for auth, it doesn't have that
#
sknebel I was talking about IndieAuth spec, that does
#
sknebel (there you use <link rel="indieauth-metadata" ...> or (older, but still common) <link rel="authorization_endpoint" ...>)
#
beler why should I use indieauth instead of the rel=me ? this rel=me thing seems so beautifully simple
#
sknebel but it delegates to external providers
#
sknebel which is nice for onboarding for people who use them, but not that great to require people to use Twitter/Github/... when we want to help them be able to not need them
#
sknebel and it only covers authentication
#
beler its great for onbaoarding, yes. I experienced it as super simple. I was using "mailto:" because I dont have socialmedia :P
#
beler so indieAuth covers more than auth? name misleading?
#
sknebel authorization also starts with auth ;)
#
sknebel (yes, that's annoying, but its the standard terms in the field...)
#
sknebel i.e. the standard example is that with IndieAuth I can also give someting I log into access to my site. e.g. I can log into a micropub client and authorize it to create posts on my site. you can't do that with just authentication
#
sknebel and there is (badly named) indieauth.com as a bridge between the two. it provides an indieauth endpoint, but for the step where it checks if you are actually use (authentication) it uses rel=me auth
#
sknebel (need to run, but if you have more questions just ask and hopefully someone else can jump in or I'll read them when I'm back :))
#
beler I now understand how the relme auth works, time to dig deeper into indieauth. I want to understand the basics and dont want to install a plugin that just works out of the box. can you recommend me ressources (https://indiewebify.me/ was a good tutorial to understand relme ) ?
#
beler thanks sknebel for answering my questions!
#
aaronpk I didn't read the whole convo here but this is a guide I wrote that hopefully explains some https://aaronparecki.com/2021/04/13/26/indieauth
jacky joined the channel
#
chewing_bever very nice, i just deployed my website's backend written in Rust! now i can start implementing some indieweb features such as webmention, it's also a lot nicer to upload a tarball containing my site instead of having to redeploy a docker image every time
#
jacky oh a fellow Rust site owner!
#
jacky chewing_bever: we have a Rust microformats2 parser https://gitlab.com/maxburon/microformats-parser
#
jacky and I have a library of some common operations at https://docs.rs/indieweb/latest/indieweb/
mro joined the channel
#
jacky I'd love any feedback as it's mainly a shared refactoring of common things like figuring out what's a post, how to start IndieAuth and the likes
#
chewing_bever oh interesting, i'm gonna bookmark those actually
#
jacky I do have to work on the docs
#
chewing_bever i was planning on implementing everything myself just for fun, but ill probably be taking some inspiration from your work
#
jacky but the webmention implementation there is fully tested against the spec
#
jacky oh totally - and I'm very open to feedback/ideas/etc
#
jacky I'd love to follow your progress as well - cross pollination of ideas lol
#
chewing_bever well i'm still at square one right now, i literally just switched from Nginx to axum ;p
#
chewing_bever https://git.rustybever.be/Chewing_Bever/site-backend
#
chewing_bever here's the code tho
#
chewing_bever kinda happy with the deploy process rn tbh, my ci builds my hugo static frontend, puts it in a tarball & POSTs it to my backend
#
chewing_bever so rn my server really is just a static file server, but i needed a base to start implementing other features, such as webmention
#
jacky oh you use Woodpecker! that's the fork of Drone
#
chewing_bever yessir, love using it, got a few runners set up, i use it a lot actually
mro and cybi joined the channel
#
capjamesg[d] https://news.ycombinator.com/item?id=30884383
#
capjamesg[d] I love that sentiment.
#
Loqi [anotherevan] “There are two ways to write code: write code so simple there are obviously no bugs in it, or write code so complex that there are no obvious bugs in it.” — Tony Hoare
chenghiz_, cybi and mro joined the channel
#
capjamesg[d] I didn’t realize there were pushes for interoperable messaging applications.
#
capjamesg[d] https://www.theguardian.com/commentisfree/2022/apr/02/is-the-end-nigh-for-end-to-end-for-encryption-whatsapp
#
capjamesg[d] Is this the kind of thing that people want?
#
capjamesg[d] I’m surprised I haven’t heard more about this.
#
[snarfed] yeah DMA is pretty huge. it'll take a year or two to shake out how much of it actually survives, how enforcement works, etc. but it's huge
#
aaronpk brushes up on his Go skills to try to contribute to this owncast indieauth PR
#
capjamesg[d] [snarfed] are there any good summaries?
#
capjamesg[d] The article I just skimmed was opinion so I’d like abother source.
#
capjamesg[d] *another
#
capjamesg[d] Oh wow.
#
capjamesg[d] I just read the Wikipedia page. This is very big indeed.
#
capjamesg[d] I am all for interoperability but am a bit concerned about it from the security perspective.
#
capjamesg[d] I don’t know how hard it is to implement end to end encryption but I would bet it required a large amount of work and very specific knowledge.
#
capjamesg[d] [snarfed] how much of this legislation do you think will get through without being watered down?
#
capjamesg[d] This seems like it could be a battle comparable to Disney and it’s copyright protection interests.
jacky, ShinyCyril and cjw6k joined the channel
#
[snarfed] yup. I'm no expert on EU governance, I just know it'll be a big deal for big tech if even a fraction of it gets through
#
[snarfed] incuding the penalties. up to 10-20% of global revenue!
ShinyCyril, mro and cybi joined the channel
#
@kinduff ↩️ Utterances is pretty nice, or you can always go full blown Webmention https://indieweb.org/Webmention (twitter.com/_/status/1510330944372281346)
#
jamietanna aaronpk do you know if OwnCast use a "real" OAuth library? I recently did a Go OAuth integration for micropub-go (https://gitlab.com/jamietanna/micropub-go/-/commit/76e6430bb90f6b74e418b5b311d4d3bdb3e472d8) that may be of interest for inspiration
#
jamietanna Ignore me, I scrolled back and found https://chat.indieweb.org/dev/2022-04-01/1648849793227200 with the PR link
#
aaronpk It's all hand rolled looks like
#
aaronpk Ooh so you were able to use an OAuth library for yours tho? That's a good sign
#
aaronpk jamietanna: Is the OAuth library you used listed here? If not can you add it? https://oauth.net/code/go/
#
jamietanna aaronpk yes it's the client library in there, and then I used an additional library for PKCE, as that's not out-of-the-box
#
jamietanna yeah I think given we're now more extension-to-OAuth2 it makes it much easier
#
jamietanna (whereas before I saw it more as extension-and-some-tweaks-to-OAuth2)
#
[tantek] this seems like it would resonate with folks here: https://dev.to/tigt/making-the-worlds-fastest-website-and-other-mistakes-56na
#
[tantek] what is performance
#
Loqi Performance typically refers to the speed, responsiveness, and initial load of a website; performance may also refer to the post type, performance https://indieweb.org/performance
#
[tantek] performance << 2022-03-15 [https://dev.to/tigt/making-the-worlds-fastest-website-and-other-mistakes-56na Making the world’s fastest website, and other mistakes]
#
Loqi ok, I added "2022-03-15 [https://dev.to/tigt/making-the-worlds-fastest-website-and-other-mistakes-56na Making the world’s fastest website, and other mistakes]" to the "See Also" section of /performance https://indieweb.org/wiki/index.php?diff=80583&oldid=76299
niklasfyi[d] and ShinyCyril joined the channel
#
jamietanna aaronpk do you know how we'd go about testing the OwnCast PR? Got it running locally, but can't work out where to go to log in
#
jamietanna For anyone else looking, once we build it, https://www.vultr.com/docs/how-to-use-owncast-with-obs-on-ubuntu-20-04 i.e. can be used to get a stream started
ShinyCyril and gRegor joined the channel
#
jamietanna but no dice on how to get to the login view :thinking:
ShinyCyril joined the channel
#
aaronpk jamietanna: Start a stream to it then there's a little lock icon above the chat
#
aaronpk its only for logging in to the chat interface right now
totertats, nonhymn[d], nertzy, ShinyCyril, cybi, tetov-irc, [jgmac1106]1 and Murray[d] joined the channel