#dev 2022-04-02

2022-04-02 UTC
darkkirb, johnnrs[d], cybi, jacky, p, hans63us[d] and angelo joined the channel
#
[fluffy]
yeah I’ve long maintained that sqlite is actually a pretty good db system for much larger scale than people give it credit for
#
[fluffy]
I’ve never even bothered setting up postgres or mysql on my server because I just plain haven’t needed it, despite the *dire warnings* from nextcloud
#
[fluffy]
well, that’s not quite true, at one point I installed postgres just to keep nextcloud happy, but the performance was no better and it crapped itself during an upgrade, so I went back to sqlite 😛
cybi, mro, gRegor, angelo and tetov-irc joined the channel
#
beler
hi all, there is this login with domain functionality in indieweb. is is possible to support multiple users per domain? maybe something like user1@domain.tld, user2@domain.tld,... as a username ?
#
sknebel
login is with urls, not domains
#
sknebel
so yes, you can do domain.tld/user1, domain.tld/user2, ...
#
beler
is it possible to use email-adress style also?
#
beler
whats the reson indieweb dont support that?
#
sknebel
its not needed
#
sknebel
and adds an extra layer of complexity of "how do you get from that to a URL"
#
beler
it doesn matter with url path I choose right? can also be /.../..../user1
#
sknebel
you can also set it up so that long path gets discovered during the login process. so the user starts authentication by putting in "example.com", and then during the login example.com figures out "ok, this is user1", and then at the end tells the site you are logging into the full path for user1
mro joined the channel
#
beler
interessting,can you elaborate that user writes domain.tld , press login, then ..how is the user path found?
#
beler
without further user interactions, maybe using browser cookies?
cybi joined the channel
#
beler
does redirection plays a role?
#
sknebel
to verify the user the authorization endpoint at the site the user put in gets called
#
sknebel
that then checks "yes, that is indeed a user I know and they confirm their identity"
#
sknebel
and confirms that to the site thats being logged into
#
sknebel
and as part of the confirmation it provides the site with the identity for the user
#
sknebel
(to compare it with a standard OAuth2 flow, it's similar: if you do a "login with Google" on some site, the site also doesnt know who you are. it sends you to Google to confirm the login, and then Google tells the site "this is user XYZ")
#
sknebel
IndieAuth modifies OAuth2 in that the site doesnt have a fixed list of "Login with XYZ" providers it supports
#
sknebel
but the user provides which site/URL they want to login with
#
beler
so I can put <link rel="me" href="https://domain.tld/authEndpoint" /> on https://domain.tld and the user can now login with "https://domain.tld" which is then redirected to the authEndpoint for this domain
#
beler
on the endpoint it is figured out which user it is
#
beler
after that the endpoint confirms to the app login was successfull or not
#
sknebel
ah, confusion what we are talking about. the rel=me thing is not our main concept for auth, it doesn't have that
#
sknebel
I was talking about IndieAuth spec, that does
#
sknebel
(there you use <link rel="indieauth-metadata" ...> or (older, but still common) <link rel="authorization_endpoint" ...>)
#
beler
why should I use indieauth instead of the rel=me ? this rel=me thing seems so beautifully simple
#
sknebel
but it delegates to external providers
#
sknebel
which is nice for onboarding for people who use them, but not that great to require people to use Twitter/Github/... when we want to help them be able to not need them
#
sknebel
and it only covers authentication
#
beler
its great for onbaoarding, yes. I experienced it as super simple. I was using "mailto:" because I dont have socialmedia :P
#
beler
so indieAuth covers more than auth? name misleading?
#
sknebel
authorization also starts with auth ;)
#
sknebel
(yes, that's annoying, but its the standard terms in the field...)
#
sknebel
i.e. the standard example is that with IndieAuth I can also give someting I log into access to my site. e.g. I can log into a micropub client and authorize it to create posts on my site. you can't do that with just authentication
#
sknebel
and there is (badly named) indieauth.com as a bridge between the two. it provides an indieauth endpoint, but for the step where it checks if you are actually use (authentication) it uses rel=me auth
#
sknebel
(need to run, but if you have more questions just ask and hopefully someone else can jump in or I'll read them when I'm back :))
#
beler
I now understand how the relme auth works, time to dig deeper into indieauth. I want to understand the basics and dont want to install a plugin that just works out of the box. can you recommend me ressources (https://indiewebify.me/ was a good tutorial to understand relme ) ?
#
beler
thanks sknebel for answering my questions!
#
aaronpk
I didn't read the whole convo here but this is a guide I wrote that hopefully explains some https://aaronparecki.com/2021/04/13/26/indieauth
jacky joined the channel
#
chewing_bever
very nice, i just deployed my website's backend written in Rust! now i can start implementing some indieweb features such as webmention, it's also a lot nicer to upload a tarball containing my site instead of having to redeploy a docker image every time
#
jacky
oh a fellow Rust site owner!
#
jacky
chewing_bever: we have a Rust microformats2 parser https://gitlab.com/maxburon/microformats-parser
#
jacky
and I have a library of some common operations at https://docs.rs/indieweb/latest/indieweb/
mro joined the channel
#
jacky
I'd love any feedback as it's mainly a shared refactoring of common things like figuring out what's a post, how to start IndieAuth and the likes
#
chewing_bever
oh interesting, i'm gonna bookmark those actually
#
jacky
I do have to work on the docs
#
chewing_bever
i was planning on implementing everything myself just for fun, but ill probably be taking some inspiration from your work
#
jacky
but the webmention implementation there is fully tested against the spec
#
jacky
oh totally - and I'm very open to feedback/ideas/etc
#
jacky
I'd love to follow your progress as well - cross pollination of ideas lol
#
chewing_bever
well i'm still at square one right now, i literally just switched from Nginx to axum ;p
#
chewing_bever
here's the code tho
#
chewing_bever
kinda happy with the deploy process rn tbh, my ci builds my hugo static frontend, puts it in a tarball & POSTs it to my backend
#
chewing_bever
so rn my server really is just a static file server, but i needed a base to start implementing other features, such as webmention
#
jacky
oh you use Woodpecker! that's the fork of Drone
#
chewing_bever
yessir, love using it, got a few runners set up, i use it a lot actually
mro and cybi joined the channel
#
capjamesg[d]
I love that sentiment.
#
Loqi
[anotherevan] “There are two ways to write code: write code so simple there are obviously no bugs in it, or write code so complex that there are no obvious bugs in it.” — Tony Hoare
chenghiz_, cybi and mro joined the channel
#
capjamesg[d]
I didn’t realize there were pushes for interoperable messaging applications.
#
capjamesg[d]
Is this the kind of thing that people want?
#
capjamesg[d]
I’m surprised I haven’t heard more about this.
#
[snarfed]
yeah DMA is pretty huge. it'll take a year or two to shake out how much of it actually survives, how enforcement works, etc. but it's huge
#
aaronpk
brushes up on his Go skills to try to contribute to this owncast indieauth PR
#
capjamesg[d]
[snarfed] are there any good summaries?
#
capjamesg[d]
The article I just skimmed was opinion so I’d like abother source.
#
capjamesg[d]
I just read the Wikipedia page. This is very big indeed.
#
capjamesg[d]
I am all for interoperability but am a bit concerned about it from the security perspective.
#
capjamesg[d]
I don’t know how hard it is to implement end to end encryption but I would bet it required a large amount of work and very specific knowledge.
#
capjamesg[d]
[snarfed] how much of this legislation do you think will get through without being watered down?
#
capjamesg[d]
This seems like it could be a battle comparable to Disney and it’s copyright protection interests.
jacky, ShinyCyril and cjw6k joined the channel
#
[snarfed]
yup. I'm no expert on EU governance, I just know it'll be a big deal for big tech if even a fraction of it gets through
#
[snarfed]
incuding the penalties. up to 10-20% of global revenue!
ShinyCyril, mro and cybi joined the channel
#
@kinduff
↩️ Utterances is pretty nice, or you can always go full blown Webmention https://indieweb.org/Webmention
(twitter.com/_/status/1510330944372281346)
#
jamietanna
aaronpk do you know if OwnCast use a "real" OAuth library? I recently did a Go OAuth integration for micropub-go (https://gitlab.com/jamietanna/micropub-go/-/commit/76e6430bb90f6b74e418b5b311d4d3bdb3e472d8) that may be of interest for inspiration
#
jamietanna
Ignore me, I scrolled back and found https://chat.indieweb.org/dev/2022-04-01/1648849793227200 with the PR link
#
aaronpk
It's all hand rolled looks like
#
aaronpk
Ooh so you were able to use an OAuth library for yours tho? That's a good sign
#
aaronpk
jamietanna: Is the OAuth library you used listed here? If not can you add it? https://oauth.net/code/go/
#
jamietanna
aaronpk yes it's the client library in there, and then I used an additional library for PKCE, as that's not out-of-the-box
#
jamietanna
yeah I think given we're now more extension-to-OAuth2 it makes it much easier
#
jamietanna
(whereas before I saw it more as extension-and-some-tweaks-to-OAuth2)
#
[tantek]
what is performance
#
Loqi
Performance typically refers to the speed, responsiveness, and initial load of a website; performance may also refer to the post type, performance https://indieweb.org/performance
#
[tantek]
performance << 2022-03-15 [https://dev.to/tigt/making-the-worlds-fastest-website-and-other-mistakes-56na Making the world’s fastest website, and other mistakes]
#
Loqi
ok, I added "2022-03-15 [https://dev.to/tigt/making-the-worlds-fastest-website-and-other-mistakes-56na Making the world’s fastest website, and other mistakes]" to the "See Also" section of /performance https://indieweb.org/wiki/index.php?diff=80583&oldid=76299
niklasfyi[d] and ShinyCyril joined the channel
#
jamietanna
aaronpk do you know how we'd go about testing the OwnCast PR? Got it running locally, but can't work out where to go to log in
#
jamietanna
For anyone else looking, once we build it, https://www.vultr.com/docs/how-to-use-owncast-with-obs-on-ubuntu-20-04 i.e. can be used to get a stream started
ShinyCyril and gRegor joined the channel
#
jamietanna
but no dice on how to get to the login view :thinking:
ShinyCyril joined the channel
#
aaronpk
jamietanna: Start a stream to it then there's a little lock icon above the chat
#
aaronpk
its only for logging in to the chat interface right now
totertats, nonhymn[d], nertzy, ShinyCyril, cybi, tetov-irc, [jgmac1106]1 and Murray[d] joined the channel