jamietanna1For media-endpoint queries, are they expected to be only to the separate media-endpoint or can they also be to the micropub endpoint if no media-endpoint is advertised?
jamietanna1> To upload files, the client MUST check for the presence of a Media Endpoint. If there is no Media Endpoint, the client can assume that the Micropub endpoint accepts files directly, and can send the request to it directly.
[schmarty]jamietanna: that language is for clients that need to upload files. if there's no Media Endpoint, file data can be sent to the Micropub endpoint in a multipart POST
[manton]In practice I don’t think this will come up very often. Most likely clients are already going to have auth credentials before they hit anything Micropub.
jamietanna1I guess the question is what sensitive info could really be in there? https://www-api.jvt.me/micropub?q=config is unprotected and I don't think there'd be anything of issue, nor could I see with others?
GWGMicropub Media Endpoints are often implemented as separate services from a site's "main" Micropub endpoint, it may be useful to allow Micropub clients to discover the media endpoint.
jamietanna1I've found that it can be useful for a lot of unauthenticated requests so i.e. I can q=source a post's MF2 when I'm not logged in (i.e. using a browser)
jamietanna1syndication targets make sense - is that because the URLs themselves are sensitive and allow others to post to it, or just because it'll share information of where you _may_ syndicate to?
[manton]I wouldn’t want q=source to be public either because it could contain drafts or private posts. A crawler is probably better served by parsing public h-feeds, RSS, or JSON Feeds.
[schmarty]it also seems like q=config, source, etc might contain different stuff per authenticated user (for multi-user/multi-site endpoints) or per client (e.g. clients might not be allowed to see all syndication targets or sources of posts they didn't make, etc)
[schmarty]in terms of trying to achieve some sort of endpoint <=> client handshaking over capabilities, it seems risky to try and overload q=config to do that. the consuming case needs a lot of speccing out lol
[manton]To get the IndieAuth endpoint, you have to parse HTML that also has the Micropub endpoint. Might as well get them both at the same time! I’m not sure what problem this discussion is trying to solve. 🙂
[schmarty]my main push for separate rel was because a micropub media endpoint can be a separate service from a micropub endpoint, so requiring the micropub endpoint to exist and to "know about" the media endpoint feels like unnecessary coupling.
[tantek]cont'd from #indieweb I've been relatively happy with Dreamhost and my minimal PHP setup there. I think one thing broke once when they upgraded my PHP for me but was able to fix it relatively quickly.
jamietanna1jacky sorry the GitHub example was more "when sharing on GitHub for micropub-extensions" or giving folks an example of what my server supports, which isn't a regular occurrence
[tantek]was there some actual reason given for why people started saying "social graph" instead of "social network"? or was that just Zuckerberg mimickry?
[tantek]I don't remember it being discussed before then. I do remember Zuck speaking to it as if it was a big new thing at F8, and I also remember Brad posting about it basically in response to that
[tantek][KevinMarks] no, there is no occurence of "social graph" in that Wikipedia article "Social network analysis". Yes the word "graph" has been used in discussions of "social networks", however the phrase "social graph" doesn't have prior citaitons
[tantek]tbh I have no idea which the credweb folks would be into. there's some SemWebbers in there, and there's some Googlers in there, and maybe even an overlap of 1-2.
LoqiUsing rel=me on a hyperlink indicates that its destination represents the same person or entity as the current page, which is a key building-block of web-sign-in and IndieAuth https://indieweb.org/rel-me
[tantek]jacky, yeah, we kinda hit a local maxima back in the ~2008-2009 era with "social network portability", and the conversations were unfortunately rebranded and hijacked to be focused on *the* social graph, as if we had to redo everything all over again
[tantek]instead it resulted in open effort stagnating (nothing open benefited from the phrase "social graph"), and dominant silos gaining more and more default acceptance as the home for people's social networks (primarily FB and Twitter)
jamietanna1 For media-endpoint queries, are they expected to be only to the separate media-endpoint or can they also be to the micropub endpoint if no media-endpoint is advertised?
[schmarty] jamietanna: that language is for clients that need to upload files. if there's no Media Endpoint, file data can be sent to the Micropub endpoint in a multipart POST
jamietanna It's also handy sharing on ie GitHub so folks can go to the live url and see what's there instead of only sharing the JSON
[KevinMarks] Leaking your syndication targets could reveal your sock puppets
[tantek] https://en.wikipedia.org/wiki/Social_graph assigns it to Zuck at 2007 F8 conf
jacky yeah I'm looking at https://bradfitz.com/social-graph-problem/social-graph.pdf
Loqi Using rel=me on a hyperlink indicates that its destination represents the same person or entity as the current page, which is a key building-block of web-sign-in and IndieAuth https://indieweb.org/rel-me