#dev 2022-05-13

2022-05-13 UTC
#
jacky but like feels like a /colophon
#
[tantek] who was it that was asking what the problem with .well-known was?
#
[tantek] how about the fact that anyone in the community can create / edit https://indieweb.org/.well-known/security.txt for example
jacky joined the channel
#
jacky lol so I don't know how I didn't test for this
#
jacky but using dates for cursor-based pagination does not work if there's no date to work with
#
jacky (like I've been using `published_at` but my fuzz testing attempt to find posts that didn't have a pubdate and broke it)
#
jacky so now I'm thinking screw it, let's use ID
jacky joined the channel
#
jacky https://slack.engineering/evolving-api-pagination-at-slack/ is giving a bit of a guidance
#
[tantek] gotta pick something for which there's always a date 🙂
#
jacky lol
#
jacky it's in cases where a post is stored as a draft, I don't conventionally store a published_at date for it
#
jacky I guess I could break that rule
#
[tantek] I've started with storing "created" dates for this very reason
jacky, [sebsel] and cybi joined the channel
#
omz13 [tantek] the fact anybody can create https://indieweb.org/.well-known/security.txt does not mean the problem is with .well-known but is clearly more to do with poor application / web server configuration
#
[tantek] I disagree, this is why it's bad architecturally to have such "special paths" mean things
#
omz13 We are never going to agree on this. At some stage you need to point to where a resource is... whether its in a fixed place (link .well-known/...) or via a reference (like a rel link), I know which way I prefer.
mro joined the channel
#
petermolnar That is what meta tags are for
#
petermolnar The whole of .well-know sucks
#
petermolnar It's badly documented, it's random, it's not even standardized format wise
#
petermolnar Same goes for anything.txt
m2m and jamietanna joined the channel
#
jamietanna Snarfed I backfeed step counts from Google Fit, and am planning on adding Hacker News and Lobsters at some point
#
omz13 petermolnar: Stop with the FUD: .well-known is not badly documented and it is standardized per RFC5785 and https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml
#
[KevinMarks] https://twitter.com/RReverser/status/1524715820093431809?s=20&t=2UVDNEXnToBzWmP1FSI0kA
#
@RReverser Ah yes, the Metaverse. https://pbs.twimg.com/media/FSjg9EpX0AEmpWe.jpg (twitter.com/_/status/1524715820093431809)
mro, cybi and [Murray] joined the channel
#
petermolnar omz13: riiight. And it lists all possible .well-known files :P
#
petermolnar it's still a horrible thing, especially to use it.
#
petermolnar eg you host multiple services, say a website and xmpp under the same domain, and you already need quite convoluted .well-known setup to pass a few of those to xmpp and not others
#
petermolnar (yes, I'm actually doing this)
cybi joined the channel
#
petermolnar what is .well-known
#
Loqi well-known is literally the path "/.well-known/" under a domain and used as a standardized location for discovering domain-wide meta-data https://indieweb.org/.well-known
#
petermolnar .well-known << https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml
#
Loqi ok, I added "https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml" to the "See Also" section of /.well-known https://indieweb.org/wiki/index.php?diff=81413&oldid=81411
tetov-irc joined the channel
#
[KevinMarks] A lot of those should be in ./poorly-thought-out instead
#
IWDiscordGateway <capjamesg> 😂
#
petermolnar [KevinMarks]++ for classic british sarcasm
#
Loqi [KevinMarks] has 23 karma in this channel over the last year (51 in all channels)
cybi joined the channel
#
petermolnar is anyone aware of ics to microformat events converter?
Guest4893 joined the channel
#
[KevinMarks] Hm, there is one that goes the other way
mlncn joined the channel
#
[tantek] parsingICS--
#
Loqi parsingICS has -1 karma over the last year
#
petermolnar TIL CSS background-image is not an animateable object, read css transitions don't apply
#
[tantek] how did you expect to animate it? cross-fade between images?
#
petermolnar kinda :/
#
[tantek] aaronpk, re: login vs sign-in, I don't know if this is intentional or inertia because frameworks for sites all have their own "account" assumptions baked in and its too hard to change it
#
petermolnar I know ways around it, I just merely surprised
#
[tantek] or rather it's easier to "just" bolt-on IndieAuth as another sign-up mechanism than to actually do the hardwork of NOT depending on creating a new account etc.
#
aaronpk could be, but getting an email address to have a way to contact the user is definitely useful
#
aaronpk hopefully indieauth can give services everything they need for the simple onboarding case, which is why the latest version includes a way for the service to request the user's email and profile photo and such
#
[tantek] maybe it's because we still need a defined account recovery mechanism?
#
aaronpk that and notifications
#
aaronpk definitely depends on the service though, there are plenty where those are not needed and just the authentication is enough
jacky joined the channel
#
[tantek] right. and what I'm wondering is would better guidance for how to implement "just the authentication" help more services do that rather than the "create an account" default?
#
GWG aaronpk: Is anyone using the profile in a client to your knowledge?
#
aaronpk i don't know yet
#
aaronpk it would be good to help guide people towards more streamlined flows and not treat "log in with X" as just another account signup flow
#
[tantek] yes, that.
#
aaronpk one good example of that i saw is one of the scooter companies, you can download the app and scan the scooter QR and pay all without needing to first go through a signup flow first
jacky and cybi joined the channel
#
jacky !tell Vikasheher[m]: hey, didn't know if you had thoughts/feedback for this https://gitlab.com/maxburon/microformats-parser/-/issues/4
#
Loqi Ok, I'll tell them that when I see them next
jacky, mro and cybi joined the channel
#
jacky is passively hacking in /reacji detection
[jgmac1106] joined the channel
#
[jgmac1106] !mf2 https://jgregorymcverry.com/resume
#
Kaja https://php.microformats.io/?url=https%3A%2F%2Fjgregorymcverry.com%2Fresume
m2m left the channel
#
eb just thought I would share. Cloudflare offers a free netlify alternative with 500 *builds* (not build limits) a month. That's about 16 builds a day, or one a hour. I set up a script to check my indie sources (markdown files, webmentions, etc) for changes every hour. If there is a change it triggers a cloudflare deploy. It's an excellent compromise between static sites and dynamic ones, because changes take less then a hour to sync.
#
eb ~~limits~~ minutes
#
eb The advantage of cloudflare/netlify/etc is they have hundreds of servers and your website is on each. I tested my site in 8 different countries across the world and the average response time was 20ms
#
eb I've reached out to a friend at cloudflare about the possibility of incremental builds and they said it was interesting but from a pricing standpoint it would be different (they have a paid tier with 5k builds a month for 20$)
#
eb Still, I think even as it is it's a good middle ground
#
eb ~~different~~ difficult
#
@eniehack ↩️ WebSubとかWebmentionとか? (twitter.com/_/status/1525149976275189761)
#
@eniehack ↩️ WebmentionはWorkerと鯖が分離されているのが前提だった気がするな……。 (twitter.com/_/status/1525155027483996163)
jacky, mro, cybi and gRegor joined the channel
#
@RubygemsN webmention (6.0.0): A Ruby gem for sending Webmention notifications. https://rubygems.org/gems/webmention (twitter.com/_/status/1525210872452288513)
[jgarber] joined the channel
#
[jgarber] ☝ It’s been a while, but… Hi, everyone. 👋
#
sknebel hi [jgarber] :) welcome back
#
[jgarber] sknebel: Thanks!
#
gRegor o/ [jgarber]
#
[jgarber] This release of the Ruby client adds Vouch support among other new and improved bits.
#
[jgarber] …meaning you can optionally include a Vouch URL when sending one or more webmentions and can optionally include a vouch URL when verifying a received webmention.
jacky joined the channel
#
[jgarber] Not sure how many folks are actively using Vouch these days, but… we’ve got another client library implementation. 😄
#
Loqi jgarber has 1 karma over the last year
#
gRegor jgarber++ nice!
#
[tantek] amazing! [jgarber]++
#
Loqi [jgarber] has 2 karma over the last year
#
[jgarber] Thanks, y'all! Been a while noodling on that release and I'm glad to have it out there.
mro joined the channel
#
[jgarber] Maybe support for private webmentions next? Are folks using that at all?
#
[tantek] I think we need to better define what "private" means in that context
jacky joined the channel
#
[jgarber] “Access controlled” is more specific, for sure: https://indieweb.org/Private-Webmention
jacky and tetov-irc joined the channel
#
[tantek] yeah that should be renamed
#
gRegor what is autoauth
#
Loqi AutoAuth is the working title of an extension to IndieAuth that allows clients to authorize to other servers in the name of their user, without the user being present to confirm each individual authorization flow https://indieweb.org/AutoAuth
#
gRegor what is ticketauth
#
Loqi Ticket Auth is an extension to IndieAuth that enables a publisher to send authorization, known as a ticket, that can be redeemed for an access token https://indieweb.org/ticketauth
#
gRegor I think newer work has been done there than on /private-webmention
#
[jgarber] Ahh, okay, so is it that the docs on the aforementioned private Webmentions page don't reflect current efforts?