#dev 2022-06-01

2022-06-01 UTC
angelo, sp1ff, sebbu, jacky, gRegor, strugee, jeremycherfas, cjw6k and mro joined the channel
# 06:59 
capjamesg [tantek] Can you prefill contents via a webaction?
# 07:00 
capjamesg I have set up the webaction.js and indieconfig.js scripts as per the wiki.
# 07:00 
capjamesg When you click on a poll option, you are prompted to vote with your personal website according to whatever web+action handler you have configured.
# 07:00 
capjamesg But, I need a way to prefill an option.
# 08:06 
[tantek] we're in new territory with poll option web actions, so this will take some experimentation
# 08:07 
[tantek] are there examples of reply or quote web actions with prefilled text? either IndieWeb examples or proprietary silo examples?
gRegor joined the channel
# 08:59 
capjamesg [tantek] I like new territory :)
mro joined the channel
# 08:59 
capjamesg I am going to see if I can just get a reply web action working first.
# 08:59 
capjamesg I haven't seen any such examples. I'd love to know anyone who has worked on this before!
# 08:59 
capjamesg The closest relation to this of which I can think is mailto: links with their ?subject= and ?body= parameters.
# 09:00 
capjamesg mailto:readers@jamesg.blog?subject=Coffee would prefill the subject line in an email reader
# 09:00 
capjamesg Could we do something similar with a web+action:// link as described on the wiki?
# 09:01 
[tantek] capjamesg, I have reply web actions on my post permalinks, but without any prefilled content
# 09:02 
capjamesg We do have the docs on how to publish: https://indieweb.org/indie-config#How_to_publish
# 09:02 
capjamesg But they don't specify prefilled answers.
# 09:02 
capjamesg Ideally, the answer would be editable by the user, but with the default.
# 09:11 
capjamesg Does Quill allow prefilling via query string items?
mro and vladimyr joined the channel
# 10:29 
capjamesg [tantek] https://jamesg.blog/assets/poll_demo.mov
# 10:29 
capjamesg I have got a version working with webactions.
mro joined the channel
# 10:45 
[tantek] capjamesg++ amazing! great proof of concept!
# 10:45 
Loqi capjamesg has 35 karma in this channel over the last year (87 in all channels)
tetov-irc joined the channel
# 10:55 
capjamesg Next step is to make it prettier and then after that document how everything works.
mro and chee joined the channel
# 11:56 
capjamesg Here's a more polished version of the PoC: https://jamesg.blog/poll/
# 11:56 
capjamesg It will only work if you have a web+action handler set up right now.
# 11:57 
capjamesg In the long term, I would have a fallback link to something like Twitter.
# 12:04 
capjamesg If you send a Webmention to the page containing any of the vote options, your vote will be counted.
mro, mro_, gxt, mro__, jacky, [pfefferle] and jacky_ joined the channel
# 14:13 
[echo] hey, i was reading the WM article on indieweb and looking at implementation, and question: how is spam being dealt with? i know on `WP.com` we deal with pingback spam, and this looks like a potential vector.
# 14:14 
[echo] *another potential vector
# 14:18 
jacky [echo]: there's a few ideas on how to go about it (since spam hasn't been a _pressing_ issue yet)
# 14:18 
jacky right now, Vouch seems to be the most viable approach
# 14:18 
jacky what is Vouch
# 14:18 
Loqi The Vouch protocol is an anti-spam extension to Webmention that can also be used to customize how your site accepts responses from different audiences https://indieweb.org/Vouch
# 14:19 
jacky lots of ideas that I've considered folding into my wm service in there (hashcash, for example)
# 14:20 
[echo] i love the literal photo of a whiteboard in there
# 14:20 
jacky lol!
# 14:20 
[echo] okay- and this is purely per-domain? it doesn’t seem to handle multiple blogs per domain
# 14:21 
[aciccarello] I think it's per identity
# 14:21 
[echo] what is identity
# 14:21 
Loqi A personal domain is a domain name that you personally own, control, and use to represent yourself on the internet https://indieweb.org/identity
# 14:21 
[echo] so a domain name lollll
# 14:25 
jacky an identity doesn't have to be a domain
# 14:25 
[aciccarello] haha, usually. I was thinking the receiver could differentiate, but then I remembered Vouch makes the sender look up the vouch and so they wouldn't know if it's per domain or path.
# 14:25 
jacky like depending on how you parse an 'identity', it could be anything (by UUID, some marker on a page, etc)
# 14:25 
[echo] the identity link redirects to `personal-domain`, so the docs should be updated maybe?
# 14:26 
[KevinMarks] subdomain works OK, which suits tumblr and blogspot etc as well; if you have folderpath for users then you need to be a bit more careful yes.
# 14:26 
jacky ah for some reason, I thought you meant on /Vouch
# 14:26 
[echo] i have no idea if we’d want to pursue subdomain on tumblr, which is why i’m being cautious
# 14:26 
jacky tbh that heuristic is up to you
# 14:27 
jacky for example, with Lighthouse, I resolve an 'identity' by fetching the author of the incoming content being sent via webmention
mro joined the channel
# 14:28 
jacky that could be in a number of ways (ideally /representative-hcard, reading things like rel=author then falling back to the authority part of the incoming URL)
# 14:28 
[KevinMarks] I thought all tumblr accounts were both subdomains and paths?
# 14:28 
jacky https://www.tumblr.com/blog/view/jackyalcine + https://jackyalcine.tumblr.com/ ?
# 14:29 
jacky was speaking generally, didn't know this was an ask specific to Tumblr
# 14:29 
[echo] yes, but the subdomain code is janky and not really maintained. it’s more an issue for mf2, but our API isn’t there either
# 14:29 
[KevinMarks] https://indieweb-test.tumblr.com/  and  https://www.tumblr.com/blog/view/indieweb-test , but I assume the subdomain is canonical
# 14:29 
[echo] it’s a general ask, but everything i talk about has a Tumblr/WP-slant 🙂
# 14:30 
[echo] [KevinMarks] i don’t really know! like in general we are trying to move folks to the www.tumblr part
# 14:32 
[KevinMarks] that seems a shame from a broader PoV - how does it work with custom domains? https://www.tumblr.com/blog/view/kevinmarks vs kevinmarks.tumblr.com vs https://kevinmarks.tumblelog.xyz/
# 14:34 
[KevinMarks] I see <link rel="canonical" href="https://indieweb-test.tumblr.com" /> on the domain version but not the web version. Hm
# 14:36 
[echo] [KevinMarks] i’m pretty sure all versions are on the web- you mean the www space?
# 14:37 
[KevinMarks] yes, sorry
# 14:38 
[echo] right- so that’s because `*.tumblr.com` or a custom domain you have is driven by your theme, which is mostly arbitrary code. that’s what the GH repo code is
# 14:39 
[echo] (the GH repo = https://github.com/indieweb/tumblr)
# 14:39 
Loqi [indieweb] tumblr: workspace to make Tumblr more indieweb friendly 
# 14:39 
[echo] so i suspect the theme has a `rel=canonical` in it, with a template tag for your URL
# 14:39 
[echo] i’d have to check though
# 14:40 
[echo] but the internal www space is driven by our React frontend and SSR, so we don’t put canonical there it seems. we could certainly add that- i’ll have to make a ticket
# 14:40 
jacky nice!
# 14:41 
[echo] but the general motivation is that the old themed section is very old (and bad) code
# 14:41 
[echo] like we’re still using Backbone.js for my fellow JS engineer’s context
# 14:41 
[KevinMarks] with a longevity PoV a subdomain feels more permanent than a path in a reader
# 14:42 
[echo] how so? if tumblr goes into the dead sites page, the subdomains are also gonna be gone
# 14:44 
[KevinMarks] well https://www.tumblr.com/blog/ redirecting to /explore makes it feel more volatile
# 14:48 
[echo] i mean so long as we’re a monolith everything is volatile
# 14:49 
[echo] that’s why self-hosted is so important 🙂
# 14:49 
[echo] (or ethical managed hosting)
gRegor and mro joined the channel
# 14:54 
jacky I don't know if it matters too much if like a set of URLs can be bundled internally to map to one 'identity'
# 14:54 
jacky like I'd sometimes expect 'https://jacky.wtf' and 'https://jacky.wtf/about' to both point to me
# 14:54 
jacky (the former would hint that the latter is my _actual_ representative page)
# 14:55 
[echo] yeah my thinking is that we’d want a set of URIs to point to a specific blog identity. that can either be the internal Tumblr ID of `t:XXXX` which is effectively a stable ID, or the blog name which is semi-stable
# 14:55 
[Scott_Jack] Ooh bummer I used to keep my personal site on Tumblr and loved that it was a subdomain, not just a path
# 14:56 
[echo] [Scott_Jack] we’re still keeping subdomains! we’re talking internally about redirecting users who never customized their blog theme to the www. path though
# 14:56 
[Scott_Jack] (sorry, quick reaction to reading 'trying to move people toward www.tumblr' haha)
# 14:56 
[Scott_Jack] gotcha
# 14:57 
[echo] but from a technical perspective, given cross-domain issues actually _interacting_ with Tumblr is really hard. that doesn’t affect something like WMs, except in the fact that we have very limited engineering resources and maintaining two completely different code paths is really difficult
# 14:58 
[echo] *interacting with Tumblr subdomains (or custom domains!)
[schmarty] joined the channel
# 14:59 
[schmarty] Oh no vouch is back
# 15:00 
sknebel lol
mro and gRegor joined the channel
# 15:17 
[KevinMarks] by default webmention has the 'twitter @ reply' problems - presumably tumblr already has an equivalent of unwanted replies and what gets shown to whom?
# 15:19 
[echo] you mean spammy notifications? yes, we have internal systems that try to block those
# 15:19 
[echo] i’m on the team that does that in fact
# 15:19 
[echo] so i’m pretty familiar
# 15:20 
[echo] i’m less concerned about us for spam tbh- we can leverage existing code to deal with this, it’s just another form of pingback spam. i’m more interested/concerned about self-hosted folks that don’t have the big-picture data we get
# 15:22 
[echo] LOL
# 15:22 
[echo] so it’d be a great fit for anti-spam on Mastodon
[arush] joined the channel
# 15:22 
[echo] well Akismet is mostly effective on comment spam. short blocks of text
# 15:23 
[echo] my team runs our internal tool to fight other stuff, which we call (originally enough) Bkismet
# 15:23 
[KevinMarks] It is a big messy problem, always. You need allowlists and blocklists and to decide how to construct them and what you do by default and so on. As you say, you only tend to need it once you are a target.
# 15:23 
[echo] well Akismet is mostly effective on comment spam. short blocks of text
# 15:23 
[KevinMarks] at which point you urgently need it
mro joined the channel
# 15:24 
[echo] yep
# 15:24 
[echo] one thing i’ve been looking at is community-sourced blocklists, such as what blocktogether.org
# 15:25 
[echo] dammit words. what blocktogether.org did
# 15:27 
[KevinMarks] well, you can upsell them akismet…
[tw2113_Slack_], chenghiz_ and [fluffy] joined the channel
# 15:44 
capjamesg +1 in that spam is an evolving issue.
# 15:45 
capjamesg We haven't seen a large-scale spam issue with Webmention to the extent I understand so we'll likely learn a lot when we start to see real world vectors.
# 15:45 
capjamesg Vouch is promising but I'm curious about ways to make it intuitive for users.
# 15:45 
capjamesg +1 [echo] on leveraging what you already have with spam! :D
# 15:46 
petermolnar askismet is a service; there's an offline wordpress plugin, https://wordpress.org/plugins/antispam-bee/ which could be a good source for inspiration
# 15:46 
Loqi [pluginkollektiv] Description
Say Goodbye to comment spam on your WordPress blog or website. Antispam Bee blocks spam comments and trackbacks effectively, without captchas and without sending personal information to third party services. It is free of charge, ad-free...
# 16:04 
jacky this looks good as some good counter measures to take
# 16:11 
[KevinMarks] There is also https://www.blockpartyapp.com/
gRegor joined the channel
# 16:30 
[echo] the idea of paying to not be harassed bothers me on an ethical level, but same tech yes
jacky, Hollie, [jacky], gRegor, mro, [James_Van_Dyne], tetov-irc, mro_ and [chrisaldrich] joined the channel