angelo, sp1ff, sebbu, jacky, gRegor, strugee, jeremycherfas, cjw6k and mro joined the channel
#capjamesg[tantek] Can you prefill contents via a webaction?
#capjamesgI have set up the webaction.js and indieconfig.js scripts as per the wiki.
#capjamesgWhen you click on a poll option, you are prompted to vote with your personal website according to whatever web+action handler you have configured.
#capjamesgIt will only work if you have a web+action handler set up right now.
#capjamesgIn the long term, I would have a fallback link to something like Twitter.
#capjamesgIf you send a Webmention to the page containing any of the vote options, your vote will be counted.
mro, mro_, gxt, mro__, jacky, [pfefferle] and jacky_ joined the channel
#[echo]hey, i was reading the WM article on indieweb and looking at implementation, and question: how is spam being dealt with? i know on `WP.com` we deal with pingback spam, and this looks like a potential vector.
#LoqiThe Vouch protocol is an anti-spam extension to Webmention that can also be used to customize how your site accepts responses from different audiences https://indieweb.org/Vouch
#jackylots of ideas that I've considered folding into my wm service in there (hashcash, for example)
#[echo]i love the literal photo of a whiteboard in there
#[aciccarello]haha, usually. I was thinking the receiver could differentiate, but then I remembered Vouch makes the sender look up the vouch and so they wouldn't know if it's per domain or path.
#jackylike depending on how you parse an 'identity', it could be anything (by UUID, some marker on a page, etc)
#[echo]the identity link redirects to `personal-domain`, so the docs should be updated maybe?
#[KevinMarks]subdomain works OK, which suits tumblr and blogspot etc as well; if you have folderpath for users then you need to be a bit more careful yes.
#jackyah for some reason, I thought you meant on /Vouch
#[echo]i have no idea if we’d want to pursue subdomain on tumblr, which is why i’m being cautious
#jackyfor example, with Lighthouse, I resolve an 'identity' by fetching the author of the incoming content being sent via webmention
mro joined the channel
#jackythat could be in a number of ways (ideally /representative-hcard, reading things like rel=author then falling back to the authority part of the incoming URL)
#[KevinMarks]I thought all tumblr accounts were both subdomains and paths?
#[echo]right- so that’s because `*.tumblr.com` or a custom domain you have is driven by your theme, which is mostly arbitrary code. that’s what the GH repo code is
#[echo]but the internal www space is driven by our React frontend and SSR, so we don’t put canonical there it seems. we could certainly add that- i’ll have to make a ticket
#jacky(the former would hint that the latter is my _actual_ representative page)
#[echo]yeah my thinking is that we’d want a set of URIs to point to a specific blog identity. that can either be the internal Tumblr ID of `t:XXXX` which is effectively a stable ID, or the blog name which is semi-stable
#[Scott_Jack]Ooh bummer I used to keep my personal site on Tumblr and loved that it was a subdomain, not just a path
#[echo][Scott_Jack] we’re still keeping subdomains! we’re talking internally about redirecting users who never customized their blog theme to the www. path though
#[Scott_Jack](sorry, quick reaction to reading 'trying to move people toward www.tumblr' haha)
#[echo]but from a technical perspective, given cross-domain issues actually _interacting_ with Tumblr is really hard. that doesn’t affect something like WMs, except in the fact that we have very limited engineering resources and maintaining two completely different code paths is really difficult
#[echo]*interacting with Tumblr subdomains (or custom domains!)
#[KevinMarks]by default webmention has the 'twitter @ reply' problems - presumably tumblr already has an equivalent of unwanted replies and what gets shown to whom?
#[echo]you mean spammy notifications? yes, we have internal systems that try to block those
#[echo]i’m less concerned about us for spam tbh- we can leverage existing code to deal with this, it’s just another form of pingback spam. i’m more interested/concerned about self-hosted folks that don’t have the big-picture data we get
#[echo]so it’d be a great fit for anti-spam on Mastodon
[arush] joined the channel
#[echo]well Akismet is mostly effective on comment spam. short blocks of text
#[echo]my team runs our internal tool to fight other stuff, which we call (originally enough) Bkismet
#[KevinMarks]It is a big messy problem, always. You need allowlists and blocklists and to decide how to construct them and what you do by default and so on. As you say, you only tend to need it once you are a target.
#[echo]well Akismet is mostly effective on comment spam. short blocks of text
#capjamesgWe haven't seen a large-scale spam issue with Webmention to the extent I understand so we'll likely learn a lot when we start to see real world vectors.
#capjamesgVouch is promising but I'm curious about ways to make it intuitive for users.
#capjamesg+1 [echo] on leveraging what you already have with spam! :D
#Loqi[pluginkollektiv] Description
Say Goodbye to comment spam on your WordPress blog or website. Antispam Bee blocks spam comments and trackbacks effectively, without captchas and without sending personal information to third party services. It is free of charge, ad-free...
#jackythis looks good as some good counter measures to take