#dev 2022-07-21

2022-07-21 UTC
# 00:50 
[tantek] blockchain << Criticism: YAGNI even for SSI: 2022-07-08 [https://weh.wtf/ssi.html SSI-on-Blockchain is Objectively a Bad Thing]
# 00:50 
Loqi ok, I added "Criticism: YAGNI even for SSI: 2022-07-08 [https://weh.wtf/ssi.html SSI-on-Blockchain is Objectively a Bad Thing]" to the "See Also" section of /blockchain https://indieweb.org/wiki/index.php?diff=82322&oldid=82228 
# 01:18 
superkuh Server side includes on blockchain?
# 01:39 
aaronpk lol
jacky and strugee joined the channel
# 02:15 
[KevinMarks] Overloaded TLA, its Site of Scientific Interest (a kind of nature reserve) too
jacky joined the channel
# 03:22 
vikanezrimaya Good morning IndieWeb! Media endpoint question. When you upload, say, an image to your media endpoint, capable of transcoding images to webp (lossless webp specifically), do you expect the media endpoint to also retain the original upload or only save the converted file?
# 03:22 
vikanezrimaya I'm wondering if I should even retain original image files when transcoding. They'll be essentially wasting space if left unused.
geoffo, gerben and petermolnar joined the channel
# 06:46 
sknebel Matter of personal taste IMHO. I suspect the biggest complaint would be "webp only??" - works for modern Browsers admittedly, but overall 🤷 if you don't want a fallback
gRegorLove_ joined the channel
# 07:55 
vikanezrimaya sknebel: I am a big fan of big images. My screenshots are PNGs of several megabytes, and JPEGs from my phone's camera have ludicrous resolution that is extremely slow to transfer over the internet (believe me, I tried)
# 07:55 
vikanezrimaya webp is my only salvation, as it seems to be more efficient than both of these formats
petermolnar, geoffo, gxt, mro_, superkuh and tetov-irc joined the channel
# 11:55 
vikanezrimaya I just had a small epiphany about IndieAuth. 1) client_id is always fetched to check redirect_uri; 2) identity provider is allowed to reject any scopes it doesn't like whenever it wants to; 3) IndieAuth allows one to define custom scopes. Ergo, I could make a restricted scope only available to certain clients
# 11:56 
vikanezrimaya Nobody else will be able to get that scope except a certain client - because if they spoof client_id, they won't pass redirect_uri check. And if they ask for it otherwise, the server's not gonna grant it.
mro joined the channel
# 11:57 
vikanezrimaya I'm sure this knowledge could be useful to me somehow.
jacky joined the channel
# 13:02 
callym[m] I'm working on a git-based wiki using indieauth to login - I'm currently storing a map of `email => url` for each user, as git stores the email for each commit, and then the url can be used to fetch the h-card data, but I'm not sure if this is the best/right approach? should I be storing the profile returned from the auth directly, or should I instead be storing a token and asking the endpoint for the profile when I need it?
# 13:03 
callym[m] also am I right in saying that gitea doesn't support indieauth?
superkuh joined the channel
# 13:24 
aaronpk I think there's an open issue for it, you should chime in with support for it!
# 13:24 
vikanezrimaya callym[m]: if you are using IndieAuth solely as an identity provider and not to interact with your user's website, you can forgo requesting a token (though you are free to get one if you want profile updates to be picked up more often than your average user reauthenticates - assuming the newest version of IndieAuth, sending a token scoped to "profile" to the userinfo endpoint will get you a fresh version of the profile). Using email=
# 13:25 
aaronpk Also remember that the email address in git commits has no authentication behind it, anyone can write a git commit with anyone's email, so don't assume that a particular user actually made a git commit by just looking at the email
# 13:25 
vikanezrimaya GitHub, for example, looks users up by emails verified in their profile. It can be very fun to upload repositories with spoofed commit author information, because git itself doesn't check it, and GitHub believes commit attribution from Git.
# 13:25 
aaronpk what is Gitea?
# 13:25 
Loqi Gitea is a site, service, and open source project for code repositories (using git) and issue tracking https://indieweb.org/Gitea
# 13:25 
vikanezrimaya I've never done it, but I've seen others do.
# 13:26 
vikanezrimaya The Go repository is one of the funniest examples of fake commits - you'll have to scroll to the beginning of its history to see the Easter egg.
geoffo, mro, AramZS and jacky joined the channel
# 14:50 
callym[m] I think the being able to commit with any email is fine - the software is in charge of making commits with the email address of the user - if someone else pushes directly to the backing repository with random emails then that's fine I guess
# 14:51 
callym[m] great - just wanted to make sure I wasn't taking the "easy but wrong" way of getting the user data 😄
mro joined the channel
# 14:53 
callym[m] ah there was an issue on the gitea github but it's been closed
# 14:56 
sknebel Yeah. They are now going for forgefed, which might also involve some kind of federated auth? Haven't really looked into it yet
# 15:21 
jacky yeah I've been curious about their approach to auth
# 15:41 
omz13 I've recently made a few changes to toolbox, and the profile parsing code is now a lot better at picking apart the microformats data
# 15:43 
omz13 on a related note, I scraped a lot of homepages, and can now use this corpus for testing
# 15:44 
omz13 and a POC for generating statistics for what is out there in indieweb land
# 15:47 
omz13 on the side, I threw together my own http cache which was almost fun
jacky, alex11 and geoffo joined the channel
# 17:27 
jacky so I'm entering into a interesting problem (for those with channels on their site, this will apply): I want a post in one channel (my livestream updates feed) to be visibility=public but on my main feed, I'd want them to be unlisted
# 17:27 
jacky I'm wondering if anyone has such an issue
# 17:29 
jacky I don't even know how to handle this from a publisher standpoint (the consuming case would be allowing content to appear in two different feeds but with different levels of visibility)
# 17:30 
jacky I could see this being applied for something like a 'main feed' and then one with things like check-ins, photos, etc (to allow for adjustment for 'high volume' feeds0
# 17:35 
[aciccarello] jacky, I haven't implemented channels but I'm also interested in how to approach this. I'm thinking about having separate channels for posts (blogs, notes, photos) and activity (bookmarks, replies). But I've wondered about cross-over content. Like if I want to highlight a reply or bookmark, how would I mark that to appear in the main channel.
# 17:36 
jacky https://github.com/indieweb/micropub-extensions/issues/40 (for more context about the concept of channels)
# 17:37 
Loqi [aaronpk] #40 Channels
# 17:37 
aaronpk jacky: It sounds like you *dont* want it in your main feed, only in the livestream channel
# 17:38 
aaronpk "unlisted" is about whether a post appears in a feed, not about the post's access control
# 17:39 
jacky hmm I guess I'm only seeing 'unlisted' as a way for something to appear in a feed but not to send updates about it appearing in said feed
# 17:39 
jacky (that's how I have my site consider unlisted posts)
# 17:39 
aaronpk Sending updates? Like WebSub?
# 17:39 
jacky if it's unlisted, no WebSub updates would be sent
# 17:39 
jacky yeah
# 17:39 
aaronpk if it's on your main feed then anyone polling the feed will find it, so it's not unlisted
# 17:39 
jacky I _guess_ that kind of falls apart if someone is polling
# 17:39 
jacky lol
# 17:40 
jacky hm okay then I guess I could just avoid posting it to the main feed hmm
# 17:40 
jacky going to think on this more
# 17:40 
jacky I'm partly looking to automate part of how I 'go live' and keep a livestream journal and this want to separate where posts appeared came up for me
# 17:41 
aaronpk "Unlisted" aka "not in a list"
# 17:41 
aaronpk websub is an optimization of delivering updates to a list
angelo, gxt and jacky joined the channel
# 18:59 
jacky okay ths is giving me more space to think on this
# 18:59 
jacky tbh it's really me not wanting to 'duplicate' content
# 19:00 
jacky will write out the whole flow on the wiki and point to what he'll attempt to use
jacky joined the channel
# 19:32 
jacky https://indieweb.org/User:Jacky.wtf#Automating_Communication_with_Livestreaming is a quick jist
# 19:32 
jacky gist? I don't know lol
jacky and gxt joined the channel
# 21:18 
xyzzydev[m] this is something I have never worked on - video hosting and live streaming and  from my understanding they are very costly from a hosting perspective. while I am aware of webtorrents that can alleviate some hosting bandwidth, what are the bandwidth metrics and things to keep in mind while of hosting some 100 personal videos from a self-hosting standpoint ? lets say 1 video has lots of traffic, how do you plan for it ?
# 21:20 
xyzzydev[m] one advantage of central systems like youtube is that it can probably save costs to host so many videos at a time i.e each individual user to self-host could probably cost a whole lot more than individuals sharing a single platform like youtube
# 21:21 
xyzzydev[m] s/of//
jacky joined the channel
# 21:40 
jacky I have no idea tbh
# 21:40 
jacky like I have my instance send the files over to DigitalOcean Spaces
# 21:45 
xyzzydev[m] i feel like videos are like the achilles heel of indieweb. once you start thinking of self-hosting videos, it seems like you need a 20$ vps to host even some basic videos
jacky, tetov-irc and gxt joined the channel
# 22:55 
[KevinMarks] If you are happy making your videos creative commons, Internet Archive will host them for you
jacky, gRegor and gxt joined the channel