#dev 2022-11-06

2022-11-06 UTC
#
[snarfed] let me try switching back to URLs and test more
#
[snarfed] sorry
#
aaronpk uhoh
#
aaronpk well it does seem weird to advertise the same key with two different IDs, are you making them match?
#
[snarfed] right now I'm switching back to URLs like we tried earlier
#
aaronpk oh ok
#
aaronpk lol
#
[snarfed] you are right for the non-URL ids though. this was all from blindly trying to get Mastodon interop years ago 😢
#
[snarfed] oh, unrelated, did this regress at some point? https://github.com/aaronpk/Loqi/issues/45
#
Loqi [snarfed] #45 ignore indieweb.social links
#
aaronpk apparently
#
aaronpk oh i blocked RTs from indieweb.social
#
[snarfed] ok URLs seem ok after all
#
[snarfed] at least, the succeeding Accepts are still succeeding, the failing ones are still failing ☹
#
[snarfed] sorry for the runaround
#
aaronpk weiiird
#
aaronpk ok let me double check my following code still works then
#
aaronpk also so i can actually finally follow kongaloosh
#
aaronpk yay it worked!
#
Loqi 😊
#
[snarfed] 🎉
#
aaronpk alright i'm done
#
aaronpk that was a good hackathon day
#
aaronpk more like marathon
#
[snarfed] very!
#
[snarfed] congrats
#
aaronpk sadly most of what i did is on the private side of my site, but at least it will surface as more following interaction with people!
#
[snarfed] Useful BF interop testing! And added paging to the responses page. Small victories
#
barnaby for me it was the second and hopefully last evening of getting distracted from/procrastinating working on my new site via XRay pull requests
#
barnaby not that I’m complaining!
#
barnaby it would be extremely ironic if my twitter app request is rejected and I can’t use the feature I added to XRay, tho xD
#
barnaby I guess I can still use it for github creds
#
IWDiscordGateway <kongaloosh> It works! https://sigmoid.social/@sharky6000/109293462026708146
#
Loqi [Marc Lanctot] @kongaloosh.com test passed
#
[schmarty]1 kongaloosh++
#
Loqi kongaloosh has 2 karma in this channel over the last year (3 in all channels)
#
[schmarty]1 snarfed++ too and also aaronpk++
#
Loqi snarfed has 26 karma in this channel over the last year (52 in all channels)
#
Loqi aaronpk has 32 karma in this channel over the last year (107 in all channels)
#
[schmarty]1 good hackin' today folks
#
IWDiscordGateway <kongaloosh> ❤️ thanks for all the help, gang!
#
IWDiscordGateway <kongaloosh> snarfed++
#
Loqi snarfed has 27 karma in this channel over the last year (53 in all channels)
#
IWDiscordGateway <kongaloosh> aaronpk++
#
Loqi aaronpk has 33 karma in this channel over the last year (108 in all channels)
#
[tantek]1 I still think it's been interesting to see the people pop up on indieweb.social
#
[schmarty]1 after peering down the activitypub rabbit hole enough to know i am not leaping in today, i instead started playing with running my own instance of Meridian (https://latl.ong/) and... it works! It also reminded me how painful getting ruby dependencies installed can be lol
#
GWG It was nice seeing kongaloosh around again
#
[jgarber] [schmarty] I’m available for Ruby assistance if necessary. 😬
#
Loqi jgarber has 3 karma in this channel over the last year (8 in all channels)
#
[schmarty]1 jgarber++ much appreciated. i made it through, just had to remember not to get mad at `bundle install` and summon from the depths my memories of which `libsomethingsomething-dev` would fix it.
#
[jgarber] Ahh, yep, that’s always a “fun” game.
#
[jgarber] Sounds like you made it through, though?
#
[schmarty]1 yep, all set! meridian is pretty much as simple as they come (barest sinatra app that touches a db and has a couple of query endpoints)
#
GWG [schmarty]1: What data did you load into it?
#
[jgarber] I was just looking at that, yeah. I’m not familiar with the project.
#
[schmarty]1 https://download.geofabrik.de/north-america/us-northeast.html cropped using `osmium` to a vague NYC bounding box.
#
GWG I'm still think of loading in my usual haunts and teaching my code to fall back when no results are received
#
[schmarty]1 (i just tried using more direct NYC borough geometry via https://data.cityofnewyork.us/City-Government/Borough-Boundaries/tqmj-j8zm as the limiter but something didn't work. all my nearby venues in manhattan disappeared)
#
[schmarty]1 this was honestly just a fun diversion since if i am gonna work on a checkin client i should be focusing on designing that so i can dig in on the code. i also want to use existing checkins as a primary source before OSM data so we are on similar tracks!
#
[jgarber] Son of a gun, I didn’t realize [manton] was out here writing Ruby. 😂
#
[schmarty]1 it power micro.blog!
#
[schmarty]1 *powers
#
[jgarber] my heart
#
GWG [schmarty]1: How big is New York filewise?
#
[schmarty]1 GWG: the us-northeast pbf i linked you to is 1.4GB. using the meridian-recommended settings to export data in a loose square around NYC results in a ~1.9GB XML file. doing the import and sticking it into mysql results in a ... 13mb mysql data folder 😂
#
GWG So, manageable.
#
@baldbeardbuild For fun, I added webmentions to my @astrobuild blog today. The link below isn't related but you can like, reply, or retweet this tweet to see it in action. Explainer blog post incoming! https://baldbeardedbuilder.com/blog/using-netlify-functions-faunadb-for-short-urls/ (twitter.com/_/status/1589074080497807360)
#
IWDiscordGateway <kongaloosh> It's good to be back!
#
IWDiscordGateway <kongaloosh> I have one more question for [snarfed]:
#
IWDiscordGateway <kongaloosh> Is it possible to make requests to follow people, and have them added to our following list?
#
IWDiscordGateway <kongaloosh> you'd need to be able to sign the request, so it has to go through brid.gy, but I'm not seeing anything in the BF doc (but could be missing something)
#
[snarfed] yes! post an IndieWeb follow and send a webmention to trigger
#
[snarfed] oh wait hmm, maybe not? thought I implemented that, but I'm not seeing it
#
IWDiscordGateway <kongaloosh> oh-ho
#
[snarfed] do you have an example of rendering a remote non-Mastodon profile on a Mastodon instance and seeing its followings?
#
IWDiscordGateway <kongaloosh> no, I can't see my followings, and I don't know of many other remote profiles
#
IWDiscordGateway <kongaloosh> what is an IndieWeb follow?
#
IWDiscordGateway <kongaloosh> ah, I forget how to trigger loqi
#
[snarfed] ok it is possible, eg https://indieweb.social/web/@ash@acegiak.net
#
IWDiscordGateway <kongaloosh> I'm going to hit the hay, but I'll be back tomorrow 🙂
#
[snarfed] I knew I implemented it!
#
[snarfed] it's there, if you post a u-follow-of and trigger with a wm, BF does convert it to AP and deliver it. it's not stored on BF's end though
totertats joined the channel
#
@baldbeardbuild For fun, I added webmentions to my @astrodotbuild blog today. The link below isn't related but you can like, reply, or retweet this tweet to see it in action. (Updates every half hourish) Explainer blog post incoming! https://baldbeardedbuilder.com/blog/using-netlify-functions-faunadb-for-short-urls/ (twitter.com/_/status/1589103024945139712)
#
IWDiscordGateway <kongaloosh> Should I maintain my own “follower list”
#
[snarfed] let's look into it more
#
[snarfed] your use case is...you want them to show up on your profile when it's rendered elsewhere? like eg https://indieweb.social/web/@ash@acegiak.net ?
ash[m], slyduda[m], Xe, AramZ-S[m] and Loqi joined the channel
#
[tantek]1 what is u-follow-of
#
Loqi It looks like we don't have a page for "u-follow-of" yet. Would you like to create it? (Or just say "u-follow-of is ____", a sentence describing the term)
#
[tantek]1 what is follow
#
Loqi follow is a common feature (and often UI button) in silo UIs (like Twitter) that adds updates from that profile (typically a person) to the stream shown in an integrated reader, and sometimes creates a follow post either in the follower's stream ("… followed …" or "… is following …") thus visible to their followers, and/or in the notifications of the user being followed ("… followed you") https://indieweb.org/follow
#
[tantek]1 u-follow-of is an unofficially proposed [[microformats2]] property for linking to a site or profile being followed in a [[follow]] post, inside an [[h-entry]], published by a few IndieWeb sites, and handled by [[Bridgy Fed]].
#
Loqi ok
#
[tantek]1 follow << u-follow-of
#
Loqi ok, I added "[[u-follow-of]]" to the "See Also" section of /follow https://indieweb.org/wiki/index.php?diff=84237&oldid=83950
#
[snarfed] tantek++
#
Loqi tantek has 23 karma in this channel over the last year (73 in all channels)
#
@jaxroam ↩️ The unbroken bridge is #BridgyFed, connecting the two archipelagos of #IndieWeb and #Mastodon. (The htaccess line lets the bridge stand on your site.) This is a good solution, far better than no solution, but still clunky and brittle long-term. https://fed.brid.gy/ (twitter.com/_/status/1589131336727793664)
#
@schnarfed ↩️ Agreed! It's only really for technical power users. Everyone else is better served by plain non-Fed https://brid.gy/ (twitter.com/_/status/1589138777284685824)
#
@dark_kirb The indieauth logo is just an amogus (twitter.com/_/status/1589171475583565825)
#
@webrocker sorry, yet another test. I updated the indie web plugins on my (wordpress) blog, and now this one, Syndication Links by David Shanske, should publish this post to Mastodon and Twitter via http://brid.gy, without me adding markup to the post, but… https://www.webrocker.de/?p=28794 (twitter.com/_/status/1589178486664691712)
#
@webrocker ↩️ Meh. Worked for Twitter, but for Mastodon it failed. http://brid.gy gets 403 responses "error":"This action is outside the authorized scopes" and "Error: Forbidden for url: https://mastodon.social/api/v1/media" errors… sigh (twitter.com/_/status/1589195600469397507)
neceve, barnaby and neceve_ joined the channel
#
jonnybarnes snarfed tried using one of the tokens I got from my database, that worked with cURL, but it gave me the error "error": "unauthorized", "error_description": "No user found with that token"
#
jonnybarnes which I assume is from your end cos its not the token that “Get token” shows me
#
aaronpk well that's a new one... i'm getting a "Request Not Signed" error from a mastodon instance when making a GET request for a user profile
#
aaronpk is that a mastodon setting?
#
aaronpk oh wow it is https://docs.joinmastodon.org/admin/config/#authorized_fetch
#
aaronpk "Mastodon will require HTTP signature authentication on ActivityPub representations of public posts and profiles, which are normally available without any authentication"
#
aaronpk :sigh:
neceve_ joined the channel
#
barnaby if mastodon’s HTTP signature implementation is still not a standard, it’s effectively a “mastodon only” mode
#
barnaby I wonder if RSS feeds also disabled/require signatures on instances with that setting turned on
#
aaronpk it's not a standard and never will be
#
aaronpk the HTTP group at the IETF finally picked up HTTP signatures again and it's almost finalized now
#
aaronpk it looks quite different from mastodon's
#
sknebel is it mastodon only or wider "fediverse only"?
#
barnaby “Not all software in the fediverse can support it fully, in particular some functionality will be broken with Mastodon servers older than 3.0; you lose some useful functionality even with up-to-date servers […]”
#
aaronpk well it's a de-facto standard, as in anyone who wants to interop with mastodon has to follow what they did with http signatures as best they can
#
aaronpk but it's not well documented and has no path to exist as its own standard outside of mastodon at this point
#
Saphire aaronpk: see my little .zshrc for an example implementation :P
#
Saphire barnaby: pleroma requires it for every JSON-LD request iirc
#
aaronpk oh i have an implementation already, actually two. but now i need to turn it on for GET requests too
#
Saphire GET included
#
Saphire Or at least the stuff I've poked so far did
#
Saphire 's why I've made it in first place
#
[KevinMarks]1 so was mastodon.social going js;dr in the 4.0 release notes?
#
sknebel ... look at the release notes and find out? ;)
#
barnaby I don’t see anything about it https://github.com/mastodon/mastodon/releases/tag/v4.0.0rc1
#
aaronpk reading these release notes makes me never want to write software like this lol
#
sknebel barnaby: indirectly, as "Change web UI to work for logged-out users" - "Profiles, posts, and other public pages now use the same interface for logged in and logged out users"
#
sknebel i.e. the "full" JS app now services the public endpoints too
#
barnaby oh okay, there’s no way I would have connected that with loading content with js and removing mf2 support at a glance
#
barnaby anyone feel like raising an issue about the removed mf2 support? not sure if it’s better to make a new issue or comment on https://github.com/mastodon/mastodon/issues/18845
#
Loqi [sjehuda] #18845 h-feed h-entry support
#
aaronpk i suppose that does make things simpler for them going forward
#
aaronpk it's just not really a website anymore, it's a web app
#
sknebel barnaby: It does require enough familarity with it to know what the logged-in app is like, yes
#
Saphire stares
#
Saphire Are they literally copying Twitter now
#
Saphire (tbh seeing the "trending" sidebar had me screaming)
#
IWDiscordGateway <kongaloosh> g'morning 🌞
#
barnaby greetings
#
IWDiscordGateway <kongaloosh> yeah, I think, I want to be able to keep track of who's following me and who I'm following.
#
IWDiscordGateway <kongaloosh> Right now, I'm thinking of making a separate page with u-follow-of entries that I can webmention to let bridgy know to ping the mastodon folks that I'm following them.
#
IWDiscordGateway <kongaloosh> If I look at my webmentions, I can tell who's following me based on 'linked mentions', and just keep track of them.
#
aaronpk that's an interesting question, can you follow people with bridgy fed? or is it only one way?
#
IWDiscordGateway <kongaloosh> From Snarfed: it's there, if you post a u-follow-of and trigger with a wm, BF does convert it to AP and deliver it. it's not stored on BF's end though
#
aaronpk ..and then what?
#
aaronpk when they post something, what happens to the post they send to bridgy?
#
IWDiscordGateway <kongaloosh> I am not sure
#
IWDiscordGateway <kongaloosh> BF implements an inbox, so presumably they go there
#
IWDiscordGateway <kongaloosh> I'm not sure if they get converted to WM and get sent as mentions to my main page.
#
barnaby looks like it ends up trying to send webmentions for all incoming Create activities https://github.com/snarfed/bridgy-fed/blob/main/activitypub.py#L116
#
barnaby and then looking at this, it’ll only forward Create activities for objects with inReplyTo or mention tags https://github.com/snarfed/bridgy-fed/blob/main/common.py#L147
#
barnaby so it looks like BF wouldn’t currently work for subscribing to all of someone’s posts
#
barnaby and following someone via BF is mostly useful for incrementing their follower count and getting replies/mentions. If you want to get all their content you need to subscribe to them separately, e.g. via RSS or (pre-Mastodon 4.0) via mf2 on their feed page
#
sknebel which wont give you follower-only content
#
barnaby yep
#
IWDiscordGateway <kongaloosh> Cool; worth trying to implement follow count 🙂
#
IWDiscordGateway <kongaloosh> Does anyone know if there's a way to track your own "followers" list in BF?
#
barnaby not that I can see, other than tracking follow-of webmentions and keeping track of them yourself
#
barnaby (based on looking up references to Follower from https://github.com/snarfed/bridgy-fed/blob/main/models.py#L130)
#
barnaby I assume they could be queried and listed but I’m not familiar enough with ndb models to tell
#
[snarfed] just waking up now. Right, there's currently no UI or export for BF followers
#
IWDiscordGateway <kongaloosh> I guess I could send out a post and then look at the BF logs to see who it sends the post to 👀
#
IWDiscordGateway <kongaloosh> G’morning 🌞
#
[snarfed] You'd only see instances
#
[snarfed] I'm also curious about the other direction, people you follow. When one if them posts, would you expect BF to deliver it to you somehow?
#
barnaby [snarfed]: from what I can tell, BF does receive Activities from people which BF users follow, it just discards them if they don’t have a target
#
[snarfed] Right! I'm asking what it should do instead
#
[snarfed] In native indieweb, this would be social reader territory
#
barnaby honestly, no idea. it’s hard to consolidate on-the-wire vs fetching content models
#
[snarfed] Yup. I do know the answer isn't webmention, at least
#
IWDiscordGateway <kongaloosh> It’s not “native” but having the option to forward to a local inbox would be cool.
#
IWDiscordGateway <kongaloosh> Like it breaks the WM MF pattern
#
[snarfed] An AP inbox?
#
IWDiscordGateway <kongaloosh> Yeah, that’s what I’m thinking.
#
IWDiscordGateway <kongaloosh> And then the person can do with it what they wish
#
[snarfed] That's definitely outside the BF model
#
IWDiscordGateway <kongaloosh> Without messing up WM
#
IWDiscordGateway <kongaloosh> Yeah.
#
[snarfed] Really we need something a reader could subscribe to
#
IWDiscordGateway <kongaloosh> I just struggle to see how they could be WM
#
[snarfed] Yeah, they aren't
#
[snarfed] The real indieweb conversion would be for BF to convert all posts from your followings to an h-feed that you subscribe to in a reader
#
barnaby being able to give BF an “overflow” endpoint, which it sends all non-WB-compatible activities to would be a stop-gap solution, which would let people benefit from BF while also being able to do *something* with the otherwise-discarded activities if they want
#
barnaby [snarfed]: that’d be great, but would make a lot of extra storage demands of BF, and could result in privacy issues with follower-only content
#
[snarfed] Eh. Hundreds of users, storage isn't a concern
#
[snarfed] And private feeds exist now
#
aaronpk Converting to a h-feed with a secret URL is probably the least effort for everyone
#
aaronpk the other option is how I've been doing it with Aperture, where my site's inbox converts the AP message to micropub and posts it into a channel. That's not described in any standard, but it does use Micropub for it
#
[snarfed] Interesting!
#
[snarfed] But yeah, h-feed
#
[schmarty]1 I'll take it!
#
sknebel or h-feed behind auth and we finally have something that pushes people to put ticket-auth in readers :P
#
aaronpk haha yesss
#
[snarfed] Ticket auth definitely pushes this into "PRs welcome" territory
#
aaronpk 😎
#
barnaby yeah that sounds like the ideal way to bridge AP and indieweb stuff
#
barnaby I must admit I do lean towards preferring signed requests over ticket auth for these use cases, and am curious to see what comes out of the IETF HTTP signatures group, and whether it’s something which could be integrated into indieweb usage easily
#
aaronpk Well it's a building block, it'll require more work to actually use for things
#
[KevinMarks]1 Pre 4.0, each account has an h-feed, so you could subscribe to them individually. That just got broken. This also breaks archive.org for mastodon.
#
aaronpk but it specifies how the crypto works in a way that can be built into curl and other HTTP clients
#
aaronpk to use it, we would need to define how to find and update the signing keys
#
[KevinMarks]1 So that is a major regression worth writing up IMO.
#
aaronpk OAuth/OIDC are also likely going to adopt it and will need to do the same
#
barnaby aaronpk: yeah I imagine it’d shift complexity from “all the moving parts required for ticket auth” to “fetching keys”
#
aaronpk [KevinMarks] I think being hidden from web.archive.org is seen more as a feature
#
aaronpk barnaby: Yeah I think it's promising though! Especially once it gets built into http libraries
#
aaronpk until then, it's painful to implement from scratch 😅 Especially with all the new things that make it general purpose instead of just the one-off that Mastodon did
#
barnaby aaronpk: does it include some provisions for automatically discovering keys, or is that left as an implementation detail?
#
aaronpk I believe you have to provide keys to all the operations
#
aaronpk theres an implementation of the new one around somewhere
#
barnaby okay, so when you want to verify a signed request, you have to go find the public key it was signed with yourself
#
barnaby which on the indieweb could be, say, on a profile h-card
#
aaronpk yeah or in a `<link>` tag
#
aaronpk or as a property on your indieauth server metadata... depending on what it's for
#
aaronpk still not sure which of these makes the most sense yet
#
barnaby I’m trying to find the latest details about it and it is a little confusing
#
aaronpk haha yes
#
aaronpk https://oauth.net/http-signatures/
#
aaronpk this is the latest draft https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-13.html
#
barnaby ah thanks, I vaguely rememberd you having a quick link to it somewhere
neceve joined the channel
#
aaronpk i'm going to try to collect a list of implementations on that oauth.net page once i track them down
#
barnaby okay looks like the HTTP messages signatures spec leaves key discovery up to the implementation https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-13.html#section-3.2-3.5
#
barnaby so if OIDC ends up adopting it, presumably they’ll have to include some method of key discovery?
#
aaronpk so far it's used for one small part of OIDC https://openid.bitbucket.io/fapi/fapi-2_0-message-signing.html#name-http-message-signing
#
barnaby an indieweb approach could be as simple as using the URL for a public key as the keyid parameter, and additionally linking that key from your profile URL with rel-publickey
#
barnaby (or similar)
#
barnaby “NOTE: This specification doesn't specify the exact means by which a Resource Server can retrieve the key for the Client.” — so, apparently not then
#
barnaby or at least, it’s a little vague about it
#
aaronpk oh yeah cause that would be part of client registration which is out of scope
#
barnaby it gives a tantalizing hint about getting keys from JWTs or introspection endpoints without actually specifying anything https://openid.bitbucket.io/fapi/fapi-2_0-message-signing.html#section-2.6.1.2-3
#
sknebel makes some sense to not explicitly require that, since thatd limit the use cases
#
barnaby oh sure, it makes sense for it to be as generic as possible
#
barnaby I’m just a little surprised that there doesn’t seem to be any default/suggested key discovery spec alongside the signature spec, which individual implementations could ignore if they have their own key discovery
#
aaronpk i don't think there is any single thing that makes sense universally
#
aaronpk like with most oauth servers, the client developer goes and registers the client on a website, and would upload or generate a key there, so there's no spec needed
#
aaronpk it's not until you get to the things like dynamic/unregistered clients, or like we're doing, where you need a standard for that
#
barnaby sure. I guess I’m asking for indieauth for web signatures :P
#
aaronpk yep
#
aaronpk there's also some new rumblings of similar looking things within OAuth/OIDC, so i'm going to do my best to make sure there's as much overlap as possible
#
barnaby yeah that’s what I was getting at when I asked about what if anything OIDC had planned for key discovery
[davidmead] joined the channel
#
aaronpk right now there are two new drafts about the concept of unregistered clients, one is on the agenda for this week. if there's interest in that idea, then later they'd need a way to specify the key stuff
#
aaronpk it remains to be seen whether there is any traction there at all :) last time I tried to bring this up I was shot down pretty quickly. but this is not 2015 anymore
#
aaronpk now we have... wallets
#
barnaby …oh
#
aaronpk i almost forgot about drupal!
#
aaronpk https://www.drupal.org/project/activitypub looks like it's been updated a couple days ago too
#
sknebel aaronpk: btw, a "here's oauthy stuff I find interesting right now" is a blog post that would be appreciated. Can't always meet you in random laundromats to get updates on that ;)
#
sknebel because this stuff is impossible to follow from the outside otherwise
#
sknebel and peoples "I was at IETF/RIPE/... and this was interesting" posts are often a good read
#
barnaby +1
#
h4kor[m] The page for implementing IndieAuth seems to be outdated (missing PKCE and indieauth-metadata link). https://indieweb.org/authorization-endpoint
#
h4kor[m] Is it worth rewriting or better to just point to the standard document?
#
h4kor[m]
nertzy joined the channel
#
aaronpk good call
#
aaronpk oh yeah the wiki pages should maybe just get updated to link to the specs? they were mostly useful before there was a spec 😬
#
aaronpk hopefully the spec is clear enough that the wiki shouldn't need to add more context
#
barnaby in my experience the spec works quite well as an implementation guide and having the wiki contradict it just confuses things
#
barnaby so +1 for just linking to the spec, and reserving the wiki for answering specific questions which the spec doesn’t yet cover
#
aaronpk looking at that page real quick, the top of it is useful because it's things that aren't appropriate for the spec, but the whole "how to" section is just stuff that's in the spec but old
#
h4kor[m] I've started with the wiki page and switched to the specs. I found it quiet easy to follow, but realised it was a bit more work because I had to implement all the smaller details, too 😅. The wiki article was a good bait :D
#
aaronpk ok just ripped out all that from that page. feel free to do the same for token endpoint and such
geoffo joined the channel
#
Saphire aaronpk: also indueauth the site doesn't always do pkce it seems?
#
aaronpk indielogin.com should
#
aaronpk indieauth.com is old and needs to go away
#
barnaby IIRC micropub.rocks doesn’t support PKCE yet. might try submitting a PR for that next time I want to procrastinate working on my site
#
aaronpk i *think* that needs special one-off support for it since it doesn't use the indieauth client library. been a while since i checked
#
[jgarber] Say I’m implementing a RelMeAuth flow. I’ve parsed a user’s published `rel=“me”` links, narrowed that list down to supported providers (e.g. GitHub), and verified those provider profiles link back to the user’s website.
#
[jgarber] So, I’ve got a list of valid authenticate-able URLs and can present the user buttons to the supported provider sites. My question is:
#
[jgarber] Do I need to concern myself with _which_ provider the user chooses to authenticate with?
#
[jgarber] My code is using OmniAuth which handles negotiating OAuth _stuff_ and returns a hash with a provider name and details from the provider including nickname, etc.
#
[jgarber] Is it sufficient to use OmniAuth’s data (e.g. `github` as a provider and `jgarber623` as a nickname) and match that against the known list of the user’s validated `rel=“me”` URLSs?
#
GWG I just wonder how we can get old IndieAuth endpoints to update to the latest spec after all this talk.
#
sknebel file bugs, submit patches
neceve_ and [davidmead]1 joined the channel
#
GWG sknebel: Have to determine the targets
#
sknebel sure. stuff that people use they'll notice if it breaks :D
#
GWG So you are saying we should or shouldn't try to break it?
#
@aaronpk ↩️ This is basically what we're doing with Webmentions. It's an old post, but surprisingly relevant all of a sudden: https://aaronparecki.com/2018/06/30/11/your-first-webmention (twitter.com/_/status/1589302610367913984)
#
sknebel GWG: that's indeed a bit tricky, and I think depends on the context. but e.g. implementations that are backwards compatible could still show prompts telling the user that the outdated path was used
#
sknebel or only use backwards-compatible code if prompted to do so
#
@kbravh ↩️ Came here to mention Webmentions! Glad to see a building interest. (twitter.com/_/status/1589308659439439873)
#
KatherineMoss[m] Speaking of Webmentions... I was looking at the Twitter landscape at the moment, and people are hurting the Fediverse and the open web right now with their words; somebody, I think he was one of my DotNet allies, said that "Mastodon" not "The Fediverse" causes more problems than it solves. If we don't set people straight, and firmly as possible, then the Fediverse and the open web will further and further slide out of the
#
KatherineMoss[m] communities grip with enough pile ons.
#
GWG sknebel: I did that for PKCE, maybe I should do that for Metadata
#
KatherineMoss[m] Maybe it makes not a difference at all, but considering we're on a role with the open web, education is good.
mro joined the channel
#
@jlengstorf ↩️ Yeah, I love the spirit of WebMentions but the implementation is too high a bar for many (most?) site owners. But maybe a man investment in UX / tooling makes more sense than trying something net new. (twitter.com/_/status/1589315163525885953)
#
@schnarfed ↩️ The bar may have been higher years ago, but it's pretty low these days! Mature plugins for most popular CMSes, https://webmention.app/, https://webmention.herokuapp.com/, https://webmention.io/, etc. (twitter.com/_/status/1589316783496122368)
mro and nertzy joined the channel
#
[snarfed] Re https://twitter.com/davewiner/status/1589298960132636673 , it's sad. If it was someone else, I'd jump in. But knowing Dave, I don't want to engage at all
#
@davewiner Developers only. Do you know enough about ActivityPub to help document it? I'll write the docs. I'm good at it. I'll ask the questions to get the info from you. I want to put up a simple chat app on the AP network. Open source of course. Node.js. https://github.com/scripting/reallySimpleActivityPub (twitter.com/_/status/1589298960132636673)
#
[snarfed] (also if he went about it differently. demanding labor from other people, even though he's fully experienced and capable of learning AP himself and then writing a tutorial, 😐)
geoffo joined the channel
#
[tantek]1 ^
#
[tantek]1 Going to wait to see how long it takes for folks (anyone) that not only is there nothing “really simple” about AP, but no amount of Q&A/docs has a chance of making it “really simple”
#
IWDiscordGateway <kongaloosh> 💯
#
IWDiscordGateway <kongaloosh> WM was easier to do when I knew nothing about requests; I know how requests work now, and there's just so many different ways to interpret some of the AP stuff (not a spec?!)
gRegor joined the channel
#
[snarfed] It's a spec. It just has one or two parts missing
#
@ih8nickfinding ↩️ PS: This seems relevant https://github.com/mastodon/mastodon/issues/4800#issuecomment-504100941 and there is already some discussion going on how to solve federated authentication. Need to read up on IndieAuth. But I'm confident it will eventually be solved. (twitter.com/_/status/1589347392754954241)
#
aaronpk One of these days I'm going to convince Gargron that IndieAuth is already done and does exactly what he needs in mastodon
#
gRegor Refactoring some indiebookclub code today. Feels good to delete code.
#
@schnarfed ↩️ Agreed! The CMS plugins, eg WordPress's and Drupal's, don't. For even less technical people, we recommend http://micro.blog. Choosing and registering a domain is as easy as choosing a username on Twitter, DNS is automated and invisible (!), webmention support is built in. (twitter.com/_/status/1589353563851206656)
nertzy_ joined the channel
#
sknebel aaronpk: good luck. there certainly is BDFL-thing going on there, and not in the best way (of course with full recognition that it's also an almost impossible task to do in a way that everyone thinks it is the best :D)
geoffo joined the channel
#
AramZ-S[m] aaronpk that would be nice, when I started playing more actively in Mastodon it instantly struck me that it might be a good fit with their model.
gRegorLove_ and geoffo joined the channel
#
[tantek]1 aaronpk, perhaps start with opening an issue (or two!) on Mastodon to add IndieAuth support (IdP and RP, perhaps separate issues), taking the best bits of what you said in https://github.com/mastodon/mastodon/issues/4800 and reformatting much of the rest in FAQ format in order to make it easier to see the summary case and note all questions/misconceptions that people keep repeating in one place
#
Loqi [Sylvhem] #4800 Allow Mastodon to be used as an OpenID provider
#
[tantek]1 [snarfed]++ for trying to answer the Q&A re: RSS/replying and dealing in good faith with some amount of goal post moving
#
Loqi [snarfed] has 28 karma in this channel over the last year (54 in all channels)
#
[tantek]1 from the depths of the posts in #indieweb-meta I thought this was particularly good/insightful for anyone considering building software/services for anyone beyond themselves (which is many people here!) https://medium.com/a-change-is-coming/lessons-from-mastodon-for-independent-social-networks-ae2d4ccf8f72
#
[tantek]1 aside: I would have posted the originally posted link, however "Error establishing a database connection / This either means that the username and password information in your wp-config.php file is incorrect or we can’t contact the database server at localhost. This could mean your host’s database server is down."
barnaby joined the channel
#
[timothy_chambe] ↩️ I can try to help!
geoffo and [eddie] joined the channel
#
[eddie] With a bunch of people moving towards Mastodon, I thought it would be a good time to spin back up Bridgy Fed integration. I was confused when RSS was the only option for the Mastodon profiles I was trying to follow … I knew you all would be in the know. I can’t believe they removed mf2 😞
#
[eddie] Btw hi again 👋
#
[tantek]1 hello and welcome back [eddie]++
#
Loqi [eddie] has 1 karma over the last year
#
[eddie] Aww thanks!
#
[tantek]1 also the dropping of mf2 is a bigger deal, it's the dropping of indexable/crawlable HTML for non-logged in users, e.g. search engines, e.g. your new Mastodon posts won't ever show up in web search (whereas your IndieWeb posts will)
#
IWDiscordGateway <capjamesg> Mastodon dropped mf2?
#
IWDiscordGateway <capjamesg> Why?
#
IWDiscordGateway <jacky> ^ I'm curious about that too
#
[eddie] Dang that’s just horrible all around
#
[eddie] I guess mf2 was really just a side effect of dropping indexable HTML
#
[eddie] Without server-rendered html, mf2 doesnt really do much good
#
[tantek]1 right, that's my understanding
#
barnaby the fact that mf2 was quietly dropped means that there were never tests covering it
#
[tantek]1 it's more of a js;dr problem than a dropping mf2 problem
#
[eddie] Yep that makes sense
#
[tantek]1 barnaby, there were tests, [ben_thatmustbe] contributed them to their regression suite
#
GWG [eddie]: Eddie!!
#
[tantek]1 my guess is that due to the massive rewrite, they also rewrote all the regression tests for those views
#
barnaby so they ignored or deleted them?
#
barnaby yeah could be
#
sknebel or they point at views that arent in use anymore
#
[eddie] Hey GWG! 👋
#
sknebel (I've not dug into it if this is a fixed change or a setting somewhere)
#
sknebel i.e. if this is coming everywhere or if instances choose
#
[tantek]1 sknebel, was there an instance-wide setting for "can be indexed by search engines"? I'd start there
#
sknebel the per-profile setting just set meta-robots tag
#
sknebel and I think otherwise instances set robots.txt
#
[tantek]1 There is some deep irony in the phrase "written out of all this history" and Mastodon's switch to js;dr logged out profile pages and post permalink pages. This is precisely why I pointed out in the js;dr post that such pages/contents are dead to history.
#
[tantek]1 sknebel, perhaps the setting should be "please write me out of all history" to turn off search engine indexing of posts
#
sknebel js;dr and setting meta tags are quite different things
#
rubenwardy mf2 is redundant with rss/atom/jsonfeed :P
#
barnaby lol
#
rubenwardy rss/etc is also much easier to add and has wider support
#
[tantek]1 rubenwardy, the sidefiles are for the most part for read-only interactions, one-way. there's reply extensions to Atom but they're not used much in practice, except in bridges from mf2 h-entry. the mf2 h-feed & h-entry is for two-way interactions, including a variety of responses
#
[tantek]1 what are responses
#
Loqi responses, or interactions, in the context of the indieweb, refer to all the different ways and things people explicitly do to and with others’s posts, from written replies to quick likes, in other words responses = replies + reactions https://indieweb.org/responses,
#
[tantek]1 ^ this is where all the sidefile feed formats basically dropped the ball
#
[tantek]1 RSS is frozen. No one is evolving Atom. JSONFeed has potential.
#
[tantek]1 but yeah, if you don't care about social web use-cases, RSS/Atom work just fine for one-way publishing.
#
rubenwardy you could add an extension to either with author and is-reply-to
#
[tantek]1 Atom already has author. in-reply-to got some uptake in Statusnet / OStatus but that died. The only remaining support that I know are in the tools / bridges built by this community, in Bridgy & Granary
#
[tantek]1 as you say, no one else supports them. however there are plenty of implementations that support consuming mf2 h-entry responses for likes, reposts, bookmarks etc.
#
[tantek]1 in over a decade, Atom/RSS never got anywhere with replies/responses (besides the blip of Statusnet/OStatus), so it's effectively a dead-end too
#
[tantek]1 that being said, adding more backcompat to Atom is not unreasonable, and for that I'd suggest look into AS1/Atom
#
[jgarber] I may have missed this: Did anyone here link to one or more PRs showing the mf2 removals in the Mastodon repo?
#
barnaby [jgarber]: it was part of the front end UI refactor, I think the specific changes are linked in the release notes I linked earlier today
#
[snarfed] rubenwardy btwo since WordPress and a number of other servers include at least mf1 by default, and since mf2 has backcompat, microformats are actually probably supported about as widely in the wild as RSS