#dev 2022-11-08

2022-11-08 UTC
#
barnaby there are 46 examples of /contact in the indiemap data too, although those are likely split between additional profile info and contact forms, and I don’t feel like reviewing all of them manually
#
[snarfed] barnaby++
#
Loqi barnaby has 28 karma in this channel over the last year (45 in all channels)
#
barnaby so IMO the real-world usage of /about indicates that rel=about would be a familiar way of marking up links to expanded h-card pages, but we can come up with a solid proposal for exactly how the same/similar-domain/prefix matching rel-me would work, I think that would be preferable, in order to avoid adding an additional rel value
#
barnaby *if we
gRegorLove_ joined the channel
#
barnaby [snarfed]: I’m trying to make a query to show me all the pages which were *linked to* via rel=[aA]bout, does this look about right? https://console.cloud.google.com/bigquery?sq=464705913036:be3315d7205d4923a49721ca0af3b189&project=api-project-962594101220&ws=!1m5!1m4!1m3!1sapi-project-962594101220!2sbquxjob_69034881_18454a3741f!3sUS
#
barnaby it looks like all usage of those rels in the dataset is from one domain!
lanodan joined the channel
#
[snarfed] barnaby bigquery browser URLs aren't shareable like that, you'll want to save the query as public and then get its link with the Share button
#
barnaby oops sorry
#
barnaby https://console.cloud.google.com/bigquery?sq=464705913036:be3315d7205d4923a49721ca0af3b189
#
[snarfed] here's mine: https://console.cloud.google.com/bigquery?sq=586366768654:4c8ffbf89f284b8ca05046801049df03 , looks like they're all on www.eoghann.com and eoghann.mill-irving.com
#
barnaby ah yep, looks consistent with the results from my query, just more informative
#
barnaby okay, good, looks like there’s zero IRL usage of rel=about for linking to about pages
#
barnaby [snarfed]++ again for the indiemap dataset and query help, it’s extremely useful! I had no idea it was so easy to run these queries over it
#
Loqi [snarfed] has 32 karma in this channel over the last year (58 in all channels)
#
[snarfed] glad to hear it!
#
barnaby heh and both of the rel-author domains are dead :(
#
[snarfed] ah link rot
#
barnaby *rel-about. apparently my brain stops working around 2am
#
@elroyjetson ↩️ Maybe this is the solution? https://fed.brid.gy (twitter.com/_/status/1589786380133335040)
#
[snarfed] maybe
jacky, Seirdy and geoffo joined the channel
#
[tantek]1 more importantly, a bunch of us *are* providing an Atom feed and it's being "shared with mastodon users"
geoffo joined the channel
#
@TechLifeWeb Still working out a few things with Mastodon. Mostly to do with microformats and how http://brid.gy posts my content. This is a test. #indieweb (https://techlifeweb.com/static/Note-2211071810.html) (twitter.com/_/status/1589805938223054850)
jacky, [aciccarello] and gerben joined the channel
#
@lordmatt Has anyone else had Twitter lock newer accounts (as bot accounts) when using http://brid.gy? (twitter.com/_/status/1589852602002350082)
#
@TechLifeWeb ↩️ Worked perfectly Reply to: > Scott Kingery on Twitter: "Still working out a few things with Mastodon. Mostly to do with microformats and how http://brid.gy posts my content. This is a test. #indieweb (https://techlifeweb.com/static/Note-2211071810.html)" / Twitter (https://techlifeweb.com/static/Reply-2211071810.html) (twitter.com/_/status/1589856997499097088)
[aciccarello]1 joined the channel
#
@TechLifeWeb ↩️ That reply didn't go as planned. Reply to: > Scott Kingery on Twitter: "Worked perfectly Reply to: > Scott Kingery on Twitter: "Still working out a few things with Mastodon. Mostly to do with microformats and how http://brid.gy posts my… https://techlifeweb.com/static/Reply-2211072155.html (twitter.com/_/status/1589859566128599040)
geoffo and mro joined the channel
#
[Jamie_Tanna] snarfed looks like I'm getting some retrying webmentions via Mastodon, presumably from when the following didn't quite work - https://mas.to/@snarfed and https://indieweb.social/@jamietanna - not sure if you can see that on your side / know if that's expected?
#
[Jamie_Tanna] Doesn't seem to happen for my other followers
mro and [MiaCrow] joined the channel
#
jonnybarnes Loqi posts stuff here from Twitter based on hashtags right? Wonder if we could do something similar for Mastodon?
jonnybarnes and barnaby joined the channel
#
aaronpk there's no global mastodon search for obvious reasons
#
aaronpk but we _could_ make an indieweb account that follows a bunch of people and then looks for keywords in their posts. not quite the same thing tho
#
sknebel also very much a cultural thing, anything scraping-like is *not* welcome
#
aaronpk yeah
#
aaronpk tho an "indieweb.org" account that follows you wouldn't be scraping, and someone could block it if they want, so might be acceptable?
gRegorLove_ joined the channel
#
sknebel a few days ago someone had the bright idea of "oh hey its possible to build a a fediverse search engine, lets do that". iteration one got shut down after 7 hours
#
aaronpk lol again?
#
aaronpk yeah i dunno if it's actually worth the trouble
#
sknebel relaunched it now with some more considerations made, curious to see how that goes
#
barnaby I wonder if the “fediverse” will end up suffering from it’s apparent culture of not really wanting to be on the web
#
sknebel (main thing was that now they respect robots-tags, which at least mastodon has explicit UI to configure for your profile)
#
barnaby I’ve seen some fairly prolific people on twitter criticising mastodon’s lack of search functionality, and would have pointed out that you don’t need a fediverse-specific search as posts are just web pages, but it looks like that’s less and less the case, by design
#
sknebel not sure it is by design
#
aaronpk i think it is. activitypub by design is very much not "web"
#
sknebel i.e. as I said, indexability for your profile is literally a config option
#
barnaby mastodon not having built-in search functionality is absolutely by design
#
sknebel yeah
#
sknebel but having inbuild search is not being on the web
#
sknebel and it has local search
#
barnaby and presumably some thought went into the implications of the js;dr redesign
#
sknebel (although not all instances have it, probably for a mix of "dont want that" and "dont want to run elasticsearch")
#
sknebel not sure :P
#
sknebel i.e. rss feeds do still exist
#
sknebel the API is often quite open
#
sknebel so I dont think there is a very strong effort to clamp down on stuff
#
aaronpk random question, i'm getting a *lot* of stuff in my activitypub inbox that's in reply to people i follow but from people who I do not follow. why/how is that ending up at my server??
#
kandr3s[m] Mastodon generates an RSS feed for any hashtag by adding ".rss" to the URL - Couldn't Loqi subscribe to #indieweb in a few selected instances?
#
aaronpk as said before, there are technically ways to do it, but whether it's actually a good idea is the question
#
aaronpk also wow there's a lot more results than I thought there would be https://monocle.p3k.io/preview?url=https%3A%2F%2Fmastodon.social%2Ftags%2Findieweb.rss
#
aaronpk oh that's not even just posts from that one server, it's posts that server has seen from any server 😮
#
barnaby yeah, it could work for the moment to just hook Loqi up to that feed and/or the same from indieweb.social and assume that that’ll pick up the majority of indieweb-relevant stuff
#
aaronpk i'm adding that to my reader for now
#
aaronpk still not sure if it's a good idea to pipe it to IRC
#
sknebel aaronpk: not quite salmentions, but that: informing your server not just of posts, but also of context around those posts
#
aaronpk oh so i should be seeing these as replies to the post not as individual posts in my feed
#
aaronpk that makes more sense
#
sknebel yeah, I think mastodon ui would only show them if you a) didnt disable showing them and b) they were from somebody you follow
#
sknebel (show them in feed)
#
aaronpk or if you clicked into the post to see the replies
#
sknebel yeh
#
aaronpk still feels weird that when i click "unfollow" it sends a message to that person
#
aaronpk i feel like you should be able to silently unfollow someone. so more like how websub works really. where you have to continually re-confirm your subscription, and you can just not renew it if you want at some point
#
barnaby that’d make follower counts a little harder to maintain, if you care about such things
#
sknebel either the system has a concept of "a follows b, and this state is known" or it can promise "you cant know if someone unfollows you"
#
sknebel i.e. twitter didnt tell you, but of course there were apps to track it
#
sknebel (with blocks it's arguably worse, and there the "solution" is a social one: if your instance is known to notify users about blocks (vs just enforcing them, which users can of course discover) it'll be removed from the "polite" parts of the fediverse)
#
aaronpk from a websub-like perspective (assuming each user has to fetch your feed with some kind of authentication rather than the all-public hub-centric model) the "follower count" is the number of users who have fetched your feed within the time interval that you require they re-subscribe
#
aaronpk websub requires renewing your subscription every X seconds as defined by the hub, so if someone just stopped renewing the subscription you would just stop counting them as a subscriber
#
aaronpk random thing i just realized, this push-vs-poll thing is also coming up in the SCIM spec. SCIM is about syncing lists of users and groups between different software (like your HR system syncing the list of employees to Slack to auto-create users and such). there's a debate about whether this should happen via polling for changes or a push-based delivery mechanism
#
aaronpk sounds very familiar
barnaby and [pfefferle] joined the channel
#
sknebel distributed systems are distributed systems, yes ;)
#
aaronpk And apparently these problems are still unsolved
#
sknebel it's tradeoffs
#
sknebel I dont think there is a universal "this is the correct method to sync data" for every use case
[Murray], jacky, [Murray]1 and AramZS joined the channel
#
barnaby has anyone seen silo examples of this anti-phishing consent screen idea? https://indieweb.org/consent_screen#Ideas
#
aaronpk Closest I've seen is "X other users have connected this app" but I forget where
#
barnaby ah yep that’s a good metric in cases where you have access to it
#
barnaby as usual my thinking is mostly driven by indieauth use-cases
#
barnaby hmm it could be possible to implement a similar community-based app approval system using mostly existing infrastructure
#
barnaby it’s quite common on silos for posts to have a “posted via {app}” link
#
aaronpk What is giving credit?
#
Loqi giving credit is a collection of cultural practices related to acknowledging and attributing text, hyperlinks, quotes, utterances to others, typically by name, as a way of recognizing their contribution(s) https://indieweb.org/giving-credit
#
aaronpk https://indieweb.org/giving-credit#Crediting_Applications
#
barnaby if we did the same with our indie posts, marking it up with .u-posted-via.h-app.url (or similar)
#
barnaby then a social reader could keep track of the client ids of the posts made by people we follow
#
barnaby and then show a list of people who’ve posted with that app on the consent screen if we try to authorize it ourselves
#
aaronpk That'd be fun
geoffo joined the channel
#
[snarfed] added per-user pages on Bridgy Fed, eg https://fed.brid.gy/responses/kongaloosh.com
#
[snarfed] (haven't backfilled data though)
#
barnaby the first idea could potentially be expanded to automatically detecting phishing attempts from client_ids using, say, punycode or subdomains for imitation. look through all known client_ids and see if the new client_id looks like it’s trying to imitate one
#
barnaby or just show a warning whenever a client_id containing ascii-imitating punycode is encountered
#
barnaby nice [snarfed]++
#
Loqi [snarfed] has 33 karma in this channel over the last year (59 in all channels)
#
GWG aaronpk: What's the chance I might be able to talk you into https://github.com/aaronpk/OwnYourSwarm/issues/47
#
Loqi [dshanske] #47 Add Category Field in Micropub Post
#
[tantek]1 [snarfed]++ thanks for the user-specific responses page!
#
Loqi [snarfed] has 34 karma in this channel over the last year (60 in all channels)
#
[tantek]1 what is silently unfollow someone
#
Loqi It looks like we don't have a page for "silently unfollow someone" yet. Would you like to create it? (Or just say "silently unfollow someone is ____", a sentence describing the term)
#
[tantek]1 silently unfollow someone is /mute
#
Loqi ok
#
[tantek]1 ^ aaronpk, barnaby
#
barnaby I know what muting is and I suspect aaronpk does too. the discussion was about feeling weird that unfollowing someone in activitypub-land involves actively sending their server a message saying “I unfollowed you”
#
[tantek]1 I'm saying that the user-level feature already exists by another name, regardless of whatever protocol does whatever
#
@cagrimmett Honestly, Mastodon is not the answer. It is a crappier Twitter and I don't expect it to get better. Instead, I think I should spend my time reading more indie blogs and liking/responding via webmentions. I know this isn't a great setup for everyone, but I feel it is right for me. (twitter.com/_/status/1590005736461209600)
#
barnaby ^ huh cagrummett works on wordpress at automattic
#
[tw2113_Slack_] “I don’t have a newsletter, subscribe to my RSS feed.” hahaha
#
Loqi rofl
#
[tw2113_Slack_] i don’t expect any mix of mastodons to replace twitter, but it’s also not trying to do that themselves. Everyone just thinks that because the ui/behavior is similar.
#
aaronpk i wasn't saying the user feature didn't have a name...
#
barnaby yeah we were discussing protocol-level details and their emotional consequences. in activitypub-land there is a practical difference between unfollowing someone and muting them
#
aaronpk that's also why i posted it in #indieweb-dev and not #indieweb :)
#
@cagrimmett ↩️ https://indieweb.org/Webmention (twitter.com/_/status/1590013709669519364)
#
barnaby [tantek]1: re you noting AP/mastodon’s regression vs atom/rss wrt fetching past content when you follow someone, here’s a gh issue discussing it, in case you’re interested/want to reference it somewhere https://github.com/mastodon/mastodon/issues/1547
#
Loqi [valentinp72] #1547 Previous toots not loading
#
barnaby with the reasoning that “that’s just how federation works”… hmm
#
aaronpk i feel like loading the most recent X posts would go a long way to not looking so broken
#
[tantek]1 "that's just the way (insert plumbing / jargon) works" is never an excuse for poor UX. fix the plumbing
#
barnaby yep, absolutely. found it via this tw thread documenting some UX surprises from a new user https://twitter.com/stevehunt4hiop/status/1589913026832236545
#
@stevehunt4hiop Here is another surprise. If you follow someone on another instance, you will not get access to their previous posts, unless it so happens that they were already being federated to your instance. Your instance will start to collect their new activity but will never go back... (twitter.com/_/status/1589913026832236545)
#
[tantek]1 barnaby, the context was getting inbox deliveries from accounts you DID NOT follow, and thus reasoning about "unfollow" is the wrong approach, because technically that should be a no-op in a protocol where you're not already following them, hence my point that /mute is the answer there
#
aaronpk i think those were two different discussions?
#
barnaby that was my impression too
#
aaronpk i was specfically commenting on the fact that in order to unfollow someone i was previously following, i have to actually send a message to them that says i want to unfollow them
#
aaronpk yes, i could write something that tells my server to drop their messages on the floor so i can silently ignore them, but that's not really a scalable solution
#
[tantek]1 ActivityPub << Limitation: upon "[[follow]]ing" someone, you don’t see their recent/past posts, unlike the UX of feed readers, Podcast apps, literally every other UX where you follow someone and immediately see a list of the recent posts / episodes / published content. https://twitter.com/stevehunt4hiop/status/1589913026832236545 see related issue: https://github.com/mastodon/mastodon/issues/1547
#
@stevehunt4hiop Here is another surprise. If you follow someone on another instance, you will not get access to their previous posts, unless it so happens that they were already being federated to your instance. Your instance will start to collect their new activity but will never go back... (twitter.com/_/status/1589913026832236545)
#
Loqi ok, I added "Limitation: upon "[[follow]]ing" someone, you don’t see their recent/past posts, unlike the UX of feed readers, Podcast apps, literally every other UX where you follow someone and immediately see a list of the recent posts / episodes / published content. https://twitter.com/stevehunt4hiop/status/1589913026832236545 see related issue: https://github.com/mastodon/mastodon/issues/1547" to the "See Also" section of /ActivityPub https://indieweb.org/wiki/index.php?diff=84294&oldid=84242
#
[tantek]1 I suppose "newsletters" are like AP in that respect, where when you subscribe to a newsletter, it's not like you're emailed the most recent N newsletters, you only get new messages
#
aaronpk true
jacky and mro joined the channel
#
aaronpk what is a permalink?
#
Loqi A permalink is a URL which typically represents and retrieves a single post (also explicitly called a post permalink) https://indieweb.org/Permalink,
#
aaronpk permalink << Twitter introduced permalinks for tweets in 2006 https://mastodon.cloud/@vacapinta/109309183030156032
#
Loqi ok, I added "Twitter introduced permalinks for tweets in 2006 https://mastodon.cloud/@vacapinta/109309183030156032" to the "See Also" section of /permalink https://indieweb.org/wiki/index.php?diff=84295&oldid=80492
#
@typelogdev Excited about webmentions and RSS (twitter.com/_/status/1590021694277636096)
#
[tantek]1 really? I don't remember Twitter not having permalinks. perhaps because I joined once they did?
#
aaronpk i joined in 2007
#
aaronpk september 2007 apparently
#
aaronpk (then 6 months later wanted to change my username and didn't realize you could just... do that, and instead i made a new account)
#
[snarfed] they did the #! thing for a while?
#
aaronpk that was way later
#
barnaby aaronpk: what was your original username?
#
aaronpk not telling :P
#
aaronpk but I have since renamed that one to https://twitter.com/aaronp and locked it
#
barnaby awww no juicy aaronpk lore? ;)
#
aaronpk wow i think my old username is finally deleted from the internet. it was my AIM username too
#
Saphire Wish I could say that x.x
#
barnaby yeah I’m still rocking the stupid domain name I bought as a 13yo xD
#
[tw2113_Slack_] what domain? i missed it if you shared earlier
#
barnaby waterpigs.co.uk, been my personal site since forever
#
[tw2113_Slack_] good one
#
[tw2113_Slack_] my oldest/longest is still michaelbox.net
#
@kn_wler ↩️ Please invest in accessibility from the get go. Don’t make it an afterthought. Also, consider making it an open platform that supports Webmentions. (twitter.com/_/status/1590040335195213824)
#
[Murray]1 My longest-owned domain name has never been used 😂 😭
#
[KevinMarks]1 The hashtag search on Mastodon is across the full federated feed on the instance, so it's not just looking in the people on that instance but the union of their follows, so searching the big instance will get a fairly good approximation to the whole thing.
[benatwork] joined the channel
#
[benatwork] just realized I've owned a domain for 21 years that I don't use at all. an english word and everything. I should put something there
t0nic joined the channel
#
@typelogdev ↩️ Maybe? More like share the social instead of keeping it for ourselves? Things like RSS and webmentions. (twitter.com/_/status/1590064833164349440)
#
[KevinMarks]1 Also, per the chatty mastodon protocol thing, I think it caches images locally by default too, so you can end up with a lot of traffic and storage use if someone follows an image heavy feed
#
t0nic @barnaby your cert has expired on waterpigs.co.uk
#
barnaby t0nic: thanks, fixing it now! my webhost finally started offering unlimited free LE certs, so I was waiting for my manually-updated ones to expire before changing over
AramZS joined the channel
#
barnaby I had a whole PHP script which would automatically update my old LE certs and then send me an encrypted email with the new cert and key in, but I still had to manually copy that into the web admin UI for ~10 domains
#
barnaby as managed lifetime LE certs used to cost 15€ per *sub*domain, which was too steep for me, knowing that they cost nothing
#
barnaby I kept on pestering the host to offer unlimited managed certs on premium plans, so I’m glad they finally did!
#
barnaby it was that change which finally prompted me to put my affiliate link for my hosting company on my homepage as part of my data disclosure. lack of unlimited free TLS certs was the only thing I was really dissatisfied with from them so far
#
[KevinMarks]1 I'm doing the quarterly manual update of LE certs for a client site at the moment (it's only visible to chosen IP addresses, so certbot can't really check it, so manual DNS challenges it is)
#
sebbu i remember the /.xell-known/acme-challenge/* for google for indexing :D
#
[schmarty]1 automatic DNS challenges are now part of the certbot tool which is exciting.
#
barnaby [snarfed]: the access_token parameters are required for all granary twitter requests, right, even for public tweets? are they long-lived? can I safely put them in a config file and reuse them for many requests without re-authorizing with twitter?
#
[schmarty]1 (i use a hacked-up solution with acme.sh + plugins to do automated DNS challenges for letsencrypt on some non-public servers for work and am excited to switch back to certbot)
#
barnaby when I remove the access token parameters from the query in the sandbox UI it still runs the query just fine, but when I open the generated query URL it complains about not having access token parameters
#
[snarfed] barnaby yes, token etc are required for twitter. not sure about their lifetime, I can look
#
[snarfed] I believe they don't expire
#
barnaby okay, for the moment I’ll store the ones I have now, and see what happens
#
barnaby now that twitter rejected my API access request I’m relying on granary.io for getting reply contexts
#
[snarfed] I don't see that sandbox UI behavior though, if I remove the token and secret and click GET, it 403s
[benatwork] joined the channel
#
barnaby huh, interesting. for me it works fine, and the generated GET URL doesn’t have those parameters either, so it doesn’t look like they’re being added silently by the backend
#
[snarfed] odd
#
rubenwardy This tool doesn't appear to find my syndicated copies, I suspect it's because I have rel="nofollow syndication" rather than just rel="syndication"
#
rubenwardy https://indiewebify.me/validate-h-entry/?url=https%3A%2F%2Fblog.rubenwardy.com%2F2022%2F10%2F22%2FMinetest-mods-app%2F
#
rubenwardy mf2 tools find it though
#
barnaby rubenwardy: I think the h-entry tester is looking for the syndication properties on the h-entry (from links with u-syndication classname) it found rather than rel-syndication links, as it’s for testing the h-entry markup and the rel links are a slightly different thing
#
barnaby it would be a good idea to add rel-syndication checking to the tester though, and surface those links, suggesting to add u-syndication to them if not found on the h-entry itself. I’ll raise an issue for that
#
rubenwardy ahhh, right, it's outside the h-entry
#
barnaby ah I see, they’re already marked up with u-syndication, jsut not child elements of the h-entry. That’d be another good feature for indiewebify.me actually, looking for microformats classnames outside of the root and prompting the user to move them (or the root classname)
#
barnaby rubenwardy++ for the useful usability testing data ;)
#
Loqi rubenwardy has 1 karma in this channel over the last year (2 in all channels)
#
rubenwardy ok, that fixed it :)
#
barnaby yay!
#
Loqi 😊
AramZS joined the channel
#
barnaby looking over indiewebify.me makes me want to work on it again, but I really gotta get the new version of my site working before I continue procrastinating on community projects
#
[KevinMarks]1 wekk, if you use it to test your new site…
#
barnaby [KevinMarks]1: the stuff it tests is all simple markup that I can do correctly in my sleep! I mostly want to make it better and more useful for other people
#
@m_eiman ↩️ PRs are better than comments, possibly webmentions (moderated, of course)? (twitter.com/_/status/1590088378900680704)
geoffo joined the channel
#
[schmarty]1 gRegor++ for the new release of indieauth-client-php!!
#
Loqi gRegor has 15 karma in this channel over the last year (70 in all channels)
#
gRegor \o/
#
sebbu oh
#
sebbu i'll need to check if i need to update my copy of selfauth and php-mintoken
#
barnaby gRegor++ good to see wider support for indieauth-metadata discovery!
#
Loqi gRegor has 16 karma in this channel over the last year (71 in all channels)
#
gRegor Aye. indiebookclub is going to show a notice if your site doesn't have the metadata endpoint, emphasizing the app still works, but might want to update your IndieAuth or contact the developer
#
barnaby great, definitely a good plan to gently nudge people towards updating their indieauth implementations
#
sebbu Zegnat, ^
#
gRegor what is selfauth
#
Loqi selfauth is a single user authorization endpoint written as single-file PHP without a database https://indieweb.org/selfauth
#
gRegor Probably fairly easy to wrap that in the indieauth metadata endpoint. A separate PHP file could set up an array of the metadata and output it as JSON. Then add a <link rel="indieauth-metadata"> to that PHP file.
#
barnaby discovery is currently out of scope for taproot/indieauth, but I added the metadata endpoint to the examples and the example app, so if people base their implementations off that it’ll be up to date
#
[Jamie_Tanna] barnaby I believe jacky has been doing some interesting things around "x has previously used this app" and other things in the indieauth consent screen
#
barnaby oh cool, good to know, I’ll ask them when I next see them
#
[Jamie_Tanna] https://indieweb.org/Sele for more info and links out to the project
[jacky] joined the channel
#
[jacky] what is Fortress
#
Loqi Fortress is an IndieAuth provider and consumer service that allows one to have drop-in support to use their site as an identity on the Web https://indieweb.org/Fortress
#
[jacky] well lol
#
[jacky] ah yeah so that has _some_ looks of a consent screen
#
[jacky] I think I had images before but I can upload some in the near future!
#
barnaby [jacky] “Per-site app usage reporting, Reviewing apps used, Shareable as a h-feed to help promote apps” on /Sele sounds very interesting and similar to the ideas I drafted here https://indieweb.org/consent_screen#Ideas, would be interested in your thoughts on them, and screenshots of existing UI examples if you’ve already implemented something similar
#
barnaby I think there are plenty of interesting ways we can combat the potential for phishing attacks which comes with using public oauth client apps
#
sebbu [Jamie_Tanna]++, the indieauth endpoint could keep track of all successful and failed attempt at login (which service, how many times, the date/time of the last 10 attempts)
#
Loqi [Jamie_Tanna] has 4 karma over the last year
#
[jacky] Indeed. A lot of the ideas of the features I have right now are still in development but I think I can do some screenshots and videos of it by running such cases
#
[jacky] I've been using https://playwright.dev/ to write out tests that replicate behaviors I'd want to confirm (like making sure that it finds endpoints, can be setup, etc)
barnaby and geoffo joined the channel
#
barnaby aaronpk: when you get the chance, could you merge https://github.com/aaronpk/XRay/pull/113? should be very quick to review, and I feel a bit bad leaving XRay dev-main with an easily fixable bug, even if it’s not likely to affect anyone yet
#
Loqi [barnabywalters] #113 Used default options for fetching as well as parsing