moose333, [pfefferle], mlncn, jan6, tiim, oxtyped, Zegnat and tbbrown joined the channel
#[benatwork]I did miss / forget this. Will update when I get a chance
btrem joined the channel
#[tantek][benatwork] also — am very interested in collaborating on this *actively* to make more progress on Web Actions. Last time we got to a certain point and it seemed like we lost momentum / people lost interest. Seems like an appropriate time to pick it up where we left off and keep pushing it forward.
#[aciccarello]The follow and RSVP use cases seem suited to a web action. I like the genericness of the web Share API and it already has some significant browser support.
#[aciccarello]As I think about it, I see the value in specific actions even if I'm wary of having visual clutter
#Loqishare is a watered down verb that's used on the "social web" (and other platforms like Google's Android) to mean pretty much any action https://indieweb.org/share
#aaronpkmastodon.technology is 12 days into their shutdown. i've been getting about 1800 requests per day from the server, all Delete account activities
#aaronpkthey had about 24k users, so we should be coming up to the end of it
#aaronpkseems weird that i should get a delete request for every single account though, when i clearly haven't ever interacted with all those accounts before
#[snarfed]2aaronpk worse, they're all going to individual inboxes, not shared. last I checked, maybe end of last week, Bridgy Fed had gotten ~500k total so far
#aaronpkalso sure would be nice to have a single "server delete" activity 🤷♂️
#aaronpkbut more significantly, i think this points to another massive problem with a purely push-based protocol
[manton] joined the channel
#[manton]I’ve also been getting thousands of those Mastodon.technology deletes… I had a bug where Micro.blog actually tried to look up users it didn’t know about yet, so it would get a request for the delete, grab the user from Mastodon.technology (which was very slow), then delete it, just slowing everything down.
#[manton]I’m not sure that sending deletes is actually correct for this, though. It means the post history is wiped out. Is that what we want when an instance goes away? Seems wrong to me. The user is not explicitly deleting the account, which would be different.
#[snarfed]2in any case, the hosting instance is the only canonical store of the post history - other instances only store long-lived caches afaik - so arguably post history is getting wiped out no matter what
#[manton]So, I checked my code and actually I don’t clear the posts, just the user. But there’s no way to see the user profile and all their posts.
#[manton]I guess one reason to send all those Deletes out is it limits confusing later, because someone can’t stumble upon an old account that can’t be followed anymore.
#[manton]But I still feel like there’s a difference between a server dying and a user wanting to delete their account.
#[snarfed]2definitely! but those kinds of semantic distinctions still aren't really part of the AP spec's Move activity
#aaronpkIs this behavior something built in to mastodon or did this particular instance hand-roll this mass delete campaign?
#aaronpkI don't think this is causing any problems for me personally, but one optimization is you could check if you know about the actor URL before doing signature verification and just abort if you've never seen the actor before
#aaronpkseems silly to waste a lookup of the key for a message you're going to drop on the floor anyway
strugee_ joined the channel
#gRegorhttps://pronoun.is/ appears to be offline in case anyone is linking to it, might have been one of the free tier Heroku sites. [tantek] I saw your homepage links there.
#[tantek]glad to hear it'll be sorted. thanks for the heads-up gRegor!
mro, gRegor and Phoenix1 joined the channel
#Phoenix1I'm building my own blog, and I want to offer a way for people to do comments, and i want to auth them in some friendly way, even if they aren't indieweb geeks
#Phoenix1Anyone got good recomendations on something simple I could do to authenticate people from social accounts like mastodon instances, indieauth, twitter, tumblr, etc
mro, [manton]1, [benatwork]1 and mlncn joined the channel
#IWDiscordRelay<jacky#7226> Phoenix1: turning your site into a OAuth client is one way! It's not necessarily "simple" (well depending on how much efforts you're comfortable with) but that's one good stop
jeremycherfas joined the channel
#@unevenpranksterMy website has WebMention enabled though I'll work on implementing a "comments" field only next year, I might further redesign it to be more simplistic, not load fonts, etc. (twitter.com/_/status/1602677957339844608)
geoffo, barnaby and tbbrown joined the channel
#[jacky]Though potentially convoluted in naming, I can see the Web Share API powering _some_ level of interactions (like using a specific scheme like `web+action` to let compatible apps listen up), perhaps?
#[manton][aaronpk] Good suggestion about HTTP signatures. For this Mastodon.technology problem, another thing I do now is have a special case for Deletes. If it’s trying to delete a user I’ve never seen before, I skip all other processing.
mlncn, tbbrown, gRegor, geoffo_, _nertzy[d], _IWDiscordRelay, rhiaro_ and laker_ joined the channel
#aaronpkwell someone just put on the record in relation to the new OAuth client metadata draft that Solid has been using client ID as URL for a number of years
#aaronpkso i guess i should reply with indieauth's use of it that dates back to... 2014