[tantek][benatwork] also — am very interested in collaborating on this *actively* to make more progress on Web Actions. Last time we got to a certain point and it seemed like we lost momentum / people lost interest. Seems like an appropriate time to pick it up where we left off and keep pushing it forward.
[aciccarello]The follow and RSVP use cases seem suited to a web action. I like the genericness of the web Share API and it already has some significant browser support.
Loqishare is a watered down verb that's used on the "social web" (and other platforms like Google's Android) to mean pretty much any action https://indieweb.org/share
aaronpkmastodon.technology is 12 days into their shutdown. i've been getting about 1800 requests per day from the server, all Delete account activities
aaronpkseems weird that i should get a delete request for every single account though, when i clearly haven't ever interacted with all those accounts before
[snarfed]2aaronpk worse, they're all going to individual inboxes, not shared. last I checked, maybe end of last week, Bridgy Fed had gotten ~500k total so far
[manton]I’ve also been getting thousands of those Mastodon.technology deletes… I had a bug where Micro.blog actually tried to look up users it didn’t know about yet, so it would get a request for the delete, grab the user from Mastodon.technology (which was very slow), then delete it, just slowing everything down.
[manton]I’m not sure that sending deletes is actually correct for this, though. It means the post history is wiped out. Is that what we want when an instance goes away? Seems wrong to me. The user is not explicitly deleting the account, which would be different.
[snarfed]2in any case, the hosting instance is the only canonical store of the post history - other instances only store long-lived caches afaik - so arguably post history is getting wiped out no matter what
[manton]I guess one reason to send all those Deletes out is it limits confusing later, because someone can’t stumble upon an old account that can’t be followed anymore.
aaronpkI don't think this is causing any problems for me personally, but one optimization is you could check if you know about the actor URL before doing signature verification and just abort if you've never seen the actor before
gRegorhttps://pronoun.is/ appears to be offline in case anyone is linking to it, might have been one of the free tier Heroku sites. [tantek] I saw your homepage links there.
Phoenix1I'm building my own blog, and I want to offer a way for people to do comments, and i want to auth them in some friendly way, even if they aren't indieweb geeks
Phoenix1Anyone got good recomendations on something simple I could do to authenticate people from social accounts like mastodon instances, indieauth, twitter, tumblr, etc
IWDiscordRelay<jacky#7226> Phoenix1: turning your site into a OAuth client is one way! It's not necessarily "simple" (well depending on how much efforts you're comfortable with) but that's one good stop
@unevenpranksterMy website has WebMention enabled though I'll work on implementing a "comments" field only next year, I might further redesign it to be more simplistic, not load fonts, etc. (twitter.com/_/status/1602677957339844608)
[jacky]Though potentially convoluted in naming, I can see the Web Share API powering _some_ level of interactions (like using a specific scheme like `web+action` to let compatible apps listen up), perhaps?
[manton][aaronpk] Good suggestion about HTTP signatures. For this Mastodon.technology problem, another thing I do now is have a special case for Deletes. If it’s trying to delete a user I’ve never seen before, I skip all other processing.
mlncn, tbbrown, gRegor, geoffo_, _nertzy[d], _IWDiscordRelay, rhiaro_ and laker_ joined the channel
aaronpkwell someone just put on the record in relation to the new OAuth client metadata draft that Solid has been using client ID as URL for a number of years