#dev 2022-12-13

2022-12-13 UTC
moose333, [pfefferle], mlncn, jan6, tiim, oxtyped, Zegnat and tbbrown joined the channel
# 00:36 
[benatwork] I did miss / forget this. Will update when I get a chance
btrem joined the channel
# 00:41 
[tantek] [benatwork] also — am very interested in collaborating on this *actively* to make more progress on Web Actions. Last time we got to a certain point and it seemed like we lost momentum / people lost interest. Seems like an appropriate time to pick it up where we left off and keep pushing it forward.
# 00:41 
[benatwork] Agree with that
# 00:42 
[snarfed]2 tantek++ benatwork++
# 00:42 
Loqi tantek has 19 karma in this channel over the last year (73 in all channels)
# 00:42 
Loqi benatwork has 1 karma in this channel over the last year (9 in all channels)
# 00:50 
[aciccarello] What is the cross section between that and the Web Share API? https://developer.mozilla.org/en-US/docs/Web/API/Web_Share_API
# 00:51 
[tantek] completely different
# 00:52 
[tantek] what is Web Share API
# 00:52 
Loqi Web Share API is a draft specification for sharing text, links, and other content to an arbitrary destination https://indieweb.org/Web_Share_API
# 00:52 
[tantek] though I can see how they would be confused
# 00:53 
[tantek] Web_Share_API << webactions
# 00:53 
Loqi ok, I added "[[webactions]]" to the "See Also" section of /Web_Share_API https://indieweb.org/wiki/index.php?diff=84991&oldid=72231 
# 00:53 
[tantek] webactions << Web_Share_API
# 00:53 
Loqi ok, I added "[[Web Share API]]" to the "See Also" section of /webactions https://indieweb.org/wiki/index.php?diff=84992&oldid=81801 
# 00:53 
[tantek] aciccarello, for example, "web share" has nothing to do with a universal follow button, which is something you can build with web actions
# 01:08 
gRegor May not be relevant then, but I remember this "todo" from 2019/SF: https://indieweb.org/2019/SF/webactions##Tantek+should
# 01:30 
[aciccarello] The follow and RSVP use cases seem suited to a web action. I like the genericness of the web Share API and it already has some significant browser support.
# 01:31 
[aciccarello] As I think about it, I see the value in specific actions even if I'm wary of having visual clutter
geoffo joined the channel
# 02:22 
[tantek] what is ahre
# 02:22 
Loqi It looks like we don't have a page for "ahre" yet. Would you like to create it? (Or just say "ahre is ____", a sentence describing the term)
# 02:22 
[tantek] what is share
# 02:22 
Loqi share is a watered down verb that's used on the "social web" (and other platforms like Google's Android) to mean pretty much any action https://indieweb.org/share
# 02:23 
[tantek] ^ this is also why that framing sucks
# 02:23 
[tantek] share--
# 02:23 
Loqi share has -1 karma over the last year
# 02:23 
[tantek] instead, stick to the "specific action" of: reply, like, repost, follow, etc.
# 02:23 
[tantek] the "web share" makes this mistake of conflating reply, like, repost, and even more (like "print", as in "share" to a printer 🙄 )
# 02:24 
[tantek] gRegor, that never went anywhere 😞
# 02:27 
aaronpk mastodon.technology is 12 days into their shutdown. i've been getting about 1800 requests per day from the server, all Delete account activities
# 02:28 
aaronpk they had about 24k users, so we should be coming up to the end of it
# 02:28 
aaronpk seems weird that i should get a delete request for every single account though, when i clearly haven't ever interacted with all those accounts before
# 02:48 
[snarfed]2 aaronpk worse, they're all going to individual inboxes, not shared. last I checked, maybe end of last week, Bridgy Fed had gotten ~500k total so far
# 02:48 
[snarfed]2 probably almost double that now
mlncn joined the channel
# 02:52 
aaronpk seems like a pretty massive oversight to not send to the sharedinbox 😬
# 02:55 
[snarfed]2 yuuuup
# 02:57 
aaronpk also sure would be nice to have a single "server delete" activity 🤷‍♂️
# 02:57 
aaronpk but more significantly, i think this points to another massive problem with a purely push-based protocol
[manton] joined the channel
# 03:11 
[manton] I’ve also been getting thousands of those Mastodon.technology deletes… I had a bug where Micro.blog actually tried to look up users it didn’t know about yet, so it would get a request for the delete, grab the user from Mastodon.technology (which was very slow), then delete it, just slowing everything down.
# 03:11 
[manton] I’m not sure that sending deletes is actually correct for this, though. It means the post history is wiped out. Is that what we want when an instance goes away? Seems wrong to me. The user is not explicitly deleting the account, which would be different.
# 03:13 
[snarfed]2 I don't know that a Delete activity implies semantics for more than just the direct object, in this case the actor. https://www.w3.org/TR/activitypub/#delete-activity-outbox
# 03:14 
[snarfed]2 in any case, the hosting instance is the only canonical store of the post history - other instances only store long-lived caches afaik - so arguably post history is getting wiped out no matter what
# 03:15 
[snarfed]2 (also amusingly Bridgy Fed also responds poorly, but in the other direction from micro.blog, https://chat.indieweb.org/dev/2022-12-08/1670518704603900 )
# 03:16 
Loqi [preview] [[snarfed]2] BF is petty and spiteful and only honors Deletes sent to shared inbox, not individual inboxes
# 03:17 
[snarfed]2 oh sorry, the right spec link is https://www.w3.org/TR/activitypub/#delete-activity-inbox
# 03:19 
[manton] So, I checked my code and actually I don’t clear the posts, just the user. But there’s no way to see the user profile and all their posts.
# 03:20 
[manton] I guess one reason to send all those Deletes out is it limits confusing later, because someone can’t stumble upon an old account that can’t be followed anymore.
# 03:20 
[manton] But I still feel like there’s a difference between a server dying and a user wanting to delete their account.
# 03:25 
[snarfed]2 definitely! but those kinds of semantic distinctions still aren't really part of the AP spec's Move activity
# 04:01 
aaronpk Is this behavior something built in to mastodon or did this particular instance hand-roll this mass delete campaign?
# 04:03 
[manton] Good question. I don’t know.
# 04:15 
aaronpk I don't think this is causing any problems for me personally, but one optimization is you could check if you know about the actor URL before doing signature verification and just abort if you've never seen the actor before
# 04:16 
aaronpk seems silly to waste a lookup of the key for a message you're going to drop on the floor anyway
strugee_ joined the channel
# 04:48 
gRegor https://pronoun.is/ appears to be offline in case anyone is linking to it, might have been one of the free tier Heroku sites. [tantek] I saw your homepage links there.
# 04:50 
gRegor https://github.com/witch-house/pronoun.is/issues/147
# 04:50 
Loqi [preview] [lsmith77] #147 website seems to be down
# 04:50 
gRegor aha, they're on it: https://twitter.com/morganastra/status/1599463482079911936
# 04:50 
@morganastra @blade_kissed Yep, the platform the site was hosted on stopped offering the plan we were using and it needs to be migrated. It'll be down for a bit while I sort that out, sorry for the inconvenience! (twitter.com/_/status/1599463482079911936)
# 05:04 
[tantek] glad to hear it'll be sorted. thanks for the heads-up gRegor!
mro, gRegor and Phoenix1 joined the channel
# 08:27 
Phoenix1 I'm building my own blog, and I want to offer a way for people to do comments, and i want to auth them in some friendly way, even if they aren't indieweb geeks
# 08:27 
Phoenix1 Anyone got good recomendations on something simple I could do to authenticate people from social accounts like mastodon instances, indieauth, twitter, tumblr, etc
tiim joined the channel
# 08:45 
@Livid ↩️ I’m in a rabbit hole. IndieAuth is awesome! https://www.w3.org/TR/indieauth/ (twitter.com/_/status/1602584139693162496)
mro joined the channel
# 09:55 
[KevinMarks] Nice new mapping options https://observablehq.com/@neocartocnrs/some-quick-geo-experiments-with-plot
# 09:56 
[KevinMarks] https://observablehq.com/@observablehq/plot-geo
mro, [manton]1, [benatwork]1 and mlncn joined the channel
# 13:38 
IWDiscordRelay <j​acky#7226> Phoenix1: turning your site into a OAuth client is one way! It's not necessarily "simple" (well depending on how much efforts you're comfortable with) but that's one good stop
jeremycherfas joined the channel
# 14:55 
@unevenprankster My website has WebMention enabled though I'll work on implementing a "comments" field only next year, I might further redesign it to be more simplistic, not load fonts, etc. (twitter.com/_/status/1602677957339844608)
geoffo, barnaby and tbbrown joined the channel
# 15:36 
[jacky] Though potentially convoluted in naming, I can see the Web Share API powering _some_ level of interactions (like using a specific scheme like `web+action` to let compatible apps listen up), perhaps?
# 15:42 
[manton] [aaronpk] Good suggestion about HTTP signatures. For this Mastodon.technology problem, another thing I do now is have a special case for Deletes. If it’s trying to delete a user I’ve never seen before, I skip all other processing.
mlncn, tbbrown, gRegor, geoffo_, _nertzy[d], _IWDiscordRelay, rhiaro_ and laker_ joined the channel
# 17:53 
aaronpk well someone just put on the record in relation to the new OAuth client metadata draft that Solid has been using client ID as URL for a number of years
# 17:53 
aaronpk so i guess i should reply with indieauth's use of it that dates back to... 2014
Cadey, GWG- and jjuran joined the channel
# 18:05 
[schmarty] 💯
Seirdy joined the channel
# 18:14 
[tantek] absolutely
# 18:15 
[jacky] dooo it
# 18:16 
[jacky] and it's already a draft done by community with community resources
barnaby, jjuran, geoffo, tiim, gRegorLove_, gRegorLove__, btrem and [fluffy] joined the channel; btrem left the channel