#dev 2023-01-02

2023-01-02 UTC
angelo, [arush] and mambang joined the channel
#
@estoner I finally got webmentions for my site working for Mastodon this afternoon. (Please read this toot the same way that Crow T. Robot says “Made my own blender mayonnaise last night.”) (twitter.com/_/status/1609756028895125504)
gRegor, mambang, jeremycherfas, gerben, jonnybarnes and prologic joined the channel
#
prologic Is someone from the community able to help answer the comment in https://github.com/authelia/authelia/issues/4673#issuecomment-1368597373 ?
#
Loqi [preview] [james-d-elliott] This should theoretically be possible via fosite as it supports configurable handlers, and any solution will have to have compatibility with the existing OAuth 2.0 / OAuth 2.1 / OpenID Connect 1.0 implementations. As IndieAuth uses the same endpoi...
#
[tantek] !tell [snarfed] finally posted a top level note (not a reply) and my UI promptly timed out on the Bridgy Fed request at 30s and returns, which is plenty of time for PHP itself to not timeout with a 500. The Bridgy Fed request did eventually complete on its own.
#
Loqi Ok, I'll tell them that when I see them next
barnaby, jeremy, jeremycherfas, gRegor and tiim joined the channel
#
[KevinMarks] This is an interesting idea https://github.com/tweetback/tweetback-canonical
#
Loqi [preview] [tweetback] tweetback-canonical: A package to resolve twitter URLs to new canonically hosted twitter backups
#
@bpedro ↩️ garage. In the theme of: https://indieweb.org/100_days#100_Days_of_IndieWeb Previously: https://tantek.com/2022/001/t1/12-years-notes-my-site https://fed.brid.gy/r/https://tantek.com/2023/001/t1/own-your-notes (4/4) (twitter.com/_/status/1609847255858544640)
mro, Nuve, [TMichelleMoore], ben_thatmustbeme, mro_, [John_Eckman], mehulkar, [pfefferle] and gRegor joined the channel; prologic left the channel
#
gRegor [snarfed], FYI I'm getting a 500 on the BF redirect URL for a post just federated https://fed.brid.gy/r/https://gregorlove.com/2023/01/site-updates-for-the-new-year/
#
[snarfed] gRegor hmm! looking
#
Loqi [snarfed]: [tantek] left you a message on 2022-12-03 at 2:22pm UTC: heads-up in case Bridgy Fed is vulnerable to this kind of attack: https://github.com/misskey-dev/misskey/pull/9247
#
[snarfed] ^ odd, that's a month old, I haven't been idle anywhere near that long
geoffo joined the channel
#
[snarfed] gRegor ugh yeah that's https://github.com/CottageLabs/negotiator/issues/6 . i'll need to find a workaround
#
Loqi [preview] [snarfed] #6 Crash on Chrome Accept header with v=b3 parameter
#
gRegor oh! odd
#
gRegor yep, works in Firefox
#
gRegor From that github issue prologic mentioned above "Find an official method for IndieAuth compliance testing."
#
[snarfed] https://indieauth.rocks/
#
gRegor coming soon! :)
#
aaronpk 🙈
barnaby and mro joined the channel
#
[tantek] so this is very weird (which is why I'm bringing it up in #indieweb-dev) and may post about it too. from #indieweb-stream: twitter/bpedro manually RT'd my full post from the "fediverse" view, into three-tweet tweetstorm, when they could have RT'd my tweet instead. and totally separately, mastodon-social/jwz posted a link to my tweet, when he could have boosted the "fediverse" view of my post.
#
[tantek] the question is, why? in each case the user of each system presumably had to work harder (more steps) to do the lower fidelity thing
#
aaronpk i suspect the bpedro one is because he is following you from mastodon and has an automatic mastodon-to-twitter thing running
#
[snarfed] gRegor I've fixed that BF crash, thanks for the nudge!
#
[tantek] and why does it say Bridgy in my address?
#
gRegor [snarfed]++ for the quick fix
#
Loqi [snarfed] has 60 karma in this channel over the last year (103 in all channels)
#
[tantek] aaronpk, no this doesn't make sense: https://twitter.com/bpedro/status/1609847254700933121
#
@bpedro https://indieweb.org/Indiekit. Just https://indieweb.org/start. This is day 1 of my 2023 #100Days project, #100DaysOfIndieWeb, posting an #IndieWeb encouragement, tool, or tip at least once a day for 100 days, to setup and use your own personal site instead of someone else's (3/4) (twitter.com/_/status/1609847254700933121)
#
aaronpk why not?
#
[tantek] sorry wrong link
#
[tantek] this one: https://twitter.com/bpedro/status/1609847252314365953
#
@bpedro RT @tantek.com@fed.brid.gy I am once again asking you to own your notes, rather than tweeting them into Big Chad's garage. Maybe you left the big garage and now toot in your neighborhood Chad's garage. It's still someone else's garage. https://xkcd.com/1150 (1/4) (twitter.com/_/status/1609847252314365953)
#
aaronpk yeah that makes sense
#
[tantek] WTF is @tantek.com@fed.brid.gy ?!?
#
[tantek] where is that coming from?
#
aaronpk the mastodon-to-twitter things add "RT @user@host" when reposting something from mastodon
#
[snarfed] 👀
#
[tantek] but that's not my host!
#
aaronpk it sort of is
#
aaronpk isn't the http signing key hosted on fed.brid.gy?
#
[tantek] no, it isn't not anywhere machine-readable (AFAIK, [snarfed]?) so that took manual futzing to mess up
#
[tantek] or some piece of code is working extra hard to screwup the @user@host
#
gRegor Manual copy/paste RT looks like, so maybe the app they copied from shows that
#
aaronpk sadly twitter doesn't attribute tweets to apps anymore otherwise we could find out which POSSE service they're using
#
[tantek] right, so the app they copied from screwed up the @user@host
#
[tantek] maybe I'll just ask them
#
[tantek] anyway two screwups
#
[tantek] Mastodon client -> Twitter
#
aaronpk i don't think they manually tweeted that
#
[tantek] Twitter -> Mastodon
#
aaronpk there are services that people hook up to their mastodon account that automatically syndicate to twitter
#
[tantek] you think there's an automatic tweetstorming POSSE thing from Masto?!?
#
aaronpk yes for sure
#
[tantek] it's not just one tweet
#
aaronpk i'm sure that's part of the code
#
aaronpk look at how poorly it's broken into 4 parts. doing it manually you'd do a much better job
#
gRegor True, they have other RTs on their Twitter timeline same style
#
aaronpk here is one of them https://moaparty.com/
#
aaronpk there are a bunch, just search for "mastodon to twitter crossposter"
#
[tantek] so they have bugs then in their @user@host code
#
gRegor Their original boost: https://follow.brunopedro.com/@tantek.com@tantek.com/109618465329159622
#
Loqi [preview] I am once again asking you to own your notes, rather than tweeting them into Big Chad's garage. Maybe you left the big garage and now toot ...
#
[tantek] hah that link just redirects to my site
#
aaronpk it'd be useful to know which service they are using to try to track down the bug
#
[tantek] I had to go to their profile to see it https://follow.brunopedro.com/@bpedro
#
Loqi [preview] Bruno Pedro
#
[tantek] this is the problem of POSSE reposts, which is still a bit tricky to get right
#
[tantek] ok that explains that. so why did jwz do a manual boost/RT of my POSSE tweet? https://mastodon.social/@jwz/109619070401543051
#
Loqi [preview] [jwz] RT twitter.com/@t: I am once again asking you to own your notes, rather than tweeting them into Big Chad's garage.Maybe you left the big garage and now toot in your neighborhood Chad's garage. It's still someone else's garage. https://xkcd.com/1150 #...
#
aaronpk interesting, what's the "jwz.org" in the line with the date and fav counts
#
[tantek] we should find out what POSSE tool that bpedro is using and help fix it up
#
[tantek] definitely a few teachable moments for how to IndieWeb while still syndicating to silos
#
Loqi yea
geoffo, jeremycherfas and mro joined the channel
#
[0x3b0b] Hypothesis with regard to jwz: Saw the tweet, either didn't think beyond "retweeting" to Mastodon or thought signal-boosting the *example* of POSSE would be better than signal-boosting the original directly, didn't realize there was a "boostable" version also? From a quick check, it does seem like someone would have to either already know, or go farther than just clicking the link in the original tweet, to realize that was a
#
[0x3b0b] possibility.
#
[0x3b0b] <aaronpk> "interesting, what's the "jwz.org..." <- From the amount of investigating I did before I got tired of it and stopped paying attention, I think that might show either your verified website if you have one, or the app you used to post if you don't, or...never mind I give up.
#
aaronpk hm, it looks like he might be using an auto-poster to post to mastodon too
#
aaronpk so maybe that's the "app"
#
aaronpk which could also explain why the twitter copy ended up on mastodon
mro joined the channel
#
[snarfed] I haven't tried too hard to follow all this, lmk if you want me to investigate anything in BF
njmm and angelo joined the channel
#
gRegor I noticed the id in https://fed.brid.gy/tantek.com is https://fed.brid.gy/tantek.com, so maybe that tantek@fed.brid.gy was constructed from that. Total guess, I don't know AP, heh
#
Loqi [preview] Tantek Çelik
#
[snarfed] yeah Mastodon requires the host in multiple AS object fields to be fed.brid.gy for interop 😐
mro joined the channel
#
aaronpk this is interesting, someone just filed an issue on webmention.io that sending webmentions *from* mastodon doesn't work https://github.com/aaronpk/webmention.io/issues/184
#
Loqi [preview] [RobbiNespu] #184 Unable to process webmention from mastodon
#
aaronpk while that's true because mastodon went js;dr, xray does do a trick to parse mastodon permalinks
#
aaronpk i think webmention.io is doing its own fetch before xray parsing, which is causing that to error with no_link_found
#
aaronpk would it be useful to patch that to enable webmentions from mastodon pages even though there's no link in the HTML?
#
[tantek] snarfed, the one thing I'm curious about and would appreciate a cursory analysis from you is the question of: by what means of code/automation that someone could end up posting "@tantek.com@fed.brid.gy" in that tweet example: https://twitter.com/bpedro/status/1609847252314365953
#
@bpedro RT @tantek.com@fed.brid.gy I am once again asking you to own your notes, rather than tweeting them into Big Chad's garage. Maybe you left the big garage and now toot in your neighborhood Chad's garage. It's still someone else's garage. https://xkcd.com/1150 (1/4) (twitter.com/_/status/1609847252314365953)
mro joined the channel
#
[tantek] to put it another way: it's a bug or at least a leaky abstraction if any form of "@fed.brid.gy" ends up in content clear text for any reason (other than someone manually typing it in)
#
[tantek] now, what combination of bugs in what software/services, that's another question. from a UX perspective, it's a bug
#
[snarfed] aaronpk I did something similar in granary, generic conneg on AS2 input URLs, but not directly applicable to wm.io. https://snarfed.org/2022-12-03_48181
#
Loqi [preview] [Ryan Barrett] So Mastodon 4 went js;dr, which means it requires JavaScript to render content. That means that server-side fetches of Mastodon 4 user profiles and posts, eg indieweb.social/@snarfed, no longer return the actual contents in the response. They definit...
#
[tantek] also, combining topics, js;dr is one way of adding friction / raising the barrier to public text indexing
#
[tantek] for search etc.
#
[snarfed] [tantek] tons of opportunities for that if they're constructing @-@ addresses themselves, since BF has to use fed.brid.gy as the host in many URLs in AS2 objects, for Mastodon interop
#
[snarfed] but I don't think BF emits @[domain]@fed.brid.gy explicitly anywhere. will look
#
[tantek] a-ha, so this is perhaps lack of spec / tests in "how to construct an @-@ address"
#
[tantek] so they find a URL somewhere, then *by inspection* turn that URL into an @-@, errantly
#
[snarfed] maybe!
#
[tantek] that's a reasonable hypothesis
#
[tantek] because of course why wouldn’t that work
#
[snarfed] BF's webfinger does support eg acct:snarfed.org@fed.brid.gy, since I saw enough implementations and/or users trying that early on
#
[snarfed] but that's more just Postel's Law
#
[tantek] yeah that seems like a useful redirect to support
mro and [iambismark] joined the channel
#
starrwulfe[m] So double web fingers?
#
starrwulfe[m] Yourplace.tld@yourplace.tld and your place.tld@fed.brid.gy?
#
starrwulfe[m] s///, s/your place/yourplace/
#
starrwulfe[m] (👈🏾👈🏾 Double web fingers 😏)
#
[tantek] nah, the whole webfinger thing was unnecessary in the first place
#
aaronpk activitypub doesn't even rely on webfinger, it could have been done entirely without it
#
[snarfed] not quite indieweb related (yet): I added Bluesky to https://granary.io/ . examples: https://granary.io/?input=html&output=bluesky&submit&url=https://snarfed.org/ converts from mf2, https://granary.io/?input=bluesky&output=as2&submit&url=https://snarfed.org/getTimeline.bsky.json converts to AS2
#
IWDiscordRelay <c​apjamesg#4492> Yay!
#
Loqi 😊
[fluffy] joined the channel
#
[fluffy] I didn’t realize Bluesky was to the point of even having a protocol to convert to/from
#
[snarfed] this is just data format, not protocol, but that's there too, and relatively complete, even if it's early and docs are out of date. https://atproto.com/docs
#
[fluffy] ah
#
barnaby are there any example implementations which you can use to test the granary functionality? or is it more theoretical/pre-emptive at the moment?
#
[snarfed] barnaby yeah https://github.com/bluesky-social/atproto has pretty complete implementations of everything, even if it's unstabe and very actively developed
#
[snarfed] there are no public facing servers yet though afaik
#
Loqi [preview] [bluesky-social] atproto: A social networking technology created by Bluesky
#
barnaby okay, that’s more what I was asking
#
[snarfed] it attracts a lot of attention, which often hurts more than it helps when something's this early, so I'm surprised they even started working in the open at all this early
#
[snarfed] but it sounds like https://bsky.app/ closed beta is very close, maybe month(s) away