#dev 2023-01-19

2023-01-19 UTC
jeremycherfas, geoffo and Nuve joined the channel
#
@tmichellemoore
Today, I am reading the Webmention and Webmention-Developer pages on the http://IndieWeb.org website. This is going to take a couple of days to review the examples. This is under the task to: * Learn About Webmentions a Little More Deeply. Day… https://tmichellemoore.com/?p=152149
(twitter.com/_/status/1615906739601420288)
#
@Nezteb
↩️ Gonna plug @microdotblog. It’s got cross-posting to Twitter and Mastodon (among others), is super dev-friendly, and supports several common federated protocols (ActivityPub, WebMentions, etc).
(twitter.com/_/status/1615906903359631360)
geoffo, starrwulfe, gRegor, [pfefferle] and [tw2113_Slack_] joined the channel
#
@CVEreport
CVE-2017-20174 : A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched r... https://cve.report/CVE-2017-20174
(twitter.com/_/status/1615983374908198912)
Guest6 joined the channel
#
@CVEnew
CVE-2017-20174 A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20174
(twitter.com/_/status/1615993786672320513)
rocto, gRegor, gRegorLove_ and rocto_ joined the channel
#
@eyeTSystems
CVE-2017-20174 A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20174
(twitter.com/_/status/1616005416470683648)
gRegorLove_, wagle, Nuve, petermolnar, IWDiscordRelay, nertzy[d], gxt, geoffo and [manton] joined the channel
#
[manton]
I feel like the “requires JavaScript” problem of Mastodon post permalinks has been discussed before here but not sure I was paying close attention. This breaks Micro.blog’s archiving of web pages… Thinking about just hardcoding it to use meta tag “description” instead, which looks like a plain text version of the post. Bad idea, better ideas?
#
[manton]
What is jsdr?
#
Loqi
js;dr is JavaScript required; Didn’t Read https://indieweb.org/jsdr
#
Loqi
[preview] [Ryan Barrett] So Mastodon 4 went js;dr, which means it requires JavaScript to render content. That means that server-side fetches of Mastodon 4 user profiles and posts, eg indieweb.social/@snarfed, no longer return the actual contents in the response. They definit...
#
[snarfed]
[manton] alternatively use conneg to fetch the same post URL as AS2
[aciccarello] joined the channel
#
[aciccarello]
conneg-- 😉
#
Loqi
conneg has -17 karma in this channel over the last year (-23 in all channels)
#
[snarfed]
[aciccarello]++ AP is slowly brainwashing me into thinking connegg-- is ok
#
Loqi
[aciccarello] has 3 karma in this channel over the last year (13 in all channels)
#
[manton]
[snarfed] Thanks! Didn’t even consider that for some reason.
#
[snarfed]
depending on your use case though, the next question is, can you sniff a given URL to determine whether it's Mastodon
#
[manton]
I can’t gripe too much because truthfully Micro.blog has a couple things that do need JS, but not blog post pages! Ain’t right. 🙂
#
aaronpk
that's why xray has a ridiculously complex Accept header, which then breaks with wordpress because installing the AP wordpress plugin means WP always returns AP JSON for xray
#
[manton]
Yeah, I can guess based on /users/whatever/statuses/1234… Not foolproof.
#
Loqi
[preview] [bekopharm] #101 Make this work with ActivityPub WordPress plugin
#
[manton]
Looks like these pages I’m testing with have a reasonable rel tag with json+activity.
#
[manton]
Kinda sucks deciding when I should fall back on ActivityPub and when I should just use the real HTML. Maybe if the HTML contains “<noscript>“. Feels hacky.
#
[manton]
conneg--
#
Loqi
conneg has -18 karma in this channel over the last year (-24 in all channels)
#
GWG
😟
#
GWG
😟
#
[manton]
Another problem: if a Mastodon site requires auth for ActivityPub, I’m not sure this will even work.
#
[snarfed]
[manton] I handle that in Bridgy Fed by signing all AS2 GETs. If I don't have an existing user handy with keys to sign the request, I fall back to a "default" user (me 😎)
#
[snarfed]
are we having fun yet? 😁
#
[manton]
[snarfed] So “fun”. 🙂 I actually do something very similar with my normal ActivityPub code… I first try unsigned and if I get an HTTP auth error, I re-sign with a default user.
#
[manton]
But that’s outside of the web page archiving code that I’m working on now. Hmm.
#
[manton]
(The unsigned first code is only when I’m looking up random Mastodon users, not part of the inbox flow which is always going to be signed.)
floatingghost joined the channel
#
floatingghost
hoihoi - anyone about and free that can help me with getting the error message for some federation isuses?
#
[snarfed]
Hi floatingghost! How can i help
#
floatingghost
hey! any chance you could fire off a like towards one of my statuses to see if we can reproduce the issue?
#
floatingghost
any status on https://ihatebeinga.live/FloatingGhost would work
#
[snarfed]
I can in 10m or so
#
floatingghost
that would be perfect, thanks~
#
[snarfed]
Or just sign and send the object in that issue
#
floatingghost
that would work too, basically i just need to see if it passes HTTP signature checks
#
floatingghost
because objects themselves _seem_ to validate
#
[snarfed]
I suspect the bug is that Akkoma only handles actor string URLs, not objects
#
floatingghost
it looks like there's handling for object actors, but i may be wrong ( i frequently am )
#
floatingghost
(t'is the joys of inheriting a massive pile of nonsense, half of it may as well be black magic that you don't notice the horror of until this sort of thing crops up)
#
[snarfed]
so, basically, all code everywhere 😎
floatingghost joined the channel
#
floatingghost
ok! i got an error msg, that should be something to go on
#
floatingghost
your hunch may be correct, thanks
#
[tantek]
what are metaformats?
#
Loqi
metaformats started as an April Fools joke concept to describe how to both publish using microformats class names and openly parse meta tags as a fallback for what should be in-the-body visible data, including backcompat with OGP, Twitter Cards, and meta author, description, and anything else real sites (like search engines) appear to consume https://indieweb.org/metaformats
#
[tantek]
^ [manton] if you parsed the HTML from a Mastodon post permalink as metaformats, would you get the information you need?
#
Loqi
[preview] Tantek Çelik
geoffo joined the channel
#
[snarfed]
yeah he mentioned using meta description
floatingghost joined the channel
#
floatingghost
you know if there's any good way to create bridgy requests without having to set up like... gcloud or a new site?
gRegorLove_ joined the channel
#
floatingghost
just like for localhost testing
gRegorLove__ joined the channel
#
[snarfed]
If you have a web site handy, you can set it up on Bridgy Fed
#
[snarfed]
And yes you can also run it locally, details in the resume
#
[snarfed]
Er readme
#
floatingghost
yeah it involves gcloud though bah
#
floatingghost
guess i'll fish out some unused domain
#
[snarfed]
Just local
#
[manton]
[tantek] Yep. There’s no actual MF2 on the page, but there’s meta tags in <head>. Not great but that’s what I’m going to do for now.
#
floatingghost
oh fair,i 'll try it, thanks
#
[snarfed]
I'd recommend just modifying, signing, and reusing the existing object
#
[snarfed]
Even better, make it into a new unit test!
#
[tantek]
[manton] I'm hoping that following the metaformats parsing algorithm actually gives you the result you want
#
[tantek]
e.g. I see meta "og:description" is in the view source of a Mastodon permalink, so no need to use the older meta "description" (which is more likely to have spam)
#
[tantek]
and if the metaformats parsing algorithm does not give you the information you want (or gives you wrong information) I definitely want to know about it!
#
[tantek]
point being, if see evidence for it working in practice like that, that's a strong incentive to formally include it into the overall backcompat of mf2 parsing
#
[tantek]
which then hides that complexity from anyone using mf2 parsers, and provides a forward compatible way for sites to upgrade from meta tags to mf2
[chrisaldrich] joined the channel
#
[manton]
[tantek] Got it. I’m going to try with the Microformats Ruby library and see what it does.
#
[tantek]
to be clear, AFAIK so far there are no implementations of metaformats, that was my point
#
[manton]
It gets nothing. Maybe I’m misunderstanding you, though.
#
[manton]
Oh! Sorry, I misread metaformats as microformats.
starrwulfe joined the channel
#
[tantek]
my point was rather than writing one-off code from looking at meta tags, try writing code according to the metaformats algorithm (since that was created by a bunch of prior meta tag analysis)
#
[tantek]
yes the goal would be eventually if parsing for metaformats "works", then we'd include it in the core mf2 spec, and get parsers updated
#
Loqi
[preview] Tantek Çelik
#
[tantek]
yes that's the one!
#
[tantek]
feedback appreciated
#
[manton]
I think the problem I’m going to run into is that this particular code I’m writing is to save the text content of any page. If the code has mf2, perfect. If it doesn’t, I still want to grab the text for the page (currently using the Readability library to help with that). Only if the page text is js;dr do I really want to fallback to the meta tags.
#
[manton]
I don’t want to prefer the meta tags over just a boring un-MF2 page of text.
#
[manton]
Lemme know if that’s making sense.
#
[tantek]
yes that makes sense. would still be useful to know if the metaformats parsing algorithm works for your "fallback" case.
#
[tantek]
also that's good feedback to consider keeping metaformats as a separate parsing step independent of mf2 parsing
#
[manton]
Cool. I think it will work. I’ll still have a kind of hardcoded check for whether I should fallback.
#
[tantek]
right, I figure there will be case-by-case "whether to fallback [to meta tags]" decisions
#
[tantek]
the goal here is to hopefully standardize (in an mf2 compatible way) what happens when you do fallback to meta tags
#
[manton]
Yep. I do think metaformats and mf2 feel like separate things. In a way, this Mastodon case is unique because the posts are short and do fit completely in og:description.
#
[manton]
I doubt most systems would put a full-length blog post in meta tags.
#
[tantek]
I have a feeling that's going to be true for lots of "social-like" sites
#
[tantek]
beyond Mastodon
#
[manton]
Oh jeez, I just checked tweet URLs and they are completely useless.
#
[manton]
(No text, no meta tags.)
#
[schmarty]
true regardless of whether we are talking machine parseability or general value 😏
#
[schmarty]
uff. my site has been breaking because hugo got way stricter on time formats and my old template workaround to catch errors no longer works. so hugo now dies when my site tries to display reply context info for dates it doesn't like.
#
[tantek]
manton re: tweet permalinks wow. didn't realize they had gotten that bad. surprised they don't at least have og: for FB link previews
#
[schmarty]
the first examples i found in my site data were from tantek.com and so i thought "heh, tantek, pushing the parsers". adding a seconds value to the partial time string "fixed" things, so i started doing that manually whenever i noticed site issues.
#
[tantek]
artificialseconds--
#
Loqi
artificialseconds has -1 karma over the last year
Herbi1 joined the channel
#
[schmarty]
but today i learned the reason why hugo was failing and it makes me even sadder. hugo uses Go's time parsing, which uses RFC 3339. and i had either forgotten or never learned that RFC 3339 is a subset of ISO8601 which explicitly requires seconds. https://www.rfc-editor.org/rfc/rfc3339#section-5.6
starrwulfe joined the channel
#
[schmarty]
(in my deep heart i was hoping this was a slight bug i could upstream somewhere but i should have known better given that it's Go core stuff and Go is Google and therefore "spec-perfect" (and it's just my bad luck they chose a bad spec))
#
[schmarty]
anyway it looks like i'll be post-processing my X-Ray fetching of reply context data to force dates and times to RFC-3339! :zany_face:
#
[KevinMarks]
Did I tell you about the opposite problem I had with Python's too-relaxed date parsing?
gRegorLove_ joined the channel
#
[schmarty]
KevinMarks: if so, i don't recall reading it. sounds quite plausible!
#
[KevinMarks]
I have a db that ingests sorta structured emails and I was using Python's default date parser. The people s endo the emails switched the date format from months as text to dd/mm/yyyy but python was assuming they were mm/dd/yyyy until the day got past 12. I was testing the changeover at the end of the month, and things looked OK, then I looked at event durations later and some were crazy.
#
[KevinMarks]
Apparently I needed to pass the dayFirst hint to python.
#
[KevinMarks]
Then I had to unmangle 2 months worth of scrambled dates.
#
[schmarty]
"quattuordecember the 8th, got it"
#
[tantek]
RFC3339--
#
Loqi
RFC3339 has -1 karma over the last year
[benatwork] joined the channel
#
IWDiscordRelay
<c​apjamesg#4492> Rel met?
#
[tantek]
Remember when journalists used to make fun of bloggers as not being "real" journalists? (I know [KevinMarks] remembers), so now this: https://gizmodo.com/cnet-chatgpt-ai-articles-publish-for-months-1849976921
#
[tantek]
provenance and authorship, and then verifying an author is a "real person" is going to become a big deal
#
[tantek]
as 2022 turned into the year of rel=me, perhaps 2023 will turn into the year of rel=met
#
capjamesg
What is rel=met?
#
Loqi
It looks like we don't have a page for "rel=met" yet. Would you like to create it? (Or just say "rel=met is ____", a sentence describing the term)
#
capjamesg
Was rel=crush ever used?
#
[KevinMarks]
Did someone say provenance? https://youtu.be/Q2WzVSVxrrI
#
[tantek]
capjamesg, it was, to some hilarious effect
#
[tantek]
that needs a tl;dr [KevinMarks]
#
[tantek]
or tl;dw as it were
#
capjamesg
Yeah. A tl;dw would be great :)
#
[KevinMarks]
There's an abstract at the link.
#
[tantek]
And it's pretty obtuse
#
[KevinMarks]
Gavin was talking about person tagging and xfn as a way to derive provenance about statements
#
gRegor
I'll make an announcement post later, but I fixed a small display bug in indiebookclub since last release: "Currently reading" statuses were displaying "Want to read" by mistake. Micropub requests were correct, though.
#
gRegor
!tell jamietanna I think tokens-pls is your app? If so there's an application error, https://chat.indieweb.org/2023-01-19#t1674157084621200
#
Loqi
Ok, I'll tell them that when I see them next
#
Loqi
[preview] [ross[m]] hey folks - https://tokens-pls.herokuapp.com is serving up an 'Application error' at the moment - are there any alternatives?
[iambismark] and geoffo joined the channel
#
Loqi
[preview] In that case how about switching to a more readable font like openAtkinson? https://brailleinstitute.org/freefonthttps://starrwulfe.xyz/t/vFIn that case how about switching to a more readable font like openAtkinson? https://brailleinstitute.org/freef...
#
starrwulfe[m]
* This post is showing up as JSON ink when viewed from Mastodon clients https://starrwulfe.xyz/3315-2/
#
Loqi
[preview] In that case how about switching to a more readable font like openAtkinson? https://brailleinstitute.org/freefonthttps://starrwulfe.xyz/t/vFIn that case how about switching to a more readable font like openAtkinson? https://brailleinstitute.org/freef...
#
starrwulfe[m]
I think it’s the Hum short link plug-in’s fault.
#
starrwulfe[m]
Here’s the same post’s short link:
#
starrwulfe[m]
…Nope… that’s not it either… 🤔
#
starrwulfe[m]
It’s only when using a Mastodon app on my phone actually.
#
starrwulfe[m]
Now that’s strange. [pfefferle] GWG any ideas where that’s coming from? I know that putting ~/ActivityPub at the end of any link will resolve to that AP markup JSON view; could the app I’m using be getting confused somewhere?
#
[tantek]
conneg--
#
Loqi
conneg has -19 karma in this channel over the last year (-25 in all channels)
[campegg] and starrwulfe joined the channel
#
[tantek]
[snarfed] FYI I tried using Bridgy Fed to reply to a Pleroma post: https://dartboard.social/notice/ARgC7WwFPFPo8xnM24 and my reply didn’t show up there. Not sure if that's a BF problem or a Pleroma problem, or perhaps it has a moderation queue for showing replies
#
Loqi
[preview] [knova] I will be participating in this via @knovak
#
[tantek]
Ah, makes sense. The follow-up then is, does Bridgy Pub support POSSE to GitLab?
#
[tantek]
Got it. Will file PRs / issues. Thanks
starrwulfe joined the channel
#
starrwulfe[m]
<[snarfed]> "[tantek] yup Pleroma isn't..." <- You sure?
#
starrwulfe[m]
I could swear I’ve replied to something on my Pleroma instance before. Let me test it myself.
#
starrwulfe[m]
(I usually use my own Wordpress based server but this time I’ll use StarrWulfe.tumblr.com since it has to use Bridgy natively to pass webmentions to ActivityPub actions. …think I also need to find the snippet of html/microformat to make a reply post too.
starrwulfe and angelo joined the channel
#
[tantek]
[snarfed] do you have thoughts on supporting blocks or defederating from Bridgy Fed? And if not entirely then for particular users? (e.g. a dashboard UI to block all responses from a specific instance)
#
[snarfed]
hoo boy does that start me down the road of being an admin?
#
[snarfed]
ie, which parts of this are at the user vs service level? etc
#
[snarfed]
do you have a specific user or instance you want to block right now? or just curious?
#
[snarfed]
I have definitely not thought this through
#
[tantek]
I have a specific name-calling abusive user I want to block (has replied to someone who in a separate post has replied to me), who appears to also be on an instance that has no rules about hate speech.
#
[snarfed]
next question is, how much does this overlap with overall webmention moderation on your site, and how much blocking and tooling should happen there vs in BF?
#
[snarfed]
it's clearer in Bridgy since silos already have blocking muting etc, so it's more obvious for Bridgy to just use those
#
[tantek]
well, as long as the BF "dashboard" is public (and thus a public "profile" of sorts), I feel it's important to be able to block hate speech from showing up there
#
[tantek]
(regardless of the Webmention filtering etc. done on my server)
#
[snarfed]
hmm if you consider your BF page a user-visible profile that people would use as such, separate from your site itself, then yes
#
[snarfed]
I don't know if I've concluded that...but I don't know that I haven't 🤷
#
[snarfed]
the part where BF's user page paging is broken when you have many followers unintentionally helps here, since it's hard to page back much on https://fed.brid.gy/user/tantek.com :zany_face:
#
[snarfed]
ideally I'd like BF to be more background plumbing than user-facing application. I think it's largely that now, but not entirely