#[tantek]ironically, it seems like my Bridgy Fed webmention (at ~17:00 PDT) didn't go through or rather there was no evidence of it working on https://fed.brid.gy/user/tantek.com
#[tantek]I did just use Mention.Tech to send a Webmention to BF manually like a minute or so ago and that claimed to have succeeded
#[tantek]And just now I can see it on that BF dashboard link
sebbu, geoffo, ShoesNSocks and [chrisbergr] joined the channel
#[chrisbergr]If I want to use hidden mf2 data e.g. inside an h-entry, which element would you recommend? meta, data, span with display none, something else?
#prologicPut it on the element that is the entry itself
#prologicSee for example how I do it for Yarn pods like twtxt.net
#[chrisbergr]You're using id on your h-entry elements. I'm talking about e.g. p-name, there are some views I don't want to display the name but I want to include it in the code for some mf2 parsers.
#[tantek]Nope. Putting data (priority values) for an entry on an entry itself will not ever work in practice with anything non trivial like something with a date published. This is an FAQ.
#[tantek]In general it's discouraged to put anything hidden into microformats. Would need to see the actual practical use-case.
#[tantek]In theory the answer should always be "no" to how do I put hidden data in microformats. So in practice, show the practical use case first
#[chrisbergr]Oh I understand. It's a design choice to not display post title for notes (because they are designed like a twitter card). I wanted to include the post title "invisible" for the sake of completeness
#GWG[chrisbergr]: I always considered not a title for notes because they are so short, why do you need to see one?
#[chrisbergr]GWG I don't want them to be "seen". But I always (*mostly) set one for the clarity in the wp admin posts list.
[snarfed] joined the channel
#[snarfed][tantek] just fyi BF didn't get a webmention from you at 17:00p PT. the only one for your site in the last 24h is the 18:00p one from mention.tech
#[snarfed]iirc that's happened with your site before
#GWG[chrisbergr]: I tried to change the display for empty titles to a summary in the post admin for the reason.
#[snarfed][chrisbergr] the other dangerous part of eg a hidden p-name is that post type discovery uses the presence of a p-name to distinguish articles from notes
#[snarfed]so if you do it, mf2 parsers will interpret your notes as articles, which will result in unpleasant surprises
#[chrisbergr]Oh, then of course I should dismiss the idea. Did not see this comming as one of the possible concequences.
#[snarfed](fwiw I'm on WordPress too and omit post titles on my notes, replies, likes, etc. they show up as "(no title)" in WP admin, which isn't ideal, but is manageable)
#[chrisbergr]I'll continue use post titles, I have 2 dashboard widgets telling me which posts do need translation and which ones have missing categories. Those would be not managable without titles 🙂 - But of course, I'll stop trying to print them anywhere in the frontend.
#[tantek]Thanks [snarfed]. I'll work on adding some more instrumentation to my webmentions sending code to track it down further.
geoffo, strugee and [timothy_chambe] joined the channel
#RuxtonGWG / [snarfed]: was gonna say that's an easy fix and was sure there was a patch into one of GWG's plugins to display an excerpt for kinds that have no title
#GWGRuxton: I could extract that for other people who don't Kind
#Ruxtonyou COULD, but i'd argue its a post kinds thing, if they're not using it, it's a few lines in functions.php, it really just boils down to: no title? gimme the excerpt instead.
#GWGRuxton: It's a bit more, but yes.. I was thinking of a snippet
#RuxtonI think how the wiki handles users/auth is broken, there is no way to move my auth without renaming my user. I dont think this is an IndieAuth spec issue, but rather how we've implemented users/auth on the wiki. It's built from a user=uri, uri never moves perspective and that's just not the reality of longtime internet life.
#RuxtonRenaming users is also a whole other issue, as after some research i see that most implementations of it have their edges cases. So you don't wanna just be moving users around all the time.
#RuxtonI'd like to hear peoples thoughts on this, obviously a lot of you long timers have name domains that are unlikely to change. This is the 3rd URI my blog has had since it's inception.
#RuxtonUltimately, i think user should be seperated from domain and there should be the ability to add/remove auths from the user.
#[snarfed]Ruxton you're right, the IndieWeb ties user identity strongly to domains
#Ruxtoni understand why, but if my domain moves, im still the same person/account
#[snarfed]you can obviously switch your web site to a new domain, migrate your data, and redirect from the old domain, but I don't know that we've spent a lot of time thinking about migration for accounts on services that you IndieAuth into
#RuxtonOAuth 2.0 doesnt either, but OAuth is authorization, not authentication, so it gets away with it.
#[snarfed]some actually do, eg Google OAuth (and maybe SAML?) can preserve the accounts you SSO into even if you change the email address associated with your Google account
#[snarfed]the consumers need to support that, but it's straightforward, just associate the account with the user id instead of the email
#[snarfed]but you're right, I don't know that we have anything similar for IndieAuth and domains yet. [aaronpk] would know more
#[tantek]snarfed, rather, for IndieAuth RPs, the domain *is* the "user id" - there is no separate table or number or whatever have you that needs to generated, maintained etc
#[snarfed]right, afaik this is a Google specific thing, not part of the standard
#Ruxtonand userid=uri that's completely fine.. it's not indieauth thats the problem, its the implementation. Users are a 1 to 1 relationship with user id and there's no breaking from that in our current implementation
#[snarfed]but we probably do eventually want to think about how to migrate IndieAuthed accounts when you change domains
#[tantek]Another way to think of it is, when you create a new domain and use it with IndieAuth, it's like creating a new username on any other service. There are no services that let you create a second username and then magically migrate everything from the first to the second (not without some service rep manually moving things)
#[snarfed]that's not true, plenty of consumer apps let you change your username and keep the same account, data, etc
#[snarfed]right, I understand the technicality. but this is still a reasonable, common user need that we should think about fulfilling
#Ruxtonplenty of sites let you rename hyourself, but more importantly they let you change the email associated with that username, so account recovery keeps working.
#[tantek]*create a second username* != change username
#[snarfed]ie, let's think about the user use case, not the DNS plumbing limitation
#Ruxtontantek: ook but my site just moved and im still the same guy
#[tantek]That's my point. Crating a second domain == creating a second username.
#[snarfed]right. but the root cause of that is domain registrars/DNS plumbing, not some inherent principle
#[tantek]You didn't rename your domain because registrars don't work like that
#Ruxtonand everywhere else handled my move appropriately
#[tantek]Point being from abuser perspective, create two things == create two things
#[snarfed]the user desire of, "I want to change my domain, but I want to keep using my existing IndieAuthed accounts" is totally valid and common enough
#[snarfed]I guess one approach would be to recommend that IndieAuth consumers check for a 301 home page redirect on your existing domain, and if they see one, ask you if you want to update your domain
#[tantek]Sure that's why I said it's worth filing an issue with that use case for IndieAuth so the spec could specify something that IdPs and RPs could interoperate on to make that work
#[tantek]This is not a "just do it as an RP" thing
#RuxtonAgain, this isnt a spec issue. It could be, but this is an implementation issue. What IndieAuth does is completely acceptable, what the wiki chose to do, isn't.
#[snarfed]I missed that you said file a spec issue
#[tantek]This requires interop for it to work predictably & reliably
#[tantek]Otherwise you confuse users who then lose their identities because they get tricked by different methods
#[tantek]Nope it's a security failure mode if you make it "just" an implementation issue
#Ruxtoni described how its fixable in implementation and it rightfully puts all the power of moving into the users hands, vs. relying on automatic and exploitable methods.
#[tantek]Because I guarantee that most (likely all) implementations are going to get it wrong and it will result in users losing their identities
#RuxtonOAuth 2.0 doesnt define moving accounts, but the base implementation around the place has very much settled on add/remove auth endpoints
#[tantek]No you didn't. You described a naive way that would be trivially exploited by bad actors
#[tantek]Eg if someone ephemerally gets control of a domain then redirects all identities associated with it instantly. As opposed to having other checks & balances to prevent that.
#[tantek]Sorry but these scenarios are trivial enough that it demonstrates that it's not something that's been well thought thru
#Ruxtoni mean, in what id described, that person would have to login to every account, which would fail if it's built to spec.
#[tantek]No because they'd have setup redirects already
#RuxtonI said, let me add/remove auths from MY account and dont tie it to the URI
#Ruxtona manual process,insigated by the logged in user, to add another authentication endpoint
#[tantek]I think the best way to prove a proposal like this would be to prototype it into an RP test site to demonstrate it and invite people to find holes
#[tantek]Short of that, I don't think you're going to convince any other RP implementers to risk users losing control of their identities
#Ruxtonhow are they going to lose control of their indenties?
#Ruxtonand again.. im not suggesting a proposal or a spec change, ITS A WIKI ISSUE. My blog supports indieauth, but it doesn't tie my account to it.
#RuxtonThe reason I think this is, there is use cases where you can accept the IndieAuth userid as the user and if they connect from somewhere else, it doesn't matter because you're not storing user data. But any site that has profiles and tracks historical user contributions/data, being bound to that userid is illogical.
#@MappletonsGood lord.
I did one quick chat for an NBC news piece and they linked to my website.
Now my WebMentions are a dumpster fire - filled with all their crappy, low-quality syndicated copies of the article.
Counted 38 bunk domains all pointing back to the canonical NBC domain (twitter.com/_/status/1635555293563060224)
#LoqiIt looks like we don't have a page for "webmention spam" yet. Would you like to create it? (Or just say "webmention spam is ____", a sentence describing the term)
#[tantek]^ aaronpk, that looks like a JSON result from wm .io
jjuran, [tantek] and [timothy_chambe] joined the channel
#aaronpkoh gosh, the edge cases around that rel=canonical scare me
#aaronpkthe other way to handle the indieauth issue is suggesting that consumers explicitly don't treat indieauth URLs as an identity, just as an authentication provider
#aaronpkthis pattern happens with social login all the time too
#aaronpkyou click "sign in with twitter" today, then next week come back to the site and click "sign in with google" because you didn't remember which you used, and now you have two accounts
#aaronpkare you the same person in both cases? yes of course, but how is the site supposed to know that
#aaronpkso there are other solutions like doing an email verification challenge so that a user account also has an email address associated with it
#aaronpkand then you can also connect multiple social providers to the same account, and log in with any of them
geoffo, Guest6, [aciccarello] and [schmarty] joined the channel
#[schmarty]i found this post on alternative text for (glTF-formatted) 3D models interesting. in particular the questions about what plumbing can be used (without necessarily investigating _whether_ that plumbing _should_ be used)
#[tantek]I’m guessing that those of us using Bridgy Fed should add such hyperlinking of our hashtags explicitly to our source markup, rather than suggesting any kind of hackery that would require Bridgy Fed to change source markup
#[tantek]now I'm going to go rethink hashtag hyperlinking vs p-category markup (hyperlink includes the '#' whereas p-category typically does not)
#[tantek]but unfortunately p-category is how BF identifies hashtags, so that may force us (publishers) into putting the '#' inside the p-category which IMO is not ideal
#[snarfed]thanks [tantek]! yeah we've just started discussing how the publisher UX should work
#[snarfed]really awkward since Mastodon requires them in the content, but the content is obviously user-visible, so I'm reluctant to change it programmatically much or at all
#[tantek]I was considering a <a> with <span> structure
#LoqiIt looks like we don't have a page for "rel-tag" yet. Would you like to create it? (Or just say "rel-tag is ____", a sentence describing the term)
#[tantek]there's already u-bridgy-fed. I wonder if u-bridgy-fed-hashtag would be reasonable for that "something" class above, from which it could get the URL for the 'href' of the hashtag to put into the JSON
#[snarfed]I'd love to avoid custom mf2. I can definitely add missing #s to the AS2 tag fields, I'm only trying to avoid touching content. I like [tantek]'s link example above, maybe that plus tag processing would be enough?
#[tantek]I guess the question is the pain of extra processing of p-category (like adding '#' if missing), vs less processing and custom mf2
#[snarfed]ooh mastodon supports an `invisible` class, I wonder if they hide those with CSS. then I could add invisible links to content
#[tantek]note from my example there's no way to "get" the hasthtag link from any mf2 classes
#[snarfed]personally I'd happily do extra processing to avoid custom mf2
#[snarfed]yup, tested, class="invisible" is hidden in Mastodon
#[snarfed]but I couldn't assume that in other implementations
#[tantek]snarfed, would you find a way to make both <a href="hashtagURL" class="p-category">#indieweb</a> and #<a href="hashtagURL" class="p-category">indieweb</a> work? (note position of '#')
#[tantek]. visible '#' before the clickable hashtag in the markup source for "plain text" readability (CSS not and @supports I think would be sufficient to hide it when displaying the other one, plus HTML ARIA to avoid confusing screenreaders, and maybe even class='invisible' for Mastodon to not show it)
#[tantek]special-casing p-category parsing feels quite bad
#[snarfed]yup. maybe a useful hack for simplifying publisher markup, eg simple ones could do <... class="p-category">#foo</a> and consumers would get the intended "foo" ...but agreed, awkward hack
#aaronpkso uh, weird SEO spam thing going on with that maggie post
#aaronpkboth links in the screenshot are 404 now, and both websites are now some weird "random IP address generator" thing
#aaronpkso, steal blog posts from major news sites on high traffic keywords, blast out pingbacks to all the sites they link to, hope you get those sites linking back to you, then ... swap the site for some other tool that presumably has google ads on it or something?
#capjamesgI don't think I added rel=tag to my site when I last reviewed my microformats.
[snarfed] joined the channel
#[snarfed]gRegor the tentative conclusion is that users will have to link to the hashtag inside content themselves, since we're reluctant to have BF modify content
#[snarfed]ugh this is why I try to back away from this slowly every time we look at it again
#gRegorMy educated guess was: Mastodon is matching the tag JSON 'href' against URLs in the HTML content, though does not appear to be case sensitive.
#[KevinMarks]`<a href="/tags/IndieWeb" class="mention hashtag status-link" rel="nofollow noopener noreferrer" target="_blank">#<span>IndieWeb</span></a>` is what I see in a rendered mastodon page
#gRegorBecause we tried just the JSON without a link in the content. Adding a matching link in the content worked.
#[KevinMarks]the example above implied a nonmatching link worked too
#gRegorsnarfed did several tests lower down with just the Hashtag object, didn't work. Appears to do some type of matching against an href in the content.
#Loqi[preview] [EdwardHinkle] #45 Post with hashtag doesn’t get linked?
#[KevinMarks]ah, gotcha - so the link in the content has to match the link in the JSON, but doesn't have to match the text of the hashtag
#aaronpknow i'm confused about the problem, because it looks like snarfed just figured that out?
#gRegorWe definitely got it to work with href (finally), but that's interesting about id
#aaronpkthere's a comment about bridgy changing the content programmatically? but obviously if there's no hashtag in the content text already, there wouldn't be anywhere for mastodon to show the hashtag
#aaronpkoh i think i see, you want to be able to type a plain text `#example` and have it show up as a link on mastodon?
geoffo joined the channel
#gRegorThat would be nice, but I think we've realized it's not likely to happen -- don't want BF to be changing content to add links.
#gRegorI'm going to comment on github with a previous post of mine as an example, try to figure out what steps would be needed to make the hashtag in that post work on masto.
#aaronpkit isn't really "changing" the content since it's just making the post look correct on the mastodon side
#gRegorIt's changing the content property (HTML) in the AS2
#aaronpkyeah but mastodon already changes that to rewrite the target of the link to the instance
#aaronpkI send `<a href="https://aaronparecki.com/tag/example">#example</a>` to mastodon, but if you look at my post in mastodon it has `<a href="/tags/example">`
[schmarty] joined the channel
#[snarfed]The reluctance is to change _user-visible_ content, eg adding the link for a p-category if there isn't one at all
#[snarfed]I'm fine with requiring the links in the source page's content. Users can hide them if they want, and can use class=invisible to hide them on mastodon if they want
#aaronpki still don't think that counts as changing the content, it's more about making it work liike you'd expect on the mastodon side
#aaronpkif someone has `hello #<span class="p-category">world</span>` on their site, i would expect that hashtag to be clickable when looking at it on mastodon
#[snarfed]Sure, that's fine. I think we're saying different things
#aaronpkoh do you mean if there is a category property in the MF2, you don't want to add that to the actual content of the post on mastodon?
#Loqi[preview] [cweiske] #478 Automatically create twitter hashtags from tags
#aaronpkhm, just checked my code, and it runs through the full list of tags and includes tag objects in the AS2, but those wouldn't get added to the content
#[snarfed]I'd be curious to see an example tag of yours that wasn't in content
#aaronpkit just so happens that the vast majority of the content i post via AP is plain text notes, and those are stored as just text on my site, and my autolinker runs to create linked hashtags from the hashtags in the text of the post
#aaronpkso i could create an example of a post with 3 mf2 tags and 1 hashtag in the content, but in practice that's never going to happen
#aaronpkbut I do do that for articles and other types of posts all the time
#Loqi[preview] COVID transmission is still high around the US and we need masks to protect our most vulnerable in healthcare settings. Help us protect those who need it most by telling your governor to #KeepMasksInHealthcare:
Learn More and Send a letter: Keep Mask...
[aciccarello] joined the channel
#[aciccarello]Sounds like non-absolute URLs came up again...
#[tantek]gRegor I'm seeing "#KeepMasksInHealthcare" hyperlinked in your post in that tags search result to a local instance URL