[tantek]ironically, it seems like my Bridgy Fed webmention (at ~17:00 PDT) didn't go through or rather there was no evidence of it working on https://fed.brid.gy/user/tantek.com
[chrisbergr]If I want to use hidden mf2 data e.g. inside an h-entry, which element would you recommend? meta, data, span with display none, something else?
[chrisbergr]You're using id on your h-entry elements. I'm talking about e.g. p-name, there are some views I don't want to display the name but I want to include it in the code for some mf2 parsers.
[tantek]Nope. Putting data (priority values) for an entry on an entry itself will not ever work in practice with anything non trivial like something with a date published. This is an FAQ.
[chrisbergr]Oh I understand. It's a design choice to not display post title for notes (because they are designed like a twitter card). I wanted to include the post title "invisible" for the sake of completeness
[snarfed][tantek] just fyi BF didn't get a webmention from you at 17:00p PT. the only one for your site in the last 24h is the 18:00p one from mention.tech
[snarfed][chrisbergr] the other dangerous part of eg a hidden p-name is that post type discovery uses the presence of a p-name to distinguish articles from notes
[snarfed](fwiw I'm on WordPress too and omit post titles on my notes, replies, likes, etc. they show up as "(no title)" in WP admin, which isn't ideal, but is manageable)
[chrisbergr]I'll continue use post titles, I have 2 dashboard widgets telling me which posts do need translation and which ones have missing categories. Those would be not managable without titles 🙂 - But of course, I'll stop trying to print them anywhere in the frontend.
RuxtonGWG / [snarfed]: was gonna say that's an easy fix and was sure there was a patch into one of GWG's plugins to display an excerpt for kinds that have no title
Ruxtonyou COULD, but i'd argue its a post kinds thing, if they're not using it, it's a few lines in functions.php, it really just boils down to: no title? gimme the excerpt instead.
RuxtonI think how the wiki handles users/auth is broken, there is no way to move my auth without renaming my user. I dont think this is an IndieAuth spec issue, but rather how we've implemented users/auth on the wiki. It's built from a user=uri, uri never moves perspective and that's just not the reality of longtime internet life.
RuxtonRenaming users is also a whole other issue, as after some research i see that most implementations of it have their edges cases. So you don't wanna just be moving users around all the time.
RuxtonI'd like to hear peoples thoughts on this, obviously a lot of you long timers have name domains that are unlikely to change. This is the 3rd URI my blog has had since it's inception.
[snarfed]you can obviously switch your web site to a new domain, migrate your data, and redirect from the old domain, but I don't know that we've spent a lot of time thinking about migration for accounts on services that you IndieAuth into
[snarfed]some actually do, eg Google OAuth (and maybe SAML?) can preserve the accounts you SSO into even if you change the email address associated with your Google account
[tantek]snarfed, rather, for IndieAuth RPs, the domain *is* the "user id" - there is no separate table or number or whatever have you that needs to generated, maintained etc
Ruxtonand userid=uri that's completely fine.. it's not indieauth thats the problem, its the implementation. Users are a 1 to 1 relationship with user id and there's no breaking from that in our current implementation
[tantek]Another way to think of it is, when you create a new domain and use it with IndieAuth, it's like creating a new username on any other service. There are no services that let you create a second username and then magically migrate everything from the first to the second (not without some service rep manually moving things)
Ruxtonplenty of sites let you rename hyourself, but more importantly they let you change the email associated with that username, so account recovery keeps working.
[snarfed]the user desire of, "I want to change my domain, but I want to keep using my existing IndieAuthed accounts" is totally valid and common enough
[snarfed]I guess one approach would be to recommend that IndieAuth consumers check for a 301 home page redirect on your existing domain, and if they see one, ask you if you want to update your domain
[tantek]Sure that's why I said it's worth filing an issue with that use case for IndieAuth so the spec could specify something that IdPs and RPs could interoperate on to make that work
RuxtonAgain, this isnt a spec issue. It could be, but this is an implementation issue. What IndieAuth does is completely acceptable, what the wiki chose to do, isn't.
Ruxtoni described how its fixable in implementation and it rightfully puts all the power of moving into the users hands, vs. relying on automatic and exploitable methods.
[tantek]Eg if someone ephemerally gets control of a domain then redirects all identities associated with it instantly. As opposed to having other checks & balances to prevent that.
[tantek]I think the best way to prove a proposal like this would be to prototype it into an RP test site to demonstrate it and invite people to find holes
RuxtonThe reason I think this is, there is use cases where you can accept the IndieAuth userid as the user and if they connect from somewhere else, it doesn't matter because you're not storing user data. But any site that has profiles and tracks historical user contributions/data, being bound to that userid is illogical.
@MappletonsGood lord.
I did one quick chat for an NBC news piece and they linked to my website.
Now my WebMentions are a dumpster fire - filled with all their crappy, low-quality syndicated copies of the article.
Counted 38 bunk domains all pointing back to the canonical NBC domain (twitter.com/_/status/1635555293563060224)
LoqiIt looks like we don't have a page for "webmention spam" yet. Would you like to create it? (Or just say "webmention spam is ____", a sentence describing the term)
aaronpkthe other way to handle the indieauth issue is suggesting that consumers explicitly don't treat indieauth URLs as an identity, just as an authentication provider
aaronpkyou click "sign in with twitter" today, then next week come back to the site and click "sign in with google" because you didn't remember which you used, and now you have two accounts
[schmarty]i found this post on alternative text for (glTF-formatted) 3D models interesting. in particular the questions about what plumbing can be used (without necessarily investigating _whether_ that plumbing _should_ be used)
[tantek]I’m guessing that those of us using Bridgy Fed should add such hyperlinking of our hashtags explicitly to our source markup, rather than suggesting any kind of hackery that would require Bridgy Fed to change source markup
[tantek]but unfortunately p-category is how BF identifies hashtags, so that may force us (publishers) into putting the '#' inside the p-category which IMO is not ideal
[snarfed]really awkward since Mastodon requires them in the content, but the content is obviously user-visible, so I'm reluctant to change it programmatically much or at all
[tantek]there's already u-bridgy-fed. I wonder if u-bridgy-fed-hashtag would be reasonable for that "something" class above, from which it could get the URL for the 'href' of the hashtag to put into the JSON
[snarfed]I'd love to avoid custom mf2. I can definitely add missing #s to the AS2 tag fields, I'm only trying to avoid touching content. I like [tantek]'s link example above, maybe that plus tag processing would be enough?
[tantek]snarfed, would you find a way to make both <a href="hashtagURL" class="p-category">#indieweb</a> and #<a href="hashtagURL" class="p-category">indieweb</a> work? (note position of '#')
[tantek]. visible '#' before the clickable hashtag in the markup source for "plain text" readability (CSS not and @supports I think would be sufficient to hide it when displaying the other one, plus HTML ARIA to avoid confusing screenreaders, and maybe even class='invisible' for Mastodon to not show it)
[snarfed]yup. maybe a useful hack for simplifying publisher markup, eg simple ones could do <... class="p-category">#foo</a> and consumers would get the intended "foo" ...but agreed, awkward hack
aaronpkso, steal blog posts from major news sites on high traffic keywords, blast out pingbacks to all the sites they link to, hope you get those sites linking back to you, then ... swap the site for some other tool that presumably has google ads on it or something?
[snarfed]gRegor the tentative conclusion is that users will have to link to the hashtag inside content themselves, since we're reluctant to have BF modify content
[KevinMarks]`<a href="/tags/IndieWeb" class="mention hashtag status-link" rel="nofollow noopener noreferrer" target="_blank">#<span>IndieWeb</span></a>` is what I see in a rendered mastodon page
gRegorsnarfed did several tests lower down with just the Hashtag object, didn't work. Appears to do some type of matching against an href in the content.
aaronpkthere's a comment about bridgy changing the content programmatically? but obviously if there's no hashtag in the content text already, there wouldn't be anywhere for mastodon to show the hashtag
gRegorI'm going to comment on github with a previous post of mine as an example, try to figure out what steps would be needed to make the hashtag in that post work on masto.
aaronpkI send `<a href="https://aaronparecki.com/tag/example">#example</a>` to mastodon, but if you look at my post in mastodon it has `<a href="/tags/example">`
[snarfed]I'm fine with requiring the links in the source page's content. Users can hide them if they want, and can use class=invisible to hide them on mastodon if they want
aaronpkif someone has `hello #<span class="p-category">world</span>` on their site, i would expect that hashtag to be clickable when looking at it on mastodon
aaronpkhm, just checked my code, and it runs through the full list of tags and includes tag objects in the AS2, but those wouldn't get added to the content
aaronpkit just so happens that the vast majority of the content i post via AP is plain text notes, and those are stored as just text on my site, and my autolinker runs to create linked hashtags from the hashtags in the text of the post
Loqi[preview] COVID transmission is still high around the US and we need masks to protect our most vulnerable in healthcare settings. Help us protect those who need it most by telling your governor to #KeepMasksInHealthcare:
Learn More and Send a letter: Keep Mask...
[tantek] looks like my POSSE code on my server and my API access still works: https://twitter.com/t/status/1635430544560500738
@t Blog as if there’s an #AI being trained^1 to be you based on your blog posts. And what if it was trained on your Universal Outbox^2? #IndieWeb #OpenAI #ChatGPT This is day 34 of #100DaysOfIndieWeb #100Days ← Day 33: https://tantek.com/2023/051/t1/five-years-ago-w3c-social-web → ...
https://tantek.com/t5Pp1 (twitter.com/_/status/1635430544560500738)
[chrisbergr] If I want to use hidden mf2 data e.g. inside an h-entry, which element would you recommend? meta, data, span with display none, something else?
prologic Put it on the element that is the entry itself
Ruxton GWG: you could always just link the code https://github.com/dshanske/indieweb-post-kinds/blob/trunk/includes/class-kind-taxonomy.php#L393
@Mappletons Good lord.
I did one quick chat for an NBC news piece and they linked to my website.
Now my WebMentions are a dumpster fire - filled with all their crappy, low-quality syndicated copies of the article.
Counted 38 bunk domains all pointing back to the canonical NBC domain (twitter.com/_/status/1635555293563060224)
Loqi It looks like we don't have a page for "webmention spam" yet. Would you like to create it? (Or just say "webmention spam is ____", a sentence describing the term)
[schmarty] i found this post on alternative text for (glTF-formatted) 3D models interesting. in particular the questions about what plumbing can be used (without necessarily investigating _whether_ that plumbing _should_ be used)
[KevinMarks] putting the # in the url seems like a mistake
gRegor I guess it would need to look it up in the parsed rels and rel-urls: http://php.microformats.io/?id=20230314171543573
@aaronpk ↩️ also fwiw, that kind of spam usually comes in via pingback, so you can just not include the pingback tag to http://webmention.io and accept only webmentions instead (twitter.com/_/status/1635718773402632192)
[aciccarello] Sounds like non-absolute URLs came up again...