#dev 2023-05-08

2023-05-08 UTC
KMF, IWSlackGateway and [snarfed] joined the channel
#
[snarfed]
added bluesky API support to the granary REST API: https://granary.io/?site=bluesky#logins
#
[snarfed]
data conversion is still early, still need to add features like rich text, quotes, etc, but it's at least up and running
Soni, IWSlackGateway, geoffo, KMF, Loqi, [chrisbergr], jjuran, holiday_medley and [schmarty] joined the channel
#
[schmarty]
snarfed++
#
Loqi
snarfed has 94 karma in this channel over the last year (150 in all channels)
geoffo and [KevinMarks] joined the channel
#
[KevinMarks]
[capjamesg] link is erroring again - I wanted to share this info on how to do rich links in bsky: https://bsky.link/?show_thread=t&url=https://staging.bsky.app/profile/gaberivera.bsky.social/post/3juzid54las2q
#
Loqi
[preview] There was an error retrieving the post.
geoffo joined the channel
#
capjamesg
I'm having issues with the auth refresh logic.
#
capjamesg
I have pushed another change that may fix it.
#
[KevinMarks]
also you're not rendering the links in the quoted techmeme post
#
Loqi
[preview] [Techmeme] In an email to users, Twitter acknowledges a bug that showed some Circle tweets to users outside of the Circle in April 2023 and says the issue has been fixed (Filipe Espósito/9to5Mac) Main Link | Techmeme Permalink
ShoesNSocks, [tantek], bret, IWSlackGateway, cdravcte, [KevinMarks] and Bayes1 joined the channel
#
Loqi
[preview] There was an error retrieving the post.
#
capjamesg
The auth token refreshes every so often, but not enough I don't think?
#
capjamesg
That is a funny post.
#
[KevinMarks]
Can you check for an error and renew it?
ShoesNSocks joined the channel
#
capjamesg
One sec.
#
capjamesg
That is my logic ^
#
capjamesg
But it doesn't seem to play nicely.
#
capjamesg
Maybe something with global variables in express?
#
[KevinMarks]
You've got 2 var xhr's one local and one global
#
[KevinMarks]
I'd suggest using const and let instead of var as var hoisting is weird
#
[KevinMarks]
you haven't declared refresh anywhere, so it's going to be local to the onreadystatechange functions, so when you try to refresh it will fail.
#
[KevinMarks]
I'd suggest you catch the refresh failing and do a reauth. Then fix it so the refresh token is actually stored
#
[KevinMarks]
put use strict; at the top and switch to using const and let to get errors for these kind fo things
#
[KevinMarks]
you're not checking for errors in your xhr's
#
[KevinMarks]
might be simpler to switch them to use fetch() then you can use .then and .catch
#
[KevinMarks]
you have a race in refresh_auth_token too as it's an xhr
#
capjamesg
Can you explain the last point more?
#
@sergiodxa
↩️ We should have stayed on blogs, and used RSS to follow each other, and used IndieAuth to sign-in using our domains on each other blogs to comment It’s interesting how social networks are re-inventing what the web could already do in a decentralized way
(twitter.com/_/status/1655672112311312400)
#
[KevinMarks]
so you're calling refresh_auth_token but it async as it calls an xhr
#
[KevinMarks]
then you make calls that use the `token` global
#
[KevinMarks]
but `refresh_auth_token` may not have completed yet
#
[KevinMarks]
so you may be using the old token
#
[KevinMarks]
another reason to redo the auth using fetch, as then you can await the refresh
#
[KevinMarks]
I am running this locally, and not hitting breakpoints when I use the form, only when I load a URL
[tantek] joined the channel
#
[KevinMarks]
[capjamesg] do you want me to fork it an send PRs or are you actively editing it now?
[capjamesg] joined the channel
#
[capjamesg]
Feel free to fork it!
#
[capjamesg]
I’m not working on it right now.
#
aaronpk
could also be pingback spam still
#
aaronpk
i should probably just stop including the pingback tag in the webmention.io template
#
rubenwardy
even with a more traditional commenting system you need moderation to avoid spam
#
rubenwardy
I suppose you could use captcha to reduce the number of bots
#
aaronpk
the best anti-bot tactic i've used is a hidden form field
#
aaronpk
especially if you have JS that swaps the value. the bots will submit it as is, but a real commenter will run the JS
#
rubenwardy
ooh interesting
#
rubenwardy
what would you name it to make it appealing to bots
#
aaronpk
sure that doesn't work for people who browse with JS disabled but that is going to be far fewer people than the number of bots it will block
#
[KevinMarks]
↩️ Ah, that's because the form is a fake form that uses the iframe which is calling the real site. That's hard to debug
#
aaronpk
ok i just split out the webmention and pingback tags on the docs
#
[tantek]
good call aaronpk
[snarfed] joined the channel
#
[snarfed]
yeah it seems like 99% of webmention spam reports turn out to actually be pingback, trackback, or from silos via Bridgy
#
[snarfed]
we supposedly have seen true wm spam, maybe, eg https://indieweb.org/spam#Webmention , but afaik not much
#
[tantek]
that's why I thought it was noteworthy to bring it up. and looks like first version was not via webm io
#
[tantek]
^ lots of interesting very specific feedback / criticisms
#
[tantek]
snarfed, that's the example of someone with their own server not just using webm io though sounds like they tried that too
#
[tantek]
"AI-generated Wordpress sites pop up everywhere, “mentioning” your stuff to get a piece of your clicks."
#
[tantek]
also right there at "2. Maintenance" : "This includes database maintenance—compression, upgrades, yaddayadda—and server maintenance—sudo systemctl restart gojamming yaddayadda."
#
[tantek]
[snarfed] "5. Most mentions come from Bridgy" some feedback there too
#
[tantek]
a little something for everyone, e.g. for the /Gemini fans: "I eventually threw out https://brainbaking.com/post/2021/04/using-hugo-to-launch-a-gemini-capsule/ precisely because of that: yet another thing that needlessly complicates matters."
#
[snarfed]
looks like a lot of that is the usual admin tax complaints, which are entirely valid
#
[snarfed]
I think the crux of that is really this, 'using a hosted Webmention server kind of defeats the purpose of the whole IndieWeb “own your data” mantra', which we generally disagree with, so maybe we need to be louder about debunking that
#
[snarfed]
owning your data requires access and control, _not_ self-hosting
#
[tantek]
and specifically owning & controlling domain identity / permalinks, not all the plumbing / backend hosting / ephemeral messaging
#
[tantek]
using a web hosting service does not make you less "indieweb" than say running a server in your closet at home
#
[tantek]
or using S3 for that matter
#
[tantek]
similarly using a bridge like Bridgy or a webmention proxy like wm io
#
[tantek]
because you can swap all those and no one can tell the difference just by looking at your site.
#
[snarfed]
"loop etiquette" is now my go-to reply when people push the self hosting purity test too hard: https://www.mnml.nl/phpBB3/viewtopic.php?f=17&t=62658&start=16
#
[KevinMarks]
I dislike these ejs templates compared to nunjucks tbh
#
[tantek]
what is a template
#
Loqi
A template is a file used to generate a page https://indieweb.org/template
#
IWDiscordRelay
<c​apjamesg#4492> Sorry [KevinMarks] 🙃
#
IWDiscordRelay
<c​apjamesg#4492> The templates are in need of a refactor.
#
[tantek]
[KevinMarks] neither ejs nor nunjucks is mentioned in /template 🤔
#
IWDiscordRelay
<c​apjamesg#4492> I should probably have a parent template.
#
[KevinMarks]
your last commit broke the post one
#
[KevinMarks]
sorry tantek, I'm yakshaving bsky.link at the moment
#
[tantek]
in other news I'm trying federating an article post from my site using Bridgy Fed and seeing if it shows up properly
#
[KevinMarks]
James, a forEach is usually better than a for loop for templates, then you don't end up with index references everywhere
#
IWDiscordRelay
<c​apjamesg#4492> This is useful guidance, Kevin.
#
IWDiscordRelay
<c​apjamesg#4492> I haven’t written as much JavaScript as I have other languages.
#
[KevinMarks]
its the same pattern as iterators in Python - avoiding loop variables in favour of native iterators
#
[tantek]
my article post was federated pretty well by BridgyFed, except it included an inline link to a Bridgy Fed redirect instead of a direct link to my blogpost: https://mf2.link/mastodon?url=https://xoxo.zone/@tantek.com@tantek.com/110335516349351366
#
Loqi
[preview] [Tantek Çelik] Running For Re-election in the W3C Advisory Board (AB) Electionhttps://fed.brid.gy/r/https://tantek.com/2023/128/b1/running-for-w3c-advisory-board-ab-election
#
[tantek]
^ ah even Loqi can see the BridgyFed link!
#
[tantek]
[snarfed] is that intention? Or something that could be improved for federating /article posts?
#
[tantek]
other than that, it performed as expected!
#
[snarfed]
[tantek] that's Mastodon, not us. https://fed.brid.gy/docs#which-parts
#
[snarfed]
I could arguably sniff and special case delivery to Mastodon inboxes to get around that, but that would be low priority
#
[tantek]
ah! that's actually pretty cool that BridgyFed is not having to do anything "special" for note vs article posts!
#
[tantek]
I would not argue for BridgyFed special casing delivery to Mastodon for this case
#
[tantek]
(working around the update bugs, e.g. new hashtags , in-reply-to, is a separate concern I'm still reflecting on)
#
[KevinMarks]
this refresh code doesn't work - I think it needs the token as a bearer header rather than in the body
#
shreyanjain[m]
<[tantek]> "a little something for everyone,..." <- this article just pulled me into a rabbit hole that ended with selfhosting xmpp somehow.
#
shreyanjain[m]
anybody feel free to test my jabber address at shreyan@shreyanjain.net
#
[tantek]
shreyanjain[m]++ for trying to keep the XMPP dream alive
#
Loqi
shreyanjain[m] has 1 karma in this channel over the last year (3 in all channels)
gxt__ and [jacky] joined the channel