#dev 2023-06-29

2023-06-29 UTC
#
gRegor I'm looking for some live post examples for an mf2 discussion: e-content containing an img element with alt text, and no u-photo class on the img.
#
gRegor Also a post with p-name that contains an img element (same restrictions on img element)
#
gRegor Found one for the first case (more still welcome!) https://aaronparecki.com/2020/12/22/14/oauth
#
Loqi [preview] [Aaron Parecki] Learn OAuth over the winter break!
#
epoch_ hrm. I have images in a e-content with*out* alt text and no u-photo
#
epoch_ I don't know why I'd put an img tag inside of a p-name
#
epoch_ if I updated the code that made the posts, I'd probably put alt text and u-photo
#
epoch_ so still wouldn't match
#
gRegor yeah, p-name is a bit odd since usually it would be a photo post and have u-photo
#
gRegor We can contrive examples for tests, but posts in the wild are always great
#
gRegor Mistyped above: no u-* on the img. Not just u-photo.
#
epoch_ right, I figured you were looking for examples in the wild and not crafted examples.
#
epoch_ https://thebackupbox.net/inbox/?puri=https%3A%2F%2Fhackers.town%2Fusers%2Fg%2Fstatuses%2F110012240049062520 this is the page my code generated that I was checking
strugee_ and btrem joined the channel
#
[snarfed] capjamesg re https://github.com/snarfed/bridgy/issues/1453 , yes! I commented there with a link to instructions in that issue just now
#
Loqi [preview] [snarfed] #1453 Add Bluesky support
#
[snarfed] two next steps. 1) decide whether to add Bluesky to oauth-dropins or not. Bridgy kind of assumes it, but it's awkward since Bluesky isn't actually OAuth. not sure which direction to go there yet
#
aaronpk "isn't actually" is an understatement
#
aaronpk unless they changed something since i last checked 😂
#
[snarfed] 2) implement the rest of of Bluesky.get_activities() in granary, which wraps a handful of Bluesky API calls
#
[snarfed] ^ (it's maybe half done now)
#
[snarfed] aaronpk yeah and oddly they posted something about their future thoughts on third party auth a bit ago and they mentioned OAuth but notably didn't say that was the plan
#
[snarfed] (will try to find it)
#
[snarfed] iirc they think OAuth in a decentralized world is a bit awkward/incomplete, which may be true, but I don't know that we have anything better yet
#
[snarfed] and fediverse OAuth with creating clients via API is a clear existence proof that it's at least workable
#
aaronpk oh boy i need to get in touch with them then
#
aaronpk we do have a solution to oauth in a decentralized world, it's called indieauth
#
aaronpk i even gave them a blueprint for it https://aaronparecki.com/2023/03/09/5/bluesky-and-oauth
#
[snarfed] I'll try to find that post
#
Loqi [preview] [Aaron Parecki] OAuth Support in Bluesky and AT Protocol
#
GWG Did they read it?
Soni, nsh, capjamesg, saptaks, ancarda, sebsel, wagle, eb and bret joined the channel
#
aaronpk they at least acknowledged it
#
[snarfed] aaronpk not sure where I saw that. they added a lot to their developer docs recently, https://atproto.com/specs/xrpc#authentication has a lot on current and near future plans, but not quite what I think I saw. 🤷
#
aaronpk oh hey at least they added app passwords
#
[snarfed] oh yeah that was a while ago, good step
#
aaronpk i haven't been paying attention lately tbh
#
aaronpk too many things going on
angelo, l8tcoder, tei_, tei_1, Gorro_Rojo[theyi, olaf[m], gRegor, [Ana_R], Loqi__, rrix, AramZS, win0err, Seirdy, holiday_medley, Matt1, prologic and [tw2113_Slack_] joined the channel
#
[tantek] Toomanythings++
#
Loqi Toomanythings has 1 karma over the last year
Matt1 joined the channel
#
Matt1 Thanks @snarfed and @jo! It looks like most of those will let me test once I've deployed something publicly, but I'm looking to test my indieauth provider while running locally (at localhost:4578 or whatever)
Matt1 joined the channel
#
Matt1 I guess I didn't specify I want my site to be a provider
#
aaronpk Matt1: you could pick one of the open source micropub clients and run it locally
#
aaronpk lots to choose from depending on what kinds of languages you're comfortable with! https://indieweb.org/Micropub/Clients
#
aaronpk i should clarify, these are micropub clients, which use indieauth to get an access token
#
Matt1 Thanks for the link!
#
Loqi agreed.
#
Matt1 @aaronpk, I'm reading your Oauth book :)
Matt1 joined the channel
#
aaronpk :D
Matt1 joined the channel
#
Matt1 Users are identified by a [URL] .. and MUST NOT contain a port. Does this mean running a local client and server on different loopback ports for testing isn't really allowed?
#
Matt1 (from https://indieauth.spec.indieweb.org/#user-profile-url )
Matt1 joined the channel
#
Matt1 Also, it looks like the spec says a provider should publish a <link rel="indieauth-metadata"> endpoint, which returns json, but micro.blog just lists all the metadata as individual <link rel= lines. Is this an evolution in the spec?
#
Matt1 I hope you all don't mind me throwing questions at you
#
[schmarty] Matt1: it is indeed an evolution in the spec! i'm not sure what adoption looks like for IndieAuth-relying services in the wild but I would say the metadata endpoint is not as widely supported as the separate link relations.
Matt1 joined the channel
#
Matt1 I'll follow that model then, thanks!
[capjamesg] joined the channel
#
[schmarty] Matt1: no harm doing both 😊
gRegor and btrem joined the channel
#
gRegor Definitely recommend both. I would expect new/updated clients to support indieauth-metadata. I updated indiebookclub to check for that first and fallback to the individual rels
#
gRegor Matt1, I think that user profile url restriction is for the URL returned after the authorization, the me=example.com. I think you should be able to test the server itself running on a localhost port
#
gRegor I say both because indieauth-metadata is still kinda new (2022-02-12 spec) so it will take a while to get wider adoption in clients.
#
[jacky] https://www.rfc-editor.org/rfc/rfc9413.html
#
vikanezrimaya anyone ever tried using postgres as a job queue? because I think I just implemented that in Rust
#
vikanezrimaya turns out locked rows can be skipped in a `select for update` statement, so I built a job claiming system, and then wrapped it into Rust to make it work idiomatically
#
vikanezrimaya will be very useful for webmentions
#
vikanezrimaya I'm very afraid of losing even a single incoming webmention so I was thinking of ways to persist them, and this might actually be it
#
[tantek] jacky, FYI I work with one of the authors of that RFC, "M. Thomson"
#
[tantek] happy to see it doesn't say to use "well-known" 😄
#
[tantek] though it could go further and say: avoid .well-known--
#
sknebel hah, the name of that RFC got toned down
#
aaronpk oh hah https://datatracker.ietf.org/doc/draft-iab-protocol-maintenance/00/
#
aaronpk previously: https://datatracker.ietf.org/doc/draft-thomson-postel-was-wrong/03/
#
[tantek] well-known-- since Loqi missed it prev at end of that last message
#
Loqi well-known has -7 karma in this channel over the last year (-10 in all channels)
#
vikanezrimaya [tantek]: what's wrong with .well-known?
#
vikanezrimaya googling reveals that technically everyone's supposed to register their .well-known URIs with IANA but pretty much nobody does
#
vikanezrimaya is that the reason?
#
[tantek] huh, that's another good criticism
#
[tantek] vikanezrimaya, https://indieweb.org/.well-known has more criticisms but needs gardening to sort/curate/collate them into a coherent Criticisms section
#
[tantek] .well-known << To-do: create a Criticisms section that sorts/curates/collates the problems listed in the See Also section
#
Loqi ok, I added "To-do: create a Criticisms section that sorts/curates/collates the problems listed in the See Also section" to the "See Also" section of /.well-known https://indieweb.org/wiki/index.php?diff=88422&oldid=81416
#
[tantek] .well-known << Criticism: everyone's supposed to register their .well-known URIs with IANA but pretty much nobody does
#
Loqi ok, I added "Criticism: everyone's supposed to register their .well-known URIs with IANA but pretty much nobody does" to the "See Also" section of /.well-known https://indieweb.org/wiki/index.php?diff=88423&oldid=88422
#
aaronpk i mean there are a ton registered https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml
#
vikanezrimaya And even more unregistered ✨
#
vikanezrimaya Wikipedia lists some unregistered ones too
#
vikanezrimaya also re: community edited website software allowing .well-known in document URLs: I'd argue that's a software security flaw and this shouldn't be used
#
aaronpk just realized the wiki page for .well-known is actually the same URL as .well-known 😂
#
vikanezrimaya yeah, that's the entire point
#
vikanezrimaya I guess
#
vikanezrimaya i wasn't the one who created this page but I do appreciate the irony
#
[tantek] "argue that's a software security flaw and this shouldn't be used" <-- nope, all that software & practices thereof PREDATE ".well-known" and should have been a strong enough reason to never propose and depend on ".well-known" in the first place.
#
[tantek] It's not the job of the rest of the web to predict what standards might do and avoid conflicts, it's the job of standards to respect existing software and web compatibility.
#
aaronpk the idea that the leading dot makes it like a hidden file on the filesystem is funny
#
[tantek] yeah. unixinsiderisms--
#
Loqi unixinsiderisms has -1 karma over the last year
l8tcoder joined the channel
#
gRegor well known, but hidden, haha
#
gRegor considers setting up a .less-well-known and show random trivia on it
#
aaronpk lol
#
sknebel gRegor++
#
Loqi gRegor has 32 karma in this channel over the last year (93 in all channels)
#
[jacky] Haha URL jokes are one of a dozen
#
[tantek] I kind of want to create and implement a bunch of "well-known" traps and harsh responses as a way to make it really clear when a site or implementation is depending on something "well-known" like faveicon.ico or anything in .well-known beyond the narrow Bridgy Fed use-case
tei_ joined the channel
#
[tantek] Eg a bright red ERROR faveicon.ico that shows up if consuming code is failing to use the rel=icon for a page instead
#
[tantek] Similarly with any bots that crawl wp-admin looking for exploits
win0err, tei_1, petermolnar, tei_ and gnoo joined the channel