#dev 2023-07-14

2023-07-14 UTC
bret, tei_, wagle, vilhalmer, [Ana_R], Aidhan, superkuh, [jacky], IWSlackGateway, [KevinMarks], m2m, gRegor, paulrobertlloyd and gRegorLove_ joined the channel
# 12:03 
paulrobertlloyd For a URL source query on a Micropub (media) endpoint, that is a request to get information about a published post/uploaded file, if no file can be found, should the endpoint return a 404 Not Found, or a 200 Success with an empty JSON object? I’ve been doing the former, but wondering if that’s right.
sivoais, tei_, IWSlackGateway and paulrobertlloyd joined the channel
# 12:44 
paulrobertlloyd Oh wait, looking at the spec, I seemed to have missed the example: https://micropub.spec.indieweb.org/#error-response I should be returning a 400 Bad Request.
tei_1, m2m, tei_, geoffo, AramZS, btrem, gRegorLove__, gRegor and eitilt joined the channel
# 18:32 
aaronpk ugh, Meta starting to implement activitypub and wanting to interop with mastodon means there will essentially always be a fork in the HTTP Signatures spec now vs the new nearly final IETF HTTP Signatures spec
# 18:33 
aaronpk I wish there was a way to convince Mastodon to switch to the new version
# 18:34 
gRegor !standards
# 18:34 
Loqi http://xkcd.com/927/ http://imgs.xkcd.com/comics/standards.png
[snarfed] joined the channel
# 18:38 
[snarfed] that problem was pre-existing and seems unrelated to Meta/Threads specifically though, right?
# 18:38 
[snarfed] also ugh, I commiserate, https://github.com/snarfed/bridgy-fed/issues/430#issuecomment-1510537265
# 18:39 
Loqi [preview] [snarfed] conclusion seems to be that the fediverse is still generally on cavage v12 at most, and hasn't migrated to httpbis yet.
- https://socialhub.activitypub.rocks/t/state-of-http-signatures/754/22
- https://socialhub.activitypub.rocks/t/http-signatures-...
# 18:40 
aaronpk well, it's a preexisting problem but once another major player implements it it will be even harder to fix
jackh joined the channel
# 18:59 
epoch I stopped verifying signatures
# 19:03 
aaronpk 😬
# 19:03 
aaronpk i mean that's one way to handle it 😂
# 19:03 
epoch I still have to generate signatures though
# 19:03 
epoch and I'm using whatever mastodon accepts. >_>
# 19:09 
epoch is there a page that shows just the differences between the two versions?
# 19:10 
aaronpk hahahaha
# 19:10 
Loqi hahahaha
# 19:11 
shreyan[m] loqi you Alright
# 19:11 
epoch is the difference the whole thing?
# 19:13 
aaronpk well there is actually a page that shows the differences
# 19:13 
aaronpk https://author-tools.ietf.org/iddiff?url1=draft-cavage-http-signatures-12&url2=draft-ietf-httpbis-message-signatures-17&difftype=--html
# 19:13 
aaronpk https://media.aaronpk.com/2023/07/14121352-9871.png
# 19:14 
aaronpk words in common include: "HTTP", "is", "the", "signature" 😂
# 19:14 
epoch nice
# 19:17 
epoch guess I've got a decent amount of reading to do
# 19:17 
[snarfed] trying to grok this: https://werd.cloud/ActivityPub+API+service
# 19:18 
epoch oof. 20 pages vs 120
# 19:19 
aaronpk [snarfed]: sounds like https://github.com/aaronpk/Nautilus if I were to run it as a service in the Cloud
# 19:19 
Loqi [preview] [aaronpk] Nautilus: Turn your website into an ActivityPub profile
# 19:19 
[snarfed] maybe?
# 19:19 
aaronpk it manages the AP parts for you and gives you a simple API to it
# 19:21 
[snarfed] ah sure
# 19:39 
epoch looking into what the "@authority" value is supposed to be if the URL that was requested included a username and password in the "authority" section of the URL
# 19:43 
epoch makes no mention of whether it is included or not, just talks about hostname and port
# 19:44 
epoch returns to the tree
# 19:44 
epoch trees*
# 19:46 
epoch it references rfc 9110 though
# 19:46 
epoch and /that/ says just host and port
# 19:47 
epoch so, the http request's "authority" isn't always the same as the "authority" of a URL that caused that request it seems. -_-"
[tw2113_Slack_] and [KevinMarks] joined the channel
# 20:16 
[KevinMarks] sounds like between people here we have a quorum for an AP test suite anyway
AramZS, geoffo and [tantek] joined the channel
# 23:36 
[tantek] if multiple people are having to simplify ActivityPub "for developers" that's a strong case that there should be a simpler standard for developers to use instead, which is then Bridged to ActivityPub through one or more proxies. [benatwork] [snarfed] [aaronpk]
# 23:36 
[tantek] is there a test suite for the IETF HTTP Signatures spec?
# 23:58 
aaronpk sort of https://httpsig.org/
# 23:59 
aaronpk you can at least use it to (manually) validate that your implementation matches