#dev 2023-09-16

2023-09-16 UTC
[tw2113], superkuh, [catgirlinspace], oxtyped, ajr and btrem joined the channel
#
capjamesg
angelo I have been working on the private chat code.
#
capjamesg
I just realized that the system we described works but E2E encryption is probably needed.
#
capjamesg
If a server gets compromised, all of the messages would be in plain text.
#
capjamesg
I have _no idea_ how we'd implement that.
#
capjamesg
There would need to be some way of clients having a local private key. Can you store that in web browsers?
#
capjamesg
The system I have uses TicketAuth for authentication, WebSub for content distribution, and microformats feeds for publishing.
#
capjamesg
Communications are protected over HTTPS but that doesn't solve for the "my server was compromised" and similar thread vectors.
#
c​apjamesg
Have we discussed E2E encryption for storing private posts?
#
c​apjamesg
And indeed exchanging private posts.
#
c​apjamesg
Also doing this over WebSub means you have to trust your endpoint because it is going to have a lot of metadata.
#
[tantek]
aaronpk, capjamesg, note that link relations only or primarily used within the context of HTML. e.g. <a href rel> or <link rel> only need to be registered in the microformats link registry as noted and linked to in the HTML specification
#
[tantek]
IANA is only needed if you're using HTTP LINK headers (which for example Webmention allows / encourages)
#
[tantek]
No one uses or consumes rel=me via HTTP LINK headers AFAIK so no reason to bother except maybh to point such an IANA registration to the microformats link registry entry for rel=me and note you're reserving it for future use if there is evidence of use of HTTP LINK headers for rel=me
#
[tantek]
On another topic, came across this tweet which so succinctly captures why I dislike depending on so many popular webdev tools/libs etc out there: https://twitter.com/mountain_ghosts/status/1701288333035405369
#
c​apjamesg
This post is interesting on the topic of IANA: https://www.ietf.org/blog/iana/
#
c​apjamesg
Specifically the part starting at "the US Department of Commerce awarded ICANN a contract to perform the IANA function. That contract still exists, but it is important to understand the role that the Internet community has taken on in running the system..."
#
[tantek]
A little abstract but yeah
#
[tantek]
Back on a more specific topic, whether Microsub should be standardized or not, 2-3 questions really:
#
[tantek]
1 are there multiple seemingly interoperable implementations? (2+ clients and 2+ servers)? If so, documented where?
#
[tantek]
2 is Microsub actually solving the problem which motivated creating it?
#
[tantek]
If those two are true, then that's plenty of reason & evidence it should be standardized
#
[tantek]
Including as part of that work (in a WG) of creating tests and a test suite to confirm that what the spec says is what implementations do, and if not, change one or the other
#
c​apjamesg
I have implemented a Microsub client and server according to the draft spec.
#
c​apjamesg
Or rather I can defer to https://indieweb.org/Microsub 😄
#
c​apjamesg
On #2, I believe so. From the draft spec on the wiki:
#
IWDiscord
<c​apjamesg#0>
#
c​apjamesg
> The Microsub specification provides a standardized way for clients to consume and interact with feeds collected by a server.
#
IWDiscord
<c​apjamesg#0>
#
c​apjamesg
By my experience using Microsub, this has been satisfied.
gRegorLove_, [jamietanna], rrix, gRegorLove__, btrem, rocto, sp1ff and Eladio joined the channel
#
[tantek]
Capjamesg++ that's great! I think next steps need to involve moving the spec to GitHub similar to IndieAuth etc
#
Loqi
Capjamesg has 42 karma in this channel over the last year (123 in all channels)
BinarySavior joined the channel
#
[snarfed]
interesting, bluesky profile URLs have the user's profile info in open graph and twitter card metadata, eg https://bsky.app/profile/snarfed.org
#
[snarfed]
^ note the name and URL there, even though the page itself doesn't show them if you're not logged in
#
[KevinMarks]
any rel=me ?
#
[KevinMarks]
a little bit of work to add h-card to this
#
[KevinMarks]
```<div id="bsky_profile_summary">
#
[KevinMarks]
<h3>Profile</h3>
#
[KevinMarks]
<p id="bsky_display_name">Ryan</p>
#
[KevinMarks]
<p id="bsky_did">did:plc:fdme4gb7mu7zrie7peay7tst</p>
#
[KevinMarks]
<p id="bsky_profile_description">https://snarfed.org</p>
#
[KevinMarks]
</div>```
cambridgeport90 joined the channel
#
Loqi
[preview] [Boris Mann] Testing how links to posts from different flavours of ActivityPub servers work in mobile apps with @feditipsThe “good” experience is that apps check to see if the link is an AP post, and slides it open in app if it is.When it opens in app, users ...
#
cambridgeport90
That's actually kind of cool