#dev 2024-01-10

2024-01-10 UTC
btrem, [0x3b0b] and geoffo joined the channel
#
[tantek]
[snarfed] I tried https://indieweb.social/@nature.com@web.brid.gy and it redirected me to https://web.brid.gy/nature.com which displayed what looks like AS2 JSON, perhaps not the most user friendly experience
#
[tantek]
I suppose I was expecting a simple looking h-feed
#
[tantek]
aaronpk re: OwnYourGram RIP
#
[tantek]
I expect there is a good chance of auto-cross-posting from IG to Threads becoming a thing and then when anyone can opt-in to syndicating out from Threads via ActivityPub...
#
[tantek]
IG -> Threads --ActivityPub--> OwnYourThreads --MicroPub--> your Micropub enabled IndieWeb server
#
[tantek]
^ as a way to eventually resurrect OwnYourGram, so don't ditch the domain just yet 🙂
#
aaronpk
hahaha
#
Loqi
rofl
#
aaronpk
loqi likes it
#
[snarfed]
[tantek] oh huh, good point, that should redirect to http://nature.com itself. that's how it works for traditional mf2-based BF profile URLs like that when you're logged out of the Mastodon instance. thx for the nudge, will look
#
[snarfed]
(https://indieweb.social/@nature.com@web.brid.gy shows the profile inside Mastodon when you're logged in)
#
[tantek]
I blame webfinger--
#
Loqi
webfinger has -6 karma in this channel over the last year (-8 in all channels)
#
[snarfed]
lol nah webfinger isn't involved, it's more of a Mastodon logged in vs logged out difference thing, plus maybe BF's fault for not including the url field
#
[snarfed]
but I get what you mean about handles at least
#
[snarfed]
on an unrelated note, I've been thinking about de-duping bridged accounts from different bridges, eg https://indieweb.social/@tantek.com@tantek.com vs https://rss-parrot.net/web/feeds/tantek.com
t0nic joined the channel
#
[snarfed]
the simplest proposal I could think of would be, a web site can link to its preferred/official bridged account with a <link rel=me type=application/ld+json> (or application/activity+json) on its home page. if other bridges see that rel-me link, they'd then stop bridging that web site
#
[snarfed]
thoughts?
#
[tantek]
I think this is already a solved problem due to the method of getting a verified checkmark on Mastodon
#
[tantek]
i.e. if you're logged into indieweb.social, you should see a green checkmark next to "http://tantek.com" when you visit that indieweb social link above to my @-@.
#
Loqi
[preview] Tantek Çelik
#
[tantek]
that is due to this in my home page source: <link rel="me" href="https://fed.brid.gy/r/https://tantek.com/"/>
#
[tantek]
that should be sufficient to indicate my preferred bridge. if a consuming bridge needs to conneg for application/activity+json etc., that should be up to them, not me to pollute my code with
#
[tantek]
another way to put it: I already have a link rel="me" to a bridge for an existing use-case, don't make me add a second link rel="me"
#
[tantek]
screenshot of green checkmark thanks to gRegor: https://indieweb.org/Bridgy_Fed#gRegor_verification
#
gRegor
[snarfed], Does the new domain@web.brid.gy search only work if signed in? I don't get any results searching for @gregorlove.com@web.brid.gy
#
[snarfed]
yeah Mastodon search only does actual remote lookup if you're logged into that Mastodon instance
#
[snarfed]
[tantek] right! the catch is that those existing rel-me links don't currently indicate which network they're for, if any. ie if you're a bridge, and you fetch a homepage and see a bunch of rel-me links, you don't necessarily know if any of them are for the fediverse
#
[snarfed]
so incuding type=application/ld+json or typeapplication/activity+json in the rel-me link would indicate that
#
gRegor
Makes sense. So if someone searches that, they'll still end up getting my curated feed, right? The ones I federate by sending a wm.
#
[tantek]
[snarfed] type attribute is a mismatch for indicating a bridge semantic. Much better would be rel=bridge and since rel is space separated, we can do rel="me bridge" on such links and should be sufficient for your de-dupe use case
#
[snarfed]
sure, that works too
#
[snarfed]
well, kind of
#
[snarfed]
type is useful since it indicates _which network_ the bridge is for
#
[tantek]
Type of network is unnecessary for de-duping
#
[tantek]
So I'd ask useful for what use-case?
#
[snarfed]
so when there are multiple bridges for a given network, and they want to de-dupe, like I mentioned. the web site indicates which bridge for that network it uses, somehow. the other bridges need to be able to fetch the web site's home page, determine that they _aren't_ its preferred bridge for that network, and stop bridging that site
#
[tantek]
Only the preferred bridge gets a rel-me link anyway right?
#
[snarfed]
right. but ideally bridges would be able to look at a site's rel-me links and determine whether _any_ of them is a bridge for a given network, without (conneg) fetching them all
#
[snarfed]
not to mention, conneg works for the fediverse, but might not for other networks
#
[snarfed]
eg nostr
#
[tantek]
You don't need conneg for that
#
[tantek]
If a bridge is looking, it just needs to look for links to itself, either not find any (this not preferred), or not find any with rel=me, again, not preferred
#
[snarfed]
right, but it needs to know if the site _has chosen_ a preferred bridge or not
#
[snarfed]
if there are rel-me links but none are to a bridge, it can continue bridging
#
[snarfed]
if a rel-me link is to a bridge for the given network, only then would other bridges stop bridging
#
[tantek]
Yes absence of an explicit rel=bridge means it can keep bridging. But if there is one, and that bridge is not it, then don't
#
[snarfed]
right, that brings us back to my question of _which network_ earlier. there may be multiple bridges for different networks. so if you're a bluesky bridge, rel=bridge doesn't tell you if that bridge is for bluesky or the fediverse or something else
#
[tantek]
Maybe it doesn't matter? If the site has opted into a bridge but not yours, maybe better to not bridge and wait for them to opt in
#
[snarfed]
that doesn't clearly follow to me
#
[tantek]
That feels more polite to sites which have clearly taken a step to opt into at least one bridge
#
[snarfed]
esp for smaller networks like Nostr that many web sites may not even know exist
#
[snarfed]
it seems like an unpleasant surprise. say your site is currently getting bridged into multiple other networks, and people are happily following you on those, but as soon as you bless one bridge to one network, suddenly all of your followers in all other networks are cut off
#
[tantek]
I’m also a little reticent about auto-bridging sites into networks that sites may not know about, especially if there's a chance of undesired webmentions from another source like that
#
[snarfed]
yeah opt in vs opt out in general is a fair question, but I think mostly separate from this
#
[snarfed]
I definitely see the arguments on both sides. but it makes less sense to me to say, bridging is opt out, but as soon as you bless one bridge/network, it's suddenly opt in
#
[tantek]
Not that separate. There a big difference in a site has made no choice (legacy, or corp) and a site has made at least one bridging choice
#
[snarfed]
yeah. I need to write a post for this. it's pretty tied into evanp's big fedi, small fedi dichotomy
#
[snarfed]
if you think of other networks as others, ie othering, then yes
#
[snarfed]
but if you think of other networks as just broader federation, like these networks already do, then no
#
[tantek]
With some discussion yeah
#
[tantek]
I’m hesitant because of enabling/amplifying pile-ons onto small indieweb sites
#
[snarfed]
yeah, but the tradeoff is that you effectively lose the functionality of bridges
#
[snarfed]
since only a tiny fraction of people on any network will ever opt in
#
[tantek]
Not really. That's not the condition I stated
#
[snarfed]
and for any given person, the overlap between that fraction and the people they actually want to follow or interact with will be miniscule
#
[snarfed]
oh I know, I'm talking about opt out vs in in general, not your rel-me bridge ratchet
#
[tantek]
There's majority with no makeup = auto bridge, there's tiny fraction with opt into one bridge = no auto bridging into others
#
[tantek]
no markup*
#
[snarfed]
right. I'm speaking to your "reticent about auto-bridging sites into networks that sites may not know about" earlier
#
[0x3b0b]
I think part of what's coloring my reaction to this conversation is that there are exactly two contexts in which I have previously come across the concept of a bridge that the _party being bridged_ doesn't know about and endorse. One of them is when I wish I could follow someone's Twitter account as an activitypub actor instead. The other is when I get signal boosts from people I follow of other people ranting indignantly about how such-and-such...
#
[tantek]
Remember how there was the concerns about abuse if all Threads accounts were auto-syndicate out to AP? That's what I’m talking about
#
[0x3b0b]
... bridge of their Twitter posts as an Activitypub feed is NOT them, is NOT endorsed, is IMPERSONATING them, and everybody get the torches and pitchforks. So the idea of a bridge that _you didn't set up_, but that is polite enough to notice you set one up for yourself and stop bridging you, took me a minute to wrap my head around.
#
[snarfed]
yeah Threads is a perfect example. there were those concerns, and yet we don't have those concerns about other fediverse instances
#
[tantek]
Yeah enabling impersonators is another concern
#
[snarfed]
pretty much all fediverse instances do opt-out federation, ie blocklist-based, not opt-in allowlist-based
#
[tantek]
Because the fedi instances that suffered shut down
#
[tantek]
We DO have those concerns about past fedi instances that were abused by other fedi instances due to this
#
[snarfed]
I think "impersonation" is overstating it. bridges are only posting things that person themself posted
#
[tantek]
Look at any fedi instance that is/was primarily a marginalized set of folks
#
[snarfed]
right. I've been talking with and working with a number of the fediverse T&S people about how to best handle and prevent these kinds of abuses and problems on a bridge
#
[snarfed]
I'm all for that!
#
[tantek]
There's a long history of instances that had to shutdown
#
[snarfed]
of course
#
[snarfed]
I just think jumping straight to allowlist/opt-in federation over bridges is a huge sledgehammer that kills most of the benefits from the start
#
[tantek]
And it is biased against those that already get more abuse
#
[tantek]
We know "big fedi" killed a lot of marginalized fedi instances. We don't need to repeat that
#
[snarfed]
I like https://privacy.thenexus.today/free-fediverses-and-consent/ as a description of this. I'm not on board with the core idea, but what I do really like is that it's at least consistent about allowlist/opt in federation in applying it _to the fediverse itself_, not just to "othered" external networks
#
[0x3b0b]
Well-behaved bridges are only posting things that person posted. I think (possibly a small) part of the reason that some people are concerned about it is that if they let it go unchecked, it could slip in illegitimate messages.
#
[snarfed]
yeah that kind of assuming malice from the start...I dunno what to say about that
#
[snarfed]
just have to build track record of trust over time
#
[tantek]
It's not assuming. We have experience and evidence of this happening
#
[snarfed]
evidence of people running general purpose bridges and then injecting fabricated posts?!
#
[tantek]
No if marginalized instances getting abused into shutting down
#
[snarfed]
oh. sure, of course. I was replying to 0x3b0b
#
[snarfed]
anyway. I've been thinking about this a lot lately, and reached out to a number of fediverse trust & safety orgs and people. those conversations have been really productive so far
#
[tantek]
I had to deal with "bridges" of bots reposting my content in a broken way to Twitter and thus making me look bad
#
[snarfed]
and I need to very loudly keep telling people that I'm doing that, and want to try to prevent abuse, help with all this, etc
#
[tantek]
Even short of impersonation we know that random bridges can be harmful
#
[tantek]
That the author did not opt into
#
[snarfed]
agreed! so I definitely need to do everything I can to help prevent that
#
[snarfed]
...but at this point I'm not quite on board with the idea that I'd have to make Bridgy Fed opt in
#
[snarfed]
since again, I think that would kill 99% of its value
#
[tantek]
There might be some middle ground where auto-BF defaults to an allow list of instance domains, and only opens full arbitrary following if the author opts in
#
[tantek]
80/20 rule, you'll easily get 80% of the value by handpicking 20% of instances that are allowed to follow
[jacky] joined the channel
#
[snarfed]
maybe. I'd really rather spend this time and effort helping with all of the native anti-abuse mechanisms on each platform, eg blocks/mutes in the fediverse and vouch in the indieweb, since those all automatically work with BF too
#
[tantek]
Or managing an allow list rather than making authors review and block ugly instances out there
#
[tantek]
That's not a task I want
#
[tantek]
Blocklist hamsterwheel
#
[snarfed]
https://github.com/snarfed/bridgy-fed/issues/711 is an example of helping empower networks' native moderation tooling to work well with BF
#
[snarfed]
(managing an instance allowlist would be just as much of a hamster wheel, maybe more so, since everyone will want to follow someone that's not on the initial allowlist)
#
[tantek]
Much less IMO if the experience of Dopplr is any indicator
#
[tantek]
Also the requirement to "ask permission" is a huge discouragement to a lot (most?) bad actors because it forces them to be vulnerable before they can attack
#
[snarfed]
there are 30k fediverse instances. I alone follow people on at least a few dozen of them, including a number of one- or few-person instances
#
[tantek]
Vulnerable to rejection
#
[snarfed]
asking permission would also suppress a huge amount of valid usage
#
[tantek]
Also true
#
[snarfed]
most people wouldn't bother
#
[tantek]
Do you have enough BF following data to use as an initial/dynamic allowlist?
#
[tantek]
Eg allowlist domains that 2+ BF users are following
#
[snarfed]
the problem is, BF currently has a small biased user base due to the .well-known redirects req't
#
[tantek]
And grow that number (2) over time as BF gets more popular. Probably some log value
#
[tantek]
Yeah we need to solve the well known redirects problem.
#
[snarfed]
I think I did today, right?
#
[tantek]
I led a discussion on that at IWC SD
#
[snarfed]
oh, you mean apart from BF
#
[snarfed]
I get the allowlist proposal, and I definitely see how it prevents abuse. I think we're just prioritizing different sides of the prevent abuse vs prevent valid usage tradeoff, and maybe also in our estimations of how big each side is
#
[snarfed]
which is ok
#
[tantek]
I mean so we can pitch implementers to try something for discovery based on FYND before (or at least after) they try well known discovery
#
[snarfed]
back to the https://indieweb.social/@nature.com@web.brid.gy redirect problem, I don't understand what Mastodon is doing
#
[snarfed]
it redirects that URL (when you're logged out) to https://web.brid.gy/nature.com
#
[snarfed]
but the AP actor BF serves is basically the same as the one for https://indieweb.social/@snarfed.org@snarfed.org , which Mastodon correctly redirects to https://fed.brid.gy/r/https://snarfed.org/ (note the /r/)
#
Loqi
[preview] Ryan Barrett
#
[snarfed]
BF's AP actor object for http://nature.com correctly has `"url" : "https://web.brid.gy/r/https://www.nature.com"` , with the /r/
#
[0x3b0b]
snarfed++ It seems to me that you are being wise and prudent in your proactive efforts to ensure that BF is a well-behaved instance of the things that it bridges, and it is thus unlikely to draw any more ire than any other instance, with the _small_ possible exception of some people not liking the idea that it makes it easier for their signal to be boosted beyond the boundaries they expected. But since in that case BF is probably _better_ behaved...
#
[0x3b0b]
... than the alternative...I don't think that's much of a worry.
#
[snarfed]
thanks for the vote of confidence 0x3b0b!
#
[snarfed]
ok, that ^ redirect issue looks oddly specific to indieweb.social. looking at a couple other instances, http://mas.to and mastodon.art, they don't have the same problem
#
[snarfed]
nor mastodon.social
#
[0x3b0b]
So could be an odd configuration, maybe a version difference (I didn't go look at the other servers' versions), maybe something weird in the actual webserver? ...before you commented on other instances not exhibiting the issue, I was wondering if either it might be special weird handling of the www, or something implicitly requiring the trailing slash in the url property of the AP actor.
#
[0x3b0b]
fe.disroot.org doesn't seem to redirect even if you aren't logged in, and my website doesn't even have an applicable endpoint. I had to add a redirect for my site from /@0x3b0b to / because some things apparently expected to be able to construct that endpoint as my profile location instead of respecting the webfinger response, but this doesn't seem to be related to that, because there's no @. Hmm.
#
[0x3b0b]
...conclusion: yeah, seems like indiweb.social is doing something weird...
#
[0x3b0b]
oh hey, it got all late and whatnot. Good luck with the thingy.
[aciccarello], Renfield, barnaby, Xe, benji, lanodan, chenghiz_, Guest1350, sivoais, jan6, bret, sebsel, superkuh, vikanezrimaya, ancarda, alecjonathon, srushe, eb, roxwize, rjomara, capjamesg, omz13, geoffo, lazcorp, eb_, bterry, alecjonathon_, vikanezrimaya_ and lockywolf joined the channel
#
Soni
how do you write hoedown flavored markdown, given that hoedown documentation assumes you're a) already familiar with markdown (we find it a questionable design choice but it isn't too hard to find a bunch of stuff on how to markdown) and b) don't care about using any of the extensions or else it'd document how to use them y'know?
#
Soni
anyway we have no idea what footnotes are but we know hoedown allegedly supports them?
#
Soni
(then again, we're not surprised, given the the name of the project and what it derives from)
#
[tantek]
what are footnotes
#
Loqi
A footnote is a typographical convention predating the web for indicating more information is available about a word, phrase, or sentence by the use of an immediately adjacent superscript (usually a number), and the presentation of the same superscript followed by a note, often a citation, in the footer of the page, and sometimes used on the web instead of inline hyperlinks to reduce reader distraction https://indieweb.org/footnotes
#
c​apjamesg
rubenwardy It took me a few days to get around to it but I added an X-Cache-Status section to my NGINX post. Thank you!
#
c​apjamesg
rubenwardy++
#
Loqi
rubenwardy has 9 karma in this channel over the last year (12 in all channels)
petermolnar and geoffo joined the channel
#
Soni
(we're not surprised it doesn't have docs*)
#
Soni
hmm, footnotes don't seem like they're what we want...
geoffo joined the channel
#
[snarfed]
re Bridgy Fed bridging any web site now, one thing https://rss-parrot.net/ does that I like is use AS2 type Application instead of Person, so that its fediverse profiles have a big "Automated" label
#
[snarfed]
I'm not sure I want to do that for on BF users who have explicitly opted in, but maybe ones that haven't yet?
#
[snarfed]
(BF's instance actor https://indieweb.social/@fed.brid.gy@fed.brid.gy already has it, fwiw)
bterry1 joined the channel
#
[tantek]
oooh that's an interesting compromise and way to communicate if the bridge is more bot than not
#
[snarfed]
the next question, further down the road, will be whether/how to use that for users on other networks, eg Bluesky
#
[snarfed]
since BF's design for them doesn't yet have clear "opt in" steps like sending a webmention for web users
#
[snarfed]
not urgent though, can cross that bridge (ahem) when we come to it
[bjoern], barnaby, to2ds, vikanezrimaya, eb, srushe, capjamesg, alecjonathon, geoffo, ancarda, roxwize, gRegorLove_, [aciccarello], [Murray], wagle, benji- and [Joe_Crawford] joined the channel
#
[snarfed]
...a web site with a <link rel="alternate" type="application/atom+xml">, pointing to a URL with path /atom.xml, that serves Content-Type: application/xml...but the body is RSS 🤦‍♂️
#
[snarfed]
the cherry on top is that the top level element is <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">. what does that even mean?! 😆
#
[tantek]
[snarfed] that sounds like a polyglot challenge 😂
to2ds, lazcorp, benji, barnaby and [capjamesg] joined the channel
#
[capjamesg]
[Jo] How did you calculate coordinates for your image map?
#
gRegor
"best" of both worlds, rss+atom xD
#
[tantek]
capjamesg, forgot to note there are both client side (with <area> elements) image maps and server side image maps!
#
gRegor
what is image map
#
Loqi
It looks like we don't have a page for "image map" yet. Would you like to create it? (Or just say "image map is ____", a sentence describing the term)
#
[tantek]
gRegor lol, that would make a good April 1 MIME type registration "application/rss+atom+xml"
#
[tantek]
gosh that's tempting
#
[tantek]
with XML you can include multiple namespaces in the same file and processors are supposed to ignore tags they don't understand
#
[tantek]
I web searched for RSS Atom polyglot and didn't find any obvious results of someone doing this before
#
[tantek]
long time ago I built HTML+JS polyglots for the lulz (and make it so double-clicking the .js file would render it as HTML, for richly documented source code)
#
[tantek]
and obviously CASSIS is JS+PHP
#
c​apjamesg
Say more [tantek] re: image maps!
lazcorp joined the channel
#
lazcorp
[capjamessg] - some basic info about working out the coordinates in image maps at https://www.w3schools.com/html/html_images_imagemap.asp
#
lazcorp
[edit] [capjamesg] - some basic info about working out the coordinates in image maps at https://www.w3schools.com/html/html_images_imagemap.asp
#
[tantek]
nooooooo w3schools--
#
Loqi
w3schools has -1 karma over the last year
#
lazcorp
[tantek] I know, but...
#
c​apjamesg
It doesn't really say how haha.
#
[tantek]
capjamesg, server-side image maps are only really a hack/play thing any more because they aren't accessible: https://developer.mozilla.org/en-US/docs/Web/API/HTMLImageElement/isMap (but feel free to experiment)
#
[tantek]
it's how mapping sites used to work
#
[tantek]
back when we had mapping sites that worked without JS
#
c​apjamesg
I made a tool for polygon coordinate calculations at work, but it is optimized for computer vision tasks: https://roboflow.github.io/polygonzone/
#
[tantek]
lazcorp: from many years ago: https://www.w3fools.com/ 😂
#
lazcorp
[tantek] hahaha
#
Loqi
hehe
#
[tantek]
capjamesg it should also be possible to do clientside image maps using SVG layered over perhaps a scaling background image
#
[tantek]
lazcorp for the full experience you need to see their archived version: https://web.archive.org/web/20110412103745/http://w3fools.com/
#
gRegor
supposedly w3schools got better, but I still prefer mdn. https://www.w3fools.com/
#
gRegor
oops, missed the link above already haha
#
lazcorp
[capjamesg] - if you create an Image Map then I'll see if I can replicate it with CSS Shapes
#
lazcorp
(I have no idea if that's possible, but it's my favourite way to learn these things)
#
[Joe_Crawford]
(apologies for the obnoxious google ads on this page). But Server Side Image Maps still work - and work on my site whose webserver is Apache https://lab.artlung.com/server-side-image-map/
#
[Joe_Crawford]
The 4 digits server side and client side in an image may are upper left corner of the image, bottom right corner of the map. For a rectangle. But other shapes are supported as well.
lazcorp joined the channel
#
lazcorp
re. w3fools - I cannot, CANNOT, work out why anyone ever imagined this as an example of :after
#
lazcorp
h1:after { content:url(beep.wav); }
#
lazcorp
"Example: Play a sound after each occurrence of an h1 element: "
#
c​apjamesg
Oh no haha.
#
[tantek]
nope nope nope
#
gRegor
hahaha
#
gRegor
idk, could be good on an April Fools XML spec
barnaby joined the channel
#
[tantek]
for a while I think I was pondering doing this as a (semi-)formal "Atom 2.0" spec, rewritten from scratch to document actual Atom+RSS interop (like HTML5 was rewritten to document actual HTML interop)
#
[tantek]
LOL just skip the versions
#
[tantek]
I like the "2.0" nod to Web 2.0 tho
#
[tantek]
ATOM5 is a funny nerdy spelling of "atoms" also like plural more than one, like Aliens to Alien sequel
#
[snarfed]
(for anyone curious, the feed I mentioned ^ is https://nluug.nl/atom.xml )
#
[tantek]
RSS wolf in "atom.xml" clothing?
#
[tantek]
capjamesg, the image at the top of this post is a good use-case for an image map: https://ma.tt/2023/12/the-bag-post/ (though it doesn't have an image map, the unlinked numbers on each thing demonstrate an obvious need for one so you can click instead of having to scan)
#
c​apjamesg
I can’t figure out how to make the map scale.
#
[tantek]
SVG! (only half 😂 )
#
c​apjamesg
Does my image have to be a fixed size?
lazcorp joined the channel
#
lazcorp
[c​apjamesg] i _think_ that the coords need to be expressed in px (I don't think there's support for any other unit), so to be able to plot the coords you'd need a known/fixed image size
#
c​apjamesg
Oops.
#
c​apjamesg
You'll need to zoom at 50%.
#
c​apjamesg
Click on something.
#
c​apjamesg
Updated so you don't need to zoom.