#dev 2024-01-25

2024-01-25 UTC
gRegor, [Al_Abut] and [KevinMarks]1 joined the channel
# 00:31 
[tantek] I think of <abbr> as meaning abbreviated content in general, not just "abbreviations"
# 00:31 
[tantek] maybe that's a stretch but on the web you want things to be flexible not fixed 🙂
# 01:15 
gRegor uh oh, getting invalid_grant signing into Monocle. Hope I didn't break my IndieAuth
# 01:15 
gRegor Same on IBC, I must have broken something, wee
# 01:16 
gRegor Odd, I haven't done anything with my IndieAuth plugin in a while and don't think anything changed on the server
tPoltergeist and geoffo joined the channel
# 01:49 
gRegor Odder, the JWT encoding specifies HS256 as a supported algorithm, encodes with that, but then decoding it's an UnexpectedValueException "Algorithm not allowed"
# 01:51 
btrem I can see the case for flexibility in html semantics, but I think using <abbr> for an emoji seems too far a stretch. Like I wouldn't use <abbr> for a company logo with the title for the company name.
# 01:51 
btrem And I think one must consider what happens when you leave code for several months, or years, and come back. I think *I'd* be confused by seeing <abbr> tags around an emoji. Which means fixing or changing something is just a bit harder. YMMV and all that.
# 01:57 
[tantek] right, so clearly I should write a blog post about how & why to semantically use abbr tags with emojis so if/when someone comes across such code they can websearch for abbr and emoji and discover a blog post explaining it
[tw2113] joined the channel
# 02:19 
gRegor Ack, I think this might be dependency issues, two plugins loading diff versions of the JWT lib
# 02:19 
gRegor Not sure why it just surfaced now though
# 02:20 
gRegor Found out because the error message I was getting wasn't in the current version of the lib, but an older one.
# 02:36 
aaronpk Yikes
geoffo and [tantek] joined the channel
# 03:16 
[tantek] Dllhell--
# 03:16 
Loqi Dllhell has -1 karma over the last year
# 03:21 
[snarfed] [tantek]++ for the graybeard deep cut
# 03:21 
Loqi [tantek] has 31 karma in this channel over the last year (100 in all channels)
jan6 joined the channel
# 03:41 
gRegor lol
# 04:33 
aaronpk lol
[aciccarello], [snarfed], [tw2113], IWSlackGateway, [tantek], geoffo, Guest6, tnbd, rocto, yewscion, barnaby and CRISPR joined the channel
# 16:24 
[tantek] [snarfed] you might find this interesting as it could relate to Bridgy, decentralized moderation, open source impacts on moderation: https://techcrunch.com/2024/01/24/bluesky-ceo-confronts-content-moderation-in-the-fediverse/
[snarfed] joined the channel
# 16:25 
[snarfed] will look!
# 16:25 
[snarfed] all three of them are great
[manton] joined the channel
# 16:33 
[manton] I don’t think it’s linked in the article, but here’s the full video for that session too. https://vimeo.com/906085927
gRegor and jacky joined the channel
# 18:22 
jacky There's been some chatter about BlackSky (lol, there's always a name) about that
# 18:22 
jacky like the speed at which it was handled was great but seemed to come at a cost (having to go through it many times)
# 18:22 
jacky I guess that's the learning curve but one of the founders of Dreamwidth has been giving them guides on there (for free! lol)
# 18:23 
jacky :shrug:
CRISPR joined the channel
# 18:28 
[tantek] Looking forward to the launch of DarkSky, a distributed social network for chatting about the weather
[campegg] joined the channel
# 18:30 
[tantek] but yes Jacky, agreed, it needs better handling. e.g. I saw this article https://techcrunch.com/2023/07/17/bluesky-racial-slurs-banned-list-usernames/
# 18:30 
jacky oh god
# 18:31 
jacky I remember watching this happen
# 18:31 
jacky and tbh that kept me away from BlueSky for a bit (despite following a lot of people, it felt like I was seeing the same thing - which was this for a while)
# 18:31 
jacky engagement-algorithms--
# 18:31 
Loqi engagement-algorithms has -1 karma over the last year
# 18:35 
jacky w.r.t IndieAuth (namely https://indieauth.spec.indieweb.org/#indieauth-server-metadata), I'm thinking through how much of this should be adjustable by clients
# 18:36 
jacky Like (and this might be extra) if a user exposed such an endpoint, would it make sense to adjust the scopes available?
# 18:37 
jacky is considering this to make scope definition something that can be documented without having to hardcode too much of it
# 18:37 
jacky but I don't want to make a "scope registry" lol
# 18:37 
aaronpk scopes are defined by specs like micropub and microsub
# 18:38 
jacky ah ok
# 18:39 
sknebel what do you mean by "adjustable by clients"? (i.e. if I read "clients" as "apps" it doesnt quite make sense to me, why would apps be allowed to adjust anything?)
# 18:39 
aaronpk that too
# 18:40 
jacky ah my fault
# 18:40 
jacky I meant adjustable by users/sites (like ideally humans with a site or some site operating on behalf of a person)
# 18:40 
aaronpk scopes need to be understood by both clients and servers, so you can't really have individual users make them up
# 18:41 
aaronpk but
# 18:41 
aaronpk that's not the same as allowing a user to have their own policies of what apps can do when they authorize them, it just doesn't necessarily need to be scope
# 18:41 
jacky hm okay tbh
# 18:41 
jacky I think the mention of scopes being defined by specs help reorganize some thoughts
# 18:41 
aaronpk for example, in my consent screen, I can select which channels a post will appear on when I log in to a client. I can also force a client's posts to be private or draft first
# 18:42 
sknebel and for the scopes some of it I'd expect to happen "somehow" through the integration between the servers and the indieauth code. E.g. whatever configures your micropub endpoint to be connected to your indieauth endpoint also teaches your indieauth endpoint about the micropub scopes? if you want ot generalize that?
# 18:43 
[tantek] btw speaking of IndieAuth and that Bluesky usernames article, should we provide advice/guidance for IndieAuth consuming sites and use of harassing/abusive terms in domain names? should we be worried (defending against) this for the IndieWeb wiki *before* it becomes a problem? (perhaps that's a #indieweb-meta thread fork)
# 18:43 
sknebel (i.e. not just have it hardcoded in the indieauth endpoint "these are all the protocols and scopes that exist" - which might very well be easier)
# 18:43 
jacky sknebel: yes - the generalization is what I'm looking for (and probably over-optimizing for, lol)
# 18:44 
jacky [tantek]: hmm I could see that in the case of a post that marks itself to have been posted using such a client
# 18:44 
sknebel jacky: yeah, I think that bit is in the undefined space of "server and auth endpoint know about each other and how to talk", and if you wanted to make it pluggable that would be the place to add it
# 18:44 
jacky but I'd imagine if someone is intentionally signing into an app with [redacted-slur-here].me then they're choosing to do so
# 18:45 
jacky _unless_ you mean the other way, [tantek], of IndieAuth apps that are taking in domain names
# 18:48 
[tantek] yes exactly I mean the other way
# 18:48 
[tantek] IndieAuth consuming apps, like the IndieWeb wiki
# 18:48 
[tantek] I don't want to see "New Community Members" in the newsletter listing a racial slur
# 18:49 
jacky hmm tbh this is worth being on here b/c it'd be something for any IndieAuth client app
# 18:49 
[tantek] precisely
# 18:49 
jacky I imagine most can do some checking of them against a known list (could link to some on the /IndieAuth page or maybe something about moderation)
# 18:50 
[tantek] and it's worth prototyping some sort of mitigation ASAP on the IndieWeb wiki and using the experience from that to document guidance for IndieAuth client apps in general
# 18:50 
[tantek] yes, some draft guidance on /IndieAuth would be good too, linking to a known list (like whatever BlueSky checked into their OSS repo for example as a start)
# 18:51 
[tantek] ugh realizing this is also an attack vector for displaying received webmentions
# 18:52 
[tantek] even if all you do is show a hyperlinked facepile for likes/reposts, having links on your posts to racist slur domains is highly undesirable
# 18:53 
sknebel is it significantly different than moderating for content? in both cases, you'd block the user
# 18:53 
[tantek] GWG, have you thought about this potential attack for the WordPress Webmention plugin?
# 18:53 
GWG Need to scroll up
# 18:53 
[tantek] yes it is different because I don't think facepiles are moderated. there's a presumption that displaying a domain name is "ok"
# 18:54 
sknebel I guess its a point that if you use a wordlist etc to flag suspicious input you should include all incoming data, not just content
# 18:54 
GWG [tantek]: WordPress has a moderation wordlist you can add to already
# 18:54 
[tantek] GWG, short version, if someone with (anti-semitic-phrase).me "liked" one of your posts and their domain showed up as a link on your post, how would you deal with it?
# 18:54 
[tantek] does the moderation word list apply to domain names of respondents though?
# 18:55 
[tantek] sknebel it is different than moderation because it is blocking. as in, you never want to even have to go through a moderation queue of such garbage.
# 18:57 
sknebel okay, but still applies then to content and identities, right?
# 19:00 
GWG [tantek]: I don't think it does, which is an enhancement. I mentioned I want to look at how we could enhance the built in stuff as opposed to replace it, because that causes conflicts. IndieAuth, for example, is already conflicting with other login plugins much as I tried to avoid it
gRegor, shoesNsocks, jacky and gRegorLove_ joined the channel
# 19:52 
[KevinMarks] https://developer.apple.com/support/alternative-browser-engines/
gxt and [aciccarello] joined the channel
# 20:12 
Soni so this channel pulls posts from like twitter and fedi every now and then yeah?
# 20:12 
aaronpk no, that's in #indieweb-stream
# 20:12 
aaronpk and not twitter anymore
# 20:14 
Soni alright. how do you set one of those up?
# 20:14 
Soni we kinda wanna make one for #fedilinks
# 20:16 
aaronpk you need an IRC bot in the room for starters, ideally something that has plugins or an HTTP API for sending messages into the channel
# 20:17 
Soni okay okay the IRC side is trivial, what about the uh mastodon side?
# 20:20 
aaronpk https://granary.io/url?input=rss&output=jsonfeed&url=https%3A%2F%2Fmastodon.social%2Ftags%2Findieweb.rss
# 20:20 
aaronpk or if you like parsing RSS https://mastodon.social/tags/indieweb.rss
# 20:21 
aaronpk then go find a couple large instances and combine them all into one feed
# 20:26 
Soni huh
# 20:26 
Soni mastodon has feeds for tags?
# 20:27 
Soni (why's it rss tho ;-;)
yewscion, tnbd, [jeremycherfas], rrix and jonnybarnes joined the channel
# 21:29 
[KevinMarks] Because someone convinced Eugen to end the microformats feeds and use js;dr for those instead
# 21:31 
sknebel eh, fairly sure those two were never related
yewscion joined the channel
# 21:31 
sknebel but I would not be surprised if someone remembered "feeds? rss, right?", went to look up RSS and there we are (even though most people used "RSS" generically to mean RSS or Atom)
yewscion joined the channel
# 21:57 
Soni (meanwhile fedilinks is atom-only :v)
# 21:57 
Soni we've yet to see anyone support web+feed in a feed reader tho
[nsmsn] joined the channel
# 22:03 
[tantek] sknebel's hypothesis makes sense to me
# 22:18 
[KevinMarks] Mastodon was atom flavoured before when it was using OStatus
to2ds and btrem joined the channel
# 23:35 
btrem (sigh) I changed the sort order of an array of posts from reverse chronological to chronological because it seemed more intuitive. And broke a piece of data, because I was getting index 0 and I need the last index.  :-(
# 23:39 
btrem And fixing isn't quite as easy as arr.length - 1. Though that is my kludge for the moment.  :/
[0x3b0b] joined the channel