#dev 2024-09-04

2024-09-04 UTC
#
[tantek]
[snarfed] custom webfinger setup definitely seems like a deep #indieweb-dev thing
#
[snarfed]
agreed! thanks for the nudge
#
[tantek]
I have this problem now where any time I'm writing any kind of semi-structured plain text, I can't help but think about "how will my markdown replacement process this semi-structuring" and how should it or how should I write my semi-structured plain text so the thing I'm building will eventually "do the right thing" with it
#
[tantek]
Which probably means I'm thinking too hard about it, because if it's properly designed (backcompat, forgiving, low/no surprises), the I shouldn't have to think in advance
#
[schmarty]
Ooh this speaks to me for making reusable bits of browser UI (e.g. for Micropub clients)
#
Loqi
[preview] Portable Server Rendered Web Components with Enhance SSR
#
[tantek]
I can't helped but cringe every time I see SSR or even "Server Rendered"
#
[tantek]
[snarfed] check the two most recent logs if you can (I get "No log found!" when I click on the links) for the two most recent posts here: https://fed.brid.gy/web/tantek.com
#
[tantek]
The latest one got delivered and is shown in Mastodon servers e.g. https://w3c.social/@tantek.com@tantek.com and mentions "Kevin Marks"
#
Loqi
[preview] Tantek Çelik
#
[tantek]
whereas the penultimate one got delivered and is NOT shown in Mastodon servers (same e.g.) and mentions @-KevinMarks-.-com (without the "-"s) which is auto-linked to:
#
[tantek]
with this markup
#
[tantek]
```<a class="auto-link" href="https://KevinMarks.com">@KevinMarks.com</a>```
#
[tantek]
^ so there is something about the AS2 that Bridgy Fed is generating from that HTML that is causing Mastodon to choke
#
[tantek]
[snarfed] I'm going to leave my recent posts as-is and take a break from posting until you've had a chance to take a look at the logs etc. and see what you can discern from how Bridgy Fed converts that markup ^ to AS2 to see if there's a bug to file with Mastodon, and/or a workaround to put into Bridgy Fed so we can use @-domain mentions in our posts without Mastodon dropping them on the floor.
#
[tantek]
Maybe related to recent Bridgy Fed improvements to send @-mention notifications?
#
[tantek]
"recent" - heh since this has been going on since early this year
#
Loqi
[preview] [snarfed] #760 Relax AP mention req't that text is full handle
#
[schmarty]
tantek: I agree in general. But I've been thinking about 11ty's webc and other ways to combine markup, styles, and behavior. The thing I like about this enhance-ssr-php thing is that it lets you use components as HTML custom elements and you define them in single files. It injects the markup, dedupes and scopes styles, and any frontend js is handled by defining the custom element.
#
[tantek]
that sounds like potentially useful and maintainable modularity. I will defer judgment
#
[snarfed]
awesome sleuthing [tantek]! you did indeed narrow it down massively
#
[0x3b0b]
Point of additional reference for [tantek] and [snarfed] : Tantek's profile as viewed on my site also jumps from 2024/246/t1 (Adventures in...Bridging) to 2024/238/t1 (All setup here at IndieWebCamp Portland), too. There have been a few things y'all have debugged that affected Mastodon and some other implementations but _not_ Microblogpub, but this doesn't seem to be one of them.
#
[snarfed]
looks like the issue is indeed the https://kevinmarks.com link. his site doesn't serve SSL, so when BF tries to fetch that URL, it waits for 15s and then times out
#
[snarfed]
it also tries to do that when a fediverse instance fetches the AS2 version of the post, with conneg. I'm guessing many Mastodon servers also time out at 15s or less, so they never get the AS2 post that BF serves after its own 15s cutoff
#
[snarfed]
[tantek] I'll work on a fix, but in the short term, I expect you can fix this on your end by linking to either http://kevinmarks.com/ (no https) or https://www.kevinmarks.com/ , since both of those serve ok
#
[0x3b0b]
I might look through my logs tomorrow to see if I can find when/if the activity came in and what exactly mbp did, for curiosity's sake if nothing else. Or I might put that in a later might-do list and spend some time trying to 3d print a gaming miniature. Neither one before bed though.
thegreekgeek joined the channel
#
[tantek]
oh wow that is so weird
#
[tantek]
ok [KevinMarks] I am not linking to your .com any more with https until you get that working
#
[tantek]
not going to @-www.kevinmarks.(com)
#
[tantek]
[snarfed] this implies that if a post of mine links to anything that takes 15s or longer to respond, my post may not show up in Mastodon
#
aaronpk
That's an interesting fail
#
aaronpk
Sounds like a good bug to report in mastodon
#
[tantek]
what should Bridgy Fed be doing better here? and what should Mastodon be doing better here? I'm not sure what the right answer is tbh
#
[tantek]
such timeout based bugs are super hard because rarely are specs explicit about what should happen
#
Loqi
[preview] [renchap] #24695 Mentions of unreachable accounts can break processing remote posts
thegreekgeek_ joined the channel
#
[tantek]
hmm, going to recommend https://validator.w3.org/checklink before federating a post with Bridgy Fed
#
[tantek]
[snarfed] confirmed, the one post that Mastodon dropped on the floor but did NOT mention Kevin Marks instead had a different broken https link to a mistyping of Doctorow's pluralistic domain.
#
[tantek]
W3C link checker found both errors
#
[tantek]
Next experiment, to see if fixing that old post from June and and changing its permalink slug will get Bridgy Fed to federate it as a new post, and have it thus show up on Mastodon instances (and mention notifications!)
#
[tantek]
(instead of doing a new post now)
#
[tantek]
ok sent to Bridgy Fed, let's see what percolates in the new few minutes
#
[tantek]
since it's such an old post (from June), I'm also curious if it will show up at all in people's feed readers or Mastodon clients if they are just "following", or if it will be lost to the past
#
[snarfed]
yeah we've narrowed this down a lot but not all the way
#
[tantek]
so it did show up in Mastodon profile views, interestingly at the top, as if it was most recent, however with the explicit date still June 21st as it says in the post
#
[snarfed]
I see at least three possible root causes, if not more
#
[tantek]
I think I'm going to advise using the W3C link checker for sure, and fixing any red link errors, before pinging Bridgy Fed to federate.
#
[snarfed]
1) the timeout we mentioned
#
[tantek]
that should avoid many (most?) of the instances of this problem
#
[snarfed]
2) the bad https link is the first one in content, and Mastodon tries to generate a link preview from the first link in content
#
[tantek]
^ so that's not it because the bad https link in the "Happy" post was in the middle, not the first one in content
#
[tantek]
fixing that link made it work
#
[snarfed]
3) the AS2 includes a Mention tag for the bad link, ie {"type": "Mention", "name": "@KevinMarks.com", "href": "https://KevinMarks.com"}
#
[tantek]
that's possible yes
#
[snarfed]
ok! then 2 wasn't the cause for at least that post
#
[tantek]
phew we're getting closer
bret, gRegorLove_, [mattl], [mattl]2, thegreekgeek, _fluffy, AramZS, gRegorLove__, cuibonobo, ttybitnik and sp1ff joined the channel
#
[tantek]
Well the link checker tip was popular at least. Need to build that into authoring tools
gRegorLove_ joined the channel
#
[jacky]
I forget who it was that had linked an example of them handling or wrangling MF2 properties from SQL
#
[jacky]
something where one could find which page had a particular property by doing some sort of query
#
[jacky]
I imagine it involved putting the parsed MF2 _into_ the database and doing some 'mf2' ->> 'your.thing.here' kind of work
#
[jacky]
I _think_ it was [cweiske]?
gRegorLove__ and doesnm joined the channel
#
pcarrier
doesnm: by tilde you mean https://tilde.club/ ?
#
doesnm
tidle-like server. I'm using https://psf.lt
#
pcarrier
doesnm: I guess you'll have to confirm it supports BYOD (Bring Your Own Domain)?
#
doesnm
it give nickname.p.psf.lt and *-nickname
#
[jacky]
could you put that behind a cname?
#
doesnm
tried. Gives 404
#
[jacky]
that sucks 😞
#
pcarrier
(sorry if y'all already know this) CNAME operates at the DNS level, to determine which machine to contact for the name. then the machine needs to know which certificate to use for HTTPS (TLS-NI), and which content to serve for HTTP (often referred to as virtual hosts).
#
doesnm
indieauth has problems with email?
#
pcarrier
doesnm: nope, just went through an indielogin.com email flow to confirm
#
doesnm
im tried use email challenge. Didnt receive code
#
aaronpk
check your spam folder?
#
doesnm
didnt have spam system
#
pcarrier
smells like a custom mail setup. give me the address if you'd like a quick review of best practices, it's easy to get rejected by other mail systems.
#
doesnm
doesnm@0ut0f.space
#
pcarrier
your server doesn't have the "right" PTR record
#
pcarrier
and it doesn't send a greeting when I connect to it over SMTP
#
doesnm
lol, who changed ptr to this
#
pcarrier
might want to talk to your ISP / double check your firewall for DROP rules?
#
pcarrier
(PTR is more important for sending than receiving)
#
doesnm
greeting should be showing
#
pcarrier
yup got it
#
doesnm
setting to subdomain or domain? i forgot
jimw joined the channel
#
doesnm
has anyone implemented ssh signatures auth?
[aciccarello] joined the channel
#
pcarrier
doesnm: what do you mean exactly? having to sign something, eg with the SSH agent, or getting a URL by SSHing somewhere?
#
pcarrier
doesnm: srv.us is built on SSH :)
#
doesnm
pcarrier: indieauth.com has gpg auth
#
doesnm
what about like this but ssh?
#
pcarrier
could do for sure
#
pcarrier
I think gpg is broken BTW
#
sebbu
i remember it being possible to convert *some* ssh key to gpg
#
sebbu
using monkeysphere (abandonned project)
#
pcarrier
I converted SSH keys to SSL certificates, worked great
#
doesnm
pcarrier: btw sumular service (serveo.net) closed due phishing
#
pcarrier
doesnm: well, I have 76 connections right this second and AFAICT no phishing problems
#
pcarrier
doesnm: we shall see what happens…
#
doesnm
i mean it used for phishing. Do you get abuse reports?
#
pcarrier
not once yet
#
sebbu
ssl ? x509 ?
#
Loqi
[preview] [pcarrier] identify: Generate vCards and SSL certificates for LDAP accounts (unmaintained)
#
sebbu
interesting, if that project got updated i could see it being promoted to use with https://github.com/yrutschle/sslh ;)
#
Loqi
[preview] [yrutschle] sslh: Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
#
sebbu
i'm not sure if L3 filtering / QoS can detect which (public) key is used for ssl/tls
#
[schmarty]
for PHP folks that use GuzzleHttp (or even curl directly, I guess), do you have a wrapper or pattern that you like for ensuring that you don't make unexpected requests to localhost or other not-generally-routable-but-maybe-on-your-local-network IPs?
#
pcarrier
[schmarty]: what I've done in the past is use an unprivileged proxy
#
gRegor
[schmarty], In ProcessWire plugin I have an isClientIdValid method which checks that in part: https://github.com/gRegorLove/ProcessWire-IndieAuth/blob/main/src/IndieAuth/Server.php#L119
#
gRegor
doesn't use Guzzle for the requests, but PW's built-in methods
#
[schmarty]
thanks, gRegor! does that mean your PW IndieAuth server will fetch a client ID of `http://127.0.0.1`? 😅
#
[schmarty]
pcarrier: sounds reasonable, but requires running an extra service?
#
pcarrier
[schmarty]: yup
#
gRegor
I think so, isn't that what the spec says?
#
[schmarty]
gRegor the spec says a server must not fetch a client_id with host 127.0.0.1 (or ::1) https://indieauth.spec.indieweb.org/#client-information-discovery
#
[schmarty]
allow it as client_id, but don't attempt to fetch metadata from it.
#
gRegor
Aha. Welp.
#
[schmarty]
cuz you'll be fetchin' from your own server!!
#
gRegor
Right. I'd missed that part of 4.2 somehow
#
[sebbu]
[snarfed] [tantek] for webfinger, it's also used by openid, gnu social, dispora, mastodon, owncloud/nextcloud, and a few others
rozenglass, Virtual and JadedBlueEyes joined the channel
#
[snarfed]
openid uses webfinger?! cc [aaronpk]?
#
[snarfed]
[sebbu] I'm definitely familiar with the extended fediverse (eg including diaspora) usage. I guess I meant more, what other things do you specifically want to do with webfinger on your own server?
#
[sebbu]
i'm planning for the future !
#
[sebbu]
premature optimization and all that 😄
#
[snarfed]
I'd love to see someone self host their webfinger and still use BF to bridge their site. feel free to try!
#
aaronpk
there is an openid connect discovery spec that uses webfinger: https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery
#
aaronpk
I don't know how widely supported this actually is in practice
[Joe_Crawford] joined the channel
#
ptramo
[marksuth] seeing markup in my feed reader for your feeds
[marksuth] joined the channel
#
[marksuth]
hmm, someone mentioned the same thing at HWC this evening, I’ll do some poking
#
[tantek]
ptramo RSS or Atom?
#
ptramo
RSS
#
ptramo
well
#
[tantek]
ah yes with the ambiguous HTML escaping rules. yay!
#
Loqi
giggles
#
ptramo
miniflux shows 3 feeds when adding your domain, "Posts", "Photos", and "Stream". the purpose of the last one isn't super clear
#
aaronpk
gives Loqi an unescaped <
#
Loqi
steps on the unescaped <
#
ptramo
Just realized it's not obvious at all… ptramo=pcarrier=π, just depends on which platform I'm using and which platform you're using.
#
[tantek]
you can fix that in /chat-names !
#
pcarrier
I think I fixed it by making my discord handle my usual nickname
#
pcarrier
who needs pseudonymity in the gaming community
#
[marksuth]
I have either now fixed my feed issue or broken it in a different way, from checking in a couple of clients I think it's sorted
#
pcarrier
[marksuth]: also is your feed unbounded? All the history there, not just the last N entries?
#
[marksuth]
it should everything in there as I don't set a limit on it
#
pcarrier
Yeah that's a bit wild
#
pcarrier
Downloading a copy of your whole website on every refresh feels suboptimal :)
ttybitnik joined the channel
#
pcarrier
Happy to report your markup is now interpreted as markup in my miniflux
#
[marksuth]
out of interest, how much post history do folk have in their site's rss feed, cos I can easily set a limit
#
[mattl]2
10 posts is standard for WordPress.
#
pcarrier
I put 10
#
aaronpk
always the contrarian
#
[tantek]
what? I'm a programmer, power of 2 is the norm
#
[marksuth]
13 it is
#
[tantek]
31 on my home page h-feed tho
[benatwork] joined the channel
#
aaronpk
off by one, another programmer classic
#
[Joe_Crawford]
Baker's Dozen seems properly English Mark.
#
sebbu
[tantek], yeah, i also give my age in hex
#
sebbu
that makes me younger
#
pcarrier
Tbh I picked 10 because I had 11 posts when I implemented the limit
#
[tantek]
I do kinda make it vary by post type tho
#
[tantek]
like give notes maybe a 0.2 score towards the number of posts
#
gRegor
42 is the correct answer
#
pcarrier
I kinda wish it kept just enough to stay below 64kB compressed
#
pcarrier
Which is a lot of posts but also negligible overhead
#
[tantek]
is there a tool to check the size of your feed in bytes compressed?
#
pcarrier
Not that I can think of. curl should be able to do it
#
pcarrier
24759 8756 8808
#
pcarrier
> for enc in identity gzip br; curl -sHAccept-Encoding:$enc https://nothing.pcarrier.com/feed.json|LANG=C wc -c; end|xargs
#
sebbu
it's sad that br still doesn't have a signature by default
#
pcarrier
sebbu: what do you mean by signature in this context?
#
sebbu
file / libmagic