#dev 2025-01-17

2025-01-17 UTC
Trez joined the channel
#
btrem carrvo[d]: yes, I know post is a prefix, from Latin for after. But unfortunately, it also means dated webpage. And it's used liberally in that latter sense not just in indieweb/mf, but also 11ty, other static site builders, etc. Bound to cause confusion imho.
#
btrem IWDiscord: (a) yes, I think it creates the "head" version of the problem as you said; and (b) footnote has its own meaning, and would be a poor choice for a block name.
#
btrem It's true: naming things *is* one of the hardest problems! :-D
#
btrem I wish front matter weren't called front matter. Because front matter can and often does contain more than front matter. It contains config options, meta info, and might even contain back matter stuff.
claudinec joined the channel
#
[tantek] I think there's a question of whether you're talking about plumbing aspects, or content aspects
#
[tantek] for naming things / pieces of the content served and viewed by readers, something like Chicago Manual of Style is a good resource for "does this thing already have a name?"
#
btrem Both, really. But probably a bit more plumbing. For the thank you notes that kicked off my thinking about this, I'm going with acknowledgements, borrowed from book publishing. I think readers will get it, and I'll know what it's for when I see it in my post.
#
btrem The post I'm writing (taking me over a month!) about microformats does not explain what microformats are, or prefix naming conventions, because that's already explained elsewhere, e.g., the mf wiki. So instead, I'm going to put links to the wiki in an appendix section.
#
btrem And /that/'s got me thinking that an appendix section might be a good thing to have in my template, like the acknowledgements, there when I need it. And that the appendix and ack are both postfact, or back matter. But neither of those terms are terribly good in my template as a parent block. Maybe I'll go with backmatter for now, and change it if I think of something better.
#
btrem ...postface, or back matter...
#
btrem I'm also struggling to get 11ty to gracefully handle content that should not go in the content block. The standard foo.md has a front matter and a content. So there's no way to specify multiple content blocks, e.g., "this is the article", "this is the appendix", etc.
#
[tantek] so far (as a placeholder?) we've used the general term "post footer" for the place for all those sorts of things, and it probably deserves its own page
#
[tantek] https://indieweb.org/posts#Footer_sections
gregsarjeant, geoffo, grufwub, gRegor, strugee and [jeremycherfas] joined the channel
#
[jeremycherfas] I like Preamble and Appendix
jeremycherfas, nemonical and [Jo] joined the channel
#
[tantek] classic terms. I like those too.
[Scout], jeremycherfas, ttybitnik and nemonical joined the channel
#
[KevinMarks] Instead of postface how about sufface? (like prefix and suffix)
#
[KevinMarks] Epilogue is another classic term
ttybitnik joined the channel
#
[Jo] just a general question and not very important, but is there anybody here who uses a webserver other than apache or nginx? just outta interest
#
Lars-Christian @[Jo] yes I use httpd on OpenBSD
#
[Jo] ah, intresting
#
Lars-Christian Here's a bit of context if you want to investigate further https://www.openbsdhandbook.com/services/webserver/basic_webserver/
#
Lars-Christian It's very simple, very barebones. Even I could set it up ^_^
#
[Jo] i looked it up! i kind of though httpd was always apache, i don't know much about webservers
#
[Jo] i use nginx
[pfefferle], GuestZero and corlaez joined the channel
#
corlaez I am obsessed with gemini lately. I honestly think there should be more of a push for gemtext in indie circles, even for https
#
corlaez all the HTML CSS (and perhaps JS) is so much complexity. I believe the simple Gemtext is a more friendly way to author. For http it would need to be parsed with some tool of sorts (probably already exists) but then you get to author in that simple text format
#
corlaez far simpler than markdown
#
corlaez I think it only has: title, list, codeblock and that's it.
#
corlaez Also, I haven't found much interactive stuff in gemini, but it is possible. I just wrote a chat gemApp. Sadly I bricked my TLS code without saving it to git, so I will have to decompile and fix my code
#
corlaez commit often peeps. don't be like me. :(
#
corlaez https://geminiprotocol.net/docs/gemtext-specification.gmi
#
corlaez you do surrender a lot of control but /meh I find it refreshing and liberating
#
corlaez you do surrender a lot of control but /meh I find it refreshing and liberating
#
corlaez you do surrender a lot of control but /meh I find it refreshing and liberating
#
corlaez gemini protocol's simplicity is also really nice. Hardest part is TLS but everything else is dead simple
#
aaronpk You can also just post plain text or simple html on the web
#
btrem [jeremycherfas]++ for preamble. Already using appendix for a visible section, but I like preamble. Preamble and postamble? :)
#
Loqi [jeremycherfas] has 2 karma in this channel over the last year (10 in all channels)
#
btrem [KevinMarks]++ for sufface and suffix. That gives me enough to work with. Thanks everyone. :)
#
Loqi [KevinMarks] has 16 karma in this channel over the last year (35 in all channels)
#
btrem re webservers, I've only used Apache because I've only used shared hosts. I've played with nginx in docker. Looks good, but no hosting company that I've used has offered it.
GuestZero joined the channel
#
[Jo] @corlaez I love gemini!! do you have a gemini capsule?
#
[Jo] also re: webservers. I knew nothing about how the web works before i made my website and the tutorial i used showed how to use nginx so im sticking with it
#
[Jo] my gemini capsule is gemini://brachycera.diptera.casa
#
btrem [Jo]: nginx is easier to set up in a docker instance than apache, imho. But I can't stick with it because the companies that host my websites don't offer it. And they don't offer it because nginx doesn't offer a way for clients to configure their sites, while Apache does, via .htaccess.
#
btrem Not that I'm complaining. I need .htaccess to configure my sites. If I were to ever move to a different hosting option -- say, vps -- I'd go with (or at least try) nginx.
#
[Jo] oh intresting
#
[Jo] i remember being on tilde servers that used this i think
#
btrem Yep, my first experience with html was on a tilde server. (I assume by tilde server you mean where the address was something like example.com/~user).
#
btrem ...at the University of Massachusetts.
#
[Jo] yes that is what i mean!
#
[Jo] ooh thats cool!!
#
btrem I wasn't even a student at the time. I had dropped out. But someone I knew, a physics professor, had two accounts, and loaned me one.
#
btrem UMass had two servers, one on a unix machine, the other on a vax machine. I still remember the addresses: www-vax.umass.edu and www-unix.umass.edu. The one he loaned me was on the vax machine. Weird that I remember that, yet I can't remember really important stuff like paying my bills on time. :-/
#
[Joe_Crawford] Earthlink was an ISP that provided hosting as part of getting an account. `http://home.earthlink.net/~artlung/` - tilde account. AOL users could sign up and got accounts too. I don't think there was a tilde though. `http://members.aol.com/artlung/` I believe.
#
[Joe_Crawford] internet archive knows about my earthlink url! but in 1998 I was already doing a redirect - probably with htaccess.
#
[tantek] This was a good critical read about challenges with Mastodon instance harassment and needs for better blocking / reporting which IMO could apply to Webmention as well https://www.tbray.org/ongoing/When/202x/2024/07/30/Invisible-Attackers
#
btrem [tantek]: I'm not on Mastodon, although I've thought about joining. More broadly, I'm not on any social media, because it all looks like sewers to me. And, half-way down that article, I've decided I'm not going to join Mastodon. At least, not for the moment.
#
carrvo[d] re: webservers when I was researching what to use Apache and Nginx seem to be the two leading choices. I mostly went with Apache because of SVN integration...but Nginx seemed to be more clear that it could handle non-HTTP protocols.
#
btrem ! non-HTTP protocols like...?
#
[Jo] does this bring us back to gemini :^p
#
carrvo[d] MySQL runs its own TCP protocol and I was hoping to expose it through a central point that could apply similar access controls...
#
[Jo] i dont actually know if it can fo gemini, i wouldnt try
#
[tantek] btrem sounds like you've made some wise and good for self-care decisions
#
carrvo[d] Basically a gateway for localhost applications that may not have enough security and may not be library-orientated.
#
btrem I don't know what self-care means, and I'm pretty sure I don't want to know. The whole social media world is foreign to me. Way too much emotion, juvenile behavior, etc.
oodani joined the channel
#
btrem I suppose this discussion of social media is probably more fit for indieweb than #dev, since it's not technical in nature.
#
carrvo[d] tantek++ very interesting article. I would be wary of counter-discrimination making its way into the article though. I would probably be considered overprivileged and have often been treated as "surely you can't be discriminated against" as a result (ironically constituting discrimination).
#
carrvo[d] [tantek]++
#
Loqi [tantek] has 30 karma in this channel over the last year (147 in all channels)
#
[tantek] Sure that can be a problem as well, and while that sort of micro aggression is a real thing (and hurts a lot over time), it's hard to compare that with the examples (content warnings) cited in the article as incredible hurtful
#
[tantek] incredibly* hurtful
#
carrvo[d] That is why it is nice talking to you! Most of the time I caution about it people dismiss it as not true! And you are right, it does dispute the seriousness of direct discrimination.
#
carrvo[d] *does not dispute. DOES NOT. Yikes, missing that word really changes the meaning.
#
[Joe_Crawford] The technical, #_dev ish_ point about federated social media having ambiguity about what "everyone" can see is well taken. If I am on an instance, and you are on a different one, the result of "just look at the replies" has good odds we will NOT see the same thing. This is not an intuitive result.
#
[tantek] And the over dev-ish aspect is a bit of a call for designing in consideration for these threat models when building new systems
#
[tantek] Like considering hateful and other harmful experiences potentially as bad as (if not worse) than say losing account access and having to do account recovery
#
[tantek] carrvo[d] I strongly believe that empathizing with others pain, no matter how "small" it may seem, builds stronger empathy for all kinds. Acknowledging / discussing one source of pain does not diminish others.
#
[tantek] other* dev-ish (not "over" dev-ish 🙈 )
#
[tantek] I’m also more and more skeptical about depending on "reactive" (nothing to do with React) features like defederste, block, report
#
[tantek] Like the need for such features is almost an admission that the defaults are wrong
#
[tantek] The only conclusion I come to, which seems quite harsh, is that the folks designing these softwares, systems, services, perhaps even standards, care more about rapidly scaling such systems, than they care about not harming people, not creating harmful experiences for people
thegreekgeek joined the channel
#
carrvo[d] With regards to webmentions, there is a critical moment where a decision is made whether to include the receiving content or not. Would we be addressing this by having a filter step that can block known malicious sites and known malicious words (similar to Loqi telling us to move the conversation) or other filters? Where else in webmentions can we inject protections?
#
[tantek] Folks like to quote Metcalfe's law, which equates scale with "value" (supposedly even for the users), and no one questions that, i.e. perhaps scaling a network increases likelihood of causing harm to users. There's no "law" for that
#
[tantek] carrvo[d], re: Webmention, I’m leaning more and more into user models of Webmention that are opt-in, not opt-out, and mitigating layers like Vouch
#
[tantek] What is Vouch
#
Loqi The Vouch protocol is an anti-spam extension to Webmention that can also be used to customize how your site accepts responses from different audiences https://indieweb.org/Vouch
#
capjamesg[d] opt-in++
#
Loqi opt-in has 1 karma over the last year
#
carrvo[d] I would agree about the design. But I would caution against "care" because I don't think it has that level of intention. Not from what I have seen. It is hard to make the mental connection between what you are doing and all the consequences it has (causing logical bugs, causing harder-to-detect discrimination).
#
[tantek] Sure it's not an explicit intention to not care. It's more like naive neglect
#
[tantek] And it's not helped by the fact that we don't have shorthand's for these problems like we do for "Metcalfe's law"
#
carrvo[d] tantek, something like Vouch is not obvious for someone beginning with webmentions (first I have come across it). And that might be part of the problem. I could have set up a service based on webmentions, gotten it working, and then focus on improvements; leaving me ignorant until things get bad enough that it overcomes natural invisibility. Exactly the "not caring", even though I do.
#
carrvo[d] It might be more empathetic to say "... folks designing ... [focus] more about rapidly scaling such systems, [and are ignorant] about not harming people, not creating harmful experiences for people"
#
carrvo[d] And you are definitely right about needing something better than blocking and reporting because historically these have been used for discrimination acts too.
#
[tantek] Yes that's my point that even the "simple" Webmention by default has this human experience flaw. Vouch still needs experimenting and experience sharing before it's something we can confidently recommend to every Webmention implementer
#
[tantek] I like your more empathetic rephrasing!
#
carrvo[d] I am glad you like my rephrasing! It takes a lot of dedication to become cautious about strong words like "caring".
jak2k joined the channel
#
[schmarty] sneezes 😂
#
Lars-Christian I finally moved my last site off Wordpress and Cloudways and onto my OpenBSD VM.
#
Lars-Christian Saves me $11 per month. Score!
ttybitnik and sebbu2 joined the channel
#
jak2k Hi, the IndieAuth specs mentioned a `<link rel"indieauth-metadata" href="...">`. Is there an example for it in the wild? (I'm creating a rust library for logging in using IndieAuth.)
#
aaronpk 👋 my site has it, but that's not going to be much help to you since only I can actually log in to my site https://aaronparecki.com
#
aaronpk i really need to work on the sample data on indieauth.rocks for this
#
carrvo[d] jak2k I recently implemented this and you can see both sides here: https://github.com/carrvo/mindie
#
carrvo[d] [edit] jak2k I recently implemented this and you can see both sides here: https://github.com/carrvo/mindie
#
carrvo[d] Look to the Profile to see what the `<link ...` looks like and to the IdP for what the document looks like on the other side of the link.
#
jasonshellen Hope this is a good place to ask about IndieAuth and MicroPub. I implemented IndieAuth (I know the name is going to be deprecated) because I wanted to try the Sparkles MicroPub client. I was using it just fine up until a few weeks ago then IndieAuth started asking for a rel=me link, which seems strange because I was using a signed PGP key prior. My few questions are:
#
jasonshellen 1. Which Indie Auth provider is recommended now?
#
jasonshellen 2. Is PGP still supported?
#
IWDiscord <j​asonshellen>
#
jasonshellen 3. If you were implementing MicroPub today what tips do you have?
#
jasonshellen I'm able to login with an email rel=me but... wasn't what i was hoping for.
#
jasonshellen https://cdn.discordapp.com/attachments/866577430886350869/1329921572873703424/Screenshot_2025-01-17_at_1.03.58_PM.png?ex=678c197b&is=678ac7fb&hm=8a8f8a5a738fc17e22ba0950f7d4d8ce8f657903129340c1615be718c241928b&
#
carrvo[d] Technically IndieAuth and RelMeAuth are separate protocols that both use your website. My best guess is that the client changed their implementation (based on it working before) but that would be strange.
#
carrvo[d] What is RelMeAuth?
#
Loqi RelMeAuth is an authentication method that uses personal URL for identity that rel-me link to established OAuth provider(s) to perform the actual authentication https://indieweb.org/RelMeAuth
#
carrvo[d] What is IndieAuth?
#
Loqi IndieAuth is a federated login protocol for Web sign-in, enabling users to use their own domain to sign in to other sites and services https://indieweb.org/IndieAuth
gRegor joined the channel
#
[tantek] jasonshellen, by "implemented IndieAuth" did you mean specifically using the http://IndieAuth.com website?
#
[tantek] (that's the only "name" that's being deprecated or renamed as it were I believe)
#
gRegor jak2k, here's my indieauth metadata endpoint: https://gregorlove.com/indieauth-metadata-endpoint/
#
gRegor Appears so, from the screenshot
#
[tantek] jasonshellen, for (1), I think the answer is IndieLogin now at least for getting started / prototyping
#
[tantek] what is IndieLogin
#
Loqi indielogin.com is a service that developers can use to log users in to a website https://indieweb.org/IndieLogin
#
jasonshellen yes, indieauth.com.
#
[tantek] got it, yes it's being renamed because of exactly the unfortunate overloading and confusion you demonstrated between implementing IndieAuth the protocol in general and implementing a relying part on the website/service
#
[tantek] party*
#
[tantek] for (2), it looks like the PGP support is (temporarily?) disabled: https://indielogin.com/setup
#
Loqi [preview] How to Set Up Your Website for IndieLogin.com
#
jasonshellen So my main question is, can I drop the rel=me and just use the pgpkey?
#
gRegor Entering aaronparecki.com on the indieauth.com "Try It" form, it finds his PGP key which has rel=pgpkey
#
gRegor rel=me shouldn't be needed on the PGP key
#
jasonshellen Wonderful, thank you.
#
gRegor I'm not sure if indieauth.com is having the same issues with PGP that indielogin.com does though; haven't used that part of either of them.
jak2k_ joined the channel
#
aaronpk i think i already ripped out the twitter code from indielogin.com, guess i should remove that from the setup docs too
#
carrvo[d] I'm in for a rough few days: I am redeploying my self-hosted server and I have gotten "kernel panic" three times...
#
jak2k Does IndieAuth.com support returning profile information? And what is the token endpoint used for, when I can verify the code using the auth endpoint?
#
aaronpk the token endpoint is for access tokens for micropub
#
aaronpk verifying the authorization code at the authorization endpoint is legacy indieauth and not recommended anymore
#
carrvo[d] The auth endpoint is likely only verifying an access code for authentication (no authorization). The token endpoint can return an access token that may either have claims embedded or can be traded for claims; that are then used for authorization. Also, the browser retrieves the access code whereas the client retrieves the access token (and relays it to the browser).
#
carrvo[d] Maybe I should clarify that on MIndie...feel free to add an issue if I forget.
#
aaronpk the client makes the request in both cases, not the browser
#
carrvo[d] Really? That was not what I traced...
#
carrvo[d] I found that the browser was redirected to the IdP who returned the access code during its redirect back to the client. Then the client swapped the access code (given by the browser during redirect) for the access token. At least with SelfAuth and MinToken.
#
aaronpk what client? if the client is a SPA then the browser would be making that request yes
#
aaronpk (also it's called an authorization code, not access code)
#
carrvo[d] I will need to update my self-documentation. The field was probably "access code" in the requests I looked at but I am happy for a better term!
#
carrvo[d] The "client" is a combo of PHP pages and mod_oauth2 (the latter serving as both a client and a resource server for itself).
#
aaronpk the parameter in the redirect is `code`, and it's called "authorization code" in the specs and docs. i'm not sure where you would have seen "access code", but if you find it somewhere, please file an issue to correct it
[aciccarello] and corlaez joined the channel
#
corlaez "You can also just post plain text or simple html on the web" - checkmated. haha
#
corlaez Yes @Jo. my capsule in Gemini has my same web domain. In fact I just made a Gemini chat
#
corlaez gemini://corlaez.com/chat
Daijo and Daijo_ joined the channel