#dev 2025-02-07

2025-02-07 UTC
Guest1235, [tw2113], progrium, [0x3b0b], grufwub, MyNetAz and gRegor joined the channel
# 05:46 
gRegor Not directly personal site related, but I'm experimenting with Cryptpad a bit after being in some communities talking about using it more. Which I'm in favor of, but concerned about the rough edges of it; I see people sharing document links that are at least read public and sometimes read/write.
# 05:47 
gRegor Anyway, the part that is kinda personal site related, you can create an account, get a profile page, and a public signing key. So I added a link to that profile page along with my "elsewhere" links: https://gregorlove.com/follow/#cryptpad
# 05:50 
gRegor I think some rough edges for a lot of people will be: no password reset possible if you lose it; usernames are *not* unique, so you have to verify the public signing key to be sure the contact is who they say they are
# 05:50 
gRegor I've heard anecdotes it doesn't work great on mobile always
# 05:52 
gRegor Interested to hear any others thoughts/experience with it
[Jo], [schmarty], [aciccarello], bugliker, gRegor, jak2k, [qubyte], Dryusdan, nemonical, ttybitnik, Guest6, MyNetAz, ben, Xe, bterry2 and Chai3 joined the channel
# 14:23 
Chailotl Does micropub.rocks not let me delete my endpoints?
# 14:50 
aaronpk I don't think I ever built a delete button
# 14:52 
Chailotl Oh! You made that service? :o
barnaby joined the channel
# 17:02 
[Joe_Crawford] A lot of folks here use eleventy and I see folks experimenting with newsletters. Scott Andrew's recent post on his integration with eleventy and buttondown is pretty interesting. https://scottandrew.com/blog/2025/01/integrating-eleventy-with-buttondown-to-create-sub/
Viv_Slakes, GuestZero and doesnm joined the channel
# 17:18 
[aciccarello] Nice! I haven't done much with edge functions but the buttondown api looks pretty good
# 17:28 
[snarfed] Buttondown also did a service-wide integration w/Bridgy!
doesnm joined the channel
# 17:41 
capjamesg[d] What is URL design?
# 17:41 
Loqi URL design is the practice of deliberately designing URLs, in particular, permalinks, typically for a better UX for everyone who creates, reads, and shares content https://indieweb.org/URL_design
# 17:42 
capjamesg[d] URL design << {{capjamesg}} documented his static asset URL design at https://jamesg.blog/2025/02/07/redesigning-the-structure-of-my-blog-images-folder/
# 17:42 
Loqi ok, I added "{{capjamesg}} documented his static asset URL design at https://jamesg.blog/2025/02/07/redesigning-the-structure-of-my-blog-images-folder/" to the "See Also" section of /URL_design https://indieweb.org/wiki/index.php?diff=99897&oldid=98949 
# 17:42 
capjamesg[d] [edit] URL design << {{capjamesg}} documented his static asset URL design at https://jamesg.blog/2025/02/07/redesigning-the-structure-of-my-blog-images-folder/
# 17:42 
Loqi Sorry, I couldn't find a page named "[edit] URL design" or similar
# 17:47 
[Joe_Crawford] [snarfed] is that under the hood and powering - like - the bluesky integration? https://buttondown.com/features/integrations -- or am I misunderstanding what the integration is and does?
# 17:53 
[tantek] SWICG call in ~8min for folks here working on AP, AS2, Webmention, Micropub and related specs
# 17:57 
[tantek] cc [KevinMarks] [snarfed] [manton]
# 18:03 
[snarfed] [Joe_Crawford] unrelated to Bluesky, just means that afaik Buttondown turned on Bridgy classic backfeed for all of their users for at least some silos, eg Reddit
# 18:04 
[Joe_Crawford] I think I get it. Cool!
gRegor joined the channel
# 19:00 
[tantek] Wow
# 19:01 
gRegor carrvo, tried out your Journey to Mindie IndieAuth sign in. I also got snagged on the introspection endpoint, so I'll debug that more. This is probably the first use of my token introspection endpoint. :)
nemonical joined the channel
# 19:02 
gRegor I'm less familiar with the flow, is it common/expected to introspect the token right after it's granted?
# 19:31 
carrvo It is common to introspect during every resource retrieval. My endpoints serve as both a client and a resource. A gotcha is that mod_oauth2 requires the `sub` claim to properly update Apache's user field for it to be passed to the authorization layer.
# 19:33 
carrvo It may be easier to "Stay Anonymous", learn more about it's introspection development, then loop back to login as yourself.
# 19:35 
carrvo I would love a proper Apache module for IndieAuth...but that is too much for me at this time to develop. Then I wouldn't need introspection (though I am quite happy to support it).
# 19:38 
gRegor What resource is your page trying to retrieve from my site at that time though?
# 19:38 
gRegor Oh, totally missed the anonymous button. Will do :)
# 19:40 
[snarfed] carrvo out of curiosity, why do you login-gate your articles?
ttybitnik, gRegor, MyNetAz and Chailotl joined the channel
# 21:33 
gRegor [snarfed], does the person-tag described in https://brid.gy/about#person-tag work with Bridgy Classic publish to Bluesky? I want to @-mention [Joe_Crawford] in a post.
# 21:36 
gRegor I wasn't sure if I needed that or it worked similarly to Bridgy Fed to Mastodon, where the "@" in the link text seems to work with a plain link to the Mastodon profile page.
# 21:41 
gRegor That section mentions "Flickr" but I found it linked from the Bluesky mention here: https://brid.gy/about#publish-types
sebbu2 joined the channel
# 21:59 
[snarfed] gRegor yeah I think you need u-category h-card
# 22:05 
gRegor Hm, the link came through but don't think it's a mention: https://bsky.app/profile/gregorlove.com/post/3lhmm6fnzan2g The "@" is inside the link text on my original, but no on bsky
# 22:06 
gRegor No biggie, though. [Joe_Crawford] I mentioned you :D
# 22:11 
[snarfed] hmm sorry! will look
# 22:14 
[Joe_Crawford] I did not receive a user mention based notification. But the link works to go to my account.
# 22:18 
[snarfed] gRegor I misled you, sorry, it's like Mastodon, plain link to profile URL with text starting with @
# 22:18 
[snarfed] I'll update the docs
# 22:19 
gRegor no worries, that's easier!
# 22:19 
carrvo gRegor, the resource is the webpage, but the auth in front of the resource asks the IdP whether it should grant access. I believe the need to re-ask is for statelessness, but there may also be caching as well.
# 22:20 
gRegor Ah, that makes sense
# 22:23 
carrvo snarfed, "being a website" is actually a secondary goal. I also decided to follow security practices like defense in depth and deny by default. The transition to opening specific pages up to the public has a technical limitation of a library version I am using (and documented on MIndie-Client).
# 22:24 
carrvo Much of which is in that particular page. Which is ironic since the page is login gated...
# 22:28 
carrvo As it stands, requiring introspection is a technical limitation of a library I am using (I am looking at you, mod_oauth2). Things can simplify when more specific modules exist...down the road when I want that headache.
# 22:46 
sebbu c​arrvo, reminds me of the noscript & umatrix browser extension : they're deny by default :)
ttybitnik, claudinec, MyNetAz and Chailotl joined the channel