#dev 2025-04-23

2025-04-23 UTC
grufwub, gRegor, [tw2113], CRISPR, paotsaq, Xander, bloot2, srijan, bret, [morganm], [KevinMarks], nemonical, [schmarty], Guest6, GuestZero_ and GuestZero joined the channel
# 13:20 
perryflynn [artlung]: how do you create these likes? internal ui? are these sent to the original sites via webmention? do you retry a webmention if the target site is temporarily not available? (sorry, still reading the getting started pages, maybe I should just read the RFC)
# 13:22 
perryflynn but my idea is getting more specific. I think I will manage outgoing webmentions in jekyll and create endpoints for syncing these into my future webmention api. this api will then be stateful for sending things. receiving stuff is managed the api too and is fetched at build time from jekyll into the page.
# 13:23 
perryflynn should not be that hard to test/try this with just one content type.
qaotsap and nemonical joined the channel
# 14:14 
[artlung] I am storing them in a yaml file with a url, title, author field (with either name, url or just a name). I run a cli script against it and do a scan (curl download and parse) for a webmention endpoint in the url (and I’ve been mostly bookmarking stuff with them until yesterday. If there is one, I send the webmention. I store the response in an object named for an md5 of the link and my links page url.
# 14:15 
[artlung] If I get a success, then I store the date time and the response in the file. So when I run it again I don’t re-send. It’s manual but has been a terrific exercise for me.
# 14:17 
[artlung] perryflynn it’s giving me a sense of how many (and how few) links have webmention endpoints. How well they work. How well that endpoint is maintained. Where it’s inserted (found one inserted via Js last week).
# 14:18 
[artlung] And the page is singular, but each like gets a single url as well. I put out a cheeky request for webmention supporting pages in Bluesky, Mastodon, Threads. Got a few in Mastodon. Zero in the other places so far.
# 14:21 
perryflynn kk. I am also surprised, that there are no talks at media.ccc.de about indieweb or webmentions. never heard about it and just stumpled over it by a blog post at hacker news about a completly different topic.
# 14:26 
[artlung] They are a descendent—is how I’d put it— to an older idea called trackbacks.
# 14:28 
[artlung] trackbacks became a vector for spam mostly. As of yet I’ve not seen that spam phenomenon in webmentions partly because I believe verification that the sending site have the outbound link.
duanin2 joined the channel
# 15:08 
[tantek] More like pingbacks but yeah same problem
# 15:09 
doesnm how best vouch prevents webmention spam?
# 15:11 
perryflynn I plan to check if the source is linking me and also use a manual domain whitelist. so check once if it is a valid blog / personal website.
# 15:22 
[schmarty] doesnm: to my knowledge vouch is not very widely supported.
gRegor joined the channel
# 15:24 
[schmarty] perryflynn: i think that is a common approach!
# 15:43 
[artlung] What is vouch?
# 15:43 
Loqi The Vouch protocol is an anti-spam extension to Webmention that can also be used to customize how your site accepts responses from different audiences https://indieweb.org/vouch
# 15:44 
[artlung] (I had not encountered it to my knowledge until today)
# 15:46 
[artlung] I currently use http://webmention.io to accept webmentions on "handrolled" pages of mine, and rely on wordpress to accept them for my blog (and pages the blog controls).
ttybitnik, [Sophia_wood], GuestZero, balintm, gRegor, h4kor and nemonical joined the channel
# 18:53 
capjamesg This is interesting: https://bsky.social/about/blog/04-21-2025-verification
barnaby joined the channel
# 19:04 
[tantek] It's kinda sad tbh. This: "As this feature stabilizes, we’ll launch a request form for notable and authentic accounts interested in becoming verified or becoming trusted verifiers" is not decentralized
# 19:04 
[tantek] Bluesky's "allow list" of "Trusted Verifiers" that they are bold enough to demand people "request" their approval via submitting a form to Bluesky is centralized.
# 19:05 
[tantek] This part: "You can self-verify by setting your domain as your username. We highly encourage official organizations and individuals to do this." is pre-existing and good.
# 19:06 
doesnm Too centralized
# 19:06 
doesnm i mean new verification system
oodani and barnaby joined the channel
# 19:17 
[tantek] yep
[snarfed] joined the channel
# 19:44 
[snarfed] domain verification is great but often not enough on its own. when you don't already know someone's domain name, you can't use it to check that you're looking at the right account
# 20:00 
[artlung] I don't begrudge the need for silos to signal "officialness" given the incredible boon in impersonation of anyone with any kind of audience
# 20:05 
[tantek] sure, all that's fine in theory. in practice, the example they give is NYT, and any journalist worth their salt should have their own domain
# 20:06 
[tantek] NYT can then rel=me link from the NYT author profile to the author's domain. done
# 20:06 
[tantek] so heck yeah I will begrudge silos pretending there is such a "need" when there really isn't
# 20:06 
[KevinMarks] How about a rel-me verifier and get bsky to bless it?
# 20:06 
Salt 🧂
# 20:13 
[snarfed] "domain verif is enough for NYT" may be true but that in no way means that it's enough for everyone
# 20:15 
[snarfed] and their design is much more decentralized than we've seen any kind of human-based verif like this before. like their labelers aka composable moderation, users will eventually be able to subscribe to their own verifiers, and clients can choose their own default verifiers. http://bsky.app is only one of many clients
# 20:21 
[tantek] [snarfed] then they really fumbled the message with the "we’ll launch a request form" closer
# 20:23 
[snarfed] true!
ttybitnik and barnaby joined the channel
# 20:57 
carrvo The earlier conversation about Webmentions got me thinking: the protocol has room for Webmention forwarding.
# 20:57 
carrvo Similar to how something like CloudFlare offers request forwarding for anti-spam or DDoS protection, Webmention handlers can forward the Webmention to another handler to perform further actions. I can see this "middleman handler" be used for anti-spam or notification purposes.
# 20:58 
aaronpk webmention.io has that
# 21:20 
carrvo Nice! aaronpk++
# 21:20 
Loqi aaronpk has 62 karma in this channel over the last year (135 in all channels)
# 21:22 
carrvo Just read through the BlueSky article: what would a decentralized version of their verification look like?
# 21:24 
[tantek] what is rel-me?
# 21:24 
Loqi Using rel=me on a hyperlink indicates that its destination represents the same person or entity as the current page, which is a key building-block of web-sign-in, IndieAuth, and ✅ distributed identity verification https://indieweb.org/rel%3D%22me%22
# 21:24 
[tantek] they literally should just copy Mastodon in that regard and be done
# 21:24 
[tantek] in addition to the domain as username thing
# 21:26 
aaronpk verified users is not the same as verified bidirectional links
# 21:26 
carrvo I could imagine an approach similar to Certificate Authorities where you curate your personal list of "root verified" and then each account you visit could be marked with a list of those who endorsed, filtered by those in your list (or a derivative).
# 21:29 
carrvo I could also imagine a list of stamps, where each can be custom made by the account issuing...though that might get long among other problems.
# 21:30 
carrvo tantek++ did not know/think about rel-me or Mastodon. Still worth the thought on my end.
# 21:30 
Loqi tantek has 35 karma in this channel over the last year (164 in all channels)
# 22:03 
[tantek] aaronpk, point being, they should build on verified rel-me links, not build a second side mechanism
# 22:03 
[tantek] and frankly, that could be delegated to registrars
# 22:03 
aaronpk it needs something more than rel-me though
# 22:04 
[tantek] since registrars have credit card info
# 22:04 
[tantek] this shouldn't need bluesky to do anything "special"
# 22:04 
aaronpk heh, registrars getting into the ID proofing space would be hilarious
# 22:04 
[tantek] they have the verification already! that's the point!
# 22:05 
[tantek] pay $1 more a year or whatever to flip some "full name verified by credit card" bit on a DNS record, then bluesky etc. can use that
# 22:05 
[tantek] this isn't rocket science
# 22:06 
aaronpk it's identity science, which is arguably harder than rocket science
# 22:15 
[artlung] Rockets only have to obey physical laws.
# 22:17 
[artlung] A friend shared a screenshot 2 days ago from Bluesky inviting her to buy and attach a domain.
# 22:44 
perryflynn free internet vs. verifying identity. always fun. :-)
# 22:50 
perryflynn I don't trust domain registrars an inch to make that work. We've seen how many bad things happened at certificate authorities. If really an identity has to be verified, then the only way is to use a tool provided by the government, like the ID card issued by germany which has a smartcard chip in it. otherwise only verifying ownership/access to a certain domain works. with or without cryptography.
# 22:51 
perryflynn verify a pseudonym vs. verify an actual real-life identity.
thegreekgeek joined the channel
# 23:12 
[KevinMarks] They are different use cases, made harder by name collisions. I am verified as Kevin Marks on YouTube becasue I used to have a Google Knol account. Other Kevin Marks's might be who someone else is looking for, eg in LA, this chap https://www.espn.com/nfl/player/_/id/4257189/kevin-marks-jr
# 23:13 
[KevinMarks] Or this chap in medical circumstances https://www.delphiatx.com/team/kevin-marks-ph-d/
NaomiAmethyst2 joined the channel
# 23:17 
aaronpk i'm verified on youtube because i added a bidirectional link from google plus to my website 😂
# 23:23 
[tantek] wat
# 23:28 
[KevinMarks] they kept some of the Social Graph API stuff?
# 23:29 
aaronpk this: https://managewp.com/blog/wordpress-google-plus-authorship
# 23:30 
aaronpk and then when they linked google plus to youtube, the verification carried over
geoffo joined the channel