One of the many problems that’s emerging with webmention is it’s turned into a sort of Swiss army knife of notifications; the IndieWeb uses it not just to send responses to folks, but also for things like publishing to Bridgy Fed or syndicating content to content aggregators. It’s the basis of how notes work. It’s up to the recipient to try to disambiguate the meaning based on context and post-type discovery, and what things are can change over time, sometimes in unpredictable ways that fall apart.Read more…
fluffy rambles (Indieweb)
Rambles that are fluffy, by fluffy
- indieweb: indieweb
This year IndieWeb Summit was canceled1, and some pretty good conversations took place. As usual my biggest interest was in doing authenticated, secure sharing of private posts, which has been a huge focus in how I’ve been building Publ.
I wasn’t really able to participate in any of the development stuff (as I’m still in quite a lot of pain due to whatever the hell is going on with my chronic pain stuff interacting with whatever the hell has been going on with my shoulder for the past month), but I did join in on the ending of a discussion/dev session about AutoAuth.Read more…
I used to get a pretty steady stream of offers for “featured guest posts” on my website, but then that tapered off, and I figured it was just because those spammers found something better to do for their SEO. But that was also around when I stopped posting to my own site regularly and was mostly blogging on Tumblr or posting to Twitter.
But ever since I moved back to this site as my primary posting destination, the emails have started to come back, which makes me think they never really left – they just stopped asking me.
It’s weirdly validating, in a way.
I mean, I’m still not going to accept any of their offers (this is my site, not some random free-for-all, dangit!) but it’s nice to be wanted all the same.
(That said I do post guest art, so if you want to get something featured on this site, draw a picture of one of my characters. I’m pretty easy to please in that regard.)
- indieweb: fediverse
- indieweb: ActivityPub
- indieweb: IndieWeb
- indieweb: Publ
- indieweb: Subl
- indieweb: ramble
While Publ is still going to be an IndieWeb-first platform (simply because it’s so much easier to integrate – having modular Lego bricks and a pick-and-choose functionality set that is as simple as adding it to one’s HTML templates is a very compelling approach), I’ve had some good discussions regarding ActivityPub lately and it’s starting to seem a bit more possible to add that as an add-on for Publ.Read more…
The fact that yesterday’s intent post ended up changing URLs (because I’d inadvertently titled it for 2020 instead of 2019) made it so that it made sense to finally add support for multiple incoming webmention target URLs. So I added this to
webmention.js, and also to the sample beesbuzz.biz templates. So now I can slurp up arbitrarily many target URLs' mentions on any given page.
Incidentally, yesterday I ended up releasing a new version of Pushl which also has to do with URL updates. Gee, I wonder why these things both came up in such close proximity.
So anyway this is two IndieWeb-focused things in as many days and they aren’t even things I was intending to work on. But low-hanging fruit is just as tasty.
- indieweb: IndieWeb
I don’t plan on actually releasing everything every day (speaking of which I’m glad Novembeat 2019 is finally over with, holy heck!) but I definitely have things I want to get done this month.Read more…
One question, though—could the Atom feed list
rel alternateversions of the feed? (That would have type
application/atom+xml?) It also seems like
rel selfcould have the non-authenticated version of the feed. It doesn’t make sense for credentials to be in that URL. These are possibly naive suggestions—apologies, if so. Again, fantastic write-up!
The problem is that it’s up to the sharing news reader to know which URL to use for the sharing, and there’s no way to control what URL the reader happens to use. I know that Feed On Feeds will use the URL for the actual subscription (since that’s the only source URL it tracks in the first place), and who knows what other readers with sharing features will do!
And changing the
rel="self" URL has a different problem – some readers (again, such as Feed On Feeds) treat that as the canonical URL and will update their subscriptions to point to that URL instead, so setting
rel="self" to the unauthenticated feed means most users will be unable to remain logged in.
Basically, it’s a tricky issue that has no right answer with the Atom spec as it currently exists. So if some other mechanism has to be designed, it might as well be done in a safe, unambiguous way from the beginning. If some other use case for magic auth links comes up I’ll reconsider implementing them, but at least for friends-only subscription access, the privacy risks are simply not worth it.
I’ve changed my site templates a bit more, to make CWs work a bit better. In particular, now entries which have a CW will also hide the text behind a
<details> on the page (for example), and similarly I’ve hidden CWed images on individual comic pages (for example). Comic images will also (finally!) be blurred in the OpenGraph tags, as well, after one too many “oops"es when posting links to Slack demonstrating how my CWs work.
I’ve also improved compatibility with Bridgy Fed and with the way that webmention microformats are supposed to work in the first place, per a conversation in which I learned that I wasn’t actually using reply types correctly. (You may have noticed a bunch more micro-posts on the chatter section as a result of me fixing this as well. I also need to finally implement a thing so I can properly filter that stuff out of the little "latest posts” box on the main page!)
The sample templates repository has been updated, accordingly.
Edit: It didn’t take me very long to implement the Publ feature change. I went ahead and cleaned up a bunch of query generator code while I was at it.
Also I think I found a bug in PonyORM. Nope, I think I was just being hopelessly optimistic about a thing.
Over on IndieWeb Chat, Kevin Marks linked to this wonderful essay about social media that is absolutely worth reading, and examines a part of the “personal social networking” thing I’ve been on a kick about lately but didn’t quite have the words for.
For me, a big part of the problem with social media as it stands today is that everything’s about fast, immediate, in-the-moment dissemination of Hot Takes and viral propagation and so on, and that’s a design that so many of the other indie-focused social networks are trying to replicate. I’m not much a fan of microblogging or protocols which exist to make it the norm (which is why I’m still not particularly interested in supporting ActivityPub natively in Publ!) and I like being able to take some time to expand on my thoughts and not have to chunk things up into 280-to-500-character chunks and worry about fixing my spelling and grammar and phrasing right then and there.
I like being able to sit on things for a few days, and add addendums without it being a whole new post, and I like having feedback come slowly and measured. Yes, I get quick replies and a variety of favorites-like reactions via Webmention and other things, and I do appreciate that in this little nichey corner of the web this is a way that people can interact with me, but I’m not really writing for an audience so much as writing for me and my friends, and hoping that the things I write also maybe resonate with folks who happen to read it.
I still use Twitter and Tumblr and Mastodon quite a lot (much more than I’d like, really) but that’s not how I prefer to interact with folks. I don’t even try to read everything that people post there, and I have no idea how anyone can think of timeline-oriented streams-of-updates services as a place where you’re going to be able to. I just occasionally glance at them to see what’s going on and maybe interact with others in the moment, and spend much more time wondering why the hell I even bother trying to communicate in that way beyond “it’s how everyone else communicates today.”
My big concern about my blogging habits here is that I’m mostly talking about the platform itself. Blogging about blogging is so dreary. Hopefully soon the new-toy shininess will wear off and I’ll get back to using this as a means of talking to my friends about other stuff. I certainly have a lot of other stuff coming down the pike, at least. Hopefully some of it turns out well.
I guess it’s mostly just that what I have to write about is what I’m working on, and this is (mostly) what I’m working on. If I were working on other things they’d be getting posted to other parts of my site.
Not-unrelatedly, I really want to get back into making comics.
While it has some rough edges, the Webmention protocol has a lot going for it. One of the nice things about it is that it’s easy to add support via a third-party endpoint, such as webmention.io, which is what I (and many others) use.
There’s a few things I wish were better, though, and I think these can all be addressed by the endpoint itself, while remaining within the specification as it’s written today. I would be tempted to write an endpoint that works this way, if I weren’t already overwhelmed with other projects.
Definitely support the webmention.io API. There’s a lot of folks already using that to retrieve mentions to display them on their site, and I see no reason for that to change.
Having some form of moderation would be nice. Mentions at their core should be kept perpetually but with a disposition of accept/reject/pending, and domains should also have a default disposition (which defaults to pending). When a new webmention comes in, it should get the domain’s default disposition (along with an unmoderated flag), and then when moderating them, the user should be able to change the default disposition for the domain.
Mentions should be periodically refreshed to see if they’re still valid. The refresh interval can be some form of slow exponential growth, like the Fibonacci sequence or something. Whenever the status of the mention changes, that should reset the refresh interval. Mentions which have disappeared should not be rendered while they’re invalid, and the moderation queue should also show a section for “approved but disappeared” mentions.
When a mention is sent or refreshed, it should also get a source and destination pointer; track the mention in terms of the original URLs provided, but they should be displayed and fetched based on what their current URL is, after chasing redirections or the like.
Relatedly, multiple incoming mentions should be consolidated based on what their source and destination URLs resolve to. For example, if Alice pings Bob from
https://bob.example.org/blog/hello.html, and then Alice’s URL updates to
https://alice.example.com/blog/1/First-Entry, if Alice’s site re-sends backfill pings, the endpoint should only report a single ping that comes from
https://alice.example.com/blog/1/First-Entry. Likewise, if Bob’s URL changes to
https://bob.example.org/weblog/hello, when Bob’s site retrieves mentions for the new URL it should also include mentions that went to the old URL.
Obviously for this case there will be a period of time between a site’s URLs changing and the original pings being refreshed, but maybe a new mention to an older target can also trigger a refresh of existing mentions to see if they’re subject to consolidation.
Also the consolidation should only happen at the retrieval level; the original source/destination URLs should always be preserved, since it’s always possible for an old URL to become unique again.
There should also be some automatic consolidation of pings that have the same URL aside from the scheme; webmention.js handles this on the rendering end but it’d be nice if the endpoint could do this automatically. For example, if a ping comes in from both
https://example.com/12345, they should be consolidated to both have come from the
https:version, probably. It would also probably make sense to do some sort of intelligent auto-consolidation based on domain aliases, like
example.com. (8/28/2019 update: Or use
Support for private webmention.
Support for Vouch, both from a validation perspective and providing UX to make it easier for folks to present their whitelist (like maybe when a domain is whitelisted it can also be added to a vouch list).
Also maybe some form of conversation threading would be nice? I’m not sure how that could be reasonably implemented (aside from supporting Salmention and hoping others come along with that) but it’d do a lot to address the UX problems with Webmention as a conversational platform.
Kevin and Ryan raise some very good points about where OStatus went wrong. I absolutely agree that Webfinger is a terrible approach to identity brokering (and I have a lot of problems with the
/.well-known thing in general), and while I haven’t looked seriously into Salmon because it seemed unnecessary, it also sounds like it was a major pain in the butt to deal with on top of that.
What’s frustrating to me is that Mastodon (and possibly ActivityPub itself?) makes Webfinger absolutely necessary to support (and provides worse feed discovery/modeling as a result!), and I believe it does something Salmon-esque for conversational threading as well (although I’m sure someone will correct me on this point).
Meanwhile, another reason to avoid ActivityPub is that things like this are necessary.
(This is a somewhat-edited version of a disconnected ramble I posted on Twitter/Mastodon while on the train home today. I feel like putting this somewhere that I own it, but am not in a good enough mental state to actually write it properly.)
Yesterday at IndieWeb Summit, someone – Aaron, I believe – mentioned that one of the big differences between IndieWeb initiatives and ActivityPub is that IndieWeb is made up of simple building blocks you can pick and choose while ActivityPub frontloads a lot of complex work. This is a sentiment I very much agree with and it’s unfortunate that the main reason Mastodon switched from OStatus (which is very IndieWeb-esque) is because it made it slightly less inconvenient to pretend to have private posts. Which aren’t even implemented that well.
Mastodon’s “private” posts really suck from a bunch of standpoints. There’s no ability to backfill or even view on web without being on the same instance, and Mastodon’s actual privacy controls go in the wrong direction, so it’s still necessary for a separate vent account. As usual I don’t know if this is a problem with ActivityPub itself, or an artifact of how Mastodon shoehorned its functionality into ActivityPub, but either way, the end result is that Mastodon’s post privacy isn’t really all that useful, nor is it really all that private.
So, right now ActivityPub is the darling of the fediverse, but I’m hoping that the current push toward AutoAuth and trying to use it as a basis for private webmentions and the obvious next steps of private feeds and private WebSub will change that. I do worry that IndieAuth/AutoAuth are kind of hard to do in piecemeal ways though (well, okay, IndieAuth becomes really easy using IndieLogin but I don’t want to see a single endpoint become what everyone on the Internet relies on). And of course once you get into an integration between auth stuff and content stuff you also need to worry a lot more about content management and how it integrates, as well as this seeming fundamentally incompatible with static site generation.
Non-public unguessable URLs aren’t great for privacy in general (and I mean, Publ has had “privacy through obscurity” since day one and there’s several reasons why I rarely use it anyway) but it’s at least better than nothing.Read more…
One of the biggest bits of functionality I want to get in the next milestone for Publ is private posts. Doing private posts requires some way of determining the identity of the person who is reading the site. There are a lot of mechanisms to choose from. Most of them are largely incompatible with one another, and there isn’t any single mechanism that checks all my boxes. And of course the standards keep on shifting, and keep on getting a new unifying standard that will fix everything.
So, IndieLogin is a really great way to get started with IndieWeb authentication for people who are in the IndieWeb ecosystem. If you have your own website on your own domain name and an account on one of its connected RelMeAuth providers, it covers everything. But not everyone who I want to grant stuff to has their own website, or the ability to set one up. Siloed OAuth is still useful. And being able to log in via email address is also beneficial.Read more…
David Yates wrote a great defense of RSS which I completely agree with. To summarize the salient points:
- RSS is open
- RSS works
- RSS is very well-supported by a lot of things
- RSS is a suitable name as shorthand for “RSS/Atom” because the name “Atom” is overloaded and basically anything that supports Atom also supports RSS and vice-versa
(Note that there’s one inaccuracy in that since that article was written, Twitter has moved over to algorithmic manipulation of the timeline. This can currently be disabled but who knows how long that’ll last?)
Most IndieWeb folks are also really gung-ho about mf2 and h-feed, and while I don’t see any reason not to support it (and it certainly does have some advantages in terms of it being easier to integrate into a system that isn’t feed-aware or convenient to set up multiple templates), I’ve run into plenty of pitfalls when it comes to actually adding mf2 markup to my own site (for example, having to deal with ambiguities with nesting stuff and dealing with below-the-fold content, not to mention a lot of confusion over things like
e-content), and so far there doesn’t seem to be any real advantage to doing so since everything that supports h-feed also supports RSS/Atom, as far as I’m aware.
For me the only obvious advantage to h-feed is that you can add it to one-size-fits-none templating systems like Tumblr where you don’t have any control over the provided RSS feed, but in those situations there’s not really a lot more added flexibility you’re going to get by adding h-feed markup anyway. I guess it also makes sense if you’re hand-authoring your static site, but that just means it becomes even easier to get things catastrophically wrong.Read more…