balloob
https://github.com/balloob
•
Jul 9
WeChat ID
aaronpk_tv
-
I could see extending the limitation of the loopback address to also include the private IP ranges. I assume in that case it is extremely unlikely that the server will have an https certificate, so that's another reason to keep the limitation on the private IP ranges rather than allowing arbitrary IP addresses.
One of the benefits of the client ID being a publicly accessible web page is that the authorization server can fetch the application name and icon from that page.
In the case of using a private IP address, the authorization server won't be able to fetch any information about the client, so the prompt will show just the IP.
The other option is to use
https://www.home-assistant.io/as the client ID, allowing just the redirect URL to be a private IP. This breaks the rule of the client ID and redirect URL hostnames matching, so servers may show a warning like the below, but at least the application info is visible.
-
Michael Bishop
https://miklb.com
•
Jul 8
My greatest lifehack has probably been removing the laptop charger from near the couch.
And here i was thinking about installing one there permanently -
amit
https://micro.blog/amit
•
Jul 8
@aaronpk I agree, you get to read multiple perspective on a topic. Of course, they are comments on web; so have to sort through some terrible ones. But I find the overall balance is on manageable side.
It's a little nervewracking when it's about your own post. I decided to stay out of the discussion there this time. -
always coming home
https://cybre.space/@nightpool
•
Jul 8
@aaronpk yeah. this was judged this least-complicated of all the possible options
Yeah, that's surprisingly simple. We need to work on the Microformats markup for that though. Although it came through not completely broken on my website as is. -
Here's a post I just wrote explaining IndieAuth and how it solves a number of the challenges with OAuth in this context.
https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web -
so wait... you include :something: in the text of your post, then include an "Emoji" tag with the name :something: and the client matches it up?
-
Syl and Miku
https://www.instagram.com/sylandmiku
•
Jul 7
One of the only pictures we took from #firstcaturdaypdx. We got way too distracted by all the cute cats!
We loved seeing @roarpdx there! Miku and Syl love their new #catdancer
#mikucat #caturday #cats #catsofinstagram #adventurecatintraining
@indiewebcat we gotta get you ready for this next year! -
Include timezone offset in machine-readable timestamp
Toots are displayed in (someone's) local time, but the machine readable date is always rendered in UTC.continue reading... -
ohno
-
always coming home
https://cybre.space/@nightpool
•
Jul 8
@aaronpk oh, weird. I haven't ever seen that emoji before, that was mainly why i was confused
custom emoji sound fun tho, where is that documented? -
always coming home
https://cybre.space/@nightpool
•
Jul 8
@aaronpk really enjoying the custom emoji, thanks
uhoh, that's just a regular emoji, and it looks like I'm sending relative URLs to Mastodon so that gets linked to a nonexistent page on cybre.space! So many edge cases! -
Andy McIlwain
https://andymci.com
•
Jul 7
An independent web doesn't necessarily mean an open web. Thinking about private sites and networks for groups, families, personal use. #indieweb #justathought
Agreed, and an open web doesn't imply a public web. We're experimenting with private content too! https://indieweb.org/private_posts -
Julien Deswaef
https://mastodon.social/@xuv
•
Jul 7
@aaronpk PS: I should mention that I started following you from the other instance. But still could not see your post before searching for it.
Yeah that sounds like Mastodon's limitation where it doesn't actually go fetch posts from people if someone on the server isn't already following them. Thanks for providing an example where that was confusing! -
Julien Deswaef
https://mastodon.social/@xuv
•
Jul 7
@aaronpk yes. Exactly tried that. It does not work. Also, I can't seem to see the boost I did from a different instance looking at this account.
I think I fixed it... give it a try again? -
Julien Deswaef
https://mastodon.social/@xuv
•
Jul 7
@aaronpk for some reason, this post does not federate well with all Mastodon instances. I'm trying to boost it from another account elsewhere, but I can't seem to see it. Any clue?
by any chance, are you trying to paste that post's URL into the search box on other Mastodon instances? -
Julien Deswaef
https://mastodon.social/@xuv
•
Jul 7
@aaronpk for some reason, this post does not federate well with all Mastodon instances. I'm trying to boost it from another account elsewhere, but I can't seem to see it. Any clue?
hm, I've been incrementally implementing ActivityPub, doing as little as possible each time. I don't think I've tried what you're doing yet, trying to find my post from an instance that is not already following me. I'm not actually sure what I need to implement to make that work though! Any ideas? -
Look for mf2 first, use Mercury as a fallback
If the page has mf2, that is likely to be much better data than what Mercury finds. Indiepaper should first check if it finds an article via mf2, and if it doesn't, then can use Mercury to extract what it can.continue reading... -
Eugen
https://mastodon.social/@Gargron
•
Jul 7
IndieAuth sounds interesting as a more generic way for federated applications to allow app registrations https://indieauth.spec.indieweb.org/
The question is how do we adapt this after our current, extremely similar but somewhat different system has been in production use for around 2 years #mastodev
The existing Mastodon API uses OAuth 2, right? Seems like you'd be able to add this on top and still also support the existing behavior without any changes. You'd get the benefit of auto discovery and global client IDs. Maybe we should chat about this at the next w3c call? -
Sven Knebel
https://www.svenknebel.de/
•
Jul 7
Careful though if anything on there is supposed to send e-mail: .xyz is among the TLDs that are very strong spam-indicators.
j/k, I already forgot the domain I registered. It's actually p3k.app!
