15:02:54 RRSAgent has joined #social 15:02:54 logging to http://www.w3.org/2017/07/05-social-irc 15:02:56 RRSAgent, make logs public 15:02:56 Zakim has joined #social 15:02:58 Zakim, this will be SOCL 15:02:58 ok, trackbot 15:02:59 Meeting: Social Web Working Group Teleconference 15:02:59 Date: 05 July 2017 15:03:02 present+ 15:04:08 present+ 15:04:22 Meeting: Social Web Incubator Community Group Teleconference 15:04:24 preset+ 15:04:27 present+ 15:05:06 present+ 15:05:15 scribenick: tsyesika 15:07:03 chair: cwebber2 15:07:04 Chair: cwebber2 15:07:32 jf2.rocks 15:07:33 cwebber2: there is nothing to review for the socialWG as we didn't meet this week unless someone else has something else to report 15:07:45 its just a validator at this point 15:08:02 there is sample data 15:08:05 and more coming 15:08:12 thats basically it 15:08:36 https://github.com/swicg/general/issues/5 15:08:38 [sandhawke] #5 In-Page Social Interactivity 15:09:57 sandro: masterdon has an open issue about this. It has an issue about following a user as you have to type in where you site is 15:10:03 cwebber2: (i missed you summery somehow) 15:10:21 sandro: i think we can do better, it's quite a ways off what the silos offer 15:10:35 q+ 15:10:44 ... the widgets from the silos (like and share, etc.) also offer a better UX 15:10:45 ack aaronpk 15:11:24 aaronpk: I mentioned in the github thread. We've experimented in the indeweb wiki and we use a button which requires one click but setting it up requires a lot. 15:11:42 q+ to ask about xss attacks 15:11:49 aaronpk: I also implemented the mastodon follow button where you type in your own site, it's an interesting approach but obviously not as good as the silos 15:12:08 q+ 15:12:30 ack cwebber2 15:12:32 aaronpk: I'm pretty sure the only way to do this is have it part of the browser otherwise you're granting too much permission from the site your visiting. I don't think there is a way to do it securely other than using the browser or a user-agent doing the following(?) 15:13:30 q? 15:13:36 cwebber2: my gut feeling is the browser has to be involved somehow. I'm worried about XSS attacks. For example if you had a like button, could you also make that handle a delete action too if you had granted the site both permissions. Does anyone have any thoughts on cross site trickery (more broad then just XSS) 15:13:36 ack sandro 15:13:37 ack cwebber 15:13:37 cwebber, you wanted to ask about xss attacks 15:14:03 q+ 15:14:27 sandro: I agree with what's been. Getting browsers to implement this stuff is going to be difficult. I think it'll be possible to do a polyfill. 15:15:10 15:15:25 timbl has joined #social 15:15:41 sandro: polyfill looks as if it's in the browser but it's actually not. The site using it has to load a bit of JS that does some magic from a specific site 15:15:43 q? 15:15:46 ack aaronpk 15:16:03 Loqi has joined #social 15:16:25 https://www.subtome.com 15:16:39 aaronpk: joulian has actually done this from subto.me. I don't know how it exactly works but it's essencially a polyfill tied to a domain 15:16:43 q? 15:16:49 q+ to ask about js interactions 15:17:49 https://www.subtome.com/#/ 15:17:50 aaronpk: when people put a subtome button on their site ... (something) it looks like a regular follow button. One solution around the browser is to get a reader support as it can add all the buttons at once and it also knows what you're doing (favouriting a post, etc.) 15:17:52 ack cwebber2 15:17:55 ack cwebber 15:17:55 cwebber, you wanted to ask about js interactions 15:19:20 cwebber2: if we had a like-style button on the page. They'll probably be added by JS anyway (mastodon is react.js), we'll have to assume things like this will have to be robust enough for JS to add buttons like this and we have to think about JS being able to click buttons like this. Like google's click fraud 15:20:18 sandro: How I imagine polyfills it would use iframes. When I put a static facebook like button on my page it allows a user to like something without leaving the page and display how many friends have liked the page. It's bidirectional. 15:20:52 q? 15:21:01 ... the page can't mess with the double iframes. The browser treats them as separate origins, the iframe security is quite good. 15:21:44 ... I implemented this double iframe thing. Is there interest in moving forward, we could rebrand Julian's code. 15:21:55 ... someway we could get this functionality deployed across social websites 15:22:15 aaronpk: I think we need to do some more exploring and experimentation. Our current set of options aren't ideal right now. 15:22:53 sandro: I'm glad you're saying that, the UX is too messy and there is no guarantee that it'd work on microsoft products or mobile and that's a large fraction of the web. 15:22:54 have people mentioned multiple accounts yet? that's a usecase that protocol handlers can't provide, as far as I understand existing tech 15:23:27 cwebber2: There might be some theming miss match between sites 15:23:57 sandro: You could provide some theming but as a user I like the idea of seeing a tiny window into my own site so it should be themed like my site 15:24:55 aaronpk: I agree. As a user I need to be able to trust that button to do something on my site so it should look like my site. The problem with button in someone's site it'll have problems with designers and such and it'll look wrong. It's why i prefer browser or reader support 15:25:05 nightpool, good question, I'll raise it 15:25:13 sandro: how do you invasive it'll look like in the browser/reader? 15:25:16 q+ to raise nightpool's question about multiple accounts 15:25:42 aaronpk: I have a bookmarklet that i can click and it lets me follow someone. It's integrated into the browser outside the thing i'm viewing 15:25:59 sandro: If it's styled in the polyfil, if it's put in the top and styled like my browser 15:26:24 aaronpk: if it's intentionally taken outside the flow of the website. I could see myself using that. It'd also not conflict with the style of the website too 15:26:56 cwebber2: Would you be able to click the like or share or whatever on multiple things on a page with a drop down or would it only be one thing per page 15:27:39 ack cwebber 15:27:40 cwebber, you wanted to raise nightpool's question about multiple accounts 15:27:42 aaronpk: there is something in micropub (?) and it looks thorugh the href's on the page and shows things in yellow that you can do it on but one of the reasons i think readers are better because it can do things like that 15:27:49 cwebber2: nightpool was asking about multiple accounts 15:27:59 s/something in micropub/a micropub chrome extension/ 15:28:32 sandro: My answer is there will be a button for my currently chosen account and a drop down menu to switch to another account or add an account 15:28:35 "Not you? click here" 15:28:48 sandro: I'm not sure it'd work with the titlebar aaronpk was talking about 15:29:00 aaronpk: that's how it works with facebook, you can choose a little dropdown 15:29:12 sandro: I'm not sure that's compatible with registerProtocolHandlers, is my point 15:29:26 |[https://foosite.example/post/123/] [stop][reload]| 15:29:26 sandro: it seems to me facebook and disqus style. 15:29:26 |--------------------------------------------------| 15:29:26 |[V cwebber@dustycloud.org ]| [* Like] [* Reply] | 15:29:52 cwebber2: something like this ^ (ascci art). You have your address bar and then something on the left with the available actions to the left 15:30:04 sandro: I pictured the drop down all the way to the right 15:30:18 cwebber2: I don't think it's the critical design issue, it could be either way. I don't care 15:30:27 sandro: I don't picture your name there 15:30:33 q? 15:30:36 cwebber2: Yeah it could display the users picture or whatever 15:30:44 i'm more concerned about the technical problems 15:31:02 sandro: coming back to next steps. I wasn't sure anyone was interested but I'm glad aaronpk is interested 15:31:19 nightpool, could you elaborate? 15:31:19 cwebber2: I'm very interested too. It's one of the things we looked at in mediagoblin when we first looked into federation 15:31:45 cwebber2: you can only have one protocol handler for a given protocol, right? 15:31:45 sandro: If we're going to do IRC we probably should just go back to typing 15:31:59 ... though I do like jessica being this voice to text machine here ;) 15:31:59 :P 15:32:04 if we're using the