Monday, July 17th, 2017
Wednesday, June 14th, 2017
A pretty good summary of some key indie web ideas.
Sunday, April 16th, 2017
Chris gives a step-by-step walkthrough of enabling webmentions on a Wordpress site.
Friday, November 7th, 2014
Tuesday, October 21st, 2014
Indie web building blocks
I was back in Nürnberg last week for the second border:none. Joschi tried an interesting format for this year’s event. The first day was a small conference-like gathering with an interesting mix of speakers, but the second day was much more collaborative, with people working together in “creator units”—part workshop, part round-table discussion.
I teamed up with Aaron to lead the session on all things indie web. It turned out to be a lot of fun. Throughout the day, we introduced the little building blocks, one by one. By the end of the day, it was amazing to see how much progress people made by taking this layered approach of small pieces, loosely stacked.
The first step is: do you have a domain name?
Okay, next step: are you linking from that domain to other profiles of you on the web? Twitter, Instagram, Github, Dribbble, whatever. If so, here’s the first bit of hands-on work: add
rel="me" to those links.
<a rel="me" href="https://twitter.com/adactio">Twitter</a> <a rel="me" href="https://github.com/adactio">Github</a> <a rel="me" href="https://www.flickr.com/people/adactio">Flickr</a>
If you don’t have any profiles on other sites, you can still mark up your telephone number or email address with
rel="me". You might want to do this in a
link element in the
head of your HTML.
<link rel="me" href="mailto:email@example.com" /> <link rel="me" href="sms:+447792069292" />
As soon as you’ve done that, you can make use of IndieAuth. This is a technique that demonstrates a recurring theme in indie web building blocks: take advantage of the strengths of existing third-party sites. In this case, IndieAuth piggybacks on top of the fact that many third-party sites have some kind of authentication mechanism, usually through OAuth. The fact that you’re “claiming” a profile on a third-party site using
rel="me"—and the third-party profile in turn links back to your site—means that we can use all the smart work that went into their authentication flow.
You can see IndieAuth in action by logging into the Indie Web Camp wiki. It’s pretty nifty.
If you’ve used
rel="me" to link to a profile on something like Twitter, Github, or Flickr, you can authenticate with their OAuth flow. If you’ve used
rel="me" for your email address or phone number, you can authenticate by email or SMS.
Next question: are you publishing stuff on your site? If so, mark it up using h-entry. This involves adding a few classes to your existing markup.
<article class="h-entry"> <div class="e-content"> <p>Having fun with @aaronpk, helping @border_none attendees mark up their sites with rel="me" links, h-entry classes, and webmention endpoints.</p> </div> <time class="dt-published" datetime="2014-10-18 08:42:37">8:42am</time> </article>
Now, the reason for doing this isn’t for some theoretical benefit from search engines, or browsers, but simply to make the content you’re publishing machine-parsable (which will come in handy in the next steps).
Aaron published a note on his website, inviting everyone to leave a comment. The trick is though, to leave a comment on Aaron’s site, you need to publish it on your own site.
Webmention is basically a reimplementation of pingback, but without any of the XML silliness; it’s just a POST request with two values—the URL of the origin post, and the URL of the response.
My site doesn’t automatically send webmentions to any links I reference in my posts—I should really fix that—but that’s okay; Aaron—like me—has a form under each of his posts where you can paste in the URL of your response.
This is where those h-entry classes come in. If your post is marked up with h-entry, then it can be parsed to figure out which bit of your post is the body, which bit is the author, and so on. If your response isn’t marked up as h-entry, Aaron just displays a link back to your post. But if it is marked up in h-entry, Aaron can show the whole post on his site.
Okay. By this point, we’ve already come really far, and all people had to do was edit their HTML to add some
rel attributes and
For true site-to-site communication, you’ll need to have a webmention endpoint. That’s a bit trickier to add to your own site; it requires some programming. Here’s my minimum viable webmention that I wrote in PHP. But there are plenty of existing implentations you can use, like this webmention plug-in for WordPress.
Once you have a webmention endpoint, you can point to it from the
head of your HTML using a
<link rel="mention" href="https://adactio.com/webmention" />
Now you can receive responses to your posts.
Here’s the really cool bit: if you sign up for Bridgy, you can start receiving responses from third-party sites like Twitter, Facebook, etc. Bridgy just needs to know who you are on those networks, looks at your website, and figures everything out from there. And it automatically turns the responses from those networks into h-entry. It feels like magic!
Here are responses from Twitter to my posts, as captured by Bridgy.
That was mostly what Aaron and I covered in our one-day introduction to the indie web. I think that’s pretty good going.
The next step would be implementing the idea of POSSE: Publish on your Own Site, Syndicate Elsewhere.
You could do this using something as simple as If This, Then That e.g. everytime something crops up in your RSS feed, post it to Twitter, or Facebook, or both. If you don’t have an RSS feed, don’t worry: because you’re already marking your HTML up in h-entry, it can be converted to RSS easily.
I’m doing my own POSSEing to Twitter, which I’ve written about already. Since then, I’ve also started publishing photos here, which I sometimes POSSE to Twitter, and always POSSE to Flickr. Here’s my code for posting to Flickr.
I’d really like to POSSE my photos to Instagram, but that’s impossible. Instagram is a data roach-motel. The API provides no method for posting photos. The only way to post a picture to Instagram is with the Instagram app.
My only option is to do the opposite of POSSEing, which is PESOS: Publish Elsewhere, and Syndicate to your Own Site. To do that, I need to have an endpoint on my own site that can receive posts.
Working side by side with Aaron at border:none inspired me to finally implement one more indie web building block I needed: micropub.
Having a micropub endpoint here on my own site means that I can publish from third-party sites …or even from native apps. The reason why I didn’t have one already was that I thought it would be really complicated to implement. But it turns out that, once again, the trick is to let other services do all the hard work.
First of all, I need to have something to manage authentication. Well, I already have that with IndieAuth. I got that for free just by adding
rel="me" to my links to other profiles. So now I can declare indieauth.com as my authorization endpoint in the
head of my HTML:
<link rel="authorization_endpoint" href="https://indieauth.com/auth" />
Now I need some way of creating and issuing authentation tokens. See what I mean about it sounding like hard work? Creating a token endpoint seems complicated.
But once again, someone else has done the hard work so I don’t have to. Tokens-as-a-service:
<link rel="token_endpoint" href="https://tokens.indieauth.com/token" />
The last piece of the puzzle is to point to my own micropub endpoint:
<link rel="micropub" href="https://adactio.com/micropub" />
That URL is where I will receive posts from third-party sites and apps (sent through a POST request with an access token in the header). It’s up to me to verify that the post is authenticated properly with a valid access token. Here’s the PHP code I’m using.
It wasn’t nearly as complicated as I thought it would be. By the time a post and a token hits the micropub endpoint, most of the hard work has already been done (authenticating, issuing a token, etc.). But there are still a few steps that I have to do:
- Make a GET request (I’m using cURL) back to the token endpoint I specified—sending the access token I’ve been sent in a header—verifying the token.
- Check that the “me” value that I get back corresponds to my identity, which is https://adactio.com
- Take the h-entry values that have been sent as POST variables and create a new post on my site.
Finally, there’s OwnYourGram, a service that monitors your Instagram account and posts to your micropub endpoint whenever there’s a new photo.
Indie Web Camp
Each one of these building blocks unlocks greater and greater power:
Each one of those building blocks you implement unlocks more and more powerful tools:
But its worth remembering that these are just implementation details. What really matters is that you’re publishing your stuff on your website. If you want to use different formats and protocols to do that, that’s absolutely fine. The whole point is that this is the independent web—you can do whatever you please on your own website.
Still, if you decide to start using these tools and technologies, you’ll get the benefit of all the other people who are working on this stuff. If you have the chance to attend an Indie Web Camp, you should definitely take it: I’m always amazed by how much is accomplished in one weekend.
Some people have started referring to the indie web movement. I understand where they’re coming from; it certainly looks like a “movement” from the outside, and if you attend an Indie Web Camp, there’s a great spirit of sharing. But my underlying motivations are entirely selfish. In the same way that I don’t really care about particular formats or protocols, I don’t really care about being part of any kind of “movement.” I care about my website.
As it happens, my selfish motivations align perfectly with the principles of an indie web.
Sunday, June 1st, 2014
Notes from a small website
A week ago, I tweeted:
After a long weekend of coding, I’ve got a brand new section on my website.
But that tweet did not originate on Twitter. That tweet is a copy. The original is here.
To be honest, I’ve never been that pushed about having my own bite-sized updates hosted on my own site and syndicated out to Twitter. I’m much more concerned about my photos. Still, I thought it was pretty cool the way that Chloe, Aaron, Amber, and Barnaby have a “notes” section on their sites hosting the canonical URLs of their updates, so I thought I’d give it a shot too.
Creating a new section on my own site is pretty straightforward. My home-rolled CMS is really creaky and ropey but it gets the job done. The notes section is just another kind of post, same as journal, links, and articles. The tricky bit (for me) was figuring out how to post a copy to Twitter.
It was pretty clear which API method I needed to use. The hard part was all the OAuth stuff. I’ve never meddled with that kind of voodoo before.
I signed into dev.twitter.com and created an application called adactio.com. I’m given an API key and an API secret. This application will only never need to post as me, so I was able to take advantage of single-user OAuth to generate my access token and access token secret:
By using a single access token, you don’t need to implement the entire OAuth token acquisition dance.
Now I had the four pieces I needed to send with a status update:
- my consumer key,
- my consumer secret,
- my access token, and
- my access token secret.
I found a small PHP library that uses Andy’s OAuth code. Looking at the source code, I was able to figure out what I needed to send to Twitter. The OAuth class is doing all the hard work—my PHP code is fairly basic.
Imagine my surprise when it actually worked.
I fiddled around with my site’s crude templating system so that if I’m logged into my little CMS, I’m presented with a simple update form on the front page of adactio.com.
When I type a note into that form and hit “post”, here’s what happens:
- I store the note in my own database.
- I send a copy to Twitter as a status update.
- Twitter returns a JSON object with info about the tweet I just created.
- I take the ID of that tweet and store it in my database along with the original note.
Having the ID of the copy on Twitter allows me to provide some Twitter-specific actions from my own site: reply, retweet, fave, etc.
Okay, so now I’m posting to Twitter from my own site. Nifty! But what about receiving notifications from Twitter? If someone replies to, or likes, or favourites the copy of my note on Twitter, it would be nice to get notified about it on adactio.com.
This would be a really complex problem to attempt to solve for myself, but fortunately I don’t have to. Brid.gy is a magical tool written by Ryan Barrett that you can authorise to watch your Twitter profile. It will send a webmention back to the canonical URL on your own site whenever anyone replies to, or retweets or favourites a post.
Because I’ve already got webmentions on my site, Brid.gy worked straight out of the gate—a lovely demonstration of some small pieces, loosely joined.
Like I said, I wasn’t all that pushed about hosting my own short updates but now that I’m doing it, I’m really, really enjoying it. It feels good.
It feels good to be using my own website for “microblogging”. I know that’s a distasteful phrase but it’s a fairly accurate way of describing how I tend to use Twitter. My earliest tweets definitely feel like short blog posts.