900 People Are Collectively Driving an 'Internet Roadtrip' on Google Street View
This morning I cruised through the streets of a scenic Maine town while classic country music played on the radio. Several of the 900 people in the backseat of the car on the day I hopped in counted pride flags as we passed them. Every time we came across an intersection, several of them would reach up and try to jerk the wheel onto a new road.
This is the Internet Roadtrip, a pleasant cruising journey across America one Google Street View screenshot at a time. Anyone on the website is also on the road trip and can vote on where the car will go, what radio station to listen to, and whether or not to honk the horn. The site counts votes at every new section of Street View and makes a decision about where to take the car every nine seconds. Then, it moves a few feet forward.
playlist.megaphone.fm?p=TBIEA2…
It’s a road trip made entirely of backseat drivers, all jockeying to spin the wheel. A steering wheel at the bottom of the screen shifts from left to right as the votes come in, indicating the direction the car will take. A window in the upper right tallies the votes as they come in. Another window tells you the exact address of the car. The radio stations are pulled from internet streams near the car’s location.
The Internet Roadtrip began last Tuesday in Boston and is, as of this writing, tooling around Ogunquit, Maine. Developer Neal Agarwal told 404 Media he was inspired by Twitch Plays Pokémon and Reddit’s /r/Place. “I think communal experiences on the internet are so fun, especially when there’s some shared goal,” he said. “I’ve had the idea of ‘Twitch plays self-driving car’ for a long time, but that’s probably not street legal so this is the next best thing.”
There’s a Discord server for the Internet Roadtrip where everyone tugging on the wheel can gather to discuss where to take the car. The chat from one of the server’s channels runs along the side of the website. It makes it feel like the entire server is in the car with you, all of them yelling from the backseat.
“If we go off track I swear I’ll explode into plastic fishes,” says one user.
“Lef left left,” another person says at an intersection.
“HIT THEM,” another user says as some pedestrians appear on a nearby sidewalk.
A round of users start spamming “honk” in chat, trying to get people to vote for it. The sound of a honk fills my headphones. They won.
“YES WE HONKED,” one of the users says.
This isn’t a convenient way to travel. Tallying votes every few few feet slows down the trip and the car is only going about 3 MPH. “So it’ll take a while to cross the country,” Agarwal said.
A big moment happened for the drivers a few days ago when it got a shoutout from WMUA 91.1 FM, a college radio station out of Amherst, Massachusetts while it was driving through the state. Someone from the Discord server called into the station, got on the air, and shared the project with the DJs. “This is so cool,” one of the DJs said on air.
In the bottom left corner of the screen a map that shows the car’s current location. As it moves across the country, it paints a red line to show where it’s been. The drivers lit out from Boston last week and cruised down to Providence before cutting west and heading north to Maine. “People wanted to go to Woonsocket because it had a funny name. And then we were arguing about whether to go to New York City or to go to Maine. And Maine won out,” the driver who called the radio station explained.
In the Discord server, users are arguing about where to drive and attempting to find a route that will take them across the U.S. border into Canada via Street View. “It’s also really cool seeing the different route plans people are making,” Agarwal said. “Hitting all 50 states also seems to be a common goal. I like how people areinterpreting the shapes on the map and someone also recorded a30 hour timelapse.”
Back in Maine, repulsed users changed the station off of classic country when Deana Carter’s “Strawberry Wine” hit the airwaves. Users hit seek until it spun back around to a Maine-area college station, WBOR 91.1, where David Bowie “Life on Mars.”“Get back on the highway to Canada,” says one user.“It’s Canada time,” says another, as the car navigates a tidy neighborhood in Maine.
Someone asks how long until the car gets to Portland, Maine. “4 or 5 hours i think, we keep making a lot of detours though,” someone says.
Another person in the backseat says, at this pace, it’ll take the car a week to get to Canada.
JLuc à partagé.
friendica oAuth authenticate for SPIP CMS
I installed a friendica instance (say "friendica.site") and a SPIP website (a CMS : cf spip.net ) and its mastodon plugin ( git.spip.net/spip-contrib-exte… )
Using that plugin, I can send messages to the friendica instance, but i need the plugin to oAuth into friendica for further features.
So as to do so, I installed the oauthprovider addon github.com/bmillwood/friendica…
When declaring the account in SPIP-plugin config page, i'm redireted to friendica.site and asked whether i accept oAuth. I agree. The newly accepted "SpipToMastodon" app appears in the addon config page friendica.site/admin/addon/oauthprovider : everything seems ok.
Then there is a redirect toward the SPIP plugin config page, and an error happens, because the process tries to fetch the following url : friendica.site/api/v1/accounts/verify_credentials?access_token=64ee5f2etc...
and friendica's `getUserIdByAuth` method fails with error « Unauthorized / This API requires login » and sends a 401 http code back... The spip-plugin fails.
I see that when trying that url directly in the browser, it asks for an interactive http login and password !!! When i enter my login and password, i then get a nice json with my user datas.
When trying that url on mastodon sites in the browser (with adapted access_tokens), i do not have to interactively enter my login and password = the feedback url is immediately accepted and json data is provided.
It looks like the access_token enables this for mastodon, but not for friendica.
In friendica's code, the PHPDOC says « An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record » relating to `Hook::callAll('authenticate', $addon_auth);`. Is this some kind of pipelined operation that the oauthprovider addon should implement, using the access_token ?
On the SPIP plugin side, is there something to be done so the plugin accomodates friendica verify_credentials page ?
Friendica Developers à partagé.
Michael 🇺🇦
en réponse à JLuc • • •JLuc
en réponse à Michael 🇺🇦 • •Well I searched and found a documentation wiki.friendi.ca/docs/api-authe… and followed a link !
It's not required ? OK I deactivated the plugin and tried without it : the behaviour is exactly the same
Is there a page where i can see now the list of authorized apps possibly along with their client id and secret ids ? Or maybe this is the specific role of that addon...
But same also is the issue when accessing friendica.site/api/v1/accounts/verify_credentials?access_token=64ee5f2etc...
I see the SPIP-plugin sends the access_token in the query of this url, but also in the header of the request, with an "Authorization: Bearer 64ee5f2etc..." (value of the access_token).
Strangely, the error message "This API requires login" that is fed back with the 401 error comes from the `getUserIdByAuth` function that is defined in BasicAuth.php file.
« BasicAuth » ?!
Friendica Developers à partagé.
Michael 🇺🇦
en réponse à JLuc • • •/settings/oauthon your machine.JLuc aime.
JLuc
en réponse à JLuc • •In `BaseApi::getCurrentApplication`, BasicAuth is called because `OAuth::getTokenByBearer` fails (because both `$_SERVER['HTTP_AUTHORIZATION']` and `$_SERVER['REDIRECT_REMOTE_USER']` are empty)
BUT when editing `OAuth::getTokenByBearer` so it uses `$_GET[access_token]` in the $condition for `DBA::selectFirst ('application-view'` ... it works !!!!
Friendica Developers à partagé.
JLuc
en réponse à JLuc • •Progress on the issue :
- according to oAuth spec datatracker.ietf.org/doc/html/… , the bearer access_token « SHOULD NOT be passed in page URLs (for example, as query string parameters). Instead, bearer tokens SHOULD be passed in HTTP message headers or message bodies for which confidentiality measures are taken. Browsers, web servers, and other software may not adequately secure URLs in the browser history, web server logs, and other data structures. If bearer tokens are passed in page URLs, attackers might be able to steal them from the history data, logs, or other unsecured locations. »
Friendica does this right. It looks like Mastodon wrongly accepts the token as en url argument. (Suprising, isnt ?)
I will propose a fix for SPIP plugin so it can pass the access_token in Authorization header, for both friendica, mastodon and hopefully other creatures of the fediverse.
#friendica #mastodon #spip #security
Friendica Developers à partagé.
JLuc
en réponse à JLuc • •It is now compatible with friendica and other fediverse creatures that use mastodon API @Michael Vogel
Friendica Developers à partagé.