#indiewebcamp 2012-10-02
2012-10-02 UTC
donpdonp, dascher, zztr, Alex_Lykos, danbri, friedcell, josephboyle, josephboyle1, tantek and adactio joined the channel
# tantek.com edited /2013/Guest_List (+1) "/* Official Guest List */ fix link, update counts" (view diff)
dascher, tantek, spinnerin and friedcell joined the channel
# tantek !tell barnabywalters - when did you add POSSE support to your site where the syndicated copy on twitter linked or at least referenced back to the original? add dates/permalinks to the POSSE list of current sites: http://indiewebcamp.com/POSSE#Sites
# tantek.com edited /PESOS (+568) "/* PESOS */ dfn, subsections, background, related more disadvantages details" (view diff)
# tantek interesting article: http://blog.mailchimp.com/social-login-buttons-arent-worth-it/
hober joined the channel
dascher joined the channel
danbri_ joined the channel
# tantek tommorris - we have this so far: http://indiewebcamp.com/Principles
# tantek we could use a http://indiewebcamp.com/dogfooding page
# tommorris.org edited /Principles (+467) "adding the sisters doing it for themselves principle" (view diff)
sivy joined the channel
# sivy tantek: done :-)
# sivy i wonder: would "markdown on dropbox" be considered an indie platform?
# sivy even if the serving/rendering happened in a hosted environment?
# sivy for example:
# sivy i know that's not indieweb
# sivy without an own-domain
# sivy and the urls are lame
# sivy but the idea is that your content is hosted on dropbox
# sivy but the urls are served via a third party
# sivy i know it's not "full-indie" but curious what the opinion on these services is
# sivy i think it's pretty good as far as data portability goes
# sivy i know that particular service doesnt
# sivy fair nuf
# sivy that's kinda what i was thinking
# tantek !tell aaronpk special page link bug, this page: http://indiewebcamp.com/wiki/index.php?title=Special:UserLogout links the text "log in again" errantly to http://indiewebcamp.com/Special:OpenIDLogin whereas it should link to http://indiewebcamp.com/Special:UserLogin
# tantek !tell aaronpk - or you could give me admin privs to edit http://indiewebcamp.com/Special:UserLogout directly to fix it - assuming that's an admin editable page instead of a page to edit by hand/vi in the DB/server.
# sivy tantek: did you hlp with Persona
Alphi joined the channel
# sivy how does it work? i tried to read about browser id at one point, and didn't follow that either
# Alphi sorry for butting in, i've been playing with Persona over the weekend, its pretty slick
# Alphi i'm working on getting my own idp setup
# singpolyma I saw an article the other day that said Persona was "like OpenID without the headaches" and I laughed
danbri joined the channel
# Alphi OpenId certainly does induce headaches...
# singpolyma Alphi: not any more or different ones than BrowserID, though
tilgovi joined the channel
# singpolyma tantek: really? The normal complaints about OpenID are "you get redirected" and "the UI is not identical to username/password" and "IdPs all implement slightly differently" These all seem to be the case with BrowserID as well (well, except maybe the last one because there are so few IdPs at this point)
# singpolyma << And if you don't, you have to install the OpenID libraries on your own site. This is difficult enough of a task as to be either impossible for typical users, or too complicated/annoying for even experienced developers. >> -- ... unless you delegate or use a package IdP you can just drop on (like phpMyId)
# tantek donpdonp since I've had to make those arguments more than once (about why personal domain vs. some email), it was time to wikify them so anyone here can make the point for web sign-in and personal domains in the future: http://indiewebcamp.com/Why_web_sign-in
# tantek or better, add your suggestions to http://indiewebcamp.com/How_to_set_up_OpenID_on_your_own_domain
# singpolyma I agree that rel=me delegation is much easier for indie use cases than XRDS
# singpolyma phpMyId seems already listed on http://indiewebcamp.com/How_to_set_up_OpenID_on_your_own_domain :)
# singpolyma I think rel=me as a delegation option makes a lot of sense. Using that as a delegation option for OpenID makes it basically equivalent to RelMeAuth (except supporting existing OpenID IdPs instead of OAuth IdPs)
# singpolyma indieauth.com is great, but the security model is very weak
# singpolyma hmm, ok, will do :)
# singpolyma or should I maybe put it on the talk page for that page?
danbri joined the channel
# tantek and note that I've already added a bunch of security to do items there: http://indiewebcamp.com/IndieAuth#To_do
# singpolyma tantek: the second one I list (replay) is closely related to the firesheep problem
# singpolyma the former is a sniffing issue in the race condition case, but it's a authenticity issue in the MITM/poisoning cases
# singpolyma s/the former/the first one
# singpolyma TLS with a signed cert on IndieAuth.com (forced to be used, refuse any request not over TLS, not even a redirect should be given) fixes all three vectors on th efirst case
# singpolyma TLS or vetting re-use of tokens fixes the replay attack on the second case
# singpolyma right
# singpolyma (for clarity: to fix the second (replay) case, the TLS would have to be on the RP, not on indieauth.com, and even then re-use detection would be good, and since it's good enough by itself that may be better)
# singpolyma TLS or just detecting token re-use (since tokens should be unique per request)
danbri joined the channel
# @BarnabyWalters @barnabywalters is testing in_reply_to tweet syndication #web #indieweb
danbri and barnabywalters joined the channel
# Loqi barnabywalters: tantek left you a message 4 hours, 57 minutes ago: - when did you add POSSE support to your site where the syndicated copy on twitter linked or at least referenced back to the original? add dates/permalinks to the POSSE list of current sites: http://indiewebcamp.com/POSSE#Sites
tilgovi, tantek and tantek_ joined the channel