#indiewebcamp 2013-07-29

2013-07-29 UTC
#
aaronpk wtf, my other server crashed as I was leaving sisters coffee
sandeepshetty, melvster, josephboyle and tantek joined the channel
#
bret hehe
melvster joined the channel
#
bret Eich may have some questionable qualities, but damn, JS awsome: http://www.youtube.com/watch?v=qrf9ONmtXbM
xtof, EHLOVader, cweiske, melvster, tantek, pfenwick, julien51, julien51_, eschnou, bnvk, pfefferle, andreypopp, adactio, josephboyle, f-a and Guest62610 joined the channel
#
neuro` Good morning (ugt)
#
f-a morning neuro`
#
neuro` How goes?
andreypopp joined the channel
#
f-a lazy and sleepy :P
#
bret wow this is super ugly, but I learned quite a few things tonight
#
bret Got webmention counts showing on the main page: http://bret.io/ and that I should be using CORS instead of plain jsonp
#
bret mind the crappy css, i need sleep
#
f-a good job bret
xtof joined the channel
#
neuro` Congrats bret and good night.
#
Loqi sweet dreams
julien51, pfefferle and Guest27982 joined the channel
#
@jihaisse Un autre test #indieweb http://js-zone.net/wordpress/2013/07/29/un-autre-test-indieweb/
bnvk joined the channel
#
@jihaisse @burninghat http://indiewebcamp.com/WordPress-fr et http://indiewebcamp.com/POSSE-fr
julien51, andreypopp and singpolyma joined the channel
#
@aral @doctorow Nothing wrong with the cloud as long as it’s *your own personal cloud* (see http://codename-prometheus.eu)
f-a joined the channel
#
lionzan.me edited /User:Lionzan.me (+413) (view diff)
#
lionzan.me edited /2013/UK (+59) (view diff)
dpk, xtof_, julien51, bnvk, gjones, bnvk_, scor, friedcell, JonathanNeal, brianloveswords, sandeepshetty, melvster, texburgher, morrocco_mole, ozten, josephboyle, andreypopp, xtof, melvster_, spinnerin and eschnou joined the channel
#
@Danis_90 RT @sevasev: Mau bikin website, Butuh webhosting atau mau jualan hosting, Diskon 50%-70% http://www.indieweb.biz https://www.facebook.com/photo.php?fbid=10200560034229354&l=c92b0042be
jihaisse joined the channel
#
jihaisse hello
#
jihaisse hi xtof
#
@andrewmaier @sara_ann_marie Not sure if you've seen this. Pretty much a nerd's call for content everywhere: http://indiewebcamp.com/databases-antipattern
#
xtof jihaisse bonjour
#
jihaisse xtof: j'ai attaqué wordpress
#
jihaisse j'ai réussi á faire marcher sharepress avec le raccourcisseur d'url "Hum"
#
jihaisse c'est moche pour l'instant, mais ça fonctionne
#
xtof jihaisse "moche" : tu parles de Hum ou SharePress ?
#
jihaisse xtof: mon hack dans share press pour qu'il utilise l'url courte
#
jihaisse pour bien faire, faudrait que j'ajoute une méthode dans sharepress et une option de configuration comme il y a pour bit.ly
sandeepshetty joined the channel
#
xtof jihaisse : intéressé sur toute documentation sur tes essais. N'hésite pas á attaquer le wiki http://indiewebcamp.com/WordPress-fr et http://indiewebcamp.com/WordPress avec test exemples
#
jihaisse xtof: http://js-zone.net/wordpress/2013/07/29/test-sharepress-hum
#
jihaisse xtof: sur twitter : https://twitter.com/jihaisse/status/361865827542237187
#
@jihaisse Test SharePress / Hum http://js-zone.net/wordpress/2013/07/29/test-sharepress-hum/
#
xtof jihaisse : Thanks. Nice work. Will come back tomorrow morning with a better connexion. I'd be happy to have a phone call if you're available during the week. I have to leave now. CU
#
jihaisse xtof: ok, see you later
sandeepshetty and andreypopp joined the channel
#
@jihaisse Nouveau test de SharePress avec l'option article:publisher pour facebook #indieweb http://js-zone.net/wordpress/2013/07/29/nouveau-test-de-sharepress-avec-loption-articlepublisher-pour-facebook-indieweb/
benwerd and f-a joined the channel
#
neuro` Hi jihaisse
#
jihaisse tiens, un neuro`
#
neuro` i English please.
#
neuro` In.
demis joined the channel
#
jihaisse for what it worth...
donpdonp, josephboyle and tantek joined the channel
#
benwerd There goes The Old Reader: http://blog.theoldreader.com/post/56798895350/desperate-times-call-for-desperate-measures
#
neuro` Hi tantek, benwerd
#
benwerd howdy neuro`
andreypopp joined the channel
#
benwerd That Instagram worm is quite something. Another reason for diversity of platforms.
#
tantek greetings
#
tantek benwerd, yeah, seriously. can't believe how many people it's hit.
#
tantek waiting for some security person to disassemble its mechanism
shaners and sandeepshetty joined the channel
#
aaronpk how does that even work? I've seen it a few times in my timeline
#
aaronpk you have to authorize the weird app, right?
#
benwerd I'm tempted to click it to find out, but will abstain ;)
#
tantek maybe with a test account?
#
tantek so the interesting thing is - there are no instagram clients
#
tantek let me state that again
#
tantek there are no instagram clients (that let you upload photos)
#
tantek so, this IG worm is somehow doing *what no one else has done* as an IG "client"
#
tantek so that part is interesting
#
tantek and potentially provides a way to POSSE to Instagram
#
aaronpk i didnt think it was posting a photo, just commenting on something
#
tantek aaronpk - it posts a photo of a smoothie
#
tantek and gives it a "title" (first comment)
#
aaronpk wha
#
tantek yeah!
#
tantek benwerd, since you seem to have figured out how to POSSE photos (e.g. to Flickr, Facebook), perhaps you could create a test Instagram account and figure out how/what the worm is doing :)
#
aaronpk example?
#
benwerd Eeeeeenteresting
#
tantek exactly
#
tantek http://www.popphoto.com/news/2013/07/instagram-users-get-hacked-pictures-food
#
aaronpk whoa
#
tantek yeah, the way I see it, this means someone has built a client that uploads to IG! :)
#
tantek ok since this apparently wasn't obvious perhaps I should write a short note
#
benwerd https://github.com/mislav/instagram/wiki
#
tantek fascinating!
#
tantek please add to indiewebcamp.com/instagram
#
benwerd aye
#
tantek.com created /instagram (+23) "r" (view diff)
#
tantek er, http://indiewebcamp.com/Instagram
gjones joined the channel
#
aaronpk huh. I guess I didn't realize the photo I saw wasn't that person's own photo
#
tantek exactly
#
werd.io edited /Instagram (+261) (view diff)
#
aaronpk oh yea this is good, I was just thinking about MITM'ing myself and finding this out https://github.com/mislav/instagram/wiki/media
#
aaronpk I should figure out the venue field and add it to the wiki
#
Loqi yea
#
aaronpk funny, I was just considering using Instagram as a PESOS client to get photos on to my site. I do like the filters and such.
cweiske joined the channel
#
@t No @instagram clients that upload photos … except a worm.
#
tantek Oh funny, Twitter errantly lost the "?" on the end of the URL
#
neuro` I was considering adding Flickr / Instagram / 500px POSSE to Publify, 90% of the code is here, we just need to connect the Api.
#
tantek oops - that was punctuation for the sentence
#
tantek oh no - that was Loqi that lost it
#
Loqi who, me?
#
tantek compare above text to: https://twitter.com/t/status/361921665837449216
#
@t No @instagram clients that upload photos … except a worm.
#
aaronpk heh, yea Loqi follows redirects now to un-shorten links before they show up here. so he saw the ? as part of the URL
#
tantek but it's not part of the URL, nor does it redirect
#
tantek odd
#
@candrakirana237 RT @t: No @instagram clients that upload photos … except a worm.
#
aaronpk are trailing ?s officially not part of a URL? http://t.co/LTk5iszVdv?
#
f-a I wonder who sticks to RFC standards for URLs anymore
#
tantek f-a which one? http://tantek.com/2011/238/b1/many-ways-slice-url-name-pieces
#
aaronpk hehe
#
tantek is amazed how many question he's been able to answer by citing that one blog post.
#
tantek (almost two years old)
#
EHLOVader tantek: have you seen this? http://txt2re.com/
#
EHLOVader your drawing which showed all the nodes of a url reminded me of how that regular expression maker handles its sections
#
Loqi SHOWED ALL THE NODES http://loqi.me/7gd
friedcell joined the channel
#
EHLOVader what is Loqi run on? because sometimes the way it picks up on information is eerily human #UncannyValley
#
aaronpk :)
sandeepshetty, andreypopp, eschnou, gjones, julien51, friedcell, fmarier, AndrewF, JonathanNeal, jancborchardt, benwerd, sandeepshetty_, tilgovi, melvster and f-a joined the channel
#
tantek aaronpk, btw - the instagram worm is going strong: https://twitter.com/search?q=instagram hacked
#
tantek let me fix that URL: https://twitter.com/search?q=instagram+hacked
#
tantek and apparently they're not all fruit smoothie pics: https://twitter.com/Bearpigman/status/357567087570460673
#
@Bearpigman So my instagram got hacked. I've never laughed so hard at a hacking https://twitter.com/Bearpigman/status/357567087570460673/photo/1
#
aaronpk oh that's the one I saw from someone I follow
#
aaronpk lol "WOW TOM YOU LOOK AMAZING"
#
tantek maybe they're doing A/B testing
gjones joined the channel
#
aaronpk this one looks tasty https://twitter.com/kylestyIes/status/361005981926318080/photo/1
#
@kylestyIes so someone hacked my instagram twice today and posted pictures of smoothies https://twitter.com/kylestyIes/status/361005981926318080/photo/1
#
tantek yeah - they're definitely good/tasty smoothie pics! almost faved one before I read the comment, and was like wait a minute.
#
aaronpk hah
#
tantek then I scrolled, saw the pattern and http://tantek.com/2013/207/t1/link-is-in-my-bio-instagram-worm
#
aaronpk has anybody figured out how it spreads? is it a new app you authorize? or did someone's existing app get hacked and leaked a bunch of tokens?
#
neuro` There's something that bothers me with Web mentions specs published at http://webmention.org/. Is that the "official" source?
#
tantek neuro` - whatever bothers you, add it to the wiki
#
f-a aaronpk: I suspect it spreads using the weak link of any pc, i.e. tha part which lies between the chair and they keyboard
#
tantek aaronpk - when you click on the *-bbc link presumably something happens
#
tantek haven't clicked yet so I have no idea
#
tantek my guess is a simple phishing UI that looks like the instagram app login screen
#
aaronpk neuro`: you can also open an issue on github https://github.com/converspace/webmention/issues
#
aaronpk oh you think it's stealing the password? that might be easier
#
aaronpk do you have a photo with the link? I want to look at the page
#
tantek that's my guess. simplest explanation. haven't tried it yet though. I figured benwerd would try it with a test account :)
#
tantek goes back to twitter search
wycats_ joined the channel
#
neuro` tantek: just found out there was a page on the wiki about web mention, in addition to webmention.org. These do not appear easily on Google.
#
tantek neuro` - as usual, all one word, search
#
tantek 2nd result on google is indiewebcamp wiki page on webmention
#
aaronpk those two pages are the top two results in google for me
#
tantek is different in France?
#
neuro` aaronpk: my concern is about using rel='nofollow'. I understand the spam issue, but following links is part of the Web DNA.
#
aaronpk ah, I think that was copied from pingback
#
neuro` tantek: a friend of mine launched a company called "mention" I've been beta testing for 1 year, which explains.
#
tantek huh? webmention has nothing to do with nofollow AFAIK
#
aaronpk afaik nobody actually puts rel nofollow on their links
#
tantek nobody except mean silos :P
#
neuro` WebMention receivers SHOULD moderate WebMentions, and if a link is displayed back to the source, SHOULD link to source with rel="nofollow" to prevent spam.
#
tantek and they put nofollow on all your links :P
#
aaronpk yea I think that was verbatim from pingback
#
tantek that sounds lame
#
tantek ignore all presentation advice in the webmention spec - it doesn't belong there
#
aaronpk sorry, I meant nobody here
#
tantek i.e. "display"
#
aaronpk yea, let's take that out actually
#
tantek the presentation/display level is handled by indieweb comments
#
tantek pingback never should have mentioned display stuff - that should have been a separate spec
#
neuro` Also I just can't find any way to avoid spam with Web mentions, which is the other thing that bothers me (except by manual check and heavy moderation)
#
tantek same problem as pingback
#
neuro` I know, but I'd love to see mentions last longer
#
tantek webmentions will replace pingback, it's up to us to fight the spam vectors at the same time.
#
benwerd just saw my name. *wakes up*
#
tantek pure mentions are not interesting IMO. comments are.
#
tantek rather, simple mentions are fine for IRC :)
#
benwerd oh, Instagram. Yeah, I'll risk getting turfed off for you guys ;)
#
tantek benwerd - with a test account!
#
tantek we can't find any active bio links either
#
benwerd :)
#
tantek and apparently this happened in June too: http://thenextweb.com/facebook/2013/06/29/instagram-comes-under-large-scale-spam-attack-prompts-affected-users-to-reset-passwords/
#
benwerd I'm tied up for a while but I'll definitely try it once I've got some bandwidth.
#
benwerd fwiw idno's now doing photos to Flickr, Facebook and Twitter
#
benwerd Instagram seems like the missing link.
#
neuro` Congrats benwerd !
#
tantek aaronpk - haven't found any still hacked ig profiles, but the links were all to domains like: portal-bbc goto-bbc links-bbc (all .co.uk)
#
tantek (type those URLs at your own risk)
josephboyle joined the channel
#
tantek this is a bad example of a blog post I'm sorry - someone posted it here: http://blog.theoldreader.com/post/56798895350/desperate-times-call-for-desperate-measures
#
tantek seriously needs a tl;dr summary sentence/paragraph at the top.
#
neuro` tantek: just some BBC health clone that spams for some pills
#
tantek did another online RSS aggregator die? is that what happened?
#
tantek neuro` - be careful, might have mobile-safari specific JS exploits that get your other credentials or something,.
#
neuro` tantek: lynx does not support JS yet :)
#
neuro` And I have some specially crafted virtual machin when I need to analyze compromized Web sites
#
neuro` Used to work in comp sec a long time ago (in a not so distant galaxy)
josephboyle joined the channel
#
tantek huh, re: the Old Reader. good reason to start charging for accounts after the first n users (decided what n is for you and how much maintenance that takes, treat first n as beta testers that are doing *you* a service).
#
tantek "free service" and "hobby" doesn't scale for anything with a UI.
#
tantek and don't be afraid to charge a lot to limit sign-ups. do the math on support hours costs, equipment costs, and charge 10x.
josephboyle1 joined the channel
#
benwerd re: the Old Reader, Pinboard is the model to watch.
#
neuro` benwerd: do you still read blog commnts?
#
benwerd yes
gjones joined the channel
#
bret.io edited /WebFinger (+175) "Added a link to webfist" (view diff)
#
bret.io created /Webfist (+451) "Created page with "{stub} [[Webfist]] is the software used to run a distributed fallback network to enable webfinger on email address from providers that do not yet support webfinger. It was firs..."" (view diff)
sandeepshetty joined the channel
#
bret.io edited /Webfist (+120) "Added link to the session" (view diff)
#
bret.io created /webfist (+21) "Added webfist redirect" (view diff)
friedcell joined the channel
#
@domenicoperri RT @t: No @instagram clients that upload photos … except a worm.
fmarier and barnabywalters joined the channel
#
barnabywalters neuro`: just saw your comments RE webmention and spam in the logs. fwiw, we’re documenting potential spam prevention methods here http://indiewebcamp.com/spam
sandeepshetty joined the channel
#
bret.io edited /Why_web_sign-in (+473) "/* Why not email */ Stubbed a question about how everyone has an email address" (view diff)
#
f-a nice add bret
#
f-a I wouldn't know how to counter
tantek joined the channel
#
bret Don't get me wrong, I'm all for domain based authentication
#
bret but because there is so much effort behind email as an identity, everyone tends to have an email address
#
f-a I know. I praise you because the add will bring people to tackle the matter
#
tantek email has a worse spam problem than webmention, hence, not worth building on for the future IMO
#
aaronpk the question was in regards to why web sign-in
#
tantek email identity is basically just for cultural backward compat
#
tantek fine if you get paid to work on it, but nothing worth spending your own time on IMO
#
tantek ah I see bret missed the many FAQs re email identity on the wiki ;)
#
bret oops
#
tantek right above where you asked that question
#
tantek so I'll summarize an answer
#
tantek actually it's almost the same as the previous FAQ: "But emails are widely understood"
#
bret I guess I took the understanding as, people understand that they can use their email to identify themselves.
#
f-a it's different, tantek
#
bret whereas the argument that one might run into, everyone has email, only few have domains
#
f-a what bret said
#
tantek f-a see above
#
bret the "email is like a fax machine" is one analogy that could be used I guess
#
tantek or landlines
#
tantek because most remember everyone having those
#
tantek now many don't or know people who don't
#
tantek bret when you say "biggest argument for using email for authentication" - do you have a citation for that "biggest"? all of the FAQs I've added to that page have been often questioned re: email identity
#
tantek I don't see why that one in particular is any more common
#
bret How do we know we are not taking part in the eventually antipatern though?
#
bret tantek: unfortunately the best I can provide is hearsay, but I haven't looked into it much.
#
f-a bret: what the analogy is "email is like a mail address"?
#
f-a (a real one)
#
tantek bret the "at some point" antipattern depends on things not being built / working
#
tantek we have no problem with that as long as we self-dogfood
#
tantek http://indiewebcamp.com/antipatterns#at_some_point
#
bret The connotation to that, and It seems might appeal to many (again, hearsay) is that email is private, a domain is public.
#
bret but then again, these days, email aint private
#
tantek right
#
tantek email is spammed more - ergo, not private
#
tantek try again
#
caseorganic.com edited /site-deaths (+728) "/* Upcoming */ Added Astrid shutdown from Yahoo!" (view diff)
#
bret Ill think on this. I tend to not think on my feet very well if I don't already understand things thoroughly when talking with people.
#
bret but I will cc some of these points over to the wiki
#
tantek which points bret? I'd advise reading the current points on the wiki first
#
tantek and familiarizing yourself with them
#
tantek.com edited /Why_web_sign-in (+237) "answer But Everyone Has an Email Address FAQ" (view diff)
#
tantek bret the short answer to why domains rather than email is answered by the first two "Whys" here: http://indiewebcamp.com/Why_web_sign-in#Why_not_email
#
tantek because all email addresses are either at a 3rd party, or a personal domain.
#
tantek by refuting both those cases, we refute the entirety of email as identity
#
f-a a bit patronising but clear, tantek :)
#
tantek f-a, a bit tired of the email as identity arguments, which tend to be mostly propagated by people on email lists.
#
tantek which is why we're collecting a *web page* debunking them, and to describe why a *web*-based identity is better
#
bret tantek: I think its a matter of people (me parroting others) in this case rephrasing similar questions. But it helps iron out all possible nuances with the matter
#
f-a indeed a dialogue helps getting all the little doubts out
#
tantek bret - sure, we have plenty of wiki-space to debunk each variant/nuance
#
tantek f-a, plus it's taken a while to build up the full set of arguments debunking email as identity
#
tantek 3rd parties, own domain, "everybody/massadoption" anti-pattern
#
tantek the email-as-identity crowd is kind of funny too in that most still think that email-lists are a way to be productive (about anything)
#
tantek like a bunch of fax machine hobbyists faxing each other ideas about new ways to use fax machines
#
aaronpk i still want to add fax as an option to indieauth
#
tantek aaronpk - totally. would be funny to cluster it with sms and email in a pre-web-tech section ;)
#
caseorganic.com edited /site-deaths (+2651) "/* 2008 */ AOL Homesites Shutdown" (view diff)
#
tantek are there any phishing sites that ask you to register your information so they can send you a booklet on how to avoid being phished?
#
tantek (email as identity -> usually means email + pw as identity -> phishing vulnerability)
f-a_ and f-a joined the channel
#
donpdonp aaronpk: i hope you do postcard as well, maybe a bitcoin deposit for the postage
#
aaronpk !!
#
aaronpk was thinking postcard, but hadn't thought about bitcoin deposit
#
donpdonp i can remember in the BBS days some sites would send a postcard with your password on it to your home address
#
tantek donpdonp you win for the most ironic juxtaposition of technologies. goodness.
#
f-a wow I want to see one of those cards, donpdonp
#
donpdonp tantek: haha. i hadnt though of that.