2013-08-03 UTC
# 00:04 benwerd Just had a discussion over lunch with someone about this too. Can't assume, at least right now, that people will upgrade their servers or their server software. josephboyle joined the channel
# 00:09 neuro` benwerd: even worse, all the uncomplete cut and paste tutorials on how to setup your Apache # 00:10 benwerd all of these things are things people are paid to do for a living. there's no way to expect other users to do it well (or care about doing it well) # 00:11 benwerd I'm still waiting for my server that works like an iPhone ;) # 00:11 bret thats why things like bitnami need to better # 00:11 benwerd Because, honestly, that mobile device workflow is absolutely perfect. Software is, generally, up to date, because updating it is trivial (and actually feels good) # 00:12 benwerd (Although I don't mean to suggest that perfect means it couldn't be improved. But it does work well.) # 00:12 aaronpk my guess is it'll either follow that model, or will follow the model that buying a house does # 00:12 tantek benwerd - I disagree - having to update client software is dumb. the web fixed that. # 00:12 tantek and your mobile device doesn't (yet) act like a server. # 00:12 aaronpk good luck trying to teach people enough legal stuff to actually understand what's going on during the transaction of buying a house # 00:12 aaronpk that's why there are lawyers, mortgage brokers, title companies, etc # 00:13 tantek a domain/website is much closer to a cell phone than a house # 00:13 aaronpk when you buy a house you use a title company. the title company doesn't own the house, but they help you buy it. # 00:13 neuro` This is the biggest French hosting company, selling dedicated servers for 3.6 euros a month. # 00:14 tantek aaronpk - hugely outdated inefficient system that people are too afraid to change/improve # 00:14 aaronpk but also a system that is convoluted enough that there are industries built around helping people navigate through it # 00:14 benwerd ... which then in themselves act as obstacles to it being unpicked and made simple # 00:15 aaronpk explaining someone how domain registration, name servers and dns works is just as complicated as explaining the process of buying a house # 00:15 aaronpk also why should someone have to know all about DNS and root name servers just to have a site online # 00:16 aaronpk which is why twitter, facebook, medium, tumblr, etc have gotten so big # 00:16 tantek the application to rent an apartment is closer # 00:16 aaronpk but you can actually reasonably read through a rental agreement and make sense of most of it # 00:17 aaronpk it's a simple contract between you and one other entity # 00:17 tantek uh, nothing simple about any rental agreement I've seen (here in CA) # 00:17 benwerd I've been both a CA renter and a UK landlord, and argh # 00:17 aaronpk either way there's still you, the landlord, and some rules default to the state # 00:18 aaronpk but buying a house involves a mortgage company in addition to paying property tax, not to mention utilities, there's a lot more moving parts # 00:18 aaronpk just like getting a website is not as simple as a rental agreement, it involves a domain registrar, a name server, a DNS server, a hosting company or an internet connection and your own server # 00:18 benwerd goodnight neuro`. I enjoy how you mark up your IRC lines btw :) # 00:20 f-a aaronpk: it's remarkably easier if buy, say, shared hosting, much more difficult if you plan to do stuff yourself # 00:20 tantek aaronpk, benwerd, btw - video of my microformats2 talk is now up - wherein I use screenshots of your awesome indieweb implementations as examples of microformats2 deployment # 00:20 benwerd was amazed to see that you were doing that while presumably hyper-jetlagged # 00:21 tantek yes - you can watch me in full on <24h since jet-lagging 10 timezones in that video # 00:22 neuro` aaronpk: most shared hosting companies provide click and play interfaces from, from plan picking to CMS deployment. # 00:23 f-a indeed they do, and as limited as it gets, it's a good start # 00:23 tantek aaronpk - if you find an online version of those Dreamhost notices, please add to # 00:32 f-a mhhh, that particular dreamhoster doesn't seem particulary happy # 00:35 f-a still, if he were really that pissed off, he just needed to rename a folder, no big deal # 00:44 benwerd I've never found an HTML presentation framework I really like. Anyone else? (Not to say that I like Powerpoint.) # 00:55 aaronpk I pushed up some major changes behind the scenes last night jlsuttles joined the channel
# 01:21 bret reading that FB platform rant. this is awesome: "What would you do if you cared about someone other than yourselves?" # 01:23 f-a ahah found that incredibly funny too # 01:24 bret I want to make the word more open and connected through a shitty api :? scor, tilgovi and pdurbin joined the channel
# 02:04 aaronpk pretty sure we could combine webmention, microformats2 and indieauth to do private messaging pretty easily # 02:17 pdurbin when I think of private messaging I think of SMTP and XMPP # 03:24 aaronpk sweet. that's step 1. somewhat required for the private messaging # 03:26 aaronpk right now all the endpoints are hard-coded, so it would expect iamshane.com/auth and iamshane.com/verify to work as expected # 03:27 shaners assuming those were there, i could use iamshane.com's indieauth to login as proxy out to twitter, etc to login to indiewebcamp as iamshane.com? # 03:28 shaners second order question, what if i setup an oath server to my site and add it as a trusted auth provider to iamshane.com's indieauth server? # 03:28 pdurbin aaronpk: cool that you're thinking about how to make indieauth less centralized # 03:29 aaronpk although at that point you're basically just giving yourself a password login form to your site, which would also work # 03:29 aaronpk pdurbin: of course! my goal was never to have a centralized login system, just a more convenient one! # 03:29 shaners but i could use that u/pw form to login to someone else's site! # 03:30 aaronpk no, that would require that my site linked to <link href="iamshane.com" rel="indieauth"> # 03:39 shaners i'm confused. i thought indiewebcamp.com used the indieauth server that the user who's logging in specifies on their own site # 03:40 aaronpk so how would you be able to trick it into signing in as me? # 03:41 aaronpk oh I thought you were trying to figure out if you can hack it # 03:44 aaronpk you say dependency, I say service-oriented architecture :P # 03:45 shaners it'd still be SOA-ish. i just wouldn't _depend_ on twitter or github or whatever # 03:47 shaners or put differently, i would own the services used in the service-oriented architecture # 04:11 aaronpk who has a webmention endpoint that wants to test this indieweb messaging with me? # 04:12 aaronpk actually technically it doesn't, if you are willing to assume a UUID in a URL is your security # 04:16 bret I could generate a uuid and put it on a page heath joined the channel
# 05:53 shaners aaronpk: what you wrote up was what i was expecting. # 05:55 aaronpk haven't fully thought through the implications of that yet # 05:56 neuro` Security through obscurity? Where? Actually, retuning a 401 on unauthenticated call is OK on the protocol side, but means "Hey men, there's something hidden here and you don't have access to it" # 05:56 bret I don't think I would want to store anything private on my site, since the source is all in github # 05:57 shaners aaronpk: PS your twitter reply short urls are busted # 05:57 aaronpk shaners: whoa what happened, they were working a second ago # 05:58 aaronpk apparently i've never posted more than 10 replies in a day # 05:58 aaronpk wow. that's supposed to be a newbase60 digit not a base10 digit # 06:00 neuro` aaronpk: on a static site, authentication can be done at the Web server level. Give Alice a directory, and use Apache authentication (require user Alice) # 06:00 neuro` The only issue I see there is that Apache will expect a specially crafted string, which is not an indieauth token # 06:00 aaronpk neuro`: yea but what's the password database behind that? how would that work with indieauth? # 06:05 neuro` That were only short night pre caffeine thoughts heh. # 06:06 aaronpk no it would totally work. i'll add it to the page. # 06:06 neuro` But I'm not comfortable at all with UUID: once you've found the pattern, it's too easy to bruteforce # 06:07 bret aaronpk: does pingback.me support cors? # 06:07 aaronpk bret: i don't think it does yet but I saw your ticket and can easily add it # 06:07 aaronpk neuro`: the point of UUIDs is there's enough bits that you can't just guess or bruteforce them # 06:07 bret I'll let you know what I find aaronpk # 06:08 aaronpk actually I should probably say 128-bit random identifier, not UUID # 06:08 aaronpk really anything with >= 128 bits is fine. I think that's the current accepted "unguessable" standard # 06:08 bret aaronpk: would pin13 support a cors request? IE client side JS requesting a parse of a page for use on a page. just experimentally # 06:09 aaronpk bret: no I dont really want that site to be used in production # 06:09 aaronpk i suppose i could add it so you can test with it, but i don't want people to depend on that # 06:09 neuro` shaners: secrets are only valuable the time you need the to be secrets :-) It's a hide and seek game. # 06:10 bret I wonder how many indieweb sites would support a cors request so that the JS library could do a parse # 06:10 shaners moor's law turns present big numbers into future small numbers # 06:10 aaronpk interestingly, it only takes like 11 newbase60 digits to get 128 bits of randomness # 06:11 aaronpk so you could easily do like 64-char long URLs and be safe for a long long time poppy joined the channel
# 06:13 neuro` shaners: looking for ruby + newbase60, first result is your gem # 06:13 bret aaronpk: would your personal website support a cors request? # 06:14 bret would it be a big security risk to enable that kind of thing? # 06:15 bret Client side reply context displays and displaying replies on a static site # 06:15 bret IE, retrieve the page, parse it, display it # 06:16 bret I would love if it was just json, because easy, but being able to pull it out of MF2 would be even better # 06:18 bret shaners: it seems like it would be easier than supporting some kind of jsonp api on a site, but I dont know the security implications of enabling public CORS # 06:18 shaners bret: i don't understand. why can't you fetch the html/mf2 straight away? # 06:19 bret I host on github pages, and display webmentions using an external service (pingback.me for now, but eventually it will be hosted on my own space) # 06:19 aaronpk yea wait a sec, i thought there was no problem with JS making get requests to other domains. it's only a problem if you need to send headers or handle other HTTP codes and such # 06:20 bret i though that you cant get anything from another site unless they have CORS turned on for you # 06:21 bret anyway shaners, that external service will be used to collect mentions. my client side JS then retrieves that data and displays it: http://bret.io/2013/07/25/t1/ The next step is to make that display the actual reply context # 06:22 shaners bret: have you tried fetching a page from me/aaronpk/etc to see if it works without cors on on our ends? # 06:23 bret Eventually, I want to build an IRC bot like website bot that can handle actually committing that data to the repository, and perform other actions that need to happen, like send webmentions # 06:23 bret shaners: not yet, never done it before, reading about it trying to figure it out. I was just probing to see if it was worth even trying # 06:24 aaronpk bret: oh p.s. today I demo'd the new deploy server at the office! creating a new branch spins up an EC2 server and launches the site there, pushing to a branch updates the corresdponding web server # 06:25 bret cool aaronpk, I dont have the programming chops yet :( hadleybeeman joined the channel
earplugs and tantek joined the channel
eschnou joined the channel
andreypopp joined the channel
tilgovi joined the channel
# 08:18 bret tantek: any new developments on possible w3c/indiewebcamp sponsorship/scholarships for the Workshop on Social Standards? # 08:21 bret that one lady did the same thing I did with microdata. tilgovi joined the channel
# 08:46 bret unfortunately this job i have this summer only pays once a month, just trying to figure out the budget for the month # 08:48 bret the ticket was a bit of an impulsive buy xtof joined the channel
# 09:48 neuro` tantek: almost noon for me, but the sun never sets on Indie Web. f-a joined the channel
# 09:58 neuro` We had a good discussion about indie web based private message sooner today. # 10:06 f-a what were the ideas, if I may ask barnabywalters, earplugs1, earplugs, scor and josephboyle joined the channel
heathjs, earplugs1, singpolyma, barnabywalters, BjornW, andreypopp, xtof and f-a joined the channel
andreypopp, melvster, barnabywalters, f-a_, f-a, josephboyle and barnabywalters_ joined the channel
andreypopp joined the channel
# 20:12 aaronpk "This model is beautiful. It's a bunch of email privacy advocates hiring a couple of skilled guys for a year to write the open source software we all wish existed. And I explicitly _don't_ want them to make a business of it, because that changes the incentives completely." eschnou joined the channel
# 20:25 f-a I don't recall... wasn't there a similar crowfunding projects some months ago? tomshredsAway joined the channel
# 20:26 aaronpk i used it like 7 years ago and finally dropped it in favor of gmail since it kept getting hacked # 20:30 barnabywalters I wonder if recent news and the privacy+security+ux focus from the beginning will make people more interested this time around # 20:31 f-a it was quite a famous kickstarter, lwn wrote about it extensively # 20:31 f-a desktop app, not only linux, in the plans of the devs, iirc # 20:31 aaronpk still, I don't really need another desktop mail client. thunderbird and mail.app are fine # 20:31 eschnou aaronpk, I just commented on one of your item but it seems it failed :( is it due to me moving my site to https only? # 20:33 eschnou aaronpk, or maybe because I didn't strip the #comments from the uri? # 20:35 eschnou aaronpk, faultcode 17 # 20:35 eschnou aaronpk, no_link_found # 20:37 eschnou aaronpk, hmm, just did it again and same fault, this time with proper link.. # 20:38 eschnou aaronpk, I did successfully comment on your stream in the past, so I wonder what changed. # 20:38 aaronpk hm maybe my server doesn't recognize your ssl cert # 20:38 aaronpk you're sending https in the pingback request right? # 20:40 eschnou aaronpk, if you are using curl, there is an option to skip cert issues (and thus also accept self signed certs) # 20:41 eschnou aaronpk, why not ? At least the accepting self-signed certs part. # 20:42 aaronpk you might as well not use ssl in the first place then # 20:42 aaronpk really i just need to update my server with a good list of root certs # 20:44 eschnou aaronpk, well, could have a dialback like mechanism for self-signed certs, this is how we do in xmpp world. andreypopp joined the channel
# 20:51 bret i like the sound of mailpile more than geary because i can use it everywhere it sounds like, not have to wait for some some cross platform port # 20:52 eschnou hmm.. nothing beats thunderbird + engimail :-) # 20:53 f-a I am a bit unsure, how does GPG works with a web client # 20:54 eschnou thunderbird is a desktop client :-) # 20:54 eschnou itis the one from mozilla. # 20:54 f-a I was referring to mailpile, eschnou # 20:55 eschnou ha ok, sorry :-) # 20:55 f-a I personally use mutt. If I were to encrypt mails via a web client, I think I would need to trust the server the client is running from? Am I wrong? # 20:56 barnabywalters f-a: the idea is that you run mailpile on your own computer, or one close to you # 20:57 bret thunderbird has gotten a lot better recently, but still leaves a lot in terms of UX/UI # 20:59 bret The account pane in TB, for example... earplugs and tilgovi joined the channel
# 21:30 bret it also has a decent IRC client built in friedcell, tilgovi and andreypopp joined the channel
tantek and friedcell1 joined the channel
andreypopp joined the channel
josephboyle joined the channel
neuro` The latest thing that scared me: http://translate.google.fr/translate?sl=fr&tl=en&js=n&prev=_t&hl=fr&ie=UTF-8&u=http%3A%2F%2Fwww.kimsufi.com%2Ffr%2F&act=url
f-a aaronpk: it's remarkably easier if buy, say, shared hosting, much more difficult if you plan to do stuff yourself
tantek neuro` citations for such click and play interfaces? perhaps add links to http://indiewebcamp.com/web_host
aaronpk ah here we go https://discussion.dreamhost.com/thread-134959.html
benwerd Mozilla theme for Shower presentation template: http://github.com/pepelsbey/shower
aaronparecki.com created /distributed-indieauth (+2640) "Created page with "One of the most common critiques of [[IndieAuth]] is that it is essentially centralized, requiring indieauth.com in order to function. While [https://github.com/aaronpk/IndieAu..."" (view diff)
shaners aaronpk: what happens when "iamshane.com" tries to login into indiewebcamp.com and iamshane.com[rel=indieauth][href=http://iamshane.com]?
Loqi [mention] http://aaronparecki.com/replies/2013/08/02/11/indieweb linked to http://indiewebcamp.com/POSSE (webmention)
bret anyway shaners, that external service will be used to collect mentions. my client side JS then retrieves that data and displays it: http://bret.io/2013/07/25/t1/ The next step is to make that display the actual reply context
tantek.com edited /web_hosting (-19) "/* Types of Service */ l Dreamhost to local page" (view diff)
pdurbin f-a: you could always go read the log: http://indiewebcamp.com/irc/2013-08-02
@JohnMetta RT @neophiliac: Thinking about building an #indieweb "me-page" app to manage data for TimelineJS. https://github.com/VeriteCo/TimelineJS cc/@JohnMetta
barnabywalters bnvk: congrats on the mailpile release! 6% funded already — nice one
@Decay_NJ RT @MediaMavJeyMari: Spending the weekend in post for our webseries for @Decay_NJ Cant wait for you guys to see it! #indieweb #webisodes #s…