#indiewebcamp 2014-04-01

2014-04-01 UTC
pauloppenheim joined the channel
#
snarfed how's the weather in reykjavik?
#
@cryptocoinage RT @lightcoin: Lots of cool stuff added since the last time I checked out the @redecentralize website http:///about/ #p2p #indieweb (twitter.com/_/status/450789178109095936)
kbs and tantek joined the channel
#
kbs KevinMarks: [just re-reading logs] thanks for the info on the social graph api
#
kbs makes sense. Seems like identengine was just leveraging the work already done by it. At any rate, have also re(implent|discover)ed the trick for my little experiment as well.
#
@Hermetec RT @lightcoin: Lots of cool stuff added since the last time I checked out the @redecentralize website http:///about/ #p2p #indieweb (twitter.com/_/status/450799139375165440)
paulcp, scor, kbs, lukebrooker_, lukebrooker, snarfed, caseorganic and jedahan joined the channel
#
kylewm.com edited /Getting_Started (+3) "/* Personal Domain */ linkify 'domain name registrar'" (view diff)
#
kylewm.com edited /domain_name_registrar (+435) "/* Criteria */ copy some info about domain name privacy from 'Getting Started'" (view diff)
#
kylewm.com edited /domain_name_registrar (+390) "/* Criteria */ add detail to the criteria section" (view diff)
tilgovi joined the channel
#
kylewm.com edited /domain_name_registrar (+355) "/* Registrars */ info on godaddy (i.e., why you should choose anyone else)" (view diff)
tantek joined the channel
#
@kevinmarks “Facebook controls the signal, and it defines you as noise” @mathewi http://gigaom.com/2014/03/31/this-is-what-happens-when-facebook-controls-the-signal-and-it-defines-you-as-noise/ #indieweb (twitter.com/_/status/450867627649273856)
#
kylewm.com edited /Getting_Started (+385) "/* Post Once Syndicate Everywhere */ changed acronym definition to match up with POSSE page, added encouragement for non-programmers/silo-API-divers" (view diff)
#
@SinaBahram RT @kevinmarks: “Facebook controls the signal, and it defines you as noise” @mathewi http://gigaom.com/2014/03/31/this-is-what-happens-when-facebook-controls-the-signal-and-it-defines-you-as-noise/ #indieweb (twitter.com/_/status/450870865870483456)
#
kylewm.com edited /Getting_Started (+388) "/* Add h-entry to your posts */ emphasize that, once you have microformats, you can create indie comments without writing code or even resorting to cURL" (view diff)
scor, jsilvestre, netweb and rtaibah joined the channel
#
@redecentralize RT @lightcoin: Lots of cool stuff added since the last time I checked out the @redecentralize website http:///about/ #p2p #indieweb (twitter.com/_/status/450890716731166720)
Jihaisse joined the channel
#
@Zeipt RT @lightcoin: Lots of cool stuff added since the last time I checked out the @redecentralize website http:///about/ #p2p #indieweb (twitter.com/_/status/450891655043088385)
voxpelli, caseorganic, melvster, LauraJ, krendil, friedcell, bnvk, jonnybarnes, Sebastien-L and tobiastom joined the channel
#
@LloydDavis RT @kevinmarks: “Facebook controls the signal, and it defines you as noise” @mathewi http://gigaom.com/2014/03/31/this-is-what-happens-when-facebook-controls-the-signal-and-it-defines-you-as-noise/ #indieweb (twitter.com/_/status/450916498413215744)
rtaibah joined the channel
#
rtaibah Quick question, what is the community’s opinion on Mozilla Personas?
#
voxpelli rtaibah: I think the community prefers an approach like IndieAuth, see eg. http://indiewebcamp.com/Web_sign-in
#
rtaibah voxpelli: yeah I implemnted that already, was just wondering. Did not find any reference to it on the website
ttepasse, barnabywalters and voxpelli joined the channel
#
KevinMarks I think indieauth supports persona
#
voxpelli KevinMarks: oh, you’re right: https://indieauth.com/
#
voxpelli but it doesn’t really fit with the general idea of RelMeAuth / Web sign-in, does it?
#
pdurbin voxpelli: why not?
#
KevinMarks well, persona is email based
#
voxpelli pdurbin: RelMeAuth is based on rel-me links back and forth between web sites to confirm a unified identity
#
voxpelli and e-mails can’t do links and thus can’t link back to confirm that it is part of a unified identity
#
KevinMarks right, but persona can verify the email
#
KevinMarks same as the SMS support can verify that
#
voxpelli (unless you want to go down the WebFinger route, but that’s not so in line with the IndieWeb spirit)
#
bnvk According to the webmention protocol MUST a publishing source have their mention formatted like: "@username of the target at start of message" as well as sending the mention to the appropriate domain?
#
pdurbin hmm. yeah. lots of criticism at http://indiewebcamp.com/WebFinger
#
bnvk or is simply sending "the target a message like this" acceptable?
#
KevinMarks could also use WebFist
#
voxpelli bnvk: as long as there is a link to the target WebMention itself doesn’t really care, it’s more of a matter of what’s best practice from an IndieWeb / h-entry perspective
rtaibah joined the channel
#
bnvk hrm, interesting... i'm considering publishing UI implications
#
KevinMarks eg http://webfist.org/.well-known/webfinger?resource=acct%3Akevinmarks%40gmail.com
#
KevinMarks :D
#
voxpelli KevinMarks: that’s cool – I think there’s a usecase that it solves when it comes to discovery for such identities
CheckDavid, ttepasse, eschnou, pasevin, rtaibah, cweiske and bnvk joined the channel
#
bnvk so is the preferred nomenclature for a thread (on my site) which is a response to someone elses post:
#
bnvk 1 - Reply Context
#
bnvk 2 - New Status
#
bnvk 3 - Comment
#
bnvk 4 - Comment
#
bnvk or is it better to just treat each post (reply / comment) like it's own new status
scor, pfenwick and eschnou joined the channel
#
barnabywalters bnvk: you’re talking about threaded conversation threads? replies to replies in a thread?
#
bnvk yes
#
barnabywalters that’s an issue which has yet to be solved well
#
bnvk gotcha
#
bnvk glad to see I'm bringing up all sorts of things that haven't been brought up before :)
#
barnabywalters there has been a bunch of brainstorming about it but not much implementation
#
bnvk is there a page on the wiki?
#
barnabywalters at the moment everyone’s using the twitter model of every response being a standalone thing
#
barnabywalters which is fine, but actually *displaying* them is another thing
#
barnabywalters hrm, I know there was a page, can’t find it…
#
barnabywalters ah, here it is
#
barnabywalters http://indiewebcamp.com/comment-propagation
#
barnabywalters and, to a certain degree, http://indiewebcamp.com/comment-notifications
#
bnvk cool
#
bnvk takk
#
voxpelli something to keep in mind is approaches like mine in https://webmention.herokuapp.com/ – embedding comments through javascript
#
voxpelli usually js-created HTML isn’t very indiewebby, but for comments aggregated from elsewhere I think it is
#
voxpelli but affects the possible approaches barnabywalters linked to
gRegor`, j12t and scor joined the channel
#
KevinMarks you know what's annoying? when makefiles only work if you don't have any spaces in your directory names
#
KevinMarks voxpelli: that looks interesting, as I have static pages
#
voxpelli KevinMarks: feel free to sign up and send me feedback :)
eschnou joined the channel
#
bnvk !tell chloeweil I met your friend Cirilia here in Iceland yesterday :)
#
Loqi Ok, I'll tell them that when I see them next
rtaibah and snarfed joined the channel
#
KevinMarks OK, I put it on kevinmarks.com at root
#
KevinMarks (not on each page as they don't use templates yet)
#
ben_thatmustbeme well i found all the stupid pokemon... thank you google maps for making me waste my time
#
ben_thatmustbeme it was fun though
#
barnabywalters ben_thatmustbeme: pokemon on real maps? link?
#
ben_thatmustbeme open google maps app on android (i'm not sure if its on IOS or not)
Sebastien-L joined the channel
#
ben_thatmustbeme and just go to the googleplex for example
#
barnabywalters ah, no mobile device :(
#
barnabywalters how does it work? you fight them or just find them?
#
KevinMarks hmmm
#
KevinMarks ok, someone webmention me...
#
KevinMarks :D
#
barnabywalters KevinMarks: on it!
#
barnabywalters sent
#
barnabywalters to http://www.kevinmarks.com/indiewebsfdemowrapup.html
#
barnabywalters KevinMarks: taproot thinks you’re scott jenson: http://waterpigs.co.uk/notes/4VMERE/
#
KevinMarks oh, I only put it on the top level at kevinmarks.com
#
KevinMarks 'cos my staic site is very static indeed
#
ben_thatmustbeme barnabywalters, just find them
KevinMarks2 joined the channel
#
barnabywalters KevinMarks: okay, sent. I got a response saying {"pending":true,"message":"WebMention accepted"}
#
ben_thatmustbeme i really need to get my site working, unfortunately real work is getting in the way this week
#
KevinMarks2 Oho
#
barnabywalters ben_thatmustbeme: real work and pokemon ;)
#
KevinMarks2 So how do I know when to reload?
#
voxpelli KevinMarks2: Should be fetched pretty much right away
#
barnabywalters hrm, it does not seem to be in there
#
KevinMarks2 Hmm. Wonder if I typoed the JS
#
barnabywalters no, it’s because I left the www out I think
#
@kevinmarks @gigastacey nice indieweb thinking. My boys used blogger when younger (twitter.com/_/status/451004672031985665)
#
barnabywalters KevinMarks: okay but your account is registered without the www
#
barnabywalters so try this URL: https://webmention.herokuapp.com/api/embed?url=http%3A%2F%2Fkevinmarks.com%2F
#
barnabywalters I see my mention in there!
#
barnabywalters note that, like webmention.io, this will not show you mentions sent to kevinmarks.com without the www, or without a trailing slash
#
ben_thatmustbeme baranbywalters: nah, finished the pokemon
#
voxpelli hmm, yeah, a problem that www.example.com and example.com is two different URL:s
#
barnabywalters taproot keys webmentions off resolved paths, independant of trailing slashes or domains or query strings and similar
#
barnabywalters e.g. if you send a webmention to www.waterpigs.co.uk/notes/1000, the target key for that mention will be “/notes/1000/“
#
barnabywalters i.e. taproot fetches the target URL of the webmention, follows all redirects and takes the path of the original
#
voxpelli for me that would make it impossible to use with eg. github pages where each subdomain is different
#
voxpelli but would probably be good to resolve the target URL
#
barnabywalters voxpelli: resolving should fix both cases, as ideally a website should redirect to/from it’s www. variant
#
barnabywalters the only reason I didn’t include the host in the key is to make local testing easier, and to save a batch conversion if I ever move domains
#
ben_thatmustbeme hmm, so what ways are there to verify microformats on my site. bridgy just says it cannot parse my site and no explanation why
#
barnabywalters ben_thatmustbeme: http://indiewebify.me has some tools
#
snarfed ben_thatmustbeme: you can also click on the log links on your bridgy user page to see the gory details of what it parsed
#
barnabywalters and http://pin13.net/mf2/ and http://waterpigs.co.uk/php-mf2 allow you to parse arbitrary HTML by URL or raw entry and see the JSON produced
#
snarfed the "X ago" links under "Recently published"
#
barnabywalters snarfed: any chance you could link to http://microformats.org/wiki/validators from that error message?
#
barnabywalters should I add an issue
#
snarfed good point, will do. no worries, not big enough for an issue, but thanks though
cweiske joined the channel
#
voxpelli barnabywalters: just noticed btw that your post http://waterpigs.co.uk/articles/problems-with-hash-fragment-subscriptions/ didn’t ping the Superfeedr blog correctly
#
KevinMarks do I need it to be https?
#
barnabywalters voxpelli: oh dear, how so?
#
voxpelli barnabywalters: don’t now what the cause is, but perhaps you sent a relative URL as the source? Can’t really tell from the logs right now
#
barnabywalters ah yes it’s likely that that’s an issue
#
barnabywalters because whenever I POSSE an article the tweet has a relative URL in and I haven’t fixed it yet :)
#
barnabywalters I’ll do that now
#
KevinMarks hm
#
KevinMarks so kevinmarks.com redirects to www.kevinmarks.com
#
voxpelli KevinMarks: Apparently I treat the https and http URL:s as being different as well, that’s a bit excessive of me
#
barnabywalters voxpelli: fixed and resent. Thanks!
#
@voxpelli @superfeedr Nice to see you using https://webmention.herokuapp.com/ :) You might want to style them a bit though: http://blog.superfeedr.com/indieweb-microformats-fragments-subscriptions/ (twitter.com/_/status/451010840020668418)
tahnok joined the channel
#
ben_thatmustbeme oy, looks like i'm going to have to walk through the creation of my webmentions stuff carefully
#
barnabywalters !tell tantek I see you’ve set a rel-hub URL on your homepage — do you publish updates for it (i.e. the HTML) or rely on the hub polling for changes?
#
Loqi Ok, I'll tell him that when I see him next
tantek joined the channel
#
Loqi tantek: barnabywalters left you a message 23 minutes ago: I see you’ve set a rel-hub URL on your homepage — do you publish updates for it (i.e. the HTML) or rely on the hub polling for changes?
snarfed joined the channel
#
tantek barnabywalters: I do publish updates to the hub but unfortunately only PuSH 1.0 - which uses my atom feed /updates.atom
#
tantek everytime I heard the HTML PuSH 2.0 explanation it sounded way too complicated.
#
tantek PuSH is ripe for simplification the same way Pingback was.
#
barnabywalters ah okay — I subscribed to your homepage but should have detected that you didn’t have a rel=self link, so weren’t using PuSH 0.4
#
barnabywalters that’s another thing to add to the pre-subscription checks
benprew joined the channel
#
KevinMarks !tell voxpelli only one url per github account?
#
Loqi Ok, I'll tell them that when I see them next
#
@IndieCreddit Pleased to announce a crypto currency for the #indieweb - http://indiecreddit.com (twitter.com/_/status/451033491174481920)
#
aaronpk oh man
#
aaronpk KevinMarks++
#
Loqi KevinMarks has 15 karma
#
barnabywalters ha ha ha
#
barnabywalters KevinMarks++
#
Loqi KevinMarks has 16 karma
snarfed joined the channel
#
aaronpk wait does this actually work
#
KevinMarks I did actually build a currency, though I don't know if I've mined enough blocks for any to exist yet
#
aaronpk !!!!!
#
KevinMarks also I only built a mac client
#
barnabywalters aw, the client doesn’t open
#
KevinMarks ah crap
#
aaronpk aw it crashed for me
#
aaronpk lol "identifier: com.yourcompany.indiecreddit-qt"
#
Loqi lolz
#
barnabywalters yourcompany.com is producing so many apps these days
#
aaronpk barnabywalters++
#
Loqi barnabywalters has 34 karma
#
KevinMarks I think you may need to "sudo port install miniupnpc" as I had trouble stripping it
#
aaronpk is it on homebrew? I don't have port
#
barnabywalters wait lightcoin seriously uses IRC?
#
aaronpk KevinMarks: hm installed through homebrew but that didn't fix it
#
KevinMarks yes, it uses irc to find other clients
#
KevinMarks are you getting a link error?
#
aaronpk yeah Library not loaded: /opt/local/lib/libminiupnpc.10.dylib
jedahan and tantek joined the channel
#
KevinMarks hmm
paulcp and tantek joined the channel
#
KevinMarks can't work out how to strip the uPNP dependency
#
KevinMarks the make file looks liek it can, but then it doesn
tantek-ipod, jonnybarnes, paulcp_ and kbs joined the channel
#
barnabywalters to the ephemeral controllers of #eviltantek: I submit http://xen.adactio.com/ as an amusing link for him to POOS
#
kbs aaronpk: is https://aaronparecki.com/notes/2013/10/12/2/indieweb ok to use for random testing webmentions? I don't want to accidentally spam/cause issues - mostly curious about what it does. (or, suggestions for other testing places much appreciated :)
pasevin joined the channel
#
KevinMarks aaronpk: can you try again now, I manually commented out links to that library
#
kbs heh. indiecreddit kevinmarks :)
#
KevinMarks can someone with a mac try the client?
#
KevinMarks I think I fixed the library linking, but hard to test here
#
barnabywalters kbs: feel free to test webmentions against http://waterpigs.co.uk/notes/4QbH5C/
#
kbs barnabywalters: ah, thank you much.
#
barnabywalters kbs: there’s also http://indiewebify.me/validate-h-entry/ which can be used to check how your markup is being parsed
#
aaronpk kbs: sure that's fine
#
aaronpk KevinMarks: now I get Library not loaded: /opt/local/lib/db48/libdb_cxx-4.8.dylib
#
KevinMarks meh
#
KevinMarks there's some linking crap going on here too
#
kbs KevinMarks: ah, segv on my end - http://paste.debian.net/plainh/41430d51
#
kbs aaronpk: great - thanks as well
#
aaronpk it's good to throw a bunch of crap at that so I can fix parsing and displaying weird mentions too :)
#
KevinMarks I wonder if the srgv is 32bit vs 64bit
#
ben_thatmustbeme so if I understand this correctly, a webmention just includes a URL for source and target, correct?
#
aaronpk ben_thatmustbeme: correct
#
ben_thatmustbeme and bridgy just does the same.
#
aaronpk bridgy sends webmentions, yes. but bridgy also creates its own URLs for silo posts for the "source"
#
ben_thatmustbeme ahh, okay
#
ben_thatmustbeme thanks
benprew and pauloppenheim joined the channel
#
@voxpelli @creationix The @indiewebcamp movements participants are all building their own blogs into Twitter alternatives – dogfooding it – take part? (twitter.com/_/status/451055316550287362)
paulcp joined the channel
#
@kevinmarks RT @IndieCreddit: Pleased to announce a crypto currency for the #indieweb - http://indiecreddit.com (twitter.com/_/status/451056479089352704)
#
pauloppenheim oh that is funny
#
pauloppenheim KevinMarks++
#
Loqi KevinMarks has 17 karma
#
KevinMarks I'm dogefooding it
#
pauloppenheim LOL
#
pauloppenheim oh man, new king of memes
#
@bretolius @chalkers Neocities + IndieAuth can work as an openID provider: http://indiewebcamp.com/IndieAuth (twitter.com/_/status/451059108741787648)
eschnou and KevinMarks2 joined the channel
#
ben_thatmustbeme so, I see that webmention states you SHOULD respond with a link to a queue entry, but there is nothing on format of that queue request that I can see
#
aaronpk ben_thatmustbeme: that was added after most of us implemented endpoints... so it's not very well specified yet
#
aaronpk I just did this for something, what was it
#
kbs ah
#
ben_thatmustbeme ah
#
kbs :-)
#
aaronpk I was thinking it makes more sense to return a Link header...
#
aaronpk rathre than anything in the body
#
kbs was playing with how identity confirmation works
#
aaronpk Link: <http://aaronparecki.com/webmention/100>
#
aaronpk rel="webmention_status"
#
aaronpk somethign like that
#
ben_thatmustbeme that would probably make parsing much easier
j12t joined the channel
#
aaronpk indeed :)
#
aaronpk that's what link headers are for
#
ben_thatmustbeme yeah, I'll do that actually, in case anyone uses it, I think that makes a lot of sense
#
ben_thatmustbeme but then queue requests...
#
kbs I sent you a couple of entertaining webmentions aaronpk since you kindly volunteered - have at it :) https://aaronparecki.com/notes/2013/10/12/2/indieweb
#
aaronpk ben_thatmustbeme: cool. i'll probably get around to webmention status results soon
#
kbs (also http://waterpigs.co.uk/notes/4QbH5C/ - similar thing.)
#
aaronpk kbs: did you send a webmention from my page to my page?
#
ben_thatmustbeme I'm thinking i'll just keep returning '202 Accepted' until it actually succeeds type of idea
#
aaronpk ben_thatmustbeme: on the status URL?
#
ben_thatmustbeme and 200 OK after it succeeds
#
ben_thatmustbeme yeah
#
aaronpk hm does HTTP have anything to say about this? cause "202 accepted" is specifically for this purpose
#
kbs aaronpk: curl --verbose https://aaronparecki.com/webmention.php -d 'source=http://paste.debian.net/plain/91033' -d 'target=https://aaronparecki.com/notes/2013/10/12/2/indieweb'
#
aaronpk oh my
#
aaronpk kbs: change it to "class=h-card p-author"
#
ben_thatmustbeme nothing I see, it looks like they were thinking it should return a URL to a web interface status, outside the HTTP scope
#
kbs oh - didn't realize it needed to be in the same block, ok
#
aaronpk otherwise the p-author property applies to the h-card which is not what you mean
#
aaronpk you want the h-card to be the author property of the h-entry
#
kbs aah
#
aaronpk ben_thatmustbeme: "The entity returned with this response SHOULD include an indication of the request's current status and either a pointer to a status monitor or some estimate of when the user can expect the request to be fulfilled."
#
kbs had that backwards, thanks for the clarification
#
aaronpk ben_thatmustbeme: so yeah, the spec doesn't seem to say anything. I'm curious if there are any known implementations of that tho
#
aaronpk https://groups.yahoo.com/neo/groups/rest-discuss/conversations/topics/4531
#
aaronpk (requires yahoo login, boo)
#
ben_thatmustbeme yeah, i was just there, thats what i mean. There is no other mention of a status monitor anywhere in the spec, so it was really like that status monitor was not specific
melvster joined the channel
#
aaronpk one guy recommends returning "204 No Content" until it is finished
#
aaronpk maybe it should just be rel="status" since it's kind of a generic HTTP thing, not specific to webmention
#
ben_thatmustbeme yeah, i guess the 204 idea makes sense somewhat
#
ben_thatmustbeme but then what do you return when it is successful
#
aaronpk 200?
#
ben_thatmustbeme oh yeah
#
aaronpk actually no 204 is probably not good, cause the status check might want to return some html content
#
ben_thatmustbeme i mean, could return Link: to the page with the item
#
aaronpk oh like a 301 redirect?
#
ben_thatmustbeme i wouldn't do a 301 redirect, that would confuse a client
#
aaronpk isn't that what you'd want it to do tho?
#
aaronpk imagine you're using the webmention form on my site
#
aaronpk you put in your URL, then you get a page that says "processing", and you keep hitting refresh
#
ben_thatmustbeme i think of 301 as redirecting for use flow
#
ben_thatmustbeme this is just to check status, there is no need to view it
#
aaronpk eventually it would redirect you back to the target page with a fragment ID so you could see your comment
#
ben_thatmustbeme and add in a Link: header so they get back the page,
#
KevinMarks there are sites that chain 302s for that, whihc is annoying
#
ben_thatmustbeme actually, there should be no need to return the link to the page, you posted it in the initial negotiation
#
ben_thatmustbeme s/negotiation/submit of the webmention/
#
Loqi ben_thatmustbeme meant to say: actually, there should be no need to return the link to the page, you posted it in the initial submit of the webmention
#
aaronpk i'm thinking about it from the end-user point of view
#
aaronpk you know the webmention form I'm talking about, right?
#
ben_thatmustbeme If I were to look at it from and end-user side, like the end-user is actually clicking the link i'm sending back, then I would return a 200 with html saying its status, and a 301 once it is accepted
#
aaronpk ok! interesting
tilgovi joined the channel
#
ben_thatmustbeme webmention form?
#
aaronpk that also implies that the status URL becomes a sort of local URL for the source URL
#
aaronpk as in, on my site aaronparecki.com, I would end up generating essentially permalinks for each webmention sent to me
#
ben_thatmustbeme yes, i was thinking of it that way, but as soon as you have a queue, you probably need to do that, even if they are redirects.
#
ben_thatmustbeme i like the 200/301 idea
#
aaronpk oh and what if the webmention was not successfully processed? like if you want to return an error message about what went wrong
#
aaronpk keep returning 200?
#
ben_thatmustbeme hmmm
#
aaronpk no that won't work, needs to be a different indicator
#
ben_thatmustbeme 410?
#
ben_thatmustbeme this way the "queue" entry is basically what you are pulling up
#
ben_thatmustbeme either it is gone and redirected (301) or it is just gone (410)
#
kbs does Loqi respond to direct messages (and/or have a !help comand?)
#
aaronpk not really
#
aaronpk but it's a feature, not a bug. trust me :)
#
kbs okay :)
#
ben_thatmustbeme haha, yeah, that could be bad. It was bad enough me playing with regex in it
#
Loqi rofl
#
ben_thatmustbeme do you even have a floor Loqi? or a body that can roll?
#
Loqi who, me?
#
ben_thatmustbeme aaronpk: 410 seems to be the best option. I don't see anything else that would really make sense there
#
kbs !tell barnabywalters - FYI in case you look into it - currently last comment on http://waterpigs.co.uk/notes/4QbH5C/ was just me testing
#
kbs not aaronpk
#
Loqi Ok, I'll tell him that when I see him next
yaf, tantek and paulcp joined the channel
#
aaronpk ben_thatmustbeme: ok here is a diagram of the discussion so far https://farm8.staticflickr.com/7203/13566052183_555ff70af6_b.jpg
#
kbs tantek: out of curiosity, figure you'd know - has anything less complicated than xml signatures emerged out of the attempts to sign web pages?
#
aaronpk i'm not entirely sold on the 410 yet, but it's a start
#
aaronpk kbs: joyent has done some stuff https://github.com/joyent/node-http-signature/blob/master/http_signing.md
#
aaronpk https://web-payments.org/specs/ED/http-signatures/2013-05-04/
#
ben_thatmustbeme the only issue i could see is a naive implementation where it just keeps pulling down the queue link and checking the response. If they automatcially redirect from the 301, they cannot tell between processing and success
#
aaronpk not sure that counts as "less complicated", but I'm not sure anything signature related will ever be "less complicated"
#
aaronpk ben_thatmustbeme: oh you mean like the client doesn't realize that the 301 indicates success, so then it keeps polling but now it's polling the original post URL?
#
ben_thatmustbeme exactly
#
kbs aaronpk: is that spec more about http than html? [I was thinking more of ways to mark a section within html and be able to sign it]
#
aaronpk kbs: oh! interesting...
#
ben_thatmustbeme I'd think 301 would be saved for if we move the queue to another location (though rare)
#
ben_thatmustbeme or if you change domains, or if you want to return a shortened URL link to the queue entry
#
aaronpk another totally different approach would be this: https://farm3.staticflickr.com/2875/13566123915_db5963ea20_b.jpg
#
aaronpk still human-readable, and perhaps more explicitly machine-readable
#
aaronpk at the expense of making up an HTTP header
#
ben_thatmustbeme that could work
#
ben_thatmustbeme could do a 201 Created on success
bnvk joined the channel
#
ben_thatmustbeme so 201 instead of 301
#
aaronpk but checking the status didn't really create the thing
#
aaronpk so it would be weird to return "201 created" from the status check
#
ben_thatmustbeme true
#
ben_thatmustbeme 303 is possible, as well
#
ben_thatmustbeme since a 301 would be like saying the entry has actually moved, in reality we are returning a reference to a comment, not a queue item
#
aaronpk my only concern with that would be what do browsers do with 303?
#
ben_thatmustbeme i think adding that header might be best, since it is easiest for human consumption and machine consumption
#
aaronpk yeah I'm kind of leaning towards that now too
#
ben_thatmustbeme besides, we aren't really saying if this is for just parsing the target site or actually approving it. I might implement a system where I approve any comments before they actually appear
#
aaronpk ooh
#
KartikPrabhu just marked-up a presentation as "h-entry h-as-presentation" :)
#
aaronpk so, "Webmention-Status: success" means everything is accepted, the sender can stop sending/retrying, but the comment may or may not actually be published
#
aaronpk and I see little reason to distinguish those two cases at the protocol level, so we can leave it at that
#
ben_thatmustbeme exactly
#
ben_thatmustbeme we know that the server received our message and knows the link, what it does after that is its own business
#
aaronpk i'm curious what others think about this as a formalization of the async processing of webmentions
#
aaronpk current proposal is this: https://farm3.staticflickr.com/2875/13566123915_db5963ea20_b.jpg
#
aaronpk actually I should add that third case we talked about
#
ben_thatmustbeme yeah, I could see a number of webmention-Status entries
#
aaronpk they were all documented from pingback
#
aaronpk https://github.com/converspace/webmention/blob/d560499c0751ca071e8826aa416c6677b59c48bf/README.md#errors
#
ben_thatmustbeme success, approved, denied, no_link_found, parse_error, source_invalid, target_invalid
#
KartikPrabhu aaronpk: the un marked lines are the rsponse body i take it?
#
aaronpk KartikPrabhu: yes, just like HTTP :)
#
KartikPrabhu :)
#
aaronpk i just didn't return a content type
#
aaronpk but it would have been text/plain
#
KartikPrabhu true
#
aaronpk ok here is a new one: https://farm8.staticflickr.com/7027/13566602913_cf79cee46d_b.jpg
#
KartikPrabhu so the idea is if the webmention was accepted and the body has a link then the mention was actually published at that link?
#
KartikPrabhu i.e. webmention-status: success + url in the body = published else accepted but not published
#
aaronpk KartikPrabhu: yes, except I can't think of a reason the webmention client would actually need to know whether it's published
#
KartikPrabhu If i send a mention to you and I want to see how it is being published or whether it was rejected. My server could notify me of that
#
aaronpk ha... wait. i was just thikning about "read receipts" the other day
#
aaronpk iMessage does a good job of this
#
aaronpk I send a message, and after a second it'll say "delivered". at that point I know the message made it to the other person's phone.
#
aaronpk after they open the message, my phone changes to show me "read"
#
KartikPrabhu yup. Whatsapp does this with the 2 ticks on read
#
bnvk aaronpk: have you seen the new Prismatic interface?
#
bnvk http://preview.getprismatic.com/story/1395840398519
#
arcatan oh, they've revised the new interface?
#
bnvk not sure when "new" is actually... I just got an email today about it
#
aaronpk so i'm thinking about webmention in the context of private messages, since i've been experimenting with that
#
KartikPrabhu hmmm... the icon fonts didn't show up on my end
#
KartikPrabhu aaronpk: yup. that is also a good use case for notifying of published i.e. read
#
bnvk What about using PGP encrypted messages for private messages?
#
aaronpk bnvk: one thing at a time :)
#
aaronpk also did you see my PGP private message with sandeep?
#
bnvk yes, that's what I'm referring to :)
#
aaronpk that's not really relevant to the webmention layer :)
#
aaronpk cause it's just a layer on top of html+webmentions
#
bnvk right
#
aaronpk so anything we solve at the webmention layer will work regardless of whether the payload is plaintext or encrypted
#
bnvk right, but I'm challenging the fundamental different of "private" message vs. public message
#
aaronpk why
#
bnvk well, what's the largest difference as you see it?
#
aaronpk public message: anybody who visits my site can see it. private message: requires auth when making the request to the URL
#
bnvk so if I send you a private message, only you can see it, right?
#
aaronpk only I can read it, and only I know that you sent it.
#
bnvk right, so, re: using the PGP wrapper, what IF you wrapped all the meta data "name, date, etc..." inside the encrypted blob
#
aaronpk everyone would still know that I sent *some* message
#
bnvk and then it would be on the platform (pk3) to not even show that the comment exists to casual passerbys
#
aaronpk i don't really see why this is relevant right now
#
bnvk no
#
bnvk if your platform only showed the crypto message to people who have a key for the message, no one else will know the message exists
#
aaronpk you're thinking too deep in application land. look at it from the outside at just the HTTP+HTML layers
#
bnvk no, i'm thinking end user experience
#
ben_thatmustbeme aaronpk, we would need a status for rejected too
kbs joined the channel
#
ben_thatmustbeme or just leave it as Webmention-Status as always success one it gets past that initial send
#
aaronpk bnvk: i'm gonna go back to this discussion... pgp/encrypted/private stuff is a separate thing
#
ben_thatmustbeme then its just the body that tells us what happens after that
#
bnvk ok, I wish what I was saying made sense
#
bnvk maybe someday I can make a prototype of it
paulcp joined the channel
#
kbs bnvk: would love to chat with you on this at some later point :)
#
bnvk deal
#
aaronpk bnvk: happy to chat about it later, but it's a separate discussion
#
bnvk noted ;)
#
aaronpk ben_thatmustbeme: the important thing about the webmention status is for the webmention client to know if the server accepted it
#
aaronpk as in, imagine you have good error handling in the client, and it'll retry on transport failures
#
aaronpk if you get an HTTP 500 back, the client will try again later. and it'll keep trying until _______ is received
#
aaronpk (where _____ == "Webmention-Status: success" in our latest sketch)
#
KartikPrabhu aaronpk: will there a list of messages like "no_link_found" for other thigns that could go wrong?
#
aaronpk ben_thatmustbeme: what is the situation you are talking about for "rejected"?
#
@glenux @videoludroit oui dans une ancienne vie. Sinon, les pirates ça utilise plutot du #elgg, du #statusNet ou d'autres outils de l'#indieWeb :) (twitter.com/_/status/451085729796726785)
#
aaronpk KartikPrabhu: yes we did have a list in the webmention spec, but removed it when the recommendation was to always return 202 accepted
#
aaronpk https://github.com/converspace/webmention/blob/d560499c0751ca071e8826aa416c6677b59c48bf/README.md#errors
#
snarfed is very interested in async webmention stuff
#
snarfed catches up
#
aaronpk the list is basically from pingback
#
KartikPrabhu aaronpk: twtr.io is putting the last parenthesis in the link giving 404
bnvk_ joined the channel
#
aaronpk KartikPrabhu: that's just bad autolinking in your irc client
#
KartikPrabhu oh hmm ok :)
#
KartikPrabhu aaronpk: yeah I am referring to exactly that list of errors. so now we'd be using those for the webmention_status
#
aaronpk yep!
#
KartikPrabhu neat!
#
ben_thatmustbeme aaronpk, that would be not in the Webmention-Status" field, but would be in the body
#
ben_thatmustbeme rejected would be if the moderator rejects it
#
ben_thatmustbeme or perhaps if it is noted as spam
#
ben_thatmustbeme blacklisted sites being another option
#
aaronpk ok yeah. my inclination is that that kind of stuff is not part of the protocol
#
KartikPrabhu ben_thatmustbeme: but "no_link_found" is in the status
#
aaronpk ben_thatmustbeme is talking about moderator rejected things, not that list of existing error codes
#
KartikPrabhu oh ok :)
#
KartikPrabhu agrees then
#
ben_thatmustbeme I'm just thinking if someone wants to keep coming back to find when the comment is approved
#
ben_thatmustbeme since you already list two cases for if its approved or waiting for approval technically
#
aaronpk "approved" is an interesting choice of words
#
ben_thatmustbeme otherwise you just specify success and nothing of the body
#
aaronpk because approved != displayed
#
aaronpk i'm trying to imagine this not only for comment threads
scor joined the channel
#
ben_thatmustbeme Currently my thinking is to keep the spec in the headers only, and leave the body to the implementor, that way another spec could later be added to mark up additional information (such as approved/displayed/rejected etc)
#
ben_thatmustbeme if automatic approval is on, you could just add a Link: to the header, not the body
#
aaronpk yeah I think that makes sense
#
ben_thatmustbeme s/approval/display/
#
Loqi ben_thatmustbeme meant to say: if automatic display is on, you could just add a Link: to the header, not the body
#
aaronpk a Link: header that contains a link to the target post with a fragment ID or something?
#
ben_thatmustbeme yeah
#
aaronpk it could, but I don't see an immediate use for that yet
#
ben_thatmustbeme optional addition i'm thinking
#
aaronpk so yes, if we stop at returning the current list of errors in the Webmention-Status header (and "success" if it worked or is pending moderation), i think that gives us enough to go on for now
#
ben_thatmustbeme agreed
#
@ManUtopiK RT @IndieCreddit: Pleased to announce a crypto currency for the #indieweb - http://indiecreddit.com (twitter.com/_/status/451088559693651968)
#
ben_thatmustbeme this gives me enough to work up a working queue (although it will currently just forever be waiting for approval)
#
aaronpk cool
#
aaronpk I would like to do the same
#
aaronpk except mine will never be waiting for approval :)
#
ben_thatmustbeme haha
paulcp joined the channel
#
aaronpk well that was fun. i was supposed to get food a while ago :) now i'm starving
#
pauloppenheim oh man, i missed all that
#
gregorlove.com edited /User:Gregorlove.com (+8) "/* Contributions */ TOC" (view diff)
#
gregorlove.com edited /User:Gregorlove.com (+0) "TOC" (view diff)
#
gregorlove.com edited /User:Gregorlove.com (-8) (view diff)
#
pauloppenheim my webmention interest is in completely disconnecting response / any logic whatsoever
#
pauloppenheim effectively "thanks, got it"
#
pauloppenheim but i'm also interested in the private messaging case
#
gRegor` Catching up on some of the webmention talk... I think the response body is important if you're responding with JSON, so there can be a standardized key. I detailed what I've done: http://indiewebcamp.com/User:Gregorlove.com#JSON_responses cc: ben_thatmustbeme aaronpk
#
gRegor` I don't respond with the status URL yet, but intend to.
#
aaronpk gRegor`: what is your reason for returning json?
#
gRegor` If they request JSON
#
aaronpk ah
#
gRegor` Default to text/html
#
gRegor` s/Default/Defaults
#
Loqi gRegor` meant to say: Defaults to text/html
#
aaronpk pauloppenheim: you should still be able to do that, just don't return a status header with the "202 accepted" reply
#
gRegor` Though if the status URL becomes more standard, I think JSON is the way to go.
#
aaronpk :)
#
aaronpk I disagree
#
aaronpk the HTTP headers should have everything machines need to parse, so there is very little gained by returning JSON
#
gRegor` If not, I guess the webmention sender should just strip the HTML and treat the text as the status URL - presuming a non-error status code.
#
gRegor` Ah true. I hadn't thought of that.
#
gRegor` Haven't looked at webmention.org in a while. Is that in there now for the status URL? Used to say it should be in the body, I thought.
#
aaronpk yeah webmention.org isnt updated very often
#
aaronpk and this just came out of a discussion here just now
#
gRegor` Oh, ok
#
aaronpk (and some of my noodlings on this over the past week or so)
#
gRegor` Cool cool
#
pauloppenheim aaronpk: i suppose the idea is that I as a receiver don't return anything upon receiving a webmention, but if i do a static site rebuild with a reference included, the only option I have right now to notify the sender is another webmention back at them
#
pauloppenheim which seems silly, but might be perfectly cromulent
#
aaronpk so you want to proactively notify someone their comment is posted?
#
pauloppenheim well, it could be days or weeks later
#
aaronpk (rather than have them check a status url)
#
pauloppenheim as opposed to instantly
#
aaronpk sure
#
ben_thatmustbeme gRegor` I don't like the idea of just returning JSON though, seems very non-user oriented
#
aaronpk i think gRegor` said he'd only return json if Accept: application/json
#
gRegor` ben_thatmustbeme: I only return JSON if the Accept: header specifies it.
#
ben_thatmustbeme ahh, i see
#
ben_thatmustbeme sorry, I missed that
#
gRegor` I also caught up some more on your convo and saw aaronpk's flowchart. I like it.
#
gRegor` No worries
#
pauloppenheim returning a 200 if the webmention failed seems incorrect, feels like it should be a 4XX
#
gRegor` 200 shouldn't be a failure ?
#
pauloppenheim no
#
gRegor` Er, strike that question mark.
#
aaronpk pauloppenheim: it's tricky, because technically the 200 is in reply to the *status check* not the webmention
#
aaronpk so the status check succeeded with HTTP 200
krendil joined the channel
#
pauloppenheim the whole status check thing is weird to me
#
pauloppenheim hmm, gtg, bbiab
#
aaronpk what part is weird?
#
gRegor` If it's 4XX, that's saying there was an error with the status URL itself, not the information reflected within the status URL.
#
aaronpk gRegor`: exactly
#
aaronpk ( for anyone joining the conversation now, the latest flowchart being referenced is this: https://farm8.staticflickr.com/7027/13566602913_cf79cee46d_b.jpg )
#
ben_thatmustbeme honestly, the more i think about it, anything after the status check to make sure the server received the message and parsed it, really shouldn't be done through this queue, it should be a webmention back, otherwise its the old style of pulling repeatedly
#
aaronpk heh
#
aaronpk ok that actually makes sense
#
aaronpk think about it this way:
#
aaronpk you reply to one of my notes, it goes into my moderation queue...
#
aaronpk then I click "approve" and your comment appears on my web page
#
aaronpk now there is a *new link* from my web page back to your note
#
aaronpk which means if I send webmentions for all links from my original note, it'll send one to yours
#
aaronpk so that actually works out nicely, because that's what webmention is really for... saying "this page linked to this other page"
KartikPrabhu joined the channel
#
ben_thatmustbeme just so long as you don't end up in a loop :P
#
aaronpk yep haha
#
gRegor` hmm
#
gRegor` Yeah, I don't think I intend to send webmentions when I publish a webmention. :)
#
ben_thatmustbeme yeah, I'd be too worried of a loop back and forth
#
ben_thatmustbeme its a nice idea
#
ben_thatmustbeme to be able to notify when you approve a message though
#
KartikPrabhu for this to work correctly both parties must be doing things correctly to avoid loops
#
tantek scrolls back about 300 lines. busy day!
#
aaronpk :)
#
aaronpk tantek: the summary is this: https://farm8.staticflickr.com/7027/13566602913_cf79cee46d_b.jpg plus the last 40 minutes or so
#
ben_thatmustbeme now i forgot what I was doing....
#
KartikPrabhu otherwise it'll be a repeat of how I broke kylewm's reshare of my post by sending it a mention because it was linked as a comment etc...
#
KartikPrabhu should have taken a screenshot
#
KartikPrabhu kylewm: do you have a screenshot of when I broke your reshare ?
#
KartikPrabhu or can I break it again to document it? :P
#
tantek thanks aaronpk - that helps!
#
tantek kbs - re: something less complicated than XML signatures. too little information. what's your use case?
#
tantek aaronpk - I like the use of rel="status" in that webmention update flow
#
tantek one thing I'd add (which I think I mentioned last time this discussion came up) is a webhook call back for status to avoid need for polling
#
tantek that is
#
tantek instead of GET http://example.com/m/10
#
tantek do
#
tantek POST http://example.com/m/10
#
aaronpk *whew*
#
tantek callback=http://callback.example.com/?id=someid
barnabywalters joined the channel
#
Loqi barnabywalters: kbs left you a message 2 hours, 2 minutes ago: - FYI in case you look into it - currently last comment on http://waterpigs.co.uk/notes/4QbH5C/ was just me testing
#
barnabywalters !tell kbs RE identity theft test comment, I guessed as much ;) Going to have to implement author verification now
#
Loqi Ok, I'll tell them that when I see them next
#
aaronpk a web hook for that would be interesting!
#
tantek aaronpk, that way when webmention receiver reaches the states of "Your comment is posted!" or "Webmention failed" or "Awaiting human moderation", the webmention server does a GET http://callback.example.com/?id=someid&status="Comment posted" etc.
#
aaronpk barnabywalters: plz document how you do that when you figure it out :)
#
aaronpk barnabywalters: I suspect your author verification step will think all bridgy mentions are fake tho, since that's essentially what bridgy does :)
#
aaronpk tantek: yeah that makes sense! (probably a POST to the callback URL tho)
#
tantek that's fine - whatever is the convention for webhooks
#
tantek webhooks are simple enough to be worth baking in like that to avoid requiring polling to get status
#
barnabywalters aaronpk: sure, I would have an exception for bridgy :)
#
barnabywalters aaronpk: my inclination is just to match the domain of the author up with the domain of the post
#
aaronpk actually wait, in that case, why not just allow registration of a webhook when sending the webmention in the first place?
#
tantek aaronpk - even better
#
aaronpk source=http://alice.com/post/100 & target=http://bob.com/post/987 & callback=http://alice.com/callback/123
#
tantek I made up "callback" BTW - feel free to look at other webmention API examples and see if there is a standard param name for that
#
tantek er, webhook
#
aaronpk translates into english as: "hey this page on alice.com linked to this page on bob.com, and let me know here when you do something with that information"
#
tantek look at other *webhook* API examples and see if there is a standard param name for that "callback" param
#
KartikPrabhu would like a documented page of the conclusions of this discussion that he does not really understand... :)
#
aaronpk yes indeed
#
tantek hmm, webhooks.org links to wiki.webhooks.org (does not resolve) and blog.webhooks.org (does not resolve)
#
@gRegorLove @girlvsplanet Yep. It still works for me, but dev has basically halted. I might be moving on in coming years as I do more #indieweb stuff. (twitter.com/_/status/451104481384484864)
#
aaronpk seems like they are pretty much universally called "webhooks"
#
aaronpk and the API parameter is sometimes called "url" or "action", and there is not always an API for configuring them
#
aaronpk sometimes you can only configure the web hook through an admin dashboard
benprew joined the channel
#
aaronpk that was from a cursory scan of the following APIs: pusher.com, mailchimp.com, stripe.com, github.com, twilio.com
_6a68 joined the channel
#
snarfed tantek, aaronpk, just fyi, webmention.io is 404ing bridgy's wms for tantek's latest post
#
snarfed https://www.brid.gy/twitter/t , https://www.brid.gy/facebook/214611
#
snarfed not urgent, just a heads up
#
aaronpk 404? that is odd
#
tantek is that a webmention.io problem?
#
aaronpk sounds like it
#
snarfed details in the log links
#
bear with the caveat that i'm reading the log scrollback of 500 lines and may lack context...
#
aaronpk snarfed: you're sending a POST and getting back 301, then sending a GET and getting 404?
#
snarfed aaronpk: yeah, i just saw that myself
#
bear aaronpk - have you seen this: https://gist.github.com/jkarneges/30fc4f07c57fe6b72561 it uses Link header to enable a webhook/callback in a request
#
aaronpk OH
#
aaronpk shit
#
aaronpk I moved it to https
#
aaronpk and 301 redirects on POST requests don't really work
#
snarfed hah, redirect POST to GET
#
snarfed right
#
snarfed i HATE that about 30x redirects
#
aaronpk i'm gonna go open that back up on http
#
snarfed grudgingly accept, but still hate
#
snarfed you might also want to spam all webmention.io users (if possible) and ask them to update their advertised endpoints to https
#
snarfed so you can try to switch back later
#
aaronpk i was just reading the list of http codes... seems there is one for this purpose
#
snarfed whoa really?!
#
aaronpk oops nope, other way around
#
aaronpk 303 See Other -> for POST requests to respond with a Location header and force the browser to redirect
#
snarfed i was about to be very surprised, and ecstatic
#
Loqi !calc 303 See Other -> for POST requests to respond with a Location header and force the browser to redirect
#
snarfed ah yeah
#
gRegor` The 30x codes are a real cluster in HTTP2 from what I read recently.
#
bear wasn't that what 307 was supposed to be fore?
#
bnvk is anyone posseing to Reddit?
#
bnvk POSSE
#
gRegor` I believe so, bear
#
tantek aaronpk - ok did some research on webhook naming patterns
#
aaronpk bnvk: I've posse'd to hackernews a couple times, but not reddit
#
tantek seems like "callback" is a common name for the URL or thing that encapsulates the URL of a webhook
#
ben_thatmustbeme wait, how are we back to 303 again?
#
ben_thatmustbeme starts reading back
#
tantek so "callback=" seems like a fine param name to go with for an optional additional param for webmention
#
aaronpk ben_thatmustbeme: unrelated!
#
ben_thatmustbeme cool, already added callback as a post option for initial webmention
#
snarfed bear, gRegor`: true, except afaik browser support is really weak. many still switch posts to gets on 307 :/
#
ben_thatmustbeme so in theory my site can receive webmentions now, that never get processed (yet)
#
tantek then the question is, are there HTTP status codes we can re-use in the "status=" param when calling back the webhook?
#
tantek for each of the cases of "comment accepted, awaiting human moderation, no source link found"
#
bear couldn't that be handled with a 202 with Link: callback=…
#
aaronpk how would you send an http status code? the status codes are for responses
#
tantek aaronpk, just re-using them in a URL param e.g. "status=200"
#
aaronpk ah
#
aaronpk i think that is unnecessary mixing of layers
#
tantek it's all the protocol layer
#
tantek it's how you report lazy status
#
tantek i.e. imagine your webmention handler was fully synchronous - and could return status codes with full information
#
tantek then what would it return for "comment accepted, awaiting human moderation, no source link found"
#
tantek those are the same codes that should be used in the webhook callback for the exact same semantic, just in the callback context
#
aaronpk hmm
#
tantek so I say, "comment accept" = 201 Created
#
aaronpk that's a good way of looking at it
#
tantek accepted*
#
aaronpk but that's getting dangerously close to tipping off my rant about REST API design
#
bear :)
#
tantek "awaiting moderation" = 202 Accepted (but processing has not been completed)
#
bear response = 201 or 202 with a response header containing callback link seems to be the most flexible
#
tantek bear, why do you need ANOTHER callback link?!?
#
tantek no need at that point
#
bear to inform the person making the request how to check for updates
#
aaronpk bear: also looking at that gist you posted, trips all my anti-rest bells
#
tantek bear - that's the polling solution that aaronpk already documented in his diagram with rel="status"
#
tantek this is a different notification based flow
#
tantek whereby the original webmention has source, target, AND a callback parameter
#
bear aaronpk - part of why I posted it - I wanted another opinion if some of my smell-check was accurate
#
tantek and then when the webmention server gets around to calling back the callback, what status codes it can/should use
#
tantek so to complete the list
#
tantek and lastly, "no source link found" = 412 Precondition Failed
#
tantek since a valid source link *is* a precondition of a valid webmention
#
pauloppenheim wacky side note: https://issues.apache.org/jira/browse/INFRA-7524
#
aaronpk bear: lol!
#
bear ah - I missed that in the context - webmention getting a callback param for deferred responses
#
tantek IRC messages must be processed in order ;)
#
bear yea, that's what I get for jumping into a 500 line backlog without doing due diligence :/
#
bear work has been crazy busy and i'm missing my indieweb time badly
basal joined the channel
#
aaronpk tantek: snarfed: ok webmention.io should not be sending 301 redirects anymore, and responds on http
benprew joined the channel
#
tantek braces himself for the webmention.io MITM attacks (which will likely never happen).
#
aaronpk heh yeah
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/dougmckown/447932945534160896/450621628485881856 linked to http://indiewebcamp.com/p3k (webmention)
#
aaronpk oh hey
#
aaronpk thought it was a little bit quiet in here the last couple days
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/dougmckown/447932945534160896/450626041367633920 linked to http://indiewebcamp.com/p3k (webmention)
#
KartikPrabhu Ben Markowitz about homescreen icons: http://www.intridea.com/blog/2014/4/1/touch-icons basically the same as http://indiewebcamp.com/icons
#
tantek KartikPrabhu: with less content
#
KartikPrabhu we haz more examples!
#
aaronpk tantek: also add "301" for "already_registered"?
#
tantek what does that mean in user terms?
#
aaronpk oh wait we kind of made that not an error anymore, since updating comments is a thing
#
tantek :)
#
tantek as is deleting
#
tantek comment CRUD FTW!
#
aaronpk we do need errors for things like the source was unable to be retrieved (encountered a 500 server error, or dns lookup failed)
#
KartikPrabhu snarfed: bridgy/publish not showing a "post/publish" link anymore!
#
tantek aaronpk, detailed stuff like that can still go into the body of the response
#
snarfed KartikPrabhu: sorry?
#
snarfed confused
#
aaronpk tantek: there is no body of the response in a callback
#
aaronpk do you mean the request body?
#
aaronpk if so, what content type?
#
KartikPrabhu snarfed: I just previewed a note to publish and it shows a preview but no button to post/publish it on Twitter
kbs joined the channel
#
Loqi kbs: barnabywalters left you a message 50 minutes ago: RE identity theft test comment, I guessed as much ;) Going to have to implement author verification now
#
snarfed ah. huh.
#
tantek KartikPrabhu: perhaps reply to @bpmarkowitz and/or @intridea's tweet about that blog post with a link to indiewebcamp.com/icons as previous work accordingly
#
KartikPrabhu tantek: doing exactly that :)
#
tantek cc @brad_frost too
#
KartikPrabhu yup :)
pfenwick joined the channel
#
tantek KartikPrabhu: here's my post on when I announced the /icon page and told people to go do it: tantek.com/2013/336/t1 (click that and get redirected to the full URL with slug :) )
#
aaronpk web hooks typically do not send human-readable content, since they are always parsed first by a machine
#
aaronpk so we will need to define parameters that will be sent in the web hook for that
#
snarfed KartikPrabhu: heh. dumb bug. thanks for the heads up. deploying the fix now.
#
KartikPrabhu cool :) was going to send scrnshot but i guess you found it :)
#
aaronpk and it feels *really weird* to me to be sending integers in post body params
#
snarfed aaronpk: great! feel free to spam the retry buttons on https://www.brid.gy/twitter/t , etc
ttepasse joined the channel
#
tantek aaronpk, I believe "body" will suffice ;)
#
kbs tantek: [aside - don't want to derail current discussion. re: web signatures, use for me is how I can verify someone really wrote something when I get a web-mention to a particular page. Perhaps signing a certain chunk of the page so I can reliably embed that elsewhere, etc. indiewebcamp.com/spam looks good, but wondering about other ideas]
#
tantek what do you mean by "someone"?
#
kbs someone == a person in my contact list, say
#
@kartik_prabhu @brad_frost @bpmarkowitz folks at #indiewebcamp have experimented with this a lot. See: http://indiewebcamp.com/icons (http://kartikprabhu.com/notes/icons-indieweb) (twitter.com/_/status/451117225496174593)
#
tantek all you know is that the person represented by that URL wrote it.
#
tantek what else do you need?
#
tantek check out /authorship
#
KartikPrabhu snarfed: thanks for the quick fix!
#
gRegor` Seems unlikely, but were there any indieweb April Fools pranks today?
#
tantek gRegor`: see @kevinmarks
#
KartikPrabhu gRegor`: you'll find out tomorrow :)
#
gRegor` Wikipedia had some fun: http://en.wikipedia.org/wiki/Wikipedia:April_Fools/April_Fools'_Day_2014
#
gRegor` "Wikipedia:Citation needed is nominated for deletion. [citation needed]"
#
kbs tantek: understand. I guess there's an assumption that content that's sitting on a domain owned by user X has actually been written by user X
#
pauloppenheim kbs: in this case it probably makes sense to try a few things to see what works for you (and me i suppose!), i don't think anyone else is working on this
#
pauloppenheim kbs: you are already light years ahead of me on all of this
#
kbs oh, I know the last is not the case - but I saw this old standard called xml signatures, and thought tantek might offer some wisdom here before [the few crypto nerds] run away and have fun :)
#
tantek kbs - yes, there's that general assumption, and there's the /authorship algorithm to just determine *who* wrote the content of a given page.
#
aaronpk tantek: there needs to be another status code for recoverable failures
#
tantek this is why I asked what the use-case was, because it turned out the use-case has already been solved.
#
kbs *nod* okay - thanks for the pointer tantek :)
#
pauloppenheim tantek: kbs already has a non-web private sharing app running, his use case is passing messages through 3rd party servers
#
pauloppenheim could still be relevant for indieweb for very large transfers (large video files, etc)
#
tantek therefore the replacement for "xml signatures" is null AKA YAGNI.
#
aaronpk 412 is unrecoverable, because no link was found. but errors like DNS was unresolvable, or encountered a 500 error fetching the page may succeed if they are attempted again
#
tantek what is the user scenario where a "recoverable failure" occurs?
#
tantek.com edited /webmention (+149) "/* Implementation Notes */ expand sync vs. async" (view diff)
#
aaronpk actually SSL errors will be the most common
#
aaronpk like improperly configured SSL certs that the target site rejects, but if the author updates teh SSL cert the request would succeed
#
aaronpk also but less likely is network errors that are no fault of either user
#
kbs (re yagni - I should probably have clarified that I don't fully share the assumption that content sitting on a domain owned X has always been written by user X, for all domains and users X :)
#
tantek kbs - that's not assumed, hence /authorship
#
pauloppenheim signatures prevent forgery, which /authorship does not address
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/bretolius/451059108741787648/451059283224850432 linked to http://indiewebcamp.com/IndieAuth (webmention)
#
aaronpk signatures are nice and all, but really all you're doing is moving the potential failure points to places that are sometimes harder to see
#
tantek pauloppenheim: perhaps you can rephrase that as a use-case
#
GWG Good evening
#
tantek aaronpk - indeed, and I think that can be demonstrated by continuing to ask for a specific use-case.
#
tantek.com edited /webmention (+1791) "/* Brainstorming */ Asynchronous status polling, Asynchronous status notification, More status codes" (view diff)
#
tantek aaronpk ^^^ I think I captured most of the webmention / status / webhook discussion
#
KartikPrabhu hi GWG!
#
GWG Hello again, KartikPrabhu
#
tantek didn't mean to scare kbs away!
#
aaronpk e.g. how do you know the author's computer and private key aren't compromised?
#
tantek aaronpk - yup, security turtles all the way down.
#
pauloppenheim aaronpk: it is possible to use provably secure methods
#
tantek (LOL)
#
KartikPrabhu GWG: how is indiewebfying your sites going?
#
tantek aaronpk - I think the reality is that a lot of this XML Signature etc. stuff were invented by and for Enterprise™ for the purpose of doing things like EMAILING XML documents around and verifying them or something.
#
aaronpk http://meme.loqi.me/4VMW4ju2.jpg
#
tantek nothing actually weblike
#
tantek hence when you ask for a use-case, it cuts right to their contextual assumptions (which are usually non-web assumptions that they don't want to admit to)
#
snarfed aaronpk: just fyi, webmention.io now says Error connecting to Redis on 127.0.0.1:6379 (ECONNREFUSED)
#
aaronpk that's a good point, signatures make more sense when documents are just flying around with no URLs
#
aaronpk snarfed: LOL wow my bad
#
pauloppenheim tantek: the use case is signatures
#
snarfed devops is so fun huh! i feel your pain
#
aaronpk pauloppenheim: signatures are not a use case
#
pauloppenheim the use case of signatures is forgery prevention
#
tantek pauloppenheim: use a PNG or a JPG
#
tantek :P
#
aaronpk snarfed: I may have been a bit overzealous in migrating things to the new server on sunday
#
pauloppenheim digital signatures
#
pauloppenheim https://en.wikipedia.org/wiki/Digital_signature
#
pauloppenheim i mean, it's a thing
#
snarfed aaronpk: never!
#
pauloppenheim you can ridicule it
#
pauloppenheim but it's real
#
tantek yes, to a user, a digital signature is a photograph of a physical signature
#
tantek come back to me when you have a *web* use case
#
pauloppenheim ahh
#
tantek plumbing is not a use case
#
pauloppenheim yeah, if that;s what you're getting at, that's a legitimate complaint
#
pauloppenheim talking about "security turtles" is just name-calling
#
tantek it's not - it's an actual reference to the problem of just moving the problem
#
aaronpk it is interesting that physical signatures and digital signatures (outside of web) serve a similar and important problem
#
tantek if you can fake /authorship, then you can fake any signature mechanism you might put in the document
#
tantek hence the "turtles all the way down" reference is a shorthand for the actual problem
#
tantek which is basically saying, you
#
aaronpk if I hand you a piece of paper and say this other guy wrote it, you can look at the handwritten signature and verify it (to some extend, but good enough for banks)
#
tantek you're not solving the problem by adding a layer of obfuscating abstraction
#
aaronpk if I send you an email, I can include a digital signature to serve the same purpose
#
aaronpk BUT
#
aaronpk if I send you a URL, assuming you trust DNS and HTTPS, you can be sure it's the document I intended for you to receive, and if you follow /authorship then you can verify I wrote it
#
tantek so no, not name-calling. but I can see how you might have interpreted it that way.
#
tantek aaronpk - exactly.
#
snarfed aaronpk: wms to webmention.io are flowing happily. thanks!
#
aaronpk so no, I am not sold on the value of digital signatures in HTTPS documents yet.
#
pauloppenheim oh, that's an interesting perspective
#
pauloppenheim you're assuming HTTPS covers more than transit
#
aaronpk am I?
#
pauloppenheim if not, then i am misunderstanding
kbs joined the channel
#
aaronpk elaborate?
#
kbs [sorry, spotty connection :) catching up on logs.]
#
tantek aaronpk - I'm with you. since you have to eventually do HTTPS for *other* scenarios, then it eliminates the need for stuff like XML sig
#
aaronpk well we could do signed requests all day long and do away with https entirely ;)
#
pauloppenheim a digital signature would be useful in an HTTPS document to show that it came from the author listed, same as it would over an HTTP connection
#
pauloppenheim (yes, in so far as the computer they used to sign the document was secure)
#
aaronpk pauloppenheim: is that assuming the author is not the same as the owner of the domain?
#
pauloppenheim possibly
#
pauloppenheim or that they aren't the admin of the machine
#
pauloppenheim or they are the admin, but the machine is a VM...
#
pauloppenheim etc
#
aaronpk I'm not sure I follow
#
tantek aaronpk - meh, I'm tired of playing 20 question to try to guess the user scenario that pauloppenheim appears to be assuming. if you can't describe in a series of human actions that are taken, not interested
#
pauloppenheim HTTPS server keys have to be made available to the server at this point, and right now it's uncommon for a site admin to have full control over the machine
#
aaronpk pauloppenheim: now you've really lost me unfortunately
#
tantek well when we have a real world example of someone who has HTTPS on their indieweb server but does not have control over those keys, perhaps that will be an interesting scenario to discuss. until then...
#
tantek = hypothetical
#
pauloppenheim tantek: my apologies if i can't make it clear why a digital signature is desirable to me. Can you at least believe that they are important to me?
#
tantek all sorts of things are important to people. but here we filter by concrete real world use-cases.
#
aaronpk pauloppenheim: what if there is some other way to solve what you are getting at that doesn't involve digital signatures? is it really the digital signatures that are important to you? or is it the thing you're trying to solve with signatures?
#
tantek if you can't describe your use-case as a series of human actions that are taken, e.g. with you on your real world web server, then it's not interesting from an indieweb perspective.
#
pauloppenheim and i am suggesing you have two people in this channel with real world use cases you might not understand
#
tantek you have yet to document them
#
tantek so yes, we don't understand what you haven't documented
#
pauloppenheim tantek: kbs has a real system
#
tantek --> as a series of human actions that are taken
#
pauloppenheim works today
#
pauloppenheim android app
lukebrooker joined the channel
#
pauloppenheim stores things on dropbox
#
pauloppenheim sig cryptographically proves file wasn't modified
#
pauloppenheim i don't know how else to explain it
#
pauloppenheim that requires sigs
#
tantek so the point that aaronpk and I are making is that any way an attacker could modify such a file, they could also modify any signatures in it to match. hence the "security turtles all the way down" criticism
#
pauloppenheim no
#
pauloppenheim thats not how sigs work
#
pauloppenheim you can't modify a sig w/o the private key
#
pauloppenheim or rather, re-sign the new, modified document
#
pauloppenheim hence the importance of sigs
#
tantek so you're moving the vulnerability from the document to the private key
#
pauloppenheim yes
#
pauloppenheim the private key is not on the server
#
tantek I'd look at existing solutions first
#
aaronpk tantek: at this point should we even recommend at all that synchronous webmention processing is possible?
#
pauloppenheim and probably (hopefully!) not even the internet, depending on the document
#
tantek e.g. how do github clients work regarding such modifications?
#
aaronpk it seems like we should just write it assuming all handling of webmentions is asynchronous
#
tantek aaronpk - since many started with synchronous implementations, I think it's reasonable to allow for that in the protocol
#
aaronpk ok
#
tantek stepping stones approach
#
tantek it may be easier to first implement a bare minimum synchronous webmention backend while you work on the UX of the front end of comments/likes/reposts etc.
#
tantek because UX is more important than backend :)
#
aaronpk a client won't know if a server is synchronous or not, so if my client always sends a callback URL with requests, should a sync client also send a POST to that url?
#
tantek no
#
tantek or rather it shouldn't have to
#
tantek sync webmention receiver should be able to minimally implement by returning status/results, nothing more
#
aaronpk ok, in that case, a client can know whether to expect a callback based on whether the initial webmention response was "202 Accepted" or one of the other codes
#
tantek minimize HTTP
#
pauloppenheim tantek: right, that's what kbs did - he found an old, weird XML standard that might fit, but wanted to check
#
tantek pauloppenheim - I'm talking about real world *practices* rather than previous standards
#
tantek I'm much more interested in modern practices than old standards
#
aaronpk does the client need to distinguish between a "202 Accepted" queued response and a "202 Accepted" synchronous handling that resulted in the comment being moderated?
#
pauloppenheim tantek: right, and that's very valid here
#
tantek I was just going to say that aaronpk
#
pauloppenheim tantek, kbs: because this XML signature standard is hella enterprise smelling
#
kbs appreciates tantek being able to hold two conversations in his head :) but should we wait until the other discussion finishes?
#
pauloppenheim it's irc, man
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/dougmckown/447932945534160896/450621628485881856 linked to http://indiewebcamp.com/p3k (webmention)
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/dougmckown/447932945534160896/450626041367633920 linked to http://indiewebcamp.com/p3k (webmention)
#
pauloppenheim also, unfortunately regarding keybase.io, it seems my initial thoughts are not unique: http://blog.lrdesign.com/2014/03/thoughts-on-keybase-io/
#
tantek aaronpk, how about 102 Processing for the asynch reply?
#
aaronpk is that a thing?
#
tantek "server has received and is processing the request, but no response is available yet"
#
tantek is looking at the WP page for HTTP status codes
#
bear 102 is WebDAV
#
tantek bear, exclusively?
#
aaronpk I think the 1xx codes are expected to keep the connection open and return another HTTP code after
#
bear no - just where the code was used the most
#
bear and 1xx is not http/1.0
#
bear so could break older stuff
#
tantek aaronpk - I think you're right
#
bear yes
#
bear it was used before long polling became common
#
KevinMarks worth discussing wiht the http 2 mailing list?
#
aaronpk I see "100 Continue" a lot when uploading files
#
tantek ok so let's stick with 202 for "webmention being handled asynchronously"
#
aaronpk so the server can verify auth and stuff before actually accepting the file upload
#
tantek and then let's bucket "queued for moderation" into just a 200
#
tantek I don't see anything more specific than that :/
#
aaronpk i think 412 is more specific too, I think it's just for validating request headers
#
aaronpk I think 400 is ok for the rest of the errors
#
aaronpk 400 indicates "The client SHOULD NOT repeat the request without modifications."
#
pauloppenheim kbs: i need to do work-work, but i'd like to talk about the set of things to be signed
#
tantek 412 seems close enough
#
tantek for preconditions
#
bear 400 implies you can retry with corrections
#
pauloppenheim kbs: the solution might be in slightly abusing #microformats
paulcp joined the channel
#
kbs pauloppenheim: sure, love to :) think bnvk had some ideas too
#
aaronpk we also use 400 currently
#
bear kbs - could you create/mod a mf2 to be the signature of a block/span
#
aaronpk https://github.com/converspace/webmention/blob/master/README.md#sender-error
#
tantek.com edited /webmention (+174) "/* More status codes */ 200 OK for updates, human moderation, 204 for deletes" (view diff)
#
tantek aaronpk - hence I've been adding these to brainstorming
#
bear <span rel="signature" …><p>blah blah</p></span>
#
kbs bear: yea :) that's just what I was thinking too
#
tantek bear, I don't think "rel" means what you think it means
#
bear waves hands and begs for clemency
#
aaronparecki.com edited /webmention (+91) "/* Brainstorming */ add example payload sent to callback URL" (view diff)
#
bear I knew it was wrong as I pressed the enter key
#
KevinMarks has been brute-forcing hashes all day
#
tantek bear, you could use rel="signature" to *link* to an external signature
#
aaronpk KevinMarks: I really want to run that app :)
#
kbs oddly enough, has done just that too :)
#
KevinMarks so far just 99 blocks
#
aaronparecki.com edited /webmention (+104) "/* Discovery in PHP */" (view diff)
#
kbs you can sign an entire html page fairly easily like that (cf kbsriram.com pages)
#
pauloppenheim LOL
#
KartikPrabhu has been trying make a presentation and not be tempted by all this interesting discussion!
#
tantek kbs - except for the part of the page that points to the signature? or do you have foreknowledge of the signature URL?
#
tantek seems like you'd have to. otherwise you're stuck not knowing the "entire html page" since that includes the signatures or URL itself
#
kbs yes - foreknowledge of the signature url [it's just the <page_ul>.asc
#
tantek ok
#
tantek probably better to start with that
#
kbs it also works as a practical way to check other stuff too [js, etc]
#
tantek gives you HTTP LINK: flexbility too
#
kbs *nod* yep, that's what I did
#
tantek and that way you can resolve questions of signature type etc. using content-type
#
kbs ah, interesting - good point.
#
kbs I started [as you say] by signing all my content at this point
#
tantek aaronpk - what do you think of 204 for successful deletes?
#
bear a delete should get a 200
#
bear as the action was the delete and 200 says "it was done"
#
aaronpk tantek: would the synchronous processing version send 204?
#
aaronpk that seems weird
#
aaronpk if the webmention endpoint returned HTTP 204, that implies the endpoint is deleted
#
tantek yeah, bear, aaronpk, you're right
#
tantek that "delete" in the description means HTTP DELETE verb
#
bear while everything says 204 is for deletes - to me it just adds to the smell of REST
#
tantek goes back to the wiki
#
aaronpk bear: ooh is REST smelly to you too? we should compare notes.
#
tantek also means we can't use 201 for that either
#
tantek created that is
#
tantek because that implies the *endpoint* was created
#
aaronpk ha yeah... pretty much just 200/400 then
#
tantek and *this* is why I wanted to think this through with the synchronous scenario first
#
bear oh my word - REST and rants
#
aaronpk I like to keep in mind that ultimately HTTP is for *transport*
#
tantek because it's simpler / more well-known / better constrained/understood
#
bear *yes*
#
aaronpk so if something is returning an HTTP error, it had better be because the *transport* failed
#
bear gives a southern style "amen brother"
#
aaronpk we actually built an API framework based on this idea. if you are a fan of REST you should not click this: https://github.com/esripdx/jsonatra
#
kbs should the /authorship algorithm always validate the author's domain in some suitable fashion? Eg: would http://paste.debian.net/plainh/bdb2632b be identified as authored by barnaby?
#
bear aaronpk - dealing with REST and ruby and json in the days of merb is what lead me to that mindset
#
aaronpk kbs: that is an interesting question that we need to address. if it does, bridgy will not pass the test.
#
bear HTTP is a transport, all things should be in your responses
#
tantek.com edited /webmention (-131) "/* More status codes */ looks like we can only use 200 or 400 since any other details imply stuff about the HTTP interaction which we don't want to imply" (view diff)
#
kbs aaronpk: ah. okay - perhaps this might be a nice use-case to see how best to solve it without getting into the weeds about crypto :)
#
aaronpk sure! this is a good example.
#
aaronpk e.g. you were able to "forge" a document that looks like it's from barnaby, so that is clearly a problem, and how can we best solve it
#
tantek so this is basically the same problem as anyone can enter any identity they wish into comment forms on the web
#
tantek even gravatar doesn't help this
#
tantek (may actually *hurt* in that it makes it look more real)
#
aaronpk the short answer is if you didn't retrieve the comment from the author's own website, you shouldn't display it as a comment from them
#
tantek if you know someone's email address they use in submissions to web comment forms, you can simply type a comment, put their full name and email address, and it will appear as if the comment came from them (including their *current* avatar!)
#
tantek aaronpk - yes that's one approach
#
aaronpk that would, however, break bridgy
#
snarfed man, you guys are making me feel all guilty :P
#
snarfed (kidding!!!)
#
tantek another way to do it would be to match a prefix URL that the author rel=me back to their own site (bi directionally)
#
barnabywalters sure it would break bridgy, but fixing that is as simple as whitelisting mentions from brid.gy
#
barnabywalters and leaving it up to bridgy and the silos to handle identity theft
#
aaronpk barnabywalters: so basically you are saying that you would allow brid.gy to forge identities :)
#
tantek barnabywalters - or by bridgy providing a "profile URL" for folks to rel=me to from their own sites
#
gRegor` More work for snarfed!
#
barnabywalters aaronpk: I’m saying that, for the moment at least, I trust bridgy
#
tantek and then hosting all webmentions for a person under that URL
#
aaronpk tantek: I think that would require that *all* twitter users commenting on your stuff would need to do that...
#
tantek sure, we can whitelist bridgy as a stopgap
#
barnabywalters jsut as, at the moment, we all host any webpage which sends us a webmention ;)
#
barnabywalters argh
#
barnabywalters s/host/trust
#
tantek aaronpk - I don't think so
basal joined the channel
#
tantek oh wait
#
tantek yeah, either you whitelist bridgy, or you whitelist the domains that bridgy sends you mentions from
#
tantek e.g. twitter etc.
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/bretolius/451059108741787648/451059283224850432 linked to http://indiewebcamp.com/IndieAuth (webmention)
#
tantek kbs - how do I view http://paste.debian.net/plainh/bdb2632b as actual HTML rather than source?
#
tantek hmm /downloadh/ instead
#
tantek ok aaronpk I think I caused an odd mention of sorts at the bottom of http://aaronparecki.com/notes/2013/10/12/2/indieweb
#
tantek kbs - see if you can actually fake a "real looking" comment from Barnaby
#
aaronpk tantek: that's what that page was for
kbs` joined the channel
#
tantek aaronpk - but it didn't work
#
tantek that's my point
#
aaronpk no it did
#
tantek I don't see it
#
aaronpk this one was from him earlier http://aaronparecki.com/notes/2013/10/12/2/indieweb#external_http_paste_debian_net_plain_91033
#
aaronpk and he has one on barnaby's site too
#
barnabywalters if I was masquerading as myself I wouldn’t say so
#
barnabywalters so it’s not very realistic ;)
#
kbs doesn't have an internet, he has a 'nearly' net
#
tantek.com edited /authorship (+551) "/* Issues */ add Spoofing, move prev theoretical to such a subsection" (view diff)
#
KevinMarks barnabywalters: that sounds very The Prisoner
#
barnabywalters KevinMarks: maybe I have been masquerading as myself all along
#
tantek kbs ^^^ please feel free to add any details to the Spoofing issue. e.g. original pastebin URL used to generate that spoofed comment.
#
KevinMarks aaronpk: I haven't got the makefile that makes the makefile happy yet, so you'll have to install more locallibs I think
#
aaronpk ha ok
#
aaronpk i can manage
#
kbs tantek: sure. I think the better spoof is actually above the 'also mentions' - it just says "how does parsing work". I'll update links, and more info
#
aaronpk if I know what to install
#
KevinMarks the full list is "sudo port install boost db48 qt4-mac openssl miniupnpc git"
#
barnabywalters KevinMarks: am I right in thinking you’ve worked on web crawling systems before?
#
KevinMarks though you probably have most of those
#
KevinMarks yes barnabywalters, that was what i did at technorati from '03 to '07
#
KevinMarks I think I stripped the miniupnpc dependency by brute force
#
barnabywalters KevinMarks: oh cool, have you documented stuff you learned from it anywhere?
#
KevinMarks but I haven't got it to fold the others in because linkers are annoying
#
barnabywalters I’m about to start writing a crawler but am running into some interesting problems
#
KevinMarks hm, not in one place specifically
#
KevinMarks you can argue that a lot of microformats is what we learned from it...
#
barnabywalters KevinMarks: heh, cool
#
barnabywalters what was your approach to caching and/or archiving?
#
KevinMarks what are you crawling for?
#
kbs barnabywalters: wondering - a large scale crawler, or one for personal use? [just wrote my little rel=me crawler experiment here, and be interested in issues you ran/running into]
#
kbs too the words :)
#
kbs s/too/took
#
Loqi kbs meant to say: took the words :)
#
barnabywalters KevinMarks kbs: currently building a small personal crawler for anti-spam purposes, also archiving and feedreading in the future
#
tantek indiearchive!
#
KevinMarks we got caching wrong, in that we just kept etag and if-modified-since info with the parsed data
#
KevinMarks instead of caching the fetched data too
#
barnabywalters KevinMarks: so you were changing your approach to parsing frequently?
#
KevinMarks I was patching it day to day, but the basic approach was the same
#
barnabywalters specifically the problem I’m finding immediately is fetching things efficiently
#
barnabywalters so I’m searching the site for mentions of people
#
barnabywalters I’m going to end up fetching every feed page, paginated versions of it, and individual post pages in order to get everything
#
barnabywalters and most sites duplicate links across feeds, e.g. homepage feed = notes + articles
#
KevinMarks we relied on cumulatively indexing the main page+ feed of the blog
#
KevinMarks and that blogs added at the top
#
KevinMarks which was an ok assumption for our puropse, but not general
#
barnabywalters sure
#
KevinMarks If I were doing it now, I'd look at http://commoncrawl.org/twelve-steps-to-running-your-ruby-code-across-five-billion-web-pages/
#
tantek !tell KevinMarks,benwerd,hober,snarfed any of you going to the W3C Workshop on Annotations tomorrow?
#
Loqi Ok, I'll tell them that when I see them next
#
tantek darn forgot URL
#
snarfed no, sorry
#
KevinMarks and other common crawl
#
Loqi snarfed: tantek left you a message 16 seconds ago: any of you going to the W3C Workshop on Annotations tomorrow?
#
Loqi KevinMarks: tantek left you a message 21 seconds ago: any of you going to the W3C Workshop on Annotations tomorrow?
#
KevinMarks tantek: should we?
#
KevinMarks missed it
#
barnabywalters one thing I was thinking is that a few sites are publishing feeds of mentions and replies
#
tantek !tell KevinMarks,benwerd,hober any of you going to the W3C Workshop on Annotations tomorrow? http://www.w3.org/2014/04/annotation/ can apparently register late (today) as an "Interested Attendee" without a paper! https://www.eventbrite.com/e/w3c-web-annotations-conference-tickets-10982205071?team_reg_type=individual
#
Loqi Ok, I'll tell them that when I see them next
#
barnabywalters which will cover a lot of the mentioning of people
#
aaronpk barnabywalters: that's a much less daunting task!
#
barnabywalters aaronpk: exactly
#
tantek KevinMarks - I think it might be useful to avert some train wreckage of the RDF/XML variety by well-intentioned (albeit perhaps misled) folks
#
barnabywalters so it would be really useful to have rel values to discover them
#
tantek I'm thinking of going
#
barnabywalters at least the mentions feed
#
aaronpk to discover the mentions feed? interesting!
#
tantek Doug Schepers reached out to me re: email
#
barnabywalters aaronpk: yeah, it would be super useful for the crawl stage of shrewdness, my anti-spam tool
#
barnabywalters aaronpk: also it could be used to discover a place to subscribe to to show push notifications on mentions
#
aaronpk right!
#
tantek KevinMarks - could be useful in particular to have at least 2 of us there to simultaneously debunk and post/tweet debunkings
#
aaronpk yes I was thinking it would be useful for my mentions app!
#
tantek you know, with URLs that can be cited
#
barnabywalters e.g. “sign in with your URL”, and now you get push notifications whenever you’re mentioned, zero-config
#
KevinMarks you mean I can tweet and you can do w3c memes?
#
Loqi KevinMarks: tantek left you a message 2 minutes ago: any of you going to the W3C Workshop on Annotations tomorrow? http://www.w3.org/2014/04/annotation/ can apparently register late (today) as an "Interested Attendee" without a paper! https://www.eventbrite.com/e/w3c-web-annotations-conference-tickets-10982205071?team_reg_type=individual
#
aaronpk KevinMarks++
#
tantek disclaims any authorship of any w3cmemes
#
Loqi KevinMarks has 18 karma
#
tantek I leave that to hober ;)
#
aaronpk tantek: do we need an /un-authorship page?
#
tantek aaronpk - hope not!
#
KevinMarks rel="not-me"
#
tantek asserting everyting you're not (or didn't write) could take a while :P
#
aaronpk just for the things you are explicitly disavowing, like you did in IRC just now ;)
josephboyle joined the channel
#
KevinMarks 8am in fort mason
#
KevinMarks that is a bit of a bugger
#
tantek check the schedule
#
tantek I think opening keynote is a 8:30
#
tantek which is still pretty harsh
#
KevinMarks driving to fort mason to arrive any time before 10:30 is hard
#
tantek hey tilgovi - are you the first paper / talk at 9:00?!?
#
tilgovi yeah
#
tilgovi you'll be there?
#
tantek KevinMarks - I'd say Caltrain plus bus
#
aaronpk sorry I can't make it! it's a bit far for me :/
#
tantek tilgovi - was invited to register as an interested attendee by shcepers
#
tilgovi cool
#
tilgovi hey sometime I need an extended indieweb hack time
#
tantek so I may show up and call BS on all the RDF/XML and especially the PDF position papers
#
tilgovi hehehe
#
tantek tilgovi - IndieWebCampSF was awesome!
#
tantek you should come by a Homebrew Website Club meeting too
#
tantek next one is next wednesday 18:30-19:30
#
KevinMarks it's 30 mins by bike around embarcadero, not too bad
#
Loqi I agree
#
tantek KevinMarks - yeah that's a pretty bike ride too
#
tilgovi I have an idea to make hypothesis support webmention. I had been thinking about it as a webmention client, but I think it's equally or better suited as webmention service. Point your website at it, embed the js, and mentions get pulled in as external resources
#
KevinMarks I signed up, I'll see when I cna get there. I need to think about the dogs here too
#
tilgovi hosted webmention comments
#
tantek tilgovi - I'd be interested in figuring out make hypothesis support webmention WITHOUT any JS
#
KevinMarks talking of trains, I shoudl head out now
#
tilgovi well it wouldn't require js for anything
#
tantek tilgovi - we already have a working model for hosted webmention comments WITHOUT JS - Bridgy
#
tantek maybe check out how Bridgy works?
#
KevinMarks is going to 21st amendment for 7pm
#
tilgovi this is different
#
tantek tonight?
#
tantek what's at 21a tonight?
#
tilgovi i was saying js if you wanted to delegate the UI and inlining of the mentions onto the post
#
tilgovi the whole point would be that your server doesn't need to hear about mentions. we receive them and then pull them in client-side.
#
tantek tilgovi - yeah, I think barnabywalters has worked on something like that for embedding webmentions from webmention.io
#
barnabywalters yep, voxpelli made a similar thing too
#
tantek tilgovi - yeah, the "your server doesn't need to hear about mentions. we receive them" is currently implemented by webmention.io
#
tantek you can separate the delegation of webmentions like that
#
tilgovi and then that has an API for you to retreive them or something?
#
tantek and then the display / JS embed
#
tilgovi right
#
tantek tilgovi right, webmention.io has an API
#
tilgovi so I think we could easily implement this, too
#
tilgovi it'd be cool
#
tantek cool
#
KevinMarks drinks talking about SSL by default with Lucas Gonze, Mike Linksvayer et al
#
KevinMarks from ~6.30 on
#
tilgovi i did check out bridgy
#
KevinMarks join if you cand
#
tantek KevinMarks: do any of them have SSL by default on their own sites?
#
tilgovi I want to use it in hypothesis to replies to shares back in
#
tilgovi but i'm not there yet
#
tantek just wondering if this is a selfdogfood conversation or a hopeful idealists conversation ;)
#
KevinMarks I don't have ssl so I'm a hopeful idelaist
#
KevinMarks :D
#
KevinMarks unless you count https://kevin-marks.herokuapp.com
#
tilgovi tantek: definitely it'd be great if you came at threw fire at rdf stuff
#
KevinMarks or https://epeus.blogspot.com
#
tantek tilgovi - ok cool. that's good to hear. I'm happy to offer technical criticisms as long as people don't respond with personal attacks.
#
tantek which unfortunately schepers has done to me before, so I'm suspicious, but am going to try again anyway.
#
tilgovi well, I hope not. I can't personally vouch for everyone attending as I don't know many of them.
#
tantek of course
#
tilgovi but that's no good
#
tantek I'm going to try to keep the critiques very idea/technology focused
#
tilgovi I know he's not a uf fine
#
tilgovi *fan
#
tilgovi yah.
#
tantek tilgovi - well I like to assume he's not against uf in concept at least
#
tantek I want to give him the benefit of the doubt (still)
#
tantek in the hopes that something will work out
#
tilgovi I'm going to try to present a couple _very_ small ideas for dom events and then listen a whole lot and try to poke holes in things
#
tantek ok I registered for the W3C Web Annotations Conference!
#
tantek making that that early in the morning is going to be painful :/
#
tantek tilgovi, I may want to sit next to you to get your feedback on how I can offer critiques in the most productive / receptive way possible.
#
tantek tilgovi - what's the IRC channel for the conference and/or annotations crowd in general?
#
tantek is it on Freenode or W3C IRC?
#
tilgovi not sure for W3C IRC yet
#
tilgovi there isn't a central, active channel for this all yet
#
tantek so there's no existing channel you've been using as background chat?
#
tantek ok
#
tantek just a mailing list somewhere presumably?
#
tilgovi #hypothes.is and #annotator, but those are project focused
#
tantek (old school)
#
tantek (the list, not the project-focus)
#
tilgovi one second
#
tilgovi the annotations community group has been active, i'll get that adress
#
tilgovi if you want it
#
tantek might as well paste the archives URL here in IRC for folks to browse
paulcp joined the channel
#
tilgovi http://lists.w3.org/Archives/Public/public-openannotation/
lukebrooker joined the channel
#
tilgovi but, fingers crossed this starts to transition to public-annotation@w3.org