#indiewebcamp 2014-04-09

2014-04-09 UTC
#
aaronpk now I have to go redeploy everything in AWS
#
aaronpk of course 5pm is the best time to do that
#
snarfed aaronpk: mostly for the client side fixes, right?
#
snarfed or do you terminate ssl yourself for your aws stuff?
#
aaronpk no, ELBs do that for us
#
snarfed exactly
#
snarfed cool
#
aaronpk but this whole system is built around callback URLs, so...
#
snarfed yeah, client side, whee
#
barnabywalters sanity has been restored
#
aaronpk yay!
#
Loqi does a happy dance!
#
barnabywalters turns out it was iptables playing up for some reason
#
barnabywalters hot chocolate time!
#
aaronpk argh
#
barnabywalters goodnight all
#
Loqi goodnight!
#
@stefek99 @indiewebcamp Hello :) I wonder if you endorse / support this one: https://www.resetthenet.org/ #ResetTheNet ? (twitter.com/_/status/453687329052708864)
#
@kyle_wm @courtarro thanks for the heads up, tis intentional http://indiewebcamp.com/permashortcitation ... thinking about alternatives that'll still support backfeed (twitter.com/_/status/453694694858317824)
#
kylewm.com edited /permashortcitation (+106) "/* Criticism */ example of PSC confusion" (view diff)
#
@kevinmarks @edbott @alex clearly we need to teach @pmarca and the a16z crew to POSSE #indieweb http://indiewebcamp.com/POSSE (twitter.com/_/status/453695016964091904)
scottros, caseorganic, scor, gRegor`, fmarier and snarfed joined the channel
#
gRegor` !tell snarfed I think your timezone settings might be off. I'm finally going through and parsing webmentions I received and this one lists the UTF offset as -07:00 but it should have been -08:00 at that time (before DST) https://snarfed.org/2014-02-11_re-gregorlove-com-little-g-big-r-powered-by-indieweb
#
Loqi Ok, I'll tell them that when I see them next
scor and tantek joined the channel
#
Loqi [mention] http://werd.io/2014/homebrew-website-club-2 linked to http://indiewebcamp.com/events/2014-04-09-homebrew-website-club (webmention)
KevinMarks joined the channel
#
Loqi [mention] http://werd.io/2014/homebrew-website-club-2 linked to http://indiewebcamp.com/events/2014-04-09-homebrew-website-club (webmention)
#
tantek.com edited /Sponsors (-2) "TOC at bottom just for easy click/referencing frags" (view diff)
#
tantek.com edited /Sponsors (+0) "fix heading levels" (view diff)
#
werd.io edited /events/2014-04-09-homebrew-website-club (+1) "/* URLs */" (view diff)
#
tantek.com edited /Trsst (+133) "note sponsorship, see also their Twitter" (view diff)
eternicode joined the channel
#
@t going to Homebrew Website Club, 2014-04-09 18:30 @MozSF. indieweb: http://werd.io/2014/homebrew-website-club-2 silo: https://www.facebook.com/events/1438031876437815/ (ttk.me t4VU3) (twitter.com/_/status/453725596879966208)
#
@kevinmarks RT @t: going to Homebrew Website Club, 2014-04-09 18:30 @MozSF. indieweb: http://werd.io/2014/homebrew-website-club-2 silo: https://www.facebook.com/events/1438031876437815/ (ttk.me t4VU3) (twitter.com/_/status/453726442568695808)
#
tantek oh dear - this is a scary phrase: "…since the openssl libraries are statically compiled"
#
tantek ergo, if you have ANY software on your server (not just the OS, or the webserver, etc.) that MIGHT have OpenSSL compiled/linked into it, you need to upgrade them.
#
tantek it's not just updating the server
#
tantek rather, it's not just updating the OS
#
GWG Good evening
#
GWG Link sharing isn't working
#
tantek GWG - what do you mean by "Link sharing" ?
#
GWG tantek: I've decided my site into several types of content
#
GWG Links, Status Updates, Videos, Images, and Articles.
#
tantek what's an example of a "Links" post on your site?
#
tantek and do you have any "Status Updates" that include hyperlinks themselves?
#
gRegor` tantek: yeah, very scary. it's a mess.
#
GWG No. The status update posts, when syndicated, would have a link back.
JonathanNeal joined the channel
#
GWG A link is a link to an external site, with a short comment.
#
GWG So, it is similar to a status update.
#
GWG I tried to separate them.
#
GWG It is Twitter that is the problem
#
GWG I can't get the formatting right when anything sends to Twitter
#
GWG Unless I craft the Tweet myself, it comes out wrong
#
tantek that is indeed a bit of an art
KevinMarks joined the channel
#
kylewm anyone have experience with Dokku (or the like -- self-hosted mini-herokus)? ran into a little snag playing with it, trying to decide if i should keep going or give up :)
#
kylewm GWG, it seems your tweets with links are being overzealously shortened
#
kylewm perhaps the wordpress plugin does not take into account that links will be shortened to 22/23 characters
#
GWG Well, the SNAP people aren't responding.
#
GWG But, it supports shortening and it is turned on, oddly enough
#
GWG The problem is that it doesn't recognize the different formats.
#
GWG I have some ideas though.
KartikPrabhu joined the channel
#
Loqi KartikPrabhu: gRegor` left you a message 6 hours, 17 minutes ago: Still on for tomorrow night?
#
KartikPrabhu gRegor`: yeah sure
#
GWG kylewm: To answer your question, no, I don't.
#
KartikPrabhu gRegor`: that was in reference to Chicago HWC
#
gRegor` Cool
#
GWG Hmm...this might work as a variable. "Inserts the text till the <!--more--> tag or first N words of the post"
#
GWG This is what I'm looking at.
#
GWG http://www.nextscripts.com/snap-features/message-formatting-tags/
#
kylewm oh, nice, so could you include the full URL of your post at the end instead of the goo.gl shortened link?
#
kylewm imho, that would look better
#
GWG The post, yes. But I'm afraid that would truncate the title.
netweb joined the channel
#
GWG But, these are where I am linking/commenting on another site.
#
GWG I may have to find a format for the link posts.
#
kylewm so that's what I was getting at before -- twitter automatically shortens links on their end, so each one only counts 22 (or 23 for https) characters
#
kylewm no need to shorten them beforehand
#
GWG Yes, but the plugin has an issue with that.
#
GWG Trying a test.
#
kylewm Looks like it
#
kylewm is it open source?
#
GWG It is.
#
GWG Trying some tests.
#
GWG But, on the link posts, it should share the original link, not my URL.
#
GWG Unlike the other posts.
#
kylewm huh, is there such a thing as minified php? :P https://github.com/wp-plugins/social-networks-auto-poster-facebook-twitter-g/blob/master/inc-cl/tw.api.php
#
kylewm i'm genuinely curious why someone would write code like this
#
GWG Because they sell a pro product?
#
GWG I may have to add a custom-field in order to put in the link.
netweb and snarfed joined the channel
#
Loqi snarfed: gRegor` left you a message 2 hours, 9 minutes ago: I think your timezone settings might be off. I'm finally going through and parsing webmentions I received and this one lists the UTF offset as -07:00 but it should have been -08:00 at that time (before DST) https://snarfed.org/2014-02-11_re-gregorlove-com-little-g-big-r-powered-by-indieweb
#
snarfed kylewm: saw the unhashable dict error, i'll investigate
#
KartikPrabhu howdy! everyone
#
kylewm snarfed, I am running bridgy locally explicitly so it doesn't email you every time i get an error ;)
#
snarfed KartikPrabhu: howdy!
#
snarfed kylewm: funny, wonder why it emailed then
#
kylewm no I mean, I just started after I got that error
#
kylewm it's the only way I can outgun you on tracking things down
#
snarfed ahh
#
snarfed hah
#
kylewm good evening, KartikPrabhu how's it going?
#
KartikPrabhu aah just flew back from Savannah so quite exhousated
#
snarfed sounded like the talk went well, congrats
#
kylewm oh lovely, GA's my home state
#
KartikPrabhu is so exhausted that he can't spell exhausted
#
kylewm I've never been to Savannah though
#
KartikPrabhu snarfed: yeah it did...
#
KartikPrabhu kylewm: Savannah is pretty cool! You can drink beer on the street! ;)
#
kylewm haha, that's a big plus
#
kylewm snarfed, it looks like it expects in-reply-to to be a url, but mine is an "p-in-reply-to h-cite" object
#
kylewm which could be a goof on my part
#
snarfed kylewm: ah, yes, no such thing as p-in-reply-to
#
snarfed should be u-in-reply-to
#
kylewm my inclination would be to add a new function that takes a url-like thing and returns url if it's a url or object["properties"]["url"][0]
#
snarfed regardless, i should handle it better
#
kylewm i got p-in-reply-to from here https://indiewebcamp.com/in-reply-to
#
snarfed oh i see. nm. looking
#
snarfed you're right. i should know better than to say anything at all about mf2 :P
#
kylewm seriously right?
#
kylewm (i mean not you, in general)
#
snarfed heh, understood
#
snarfed kylewm: agreed, that utility fn makes sense. it would probably go in source.py or somewhere similar
#
kylewm would you like me to take a stab at a fix, or is it not worth you havin to review it?
#
snarfed always worth fixing bugs!
#
snarfed if you're interested, definitely take a stab, i'm happy to review
#
snarfed the consistent facebook 500 is also probably my/our fault. they should report the error better, but still, i bet we can fix it.
#
kylewm dang, I just tried to post a regular post locally, and it went through without a 500
#
kylewm heisenbug
#
snarfed hrmph
#
snarfed !tell gRegor` thanks!
#
Loqi Ok, I'll tell them that when I see them next
#
kylewm oh, that's embarrassing...already a function to extract urls from h-cite, on the very next line
#
snarfed lol
#
snarfed even so, we still need to use it!
#
GWG Okay....custom fields...so far so good.
#
GWG Oh...things changed.
#
GWG Did I miss anything?
paulcp and eschnou joined the channel
#
@domenicoperri RT @t: going to Homebrew Website Club, 2014-04-09 18:30 @MozSF. indieweb: http://werd.io/2014/homebrew-website-club-2 silo: https://www.facebook.com/events/1438031876437815/ (ttk.me t4VU3) (twitter.com/_/status/453767419962855424)
tantek, scottros, eschnou, basal, LauraJ and jsilvestre joined the channel
#
@fdevillamil . @rtaibah You already made the first steps to #indieweb setting up your domain and adding a page with you... (http://t37.net/note/30963-rtaibah-you-already-made-the-first-steps-to-indieweb-setting-up-your-domain-and-) (twitter.com/_/status/453788907638104064)
#
@fdevillamil . @rtaibah You already made the first steps to #indieweb setting up your domain and adding a page with you... (http://t37.net/note/30964-rtaibah-you-already-made-the-first-steps-to-indieweb-setting-up-your-domain-and-) (twitter.com/_/status/453789796226588672)
pfefferle, LauraJ, pasevin, pasevin_, pfenwick, voxpelli, krendil, Sebastien-L and glennjones joined the channel
#
acegiak pfefferle: does the webmention plugin re-send webmentions when posts are updated or trashed?
#
pfefferle when they are updated
#
pfefferle yes
#
pfefferle not when they are trashed
#
acegiak kk
#
acegiak I'm trying ot make it so that when I delete a comment post I notify the post I'm commenting on
#
voxpelli do any webmention endpoints support deletion of mentions?
#
voxpelli I know I haven’t added it to https://webmention.herokuapp.com/ yet, but can’t really remember how that would be done? what does it send?
#
acegiak http://indiewebcamp.com/comment#Delete_a_comment < this is what I'm trying to implement
#
voxpelli acegiak: ok, that makes sense
#
voxpelli but I don’t like the reliance on 410 there
#
voxpelli makes it impossible for sites on something like Github Pages to signal that one of their posts has been deleted :/
#
acegiak I kinda think if you send a webmention that points to something that comes back as 4** then it should be counted as a deletion?
#
voxpelli acegiak: seems like not everyone agrees with that: http://indiewebcamp.com/deleted#404_Not_Found
#
voxpelli but I agree, if one wants to rely on HTTP codes, then a 404 needs to be treated as a 410 for pragmatic reasons as its not always possible or feasible to return a 410 instead
friedcell, eschnou, pfenwick, tobiastom, pfefferle, voxpelli, melvster, adactio, barnabywalters, bnvk, LauraJ, scor, scottros and glennjones joined the channel
#
ben_thatmustbeme good morning
bnvk, LauraJ, glennjones_, hober2 and chloeweil joined the channel
#
pdurbin ben_thatmustbeme: good morning
LauraJ and gRegor` joined the channel
#
Loqi gRegor`: snarfed left you a message 9 hours, 50 minutes ago: thanks!
JasonO, pfefferle, snarfed, LauraJ, iangreenleaf, KevinMarks, paulcp, ttepasse, npdoty, tantek and eschnou joined the channel
#
kylewm.com edited /User:Kylewm.com (+399) "/* other ideas/goals */" (view diff)
#
kylewm.com edited /User:Kylewm.com (-12) "/* other ideas/goals */ I keep forgetting that activitystreams-unofficial isn't called "activitystreams" :)" (view diff)
benprew, barnabywalters, tantek-ipod, jsilvestre, snarfed, _6a68, pasevin, eschnou, tantek and KartikPrabhu joined the channel
#
ben_thatmustbeme quiet in here
#
ben_thatmustbeme its like everyone is saving their thoughts for tonight
paulcp joined the channel
#
tantek ben_thatmustbeme: I think Pacific Time folks are still waking up
#
tantek yesterday was quite busy with Heartbleed
#
aaronpk still busy with heartbleed
#
tantek !tell voxpelli using 404 for "delete" is actually *less* pragmatic in that it is more *fragile*, since systems are ephemerally down or unavailable or broken all the time - and thus return 404 because they don't know any better.
#
Loqi Ok, I'll tell them that when I see them next
#
ben_thatmustbeme tantek, I can understand the issue though, There are some places that don't let you set a custom response header
#
ben_thatmustbeme the counter argument being that you should be running your own site
#
tantek !tell voxpelli more on that here under "Server error." (and other reasons) http://indiewebcamp.com/deleted#404_Discussion
#
Loqi Ok, I'll tell them that when I see them next
#
ben_thatmustbeme and yeah, heartbleed was impressive
#
tantek if you can't set a custom response, then the fallback is to simply provide some deault text like "This comment has been deleted by the author."
#
tantek and if you contrast the needs, the need to preserve user data (avoid accidental deletes due to server errors) outweighs the need to support places that don't let you set a custom response header
#
tantek is having a hard/slow time loading/editing the wiki pages and will add those notes accordingly
#
ben_thatmustbeme Working with the webmention status polling, I felt like it should be some markup format on the html again, otherwise its a repeat of the headers again
#
ben_thatmustbeme i'd agree
#
ben_thatmustbeme I feel like things like "post deleted" could be marked up in some standard way as well. I don't believe there is anything in mf to say "this post is deleted" is there?
#
ben_thatmustbeme s/post/h-entry/
#
Loqi ben_thatmustbeme meant to say: I feel like things like "h-entry deleted" could be marked up in some standard way as well. I don't believe there is anything in mf to say "this h-entry is deleted" is there?
#
tantek no there is no way to indicate in h-entry that it's a tombstone
#
tantek though that's an interesting suggestion
#
ben_thatmustbeme I'm thinking if we start to get rid of status update from http headers, we are probably better off, seems more indie-web style anyway
#
tantek well it helps to provide both options, as it does parallel what we've done with webmention itself, allowing both HTTP LINK header for discovery, and HTML link rel
#
tantek some prefer (and find it easier) to do one vs. the other
#
tantek from a publisher perspective
#
aaronpk ben_thatmustbeme: I just realized that I didn't actually implement sending back status headers in my webmention status page :)
#
ben_thatmustbeme hmm, I'm not sure I put the link header in mine..
#
ben_thatmustbeme checks his site
#
tantek ben_thatmustbeme: we don't want to get rid of status update from HTTP headers because it's always good to re-use existing standards/protocols when they precisely reflect your semantic needs
#
@schnarfed RT @t: going to Homebrew Website Club, 2014-04-09 18:30 @MozSF. indieweb: http://werd.io/2014/homebrew-website-club-2 silo: https://www.facebook.com/events/1438031876437815/ (ttk.me t4VU3) (twitter.com/_/status/453940428442578944)
#
aaronpk tantek: i think he's talking about the "Webmention-Status: xxx" header
#
aaronpk that's what i'm talking about anyway
#
ben_thatmustbeme aaronpk, that too
#
ben_thatmustbeme thats what got me on the idea of it, it seemed like that should be marked up to be easily parsed from the page returned, thus one result, human and machine can read
#
tantek did I miss the spec/brainstorm for the "Webmention-Status: xxx" header ?
#
tantek URL?
#
aaronpk i thought you were part of that?
#
aaronpk it's in ben's implementation note here http://indiewebcamp.com/webmention
#
ben_thatmustbeme I think it was put in to the brainstorming on webmention
KartikPrabhu joined the channel
#
aaronpk seems to have disappeaered
#
ben_thatmustbeme maybe we never did
#
ben_thatmustbeme I'm just updating the webmention spec to whatever I use, that way I have a github I can point people to if they want to see what I'm doing
#
ben_thatmustbeme well, the actual code is there too
#
tantek hah! I claim it was a figment of imagination. or perhaps *IRC* brainstorming that never made it into the wiki :P
#
tantek ben_thatmustbeme: better to edit the /webmention wiki page so that your notes are more discoverable
#
ben_thatmustbeme I just keep seeing people going back and forth on what HTML codes to return, and I just was thinking it seemed somewhat silly since its all machine readable only specs we are debating, better to have it in the page returned so that the user can get actually see what is happening too
#
aaronpk I think the reason for using HTTP status and headers was so that the webmention spec doesn't actually dictate what is returned in the body
#
tantek it's also more efficient for consumers
#
ben_thatmustbeme actually it looks to be similar to the Variable Response Body Problem section
#
KartikPrabhu it should be OK to use both the codes and return a helpful response body like the case of a 404 page... though 404s are not usually well designed
#
tantek KartikPrabhu: good point
#
aaronpk you all saw my implementation right?
#
KartikPrabhu aaronpk: I might have missed it... wasn't around here for the last few days
#
KartikPrabhu link^^
#
aaronpk a URL like this is returned in a Link header when you send me a webmention now https://aaronparecki.com/webmention/rf2_14yA
#
ben_thatmustbeme aaronpk, I think I found a good reason to have my webmention queue items persist indefinitely.
#
aaronpk oh?
#
KartikPrabhu aaronpk: nice! do you also include some useful error message in case the mention fails?
#
aaronpk KartikPrabhu: yes! shows details about what went wrong
#
aaronpk I should probably generate some sample URLs for those too
#
ben_thatmustbeme I keep them linked to the actual item they create (so I could give the status page the link)
#
KartikPrabhu aaronpk++ very nice...
#
Loqi aaronpk has 419 karma
#
Loqi fo sho
#
aaronpk ben_thatmustbeme: I may be able to be convinced to keep the status page around for successful mentions, but not for error ones
#
ben_thatmustbeme but it would make update and delete easier for me. I just check the input fields to see if they are in my mentions queue
#
ben_thatmustbeme thus, just from the input I have all the info from last time they submitted.
#
aaronpk you will too once you see how much pingback spam there is
#
aaronpk maybe I can log the spam I get for a day and post it somewhere
#
ben_thatmustbeme yeah, I could certainly be convinced to trash any error ones
#
ben_thatmustbeme uh oh, trying to log in to the wiki and getting ... No rel="me" links were found on your site!
pasevin_ joined the channel
#
aaronpk huh that's odd
#
aaronpk it says it's getting a 404 error ... http://ben.thatmustbe.me/
#
aaronpk lol your home page is returning 404
#
aaronpk good thing 404 doesn't mean deleted
#
ben_thatmustbeme ahh, that may be my end
#
ben_thatmustbeme lol
#
tantek lol
#
ben_thatmustbeme yeah, damn routing table isn't working correctly for me
#
aaronpk HTTP/1.1 404 Ben Not Found
#
ben_thatmustbeme its loading the error/not_found controller, which looks exactly the same as the main page.
bret joined the channel
#
aaronpk well I *think* treating a 404 response as empty is the correct thing for indieauth.com to do
#
ben_thatmustbeme yeah, thats my fault
#
ben_thatmustbeme was trying to fix it as /asdf1234 would return a 200 and the home page
#
ben_thatmustbeme apparently I went a little too far and it was returning 404 for / as well
#
tantek ben_thatmustbeme: thanks for proving my point about server errors unintentionally returning 404s
#
tantek and THAT is why 404 MUST NOT be interepreted as "delete" - a destructive action.
#
tantek presumably your permalinks were also returning 404
#
tantek so anyone could have (re)webmentioned any of your comments to their originals
#
tantek and if 404=delete, your comments would have been deleted.
#
tantek without *any* notification to you.
#
tantek kind of a bad vulnerability
#
tantek voxpelli ^^^
#
GWG Good afternoon
#
tantek hello GWG
#
ben_thatmustbeme tantek, You're welcome. Thats why I did it... yeah, I go with that
#
kylewm oh lightbulb moment, h-as-note means "activitystreams note"?
#
kylewm i always thought it was "interpret this h-entry *as* a note"
#
tantek kylewm yes and yes ;)
#
KartikPrabhu it is both
#
tantek (it was a deliberate choice of "vendor" specific h-*- prefix on my part
#
tantek )
#
tantek pretty sure I was the first to start that practice in the wild
pasevin joined the channel
#
tantek also sort of reads as "has note"
#
kylewm i like it! who is the intended consumer for those types?
#
KartikPrabhu I can see readers, maybe bridgy can use diff. UIs according to -as-note or -as-article
#
KartikPrabhu of instance, for -as-article you could "tweet" the p-summary and for -as-note a truncated version of the content
#
KartikPrabhu snarfed: does bridgy do this ^^
snarfed joined the channel
#
kylewm ask and he appears
#
gRegor` beetlejuice beetlejuice beetlejuice
#
KartikPrabhu true! snarfed: does bridgy/publish treat -as-note and -asarticle differently?
#
tantek I sure hope not!
#
tantek h-as-* class names I intended purely as an experiment on my site, not as any kind of serious proposal :)
voxpelli joined the channel
#
Loqi voxpelli: tantek left you a message 58 minutes ago: using 404 for "delete" is actually *less* pragmatic in that it is more *fragile*, since systems are ephemerally down or unavailable or broken all the time - and thus return 404 because they don't know any better.
#
Loqi voxpelli: tantek left you a message 56 minutes ago: more on that here under "Server error." (and other reasons) http://indiewebcamp.com/deleted#404_Discussion
#
KartikPrabhu tantek: so you think diff. behaviour would be bad?
#
voxpelli tantek: I agree, but 410 can't be the only solution, needs alternatives for restrictive environments
#
voxpelli tantek: A solution that doesn't work on a GitHub Pages like environment needs alternatives or replacement
kbs and squeakytoy joined the channel
#
bret voxpelli there was talk of using http equiv headers
#
bret voxpelli http://indiewebcamp.com/deleted#Brainstorming
#
voxpelli bret: Any solution depending on any kind of specific HTTP-responses from the blog itself rules out file-based systems like GitHub Pages
#
aaronpk voxpelli: <meta http-equiv="Status" content="410 GONE"/>
#
aaronpk that's not http headers, that's in the html
#
bret thats what the equive headers address
#
bret we just have to make sure that we hound implementors to support it ;)
#
voxpelli ah, I thought you were refering to using http headers rather than a http code
#
bret i had no idea about these untill i had the same question
#
aaronpk http-equiv seems to be the right solution, since it's already a thing
#
bret github pages redirects is pissing me off
#
kbs heh
#
bret chrome says that it gets in a redirect loop now sometimes
#
kbs ha!
#
kbs I knew it
#
aaronpk bret: ha that's awesome
#
aaronpk now you can file a bug report with github
#
kbs has a deliberate check to handle that situation
#
bret like wtf are they thinking?
#
aaronpk it's probably some optimization on their end
#
voxpelli yeah, http-equiv meta tags sounds like the most obvious alternative
#
aaronpk it would be great if the http-equiv was included in the result of microformats parsers, like how "rels" is
#
voxpelli the other alternative would be to have a property of a h-entry that tells that it's gone, can't remember what the activitystreams group decided there
#
voxpelli aaronpk: indeed, and also if meta http-equiv refreshes was parsed as redirects by them ;)
#
aaronpk example: https://gist.github.com/aaronpk/10297489
#
bret aaronpk++
#
Loqi aaronpk has 420 karma
#
bret 420 karma
#
kbs !tell snarfed fyi on your public key, the image doesn't appear to be signed by your key [let me know if this sort of thing is not that useful :) mostly a side-effect of my tests with key management.]
#
Loqi Ok, I'll tell them that when I see them next
#
tantek aaronpk - I think that means you get to take a break. #420
#
aaronpk hehe
#
ben.thatmustbe.me edited /webmention (+586) "/* Asynchronous status polling */" (view diff)
paulcp joined the channel
#
ben_thatmustbeme there. my site is fixed and the status polling header added to the wiki
#
tantek aaronpk - just saw this from you "it would be great if the http-equiv was included in the result of microformats parsers, like how "rels" is" - that's a fascinating suggestion
#
tantek what uses would it have beyond HTTP status equiv?
#
bret tantek aaronpk, could the parser pull in actual http codes as well?
#
tantek I can also see this slippery sloping into including all meta name constructs into the parsing
#
tantek bret - the parser typically doesn't do the http retrieval
#
aaronpk that is the only one I was thinking of right now, but the reason being if peopel are going to be putting http-equiv 410s in there, I want to be able to consume that as easily as possible
#
tantek it's handed a chunk of HTML and the asserted URL that it was retrieved from (for relative URL resolution)
#
aaronpk tantek: that's why I called the key "http" instead of "meta"
#
tantek aaronpk, I think that would be a good place to draw the line
#
tantek since we *do* advocate use of http status etc., and do advocate AGAINST using generic meta name for things
#
tantek hidden metadata etc.
#
aaronpk I'm just thinking about ease of parsing for consumers, it'll be easiest if it's included in the result of the mf2 parsing and not another step people have to do
#
tantek that's actually a really interesting way to properly scope use of meta
#
aaronpk otherwise nobody will parse it, and it'll end up being mostly unsupported
#
tantek that the only valid use of meta is for information that SHOULD be provided OUTSIDE the document (e.g. in the HTTP headers)
#
aaronpk that's a great distinction
#
tantek rather than all the metacrap like OGP and Twitter Cards
#
tantek ok let me see if I can draft up some brainstorming
#
bret the issue with http equiv is that it will likely contradict the real http code
#
tantek for barnabywalters tommorris and other parser developers to consider
#
tantek bret - not an issue, you must just specify which has priority
#
kbs Just out of curiosity - is the guiding principle here to avoid repeating info in the html? (DRY etc?)
#
tantek kbs, actually it's avoiding invisible metadata
#
tantek which tends to rot
#
tantek invisible metadata is often duplicated, but not always
#
bret tantek you mean prefer the http equiv over the actual http code?
#
tantek however invisible metadata always rots
#
kbs ah, I see - okay.
#
aaronpk I think http equiv should take priority, and should only be used if the author is unable to set the actual http header
#
tantek bret - see for example meta charset
#
bret ok
#
tantek charset can be specified in <meta charset="utf-8"/>
#
snarfed KartikPrabhu: re as-note vs as-article, not that i know of
#
tantek or in HTTP headers: Content-Type: text/html
#
tantek charset=utf-8
#
snarfed if so, it's unintentional, feel free to file a bug
#
Loqi snarfed: kbs left you a message 12 minutes ago: fyi on your public key, the image doesn't appear to be signed by your key [let me know if this sort of thing is not that useful :) mostly a side-effect of my tests with key management.]
#
bret maybe the validator would warn against consistant http codes and http-equiv codes
#
bret only do this if you have to!
#
snarfed kbs: thanks for the heads up re the key image
#
aaronpk bret: but if you're specifying http-equiv 410 on github pages then you can't make it send an http header 410 so it'll always be different and that's ok
#
tantek btw <meta charset="utf-8"> is basically just short for <meta http-equiv="content-type" content="text/html
#
tantek charset=UTF-8">
#
kbs snarfed: sure - it's a good test case for my code as well - thanks go both ways :)
#
tantek bret, aaronpk, FYI: http://indiewebcamp.com/GitHub#No_HTTP_Status_Code_Control
#
tantek so what does it always return then? 200?
#
tantek no matter what?
#
aaronpk if there's a page there, yes
#
aaronpk if no page, 404
#
bret thats my experience
#
bret sometimes it just returns a /
#
bret ;)
#
aaronpk (of course it sometimes returns a 301 redirect to itself, but that's a different issue)
#
bret fucking gh pages
#
tantek uh it has to return a status code per HTTP
#
aaronpk (ignore bret that's not what he meant)
#
tantek aaronpk, bret - could you write that down precisely in a brief paragraph at http://indiewebcamp.com/GitHub#No_HTTP_Status_Code_Control ?
#
tantek I think it's important that those details be captured.
#
bret wonders if gh-pages is going to pull a massive geocities one day
#
bret at least the sites and content are safe
#
tantek bret, you can add that wondering to a new "Risks" section on the /github page too
#
bret yeah ill at least stub out that info
#
aaronparecki.com edited /GitHub (+335) "/* No HTTP Status Code Control */" (view diff)
#
aaronpk feel free to elaborate
#
voxpelli bret: well, anyone using GitHub Pages should be using their own domain so that they then can easily move
#
bret i would hope so!
#
bret.io edited /GitHub (+125) "/* No HTTP Status Code Control */ Linked to http-equiv info" (view diff)
jsilvestre joined the channel
#
aaronpk question about http-equiv, does the value really end up being "410 GONE" or would it just be "410"?
#
bret.io edited /deleted (+342) "/* Brainstorming */" (view diff)
#
tantek so I'm thinking: if HTTP status 200, then check http-equivs for a more specific status
#
tantek aaronpk - both should work
#
tantek and the parser will simply return the number, special casing for "status" that is
#
aaronpk ok, so the parser can handle all the variations?
#
aaronpk "410 Gone" "410" "410 GONE" etc
#
aaronpk I like the idea of only reading http-equiv if the http status was 200, that seems reasonable
#
voxpelli aaronpk: "410 Gone" could just as well be "410 Deleted by evil overlord" – the reason phrase can be completly custom
#
aaronpk oh right
#
bret "410 Moving on to a hobby with less angle brackets"
#
voxpelli Couldn't a 410 http equiv on a 404-page be useful as well?
#
aaronpk voxpelli: example?
#
bret voxpelli not because what if it really is a 404?
#
bret no*
#
tantek "410 Pilgrim"
#
voxpelli aaronpk: as a workaround for CMS:es not supporting 410
#
bret deleting jekyll posts is hard because you have to clear out all your hold git history of the file
#
bret harder*
#
tantek voxpelli - which CMSes?
#
aaronpk but you wouldn't want *all* your 404 pages to return 410, that defeats the purpose
#
tantek if your CMS doesn't support 410, then use 200 with http-equiv
#
tantek no need to provide yet another way
#
tantek don't mix 404 with this
#
tantek you're gonna have a bad time
#
bret does http actually have any real use as of right now?
#
bret httpequv*
#
voxpelli aaronpk: it doesn't completely defeat the purpose as it only returns that when the CMS is actually up and running, not when your server is broken
#
bret gah equiv*
#
tantek bret - biggest http-equiv use in practice has been for charset
#
tantek as documented above
#
aaronpk voxpelli: but what about /sldkfjslkjsef?
#
aaronpk you wouldn't want your cms to say 410 deleted on that, it's just 404
#
aaronpk so you shouldn't put the http-equiv 410 into your 404 template
#
bret oh right
#
voxpelli aaronpk: I don't see a reason to rule it out
#
bret i didnt see the cross over
#
aaronpk uhh
#
tantek voxpelli - wrong methodology - if you don't need it, leave it out. that's what's best for design of standards, UI, etc.
#
tantek everything that goes into a design, spec, UI MUST be justified with necessary use-cases. otherwise, leaving it out is the right answer to keep the design simpler, the spec shorter, the UI easier to understand.
#
tantek this is like design 101
#
voxpelli I think a http-equiv status should always be checked an override the default status if it is there, why ignore it?
#
voxpelli why say that it should only be taken into consideration for some requests and not others?
#
tantek because it's better to start conservative (only check http-equiv status on a 200) with a new feature like that
#
tantek can always expand it later if anyone actually has a real world use case
#
tantek conservative = less risk of breaking things with a new faeture
#
tantek s/faeture/feature
#
Loqi tantek meant to say: conservative = less risk of breaking things with a new feature
#
voxpelli tantek: you mean to suggest that people should check it for 200 codes but not saying that they shouldn't for other codes? if so then were on the same page
#
tantek I'm saying they MUST ONLY check it for 200 codes
#
tantek and that any kind of validator should return a warning to anyone doing anything else
#
tantek the more narrowly you define a new feature to fit use-cases, the better
#
voxpelli I would interpret that as someone having found a specific reason not to use it for other status codes, which isn't the case here
#
@mrmzholland practising javascript whilst making a bootable linux pendrive, POSSEing about it on my #indieweb… http://bupk.es/t/G5 (twitter.com/_/status/453965750928044032)
#
tantek voxpelli - nope, no specific reason needed to leave things out. see above notes on design methodology.
#
tantek btw, narrow definitions are also better for security, reducing attack surface etc.
#
tantek if you ever find yourself sayin "I don't see a reason to rule it out" - you're making a mistake.
snarfed, yaf, Kopfstein, chloeweil and tilgovi joined the channel
#
ben_thatmustbeme i need to find a cheap machine to set up as a plex server in my basement
#
aaronpk define cheap
eschnou joined the channel
#
aaronpk why is there a monthly fee for plex.tv?
#
tantek what's a plex server?
#
aaronpk i assume you mean plex.tv?
chloeweil joined the channel
#
GWG aaronpk: Plex Premium services have a fee
#
GWG The server is free
#
ben_thatmustbeme I have like over 1000 DVDs. To be able to rip them all and just stream from a giant hard drive in my basement would be amazing
#
ben_thatmustbeme the hard drive would be the only thing. and cheap being the minimum required to run plex. I'm thinking one of those small form factor windows boxes
#
ben_thatmustbeme just find an old one and be done with it
#
aaronpk hard drives are super cheap now. I'm gonna get some 2tb usb drives and plug them into this http://www.amazon.com/dp/B00F3F381A running ubuntu
#
aaronpk interesting article about replacing x509 with pgp http://lorddoig.svbtle.com/heartbleed-should-bleed-x509-to-death
chloeweil_ and eternicode joined the channel
#
GWG ben_thatmustbeme: I've been ripping
#
GWG Same idea
#
GWG Fewer DVDs
caseorganic and friedcell joined the channel
#
tantek aaronpk, odd, http://indiewebcamp.com/irc redirects to http://indiewebcamp.com/irc/ which is not the wiki page /IRC
#
aaronpk that was my attempt at getting push stuff working
#
tantek interesting - are there any PuSH enabled readers that support this?
#
aaronpk I was trying to get it to work with google reader a long time ago
#
tantek.com edited /https (+367) "add Criticism section with Heartbleed should bleed X.509 to death post" (view diff)
#
aaronpk oh and I think the real reason I wanted to get it set up was so that the google search crawler would index the logs faster
#
aaronpk but that seems to not be a thing anymore
#
tantek maybe it depended on using the Google test hub?
#
aaronpk that's what I thought yeah, didn't you say you noticed your posts aren't being indexed in realtime anymore tho?
#
tantek yeah
#
tantek I forget when that seemed to stop working
#
aaronpk it was a while ago...
#
aaronpk anyway that's what that page is from
#
tantek ah - you *are* using the Google test hub
#
tantek no problem, perhaps add a big link at the bottom to go to the IRC archives?
#
aaronpk ah yeah
#
tantek someone typing in /irc vs. /IRC shouldn't get them lost
benprew joined the channel
#
tantek I have a feeling we're going to be talking a lot about Heartbleed and its implications for the indieweb tonight
#
tantek let me see if I understand the full extent of the problem
#
GWG None for me
#
tantek assume: anything on your server could and should be assumed to be compromised, including passwords stored in cleartext or hashed and any private keys (SSL certificates, SSH keys)
#
GWG I don't have SSL
#
GWG Thought about it
#
ben_thatmustbeme GWG, what are you ripping with?
#
ben_thatmustbeme yeah, I don't have SSL either. Someone said client side existance would effect you though too
#
tantek GWG doesn't matter if you have SSL or not. The attack works even if you don't have SSL.
#
aaronpk assuming your server listens on port 443 like someone else's site on a shared host
#
aaronpk also if you have SSH listening publicly
#
tantek right
#
tantek this needs a "what to do if you're a user or a server admin" flow chart
#
tantek e.g. changing your password on services is not enough
#
tantek nor is patching the software
#
aaronpk * patch openssl
#
aaronpk * re-generate your ssl certs with a new private key
#
GWG ben_thatmustbeme: MakeMKV on Linux, then reencoding to H264 using Handbrake
#
tantek * get new certificates
#
aaronpk * expire all current user sessions
#
tantek * force users to change their passwords
#
aaronpk * require your users change their passwor
#
aaronpk we're on the same page :)
#
tantek aaronpk - has someone already documented this?
#
aaronpk probably
#
tantek so that's just the checklist for server admins
#
tantek for *users* the problem is harder :(
#
aaronpk oh! OpenSSL isn't actually vulnerable
#
aaronpk so if you *only* have ssh public, and no other ssl services, you do not need to assume you've been compromised
#
aaronpk and yes here is a list http://security.stackexchange.com/a/55089
#
tantek aaronpk every web server is an ssl service
#
aaronpk not if it isn't listening on port 443
#
aaronpk which a lot of mine aren't
#
tantek huh - that stackexchange URL is not loading for me :/
#
tantek so you're *hoping* they didn't do a portscan
#
aaronpk no i mean if your server doesn't listen on 443, then there's no way in
#
tantek why does the port number matter?
#
aaronpk ok port number is not significant, i was using that as a shorthand
#
tantek couldn't they just scan for all ports that your server may be listening on, and try them all brute force?
#
aaronpk so what I meant to say is, if your server does not have an https listener then there is no way to attack it
#
tantek stackexchange: HTTP ERROR: 504 / Gateway Timeout
#
tantek oh boy
#
ben_thatmustbeme aaronpk, openssl is used in far more than https though
#
bret i cant make it to HWC tonight. got sick yesterday :(
#
aaronpk ughhh stop taking what i say so literally :P
#
tantek aaronpk - the way to attack non-https-listening servers is to trick them into opening an https connection to an unfriendly server
#
ben_thatmustbeme hehe
#
tantek sorry, security stuff makes me think more literally
#
@dietrich @HackOregon i'm hosting #indieweb meetup at Mozilla PDX tonight! someday i'll meet up with y'all :) (twitter.com/_/status/453996319292395520)
gRegor` and krendil joined the channel
#
caseorganic.com edited /2014/Cambridge (-253) "/* Participating */" (view diff)
#
aaronpk yeah if you're making outbound calls to HTTPS servers there's a potential attack vector there too
ttepasse and benprew joined the channel
#
aaronpk so basically everything is screwed
KevinMarks joined the channel
#
dietrich yes. i'm now only using the internet while offline. you're currently interacting with my markov chain generated self. expect delayed responses to specific questions.
#
tantek lol
#
ben_thatmustbeme haha
#
ben_thatmustbeme okay, so at least SSH was not vulnerable, unless you also had a service that does use the heartbeat extension
#
ben_thatmustbeme and the key leaked. in which case, I give up
#
aaronpk note that it would take a very targeted attack to actually reveal the private key of an SSL cert
#
aaronpk the attack dumps 64k of memory at a time, so given enough attacks you could eventually put together a larger contiguous memory block
#
gRegor` I like that PGP article, aaronpk. Good thoughts, though switching to that model would definitely take time.
#
aaronpk it is much more likely that any passwords you've entered into your server are compromised
#
ben_thatmustbeme this is why i try not to reuse passwords all over the place unless its something i don't care about
#
kylewm tantek: not a big deal, but on http://microformats.org/wiki/rel-in-reply-to#u-in-reply-to the sentence below "Advantages" is cut off.
#
tantek oops
kbs joined the channel
#
gRegor` Yeah, I saw screenshots of dumps from mail.yahoo.com with passwords in plaintext
#
gRegor` Crazy
caseorganic joined the channel
#
tantek thanks kylewm, fixed. BTW edits to the microformats wiki can be seen realtime in #microformats the same way Loqi reports indiewebcamp wiki edits here.
#
Loqi you're welcome
#
aaronpk here's a great explanation of heartbeat and why your private key is not likely to be compromised http://blog.erratasec.com/2014/04/why-heartbleed-doesnt-leak-private-key.html
KevinMarks and caseorga_ joined the channel
#
tantek aaronpk - tl;dr - HTTPS sites don't need to get new SSL certs?
#
aaronpk more or less
#
aaronpk but definitely assume anything sent recently via https was leaked (like session cookies and passwords)
warden_ joined the channel
#
kylewm thanks for the edits tantek :) i was pretty sure that was the intention but not enough to edit it myself
#
gRegor` "in most software, this cannot happen" . . .
#
gRegor` Unless you're absolutely sure, have tested and can confirm that your software meets that criteria... you should get new certs.
#
gRegor` Call me paranoid, but I'll stick with Schneier "And you have to assume that it is all compromised. All of it." https://www.schneier.com/blog/archives/2014/04/heartbleed.html
#
kbs hm - I'm not so sure I'd implicitly go with that blog post
#
kbs at least for high value sites. [eg: "Thus, the server may leak the private key right after a reboot, but not later."] . I also think the openssl code is funky enough that I'd probably also wait for someone else to see whether the claims here are true
#
aaronpk high-value sites I would be more paranoid about
#
kbs yea
scor joined the channel
#
aaronpk i'm going to assume most of the sites I run are not high value enough for someone to go to the ttrouble of trying to extract the private key
tilgovi_ joined the channel
#
kbs *nod* yep, makes sense. I think [eg: indiewebcamp.com] perhaps at worst auth-tokens get taken
#
kbs but not sure it really matters much in the grand scheme of things
#
aaronpk funny thing about indieauth is everything is ephemeral anyway, since it delegates to the oauth providers
#
kbs for how long is the auth token you get back valid?
#
aaronpk 30 seconds or something
#
kbs oh, you don't exchange it for an access token I guess... nice
#
aaronpk oh hm i guess indieauth does get an access token from the oauth provider, but then it discards it
#
aaronpk darn
#
kbs meant to say access token, sorry for the confusion
#
kbs I personally at least don't think it really matters - the permissions aren't much more than what's public anyway
#
aaronpk but no, consumers of indieauth.com do not get an access token, they just get back the user's domain name
fmarier joined the channel
#
kbs *nod* - it's indieauth.com that would potentially have the issue, right
#
kbs well - actually I only use github and g+, dunno how powerful the access tokens requested from twitter are...
trodrigues joined the channel
#
tantek aaronpk I'm assuming that certain organizations with resources have been using this vulnerability to scrape keys and passwords from every server. You know, perhaps by renting botnets?
#
aaronpk that is a paranoid but safe assumption
#
tantek e.g. "SSL removed and added here"
#
tantek having everyone's private keys would be a great easy way to do that
#
kbs initially misread that as 'everyone having a private key would be an easy way to fix that' :-)
#
kbs (something about twisting facts to fit ones world-view ;)
scor joined the channel
#
trodrigues hi all. if I was interested in putting together an indiewebcamp what would be the best way to go about this? I was looking around the wiki but couldn't seem to find much information in this direction
#
kbs aaronpk: ah, are the twitter tokens a non-issue you think? [dunno what token-type it's getting
#
kbs lazy to look it up :)]
#
aaronpk kbs: it's only getting read access anyway
#
kbs aaronpk: ah, cool.
#
aaronpk kbs: and I believe it can't even read DMs
#
tantek trodrigues: you're here so that's the right first step :)
#
aaronpk trodrigues: welcome!
#
tantek next - add yourself to indiewebcamp.com/irc-people :)
#
trodrigues yay!
#
Loqi woot
#
kbs aaronpk++ [nice, careful coding :)]
#
Loqi aaronpk has 421 karma
basal and fmarier joined the channel
#
trodrigues.net edited /IRC_People (+55) (view diff)
#
trodrigues so long story short, we're trying to put together a few more events happening around jsconf.eu in September or so, and I thought it'd be really cool to have an indiewebcamp around it
#
trodrigues (have to admit I shamelessly stole the idea form jsfest in SF)
KevinMarks joined the channel
#
tantek trodigues - great! there's an IndieWebCampUK scheduled for September
#
trodrigues oh, the one before/after dconstruct?
#
trodrigues wanted to attend that last year but it was full when I noticed :(
#
tantek right - right after
#
tantek trodrigues - yes it was overflowing!
#
tantek where's jsconf.eu?
#
trodrigues Berlin
#
trodrigues still not sure of the exact dates this year but it's usually around the end of september
#
tantek cool!
#
aaronpk I'd love to go to berlin again!
glennjones and tantek-ipod_ joined the channel
#
tantek there's likely to be enough interest to do one then, as http://indiewebcamp.com/2014/UK is scheduled for near the beginning of September
tantek-ipod joined the channel
#
trodrigues yep. also, with all the people coming for the events of the wekk, and the local community I'm pretty sure there would be more than enough people
pauloppenheim joined the channel
#
trodrigues s/wekk/week/
#
Loqi trodrigues meant to say: yep. also, with all the people coming for the events of the week, and the local community I'm pretty sure there would be more than enough people
#
trodrigues (oh that's nice)
#
trodrigues what I'd like to understand right now is what would be necessary to put one event together. we're doing a meeting in a few days with the jsconf organizers and other people involved in the surrounding events so we can try and start putting together a picture of what we'll try to do
#
tantek trodrigues perhaps most importantly: you need multiple people to be dedicated co-organizers committed to putting in the time and effort to do the event.
#
trodrigues I might even try and attend the UK one this year. been to the last couple of dconstructs and it's always great to go back to Brighton :)
#
tantek and preferably all of them on IRC (coordinating here in this channel)
#
tantek our experience has been that with only one person organizing an indiewebcamp, lots of things fall apart
#
tantek 3 seems like the minimum so far for a small to medium indiewebcamp of 20-30 people
#
trodrigues yeah I can imagine. I guess that's one of the things we're going to try and figure out on this meeting. what we really want to commit to doing and who's doing what and helping who
#
tantek you should!
#
tantek that will also help with running one
#
tantek that is, having attended one and see how they're run
#
tantek makes a big difference, answers lots of details / defaults questions
#
Loqi fo sho
#
tantek have you ever run a BarCamp?
#
tantek a lot of running and IndieWebCamp is basic BarCamp stuff with a bit more
#
tantek s/and/an
#
Loqi tantek meant to say: a lot of running an IndieWebCamp is basic BarCamp stuff with a bit more
#
trodrigues nope. I have a general idea but haven't been involved in one
#
trodrigues I was involved in LXJS (a JS conf in Lisbon) over the last couple of years, but that's kinda different I guess :)
#
tantek any chance of getting someone on your team who has helped run a BarCamp before? that will help a lot.
#
trodrigues mmm...I can ask around. I'm pretty sure I can find someone in Berlin who has done so
#
trodrigues I'm having a look through some of the past event pages to have a better idea of what's involved
#
trodrigues oh there's some irc logs too
#
trodrigues ok, I'll read through some more of this stuff, and also have a better look at the concepts of a barcamp and try to find someone who's been involved in one. also, I'll hopefully be able to get some more people involved by the end of the week
caseorganic joined the channel
#
tantek I think there are a bunch of "how to do a barcamp" posts?
#
tantek like a good one from cleverclevergirl
#
trodrigues oh. also hadn't noticed this http://decentralizecamp.com/
#
trodrigues damn. I think I'm in the UK on this date. would love to attend this
#
tantek trodrigues - if you have a proposed date(s) for IndieWebCampBerlin, please feel free to add it as a tentative to indiewebcamp.com/events
#
tantek good to start capturing possibilities, sometimes that brings out people who want to help!
glennjones joined the channel
#
trodrigues will do. I should now the exact dates when we do the meeting. jsconf probably falls on a weekend as well, and there's other events happening so I want to figure out what the best dates would be
#
trodrigues ugh. *know. I need to go get some sleep
#
trodrigues ok, well thanks a lot for the info. I already have something to move forward on, and I'll stick around here and try and figure out this stuff. I'm off to sleep now
#
pauloppenheim kbs: PGP getting some positive press today after heartbleed
#
pauloppenheim http://lorddoig.svbtle.com/heartbleed-should-bleed-x509-to-death
pfenwick joined the channel
#
kbs pauloppenheim: ha, interesting - thanks for that link. (BTW, some of the old farts have been toiling away at their cut for a replacement for PKI-based authentication (using pgp) over at http://web.monkeysphere.info/)
#
kbs monkeysphere is mostly about authentication I suppose (rather than adding PGP encryption so there's another backstop.)
#
kbs also thinks that the openpgp format is itself pretty old and hairy
#
kbs probably a different set of issues lurk in any codebase that tries to work with it too...
#
kbs something about people who started coding in the 70s *cough zimmermann* makes them want to create bit-field data formats rather than even byte-aligned things. sigh.
tantek joined the channel
#
GWG What would you say are the most important things about an indieweb site?
snarfed and gRegor` joined the channel
#
gRegor` Chicago HWC about to start! Once KartikPrabhu arrives.
#
GWG Did I miss anything?
#
pauloppenheim kbs: is this related to monkey.org?
#
tantek GWG awesome!
#
tantek I'm en route to SF to get setup for ours
#
tantek sorry, meant, gRegor` awesome!
snarfed1 joined the channel
#
GWG Awesome what?
#
GWG I've been having network hiccups all night
KartikPrabhu joined the channel
#
kylewm you didn't miss anything GWG, and you can always check the log https://indiewebcamp.com/irc/today ... it's updated more or less in real time
#
bret crap HWC never made it to calegator
kbs joined the channel
#
kbs pauloppenheim: not related to monkey.org - monkeysphere.info is mostly a bunch of pgp fanatics who are trying to replace the PKI bits of ssl with the WoT pgp model
#
kbs and have gotten some of them pieces talking together
#
bret ok created http://calagator.org/events/1250465989
#
Loqi Homebrew Website Club PDX on Wednesday, Apr 9, 6:30pm at Mozilla
#
KartikPrabhu what should eb done at HWC Chicago :P we don't have an agenda!
#
snarfed1 KartikPrabhu: anything you want! this is a good template: http://tantek.com/2013/332/b1/homebrew-website-club-newsletter
#
snarfed1 tl;dr: first half, everyone briefly mentions their interests. second half, people split up into small groups on common interests
#
pauloppenheim kbs: re: replacing CA system, seen http://convergence.io/ / https://www.youtube.com/watch?v=Z7Wl2FW2TcA ?
#
kbs pauloppenheim: yep - moxie is doing lots of awesome things [particularly like textsecure among all the things he's done]
#
KartikPrabhu snarfed1: we are only 2 people :)
#
gRegor` Check and check :)
#
snarfed1 KartikPrabhu: lol good point
#
snarfed1 then skip the talking and jump straight to hacking :P
#
GWG kylewm: How are you doing?
#
snarfed1 KartikPrabhu: if you're looking for conversation topics, more thinking about this would be great! https://github.com/snarfed/bridgy/issues/125
#
gRegor` hacks into snarfed.org
#
gRegor` Oh, is that not what you meant? :)
#
snarfed1 is confused
#
snarfed1 oh. heh
#
GWG I'm always confused
#
snarfed1 please do try. i'll happily offer a bounty for any exploits you find :P
#
tantek GWG re: the most important things about an indieweb site - follow the IndieMark levels: http://indiewebcamp.com/indiemark
snarfed joined the channel