2014-05-06 UTC
# 00:01 kylewm hehe, indeiweb might find some roman catholic web designers
tilgovi, kbs, KevinMarks2 and Phae joined the channel
# 00:44 kbs snarfed: as I'm updating the checkmention to handle rel links better - would it be ok to run one more test on your polytics page? [this one adds a rel=me link in the content, and tries to spoof identity in a few ways.]
lmjabreu joined the channel
# 00:46 GWG snarfed: Do you have any idea on how, if the webmention hook uses the source, destination, and response, to figure out the post_id? Or do I have to go through every single post to compare the permalink?
# 00:48 GWG My plan is to store the response in the post itself.
netweb joined the channel
# 00:48 snarfed there's a wp function to look up post id by URL (in this case target) or slug
KevinMarks2 joined the channel
# 00:49 GWG It is called...unimaginatively... url to postid
# 00:51 GWG So, your bridgy responses consist of a JSON object that includes "url", "type", and "id"?
# 00:51 GWG What are the possible options for type?
# 00:51 snarfed i only guarantee url and id, and then only on success
# 00:52 GWG Because now it becomes a Bridgy specific plugin.
# 00:52 snarfed yes, since the spec doesn't define a response format
# 00:52 GWG That's why I'm asking. I should be checking the code, probably
# 00:53 GWG But, Bridgy only has a designated number of possible publishing points.
# 00:53 snarfed if your goal is to get syndication links from bridgy publish, then expecting bridgy's response format is reasonable
# 00:55 GWG snarfed: So, I just have to determine the domain from the url, use that to set a predefined post meta id that the URL is the value of.
# 00:56 GWG I haven't even updated my copy of the plugin to start trying.
# 00:58 GWG But that one is one that might jump the line.
# 00:58 GWG I've never been particularly good at prioritizing.
# 01:03 GWG I have this idea for a Bridgy plugin that does this and offers post meta boxes that allow you to select which sites to publish to and then adds the link in. That would be simple enough to work.
# 01:03 GWG Not sure what other features would be desirable.
# 01:03 GWG snarfed: All the plugins for that I tried stink. So, yes, I'd be in favor.
# 01:04 snarfed also bookmarklets for when you're on a tweet or fb post in your browser, to open that admin page and automatically fill in the url
# 01:04 snarfed (i've hacked up wordpress's Press This bookmarklet to do that)
# 01:05 GWG snarfed: Would that something that goes in a plugin?
kbs joined the channel
# 01:06 GWG Let me see if I can do the other stuff first
# 01:07 kbs snarfed: done with test - thanks!
# 01:08 GWG snarfed: If it works well...would I be eligible for official endorsement?
# 01:08 snarfed as in, posting something on bridgy saying, this is good, use it?
# 01:10 GWG snarfed: Sometimes you need motivation
# 01:10 GWG KevinMarks2: I'll be focusing on the other stuff first
emmak joined the channel
onewheelskyward, kbs and brianloveswords joined the channel
# 01:19 kylewm !tell kbs love the new checkmention test, but I can’t quite parse this sentence: “Please also check the links don’t have a rel="me" attribute on them, or someone could indieauth as you.” isn’t the solution to not accept mentions from third-party sites (except whitelisted sites like bridgy)?
# 01:19 Loqi Ok, I'll tell them that when I see them next
# 01:19 kbs kylewm: ah, that does sound confusing. All I meant to say is that when embedding the content, that <a href=""> link should not also contain a rel="me" attribute
# 01:20 Loqi kbs: kylewm left you a message 1 minute ago: love the new checkmention test, but I can’t quite parse this sentence: “Please also check the links don’t have a rel="me" attribute on them, or someone could indieauth as you.” isn’t the solution to not accept mentions from third-party sites (except whitelisted sites like bridgy)?
# 01:20 kylewm ohhh, aonther layer removed from the exploit i was worried about
hallettj joined the channel
# 01:33 kbs kylewm: right - I think the host-based whitelisting for bridgy would be 'good enough' (likely also need to ensure it's only using https, and whatever library is also verifying the certificate etc...)
# 01:35 kylewm out of utter ignorance, is it totally trivial to spoof a site without https?
# 01:36 kylewm I guess you'd just need to misdirect someone's dns
# 01:36 kbs well, I think the main hurdle (my 0.02 anyway) is spoofing DNS
# 01:36 kbs and that can be easy or hard depeendin...
# 01:40 kbs (at least in the java world, the other issue tends to be clients that don't actually validate an ssl connection. For some strange reason, many jvms are set up to not actually validate the cert after doing all the hard work of talking tls)
# 01:41 kbs You could also just use a pinned certificate on appspot.com which ought to do the trick just in case the certificate authority list used by your library isn't as kosher as it ought to be.
# 01:43 kbs and as usual, there's a nice balance between how attractive your site is to spammers, and how much effort one is willing to spend on this :)
# 01:46 aaronpk also MITMing your server is another attack vecgtor, but probably not very likely
# 01:51 kbs actually, I wonder if https actually solves the appspot issue... the certificate is only for CN=*.appspot.com :/
# 01:52 kbs I guess in theory it could be taken over by another appengine service, if they could also convince you that it's brid-gy.appspot.com
# 01:53 GWG This may be a horrible culinary mistake. Horseradish in hamburgers
# 01:54 kbs vaguely thought wasabi burgers was a thing
# 01:55 aaronpk is offline for a couple hours while I fly to SFO!
# 01:55 kbs good weather here :) have fun at IIW
snarfed joined the channel
# 02:00 kbs shoe drops - unless I'm missing something, services running https on appengine may not be _that_ secure after all :)
# 02:00 kbs well, with endpoints on *.appspot.com anyway...
# 02:00 snarfed GWG: same thing as you're working on, might be worth a look
fmarier joined the channel
# 02:02 kbs works out of cafes all the time :)
# 02:02 snarfed also, if you own the network to that degree, there are probably much simpler and more practical attacks
# 02:03 snarfed it's an interesting question though. i don't know enough about wildcard ssl certs to say
# 02:03 kbs I guess what I'm thinking, is that authentication now falls on dns, not ssl
# 02:03 snarfed i know google login itself is immune, since google account cookies are compartmentalized by product/domain, so checkmention-bad couldn't use checkmention's cookies
# 02:04 snarfed just as almost all user auth falls back to email :P
brianloveswords joined the channel
# 02:14 kbs nice, hope Portland gets the fast access :) Unrelated, but I dropped into one of the starbucks offering "google internet" out in the east-bay, and boy it was not too shabby.
# 02:15 kbs oh it's currently already in portland *doh*
# 02:17 kbs ah, nice. That's what I thought when I read your note, but that map on fiber.google.com got my brain discombobulated.
# 02:20 kbs also has to get used to spelling it fiber, not fibre
# 02:21 kbs (I gave up the battle with metre/meter :)
# 02:22 kbs the american spelling is more pragmatic though, you'd think I could get used to it after three decades
scor, snarfed and tilgovi joined the channel
gRegor` and KevinMarks2 joined the channel
# 03:42 KevinMarks !tell snarfed It's not just me, I think they really don't like crawlers. Web-hostile
# 03:42 Loqi Ok, I'll tell them that when I see them next
niven joined the channel
# 03:48 KevinMarks hm. why does my hcard show up on kevinmarks.com when I'm logged into google, but not when I'm not?
# 03:49 kylewm KevinMarks: hmm, I see it whether I'm logged in or not
niven joined the channel
# 03:51 kylewm oh wait, maybe I didn't understand the issue … I see an hcard at the top of kevinmarks.com regardless of whether I'm logged into google or not
# 03:59 KevinMarks I think they only show it by one, and prefer my old blog in pagerank terms
lukebrooker, tantek, niven and snarfed joined the channel
# 04:37 Loqi snarfed: KevinMarks left you a message 55 minutes ago: It's not just me, I think they really don't like crawlers. Web-hostile
snarfed, pauloppenheim and KartikPrabhu joined the channel
cweiske, jsilvestre and DamonOehlman joined the channel
LauraJ joined the channel
# 06:52 aaronpk i kept trying to google for it or search my browser history
LauraJ, eschnou, blix_, Guest_____, foxe, krendil and friedcell joined the channel
the_merl1n, hidgw and sparverius joined the channel
barnabywalters, kyank and bnvk joined the channel
# 10:59 bnvk it would be mighty inconvenient for many peoples entire world views
kyank joined the channel
# 11:24 kyank Anyone able to answer an h-card question?
# 11:27 kyank I see <h1 class="p-name p-author">Tantek Çelik</h1>, but that’s in an h-feed, not in the h-card.
# 11:27 barnabywalters kyank: yep, that’s because if there’s no explicit “name” property given, microformats parsers will take the text content of the element and use it as the name
# 11:27 barnabywalters which has two benefits: all microformats are guaranteed to have a name property (even if it is a little messy);
# 11:28 kyank Take the text content of which element?
# 11:29 kyank Right. I’m not seeing such an element with “Tantek Çelik” as its content.
# 11:29 kyank So I’m wondering where the parser is finding that name.
# 11:31 kyank Ah, found it: <abbr class="p-name fn" title="Tantek Çelik">tantekc</abbr>
scor joined the channel
# 11:37 kyank Tricky, that Tantek! ;)
jsilvestre_, bnvk1 and jacus joined the channel
tpinto and chloeweil joined the channel
chloeweil and ttepasse joined the channel
carlo_au joined the channel
glennjones, snarfed, brianloveswords and onewheelskyward joined the channel
snarfed, gRegor` and Sebastien-L joined the channel
# 15:03 kylewm any suggestions on how to guess the extension of an uploaded file? e.g., from OwnYourGram?
# 15:05 gRegor` Meaning a third party site is returning that mime?
# 15:05 gRegor` Forcing you to download the image, but you want to know what type it is beforehand?
kbs joined the channel
# 15:07 barnabywalters which look at the first few hundred bytes of the file and try to figure out what it is
# 15:07 ben_thatmustbeme hmm kylewm. i guess you could check the headers of the file itself, would be a little bit of work
# 15:07 gRegor` You can read the header of the file to determine it.
# 15:07 gRegor` ^ barnaby beat me to it.
brainTrain joined the channel
# 15:11 kbs kylewm: you've already implemented aaronpk 's micropub endpoint authentication, is that right?
# 15:12 kbs oh, nice :) one thing I was wondering - what signatures do you two choose to approve? [ie, signed by what public key?]
# 15:13 kbs ie - you get a JWT token signed with something - what public key are you using to check that it's a valid signature?
# 15:13 aaronpk right now everything is done through APIs, so you can just ask the token endpoint if it's valid
# 15:14 aaronpk ben_thatmustbeme: thanks! glad you found the docs useful, I tried to make it super helpful.
# 15:14 kbs ah, ok. I was about to try and submit a token signed by the pgp key on my site
eay joined the channel
# 15:14 kbs it's a bit of work to pull out the RSA params, etc - but it looks doable
# 15:15 kylewm kbs: the access token that I give out is JWT, signed with SHA256 and my flask application's secret key
# 15:15 kbs kylewm: oh, cool. So you are implementing both the token-exchange as well as the micropub endpoint then?
# 15:17 aaronpk i'm using curl to do the file upload, so it gets set automatically somehow
# 15:19 kbs ah, nice - thanks kylewm and ben_thatmustbeme . I was starting to tinker with creating signed tokens - so in principle one could validate them directly with public keys from the associated site. eg: I submit a signed token with "iss"="https://kbsriram.com" and an endpoint can validate it from a suitable pubkey rel tag on kbsriram.com
# 15:20 kbs (This potentially reduces the dependence on other sites to validate identity)
# 15:21 ben_thatmustbeme just a cursory reading of some archives. seems that curl itself supports setting mime type, but php_curl does not
# 15:21 kylewm aaronpk: so you download the file to a temporary location from IG, and then upload it via micropub, right? could the temporary filename just have an extension added to it?
# 15:22 aaronpk I wonder if that's how php curl figured out the mime type
# 15:23 ben_thatmustbeme aaronpk, i'm guessing you are using php_curl not just curl from a bash script or anything.
gRegor`_ joined the channel
# 15:26 kylewm lol, that was fast and worked :) thanks aaronpk!
# 15:28 kylewm yes, otherwise you would see lots of pictures of my coffee
# 15:29 ben_thatmustbeme so as a token endpoint all i have to do is pass those 5 post values on to the auth endpoint and it will return me the me and scope in the body?
# 15:31 kylewm kbs: I'm not quite understanding how pub key/private key comes into play? unless the micropub client wants to verify that the token actually came from the person it thinks it came from
# 15:32 aaronpk the idea with signed tokens is that they can be verified without an API request
# 15:33 kbs kylewm: rough thought is actually around ACL-based access to portions of your site. Ie, you want to allow some set of people access to a part of your site
# 15:33 kbs kylewm: you can lookup the issuer of the token, go back to their site, and validate the token - which allows for identity validation without needing to (say) get into g+ etc
# 15:33 aaronpk kbs: careful to not conflate the idea of signed tokens with the idea of access control in general
# 15:34 kbs hm - wouldn't access control fundamentally depend on identity validation, which presumably signatures offer?
# 15:34 aaronpk yes but there's more than one way to skin the cat
# 15:35 kbs that's why I was wondering about whether signature checking (implemented by the cat skinners who choose to do it that way) would allow for identity validation as well
# 15:37 kylewm so you would essentially do login by saying "hey prove to me you are who you say you are by signing something", then verify the signed thing against their site's rel=pgp-key ?
# 15:37 kbs kylewm: right - [which is the same function that JWT also does at the moment]
# 15:38 kylewm mmm, but kylewm.com signs the JWT with its private key, the user's key doesn't come into play at all. that's where i'm confused
# 15:40 kbs so the use-case [to start with] is that you have a portion of your site that I could access
# 15:40 kbs I start by creating a signed JWT (signed with my private key of course) and pass that to a GET request on that protected section of your site
# 15:41 kbs (ie - your site gets that token only at that point). The creation of the initial signed JWT token by me would be done on my own site, or thorouh a local app
# 15:42 aaronpk I guess I'm unclear what advantage that gives over how it's currently implemented by others using IndieAuth + session cookies
# 15:42 kbs not much - other than it possibly allows logins to occur without needing g+ and other sites
# 15:43 aaronpk ok so not relying on silos can also be solved by your site becoming its own OAuth provider
# 15:43 aaronpk which is what rel=authorization_endpoint does (whether it points to indieauth.com or your own site, same thing)
tantek joined the channel
# 15:45 kbs hm. *thinking* I'm probably missing some connecting dots :)
# 15:45 aaronpk maybe I should make another reference authorization endpoint that's super simple and just uses password auth
# 15:46 ben_thatmustbeme so minor question, i'm guessing the idea of the scope bit is basically saying that by authorizing this application to post (which G+ sees as authorizing indieweb to post to G+) i'm saying that I'm authorizing this app to post on my site?
# 15:47 aaronpk as a demonstration of an auth server that doesn't require silos
# 15:47 aaronpk ben_thatmustbeme: the idea with scope is that your micropub endpoint can verify that the token generated is authorized to post to your site
# 15:47 aaronpk which lets you generate tokens that can do other things
# 15:48 ben_thatmustbeme i guess for my code it really doesn't matter, i am really only concerned with the ME bit,
# 15:49 aaronpk like maybe you want to try out barnaby's note interface, but yuo don't want to let his app post syndications for you. your micropub endpoint could require that in order to syndicate automatically, the token must include the "syndication" scope
# 15:50 ben_thatmustbeme so basically when i try to post to the micropub endpoint, i look up to make sure they have post ability
# 15:50 tantek aaronpk - I'm with you - much better to have a solution that doesn't depend on user-PKI setup which in practice is too much of a pain.
# 15:50 voxpelli aaronpk: these rel-authorization_endpoint and such – for relmeauth – should all of the linked rel-me profiles be checked for such rels as well=
# 15:51 tantek kbs, you find signing stuff with PKI works smoothly for you?
# 15:51 kbs tantek: very much so - I have a couple of apps that my family and friends use
# 15:51 kbs it's not PKI - but it's private-key based crypto underneath
# 15:52 kylewm kbs: you'll have to show tantek that android app at HWC some time, it is slick
# 15:52 tantek kbs - ok, good to know, I'll keep listening and try to understand better.
caseorganic joined the channel
# 15:53 kbs sure thing - think the main reason it works is that it's a mobile app, and the word crypto doesn't show up anywhere - it's a fairly simple 'share this photo/status' with so-and-so. That's about all it does
# 15:54 kbs tantek: pretty much, in use. Mostly photos, occasional video.
npdoty joined the channel
# 15:55 kbs Content gets stored on each other's dropbox/gdrive accounts encrypted
# 15:55 kbs and is pulled down to the local device and decrypted there.
# 15:56 kbs from the user's point of view, it's a very basic share-this with that-person(s) sort of thing.
# 15:57 voxpelli tantek: RelMeAuth – is it specifically meant to be used with OAuth or with any standard auth mechanism one can find on rel-me-consolidated profiles?
# 15:58 tantek it's meant to ephemerally delegate auth to whoever the publisher wants to (via rel=me), which is typically OAuth
# 15:59 voxpelli so it would make sense if this new non-silo auth that has been brainstormed in eg. auth-brainstorming would be used there as well I presume?
# 16:00 tantek if you have self-auth, you don't need to relmeauth to anything.
# 16:01 voxpelli I need relmeauth if I want to keep my consolidated profile DRY
# 16:01 tantek rel=me can be used to consolidate your profile yes
# 16:02 tantek relmeauth is only for using 3rd parties to ephemerally authenticate yourself as your domain.
# 16:02 voxpelli I'm thinking that if I have three blogs with micropub on all of them, consolidated with rel-me, then I should just have to specify auth-details on one of them
# 16:02 tantek once you involve micropub you're involving a different use-case
# 16:03 tantek you've entered the same cognitive dissonance that was confusing aaronpk a few days ago
# 16:03 tantek no matter how many blogs you have, it makes more sense to "auth" as your primary domain name, whatever you choose that to be
# 16:03 voxpelli okay, but surely I can have multiple personal profiles reflecting different perspectives of my online identity?
# 16:03 tantek and as long as that domain has its own self-auth, then again, you don't need relmeauth
# 16:04 tantek multiple personal sites, multiple personal identities etc.
# 16:05 voxpelli voxpelli.com is my personal blog, kodfabrik.se is my professional profile – none is more dominant than the other
# 16:05 voxpelli they reflect different parts of me, but none reflects it more than the other
# 16:06 tantek it's non-obvious enough to merit explicit documentation
# 16:08 voxpelli kodfabrik.se is my OpenID domain and the wiki couldn't resolve the rel-me link from voxpelli.com to there
# 16:10 tantek ah, you're using a separate /about page on voxpelli.com to rel-me link to providers
# 16:10 tantek that's the piece that I think is not supported in indieauth implementation(s) yet
# 16:10 voxpelli yeah, one needs a more complicated lookup mechanism like my relspider then
# 16:11 tantek voxpelli - the subpage feature is part of the RelMeAuth spec, just not yet supported
# 16:11 tantek you could for now just use a <link> tag if you don't want to put a visible link on your home page
# 16:13 voxpelli and that's why I'm wondering about these things as well because that crawling could be extended to also fetch info about new auth mechanisms like these
# 16:15 kylewm is IndieAuth simply a RelMeAuth implementation or is the relationship more complicated?
# 16:16 voxpelli kylewm: it started as a RelMeAuth implementation, now it does some more things I think
Sebastien-L joined the channel
# 16:16 kbs seems to have trodden some well-trodden path with lindy and relspider :)
# 16:22 voxpelli tantek: my idea is that relspider can work as a web service which tools like that one can fetch more complicated identity graphs from instead of or in addition to their own lookups
ttepasse joined the channel
snarfed joined the channel
# 16:34 voxpelli tantek: there's some thoughts, now it's time to go home from work here and find some food
brianloveswords joined the channel
paulcp and jsilvestre joined the channel
# 17:01 tantek clicks the twtr.io link to see what the actual link is in the tweet
Sebastien-L joined the channel
# 17:02 tantek hmm - the IIW contingent seems strangely absent from IRC and the Etherpad.
bnvk joined the channel
# 17:04 tantek looking forward to KevinMarks's live note-taking via his site
# 17:07 tantek gRegor`: it's a semi-regular internet identity brainstorming and support group that charges hundreds of dollars per attendee. ;)
# 17:07 gRegor` Ah, interesting
# 17:08 bnvk dang it, I wish I was on the west coast and could attend
# 17:08 tantek bnvk, curious what makes you say that - besides hanging out with aaronpk, kevinmarks, benwerd, erinjo etc.
# 17:09 tantek snarfed, does "workshop" imply work gets done? ;)
# 17:10 bnvk tantek: yes, obviously the attendees- the fact that a high number of people I respect are going to be there- also the topics
# 17:10 tantek bnvk - you coming to IndieWebCamp 2014 (East or West) ?
# 17:12 gRegor` I'm tentatively coming to IWC west
# 17:12 bnvk tantek: yah, i'm definitely planning on the Berkman East coast one, if UK happens again I'll be there :)
# 17:13 gRegor` I want to wait until it's definite. Need to check a few things.
# 17:15 bnvk I'd really love to make it to that, but timing & dates I'm not sure if makes sense for me + costs of flights to west coast are a bit more
jsilvestre joined the channel
# 17:18 bnvk is there another one there coming up?
# 17:18 tantek IndieWebCamp 2014 is being done in two locations :D
KevinMarks joined the channel
# 17:20 KevinMarks I have a chromebook to be the telepresence machine for ciberch and others
# 17:21 bnvk hrm, flights to NYC are a bit cheaper
# 17:23 aaronpk introduced myself as "Aaron Parecki, IndieWebCamp and oauth.net" <- that should turn a few heads
# 17:23 tantek aaronpk - let's see if anyone just introduces themselves by URL
# 17:25 aaronpk we're not all sitting next to each other so "indieweb" came up a few times around the circle
chloeweil joined the channel
indie-visitor joined the channel
# 17:28 Loqi Welcome, indie-visitor! Set your nickname by typing /nick yourname
# 17:29 bretttttttt hypervisor is down, lol
# 17:29 bretttttttt its bret from portland
# 17:30 bretttttttt hypervisor is the thing that runs my VPS that runs my bouncer
# 17:30 bretttttttt because bret and bretc are registered and I dont have the password
# 17:31 bretttttttt basically my tower of IRC software failed for the moment and Im on webchat XD
# 17:31 bretttttttt i like the guy fawkes mask wearing dog logo thats rad
_6a68 joined the channel
# 17:32 bretttttttt how is iiw going?
# 17:33 KevinMarks odd, getting empty replies from wordpress.com with indiewebify.me
# 17:33 aaronpk trying to figure out how to frame it for the audience here
tpinto joined the channel
# 17:35 tantek there's got to be people there that already get the intro, and just want to connect up and become more indieweb themselves
# 17:35 aaronpk so all session notes get compiled from word docs and are distributed as a PDF via email at the end
# 17:36 bretttttttt #doc2pdf.exe
# 17:36 bretttttttt KevinMarks: I guess you win this TIME!
# 17:37 bretttttttt (your point about word vs markdown)
# 17:37 tantek "When notes are complete please email this document as an attachment "
# 17:37 bretttttttt wait, but there is a wiki RIGHT THERE!
# 17:38 tantek so wait, on a *WIKI* they are asking you to take notes in MSWORD and EMAIL them to a bottleneck?
# 17:38 bretttttttt you can use a text editor before entering it into the wiki
# 17:39 bretttttttt why not just take notes into an email?
# 17:40 bretttttttt tantek: im predicting a similar rational as to why people didn publish html slides at osfw3c
smagali joined the channel
# 17:41 bretttttttt hey smagali
# 17:42 KevinMarks benwerd has intor to indieweb, aaron has indieauth, I have "Join the indieweb" - practical session to induct people
# 17:43 tantek KevinMarks: awesome. recruit the best and brightest and most productive.
chrissaad and snarfed joined the channel
# 17:46 smagali @tanktek surely I have to have been here twice before I can be considered 'regular' ;)
iangreenleaf joined the channel
# 17:47 brettt kylewm: silo quits I think
LauraJ joined the channel
# 17:50 brettt since it has info on getting up and running and then crashing
# 17:55 kylewm lol at “one of the indie posse”, nice benwerd
bnvk joined the channel
# 18:01 tantek kylewm: /code is for the "code" post type, that is, posting code on your own site.
# 18:02 bnvk does anyone else find it slightly odd that we use #indieweb on Twitter, but there is no #indieweb IRC chan?
# 18:03 kbs runs away from all #indie-* nomenclature topics :)
# 18:07 Loqi Ok, I'll tell them that when I see them next
tantek joined the channel
emmak joined the channel
benwerd and KartikPrabhu joined the channel
# 18:12 kbs would be very glad to just quietly lurk and see livenotes/blogs whenever convenient for any of you
# 18:13 tantek mutes self on talky.io. I'm the red blob thing. :)
# 18:13 kylewm bnvk: confirm that I found the #indieweb vs. #indiewebcamp distinction confusing when initially reading about it
# 18:16 brettt what is the big red vido box?
# 18:16 brettt also KevinMarks not sure were getting any audio
bnvk_ joined the channel
# 18:17 tantek brettt: I'm the big red. That's an EFF privacy sticker :D
pfefferle joined the channel
# 18:17 brettt tantek: are you getting audio from KevinMarks ?
# 18:17 kbs uses the ductape privacy sticker :)
ciberch joined the channel
# 18:18 ciberch Hi @KevinMarks where to join for #iiw
# 18:18 brettt no :( but tantek should confirm
smagali joined the channel
dariusdunlap joined the channel
# 18:19 ciberch I cant hear :(
# 18:19 brettt KevinMarks: still not getiting audio
# 18:20 kylewm KartikPrabhu: bnvk: and I think I actually joined #indieweb on irc first
_6a68 joined the channel
# 18:21 brettt KevinMarks: Audio!!!
# 18:22 KartikPrabhu kylewm: yeah. I hope he writes his linger post so this is sort of cleared up
# 18:22 Loqi KartikPrabhu meant to say: kylewm: yeah. I hope he writes his longer post so this is sort of cleared up
tilgovi joined the channel
# 18:23 aaronpk it's pretty loud in here too, like lots of background noise
chrissaad joined the channel
# 18:23 smagali kevin, your session is at 12, right?
# 18:24 aaronpk the next ones will be better cause they'll be in an enclosed room
# 18:24 aaronpk that's kevinmarks on the floor setting up the camera
# 18:25 tantek question for j12t: who else is using an indiebox at home?
# 18:26 brettt what is it running? not debian?
# 18:26 aaronpk darn I really need a way to posse photos to twitter *right now*
# 18:28 bnvk glad Johannes is doing a crowdfunding campaing
# 18:28 tantek Is that "Can't be evil: lies Googlers tell themselves" ? ;)
# 18:29 kylewm I was hoping, ‘build systems on more than good intentions’
# 18:29 brettt wow, great work Johannes! He should talk with the pump.io crowd. I know they were interested in doing plug servers
# 18:29 aaronpk snarfed: does bridgy posse photos with twitter too?
_6a68 joined the channel
# 18:30 brettt aaronpk: manual posse works in a pickle, given 5 - 10 minuts XD
# 18:32 brettt slow computer, fixing things that break, uploading the imag to flicker for full rez
indie-visitor joined the channel
# 18:34 indie-visitor crap its just me again
# 18:35 bretttt aaronpk: ff crashed
# 18:36 ben_thatmustbeme rather interesting watching the video, seeing the etherpad and talking on here. Feel much more connected
snarfed joined the channel
# 18:37 aaronpk benwerd++ for the ridiculously thorough note taking. i feel like i can't jump in cause i'll interrupt his flow
# 18:37 kbs great transcriptions benwerd, thanks
bretttt_ and kevinbae joined the channel
# 18:41 bretttt KevinMarks++ for the video :)
# 18:41 aaronpk laptop mics aren't designed to pick up a full room
hallettj joined the channel
# 18:45 ben_thatmustbeme don't know that i would call heartbleed a success story... there were some mistakes that went on
# 18:49 brettt im a little worried 50,000 fixed funding is a bit steep at this point
# 18:49 kbs sorry, can someone fill me in on what an "IDP app" is? Intrusion detection?
# 18:50 aaronpk you're gonna hear that a lot around here the next couple days
bretttt joined the channel
# 18:54 bnvk really great job noting things down benwerd :)
# 18:54 aaronpk our notes are gonna blow the rest out of the water once we put them into the word doc and they get turned into a pdf and emailed
# 18:55 tantek aaronpk - please post the notes session by session onto the IndieWebCamp wiki instead
snarfed joined the channel
# 18:56 bretttt can we put it in a super old version of a word doc?
# 18:56 aaronpk isn't it worth actually sending them the full notes though?
# 18:56 bretttt like word 95? there has to be a VM somewhere
# 18:56 tantek put ONLY the URL to the notes on the IWC wiki
# 18:56 tantek and by clicking through from the Word to the PDF to the wiki, they'll get it
# 18:56 bretttt :D even better a mac version
# 18:57 bretttt can you embed the word doc into a PDF?
# 18:57 aaronpk having just discovered that I lost a bunch of photos (not because of a lack of backups, just literally lost) I am coming to the conclusion that the only way to make things persist is to spread copies out all over the place
# 18:57 KevinMarks doesn't have word though, just photoshop and swedish hypercard
# 18:57 aaronpk apparently I can't even be trusted to keep my own data
# 18:59 kbs benwerd++ awesome notes, much appreciated.
# 18:59 tantek notes macosx util textutil for converting .txt to .rtf >:D
# 19:00 KevinMarks tantek you could run your old website making tool on this mac image
# 19:02 tantek echo "http://indiewebcamp.com/" | textutil -stdin -output worddoc.rtf -convert rtf
# 19:02 tantek that's how you turn a URL into a Word document with the URL in it
# 19:04 bnvk you guys, encode the URL in a QR Code, please!!!
# 19:04 ciberch is there a way to search in this room ?
# 19:04 tantek btw the reason to put it on a wiki is so that you can link it after the fact, and edit typos etc.
# 19:04 ciberch I want to see if anyone figured out how to turn the video off for the talky
# 19:04 tantek none of which you can do with MSWORD -> PDF -> email enclosures
# 19:05 bretttt ciberch: just dont plug in a web cam?
chrissaad and KevinMarks joined the channel
# 19:06 ben_thatmustbeme brettt. Until i told it to pretend I had one and give it permission (to one that doesn't even exist) it wouldn't show anything
# 19:07 ciberch @bretttt its my mac's cam - guess I can see if I can disable on Chrome
# 19:08 ciberch Thanks @snarfed that works
# 19:10 tantek ben_thatmustbeme: didn't fight with anyone. just asked people to post notes on their own site instead of Twitter
# 19:10 tantek not sure how asking for a positive is a "fight"
# 19:10 bretttt ben_thatmustbeme: i have had that issue before, but it just works today for some reason ¯\_(ツ)_/¯
# 19:11 bretttt someone taking ntoes?
# 19:11 tantek ben_thatmustbeme: that "whole" mess was a bunch of folks overreacting to a tweet about posting notes on your own site
brianloveswords and eschnou joined the channel
# 19:13 bretttt benwerd++ great!
j12t joined the channel
# 19:13 ciberch oh that reminds me I finally bought ciberch.com @tantek
smagali joined the channel
# 19:14 bretttt encoding data into html, because that is the medium of exchange, today
# 19:14 ciberch that would have been cool
# 19:14 bretttt dangint, firefox keeps crashin
# 19:14 smagali I've got luckyred.cat
# 19:15 smagali means I'll have to commission a catalan translation within 6 months of going live or they take it away
iangreenleaf joined the channel
# 19:18 bretttt raise those hands proudly ;)
# 19:18 bretttt ciberch: get on that!
# 19:20 ciberch Do you guys have a git repository to fork for the starter web server app to run
smagali joined the channel
# 19:20 bretttt holy crap, I think thats the way to state it
# 19:21 bretttt "Twitter apps for posting your own site"
# 19:21 bretttt because man, people loved their twitter apps
# 19:22 ciberch I can migrate it to use indie auth
# 19:22 ciberch instead of fb auth
# 19:22 bretttt KevinMarks: are you hosting with github pages? or something similar?
# 19:22 tantek hilarious to be taking notes for a session from *home*
# 19:23 bretttt if you have a website that rebuilds on a push my project will fit closely
# 19:23 aaronpk i need to carry my tiny projector around apparently
# 19:23 bretttt invisiwave bnvk
# 19:23 bretttt camera is not plugged in
# 19:24 tantek aaronpk - darn - I have a pico projector you could have borrowed!
# 19:24 tantek so is the IIW crowd now considered Generation 2?
# 19:25 bnvk freezing my talky video to not add to lag
smagali joined the channel
# 19:28 tantek hey benwerd - note that you receive federated RSVPs from other platforms too!
# 19:29 bretttt What is #CloudNames?
# 19:32 bretttt i have moved a number of things back home off my VPS recently
# 19:32 bretttt the connection is fast enough finally
# 19:32 bretttt the key to home serving is fast internet
# 19:32 ciberch kylewm: got it maybe someone has their website's code on gtihub and can link us
# 19:32 tantek ben_thatmustbeme: nice going with using your domain name as your name in Etherpad
# 19:32 ciberch I can help with a ruby version of a starter app
# 19:33 bretttt ciberch: my site is hosted entirely in github pages, http://bret.io/ please excuse the jankeyness
jedahan joined the channel
# 19:33 ciberch awesome looking now
# 19:34 bretttt ciberch: I think idno is entirely on github as well
# 19:34 bnvk it's awesome hearing everyone's voice- miss y'all
# 19:35 bretttt miss you bnvk! come to portland for IWC!
# 19:36 bretttt Im interested in eventually playing with home serving and caching service
smagali joined the channel
# 19:37 bretttt its key to eventually get that service data INTO the html file itself. working on that now
# 19:38 tantek ok I seriously don't understand the "unhosted" handwaving
# 19:38 bretttt unhosted is cool model. would love to see more examples
# 19:38 tantek bretttt: I don't understand it enough to say why it is cool or not
# 19:38 bnvk tantek: so my plan was to be in Berlin in June- perhaps jancborchardt will be around and perhaps we could do a mini-IWC on the same day as East / West... thoughts?
# 19:39 tantek KevinMarks, example of an actual "unhosted" site? a pile of code and conference foo is not that interesting
# 19:41 bretttt tantek: I went to one of their meetups. They are looking at ways to build apps so that the app code lives on a server, and you data lives in your browser. It works, but is totally novel so not many people work on it
# 19:41 tantek why would I trust app code on some random server?
# 19:41 bretttt its similar to micropub
# 19:42 aaronpk using other people's apps to post content to your own site
# 19:42 kylewm i started out wanting to write an unhosted micropub client, but cross-origin restrictions got in the way
# 19:42 bnvk I've seen an unhosted todo list app that ran on my iPhone and used localStorage... there was an option to sync to remote servers or apps as well IIRC
# 19:42 bretttt kylewm: thats what I ran into a bit of. browser security is confuuusing
j12t joined the channel
# 19:45 aaronpk maybe 6 different programming environments, cause i was doing raw php and someone else was using a php framework, i forget what
# 19:45 bretttt idono -> known?
# 19:46 kylewm i keep wanting to ask what the most “esoteric” language people do indieweb stuff in, but obviously it’s CASSIS :)
dariusdunlap joined the channel
# 19:46 bretttt CASSIS is just JS and PHP, so actually maybe the most common! kylewm
# 19:47 ben_thatmustbeme yeah, i knew it was going to change, i take it this is the first time the new name is mentioned
# 19:48 tantek why :( - I see an opportunity for some app.net fan to fork it and install it on their own site!
# 19:49 snarfed oh man. what do i want even less than another silo account? an entire instance i have to maintain myself
# 19:51 kylewm satellite HWC in MV is a good idea in case other conference people want to attend too!
# 19:51 jancborchardt bnvk: if it’s going to be end of June (like 26–29) I’m in! The other parts of June there’s ownCloud workweek and vacation
# 19:53 bnvk jancborchardt: nah, I wish I was, but apartments, leases, budgets, etc...
# 19:53 bnvk jancborchardt: the US event is on June 28, so that should work... I need to book my plane tickets and such, but let's chat real soon about this
benwerd joined the channel
# 19:55 bnvk speaking of custom domains- any of you ever in need of a .is TLD, hit me up ;)
# 19:56 jancborchardt bnvk: ok, that sounds real good!
# 19:57 jancborchardt bnvk: actually – I wanted to register an .is domain – I remember I got to the point of getting an account somewhere but never went through with it. You don’t need to be citizen of Iceland, do you?
# 19:57 bretttt tantek: are you at iiw?
# 19:58 bnvk jancborchardt: I believe you need a kennitala as a citizen or a business, so normally one needs to go through one of those purchasing agents
# 20:00 bnvk jancborchardt: so either me personally or mailpile can buy for people :)
# 20:03 kylewm huh, will be interested to read about the idno name change
# 20:06 bretttt kylewm me too. i liked i'duno
# 20:08 Loqi Ok, I'll tell them that when I see them next
# 20:09 ben_thatmustbeme i don't know why people think its such a good idea to move off of searchable names to non-searchable names. the only way i used to be able to find chef stuff was by searching for opscode.
# 20:10 ben_thatmustbeme they dropped the opscode and made the whole company chef, and it made searching for them on google so much harder.
# 20:19 ben_thatmustbeme well i think i have the token endpoint done. just need to create the actual micropub endpoint now.
paulcp_ joined the channel
krendil and chrissaad joined the channel
brianloveswords and npdoty joined the channel
pauloppenheim and benwerd joined the channel
# 20:48 tantek feel free to use the command line on that page to create a WORD .rtf document to submit to the IIW folks
j12t joined the channel
# 20:51 tantek j12t congrats on launching indiebox indiegogo!!!
paulcp and rektide joined the channel
LauraJ joined the channel
chrissaad joined the channel
# 21:02 benwerd just read tantek's comment about rtf, is laughing
# 21:02 tantek Your enterprise tool has been replaced by a one-line shell script.
# 21:04 gRegor` Oh hey, that's tomorrow.
# 21:04 gRegor` Sure, I'm game.
KevinMarks joined the channel
# 21:06 gRegor` Man, that snuck up fast. I haven't done much work since last HWC, heh
# 21:07 gRegor` You still working on fragmention?
# 21:08 gRegor` What the... chicken? Haha
smagali joined the channel
# 21:08 gRegor` I'm tempted to make an "egg" page with contents "Which came first?"
# 21:09 gRegor` No Portland HWC, due to IIW I presume?
# 21:10 tantek benwerd, aaronpk - can you take notes in KevinMarks's session?
# 21:10 gRegor` Is there a password? The talky.io link doesn't have any a/v for me?
j12t joined the channel
# 21:12 ben_thatmustbeme gRegor, it has to think you have a camera, allow it to access your non-existant cam to get started
# 21:13 gRegor` Oh, I think I had blocked it before.
# 21:14 benwerd (this is a practical session so notes are probably less verbose)
smagali joined the channel
# 21:28 tantek WTF does OAuth details have to do with How to join the IndieWeb?!¿
# 21:29 tantek you don't need to assume. a bunch of use ARE doing things that are usable.
# 21:31 tantek aaronpk - tell him to add rel=me to his "Elsewhere" links :D
# 21:32 tantek aaronpk - can you take notes in the Etherpad?
smagali and chrissaad joined the channel
# 21:33 gRegor` Video appear to have died
barnabywalters joined the channel
# 21:37 aaronpk benwerd: who is the guy in black on my left who said he was able to sign in to the wiki just now?
# 21:38 tantek who is Kaliya talking about, what is their domain name?
# 21:38 tantek always ask when people say, you should talk to so and so, what is their domain name?
# 21:38 tantek and if they don't have one, make a note of it
# 21:39 tantek "brought together into working groups" <-- also an anti-pattern
# 21:40 tantek how do you avoid wasting all your time in bureacracy?
netweb joined the channel
benwerd_ joined the channel
# 21:48 gRegor` User-Agent blocking?
KevinMarks_ joined the channel
# 21:51 KartikPrabhu looking at the backcompat changes to mf2py. Why do you not need to import bs4 ?
tantek joined the channel
benwerd and smagali joined the channel
# 21:54 kylewm I did remove it, it’s never referenced in the module
# 21:54 KartikPrabhu oh I see. so all the methods work as they are attached to the soup object...
# 21:57 kylewm adding the stacktrace to the github issue, so I can fix it this evening
caseorganic joined the channel
# 21:57 gRegor` Aren't there h-event to iCal parsers already?
# 21:58 gRegor` re: IIW at the moment
# 21:58 gRegor` Nvm, the question got clarified
# 22:00 gRegor` The question is an RSVP button on an mf2 event that is agnostic, opens whatever calendar software the user uses.
KevinMarks and tantek joined the channel
# 22:02 aaronpk i'm going to get a loooot of pushback about URLs vs emails as ID and trying to punt it all
# 22:04 barnabywalters pretty sure it’s not a UA issue as fetching via cURL on the command line works fine
# 22:05 kylewm interesting, that’s exactly the post it’s choking on in the feed
# 22:06 gRegor` Oh, it's an about.me site, barnabywalters?
# 22:06 kylewm KartikPrabhu: no it’s definitely mf2py, I mean it’s crapping out parsing the <h3> for the article baseball-hosiery-heritage-2
# 22:07 tantek aaronpk, benwerd please note all the pushback about urls for identity.
# 22:08 benwerd a great point was made earlier about bitcoin hashes for identity, which nobody seems to mind
KevinMarks joined the channel
# 22:12 tantek barnabywalters: If he's blocking it he should unblock it.
# 22:13 tantek Or at least just make it an indiewebify option on the site
# 22:13 KartikPrabhu kylewm: the BS object as argument PR looks good. will wait for you to diagnose that bug. In the meantime I'll keeping testing backcompat
# 22:13 barnabywalters tantek: so what constitutes being a good robot? IIRC you’ve mentioned ignoring robots.txt being a good thing in the past
# 22:13 gRegor` barnabywalters: yeah, I asked about UA because I found a random mailing list thread with the same problem at command line. They set a curlrc with User-Agent: curl and it worked
# 22:16 barnabywalters maybe they got angry that if you test a .wordpress.com URL with indiewebify it says it’s a silo and promotes controlling your own domain :)
# 22:17 gRegor` Wordpress.com is blocking curl based on UA?
# 22:17 kylewm KartikPrabhu: thanks for catching that… looks like a non-trivial issue, I’ll check deeper tonight
# 22:18 KevinMarks well, you cna try changing your UA, but we shoudl probably ask wordpress what's up
tantek-ipod joined the channel
# 22:20 tantek-ipod Blog it first
# 22:20 gRegor` barnabywalters: What UA was indiewebify.me using before? And which made it work with wordpress.com?
kbs joined the channel
# 22:21 gRegor` Gotcha. Just asking so I can doc on the wiki
# 22:22 snarfed wp.com isn't blocking curl…or at least, it's not just that
# 22:22 snarfed so we should figure out the actual cause before yelling at them
# 22:22 gRegor` So it seems whatever UA PHP is setting in cURL is problematic. Correct?
# 22:23 snarfed we're operating on minimal information right now :P
# 22:23 snarfed barnabywalters: if you all can determine the user agent you're using, that'd be a good first step
# 22:24 barnabywalters it’ll follow this template: Guzzle/<Guzzle_Version> curl/<curl_version> PHP/<PHP_VERSION>
# 22:24 gRegor` Yeah, that's what I was seeking. :) What's the current UA
fmarier joined the channel
# 22:24 KevinMarks if you change it to a UA that says indiewebify.me is it blocked
lukebrooker joined the channel
# 22:26 barnabywalters well if setting the user agent to indiewebify.me fixes it i’m fine with doing that
smagali joined the channel
# 22:28 kylewm I have not seen a blogger layout like that before, yuck yuck yuck
# 22:29 kbs randomly got me thinking - does google actually run javascript when it indexes? probably not right?
# 22:29 KevinMarks it was an intern project one summer. the idea is nice ut too much done client side
tantek joined the channel
# 22:30 KevinMarks there are things that require JS, and there is also the #! convention thing
# 22:31 kbs KevinMarks: oh, never knew that. interesting - thanks.
paulcp joined the channel
# 22:35 KartikPrabhu anyone know any sites using legacy microformats so I can run some tests?
# 22:38 KevinMarks this is now Justin RIcher and Aaron debating OAuth2 protocol spec nuances while we all look blank
jedahan joined the channel
# 22:39 kbs ah, that's too bad. I like Aaron (and the general tantek-driven I assume!) focus on working simple solutions.
# 22:40 benwerd considering intervening. kevinmarks, do you second?
smagali joined the channel
# 22:42 benwerd He was a major Elgg contributor so I'll forgive him
# 22:44 Loqi Ok, I'll tell them that when I see them next
tilgovi joined the channel
# 22:48 gRegor` So this talk is making me glad I've not delved into Oauth
tantek joined the channel
jedahan joined the channel
# 22:51 gRegor` synergy! drink!
caseorganic joined the channel
# 22:54 tantek kbs - yes, simplicity comes from: 1) experience with microformats (and being a principle there). and 2) simpler = ship faster
# 22:55 kbs tantek++ - couldn't agree more :)
# 22:55 tantek benwerd, kevinmarks please intervene - what use-case is this hypothetical tangent supposed to be solving?
# 22:56 tantek KevinMarks - they're wasting everyone else's time
# 22:56 tantek instead of just in email like they presumably usually do
# 22:56 tantek and this is why we have a *creators only* focus for IndieWebCamp
# 22:56 KevinMarks I'm leaving it to aaron mainly as he wants some crypto feedback
# 22:58 gRegor` It's sooo hard to parse HTMl, guys.
# 22:58 tantek KartikPrabhu: not if you've got EnterpriseXML Goggles™ on
# 22:59 tantek man, that's why these people will never get anything done. if they can't even "just" use HTML.
# 23:01 KartikPrabhu here is my argument "If I can write code to parse microformats after only about 6 months of learnin python, HTML parsing can't be that hard"
# 23:01 tantek hmm - this is an interesting discussion now, token endpoint vs. auth endpoing
# 23:01 Loqi tantek meant to say: hmm - this is an interesting discussion now, token endpoint vs. auth sendpoint
j12t joined the channel
# 23:01 Loqi tantek meant to say: s/endpoing/endpoint
# 23:02 tantek benwerd - how are you holding up? this is your first IIW right?
# 23:03 tantek sorry, first IIW in MV - they're quite special
# 23:03 KevinMarks they closed the coffee during circle time which was just mean
# 23:03 benwerd still planning on showing up at the coffee stand with a funnel and a hose
# 23:04 KevinMarks we got 3 people to login to the wiki with their own domains during the join the indieweb session
# 23:04 tantek benwerd - well I mean with people like the person talking right now
# 23:04 tantek did you get them to create User: pages that link to their domains?
# 23:04 benwerd aaronpk does seem to genuinely be finding this useful
# 23:05 tantek from here it just looks like he's being polite
jedahan joined the channel
# 23:05 tantek reducing level of knowledge required by the client
kbs joined the channel
# 23:07 KevinMarks I'd love to get aaron talking to the salesforce auth guru too
# 23:09 gRegor` Haha "indieweb, indiebox, and indiegogo are all completely unrelated?"
# 23:11 gRegor` It was overheard on the IIW camera, not sure who said it / context
jedahan and benwerd joined the channel
# 23:12 gRegor` You didn't miss much in that last one, KartikPrabhu :)
brianloveswords joined the channel
# 23:14 gRegor` aheadrobot.com added themselves to the IRC people page, too
# 23:14 gRegor` Doesn't look like they joined the channel yet, though
# 23:15 tantek editing the wiki is more impressive than joining the channel :)
# 23:16 tantek we hold an annual IndieWebCamp massive, usually in Portland
# 23:16 tantek JeremyZ of NYT said he wanted to hold a simultaneous IndieWebCamp East
# 23:18 tantek KevinMarks, benwerd, aaronpk - where are you potentially talky.io-ing next?
ben_thatmust joined the channel
# 23:18 GWG We need a better setup for the video link
# 23:19 GWG I had trouble hearing people when I came on at home
# 23:19 aaronpk I think I need to move the comparisons to OpenID off of the indieauth.com home page and into a FAQ
# 23:19 aaronpk especially now that openid connect is officially replacing all previous versions
# 23:19 tantek no need to have to bottleneck yourself with updating that stuff
smagali joined the channel
# 23:26 tantek aaronpk, the less text on the indieauth.com home page, the better in general
smagali joined the channel
# 23:33 kylewm blunt question, why does aaronpk own/run oauth.net?
# 23:36 kylewm not that he shouldn’t, just curious how that came to be :)
kbs, j12t and pauloppenheim joined the channel
# 23:52 gRegor` tantek: "An error occurred during verification of the OpenID URL. " when I tried
KartikPrabhu joined the channel