#indiewebcamp 2014-05-31

2014-05-31 UTC
#
tantek.com
created /manifest (+278) "stub"
(view diff)
chrissaad joined the channel
#
tantek.com
edited /manifest (+11) "see also icon"
(view diff)
#
tantek.com
edited /store (+41) "see also"
(view diff)
#
tantek.com
edited /Main_Page (+102) "/* Homebrew Website Club */ update image to 2014-05-21"
(view diff)
benwerd and caseorganic joined the channel
#
aaronpk
wow facebook broke the stupid external link redirects
#
aaronpk
clicked on a link in a facebook message thread from a few months ago and it tells me "Something Went Wrong"
#
aaronpk
even though the link it tells me there's a problem with works fine if I visit it directly
#
aaronpk
wtf facebook
#
KartikPrabhu
oh facebook!
krendil, emmak, mlinksva_ and j12t joined the channel
#
KartikPrabhu
does anyone know the .htaccess blurb to write to redirect www to non-www and http to https. So that all of the following http://example.com/post http://www.example.com/post https://www.example.com/post redirect to https://example.com/post ?
tantek joined the channel
#
tantek
KartikPrabhu: ^^^
#
tantek
Maybe we should stub a /www page with that info and FAQ ;)
#
tantek
If so maybe screenshot?
#
KartikPrabhu
tantek: I know how to do www to non-www and http to https separately but was hoping there would be a blurb to do both in one fell swoop
#
KartikPrabhu
writing 3 diff htaccess blurbs seems not pretty
#
tantek
Like what's the best way? Good q. Maybe ask the level 4-5 /https folks?
#
KartikPrabhu
yes. for instance I don't want http://www.example.com to be first redirected to http://example.com and then redirected again to https . seems inefficient
#
tantek
Makes sense
#
rascul
i don't remember apache rewrite stuff
#
KartikPrabhu
the interwebs don't seem to know either. I found the individual redirect codes for both cases but no one-shot solution to both
#
rascul
best to put that in the config though and not use htaccess
#
rascul
disable htaccess altogether if you can, htaccess is mostly just extra file reads for no good reason
#
KartikPrabhu
by config you mean what ever my backend URL config is?
#
rascul
web server config
dybskiy joined the channel
#
KartikPrabhu
rascul: my web hosts say to use htaccess for this
#
rascul
yeah because that's easiest, not best
#
rascul
not gonna hurt anything, i was just mentioning a better way :)
tantek, catsup, rektide, jacus, binbasti, ddysart_, danfowle1, dybskiy, nloadholtes and KevinMarks joined the channel
#
bear
you want to redirect www to non-www first otherwise you will be then redirecting https www which will most likely get a cert error unless you have a wildcard cert
#
KartikPrabhu
bear: true but I wanted to avoid multiple redirections and do the whole thing in one swoop
#
bear
I've never seen it down with .htaccess
#
bear
because of how rewritecond rules are handled
#
KartikPrabhu
hmm unfortunate
#
KartikPrabhu
is doing multiple redirections actually inefficient?
#
bear
not really
#
bear
they happen a lot for ads and stuff
#
bear
you visit a url for a blog, that will get sent to a tracker, then sent to cdn and then to the content
#
KartikPrabhu
not with my site... hopefully :)
#
bear
this is the fanciest i've seen it - but my htaccess fu is very old
#
bear
RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
#
bear
RewriteCond %{HTTPS} off
#
bear
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
#
bear
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
#
bear
the [OR] is the magic
#
bear
but all of the above is why I hug my nginx server every night
#
KartikPrabhu
why the second condition with www check?
#
KartikPrabhu
nginix uses dconf or something right?
#
bear
because your building an OR for https and not https checks
#
bear
no - with nginx you can specify the server name to be www.example.com or example.com
#
bear
and then do a single redirect to https://example.com
#
bear
for port 80
#
KartikPrabhu
thanks :)
#
bear
anytime
#
kylewm
!tell aaronpk I'm getting a weird error from instagram trying to auth with ownyourgram: https://gist.github.com/kylewm/4b1a28516f7f94c0c5e4 maybe something to do with me switching to https?
#
Loqi
Ok, I'll tell them that when I see them next
#
bear.im
edited /https (+170) "/* Level 5 security */"
(view diff)
#
bear.im
edited /https (+1) "/* Level 5 security */"
(view diff)
dybskiy joined the channel
#
bear.im
edited /https (+72) "/* Level 5 security */"
(view diff)
#
bear.im
edited /Nginx (-282) "update cipher list for nginx with latest PFS, Beast and Heartbleed mitigation"
(view diff)
glennjones, smcgregor, dybskiy, brianloveswords and squeakytoy joined the channel
#
@veganstraightedge
Had an awesome late night talk with @okayjeffrey introducing him to @homesteadingio and the #indieweb.
(twitter.com/_/status/472666031656140800)
carlo_au joined the channel
#
@jeena
Reading A List Apart's #yesallwomen article made me think about the #indieweb I k… http://alistapart.com/blog/post/work-to-do-yesallwomen more at https://jeena.net/notes/172
(twitter.com/_/status/472669766378061824)
garietyxxx joined the channel
#
garietyxxx
IndieAuth givin' me some stress: You just authenticated as 'https://twitter.com/garietyxxx' but your website linked to 'http://twitter.com/garietyxxx'
Garbee_ joined the channel
#
garietyxxx
Shouldn't the http/https be resolved automatically y indieauth?
#
garietyxxx
It should be able to tell that http://twitter.com and https://twitter.com are the same site, right?
#
Jeena
but they don't need to be, do they?
#
KartikPrabhu
garietyxxx: do a !tell to aaronpk... I'm sure he'd like to fix that :)
netweb joined the channel
#
KartikPrabhu
Jeena: also replied to your latest note
#
garietyxxx
!tell aaronpk IndieAuth givin' me some stress: You just authenticated as 'https://twitter.com/garietyxxx' but your website linked to 'http://twitter.com/garietyxxx'
#
Loqi
Ok, I'll tell them that when I see them next
#
garietyxxx
like that?
bnvk, edge226, tantek, barnabywalters, nloadholtes, dns53, friedcell, garietyxxx, carlo_au, ttepasse, brianloveswords and chrissaad joined the channel
#
@benwerd
Today in "the dangers of silos": justin.tv removes all archived videos with just one week's notice. http://blog.justin.tv/2014/05/29/changes-to-video-archive-system/ #indieweb
(twitter.com/_/status/472756400427253760)
carlo_au and KevinMarks_ joined the channel
#
aaronpk
good morning!
#
Loqi
aaronpk: kylewm left you a message 10 hours, 36 minutes ago: I'm getting a weird error from instagram trying to auth with ownyourgram: https://gist.github.com/kylewm/4b1a28516f7f94c0c5e4 maybe something to do with me switching to https?
#
Loqi
aaronpk: garietyxxx left you a message 6 hours, 28 minutes ago: IndieAuth givin' me some stress: You just authenticated as 'https://twitter.com/garietyxxx' but your website linked to 'http://twitter.com/garietyxxx'
#
bnvk
mornin
#
aaronpk
!tell kylewm thanks, fixed! I switched the site over to ssl-only and forgot to update the setting in the instagram app
#
Loqi
Ok, I'll tell them that when I see them next
#
aaronpk
morning bnvk!
#
bnvk
howdi
#
aaronpk
how goes the archiving?
#
bnvk
goin ok, got the formatting pretty much down
#
bnvk
figuring out downloading of attachments now
#
kylewm
working again, thanks aaronpk :)
#
Loqi
kylewm: aaronpk left you a message 7 minutes ago: thanks, fixed! I switched the site over to ssl-only and forgot to update the setting in the instagram app
#
aaronpk
thinking about this twitter http/https issue now
snarfed joined the channel
#
aaronpk
I think I can avoid all the rabbit holes of comparing equivalencies of URLs by checking to see if the actual username from the providers matches
#
KevinMarks_
because they have a known URL pattern?
#
aaronpk
no because they all return a username after authenticating
#
aaronpk
well yes, the known URL pattern happens first, so if I see a rel-me link like "http://twitter.com/aaronpk" then I know what username to expect
#
aaronpk
the problem is when my site links to http://twitter.com/aaronpk but I reconstruct the URL as "https://twitter.com/aaronpk" after I sign in.
#
aaronpk
so if I just don't try to reconstruct it and instead just compare the username afterwards then it should avoid that problem
#
aaronparecki.com
edited /site-deaths (+282) "move some to past, add justin.tv deleting all archives"
(view diff)
#
aaronpk
ah crap but google returns a "uid" which is not the username
#
aaronpk
google plus messes this all up
#
aaronpk
alright i'm just gonna have to hackily compare URLs
bnvk, ScruffyDan and petermolnar joined the channel
#
aaronpk
ok... pushing out a change. would love some help testing
#
petermolnar
how can we help?
#
aaronpk
try signing in at indieauth.com
#
aaronpk
with as many different providers as you can
#
petermolnar
although my https-only page only works if I explicitly enter the whole url
#
aaronpk
that should be fixed now too
#
petermolnar
oh, testing that then :)
#
petermolnar
it's semi-fixed: it now finds the urls but tries to backlink to http instead of https and therefore the urls are invalid
#
petermolnar
making screenshot, just a minute
#
petermolnar
http is 301 redirected to https
#
aaronpk
k this gives me something to work with
#
aaronpk
good lord this is complicated
#
aaronparecki.com
created /IndieAuth-redirect-handling (+588) "add two examples"
(view diff)
#
aaronparecki.com
edited /IndieAuth-redirect-handling (+258) "add dreev.es example"
(view diff)
snarfed, j12t and garietyxxx joined the channel
#
snarfed
aaronpk: worked for me w/twitter, g+, and github (all https)
#
aaronpk
snarfed: yay cool
dariusdunlap joined the channel
#
Loqi
dariusdunlap: tantek left you a message on 5/28 at 2:28pm: when did you start supporting https for your admin pages with a self-signed cert per https://indiewebcamp.com/https#Level_2_security ? Was it at IWC SF?
#
Loqi
dariusdunlap: tantek left you a message on 5/29 at 7:18pm: well done with IndieAuth login to your blog! Is that a plug-in to add to /WordPress ?
#
aaronpk
snarfed: but you probably entered https in the sign-in field?
#
snarfed
for my domain? yes
#
snarfed
i also did http://snarfed.org , that worked w/twitter for old scanned rel-me values
#
aaronpk
heh caching
#
snarfed
but re-scanning complains about all providers, since all rel-mes link to https
#
snarfed
which is fine
#
snarfed
love that you support 2fa now too! off to try it
#
aaronpk
I think if you type http it should still work
KartikPrabhu joined the channel
#
aaronpk
by that I mean I want it to work
#
snarfed
i'm not seeing that right now. rescanning http://snarfed.org
#
snarfed
complains that it can't find rel-me links for tw, g+, and gh
#
aaronparecki.com
edited /IndieAuth-redirect-handling (+398) "add description of the case when http profile redirects to https but http was entered"
(view diff)
#
aaronpk
right, doesn't work right now because of what I just described there ^
#
snarfed
cool, np
#
snarfed
is google authenticator fully supported yet? scanning the barcode worked, but i couldn't find a description of what the rel-me link would look like
#
aaronpk
yeah it works, but it's more like registering an account on indieauth.com
#
aaronpk
which is kind of weird
#
aaronpk
but it does work, I use it all the time, especially on slow networks because it avoids all the http requests involved in oauth requests
#
snarfed
ok. so…how do i log in with it?
#
aaronpk
you have it added to your authenticator app now?
#
aaronpk
go try to sign in to the wiki, and you'll see it listed as an option
#
@iamaegibson
Gonna give this indieweb stuff a try.: has inspired me. time to give it a try. http://aegibson.com/?p=11
(twitter.com/_/status/472810226953904128)
#
snarfed
ahhhh ok
#
snarfed
aha, it's listed
#
snarfed
and works! cool!
#
snarfed
great addition
#
snarfed
minor feature request: maybe make enter in the token text box submit
#
aaronpk
i just haven't promoted it much yet
jonnybarnes joined the channel
#
Loqi
jonnybarnes: luxagraf left you a message on 5/30 at 1:32pm: - thanks for all your help debugging my ssl issues. everything is working now.
caseorganic joined the channel
#
aaronpk
petermolnar: snarfed: ok I think I fixed it, so if you enter http for your URL
#
snarfed
aaronpk: rescanning still complains for mine
#
snarfed
(…that it can't find rel-me links)
#
snarfed
(and btw, obviously don't feel obligated to fix this for me…but i'm happy to help test!)
#
aaronpk
ohh does your site respond on both http and https?
edge226 joined the channel
#
aaronpk
yep, that's not gonna work then
#
aaronpk
should work for petermolnar since he returns 301 on http
tilgovi joined the channel
#
snarfed
ah yeah, my hsts header usage is pretty unusual
#
snarfed
i say ignore it
#
aaronpk
without the 301 link, your http and https pages are technically completely separate URLs
#
aaronpk
whereas returning 301 from http to https makes them equivalent
#
aaronpk
oh goddammit... now there's a trailing slash issue
#
snarfed
ahahaha nothing's ever easy :/
#
Loqi
hehe
#
snarfed
(btw, background on my hsts setup in case you're morbidly curious: https://willnorris.com/2014/03/using-hsts-with-http-requests , but no need to read it unless you're really bored)
#
aaronpk
is not that bored yet
#
aaronpk
trying to chew through these indieauth issues
#
jonnybarnes.net
edited /https (+94) "/* IndieMark Levels */ bump up to Level 5"
(view diff)
#
jonnybarnes
upto indiemark level 5, feels good
#
jonnybarnes
aaronpk: had a tiny hiccup loggin into indiewebcamp
#
aaronpk
how tiny?
#
aaronpk
i'm making a bunch of changes right now so i'm not surprised, heh
#
jonnybarnes
clicked log in, typed in url, clicked google link, was back at indiewebcam.com but not logged in, so I tried again, and was then logged in
#
aaronpk
oh odd...that sounds different
#
aaronpk
will look at that in a bit
#
aaronpk
ok fixing the trailing slash issue now...
#
jonnybarnes.net
edited /https (+6) "/* Level 5 security */ fit the style"
(view diff)
Kopfstein joined the channel
glennjones and chrissaad joined the channel
#
aaronpk
ugh flickr search just stopped working
#
petermolnar
aaronpk yes, it's fixed now & working very nice ^^
#
aaronpk
yaaaayyyy
#
KartikPrabhu
apparently I can't query multiple post types in Django without creating a whole another database with all the posts in it! :|
friedcell, tantek and nloadholtes joined the channel
#
aaronparecki.com
edited /site-deaths (-2) "loom and myopenid not actually offline yet"
(view diff)
#
KartikPrabhu
aaronpk: I have noticed that sometimes Quill does not post anything when I use the Homescreen bookmark. but it works if I re-log in. Any reason?
#
aaronpk
that is odd
#
aaronpk
you mean you click the home screen bookmark and see the interface, but a post after that fails?
#
aaronpk
does the debug output show you anything useful in the http headers?
#
KartikPrabhu
no. it still shows the last response. I think it doesn't even hit my server as I return some response for everything
#
aaronpk
clicking "post" should make it show something in the debug section under the button, do you mean it doesn't even do that?
#
KartikPrabhu
no. the fields I filled become blank, but the debug section still shows the "Last response received" blurb
#
aaronpk
hmm strange! could you check the browser console to see if it's getting some weird error there?
#
KartikPrabhu
which is the very last successful one, not the one you'd expect out of the currect micropub request
brianloveswords joined the channel
#
tantek.com
edited /site-deaths (+249) "move justin.tv to upcoming since June 8 hasn't happened yet. Editorially user data backups available til 2014-12-31. update dates for loom, myopenid checks"
(view diff)
#
tantek
hmmm… looks like a bunch of the stuff added in the http://indiewebcamp.com/site-deaths#citations_needed section aren't actually sites but tools and such
#
tantek
going to move them to company specific pages accordingly
#
tantek
if it's not a site death, probably doesn't belong on /site-deaths
#
tantek
hmm - how do we not have a /Yahoo page ?
grantmacken and snarfed joined the channel
#
tantek.com
edited /Google (-37) "dead services died"
(view diff)
KevinMarks joined the channel
#
KartikPrabhu
aaronpk: unable to repeat that situation now. WIll keep an eye on it though
#
tantek.com
created /Yahoo (+820) "stub with dead silos, tools"
(view diff)
scor joined the channel
#
tantek.com
edited /site-deaths (+327) "/* citations needed */ move a couple of tools to Yahoo page, found citation for the rest"
(view diff)
#
aaronpk
KartikPrabhu: ok cool
ttepasse and j12t joined the channel
#
tantek.com
edited /site-deaths (+664) "/* Past */ another citation, note presumed shutdown, need for verification"
(view diff)
#
aaronpk
thoughts on whether it's worth trying to resurrect OpenID support for indieauth.com?
#
aaronpk
I'm thinking no, given that the OpenID group has moved on to Open ID Connect
#
aaronpk
also becomes less important if indieauth.com can auth against your site treating it as an oauth provider (basically that's what openid connect is)
#
tantek
aaronpk - until someone asks for it specifically (i.e. their own site natively acts as an openid provider for themselves), we can probably punt it
#
aaronpk
yeah, I know of at least a couple people who are their own openid provider who have mentioned it, but I think it's probably not important anymore since it's officially deprecated and everything
edge226 joined the channel
#
@HKoren
#ownyourdata - use http:/// to extract existing photos from FB, then @IFTTT to grab subsequent ones
(twitter.com/_/status/472876436144275456)
#
aaronpk
not even deprecated, actually obsolete
#
tantek
well that's that then
#
aaronpk
I do still want to fix the openid provider side so it can be used to sign in to pypi.org
#
aaronpk
er, pypi.python.org
#
aaronpk
well this is progress... at least now it looks like it's pypi's fault: https://pypi.python.org/pypi?%3Aaction=login&openid_identifier=http://aaronparecki.com/
#
aaronpk
slashdot seems to have dropped openid login
#
aaronpk
same with sourceforge
#
tantek
any announcement of it?
#
aaronparecki.com
edited /OpenID (+459) "/* Consuming Sites */ update status of some consumers"
(view diff)
scor joined the channel
#
KartikPrabhu
so sourceforge is switching to silo login instead of OpenID...
#
aaronpk
so.. pypi is sending as assoc request with session_type set to an empty string.
#
aaronpk
what do I even do for that
#
aaronparecki.com
edited /OpenID (-32) "/* Consuming Sites */"
(view diff)
#
aaronpk
meaning cleartext, no encryption
#
aaronpk
holy crap i fixed it!
#
aaronpk
I had to force session_type to 'no-encryption' rather than an empty string. that would appear to be a bug in the ruby-openid gem
KevinMarks joined the channel
#
tantek.com
edited /Yahoo (+656) "Citizen Sports looks like it was just an app/tool, minimal user data if any, no sign of any site data"
(view diff)
#
tantek
huh, looks like Yahoo restored the Yahoo! WebPlayer
#
aaronpk
some weird templating langauge?
#
aaronpk
issue filed on the ruby-openid gem, we'll see if anyone cares https://github.com/openid/ruby-openid/issues/77
chrissaad joined the channel
#
tantek.com
edited /Yahoo (+735) "Embeddable Services - Yahoo! WebPlayer was scheduled for shutdown, but restored/rescued somehow"
(view diff)
#
tantek.com
edited /site-deaths () "(-991) citizen sports no sign of site content, Yahoo! WebPlayer was scheduled for shutdown, but restored/rescued somehow. also a service, not a content site"
(view diff)