kbsright - that's about the size of it. I think the paranoid might also want feel a need to know that encoded text means in the first place [eg: a naughty person might have them sign a base64 message that says "I owe KB $100" or something]
finchdaaronpk: kbs: yeah, the reverse is deniable encryption - something that only confirms identity during the session, but prevents guilt by association, a la OTR, which may also be valuable in indieauth
aaronpki guess the danger is relatively low, because all that it proves is that the person signed the encoded text. so there's plausable deniability there
finchdaaronpk: it does. I think that skipping the user_id and profile_id is probably best - it gives away far less of your db interals for explotation. I'm no security researcher -- I had to go look up OTR to find the word I was looking for ;)
finchdwell GPG can't be denied, unless it can be demonstrated that someone else had my private key before that challenge was signed. deniability would come in if I needed to prove that I was never at indiewebcamp.com looking at $thing-not-allowed-in-my-country say pictures of women without burkhas, or encryption (like GPG, which is restricted by international treaty)
aaronpki just mean that if I maliciously encoded something like "finchd owes me $100" into the indieauth challenge, you could always say you didn't actually agree because it was obfuscated and you didn't sign the plaintext
finchdah, so I can't open the challenge to verify? if I sign your public key I can open encrypted blobs from you right? then I re-encrypt (having done known math to the nonce) with my key (which you signed).
aaronpkoh hm I actually need one more piece. the reason profile_id is in the challenge is that you may have linked to multiple pgp keys, and I need to know which one to expect
finchddoesn't actually know the performance of such a thing ^ , but if feasible, my network security class suggested it is desirable to move less info and do more server-side work
GWGKartikPrabhu: I did mention my thought to pfefferle earlier, as the webmention and related plugins form the foundation of my indieweb implementation
GWGKartikPrabhu: To use non-Wordpress specifics, I had all my code in one PHP file. Now it is in several. Since Wordpress allows child themes to override specific files in the parent theme, this will make it easy to change while still allowing updates to go downstream
shepazuKartikPrabhu, an interesting indieweb-friendly option might be to have a comment box on the site, but with some way to publish the comment in multiple places (not just your blog)… so, your commenting system would be a micropub endpoint as a utility for other blogs
shepazuKartikPrabhu, for example, if I gave you my blog address, which had the appropriate hooks in it as well, I could post on your site but publish to both your site and mine, through oauth or something
shepazuthat seems like a friendly compromise that would help spread the idea… if you want to comment, you have to have your own publication site as well :)
Loqitantek meant to say: and doesn't depend on the underlying plumbing (e.g. you could be getting mentions via webmention or pingback or whatever - something new)
tantekKartikPrabhu: the problem is that every thing you put on your site like either serves a functional purpose for the user, or it is noise that distracts the user
shepazuyeah, that's why those twitter and fb and stumbleupon and pinterest and reddit and … buttons never really caught on on websites… too distracting :)
tantekusers don't care about the underlying tech. hence why they can switch between "native" apps and websites for the same without difficulty if their UI is consistent.
tanteksure, there's the 1% of devs that care 1% of the time when they're curious and choosing view source. but designing for that by default is an error, unless you want to provide a worse experience for everyone else.
tantekhappy to have you chat with any number of UI/UX/usability experts/professionals and see if you find even one which shares any of that point of view
tantekshepazu: you're right, we're pretty dismissive around here of the protocols/formats first crowd. as opposed to user first, design first. it's a pretty big differencne in indieweb vs. previous federated, decentralized etc. efforts.
tantekI stay involved with W3C because I'm trying to shift the culture there to be more like the user-centric / selfdogfooding / scratch-your-own-itch culture here.
tantekGWG - pretty sure there is a webmention logo already - though that's not a mention icon. you want to talk with a visual designer about that. that's a more challenging concept to communicate.
tantekKartikPrabhu: perhaps consider just having a colophon page where you describe what technologies your sites supports, and what tools you use to build it: http://indiewebcamp.com/colophon
tantekin this case, this was imprecise / wrong focus: "dismissive of the protocols/formats/datamodels/syntax… first crowd" <-- because of the last word
tantekregarding the wording, so the difference is that "mindset" is something that any one person can adopt or drop at will, whereas "crowd" sounds like it refers to specific people which both doesn't given them an opportunity/expectation of change, and it separates based on people not ideas - which is also undesirable.
tantekso anyway - just wanted to point that out since it was a pretty clear error, and may have even been hurtful. apologies for that (both to shepazu, and for the error in general)
tantekit's an easy trap to fall into as well, when you start to cluster people as holding certain viewpoints. though it does them and the understanding of a debate a disservice, it is an unfortunate human short-hand.
tantekwhen more words are used to make an error, there's a sense of more time/effort/commitment to the error, which means people are even *less* likely to admit a mistake.
KartikPrabhusnarfed: looking at activity-streams stuff to parse twitter mentions from my webmention form. Does that set require google app engine stuff or can just be run as a package?
KartikPrabhu!tell snarfed: looking at activity-streams stuff to parse twitter mentions from my webmention form. Does that set require google app engine stuff or can just be run as a package?
KartikPrabhutantek: fair enough... maybe a blog post on your view on this... me (as not part of the argument) maybe shouldn't try to defend it like I did with Joschi Khupal (he did take it more positively than I was expecting though)
LoqiKevinMarks: voxpelli left you a message 4 minutes ago: You have some webmentions listen on your page now, tweaked how https://webmention.herokuapp.com/ handles eg. www-subdomains
scor, brianloveswords and gRegor` joined the channel
KevinMarksVoxpelli: Yay! I need to get my static story straight - g.kevinmarks.com is my Google hosted one, a. My Amazon one, but automating posting is work not yet done
luxpsychoit's all about web (blogs, social web, information pages), and you want everyone to host their own stuff (as opposed to posting on facebook, wikipedia etc.) and insert these h-tags that a crawler I guess gatehrs and copies so that censoring/removing data becomes less possible
gRegor`Pretty much. I've not seen censorship as a big motivator behind indieweb personally, but it definitely gives you more control if you are publishing on your own site.
gRegor`A lot of it is about controlling how your content is displayed, where it's displayed, and how long it's displayed -- sites disappear all the time.
voxpelliluxpsycho: also – as I see it the indieweb movement is mostly a mentality of dogfooding concepts around independently hosted social sites – not about specific technologies, although some have gained a bigger momentum than others :)
gRegor`When you send the updated webmention to the person you're replying to or mentioning, their implementation should read your source page, see that HTTP status code, and delete it.
GWGluxpsycho: I want a presence on silos...sites like Facebook/Twitter...not because I like them...but as Willie Sutton, the noted bank robber, did not say..."I'm on social networks because that is where the people are."
gRegor`What are your interests, luxpsycho? Are you interested in posting blog posts/articles/status updates online? Are you using Twitter/FB/etc for any of that currently?
voxpelliThere's two parts to the WebMention thing: One is the ability to send, of which h-entries is kind of needed, and another the ability to receive
KartikPrabhuluxpsycho: all these other technologies are seconddary... the important thing is to have your own domain and post on it (posts could be anything at all) even short notes like people do on twitter. Once you have that then think about technologies and microformats
luxpsychoKartikPrabhu: I see. WOuld these posts be somehow replicable to facebook or other 'silos' (because that's where the people are) without becoming owned by them?
gRegor`luxpsycho: I would recommend signing in to the wiki first. It can be as simple as adding a link to github, Twitter, etc. and making sure that account links back to your domain.
luxpsychogRegor`: I see, but if I only see the twitter copy of it, as 99% people I guess till would, how would I / that service find the original post on his site?
voxpelliOne thing to be sure of as well – all those things are still under development as well and most participants in IWC has their own current take on it, some auotmated, some manual etc
gRegor`luxpsycho: Some people think that having a link to the original tweet can be confusing, if people click it they just see the same tweet they already read. But yeah, it's all in development and people are trying different things.
KartikPrabhuit seems most new people get the impression that you need to get all of this working for indieweb... Is there someway to emphasise incremental steps on the wiki?
Loqisnarfed: KartikPrabhu left you a message on 7/3 at 10:00pm: looking at activity-streams stuff to parse twitter mentions from my webmention form. Does that set require google app engine stuff or can just be run as a package?
snarfedKartikPrabhu: cool! activitystreams-unofficial *should* be usable without app engine…but we can definitely use more practice and testing there. happy to help!
KartikPrabhuno use my webmention form... but my form does not handle twitter very well due to URL obfuscation. So I plan to bootstrap it using activity-streams
snarfedbtw KartikPrabhu, just fyi, you will need to auth for twitter's api, but you don't need to do the full oauth dance. you can get an access token and secret for your own account on the API Keys tab of your twitter app page on dev.twitter.com, and just hard code those in
voxpelliIdeally one would follow all of the possible WebMention targets from the source until one finds one that matches the intended target, but that isn't really feasible
voxpelliI'm thinking that this issue, how to find WebMention targets among shortened URL links, is something that should be documented on the wiki as well
KartikPrabhukylewm: someone tweets a reply to my article, and tries to use my webmention form to tell me about it. But that does not work because the URL is obfuscated. So basically I want to support Twitter responses through my webmention receiving
KartikPrabhuso here is the flow I have so far, given a tweet permalink find the tweet using "class=permalink-tweet" then find the correct data-* attributes and make a mf2 style dicitionary, use that to make responses
rasculi do see the advantage in comments though, because they can make it easier to understand how a piece of code fits into the bigger picture without going through the entire project
KartikPrabhusnarfed: that case is not for the missing part. But bridgy is detecting that my tweet is in reply to my own previous tweet even though they have another person's tweet in the middle
snarfedKartikPrabhu: right. so, bridgy intentionally sends all tweets in a chain as responses to the original tweet, not just the first direct replies in the chain
snarfedKartikPrabhu: if there are multiple possible posts earlier in the chain to send a reply to, it chooses one, and it looks like which one is undefined, ie arbitrary
KartikPrabhuideally on my end I'd be chaining replies with my own posts so they'd all show up as one conversation on clicking "show thread" or something
KartikPrabhuone permalink for each of my posts. Each post would have all direct replies under it. But then on any post click "show full conversation" pulls in all the previous and later notes that are reply chained