2014-07-24 UTC
chrissaad, basal and wolftune joined the channel
# 00:14 kylewm so to the rel-me question, my understanding is that the backlink is an extra sanity check to prevent me from putting the wrong rel-me url on my homepage?
wolftune joined the channel
# 00:15 snarfed kylewm: sounds like it was more important for non-interactive-
# 00:15 tantek also makes it one step harder for an attacker
# 00:16 tantek which I feel like is a goodidea(™) for anything identity related
# 00:16 kylewm to me feels like a feel-good layer that doesn't add any actual protection...
# 00:16 tantek I mean, it may only "slow them down", but in practice, slowing down an attack is *exceptionally* useful
# 00:17 kylewm if they have control of my site and can change my rel=me to point to their twitter account
# 00:17 kylewm then changing their twitter profile to point to my site is trivial
# 00:17 tantek in many attack scenarios, you learn something is going wrong, and if you have a wider window of time to react and defend / counterattack, then you can defeat an attacker
# 00:17 tantek kylewm: you're making the typical dev error of assuming "trivial" in terms of number of steps is trivial in terms of time and thus how it effects anything in progress
# 00:18 tantek especially if it doesn't "just work" when they try only one step
# 00:18 kylewm it *would* prevent someone from taking over a bunch of sites and pointing them all to one twitter acct
# 00:18 tantek you're also underestimating how "dumb" attackers can be
# 00:18 tantek in practice, every little step like that makes a difference
# 00:19 kylewm ok like, OAuth1 has a ton of random complexity in it, sign this with that using this nonce
# 00:19 tantek security in practice tends to be more about discouragement and barriers / slowing down than actual outright foolproof prevention
# 00:20 tantek except this isn't random - it's an independent building block that's useful outside of relmeauth
# 00:20 tantek whereas that "random complexity" in Oauth1 was all madeup stuff just for oauth1
# 00:21 tantek one can also build a relme library without any auth
# 00:21 aaronpk well, not entirely made up, it was based on what a few providers were doing at the time (Flickr, etc)
# 00:21 johncash aaronpk: oauth is completely made up
# 00:22 tantek johncash - I too recall OAuth following a lot of the design from Flickr's Auth methods
# 00:22 aaronpk so more like Flickr made stuff up for Flickr, Google made stuff up for Google, then it was all merged together
# 00:22 johncash I was talking tongue-in-cheek
# 00:22 kylewm (tantek thanks for talking that through with me)
# 00:23 johncash Yay right next door to me
# 00:23 aaronpk I have been meaning to write up a little thing for the pdx dev week site
# 00:23 tantek has to beg for indie events since he can't yet post his own. :?
# 00:23 johncash I RSVPed to the wiki page
# 00:23 johncash but it doesn't show webmentions
# 00:24 aaronpk takes sooo long for me to post an event to my site :( really need to fix that
# 00:24 johncash switch to known? ;)
# 00:24 aaronpk you know, if Known had started using MySQL instead of MongoDB I probably would have been a major contributor to it and used it on my site long long ago
# 00:25 johncash yeah the mongo part is perplexing
# 00:25 johncash you heard of newSql?
# 00:25 tantek johncash webmentions to indiewebcamp.com URLs show up here
# 00:25 johncash the newest trend is to learn from the mistakes of oldSql
# 00:26 tantek aaronpk - oh no - I like watching all the advances in p3k!
# 00:26 tantek besides, p3k does *a bunch* of stuff Known doesn't
scor joined the channel
# 00:40 pdurbin in all seriousness, we use postgres at work but some are suggesting mongo. I dunno, I haven't tried it yet. I'm happy enough with postgres.
# 00:41 johncash We use mongo in production
# 00:41 johncash postgres is probably the best general database
# 00:43 johncash What if your database is an html document store?
emmak joined the channel
# 00:45 johncash technically all databases are file storage
# 00:45 johncash even redis writes to disk
# 00:45 johncash "When displaying the most recent N posts, Falcon looks for YYYY/B.html"
# 00:45 johncash I kinda like that paradigm
addal joined the channel
# 00:50 snarfed many dbs bypass the filesystem and just use disks as block devices
# 00:51 johncash This is why we don't talk about mongo
# 00:52 johncash I know I was gonna paste but he beat me
# 01:02 johncash tantek: what is the point of bimonths? I get what they are conceptually, but not how they are useful
# 01:05 johncash if a month is just half a bimonth isn't it essentially the same sort of deal? I'm not getting why dealing with chunks of 60 is better than dealing with chunks of 30
# 01:06 johncash for indieweb storage it kinda makes sense because you get more data for a given file
# 01:07 tantek also avoiding the cognitive dissonance of having things named like Gregorian month numbers (01.html … 12.html) but having them be new months instead
# 01:07 tantek also new months don't take new sundays into account whereas bims do
# 01:08 johncash ah thats the part i was missing the new sundays are bound to the bim unit
# 01:10 tantek KartikPrabhu: I don't think I've actually made use of that - and that's only almost true, since a bim has 61 days
# 01:14 johncash I think most nerds worth their salt have that problem
# 01:15 tantek at some point I realized I would very likely never build everything I thought of / wanted to and just decided to start sharing it all publicly in the hopes that if someone else found something useful they would build it.
# 01:17 tantek johncash I had difficulty figuring out how much salt an average human has per pound of flesh. If you know, we could perhaps compute such worth.
cuibonobo and androtest joined the channel
# 01:36 cuibonobo tantek: i was just reading your spec for NewBase64 and the mnemonic of number of strokes for _ + * is brilliant
KartikPrabhu joined the channel
# 02:19 tantek do you have any particular use-case in mind for NewBase64?
# 02:20 tantek interesting, why not just use NewBase60 for that?
# 02:20 tantek (more implementations etc., better tested in the wild etc.)
# 02:20 tantek (fewer possible numbers that look like line-noise - less punctuation)
# 02:22 cuibonobo bigger numbers with less digits is my only justification at the moment.
# 02:23 tantek I can see that. I guess at the time I decided that that marginal benefit was not worth the risk of the potential more line-noise-like cost, since these would be exposed in perma(short)links.
brianloveswords joined the channel
# 02:24 tantek but that was a "gut" instinctive assessment on my part - nothing scientific per se - so I can understand if you came to a different conclusion
# 02:24 cuibonobo these past few days i've just been testing the reasoning for things. i can't really say i've come to any conclusions.
# 02:26 androtest base 1000000 is where it's at
# 02:26 androtest emoji characters as numbers
# 02:27 androtest a little bird? hahaahaha
# 02:27 tantek androtest, and here I thought you were writing in binary and thus confirming that base64 is where it's at ;)
# 02:27 androtest I need to impose a no irc after whisky rule
# 02:28 tantek androtest, have you met tommorris? and may I invite you to #indiechat as well
# 02:28 androtest I have heard of him seems like a nice enough bloke
androte82 joined the channel
KartikPrabhu, fmarier and androtest joined the channel
# 03:24 cuibonobo turns out that the kinds of large numbers i was thinking of (timestamps and such) have the same amount of digits in NB60 vs NB64. hah
# 03:30 addal wolftune, thanks for the heads up!
snarfed, KartikPrabhu, gRegor`, brianloveswords and tantek joined the channel
snarfed joined the channel
chrissaad joined the channel
cweiske, tantek, mlncn, chrissaad, KartikPrabhu and arlen joined the channel
fmarier joined the channel
friedcell, jsilvestre, fmarier_, mlncn, petermolnar, squeakytoy, Sebastien-L, krendil, adactio, barnabywalters and pfefferle joined the channel
BjornW, Acidnerd and PierreO joined the channel
pfefferle, brianloveswords and jsilvestre joined the channel
pfefferle, glennjones, mlncn, scor, Sebastien-L, cweiske, bnvk, bitraten, cuibonobo, pbeaulieu and ben_thatmustbeme joined the channel
# 14:26 cweiske still waiting for a 2nd microformats parser imlementation in php
# 14:30 barnabywalters cweiske: hopefully that’s out of a political/idealogical desire for diversity of implementations rather than practical blocking?
# 14:32 barnabywalters cweiske: cool, I would love to see more implementations in PHP too — it would make the development of an easy to use cross-parser test suite even more useful
# 14:33 barnabywalters but if there’s some technical problem in php-mf2 which is blocking I’d rather know about it and fix it than wait for another implementation which might fix it
snarfed, wolftune and pfefferle joined the channel
mlncn and gRegor` joined the channel
# 15:07 tantek.com edited /Twitter (+439) "/* Features */ 2FA, note IndieWeb signup/login equivalents, TBI multi-factor IndieAuth, link-preview / Twitter Cards" (
view diff )
tilgovi, chrissaad and androte84 joined the channel
brainTrain_ joined the channel
npdoty joined the channel
brianloveswords, KartikPrabhu and androtest joined the channel
# 15:41 Loqi Ok, I'll tell them that when I see them next
brainTrain_ joined the channel
# 15:46 gRegor` I wonder if it can do anything with the webpage I suggested...
# 15:46 gRegor` I think it did work for me at some point, last year when I was first setting it up.
brianloveswords joined the channel
# 16:14 kylewm gRegor`: it looks like it's broken since twitter replaced the rel=me with a t.co link... makes me wonder how tantek logs into Falcon
androte29, johncash, pfefferle, barnabywalters and paulcp joined the channel
# 16:24 gRegor` kylewm: I thought it was just a demo, not actual auth. Probably indieauth?
adactio joined the channel
# 16:27 voxpelli gRegor`: kylewm: I think tantek mentioned a while ago that the RelMeAuth code being currently broken
Acidnerd, brianloveswords, johncash and brianlov_ joined the channel
paulcp, braintrain, barnabywalters, jschweinsberg, brianloveswords and scor joined the channel
benwerd joined the channel
# 17:56 Loqi benwerd: androte38 left you a message 1 day, 2 hours ago: @names link to a profile page 404 on werd.Io
# 17:56 Loqi benwerd: johncash left you a message on 7/23 at 2:24pm: your site looks down
# 17:57 benwerd androte38 / androte29: fixed in code. Thanks for the spot!
brianloveswords and Sebastien-L joined the channel
barnabywalters, paulcp, snarfed and scor joined the channel
paulcp, tilgovi, snarfed, dariusdunlap, androtest, wolftune, scor, KartikPrabhu, ShaneHudson and brianloveswords joined the channel
# 19:27 benwerd Interesting view of the indie web through a brand lens.
KartikPrabhu, grantmacken, johncash and androte40 joined the channel
indie-visitor joined the channel
# 19:40 Loqi Welcome, indie-visitor! Set your nickname by typing /nick yourname
tilgovi joined the channel
# 19:50 sam_benne Anyone here worked with PHP and MongoDB?
# 19:52 sam_benne Been killing myself the today and yesterday over it
# 19:52 sam_benne I switched the other way
# 19:54 sam_benne Been having exception after exception and nothing ever made sense
paulcp, snarfed, tilgovi and brianloveswords joined the channel
# 20:17 pdurbin sam_benne: exceptions before the switch or after?
squeakytoy2 joined the channel
# 20:19 sam_benne When it works it is great
# 20:19 sam_benne Just too much data and there
pauloppenheim and krendil joined the channel
tilgovi_ joined the channel
brianloveswords and ShaneHudson joined the channel
barnabywalters_ and snarfed joined the channel
# 21:26 aaronpk wow that's crazy. and new relic is like 1 block away from me.
tilgovi joined the channel
# 21:38 gRegor` Crazy, though he admits he was impersonating the conference at the end, which is probably what led to the suspending. On reddit he said the impersonating was ill-advised.
# 21:39 gRegor` I think if he handles it well with @Support, he could still keep his twitter
# 21:40 braintrain yeah I feel like twitter and potentially offended parties should work with someone like this though to try and quell his anger first
# 21:40 braintrain I know legally/terms wise dude's probably doesn't have any leverage, but he wasn't really arguing that
KevinMarks joined the channel
# 21:42 braintrain but I'm maybe a bit crazy in thinking that people ranting on the internet, and finding creative ways to strike back against the big guy is commendable :p
brianloveswords joined the channel
# 21:49 gRegor` I'm just commenting on the part that's getting the most attention, "BigCo steals twitter name" which does not seem correct at all.
# 21:49 gRegor` Good case for indieweb, though. :)
# 21:50 aaronpk yeah I was following him up until he started impersonating the conference
# 21:51 braintrain yeah that's an act of frustration, it'd be best if he just tried to ignore it but I feel like he's warranted in being frustrated. I wouldn't impersonate if I was in his position but I would definitely troll
fmarier joined the channel
# 21:52 gRegor` Sure, I'd be frustrated.
# 21:52 snarfed honestly, he comes off kinda entitled to me. namespace collisions happen. names aren't unique. deal with it.
# 21:53 gRegor` Not clear if there was more than just tweets, aaronpk
# 21:53 snarfed he forgets "never attribute to malice what can adequately explained by stupidity/ignorance/just being busy"
# 21:54 gRegor` Good points, snarfed
# 21:54 snarfed 90% of the time, when someone big steps on you, they didn't intend to. they just didn't see you there (and often still won't afterward)
# 21:54 gRegor` He should have turned it to his advantage. Shown up to play/speak/be the VIP at the conference, haha
# 21:54 gRegor` "It's got my name all over it"
# 21:59 braintrain "My latest strategy was to pretend to be them on twitter to get some of their followers, then hopefully use that to raise publicity for this post, but they beat me to it! They got my twitter account suspended!"
# 21:59 braintrain hard to tell how else he tried to impersonate when the account's suspended though :p
brianloveswords joined the channel
# 21:59 bear would #indiechat be a better place for this conversation?
tilgovi, lukebrooker and scor joined the channel
# 23:32 gRegor` aaronpk: I'm looking through your p3k-core code on Github. Is class Mf2Page something of yours that's unreleased, or is it third party?
# 23:33 aaronpk it's mine, not broken out as a separate thing yet
# 23:34 aaronpk I may not do that because in theory barnaby's is better
snarfed joined the channel
# 23:35 aaronpk I don't think his existed yet when I started writing my code
# 23:40 gRegor` Ok. Yeah, I'm using that currently. Your code looked more concise than mine, so I was going through seeing how I could improve mine. :) I may not be taking full advantage of his mf-cleaner though.
# 23:41 aaronpk ah cool. no promises on backwards-compatibility tho until it's broken out as its own module ;)
# 23:41 aaronpk the good news for you is that I use that everywhere so it would take a lot of work for me to actually change the interface
dariusdunlap joined the channel
# 23:45 gRegor` I like that yours is OO, and methods like $targetData->hentry->property() seem handy. Currently I'm checking array keys and it just gets verbose. e.g. $entry['properties']['in-reply-to']
# 23:46 aaronpk tho now with php 5.4 syntax I actually kind of prefer syntax like $entry->value(['properties','in-reply-to']) where it checks for properties before checkign for in-reply-to
# 23:46 gRegor` Ah, mf-cleaner has function hasProp(). Yeah, I'm not using that lib as well as I could, clearly
tantek joined the channel