#indiewebcamp 2014-09-16

2014-09-16 UTC
gavinc, moizsyed and mdik joined the channel
#
@RonKJeffries This status started at my IndieWeb http:/ronkjeffries.withknown.com site. Brid.gy will send me my Twitter activities. Cool. @withknown (twitter.com/_/status/511675813733748736)
paulcp_, parzzix, moizsyed and parzzix_ joined the channel
#
parzzix Hello everyone, new here.
#
GWG Hi, parzzix
#
parzzix Saw thing about indieweb on twig. I really like the concept
#
GWG parzzix: Thinking of joining in?
gRegor` joined the channel
#
parzzix Yes I am GWG
#
GWG parzzix: Have you a domain?
#
parzzix A couple...lol.
#
kylewm hi parzzix, welcome!
#
parzzix Was thinking best to use my name.. timapple.com have a blog there now. Thought I may replace it with known
#
GWG parzzix: It's an option. Some people prefer to roll their own solution.
#
parzzix Or are their better options?
#
GWG I'm sticking to Wordpress myself.
#
GWG parzzix: All options are good.
snarfed1 joined the channel
#
parzzix I figured I may throw known on a digitalocean droplet. With nginx instead of apache...or I may try hosted a little bit just to get a feel.
#
kylewm parzzix: Known is awesome
#
gRegor` Welcome, parzzix!
#
GWG kylewm: Agreed. But, like many things...you should make a full decision.
#
kylewm hehe, yes that's true, GWG
#
gRegor` Ooh, running ghost, parzzix?
#
kylewm it takes a little bit of work to get Known to talk to nginx, elliottucker posted about it
#
GWG kylewm: What if he wanted to use Redwind?
#
parzzix I always have trouble get apache going without maxing my resources
#
parzzix Whats redwind?
#
GWG Who doesn't?
#
kylewm what is Red Wind?
#
Loqi http://indiewebcamp.com/Red_Wind
#
kylewm oops
#
kylewm.com edited /Red_Wind (-9) "/* Description */ add <dfn>, re-word slightly" (view diff)
#
kylewm what is Red Wind?
#
Loqi Red Wind (source code) is Kyle Mahan's IndieWebi-ready blog software written in Python and running on Flask http://indiewebcamp.com/Red_Wind
#
gRegor` parzzix: Since you have a domain alraedy, and links to social networks, you could sign in to the wiki easily. That's a common early step we recommend: http://indiewebcamp.com/How_to_set_up_web_sign-in_on_your_own_domain
#
gregorlove.com created /redwind (+22) "r" (view diff)
#
gregorlove.com edited /Red_Wind (-1) "/* Description */ typo" (view diff)
#
kylewm thx, gRegor`
#
parzzix so who is the winner in the redwind vs known debate...lol
#
gRegor` Though "IndieWebi-ready" is kinda fun to say
#
kylewm parzzix: you have to read the next sentence of the description ;) "...but unstable and undocumented and probably not of much use to anyone but the author, at least for now."
#
gRegor` parzzix: Well, you have a site with a blog already, so that's a great start. Are you looking to move away from Ghost?
#
GWG parzzix: Lots of choices. I just wanted to make the point is that Indieweb is not Known.
#
kylewm GWG++
#
Loqi GWG has 19 karma
#
GWG That's the point. The Indieweb is Independent of platform.
#
gRegor` "indieweb" is a plurality. Lots of people using different server software, blog software, but interacting with a core set of protocols / building blocks. It's really flexible that way.
#
parzzix gRegor`, not exactly. But I like to keep it simple, I'm not a coder by any means. And the Idea of throwing things under one umbrella easily is appealing.
scor joined the channel
#
gRegor` Yeah, good point. Known is solid and will have good support here, too.
#
GWG It is very tempting.
#
kylewm Ghost seems promising, but I don't *think* anyone has written indieweb plugins for it yet
#
GWG kylewm: A challenge
#
gRegor` Does it have a plugin architecture yet?
#
parzzix I wonder if I self host, will known udate through itself, like wp. Or will I have to manually have to update via command line.
#
gRegor` It's been a while, but last I heard it was "coming"
#
parzzix gRegor`, it is very nice, plugin api isn't released yet, but coming
#
gRegor` doesn't know the Known update procedure on self-hosted.
#
kylewm no plugin api? that is... disappointing
#
gRegor` Yeah :/
#
kylewm parzzix: Known does not auto-update (yet?)
#
gRegor` I'm totally guessing, but I presume the Known update process should be relatively painless. Upload new files, maybe run a PHP script that updates the database.
#
gRegor` Also, since the creator is a regular in here, and it's written in PHP, you should find good support in here. :)
#
parzzix They say they will eventually let us move to self hosted. Maybe I'll ride the hosted path a little until it's out of beta.
#
gRegor` Sounds like a good idea. A couple people here have set up subdomains to try out the self-hosted version
#
kylewm +1 that plan. and i think you can message them if you want to redirect your domain name to whatever.withknown.com
#
parzzix ok....cool, I think I will give it a go.
lukebrooker joined the channel
#
parzzix what do the withknown folks go by on here?
annevk_ joined the channel
#
kylewm parzzix: benwerd and erinjo
annevk joined the channel
#
@parzzix Just started using Known... joining the #indieweb (twitter.com/_/status/511689559285825537)
#
parzzix Lol....How did that just happen?
#
parzzix kylewm, thanks
#
GWG parzzix: Magic
#
parzzix GWG, interesting
snarfed joined the channel
#
kylewm parzzix: Loqi searches twitter for a handful of terms, like indieweb and indiewebcamp
#
GWG He does tricks
#
GWG Who is kylewm?
#
GWG That one used to work
#
GWG What is kylewm?
#
Loqi It looks like we don't have a page for "kylewm" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=kylewm
#
kylewm thanks, deletionists
#
kylewm (just kidding, I think I asked aaron to delete it)
#
GWG kylewm: You'll always be the poster child for my webmention testing.
GWG, chrissaad and npdoty joined the channel
#
gRegor` who is tantek?
#
gRegor` Course Loqi takes a break now
#
Loqi yeah!
#
gRegor` no
#
rascul Loqi doesn't know who we are
Loqi joined the channel
#
tantek welcome back Loqi!
#
Loqi dude
KartikPrabhu joined the channel
#
tantek Loqi, are you going to now post all those tweets you missed while you were sleeping?
scor, Pea1, Sebastien-L and chrissaad joined the channel
#
dlyke kylewm, re webmentions: Yeah, I'm already looking for mentions to blog entries from sites in my OPML feed reader. I want to expand this to find friend's OPML files (or maybe I just need to semi-intelligently spider links in sites I read looking for more RSS feeds)
#
dlyke kylewm but that lets the spam problem be one of inclusion and discovery through semi-trusted sources, rather than exclusion, as webmention is.
#
dlyke kylewm also, Webmention looks like a horrendous DDOS amplification attack vector, and given that the guys next cube over spend much of their days figuring out how to mitigate amplification attacks, that's a concern.
#
kylewm dlyke: barnabywalters has done a little thinking about spidering 2nd level mentions and XFN friend lists to make a pretty inclusive whitelist
#
tantek ooh - anything coded?
#
barnabywalters actually it sounds like Known is further along than me: http://werd.io/2014/we-havent-seen-webmention-spam-in-the-wild-yet-except
#
barnabywalters but yeah building a webmention spam/abuse-prevention proxy is one of the goals of Shrewdness, and one of the false starts made before building it as mentioned on indiewebcamp.com/Shrewdness
#
kylewm dlyke: but I definitely like the idea of getting out in front of some of this. could you elaborate on the DDOS issue? basically I send a thousand webmentions to a thosand servers with the 'source' all set as the attack target, and then those thousand servers all try to GET at once?
#
dlyke kylewm: exactly.
#
tantek that DDOS issues has not be a problem in practice, since e.g. Pingback has the same vulnerability, and that particular issue has not been a problem with Pingback
#
tantek (other problems have)
#
bret we must have higher hopes for webmention! >:D
#
tantek (and Pingback is far far more widely deployed)
#
dlyke Yeah, I went and looked at my logs yesterday... added a whole bunch more IP addresses to my ufw rules, but I definitely don't want to recreate the {track,ping}back disaster.
#
dlyke But I'm light-weight spidering (checking for changes in as light a weight way as HTTP allows) 196 RSS feeds daily for mentions to my blog, there's no reason that couldn't be a few thousand.
#
dlyke And I could probably do half that spidering off my feed reader anyway if I thought that was getting too heavy-weight.
#
ben_thatmustbeme i like the idea a while back of shared black-list / white-list with friends
#
ben_thatmustbeme as far as the spam issue
Reykjavik___ joined the channel
#
dlyke tantek, searching for "pingback ddos", or asking the ops guys in the next cube over, suggests that it is a pretty big problem.
#
KartikPrabhu dlyke: is it good to try and "solve" this, even before one DDOS has been done using webmention?
#
bret how do you even solve ddos issues?
#
dlyke KartikPrabhu, so far as I can tell, the only reason webmention isn't a vector like pingback is is that it isn't widely deployed yet.
#
KartikPrabhu yup
#
KartikPrabhu same for spam. but trying to solve a problem before it even exists is strange
#
@hugoroyd @tieguy except brid.gy is agnostic regarding which platforms you use as long as it supports #webmentions (twitter.com/_/status/511903977701924864)
#
bret if you started getting ddos'ed via webmention, wouldn't the easiest thing to do is turn of webmention?
#
dlyke The vector for spam seems largely to be from the lack of an introduction protocol. If you just do mention discovery by friend-of-a-friend RSS feeds, you have an opt-in spam prevention system, rather than opt-out.
#
@dsearls RT @indieboxproject: @stopthecyborgs @charlieok @bruces #indyIOT: I like it! Or better #indieIOT to go with #indieweb, indie music etc.? (twitter.com/_/status/511904260360261632)
#
@dsearls RT @stopthecyborgs: @indieboxproject @charlieok @bruces cool can't believe noone coined it before should connect with #indieweb also check … (twitter.com/_/status/511904382406098944)
#
dlyke bret, having been through this with three different protocols before (Referer tracking, trackback, pingback, and, yes, all with "make sure the linked page actually references your page"), I'm uninterested in doing much more coding to recreate the mistakes of the past.
#
kylewm bret: the DDOS wouldn't look like a webmention to you though, it'd just be somebody fetching a random page on your site
#
dlyke I don't have anything against y'all doing webmention, aside from what names the ops guys in that next cube over will be calling it if it ever gains traction, I'm just interested in a different way to build that network of discussion.
#
kylewm KartikPrabhu: i agree insofar as solving a problem that doesn't exist is premature optimization, but if webmention is a "better version" of a protocol that does have those problems, we know they're coming :)
eschnou joined the channel
#
bret dlyke: what do you think would work? anything that already exists? propsals?
frzn joined the channel
#
frzn hey guys, which server are you using?
#
dlyke As I said, what I'm doing right now is spidering my OPML file for RSS feeds, checking for mentions of my site in those RSS feeds. What I'd *like* to do is auto-discover the next ring out of RSS (and, yes, Atom) feeds.
#
bret frzn: whichever one you want! a pretty good mix of apache and nginx
#
frzn I'm finally configuring my domain: www.leal.io
#
frzn bret: I mean Amazon AWS, DigitalOcean, etc. I'm planning to us DO, because they are very cheap and reliable
#
bret frzn: DO is definately a fav around here. linode also. I use FDC servers but not a fan of them
#
KartikPrabhu frzn: might want to look at : http://indiewebcamp.com/hosting
#
dlyke I think FOAF had some capability for this, but nobody ever really published anything interesting in that...
#
frzn KartikPrabhu: great!
#
bret dlyke: do you have examples of discovered info?
#
dlyke Design sucks, but see the "inbound links" section on an entry like http://www.flutterby.com/archives/comments/20030.html
#
neuro` dlyke: the design is OK :)
#
tantek dlyke: thanks for the heads about searching for it. re-reading now.
#
tantek e.g. http://www.incapsula.com/blog/wordpress-security-alert-pingback-ddos.html
#
dlyke (Amusingly, I'm finding that I link back to myself a lot)
#
dlyke tantek, yep. Of course Wordpress overall is a hosting provider's worst nightmare.
#
barnabywalters would the suggested fix in the original wordpress bug report (of only fetching if the webmention request came from the same host as the source URL) work?
#
bret dlyke: overal design is simple, but tottally fine. what would make that better is actually present useful information from that link in thread like the actual comment or conversation thread if approrpiate
#
barnabywalters can host be spoofed if the sites are both using TLS?
#
bret ohh barnabywalters are you hinting at using ssl as a trust mechanism for wm?
#
barnabywalters bret: asking if it is possible, because I don’t know much about it
#
dlyke bret, yes: I should probably coordinate with the few people who converse with me that way to put some sort of excerpt/mention tag in their site so I can easily figure out a good excerpt to grab. Or just grab the whole damned thing.
#
bret uf2 is exceptional for that purpose :)
#
bret sorry microformats 2
#
kylewm barnabywalters: i was wondering that too. it would be a bummer for willnorris's go/webmention command line thinger
#
barnabywalters kylewm: yeah, and things like bridgy. But they could just be added to a whitelist
#
bret what about gpg signed wm?
#
bret source, target, signature
#
barnabywalters bret: super complicated and requires private keys on servers
#
bret true
#
bret hrmmm
#
barnabywalters otherwise some sort of crypto would be an excellent solution
#
barnabywalters except it would just DDOS people’s public keys instead :)
#
dlyke I think the real question is: What does the auto-discovery mechanism get you? RSS sucks because it's polled, but Webmention+whitelist is really just recreating NNTP, but less elegantly.
#
bret ha true
#
bret im sorry did you just call NNTP elegant? :p
#
dlyke bret, only in comparison :-)
#
barnabywalters can someone who understands such things please clarify whether TLS + source host checking would fix the problem?
#
dlyke (Wondering if I should re-enable the NNTP gateway in my blog software)
#
bret i dont see it
#
bret do it
#
bret XD
#
dlyke Just source host checking would help the DDOS issue (if everyone implements it), but won't do anything against the spam problem.
#
barnabywalters if nothing else it’s a good incentive for people to implement TLS on their sites
#
bret dusts off my file decompressions software from the good old days of usenet
#
barnabywalters dlyke: that’s fine, they’re completely different issues
#
dlyke barnabywalters: agreed.
#
bret curiouse about the TLS stuff... would it be similar to dkim signed emails?
#
bret publicly, whitelisting could be maintained by some kind of community hub similar to how bridgy works
ShaneHudson joined the channel
#
bret part of the wm verifications is pinging the hub with the source and essentially asking, "is there any reason to know this person?"
#
KartikPrabhu is still not sure these should be called problem yet :P
#
bret could be*
#
barnabywalters KartikPrabhu: well, the DDOS stuff has been demonstrated publically several times
#
ben_thatmustbeme hmm, that should take care of it... should be able to edit and/or delete comments from my site now
#
barnabywalters and webmention is pingback without the XMLRPC
#
KartikPrabhu dlyke: what is NNTP?
#
tantek oh dear: http://labs.sucuri.net/?is-my-wordpress-ddosing=http%3A%2F%2Fma.tt%2F
#
dlyke KartikPrabhu if we reinvented open SMTP gateways but said "It's okay, because HELO and EHLO are now deprecated in favor of OLEH", we'd all be rolling our eyes.
#
bret dlyke: the orgins of wm was literally "hey pingbacks look useful for notification but they use xmlrpc, lets just do pure http parameters"
#
neuro` tantek: hilarious (or not)
#
ben_thatmustbeme ooor not
#
KartikPrabhu dlyke: errr I didn't understand any of that unfortuntely :P
#
tantek dlyke - I believe the state of /webmention vulnerability to spam is fairly well documented at the top of http://indiewebcamp.com/spam#The_Coming_Spam_Storm
#
dlyke KartikPrabhu NNTP is Network News Transfer Protocol, a system for distributing articles that underlies the (alas, now no longer usable because of spam) Usenet discussion network which used to be the backbone of Internet discussions, but is also used in many private discussion networks.
#
kylewm dlyke++ for innovating OLEH
#
Loqi dlyke has 1 karma
#
tantek feel free to add more to that if you think more warning / caveats are needed
#
tantek dlyke what's your personal site (sorry if I missed it earlier)
#
dlyke tantek, yeah, that's why I'll probably turn off webmentions, and an hoping for a proactive rather than reactive discovery system.
wolftune joined the channel
#
dlyke KartikPrabhu re "... didn't understand any of that ...", I hate to be an old fart, but "...something something learn from history condemned to something..." [grin]
#
tantek dlyke the approach I've been taking is to be very upfront about documenting the expected vulnerability, while still building upon the tech since it is very simple to build upon
#
tantek s/vulnerability/vulnerabilities
#
Loqi tantek meant to say: dlyke the approach I've been taking is to be very upfront about documenting the expected vulnerabilities, while still building upon the tech since it is very simple to build upon
#
dlyke tantek, I'm also "danlyke" but logged in from work IRC, where I have identity conflict issues. So blog is at http://www.flutterby.com/, personal publishing happens from http://www.flutterby.net/User:DanLyke
ShaneHud_ joined the channel
#
bret.io edited /spam (+99) "/* Other */ Added link to pump.io's spam filtering tool" (view diff)
#
KartikPrabhu dlyke: what i mean to say is, "turning of webmentions" because it might be used for spam in the future is pre-mature
#
tantek dlyke: go ahead and add yourself to http://indiewebcamp.com/irc-people
#
www.flutterby.net user:danlyke edited /IRC_People (+103) "/* Nicknames */" (view diff)
KevinMarks_ joined the channel
#
dlyke KartikPrabhu well, my webmention implementation is also really half-baked, and I'm also looking for a compelling reason to finish it vs pursuing alternate mechanisms which don't explicitly recreate the problems of the previous systems.
bitwit joined the channel
#
dlyke tantek, done, on the same line so it's obvious I'm the same person (identity is hard)
#
barnabywalters another anti-DDOS option is to require a hashcash header/parameter of suitable difficulty
#
barnabywalters which could be implemented in addition to other measures
#
barnabywalters is currently testing HTTPS+host checking
#
tantek dlyke: ooh I think that might break the Loqi parser
#
dlyke Does the Loqi parser deal with separate lines okay?
#
tantek yes
paulcp joined the channel
#
dlyke tantek, actually, I should probably just use a different client for personal IRC, huh?
#
tantek a bunch of us just add _s to the end of our nicks
#
tantek and Loqi knows to associate those with the same person
#
@SocialSafe Don't miss our simple guide showing you how to download your #Facebook Messages: http://www.slideshare.net/socialsafe/how-to-download-all-your-facebook-messages-to-your-own-machine-with-socialsafe #YourLifestyle #OwnYourData (twitter.com/_/status/511912817017225216)
#
www.flutterby.net user:danlyke edited /IRC_People (+26) "/* Nicknames */" (view diff)
#
dlyke Okay, let's see if Loqi is better with that.
#
ben_thatmustbeme problem is my name is too long to add an _ at the end
#
Loqi yeah!
#
@RonKJeffries What's new w/ http://pump.io @evanpro ? Are you active in #indieweb, e.g. @kevinmarks Also http://withknown.com seems interesting (twitter.com/_/status/511913174581641217)
#
danlyke Hah! Or, maybe, rather than cluttering up the wiki I should just learn how to use IRC.
#
ben.thatmustbe.me edited /IRC_People (+115) "/* Nicknames */ alt_nick" (view diff)
#
barnabywalters it looks like getting the request host (at least from my VPS) is totally unreliable, but the IP is reliable, so looking up the IP of the source domain and comparing it to the client IP might work
paulcp_ joined the channel
#
tantek who here is in SF and available to post an indie event for http://indiewebcamp.com/events/2014-09-24-homebrew-website-club ?
#
@ALA_TechSource IndieWeb advocates launch Known so bloggers can be social and still control their content. Targeting higher ed. https://gigaom.com/2014/09/11/indieweb-advocates-launch-known-so-bloggers-can-be-social-and-still-control-their-content/ (twitter.com/_/status/511916219268882433)
#
danlyke tantek did you mean "post" or "host"? I'm North Bay, but could probably work out technical issues for "post". Nobody's gonna come up to Petaluma if I offered to host, though.
#
tantek well post - if you have the ability to post indie events
#
tantek not many do!
#
tantek http://indiewebcamp.com/event#IndieWeb_Examples
#
danlyke tantek: Ah, yeah. See my earlier comments about half-baked webmention implementation... But, good counter-example to my assertion that friend-of-friend trust web discovery is sufficient.
#
tantek.com edited /Known (+96) "known knowns" (view diff)
#
tantek danlyke - you could use /irc-people as a first-order white list :)
#
ben_thatmustbeme tantek, indie events is on my todo list
#
ShaneHud_ I don't really have the indie event use-case currently, being in the UK. But think I could set it up pretty quickly
#
tantek ben_thatmustbeme: I don't see events on your list(s) here: http://indiewebcamp.com/User:Ben.thatmustbe.me ;)
#
tantek e.g. on my list: http://indiewebcamp.com/Falcon#event_posts
#
tantek.com edited /Events (+0) "move 09-10 HWC to recent" (view diff)
#
ben_thatmustbeme well "expand to other types (currently only posts and notes)"
#
tantek !tell benwerd are you able to make it to Homebrew Website Club meetup on the 24th? http://indiewebcamp.com/events/2014-09-24-homebrew-website-club
#
Loqi Ok, I'll tell them that when I see them next
#
ben_thatmustbeme that kinda covers it.. but you are correct, I am currently just keeping my todo in google keep
#
tantek I encourage you to share on the wiki!
#
ben.thatmustbe.me edited /User:Ben.thatmustbe.me (+218) "OpenBlog TODO list updated" (view diff)
#
ben_thatmustbeme btw, tantek, did you see that conversation of micropub syndicate-to / in-reply-to with multiple values discussion? It was short
#
ben_thatmustbeme micropub uses ',' to seperate URLs, don't know how common a url with a comma in it is
#
tantek ben_thatmustbeme: interesting - not common in indieweb. w3c uses them a bunch.
#
ben_thatmustbeme for syndicate-to i could see it being not much of an issue, its rare that they will have a fragment, fragmention, media query, or anything like that
#
ben_thatmustbeme but for in-reply-to (as I want to add ability to have micropub submit multiple) it could certainly come up
#
www.flutterby.net user:danlyke edited /IRC_People (-128) "/* Nicknames */ removing dlyke dupe of danlyke because I figured out IRC" (view diff)
#
barnabywalters okay I implemented anti-DDOS measures on my webmention endpoint
aaronpk_ joined the channel
#
aaronpk_ waves
#
barnabywalters hello aaronpk_!
#
barnabywalters trying to make waterpigs.co.uk help DDOS a site from the command line is now hopefully nontrivial
#
aaronpk_ ooh did you write that up anywhere?
#
barnabywalters aaronpk_: just about to
chrissaad joined the channel
#
aaronpk_ sweet
#
danlyke tantek so spidering http://indiewebcamp.com/irc-people still means I need to dig through the /User:... pages looking for likely URLs that might host RSS feeds. Any brainstorms for not just spidering every damned link on someone's user page there?
#
barnabywalters e.g. try running curl https://waterpigs.co.uk/mentions/webmention/ -d source=https://waterpigs.co.uk/ -d target=https://waterpigs.co.uk/notes/4Y9F2R/
#
tantek danlyke - nope, no need to dig. just use the domain after the "User:"
#
aaronpk_ does anyone happen to have logs from this channel from 7:15pm PDT last night until 8am PDT this morning?
#
tantek no spidering, just parse /irc-people
#
tantek in fact
#
jonnybarnes barnabywalters: kind of nice
#
tantek danlyke - go get the URLs from the h-cards: e.g. http://pin13.net/mf2/?url=http://indiewebcamp.com/irc-people
#
jonnybarnes but wouldn't this stop me from going crap my website borked, lets manually send the webmention to waterpigs.co.uk?
#
barnabywalters jonnybarnes: yep, it has exactly that problem
#
barnabywalters I’m also going to implement accepting a hashcache parameter though, to give people another option
#
bret i am likely not going to be sending wm from the same server as the site. this is going to break that no?
#
jonnybarnes ahhh, I get it, without this waterpigs.co.uk would make a request from the source url, so someone could use all these webmention endpoints in a DDOS attack
#
barnabywalters bret: unless additional measures (e.g. hashcash) are implemented, then yes
#
jonnybarnes could one also think about reatelimiting requests to the webmention endpoint?
#
jonnybarnes *rate-limiting
#
bret i read that as realtiming
#
ben.thatmustbe.me edited /User:Ben.thatmustbe.me (+193) "/* OpenBlog */" (view diff)
#
barnabywalters jonnybarnes: single site rate-limiting doesn’t solve the problem — it’s *distributed* DOS which this is preventing
#
bret seems like the payoff of ddosing an individuals site woudld be pretty weak
#
jonnybarnes as in if someone gets a load of computers to all make requests to your endpoint tp make your endpoint make *loads* of requests to the source?
#
@techlifeweb #indieweb folks, when you POSSE, are you indicating that your content is syndicated? I’m experimenting. http://t.co/L3HMPrWRD1 (twitter.com/_/status/511923880760717312)
paulcp and aaronpk joined the channel
#
jonnybarnes how come #indiewebcamp has moderators but #indiechat doesnt?
#
aaronpk I didn't register #indiechat
#
jonnybarnes also barnabywalters, how are you checking ip address/hostname? as in my vps has several domains pointed at its ip address, could that cause a hiccup?
#
barnabywalters jonnybarnes: currently writing it up w/ example code
#
jonnybarnes excellent
#
danlyke tantek aha! duh. Process to grab all of those sites HTML is running now, will then parse those for RSS, lather, rinse, repeat.
#
tantek danlyke - no need to parse for RSS - get their h-feed via the same phpmf2 parser!
#
danlyke bret, re effort to attack a single site: you'd be amazed at how much effort the unwashed masses will go through to make an individual's life hell, if, for whatever reason, they choose to pick on a person.
#
barnabywalters I don’t know much about how DDOS attacks work, but I’m amazed that the cited wordpress pingback attack is actually a big deal, because the attacker has to send as many requests as are sent by the network
#
barnabywalters is the problem that there isn’t a single IP address that the victim can block?
#
tantek hence the first D
petermolnar joined the channel
#
barnabywalters okay, understood
#
danlyke barnabywalters, the problem is the amplification: If you can find a big file on a target site, you're only sending a few hundred bytes to the intermediate sites, but each of those can ask the target site to serve a few megabytes (if that target site is hosting, say, a video).
#
barnabywalters danlyke: ah okay, so it’s not amplification of # of requests but of server load
#
danlyke Exactly. Dealing with these issues in ntp(!) and DNS is a continuous ongoing process for any network provider.
#
danlyke let alone HTTP meta-protocols.
#
barnabywalters so that particular aspect could maybe be prevented by clients doing a HEAD request and check for a text/html content type before fetching full content
#
barnabywalters but it still doesn’t prevent the hundreds of thousands of fake requests
#
barnabywalters (by “clients” I actually mean webmention-supporting sites)
#
danlyke barnabywalters: yes, but the Content-Length of flutterby.com's index.html is currently 46131 bytes, if the initial POST request can be made in 400 bytes, that's a 100 to 1 amplification right there.
Sebastien-L joined the channel
#
danlyke If you hit someone's dynamically generated page, you can not only peg their bandwidth, but also their CPU to unusable levels (happened to me when some guy in Russia was spidering a friend's site hosted on one of my colo servers).
#
ben_thatmustbeme yay, https for everything on my site now
#
Loqi giggles
#
ben_thatmustbeme 1 line change and a few references fixed, (i was still using a gravatar link)
#
ben_thatmustbeme oh, actually, 3 lines, 2 in .htaccess
#
KartikPrabhu any recommendations on installing and running a local dev copy of Wordpress on Linux? The internet at large does not seem to be good at actual recommendations
#
danlyke tantek ah, seeing the "h-feed" now on some of those linked pages. Seems way easier to get the <link rel="alternate" Atom & RSS feeds than debugging yet another parser...
#
danlyke KartikPrabhu uh? Install your favorite distro (I use Ubuntu at home, SL6 at work, both suck in different ways), they probably have a default Apache package, install WordPress under that?
#
tantek danlyke - no need to debug as lots of folks running it depending on it already
#
GWG KartikPrabhu, where are you failing?
#
KartikPrabhu GWG: errr I don't know how to start to fail... :P
#
GWG Did you read the 5 minute install?
#
waterpigs.co.uk created /DDOS (+2342) "Stubbed page with definition, webmention example, potential solutions, example code, myself as indieweb example" (view diff)
#
barnabywalters okay, finally got that done
#
barnabywalters bret jonnybarnes danlyke please review ^^^
#
barnabywalters heading off now, bbiab!
#
KartikPrabhu GWG: I have installed wordpress on ubuntu from the repo. How do I do something with it thgouh?
#
kylewm.com edited /webmention (+154) "/* Issues */ add link to DDOS page" (view diff)
pauloppenheim joined the channel
#
GWG I've never used a repository. Not sure where they put the configuration file
#
waterpigs.co.uk edited /DDOS (+232) "Added additional possible preventative measure, using expiring webmention endpoints" (view diff)
#
bret.io edited /DDOS (+468) "/* Webmention */" (view diff)
#
tantek.com edited /h-card (-1) "fix simple example" (view diff)
#
aaronparecki.com edited /DDOS (-470) "pre tags" (view diff)
#
aaronpk uhoh
#
aaronpk edit conflict?
#
aaronparecki.com edited /DDOS (+468) "resolve edit conflict" (view diff)
#
aaronpk fixed
#
tantek.com edited /Talk:h-card () "(-778) fixed error - thanks for the report!" (view diff)
#
tantek.com edited /why (-50) "/* See also */ remove some links that are not helpful" (view diff)
cmhobbs_ joined the channel
#
kylewm.com edited /Known (+300) "added link to elliottucker's nginx howto" (view diff)
#
kylewm does anybody here publish an XFN style friends list?
#
bret tommorris i think
#
kylewm bret: ah, thanks!
#
jonnybarnes.uk edited /DDOS (+211) "/* Webmention */ comment that cURL requests should still be possible" (view diff)
#
kylewm.com edited /spam (+4) "/* Spam Prevention Service Brainstorming */ link XFN" (view diff)
#
www.flutterby.net user:danlyke edited /DDOS (+111) "/* Webmention */ added suggestion to spread load out temporally" (view diff)
#
kylewm.com edited /XFN (+123) "add IndieWeb Examples and tommorris" (view diff)
alexhartley joined the channel
#
@kyle_wm RT @jkphl: #IndieWeb folks, this may be one for you: #bono14 tickets on sale now, first speakers announced. Thx for ur support! https://t.c… (twitter.com/_/status/511936655763058688)
paulcp, chrissaad, alanpear_ and alanpea__ joined the channel
#
@mfbonafide RT @PBSMediaShift: IndieWeb advocates launch Known so bloggers can be social and still control their content (@mathewi via @GigaOm) http://… (twitter.com/_/status/511939073326723072)
#
bret !tell barnabywalters you also managed to break your "Written a response to this post? Let me know the URL:" box :(:(
#
Loqi Ok, I'll tell him that when I see him next
alanpear_ and indie-visitor joined the channel
#
Loqi Welcome, indie-visitor! Set your nickname by typing /nick yourname
#
ben_thatmustbeme woah, i changed to https:// and brid.gy resent every comment/like
#
danlyke ben_thatmustbeme (and others doing SSL/https), what's the cheapest way to get SNI certs? I hate paying the extortion money to the CAs, but see that SSL is in my future...
#
KartikPrabhu ok wordpress installed locally with success... phew
#
danlyke KartikPrabhu: congrats!
#
alanpearce You shouldn't need to pay for SNI.
#
alanpearce It's a server/client thing
#
alanpearce StartSSL's free cert will do just nicely
#
danlyke alanpearce, thanks, a friend suggested that on my blog, but didn't link it and whatever I was typing in was redirecting to Trustico. I'll wade into the StartSSL thing and see about getting that working.
eschnou joined the channel
#
alanpearce danlyke: Just make sure you generate your own CSR, they make it (too) easy for them to generate your private key for you.
#
danlyke alanpearce thanks, yeah, I already distrust CAs...
paulcp joined the channel
#
KartikPrabhu GWG: do you dev your theme locally?
#
KartikPrabhu or any other Wordpress person? I have a local site setup now, but the only way to install themes is to upload a zip file through the wp interface...
indie-visitor joined the channel
#
ben_thatmustbeme danlyke, I just ordered through my hosting provider (hostt.net) as they only had $12 per year certs
#
aaronpk KartikPrabhu: themes are just in folders in the wp-content folder
#
aaronpk you can edit files there
#
KartikPrabhu oh cool... theanks aaronpk
#
gRegor` danlyke: A good post that walked me through setting up a StartSSL cert: https://konklone.com/post/switch-to-https-now-for-free
barnabywalters joined the channel
#
kylewm anybody have feelings for or against CAcert.org?
#
kylewm as a free non-profit cert provider (that is not installed in browsers by default)
paulcp joined the channel
#
barnabywalters has a cacert signup form somewhere
#
Loqi barnabywalters: bret left you a message 49 minutes ago: you also managed to break your "Written a response to this post? Let me know the URL:" box :(:(
indie-visitor joined the channel
#
barnabywalters bret: ugh yeah that’s a good point — I should add CSRF protection and allow those requests
#
aaronpk i'm not convinced that's the best ddos protection technique
#
aaronpk as bret points out, he won't be able to send you webmentions because his webmention code doesn't run on his web server
#
barnabywalters given all the options I think the expiring webmention endpoint technique might be the best idea
#
bret maybe only turn that on when you are being ddosd
#
aaronpk yeah that's a neat trick. also doesn't require any changes to anybody's code!
#
barnabywalters bret: it’s not a protection against being DDOSed, it’s protection against being used to DDOS others
#
kylewm (except bridgy's)
#
bret barnabywalters! ya that might work
#
aaronpk bridgy caches the endpoints?
#
barnabywalters it would mean that an attacker has to send 2x the amount of requests they want to make
#
kylewm aaronpk: yes it does, short term at least
#
aaronpk the only potential change needed is senders have to discover the webmention endpoint for each post with no caching
#
aaronpk if you're already not caching, then no change needed (the vast majority of implemetnations i assume)
#
barnabywalters how short term? probably fine to have them expire in an hour or a day
#
barnabywalters really what you’re preventing is people building huge lists of webmention endpoints which can all be used for DDOSing
#
barnabywalters which I’m assuming fixes the problem, but again do not have a solid understanding of this stuff
#
kylewm yeah if there were some overlap where one is expiring and a new endpoint is turning on, that would probably be bridgy compatible
xtof joined the channel
#
barnabywalters I’d probably implement it by encrypting the current time, then decrypting it and making sure it’s not from more than X seconds/minutes/hours in the past
#
barnabywalters of course that approach can’t be used for static sites
#
aaronpk that's a great use of self-encoded tokens. you really don't want to be storing those tokens anywhere :)
#
barnabywalters okay, I’ll modify my existing code to do that instead of client IP checking
#
kylewm barnabywalters++ great idea
#
Loqi barnabywalters has 64 karma
#
bret :D
#
bret barnabywalters++
#
Loqi barnabywalters has 65 karma
#
gRegor` expiring webmention endpoints?
#
bret Loqi, why didn't you think of this?
#
Loqi is done
#
gRegor` What does that mean?
#
aaronpk the webmention endpoint you discover on one of barnaby's posts is going to change
#
aaronpk and after some amount of time, the endpoint will not accept webmentions
ttepasse joined the channel
#
gRegor` Ah. Hm.
#
aaronpk so say you want to send a mention to this post: https://waterpigs.co.uk/notes/4Y9F2R/ you'd discover the webmention endpoint which might be https://waterpigs.co.uk/webmention?expires=20140916T130000
#
aaronpk and then after that time the endpoint would not accept mentions
#
aaronpk (of course the expiration date would be encrypted or signed so that it can't be forged)
#
Mark87 you'll have to have a scheme of randomizing the expiration resets
#
aaronpk what do you mean?
#
barnabywalters Mark87: not if the tokens are encrypted — the client only ever sees an opaque string
#
barnabywalters not a hackable datetime
#
aaronpk example of encoding that as JWT:
#
gRegor` I was planning to / working on caching wm endpoints, so this is good to know.
#
aaronpk https://waterpigs.co.uk/webmention?eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHBpcmVzIjoiMjAxNDA5MTZUMTMwMDAwLTA3MDAifQ.eqDVS2LjtrrOGdb-EbzmmLWRq6qDUUcKH91tjGLzo4s
#
bret aaronpk. what about also expire after some random number of uses?
#
bret barnabywalters ^^
#
gRegor` sexy urls :)
#
Mark87 thats better, but what about also allowing different expirations for trusted partes. For instance, if a request comes in from bridgy, you might give them a weeklong, cacheable endpoint
#
aaronpk you'd have to know who is fetching the page, but sure
#
Mark87 or is that a bad idea
#
barnabywalters aaronpk: well to be fair that’s what my approach is at the moment
#
barnabywalters or at least is attempting to do — obv. not everyone has a static IP
#
Mark87 no i think thats a bad idea
#
aaronpk in fact pages fetched with an access token could return an authenticated webmention endpoint so that you know who is sending the webmention
#
aaronpk "if the request comes from bridgy" is actually hard to know
#
barnabywalters aaronpk: maybe we’ll worry about that when people are actually fetching pages with access tokens :)
#
aaronpk yeah. for now time-based expiration is a good start
#
aaronpk bret: yeah one-time webmention endpoints could work too, but then you'd have to store state somewhere
#
aaronpk the advantage of time based ones is you don't need to store anything since everything you need is encoded
#
aaronpk this is a good post on that: http://lucumr.pocoo.org/2013/11/17/my-favorite-database/
#
kylewm mitsuhiko++
#
Loqi mitsuhiko has 1 karma
#
aaronpk i think i'm gonna go implement expiring webmention endpoints now too
#
Mark87 how are blogs who use a third party webmention server going to utilize expiring endpoints?
#
aaronpk if the blog can run server-side code, then the blog and the third party webmention server could agree on how to generate expiring endpoints
#
barnabywalters Mark87: there are also other measures (as specified on /DDOS) which can be used to mitigate this threat
#
aaronpk e.g. for webmention.io, I could provide you a way to sign in and get a secret which you use to sign JWT tokens. that way your blog could encode the expiration date
#
barnabywalters e.g. hashcash could work with hosted sites, but requires everyone to make code changes
#
aaronpk hm, while we're encoding things in the webmention URL, I wonder if there's any benefit to also encoding the target_url
#
barnabywalters aaronpk: what do you mean?
#
aaronpk so your endpoint for this post https://waterpigs.co.uk/notes/4Y9F2R/ might also include the post URL in the encoded data
#
gRegor` What is JWT?
#
Loqi It looks like we don't have a page for "JWT" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=JWT
#
aaronpk you could then compare the target_url sent int he webmention request against the encoded target and toss it out right away as spam if it doesn't match
#
aaronpk gRegor`: on it :)
paulcp joined the channel
#
Mark87 I'm a little skeptical on the expiring endpoints. If I'm an attacker, the expirations prevent me from building a long-lived list of endpoints, but i can still build a list of urls that have endpoints. Presumably I can troll that entire list to get the latest endpoint list and then launch my attack. Expiring the endpoints just adds an extra step
#
mko Agreed, Mark87.
#
aaronpk there is never a perfect solution, so it's a matter of adding complexity for attackers and taking many incremental steps
#
barnabywalters I’m guessing that requiring the extra step will be enough of a deterrant for a few years at least
#
barnabywalters it prevents the attack which was used on wordpress, which was “I know the wordpress URL structure and I can get a list of wordpress sites”
#
kylewm Mark87: mko: it takes away the amplification factor, they have to GET nearly as many bytes as they are forcing others to GET
#
reedstrm agreed aaronpk - been there, done that, on a submit-a-bug web form. Had to leave it open to not-authenticated, so had to add every trick we could think of to avoid spambots. encrypted timestamp was one of those.
alexhartley joined the channel
#
reedstrm Another was some honeypot fields - temptingly named fields in the form that were hidden via css, so real humans never filled them out.
#
aaronpk honeypot fields are great. I did that with JS (swapping the value in JS so bots submit the wrong one) and that solved like 99% of form spam
#
kylewm well, it reduces the amplification factor at least; i guess they could issue 100 webmentions to each of a thousand servers
#
mko I'm not saying that it's not a good idea. I actually like the idea of them. I'm just not sure it solves the problem well-enough to be the first line of defense.
#
aaronpk open to suggestions :)
#
barnabywalters mko: well at the moment the problem is near-theoretical anyway
#
mko Yeah. I've been lurking and thinking about it.
#
aaronpk I also don't see any harm in doing so, especially since it doesn't require a protocol or code change
#
barnabywalters but I was bored of the discussion so implemented something :)
#
aaronpk barnabywalters++
#
Loqi barnabywalters has 66 karma
#
mko lol. I like that.
#
mko barnabywalters++
#
Loqi barnabywalters has 67 karma
#
barnabywalters okay, rolled out expiring token endpoints
#
barnabywalters bret: want to try sending that webmention again?
#
barnabywalters you’ll have to do a lookup stage
#
bret sure
#
reedstrm btw, my experience w/ spam runs is that _any_ error code will send them off to the next target, even one that just requires a refetch to solve.
#
barnabywalters is a little sad about not getting to use the client IP checking as it felt clever, but knows that is usually a bad sign anyway
#
ben_thatmustbeme hmmm, i just realized, if I ask for post access when a person logs in i can easily check if they have a micropub endpoint and then let them reply to my posts without leaving my site
#
aaronpk yeah, same. that's basically the "greylisting" email spam technique. if someone is sending you an email you first reply back with "come back later" and 80% of spam bots just go away, but real mail tries again.
#
reedstrm (unlike the damn poorly coded spiders, who've been known to spin hard on a 4XX error to the point that I had to block it at the network stack layer, and was considering talking to upstream about a border blockade)
#
aaronpk ben_thatmustbeme: yes but I am not likely to approve post access to your site
#
danlyke reedstrm I have pages and pages of 404 and 5xx hits from the same IP address attempting to spam. I have yet to see evidence of error checking in spamming bots.
#
bret barnabywalters HTTP/1.0 500 Internal Server Error
#
ben_thatmustbeme aaronpk, yeah, I'd have to have some sort of interface for that to give some reason for it
#
barnabywalters bret: dammit — thanks! looking into it now
#
ben_thatmustbeme or maybe ask them to upgrade the first time they try to reply
#
ben_thatmustbeme definitely not optimal though
#
aaronpk you'd have to have a really good reason and I would have to trust you in person. I *may* be willing to issue you a short-lived access token, but even that is not likely
#
Loqi [mention] http://aaronparecki.com/bookmarks/2014/09/16/3/indiewebcamp-barnabywalters linked to http://indiewebcamp.com/irc/2014-09-16/line/1410896127395 (webmention)
#
barnabywalters heh, I’m getting yet more “attack” requests to /notes/tiki-register.php/
#
jonnybarnes wow, rolling your own bookmarks service, nice
#
gregorlove.com edited /comment (+81) "/* Make a comment */ Clarifying rel="in-reply-to" should only appear on the comment's permalink page" (view diff)
#
jonnybarnes I asked before but does anyone happen to know of a JS library to autosave form contents to localstorage?
#
KartikPrabhu phew... finally setup local themeing so I can finally write a theme... even Wordpress is annoyingly hard
#
kylewm it seems like there should be an easy way to say docker build wordpress-development-environment and go
#
gRegor` Sorry to hear you chose WordPress, KartikPrabhu ;)
#
alanpearce Probably more likely that there's a vagrant box for it than docker
#
bear mail spam, anti relay configs, and other issues is what drove me to use mailroute as my primary mx and have them send me a sane mail streama
#
aaronpk jonnybarnes: yeah it's part of Quill now so you can use it too :D
#
reedstrm jonnybarnes: never used it but found http://sisyphus-js.herokuapp.com/ sounds about right.
#
gRegor` What's the trouble you're running into with theme writing, though?
#
jonnybarnes thanks reedstrm
#
KartikPrabhu jonnybarnes: http://sisyphus-js.herokuapp.com/ or https://github.com/kugaevsky/jquery-phoenix
#
KartikPrabhu gRegor`: Wordpress does have pretty good plugin thigns going on though
#
KartikPrabhu wow! 6 simultaneous msgs!
paulcp joined the channel
#
KartikPrabhu gRegor`: the local WP install could not find a theme I put in the themes folder... turns out I had to simlink it to somewhere else and all that
#
jonnybarnes aaronpk: and my token endpoint still works!!!
#
Reykjavik___ anybody have a suggestion about where to start with homesteading?
#
aaronpk hooray!
barnabywalters joined the channel
#
aaronpk jonnybarnes: click the "bookmark" link at the bottom!
#
KartikPrabhu Reykjavik___: honmesteading as in posting to your own site?
#
kylewm Reykjavik___: or as in http://indiewebcamp.com/Homesteading ?
#
aaronpk also the bookmarklet is super useful! with it you can select text on a page, click the button, then it fills in the url,title and content on quill
#
jonnybarnes aaronpk: presumably `bookmark` is for a URL?
#
aaronpk yes
#
gRegor` KartikPrabhu: Odd. I've never setup a local WP for dev though
#
Reykjavik___ http://indiewebcamp.com/Homesteading is what i was more or less talking about. I'm pretty new to ruby but im trying to learn more about posting and then syndecating elsewhere
#
Reykjavik___ ruby is typically the best route to go right?
#
aaronpk the best route to go is entirely up to you
#
aaronpk there are good tools (parsers, etc) in Ruby, PHP and Node.js now
#
kylewm and Python ;)
#
aaronpk oh right
#
Mark87 i code all my websites in assembly
#
aaronpk sorry :D
#
mko Reykjavik___: Homesteading.io is actually not "ready to install" so it's actually more of a "Upcoming" platform.
#
jonnybarnes Mark87: theres definitely a relavent xkcd for this
#
gRegor` Binary or bust
#
mko Reykjavik___: If you're looking for an off-the-shelf way to get started on the IndieWeb, you could try http://withknown.com if you wanted.
#
jonnybarnes erm, does sisyphus ( https://github.com/simsalabim/sisyphus ) require jQuery?
#
alanpearce jonnybarnes: I'd say so: https://github.com/simsalabim/sisyphus/blob/master/sisyphus.js#L525
#
kylewm jonnybarnes: looks that way from its bower.json
#
jonnybarnes poo, I dont use jQuery atm, was hoping to find something that didnt require it
#
alanpearce You could always try to unravel it :)
#
Reykjavik___ i guess maybe if i were to explain it better, im more of a front end guy and designer and im trying to get my feet wet in more dev stuff. and parsing info has been something ive always been meaning to figure out
#
Reykjavik___ but im not quite sure where to start with it
Mark87_ joined the channel
#
Reykjavik___ wasnt sure if there were any good resources out there to explain parsing and syndicating better
#
alanpearce Hmm, someone came up with the zen of indieweb the other day.
#
danlyke benthatmustbeme yeah, namecheap sells Comodo certs for ~$10/year, but I can't tell if they're SNI and not SHA-1
#
alanpearce But I forgot the quote :(
#
danlyke gRegor` thanks, will get that set up on my various domains...
#
kylewm Reykjavik___: do you have a domain name already?
barnabywalters joined the channel
#
gRegor` Reykjavik___: Have you seen http://indiewebcamp.com/Getting_Started yet?
#
gRegor` It's recommended to start with the simpler things. Set up basic contact info on a personal domain, set up web sign-in, and work your way up
#
Reykjavik___ ahhh im an idiot, i just found this page, http://indiewebcamp.com/POSSE i must've overlooked it
#
Reykjavik___ yeah good call, ill work my way up, thanks for the help guys
#
mko Not an idiot. Onboarding and Wiki organization is something we're continually in need of improving.
#
gRegor` Yep. Which reminds me, I started work on a revised Getting Started page. Need to get back on that.
scor joined the channel
#
danlyke Not at all sure what this proves, but I grabbed all the pages of people listed in the irc-people page, and...
#
danlyke $ grep -l rss /home/danlyke/var/rssfeeds/cache/webpage/irc-people_http___* | wc -l
#
danlyke 36
#
danlyke $ grep -l atom /home/danlyke/var/rssfeeds/cache/webpage/irc-people_http___* | wc -l
#
danlyke 25
#
danlyke $ grep -l h-feed /home/danlyke/var/rssfeeds/cache/webpage/irc-people_http___* | wc -l
#
danlyke 20
#
kylewm lol
#
alanpearce grep can count on its own with -c :)
paulcp_ joined the channel
#
alanpearce Bit of a unix violation, but eh.
#
danlyke alanpearce, -c prints the number of matches per file, and prints 0.
#
alanpearce Oh, fun.
scor joined the channel
#
kylewm love the low tech approach to indie-stats
#
danlyke Also interesting:
#
danlyke $ cat h-feed.txt rss.txt atom.txt | sort | uniq | wc -l
#
danlyke 48
caseorganic, KartikPrabhu and barnabywalters joined the channel
#
aaronparecki.com created /JSON_Web_Token (+16) "r" (view diff)
#
kylewm danlyke: practically speaking you can top-level h-entries as an h-feed even if there isn't one
#
kylewm just fyi
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+895) "/* Publish (on your) Own Site, Syndicate Elsewhere */" (view diff)
Mark87 joined the channel
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+0) "/* Set up your home page and web sign in */" (view diff)
#
bear alanpearce - I mentioned one at 14:10 here https://indiewebcamp.com/irc/2014-09-13
#
alanpearce bear: the 14:14 one was better :D
#
bear I thought so also
#
barnabywalters bret: only just figured out what the webmention problem was, quite embarassingly simple :/
#
bret hey hey! welcome to my world
#
aaronparecki.com created /JWT (+594) "stub with dfn and links" (view diff)
#
bret barnabywalters should I try again?
#
barnabywalters bret: should work now, yep :)
#
bret oh oops need to get the new endpoint
#
bret weeee
#
barnabywalters heh
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+1134) "/* Optional / Bonus Steps */" (view diff)
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+0) "/* Set up your home page and web sign in */" (view diff)
#
danlyke kylewm since I have the infrastructure to deal with RSS & Atom, I'll toss them in first.
#
danlyke (Need to do some actual work before that, though...)
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+337) "/* Share and Join Us */" (view diff)
#
gRegor` "Set up another indiewebcamp wiki" is an odd step for the Getting Started page, even if it's categorized as optional, heh
#
aaronpk ha yeah
#
kylewm if you want to make an apple pie from scratch...
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+78) "/* See Also */" (view diff)
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (-3) "/* Connect */" (view diff)
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+17) "/* Connect */" (view diff)
#
neuro` World is small. Browsing CC photos in Flickr to illustrate a blog post, ended picking one from adactio
#
neuro` Too bad he's not here tonight
paulcp, krendil, wolftune and paulcp_ joined the channel
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (-180) "/* Get a personal domain */" (view diff)
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (-7) "/* Get a place for your content */" (view diff)
#
@anna_blume_hh RT @mbauwens: RT @JockelLohkamp: ..heading for a #decentralized #Internet... http://www.dw.de/were-heading-for-a-decentralized-internet-but-will-we-get-there-by-2015/a-17522868 #GETDBerlin #indieweb #IoT #P2P (twitter.com/_/status/511976343765274625)
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+12) "/* Get a place for your content */" (view diff)
#
kylewm neuro`: ha yeah i had that experience recently when i found the answer to a StackOverflow question from one of my coworkers
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+4) "/* Set up a personal URL shortener */" (view diff)
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started () "(-3605) /* Getting Started on the Indieweb */" (view diff)
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (-10) "/* Get a place for your content */" (view diff)
IanVellosa joined the channel
#
barnabywalters bret: yay! thanks for the test ping
#
Loqi woot
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (-262) "Current live version of Getting Started for wiki history comparison" (view diff)
paulcp joined the channel
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+228) "My suggested changes to Getting Started" (view diff)
#
gRegor` Review requested for http://indiewebcamp.com/User:Gregorlove.com/Getting_Started
#
ben_thatmustbeme huh... never realized that PHP does not like having multiple Link: headers
#
gRegor` Mainly I changed the headings to be action phrases, re-ordered a couple of them, and moved the optional ones under an "optional" section.
#
waterpigs.co.uk edited /DDOS (+86) (view diff)
#
gRegor` !tell tantek: Made some suggested changes to /Getting_Started I preserved the current live version in the history so you can compare :) http://indiewebcamp.com/User:Gregorlove.com/Getting_Started
#
Loqi Ok, I'll tell him that when I see him next
#
ben_thatmustbeme i wonder if that creates a problem for anyone
#
gRegor` How so, ben? I mean, under what circumstances is PHP having a problem with it?
#
ben_thatmustbeme curl -D - -s -L -o /dev/null ben.thatmustbe.me |grep Link
#
ben_thatmustbeme curl -D - -s -o /dev/null aaronparecki.com |grep Link
#
ben_thatmustbeme thats the difference i noticed
#
ben_thatmustbeme actually until a minute ago it was only putting in my micropub one, by default php overwrites the previous
Mark87 joined the channel
#
gRegor` So PHP is not liking parsing aaron's?
#
ben_thatmustbeme no, just confused why php puts it all in one line, not in multiple
#
ben_thatmustbeme but on further reading it looks like php is doing it right
#
ben_thatmustbeme http://tools.ietf.org/html/rfc5988#page-10
#
@zamoose OH COME ON. https://gigaom.com/2014/09/11/indieweb-advocates-launch-known-so-bloggers-can-be-social-and-still-control-their-content/ https://twitter.com/zamoose/status/511982208064978944/photo/1 (twitter.com/_/status/511982208064978944)
#
ben_thatmustbeme everyone tends to check the headers and the <head> data for those links so if it was a problem i don't think anyone would have even noticed
#
ben_thatmustbeme makes me somewhat want to remove my links in <head> to see if anything breaks
#
bret quill could actually send wm's if it uses the 202 created address it gets bac
#
gRegor` Interesting. Are you using header() to output the Link:?
#
bret quill could actually send wm's if it uses the 202 created address it gets bacl
#
bret ack
#
gRegor` bach
#
ben_thatmustbeme gRegor` yes, I realized a few minutes ago i had to use header('Link : ...', FALSE); or i would only get one of them
#
gRegor` Ah, did not know that. Cool
#
ben_thatmustbeme danlyke's indiestats via curl and such are what got me going on it
#
ben_thatmustbeme curling everyones pages myself now
#
@equivalentideas IndieWebCampUK 2014 Hack Day Demos: HTTPS, #webactions, new & improved #indieweb sites http://tantek.com/2014/259/b1/indiewebcampuk-hack-day-https-webactions (twitter.com/_/status/511984281212563456)
#
@jeremyfelt WordPress is funded by me. RT @zamoose: OH COME ON. https://gigaom.com/2014/09/11/indieweb-advocates-launch-known-so-bloggers-can-be-social-and-still-control-their-content/ https://twitter.com/zamoose/status/511982208064978944/photo/1 (twitter.com/_/status/511984471889805312)
#
gregorlove.com edited /JWT (+4) (view diff)
#
ben_thatmustbeme should have saved load times too
#
ben_thatmustbeme as one of them seems to be taking forever
#
IanVellosa Hi Guys, after listening to the TWIT podcast I thought I'd come and play, but I'm having a few issues getting started. I'm trying to use dyndns and host my own server, but I think the http://indieauth.com server is having issues resolving my domain name. Has anyone else tried using dyndns before? Searching the WIKI and googling around, I've not been able to find anything.
#
@zamoose RT @jeremyfelt: WordPress is funded by me. RT @zamoose: OH COME ON. https://gigaom.com/2014/09/11/indieweb-advocates-launch-known-so-bloggers-can-be-social-and-still-control-their-content/ https://twitter.com/zamoose/status/511982208064978944/photo/1 (twitter.com/_/status/511985153372327937)
#
gRegor` Welcome, IanVellosa.
#
gRegor` aaronpk runs indieauth.com so can help
#
gRegor` It's not finding your site to scan for the social profile links?
#
bear ben_thatmustbeme - I ran into that doing the initial coding on my indie-stats python app
pfefferle joined the channel
#
IanVellosa Hi gRegor, I'm getting an error come back "Error retrieving: http://www.vellosa.com" which makes me think it's not resolving the domain name even
#
ben_thatmustbeme wish i had a more curated list of sites to work from bear. it sucks having to wait like 3 minutes for a connection to timeout
#
bear ben_thatmustbeme - that is one of the issues that was talked about - how to get a simple directory of active indieweb sites
#
bear my code stores the result of the request so it could remove a site from the list if it failed
#
bear or move it to a try again list
#
bear or if you want I can put it online so that you could just pull down the days data that it gathers
#
gRegor` IanVellosa: I'm getting "DNS lookup failed" too.
#
gRegor` I don't have experience with dyndns though
#
bear ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35733
#
bear that is the result of a DIG request for www.vellosa.com
#
bear so dyndns is having problems responding to the request
#
IanVellosa I get a response
#
IanVellosa ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25133
#
bear i'm using google's dns server
#
bear your probably using dyndns'
#
IanVellosa I've also been trying to use a service http://ismywebsiteupnow.com/ which tests the site from a number of locations, and only about a thrid of them work for me
#
IanVellosa but the dyndns support guys get 100% pass rates there too
#
bear right - with dns they could be having trouble connecting to other dns root servers
#
bear so it's a roll of the dice who has a valid zone file
#
Mark87 are you on the Personal dyndns plan?
#
IanVellosa I'm actually using https://www.overplay.net for dns, so that I can bypass some geo ip services
#
Mark87 I ran nslookup from cmd and got 5.105.90.231
#
IanVellosa that's my ipaddress
#
gRegor` Looks like CA doesn't have it yet: https://www.whatsmydns.net/#A/vellosa.com
#
IanVellosa I've had the same address for months, so it's a little anoying, but thanks for that link, makes it interesting again
#
bear I would use something like freendns or dnsimple then
#
bear they both have fast zone updates (because of their size)
#
IanVellosa thanks all for the help, I'll go off investigating again (tomorrow)
#
@joshlevinson RT @jeremyfelt: WordPress is funded by me. RT @zamoose: OH COME ON. https://gigaom.com/2014/09/11/indieweb-advocates-launch-known-so-bloggers-can-be-social-and-still-control-their-content/ https://twitter.com/zamoose/status/511982208064978944/photo/1 (twitter.com/_/status/511990030488047616)
glennjones joined the channel
#
gRegor` I don't get the WordPress disclaimer reactions ^
Pea1 joined the channel
#
kylewm gRegor`: his comment clarifies somewhat https://gigaom.com/2014/09/11/indieweb-advocates-launch-known-so-bloggers-can-be-social-and-still-control-their-content/#comment-1483793
#
aaronpk they're complaining that journalists write "Wordpress is funded by" rather than "Automattic is funded by"
Mark87 joined the channel
#
@portenkirchner IndieWebCampUK 2014 Hack Day Demos: HTTPS, #webactions, new & improved #indieweb sites http://tantek.com/2014/259/b1/indiewebcampuk-hack-day-https-webactions (twitter.com/_/status/511995093193351169)
wolftune and brianloveswords joined the channel
#
KartikPrabhu gRegor`: re /Getting_Started revision: maybe this "Connect with indieweb experts and pioneers in our chat room" could be changed to suggest "people who have already set indieweb up" or something instead of "experts and pioneers"
#
gRegor` Yeah, good idea. That line didn't sit great with me
Pierre-O joined the channel
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (-8) "/* Connect */" (view diff)
#
gRegor` "Connect with other indieweb people in our chat room"
paulcp joined the channel
#
KartikPrabhu yeah better. but there might be a need to suggest that chat room people have experience with this already
#
reedstrm well, lots of us newbies recently ... :-)
#
GWG KartikPrabhu: I use a cheap VPS for dev work
#
KartikPrabhu reedstrm: yup! but you did come here under the impression that someone knows what they're doing right? :)
glennjones_ joined the channel
#
bret i love signing into stack exchange with indieauth
#
kylewm reedstrm: you should add yourself to http://indiewebcamp.com/irc-people :)
#
reedstrm Yup. Agreed
#
reedstrm Gee, I sign in for 3 days in a row, and suddenly I'm part of the crowd! Cool!
#
Mark87 reedstrm++
#
Loqi reedstrm has 2 karma
#
rascul you came back twice, now you're stuck with us
paulcp joined the channel
#
reedstrm heck, I even authenticated against the wiki, so I _can_ edit it. I'll do it tonight.
#
kylewm you too Mark87!
#
jonnybarnes youve scared them away kylewm
#
kylewm lol, certainly seems that way
#
GWG What's going on?
techlifeweb joined the channel
#
GWG Hello techlifeweb
techlifeweb joined the channel
#
techlifeweb hi GWG
#
GWG What is new?
#
Loqi Welcome to news about the IndieWeb where recent notable articles about the IndieWeb are cited and linked to keep you up to date http://indiewebcamp.com/new
#
GWG That was unexpected
#
techlifeweb Not too much.
#
bret ohh we need to get that gigaom article up there
lukebrooker joined the channel
#
techlifeweb.com edited /Posts_about_the_IndieWeb (+241) "/* 2014 */" (view diff)
#
techlifeweb There.
Mark87 and fmarier joined the channel
#
gregorlove.com edited /User:Gregorlove.com/Getting_Started (+38) "/* Connect */" (view diff)
KartikPrabhu, chrissaad, alexhartley, paulcp_ and moizsyed joined the channel
#
bret yay distributed social networking with strangers on the internet: http://bret.io/2014/09/16/lazyweb-how-can-i-c/
alexhart_ joined the channel
#
gRegor` Interesting use of a second twitter syndication link for the updated note, bret.
#
mko I like it.
#
bret pretty much freeformed that one
#
mko bret++
#
Loqi bret has 24 karma
#
bret :)
#
bret need to attribute kylewm :)
barnabywalters and alexhart_ joined the channel
#
techlifeweb "yay distributed social networking with strangers on the internet" = Lazy Web. Nice
#
Loqi giggles
#
techlifeweb Loqi: you make me want to learn about irc bots
Loqi joined the channel
#
indie-visitor Anyone installed known on a godaddy shared linux hosting plan?
bitraten2 and ben_thatmust__1 joined the channel
#
barnabywalters tantek_: heads-up, there’s a typo (and -> an) here: http://tantek.com/2014/179/b1/indiewebcamp-thoughts-before-gathering#start+and+IndieWebCamp
indie-visitor_ and indie-visitor joined the channel
#
techlifeweb kylewm: guess not
#
kylewm indie-visitor: go ahead and change your name using the /nick nickname command
#
kylewm I haven't heard from anyone using godaddy specifically... someone was asking about bluehost yesterday
#
kylewm welcome, johnmorton :)
#
johnmorton Sorry haven't used irc in a looong time.
#
techlifeweb johnmorton: no worries
#
johnmorton I have known almost installed on godaddy
#
johnmorton I get a "No input file specified" error
#
johnmorton which I believe has to do with mod rewrite
#
kylewm do you know what versiona of apache and php they are running?
#
johnmorton I know it's php 5.4 trying to figure out apache version now...
#
kylewm johnmorton: honestly I don't know if the apache version matters :p
#
danlyke Okay, some choice things to say about people who tag their links "rel="alternative" rather than "rel="alternate"", or don't put semantic information in their links at all and just say "You can read <a href="/atom.xml">my RSS feed</a>" or similar, but the pages from which I could make a good guess at finding RSS and Atom that are linked as participants from http://indiewebcamp.com/irc-people are now checked for inbound links to flutterby.com, and
#
danlyke inbound links are mentioned on entries above the comments.
#
danlyke Oh, and it's 2014, people, can we just agree to use UTF-8 and scratch Latin-1 forever?
#
barnabywalters there are people in /irc-people not serving content over UTF-8? huh
#
barnabywalters maybe we can help them out
#
barnabywalters danlyke++ for bringing up webmention issues and building an alternative
#
barnabywalters …Loqi?
#
Loqi is done
#
Loqi danlyke has 1 karma
#
johnmorton kylewm: googling tells me to adjust the htaccess file, but so far no change
#
kylewm johnmorton: yeah google is where i'm at too... seeing lots of random suggestions but nothing definitive
#
kylewm maybe somebody who knows Apache better can weigh in?
chrissaad joined the channel
#
danlyke barnabywalters: I had to adjust my parser to try Latin-1 as a fallback. But part of my impetus for rewriting the Flutterby.net CMS in C++ is trying to get character set issues right. Between Apache and Perl and PostgreSQL, everything things it's an expert...
#
kylewm johnmorton: did you already try "RewriteBase /"?
alexhartley joined the channel
#
johnmorton kylewm: No. adding that after RewriteEngine On?
#
acegiak morning, all
#
kylewm johnmorton: yes but I am literally just repeating stuff I saw on stackoverflow, so it is probably dangerous and wrong ;)
techlifeweb joined the channel
#
danlyke barnabywalters: non-UTF8 in: http://caseorganic.com/ http://techlifeweb.com http://tiagopinto.pt . I'd suggest shipping them off to the reducation camps, but glass houses and stones and all...
#
johnmorton kylewm: That's pretty much what I've been doing last couple hours :) but I didn't see that one.
hober joined the channel
#
techlifeweb Im not UTF8? I'll check into it
#
barnabywalters caseorganic.com appears to be UTF8
#
barnabywalters although there have been a couple of weird character encoding glitches in p3k
#
waterpigs.co.uk edited /spam (+42) "/* See also */ linked" (view diff)
#
techlifeweb Perhaps I'm not understanding the UTF-8 issue.
#
techlifeweb All those sites have <meta charset="utf-8">
#
waterpigs.co.uk edited /DDOS (+3) "/* Webmention */" (view diff)