#indiewebcamp 2014-10-13

2014-10-13 UTC
#
tantek.com edited /Main_Page (+59) "/* IndieWebCamp */ link to full size" (view diff)
#
tantek.com moved /File:Webmention_Vouch.png to /File:2014-285-webmention-vouch-drawing.png "dated version, note drawing of [[File:2014-285-webmention-vouch-flowchart.jpg]]"
marclaporte joined the channel
#
KartikPrabhu_ ha awesome jazz hands photo
#
marclaporte Hi!
dariusdunlap joined the channel
#
KartikPrabhu_ hello
#
marclaporte I am trying to log in to indieauth.com
cmhobbs joined the channel
#
marclaporte Authenticate using one of the methods below to sign in as http://marclaporte.comError retrieving: http://marclaporte.com
#
marclaporte but I added <link rel="me" href="https://twitter.com/marclaporte" /> <link rel="me" href="https://github.com/marclaporte" /> to my source, as documented
rascul_ joined the channel
#
rascul_ On my phone
tantek_ joined the channel
#
tantek_ On the web
#
obra marclaporte: looking
#
tantek_ obra, add yourself to /irc-people ! :)
#
tantek_ (when you're done looking of course ;) )
#
tantek_ Bret - the lower left diamond has unfortunate default linebreaks which confuse the meaning
#
aaronpk_ marclaporte: your site is returning a bad Location header
#
obra it's your redirect
tantek_ joined the channel
#
aaronpk_ Location: tiki-index.php
#
tantek_ Bret - re: http://indiewebcamp.com/File:2014-285-webmention-vouch-drawing.png
#
aaronpk_ it should be Location: /tiki-index.php
#
obra if I'd known that you guys were going to tosci's..., I'd have stuck around
#
tantek_ bert - in particular, the "target & source" expression seems to bind the two together, when they're each part of separate expressions
#
tantek_ that is
#
ben_thatmust hey
#
tantek_ "does my site accept webmentions to target"
#
tantek_ AND
#
tantek_ "does source link to target"
#
tantek_ ideally there would be a line break between those two
#
s.ly edited /IRC_People (+47) "/* Nicknames */" (view diff)
#
tantek.com edited /Vouch (+292) "prepare to use Bret's cleaned up drawing instead at top of page, move photo of whiteboard to section lower down" (view diff)
#
marclaporte aaronpk_: thanks. So I tried http://marclaporte.com/Contact and I get 0 supported and verified providers were found! twitter.com/marclaporte An unknown error occurred with this provider. github.com/marclaporte An unknown error occurred with this provider.
#
aaronpk_ if you want to do that, your twitter profile would have to link to the Contact page
Pea1 joined the channel
#
aaronpk_ i think it's failing because twitter.com links to marclaporte.com which still has the bad redirect
#
tantek_ obra - no image? not even https://twitter.com/obra/profile_image ?
#
marclaporte aaronpk_: I guess I am just good at finding edge cases :-)
#
tantek_ marclaporte - but your home page is you - better to make that work
#
obra eh. not super important to me. i don't mind if others touch it, though
#
marclaporte aaronpk_ & tantek_ : so I changed the redirect from tiki-index.php to /tiki-index.php and I am now logged in. Thanks!
#
marclaporte is it worth logging a feature request / bug report to https://github.com/aaronpk/IndieAuth/issues ? Browsers are able to follow...
#
aaronpk_ yay!
#
Loqi yay!
#
tantek.com edited /Main_Page (-22) "/* IndieWebCamp */ local link" (view diff)
#
tantek.com edited /Main_Page (+22) "revert" (view diff)
#
ben_thatmust marclaporte, thats an interesting way about things, I don't think i had seen rel=me links just in the header like that
#
tantek.com edited /2014/Cambridge (+141) "/* Photos */ add links to animated and swaying versions" (view diff)
#
marclaporte.com created /Tiki_Suite (+708) "Say hello to Tiki Suite!" (view diff)
#
tantek.com edited /Main_Page (-10) "/* IndieWebCamp */ switch to swaying image for Cambridge" (view diff)
#
marclaporte.com edited /web_hosting (+17) "/* Personal Clouds */ Say hello to Tiki Suite!" (view diff)
#
Loqi [mention] http://gregorlove.com/notes/2014/10/12/2/ linked to http://indiewebcamp.com/Vouch (webmention)
#
@gRegorLove @joeld Check out Webmention with Vouch that @t has been working on: http://indiewebcamp.com/Vouch and http://www.youtube.com/ (twitter.com/_/status/521459518715084800)
#
aaronpk_ marclaporte: I suppose if browsers follow it then indieauth.com should too
#
ben_thatmust huh, I honestly cannot remember how I added google authenticator support to indieauth
#
ben_thatmust I want to remove it
#
GWG ben_thatmust: aaronpk is the only one who can tell you, I think
#
aaronpk_ hm
#
tantek.com edited /2014/Cambridge (+0) "/* Schedule */ update cleanup" (view diff)
#
aaronpk_ that is the one thing that indieauth.com provides that can't be published on your website
#
ben_thatmust i realized that since its technically 1 factor, its actually really insecure
#
aaronpk_ I don't have a way to remove it
#
aaronpk_ s/way/way for you
#
Loqi aaronpk_ meant to say: I don't have a way for you to remove it
#
gRegor` My rel-me links are only in the <head> because I haven't found a way to put them in the page contents that I like.
#
aaronpk_ ben_thatmust: it's probably just as secure as SMS auth, possibly more secure
#
tantek.com edited /2014/Cambridge/Schedule (+39) "/* Sunday, October 12, 2014 (Hack Sessions) */" (view diff)
dariusdunlap joined the channel
#
GWG aaronpk_: How many people are using the feature, I wonder?
#
GWG I know I am
#
ben_thatmust i don't use sms auth, but i'm guessing sms auth sends a time sensitive code?
#
aaronpk_ yes
#
ben_thatmust if thats the case i'd know if someone is trying to brute force iit
#
ben_thatmust google auth doesn't have any recorse for failed attepts, and its a known scheme, 6 digits
#
marclaporte so aaronpk_ & tantek_ & all: For the last decade, I have been working on what has become http://tiki.org/FLOSS+Web+Application+with+the+most+built-in+features and http://tiki.org/FLOSS+Web+Application+with+the+fastest+release+cycle
#
GWG aaronpk_: Do you have a feature to disable it after a certain number of failed attempts?
#
aaronpk_ 44 people have set up totp auth
#
aaronpk_ sorry, 93 people have set it up, 44 have used it
#
ben_thatmust so i'll just keep resubmitting some small set of 6 digit combos (as many as i can fit in the time before changes) and eventually google auth will happen upon those that i am submitting
#
aaronpk_ i'm pretty sure they factored that attack in when designing TOTP
#
aaronpk_ https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
#
tantek.com edited /Vouch (+187) "/* Flow Chart */ use image for max-width styling" (view diff)
#
marclaporte But that wasn't enough :-) so I have now pivoted to Tiki Suite: http://suite.tiki.org/Tiki+Suite a FLOSS Server, Web, Mobile and Desktop suite with 80%+ of the features all organizations need
#
@benwerd Sounds like Team #Indieweb is headed to the Thirsty Scholar, where the opening scenes of The Social Network were filmed. (twitter.com/_/status/521461623244853248)
#
marclaporte So for folks that want to manage pretty all their data on their own servers, it's a solution ready TODAY! http://suite.tiki.org/Alternative+to+Google http://suite.tiki.org/Alternative+to+Microsoft
#
marclaporte pretty -> pretty much
#
Loqi [mention] http://timowens.io/2014/micropub linked to http://indiewebcamp.com/micropub (webmention)
#
tantek.com edited /Vouch (+116) "update IRC in progress link, add FAQ section stub" (view diff)
#
ben_thatmust aaronpk_ that doesn't say anything to brute force attempts
#
ben_thatmust it still needs to be rate limited
#
ben_thatmust if a person has your login and password, brute force can still be done on two factor too, its just they have to try as many combinations as possible in the 30 second window they have.
#
Loqi [mention] http://bavatuesdays.com/im-no-doctor-of-jekyll/ linked to http://indiewebcamp.com/next-iwc (pingback)
#
marclaporte likes http://indiewebcamp.com/POSSE
#
GWG ben_thatmust: Anything can be exploited. Most security is about raising the amount of effort required
#
carmen antispam obv a good focus to any POST stuff
#
Loqi [mention] https://brid-gy.appspot.com/like/twitter/gRegorLove/521459518715084800/2019361 linked to http://indiewebcamp.com/Vouch (webmention)
#
bret tantek_: I'll fiddle with it a bit and see if I can match the justification
mdik_ joined the channel
#
@dissolve333 Had an excellent couple days at #indiewebcamp Cambridge. Bonus was a tour of the W3C offices.(btmb.me s/2k) (twitter.com/_/status/521470395514253312)
#
marclaporte.com edited /Tiki_Suite (+83) "Adding some links" (view diff)
#
gRegor` GWG: Sure, but ben's point is that indieauth should be doing rate limiting for gootle authenticator login. With the other indieauth options, they're probably already doing that on their end (Twitter, Github)
#
gRegor` s/gootle/google/
#
Loqi gRegor` meant to say: GWG: Sure, but ben's point is that indieauth should be doing rate limiting for google authenticator login. With the other indieauth options, they're probably already doing that on their end (Twitter, Github)
#
GWG gRegor`: I'm not disagreeing exactly
#
@pwcc Inspired by @adactio & others, I've started going indieweb. https://peterwilson.cc/going-indieweb/ (twitter.com/_/status/521475608979582976)
#
ben_thatmust yes, and no, i'm saying any other point you have a large possibility of password inputs, the range is much larger when you have a-zA-Z0-9, forget about if you add other characters, but here you have[0-9]{6} always. it basically makes the time factor in it irrelevent
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/gRegorLove/521459518715084800/521474917163106304 linked to http://indiewebcamp.com/Vouch (webmention)
#
ben_thatmust the reason it works so well as 2 factor auth is that it obscures your password correctness on a brute force. so if you try to brute force password, even if you get it right you have to provide a proper TOTP, so (properly implemented) you don't know if you guessed the password correctly or the TOTP failed
#
ben_thatmust the search space becomes huge
chrissaad joined the channel
#
marclaporte.com edited /projects (+273) "Manage pretty much all your content with Tiki Suite!" (view diff)
#
GWG ben_thatmust: Then your bigger argument goes back to the fact that nothing 'on your site' related to the TOTP code.
#
ben_thatmust thats a problem as well
#
timowens.io edited /Facebook (+106) "/* Articles */" (view diff)
#
ben_thatmust but security-wise you should never use TOTP as a single factor auth
#
marclaporte aaronpk: for the record: https://github.com/aaronpk/IndieAuth/issues/73
#
Loqi [mention] https://peterwilson.cc/going-indieweb/ linked to http://indiewebcamp.com/Principles (webmention)
#
@kevinmarks @johncappiello known has the Indieweb protocols built in, they can be added to other CMSs, but it is more work. (twitter.com/_/status/521479233621614593)
alexhartley, tantek and mlncn joined the channel
#
ben_thatmust so this got mentioned off the cuff after my demo. But currently (and mainly for proof of concept) I am only pulling my vouch suggentions for my site
#
ben_thatmust but suppose we did some sort of published endpoint for where to look up a vouch
paulfitz joined the channel
#
marclaporte feels nostagic and hopeful as he replaced <link rel="openid.delegate" href="http://marclaporte.myopenid.com/"/> by <link rel="me" href="https://github.com/marclaporte" /> today...
#
tantek.com edited /2014/Cambridge (+184) "/* Photos */ add day 1 schedule" (view diff)
#
marclaporte hahahahah: http://indiewebcamp.com/File:iwc-cambridge-sway.gif (good one!)
#
tantek marclaporte++ for making the jump from openid to indieauth!
#
Loqi marclaporte has 1 karma
#
tantek marclaporte: and now that you've done that, see: http://indiewebcamp.com/IndieAuth#Use_IndieAuth_for_your_OpenID
#
@pwcc @schnarfed Ta. I've just hit the switch to get started. https://peterwilson.cc/going-indieweb/ (twitter.com/_/status/521483006154788865)
#
@t #IndieWebCamp Cambridge hack day: * webmention with vouch receive flow chart * #indiecomms conditional Facetime button (ttk.me t4Ya2) (twitter.com/_/status/521483269498744832)
#
marclaporte.com created /User:Marclaporte.com (+115) "first version" (view diff)
#
marclaporte tantek: oh cool. Done!!
snarfed and chrissaad joined the channel
#
marclaporte yay, I can sign in to http://alternativeto.net/again!
#
Loqi giggles
#
tantek be sure to activate 2-factor auth on github for even more secure goodness
#
mattl are people still out for dinner, or did i miss that?
#
mattl and who wants to get a drink? :)
#
tantek mattl - we're hacking on webmention with vouch at The Lord Hobo
#
mattl tantek: let me see if i can get over there. If we ever do a IndieWebCamp Boston, I swear I'll be better at it.
#
rascul mattl you're in the area?
#
mattl i am. well, i'm in Boston.
#
rascul well we just had a seat open up!
#
GWG mattl: I saw you on the feed, I thought, yesterday
#
ben_thatmust so when is the next IWC Cambridge?
#
mattl i just asked my watch to get me a car. i'll be there in a bit.
#
ben_thatmust haha
#
GWG Or maybe I'm misremembering what you look like
#
GWG When is the next IWC anywhere?
#
marclaporte http://indiewebcamp.com/site-deaths is awesome! (sad, but awesome)
#
marclaporte now has 2fa activated on Github as per tantek's advice
#
mattl GWG: I was there for a bit. I am just not good at weekends.
#
ben_thatmust GWG, dunno, none are listed
#
carmen georgetown has a conference on rot coming up
#
GWG mattl: I would have come up if it wasn't a bad weekend for me
#
tantek marclaporte, congratulations, now you have 2fa indieauth and openid, which IMO, is pretty fricking awesome.
#
GWG Wasn't someone trying for a DC area IWC?
gr0k joined the channel
#
GWG And I'm always in favor of an NYC event again
#
mattl I go to Europe on Tuesday.
#
tantek GWG, JeremyZilar wants to do another NYC event in November - please reach out to him and help coordinate!
#
GWG mattl: You do? Where?
#
mattl Not Wednesday like I thought
#
GWG tantek: I'd love to. I never hear from him.
#
rascul GWG there was some talk of a dc indiewebcamp
#
marclaporte tantek: :-)
#
GWG rascul: I said that
#
rascul oh
#
GWG I have an Uncle down there. I'd go see him.
#
ben_thatmust When our house is done I'll host IWC Attleboro MA
#
ben_thatmust lol
#
GWG ben_thatmust: I heard the train doesn't run till noon.
#
rascul i live not far from dc, 3 hour drive maybe
#
GWG mattl: Where are you going?
#
rascul well, 1.5 hours to gaithersburg then take the metro
#
mattl I'm in Amsterdam, bristol, Exeter, London, Nottingham, York, Leeds, Manchester...
#
GWG mattl: Sounds fun. I'll be in Belfast and Dublin.
#
mattl spread the word: shove talksaboutstuff.com at people, GWG
gr0k joined the channel
#
mattl tantek: on my way.
#
GWG mattl: Sounds interesting
#
marclaporte So when I was writing up http://suite.tiki.org/Alternative+to+Google, I used http://en.wikipedia.org/wiki/List_of_Google_products and I was suprised by the large number of items in the "Discontinued products and services" section!
#
GWG tantek: His gmail address?
#
marclaporte.com edited /site-deaths (+90) "/* Related */" (view diff)
#
ben_thatmust wonders if he can find enough locals for IWC Providence
#
GWG ben_thatmust: IWC NYC had six I think. If you can find 6 people willing to hang out in Providence...
#
carmen i'l come down
#
carmen cambridge drive sme insane. too much "creative" class expensive whitepoeple shit ;)
#
mattl Me too.
#
mattl carmen: I'm kinda in that same place w Cambridge
#
carmen donuts here in Weymouth are 80 cents. in somervile theyre $3.75
tantek joined the channel
#
ben_thatmust yeah, providence tends to be pretty accessable
#
carmen if you have a good reason to be there. lke you work @ W3C, i can see making the trip in. obviously cambridge does a lot of cool stuff
#
ben_thatmust Maybe AS220 could host
#
carmen Angus Davis.. who sold one of his startups to MSFT for like $900 mllion.. is doing things down in PVD
#
tantek what is PVD?
#
Loqi It looks like we don't have a page for "PVD" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=PVD
#
carmen a lot of the 80s/90s era providence loft squat stuff burned down or was turned into condos
#
carmen airport code for providence
#
marclaporte.com edited /site-deaths (+74) "Adding Techcrunch deadpool and Reddit shutdown" (view diff)
#
@mlncn Here's a vagrant setup - https://github.com/mlncn/known-vagrant - for Known - see http://withknown.com - @indiewebcamp #indiewebcamp (twitter.com/_/status/521490891731525632)
#
marclaporte confirms that openid via indieauth worked beautifully for http://alternativeto.net/ !
fmarier joined the channel
#
tantek.com edited /Vouch (+1274) "/* How can a sender find a vouch link */ document my answer from IRC http://indiewebcamp.com/irc/2014-09-28#t1411932421458" (view diff)
#
KartikPrabhu_ marclaporte++ for moving to indieauth
#
Loqi marclaporte has 2 karma
mlncn joined the channel
#
bret marclaporte: and you can use indieauth as an openID provider for legacy support!
#
bret so for logging into pypi or stack exchange
alexhartley joined the channel
#
@crema @kartik_prabhu Thank you! I have read your article and found the website of @indiewebcamp . It's really interesting! So I wrote an article (twitter.com/_/status/521495074224349184)
#
tantek.com edited /Vouch (+680) ""How do I verify a vouch" per http://indiewebcamp.com/irc/2014-09-28#t1411940929687" (view diff)
tantek_1, tantek__ and joshwnj joined the channel
#
tantek__ waits
#
tantek__ for bret to catch up on the logs :)
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/kartik_prabhu/521438677197537280/521495074224349184 linked to http://indiewebcamp.com/discuss (webmention)
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/kartik_prabhu/521438677197537280/521495956009664514 linked to http://indiewebcamp.com/discuss (webmention)
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/kartik_prabhu/521438677197537280/521495369767600128 linked to http://indiewebcamp.com/discuss (webmention)
#
tantek__ marclaporte - now add yourself to http://indiewebcamp.com/irc-people
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/kartik_prabhu/521438677197537280/521495287349534720 linked to http://indiewebcamp.com/discuss (webmention)
gr0k and caseorganic joined the channel
#
marclaporte.com edited /IRC_People (+60) "MarcLaporte now on IRC_People" (view diff)
caseorganic joined the channel
#
tantek.com edited /Vouch (+953) "document Protocol Summary based on original IRC with some details since, discussed at IndieWebCamp Cambridge. add FAQ re: Is a vouch saying "you may know me from…"" (view diff)
#
aaronpk_ question: is this a reasonable regex to check if one web page links to another? /<a[^>]+href=[\'"]([^\"\']+)[\'"]/
#
aaronpk_ or should I follow the age old advice of never parse HTML with regex
#
marclaporte bret: yup, really cool! And a lot easier than hosting https://simplesamlphp.org/ :-)
#
Loqi [mention] https://brid-gy.appspot.com/comment/twitter/kartik_prabhu/521438677197537280/521501210126192640 linked to http://indiewebcamp.com/discuss (webmention)
#
aaronpk_ i like how that site has a bloody heart as the first thing you see
#
tantek__ lol at "simplesaml"! Seriously? Seriously?!?
#
aaronpk_ hey if someone can make saml simple for me then more power to them
#
aaronpk_ the less i have to think about that the better
#
tantek.com edited /Vouch (+53) "/* FAQ */ tweak per http://indiewebcamp.com/irc/2014-09-28#t1411943592281" (view diff)
#
KartikPrabhu_ what is saml?
#
Loqi It looks like we don't have a page for "saml" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=saml
gr0k joined the channel
#
GWG I'm thinking about contexts again
#
KartikPrabhu_ tantek__: you win! I've started getting spam likes on Twitter :-(
#
aaronpk_ tantek__: this feels kludgy but it might have to do for now: no_link_from_vouch_to_source
#
KartikPrabhu_ have thought about how to use vouch for bridgy backfeeds?
#
GWG Why is context not a page, but reply-context is?
#
KartikPrabhu_ gwg start one if you have a definition
#
GWG KartikPrabhu_: Well, a reply-context, a like-context, etc...have definitions, why shouldn't the broader term?
#
KartikPrabhu_ because it is broad
#
marclaporte.com edited /IRC_People (+80) "Adding an avatar" (view diff)
#
emmak aaronpk_: why not use an xml parser instead of regex?
#
KartikPrabhu_ gwg if defining context is useful to you then do it
#
aaronpk_ cause...cause..
#
aaronpk_ hard?
#
aaronpk_ i dunno, regex is like one line
#
emmak its only a few lines: https://github.com/notenoughneon/neonblog/blob/master/lib/common.php#L124
#
GWG KartikPrabhu_: I'll give it a shot. Someone will edit it
#
aaronpk_ emmak: that is pretty good!!
#
aaronpk_ what happens on not-quite-xml-html?
#
aaronpk_ s/-html/ html/
#
Loqi aaronpk_ meant to say: what happens on not-quite-xml html?
#
emmak i'm not sure, it depends how lenient the xml parser is
#
tantek.com edited /Vouch (+453) "add FAQ: Must I trust voucher knows source" (view diff)
#
emmak i don't think it has to be strict "xhtml" to work
#
aaronpk_ yeah the method is "loadHTML" which suggests it's somewhat lenient
#
aaronpk_ "The function parses the HTML contained in the string source. Unlike loading XML, HTML does not have to be well-formed to load."
#
aaronpk_ http://us1.php.net/manual/en/domdocument.loadhtml.php
#
tantek.com edited /Vouch (+0) "/* In Progress */ update IRC" (view diff)
#
aaronpk_ OK I AM STEALING YOUR LINKSTO FUNCTION THANKS
snarfed joined the channel
#
emmak glad to help :)
#
aaronpk_ checks the license
#
david.shanske.com created /contexts (+237) "Another Page" (view diff)
#
david.shanske.com edited /contexts (+1) (view diff)
#
tantek.com edited /Vouch (+231) "/* FAQ */ what about Twitter?" (view diff)
#
aaronpk_ apache license!
#
tantek.com edited /Vouch (+448) "/* FAQ */ Must I always send a vouch per http://indiewebcamp.com/irc/2014-09-28#t1411944176964 ? No." (view diff)
#
marclaporte.com edited /site-deaths (+278) "/* 2013 */ GeoURL 503 Service Unavailable" (view diff)
#
marclaporte.com edited /site-deaths (+55) (view diff)
#
aaronpk_ man so many changes to my webmention endpoint and I have no automated tests for this
#
tantek.com edited /Vouch (+568) "FAQ: Can a vouch apply to shared membership http://indiewebcamp.com/irc/2014-09-28#t1411945537111" (view diff)
#
tantek.com edited /Vouch (+379) "/* How can a sender find a vouch link */ more from http://indiewebcamp.com/irc/2014-09-28#t1411945654037" (view diff)
#
tantek.com edited /Vouch (+253) "/* How can a sender find a vouch link */ more from http://indiewebcamp.com/irc/2014-09-28#t1411945707835" (view diff)
#
tantek.com edited /Vouch (+281) "/* FAQ */ Is the vouch a sponsor - http://indiewebcamp.com/irc/2014-09-28#t1411945798623" (view diff)
#
shaners aaronpk_ Nokogiri in Rubyland provides you similar functionality if you ever find yourself needing to do similar thing for indieauth or whatever.
#
tantek.com edited /Vouch (+757) "/* FAQ */ Does vouch make all webmentions manual, Does vouch make it too hard to send webmentions - http://indiewebcamp.com/irc/2014-09-28#t1411945993535" (view diff)
#
tantek.com edited /Vouch (+0) "/* In Progress */ note in progress IRC permalinks http://indiewebcamp.com/irc/2014-09-28#t1411946065283" (view diff)
caseorganic joined the channel
#
aaronpk_ shaners: yes I have used nokogiri quite a bit! it's great
#
shaners aaronpk grool
#
tantek.com edited /Vouch (+327) "/* Design Considerations */ Zero moderation - http://indiewebcamp.com/irc/2014-09-28#t1411946594810" (view diff)
chrissaad joined the channel
#
tantek.com edited /Vouch (+71) "/* In Progress */ current log processing cursor" (view diff)
#
tantek__ ok I'm done processing Vouch braindump backlog for tonight. Made pretty good progress.
#
@cstanhope RT @benwerd: Yes, you can build great products without spying on users. #indieweb http://werd.io/2014/yes-you-can-build-great-products-without-spying-on-users (twitter.com/_/status/521519972523057152)
glennjones joined the channel
#
Loqi [mention] https://brid-gy.appspot.com/like/twitter/gRegorLove/521459518715084800/11628 linked to http://indiewebcamp.com/Vouch (webmention)
#
daf aaronpk_: that regex probably matches some things you wouldn't want it to
#
daf aaronpk_: like any tag that begins with 'a'
#
daf aaronpk_: since you only care about the opening tag, a SAX-type parser would probably be easy to use
#
daf aaronpk_: OTOH, it's not clearly exploitable given that any third party incliuded content is probably reasonably scrubbed
#
daf aaronpk_: and maybe adding a few \b or \< (depending on regex variant) would be good enough to close any loopholes
rascul_ joined the channel
#
shaners daf: I'm pretty sure that aaronpk went with emmak's function from neonblog.
fmarier and j12t joined the channel
#
daf ah nice
#
daf yeah, there ought to be no excuse for using a real parser these days :)
aaronpk_1 joined the channel
#
aaronpk_1 Yeah I realized pretty quick that a trivial way to hack that is to make a plain text comment that has the text of something that looks like <a href...
#
aaronpk_1 So thanks emmak for the short verify code
wolftune joined the channel
#
@HongPong RT @aaronpk: "No no no, you *railed* it!" - @obra to @benwerd after solving the issue in the first 30 seconds. #indiewebcamp (http://t.co/q… (twitter.com/_/status/521530473067991040)
#
daf obra: interested to see what your cordova code looks like
#
obra https://github.com/obra/known_client
#
daf obra: such boilerplate
#
obra yay apps
#
Loqi :D
#
kylewm obra: is it specific to known, or might it work for any site with web action handler urls?
#
obra oh, it's just a tiny shim to turn android share intents into window.location.href
#
kylewm awesome, that's exactly what i want it to do :)
KartikPrabhu_ joined the channel
#
daf obra: hmm, so it opens a web browser at a location that allows you to share whatever it is with Known?
tantek, j12t and glennjones_ joined the channel
#
obra yes
alexhartley and dariusdunlap joined the channel
#
shaners is anyone auto embedding flickr photos from flickr.com urls in notes? tantek__ aaronpk
#
kylewm shaners: I bet mko does, but I can't find an example
#
kylewm (basing that theory on his general support for oembed)
stream7, lukebrooker, Jihaisse, Pierre-O and cweiske joined the channel
#
Loqi [mention] https://brid-gy.appspot.com/like/twitter/kartik_prabhu/521438677197537280/11628 linked to http://indiewebcamp.com/discuss (webmention)
#
Loqi [mention] https://brid-gy.appspot.com/like/twitter/kartik_prabhu/521438677197537280/3322301 linked to http://indiewebcamp.com/discuss (webmention)
dariusdunlap, ShaneHudson, stream7, alexhartley and eburcat joined the channel
#
@MicropubInfo 4 likes: Demoed my #micropub app for #pebble which I've been using to track food & drink on my website. ... mi... https://www.google.com/url?rct=j&sa=t&url=http://aaronparecki.com/notes/2014/10/12/4/micropub-pebble-indiewebcamp&ct=ga&cd=CAIyHDNlNjg4ODQzODIxNzA0ZmU6Y28udWs6ZW46R0I&usg=AFQjCNGhjNeoF9BVvlSorwkgYtSoBRTmzw&utm_source=twitterfeed&utm_medium=twitter (twitter.com/_/status/521559324129107968)
eschnou, loic_m__, j12t, kensanata, dariusdunlap, alexhartley, lukebrooker, krendil, caseorganic, stream7, petermolnar, glennjones, glennjones_, csarven, LauraJ, JohnDuh, Pierre-O, jonnybarnes, adactio and ShaneHudson joined the channel
#
@realHermitian Decentralized computing http://blogs.wsj.com/accelerators/2014/10/10/weekend-read-the-imminent-decentralized-computing-revolution/ #indieweb #MeshofThings (twitter.com/_/status/521625423919468545)
lukebrooker, erlehmann, tfontaine, mlncn, dariusdunlap and j12t joined the channel
#
@BillSeitz FreePress is guaranteed only to those who own one. #IndieWeb https://gigaom.com/2014/10/08/for-better-or-worse-twitter-and-facebook-are-the-guardians-of-free-speech-now/ (twitter.com/_/status/521645948791824384)
Pierre-O, jeckman, lukebrooker, KartikPrabhu_ and alexhartley joined the channel
#
@imarshut #Indiemark #Indieweb #Indiewebcamp https://www.marshut.net/kpyhtq/indieweb-indiemark.html IndieWeb & IndieMark (twitter.com/_/status/521652096886509568)
ben_thatmust__, lukebrooker, caseorganic, alexhartley, lukebrooker_, Erkan_Yilmaz, dariusdunlap, adactio, ShaneHudson and KartikPrabhu_ joined the channel
#
aaronpk_ ben_thatmust: i'm pretty excited to grep my access log to build the initial cache of potential vouch URLs
#
aaronpk_ then I realized I have 4gb of access logs because I never set up logrotate
#
Loqi [mention] http://haverholm.com/2014/10/13/psa/ linked to http://indiewebcamp.com (webmention)
#
petermolnar 4G log is not that bad, I ended up with .xsession-errors being 52G once :D
lukebrooker_ and KartikPrabhu_ joined the channel
#
ben_thatmustbeme aaronpk_ haha, well, grep is fine handling large files, though i'd use sed |sort|uniq personally
#
ben_thatmustbeme might take some time
#
aaronpk_ i've got time
#
ben_thatmustbeme so i was looking at the specs for 449 on the train in this morning
#
ben_thatmustbeme there are some more involved bits
#
ben_thatmustbeme there is a header that should be set on retry and if received should never return 449
#
aaronpk_ where did you find that?
#
aaronpk_ I was having trouble finding any actual technical docs
#
ben_thatmustbeme i'll find the link for you in a sec
#
ben_thatmustbeme and also based on the description, we should in theory set it on source or target missing as well
#
ben_thatmustbeme and finally the flow chart never checks that vouch is a valid URL either
#
aaronpk_ right now source or target missing is just a 400
#
aaronpk_ which I think is fine
#
aaronpk_ "bad request"
#
aaronpk_ oh yeah I mentioned that to tantek and he said it was implicitly in the vouch approval algorithm
#
aaronpk_ like you can't approve a vouch if it's an invalid URL
#
ben_thatmustbeme http://msdn.microsoft.com/en-us/library/dd891284.aspx
#
ben_thatmustbeme if thats the case the its implicit in source approval algo too
#
ben_thatmustbeme and the first step only needs test that target is valid url
#
aaronpk_ that's true
thierrymarianne joined the channel
#
aaronpk_ hm, I don't see a reason why we'd need to include the echo request/reply stuff
#
aaronpk_ also according to the algorithm, if a vouch is provided, the server would never return 449 anyway
#
ben_thatmustbeme I think it might just be some specific on preventing it retrying over and over
#
ben_thatmustbeme idea being "if its a retry, never tell it to retry again"
#
ben_thatmustbeme s/never/don't/
#
Loqi ben_thatmustbeme meant to say: idea being "if its a retry, don't tell it to retry again"
#
aaronpk_ yeah, but that would never happen anyway
KartikPrabhu_ joined the channel
#
ben_thatmustbeme well, we are talking microsoft products :)
alexhartley and brianloveswords joined the channel
#
ben_thatmustbeme i was trying to figure out if that ms-echo-reply actually is a good way to tell the client what fields are missing though
#
ben_thatmustbeme http://msdn.microsoft.com/en-us/library/dd891433.aspx
#
ben_thatmustbeme as it shows some feild-value should be included
#
ben_thatmustbeme thats as far as i got
#
aaronpk_ heh "The field value of the Ms-Echo-Request header is opaque. Its value MUST NOT be examined by the client..."
#
aaronpk_ the client is just supposde to echo that back
#
ben_thatmustbeme ahh
#
ben_thatmustbeme i will still include the list of values that should be set as Reply With source, targer, vouch at least if someone hits the error they can dump the headers and find out what they are missing
#
aaronpk_ yeah I put that in the response body
#
aaronpk_ i don't think you should return 449 for missing source or target tho
#
aaronpk_ 449 is explicitly for retry with vouch
#
aaronpk_ missing source or target is already defined by webmention as 400
lukebrooker joined the channel
#
ben_thatmustbeme yeah
#
ben_thatmustbeme i think i have also given up the idea on having my vouch search point published. It would be cool to have that as you could look for vouches from any micropub client, but that also exposes an awful lot, especially since it does curls from the request
#
aaronpk_ yeah I think that's ok
j12t joined the channel
#
ben_thatmustbeme oh and the search through your access logs isn't what will take a long time, validating that they are all good will
#
mlncn http://industry-lab.com/ is the coworking space in Cambridge i am at if any holdovers from IndieWebCamp want to come by
#
ben_thatmustbeme mlncn, i'm at work just across the river
#
aaronpk_ and I now have a database cache of all outbound domains in my posts so my vouch approval algorithm went from 3 seconds grep to milliseconds DB query
#
ben_thatmustbeme avoids conversation of db vs flat file :D
#
aaronpk_ I said database cache :D
#
ben_thatmustbeme I really need to add some test framework to my code base, opencart never came with any
gRegor`, willowbl00, lukebrooker_ and Garbee joined the channel
#
gRegor` Morning, indieweb
willowbl00 and JohnDuh joined the channel
#
ben_thatmustbeme morning gregor
chalettu, caseorganic, lukebrooker and mlncn joined the channel
#
gRegor` Interesting idea from @joeld https://twitter.com/joeld/status/521474917163106304
#
@joeld @gRegorLove @t That's a fantastic idea. We could just put <link rel="vouch" src="vouch.txt" />. Text file contains one approved site/line… (twitter.com/_/status/521474917163106304)
#
gRegor` I think he means publishing a list of the domains we trust to vouch? Not sure if that would cause problems or not
caseorganic joined the channel
#
gRegor` Would make it easier for sender to find a vouch URL in common by limiting it to those domains.
#
ben_thatmustbeme it would make it much easier on the sender for sure
#
gRegor` I guess it would cause problems if you accidentally had a domain listed that should have been rel-nofollow, and a spammer could easily create an account on that site.
adactio joined the channel
#
ben_thatmustbeme yes, but it also means you you have an easy way to review that list
#
ben_thatmustbeme and remove as needed
#
gRegor` True
#
ben_thatmustbeme in fact i'd just do it as a page on my site that just didn't include header info, that way i can test if is_site_owner and display needed remove/block links
#
ben_thatmustbeme and no chance of any of the header or footer messing up the list
#
ben_thatmustbeme is why no header i mean
#
ben_thatmustbeme for example my footer contains menus which show recents, etc
#
gRegor` I might alter the vouch checking to not just be the domain, but anything below a certain path. So that way I could allow a vouch from @t but not @twitterspammer
#
gRegor` Ah, right
rascul_ joined the channel
#
gRegor` XVN: XHTML Vouch Network
eburcat_ joined the channel
#
ben_thatmustbeme i need a method to week bad links out already from possible vouch list for myself, I have received referrer entries from t.co and indieauth.com
#
ben_thatmustbeme at which my example with adactio started to show indieauth as a suggested vouch
#
rascul_ My sister really likes her known site i setup for her :)
#
ben_thatmustbeme rascul_ excellent
#
ben_thatmustbeme i'm going to try setting one up for my wife soon
#
rascul_ Now my sister's site is more functional than mine...
#
ben_thatmustbeme ugh, I need to basically store regex for any sites i want to black list from vouch use (e.g. indieauth.com) since some i may have to do all subdomains and some not
wolftune joined the channel
#
marclaporte.com edited /principles (-4) "typo" (view diff)
#
cweiske why regex?
#
ben_thatmustbeme hmm, or maybe not
#
ben_thatmustbeme block t.co i don't want to blog bat.com, if just straight equals, I do want to block www.t.co
#
ben_thatmustbeme i think i can just normalize to no subdomain = *.t.co
#
ben_thatmustbeme which should save me a lot of trouble actually
#
gRegor` Is this in PHP, ben?
#
ben_thatmustbeme yeah
#
gRegor` if ( parse_url($url, PHP_URL_HOST) == 't.co' )
#
cweiske this does not match subdomains
#
gRegor` Presuming you don't want to allow subdomains of anything you've blocked
#
ben_thatmustbeme thats the bit, I want that to be optional
#
ben_thatmustbeme i'll just add a flag for "all subdomains" or not
#
ben_thatmustbeme i knew about the function, swear i did .... *goes to do some quick changes*
#
gRegor` Oops, need to entity encode. ">^..^<" didn't cross-post to twitter correctly.
#
gRegor` Heh, I only discovered that function in the last six months. I felt silly.
#
ben_thatmustbeme well i know of parse_url, i didn't know the passing PHP_URL_HOST bit
#
ben_thatmustbeme plus i tend to shy away from "parse_<noun>" if i'm just doing a quick check of something
#
ben_thatmustbeme annoyingly parse_url requires https?:// at the beginning
Pierre-O, willowbl00, reedstrm, caseorganic, snarfed and loic_m joined the channel
#
@anomalily Pretty cool to see this as the login on the front page of my wordpress login #indieauth #indieweb https://twitter.com/anomalily/status/521686069205426177/photo/1 (twitter.com/_/status/521686069205426177)
#
ben_thatmustbeme damn, it needs to be some sort of specific mask
#
marclaporte.com created /OpenHub (+400) "Created page with "The Black Duck Open Hub (formerly Ohloh.net) is an online community and public directory of free and open source software (FOSS), offering analytics and search services for disco..."" (view diff)
#
ben_thatmustbeme or i'd say all subdomains of co.uk by accident at some point
#
marclaporte.com edited /Tiki_Suite (+747) (view diff)
#
marclaporte.com edited /Tiki_Suite (+1) "https is better" (view diff)
eburcat and lukebrooker_ joined the channel
#
marclaporte.com edited /OpenHub (+103) "Please add any missing tags for protocols:" (view diff)
#
marclaporte.com edited /OpenHub (+2) "/* Todo */ line break" (view diff)
KevinMarks joined the channel
#
marclaporte.com edited /OpenHub (+47) (view diff)
KartikPrabhu_, ShaneHudson, paulfitz, chrissaad, davidmead, tilgovi, lmorchard and lukebrooker joined the channel
#
kylewm.com edited /Known (+210) "/* Setup Known on nginx */ add my attempt at a nginx configuration" (view diff)
gavinc joined the channel
#
ben_thatmustbeme worked that out, much better now https://github.com/dissolve/openblog/blob/master/blog/model/webmention/vouch.php
#
ben_thatmustbeme recordReferer, that is, just break it up by . and keep pulling off subdomains, if I ever hit, i discard the referer
tilgovi_ and mko joined the channel
#
ben_thatmustbeme well damn, major problem for my set up, is how to send vouches for multiple people at the same time
#
ben_thatmustbeme if I reference more than one person, i only have a vouch for one (with my implementation)
#
reedstrm ben_thatmustbe - noun that verb! (sounds like a couch w/ a middle-european accent ...)
friedcell joined the channel
#
ShaneHudson what is znc
#
Loqi It looks like we don't have a page for "znc" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=znc
lukebrooker_ and thierrymarianne joined the channel
#
reedstrm catching up on the weekend irc logs - sat. in Cambridge sounds like it was an awesome meeting! I reaaally need to spend some deep thinking time on how indiewebcamp, peer collaboration, and OER (openstax flavored) all fit together ...
#
reedstrm The UWM 'give every student a domain' thing ++
#
reedstrm tantek++ for live-ircing the demos
#
Loqi tantek has 98 karma
Pea1 and tfontaine joined the channel
#
reedstrm re: un-meeting org - sounds like 'start with demos, then schedule' is a good way to get over various common problems w/ 'schedule as very first thing'
#
gRegor` reedstrm: There's a youtube archive of the demos too
#
gRegor` And the sessions in the main room: http://indiewebcamp.com/2014/Cambridge/Live
j12t and reedstrm joined the channel
#
reedstrm gRegor`: yup, figured that out from the chatlog, though I'm much more of a reader/skimmer than a vid-watcher.
#
reedstrm hates it when the only doco for some setup is a video ...
chalettu joined the channel
#
waterpigs.co.uk edited /silo (+66) "/* Perspectives */ added obligatory xkcd" (view diff)
friedcell joined the channel
#
ben_thatmustbeme aaronpk_ you might want to ignore homepages too or do something smart to find the permalink, if those end up in my vouches it could pretty much mean plenty of invalid vouches going out
Pierre-O, j12t, loic_m_, danlyke and thierrymarianne1 joined the channel
#
ben_thatmustbeme huh, additionally https -> http url drops the referrer (probably because i redirect immediately to https
alexhartley joined the channel
#
@OnTheWebz RT @t: #IndieWebCamp Cambridge hack day: * webmention with vouch receive flow chart * #indiecomms conditional Facetime button (ttk.me t4Ya2) (twitter.com/_/status/521711551707750400)
lukebrooker and eburcat joined the channel
#
ben_thatmustbeme what is exppad
#
Loqi It looks like we don't have a page for "exppad" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=exppad
#
kylewm who is eliemichel?
#
Loqi https://indiewebcamp.com/User:Exppad.com
sammachin joined the channel
#
ben_thatmustbeme well i have my ahh
lukebrooker and dariusdunlap_ joined the channel
#
ben_thatmustbeme eep
#
ben_thatmustbeme my vouch table set up
eburcat joined the channel
#
ben_thatmustbeme just uning google analytics table and my webmentions table for all the history
lukebrooker, ShaneHudson and brianloveswords joined the channel
#
ShaneHudson Ok, I think I've got my ZNC bouncer set up properly now :)
jet__ joined the channel
#
@kevinmarks RT @anomalily: Pretty cool to see this as the login on the front page of my wordpress login #indieauth #indieweb https://twitter.com/anomalily/status/521686069205426177/photo/1 (twitter.com/_/status/521718098965983232)
#
ben_thatmustbeme nevermind about the redirect, http->https just as long as you use 301 not 302, referrer is sent
cweiske joined the channel
#
reedstrm oh, never noticed that diff for 301 vs. 302. What browsers have you tested this against? Doesn't seem to be specified in the relevant specs ...
#
gRegor` 301/302 preserving referrer depends on the browser, I believe.
KartikPrabhu_ joined the channel
#
gRegor` Brief searching seems to indicate the RFCs don't specify referrer behavior for 301/302
#
PMurphs uh
#
PMurphs one is like permanent and the other one is temporary
#
ben_thatmustbeme from what i saw, 301 is reliable, 302 is not
#
gRegor` We're talking about the HTTP Referer header and whether it's preserrved
#
PMurphs oh I thought this was a different channel
#
PMurphs yeah
#
PMurphs I realized that this was more technical than I could regurgitate like right after I hit enter
#
gRegor` ben_thatmustbeme: Yeah, that's what I'm seeing as I dig into it more
#
ben_thatmustbeme either way, i changed it, i redirect http->https with 301 now
#
gRegor` That spelling of "referer" always bugs me. Don't know why they didn't just fix it.
#
ben_thatmustbeme nods
#
ben_thatmustbeme i always start second guessing myself or i forget that its misspelled and start always misspelling it
lukebrooker and alexhartley joined the channel
#
reedstrm agrees
lukebrooker and tfontaine joined the channel
#
GWG Good day, #indiewebcamp
#
gRegor` Hi, GWG
#
GWG Hello, gRegor
#
GWG Did you enjoy the things that came out of IWC this weekend?
KevinMarks_ and willowbl00 joined the channel
#
gRegor` Yeah, Vouch seems pretty cool, and Teapot
#
GWG gRegor, though Teapot is reporting a lot more than I am inclined to bother sharing
#
ben_thatmustbeme you don't want to share your coffee drinking habits?
#
GWG I have an idea for something simple that it inspired me to.
#
GWG ben_thatmustbeme, I don't like coffee
eschnou joined the channel
#
GWG ben_thatmustbeme, do you want to know my eating habits?
#
ben_thatmustbeme maybe i do
#
ben_thatmustbeme not really
#
GWG I can see the value in analysis, but do you as an acquaintance of mine want to know?
#
reedstrm oversharing: the real problem w/ the internet of things
#
reedstrm reminded of first time parents ... "Little Billie's first boom boom!"
#
GWG I have a simpler idea for the Pebble though.
#
ben_thatmustbeme oh?
#
GWG I want to have it set up a post draft for me with the GPS coordinates that I can fill in later
#
GWG Such as... I am having fun now, but I don't want to exit fun to ta
#
GWG lk about it.
#
ben_thatmustbeme haha
#
GWG Here, let me press this button to remind me for later.
#
ben_thatmustbeme i was going to guess mood
#
ben_thatmustbeme would be easy to track
KartikPrabhu_ joined the channel
#
ben_thatmustbeme i think i might fragment my MP client in to a ton of little ones, one simple thing per page, so that on mobile I can bookmark them all and save them in 1 folder
#
GWG With the same menu presets idea.
#
GWG Sort of like a pro photographers diary
#
GWG Mood would work.
#
GWG I am thinking of my upcoming vacation, I guess
#
GWG Not that I will be doing something like this for then
#
GWG But future...
#
GWG ben_thatmustbeme, good idea.
#
GWG Lower the barrier to posting
#
GWG I have something like that on my list because it is easier than Micropub
#
gRegor` I'm not interested in sharing everything, but I am interested in quantified self.
#
KevinMarks_ Did aaronpk invent that new app so he'd have a reason to use http error 418?
#
gRegor` Heh, I was going to suggest it should return that somewhere.
#
GWG gRegor, so the same thing, only with a private/public setting?
KartikPrabhu_ joined the channel
#
kylewm KevinMarks++
#
Loqi KevinMarks has 67 karma
#
KevinMarks_ Hm, when I try to post to known from teacup I get an error page
#
KevinMarks_ Message: Undefined variable: url
#
kylewm I get a very exciting blank post https://kylewm.com/note/2014/10/13/1
#
ben_thatmustbeme can record bathroom breaks that way at /
#
ben_thatmustbeme damn, emoji were working on here before
#
ben_thatmustbeme odd
#
ben_thatmustbeme there we go /💩
alexhartley, kylewm, alexhart_, mlncn and tfontaine joined the channel
#
aaronpk_ kylewm: hm maybe it's not obvious that it doesn't send any "content" value
#
gregorlove.com edited /bulshytt (+202) "/* Criticism */" (view diff)
#
aaronpk_ which is probably why yours was blank
#
kylewm aaronpk_: oh sure, i didn't expect anything else
tfontaine, lukebrooker and JonathanNeal joined the channel
#
@voxpelli RT @kevinmarks: A humanist approach to understanding your users @benwerd http://werd.io/2014/yes-you-can-build-great-products-without-spying-on-users #indieweb (twitter.com/_/status/521741690093441024)
marclaporte, snarfed, dariusdunlap, mlncn, petermolnar and KartikPrabhu_ joined the channel
#
@uxs Yes, you can build great products without spying on users. #indieweb: http://werd.io/2014/yes-you-can-build-great-products-without-spying-on-users?utm_medium=twitter&utm_source=twitterfeed #ux (twitter.com/_/status/521743433631670273)
shaners, KartikPrabhu_, mlncn, lukebrooker, loic_m__, loic_m_ and LauraJ joined the channel
#
@bjorn_js RT @kevinmarks: A humanist approach to understanding your users @benwerd http://werd.io/2014/yes-you-can-build-great-products-without-spying-on-users #indieweb (twitter.com/_/status/521747976558231552)
snarfed, paulfitz, dariusdunlap and loic_m__ joined the channel
#
shaners Very quiet in the channel today.
#
ben_thatmustbeme everyone burned out from IWC this weekend?
fmarier joined the channel
#
aaronpk_ I wonder if it makes sense to send human-redable content so micropub endpoints sort of "fall back" to that if they don't understand the "p3k-food" field that is sent
#
aaronpk_ not burned out, just working on finishing my vouch code :D
loic_m_ joined the channel
#
ben_thatmustbeme aaronpk_ you see my issue with sending vouch right now
#
ben_thatmustbeme I can only send 1
#
marclaporte.com edited /Tiki_Suite (+1018) "Tiki Suite & Tiki distinction" (view diff)
#
aaronpk_ what's the issue?
#
shaners i was up til 4am working on autolinking / embeds for notes. In The Zone.
#
ben_thatmustbeme well I knew i would have to rip open the Lib, i'm using, but any links for mentions i won't have vouches for
#
aaronpk_ shaners: nice!
#
aaronpk_ shaners: I assume you found my post about that? http://aaronparecki.com/articles/2013/05/09/1/experimenting-with-auto-embedding-content
#
ben_thatmustbeme I have a field for a vouch, but i only have 1 vouch, if i'm doing in-reply-to multiple people, it doesn't work
#
ben_thatmustbeme basically i have to pay attention to every link now, not just one per post
#
marclaporte.com edited /Tiki_Suite (-1) (view diff)
#
shaners aaronpk_ I knew it was out there (and i've read it before) but i didn't see it last night.
#
aaronpk_ ben_thatmustbeme: ah I see. that's just a problem with the interface thoe right? shoudl be easy to fix
#
aaronpk_ shaners: cool. looks like I didn't do flickr photos for some reason
#
shaners but this is useful
#
ben_thatmustbeme yes and no, its a burden on posting
#
ben_thatmustbeme any post will have this problem
#
aaronpk_ how often do you reply to multiple people?
#
ben_thatmustbeme not often yet, i do mention a lot of links in articles though
#
aaronpk_ ah
#
aaronpk_ right
#
aaronpk_ well that sounds like a fun challenge
#
ben_thatmustbeme i think a public endpoint of acceptable hosts as was discussed isn't actually a bad idea
#
ben_thatmustbeme that way my webmention code doesn't have to hunt all over, and I should not even need an interface to post a specific vouch, the code can handle it all
#
marclaporte.com edited /Tiki_Suite (+84) (view diff)
#
aaronpk_ are there any security/spam implications with making that kind of index public?
#
marclaporte.com edited /Tiki_Suite (+4) (view diff)
KartikPrabhu_ joined the channel
#
ben_thatmustbeme i think the only security would be you are no longer protected by the obscurity of it. I personally like the idea for giving myself a place to review the list so i can remove / block entries in ti
#
aaronpk_ KevinMarks: I fixed the weird $url error thanks!
#
ben_thatmustbeme if i am considering some site as a authorized mention source, then its not like i'm opening up a hole by publishing the list, i'm still just as vulnerable to spam from those sources, but It does reveal to others that i have that security issue
#
ben_thatmustbeme it could get really interesting to start pulling in your autorized sites's authorized list and check their lists for sites you have blocked, then you could automatically notify them of entries you would recommend against
#
@zakperic I think I am in favor of What is the IndieWeb: http://indiewebcamp.com (twitter.com/_/status/521754489679020032)
#
shaners aaronpk: here's my working autoembeds so far:
#
shaners Instagram: http://sbbme-note.herokuapp.com/notes/2014/10/11/she-woke-up-like-this-the-farmhouse
#
shaners Vimeo: http://sbbme-note.herokuapp.com/notes/2014/10/10/n8duke-bookis-eliduke-pixel-miyazaki
#
shaners YouTube: http://sbbme-note.herokuapp.com/notes/2014/10/10/i-wish-jimmyfallon-theroots-and-mileycyrus
#
shaners Vine: http://sbbme-note.herokuapp.com/notes/2014/10/09/yassss
#
shaners Images: http://sbbme-note.herokuapp.com/notes/2014/09/30/i-especially-love-the-midwest-map-obvi
#
shaners Flickr: http://sbbme-note.herokuapp.com/notes/2014/09/25/this-pretty-well-sums-up-the-difference-between
#
shaners I also have audio and video working too, but can't find post for either off hand
#
shaners It was a good night.
#
Loqi night night
#
shaners Oh yeah. I thought I was gonna have to do some extra work for emoji but by the time I got around to it, I got it for free from the combination of Rails 4 + Ruby 2.1 + Postgres.
#
shaners http://sbbme-note.herokuapp.com/notes/2014/10/06/machikoyasuda-spooooky-scaaaary
#
reedstrm shaners: very nice
#
shaners reedstrm thanks
#
reedstrm apropos the Midwest consensus map - what sort of maps would include IL ,but not WI, IA, and MN? Hmm, perhaps they had 'Upper Midwest' as another region.
KartikPrabhu_ joined the channel
#
marclaporte.com edited /Tiki_Suite (+12) "cosmetic changes" (view diff)
#
marclaporte.com edited /Tiki_Suite (+4) (view diff)
#
marclaporte.com edited /Tiki_Suite (+0) (view diff)
#
shaners Today I'm working on this list of autoembeds: tweets, gists, thisismyjam, wikipedia, indiegogo, kickstarter, bandcamp, medium, soundcloud, slideshare, speakerdeck, google maps
#
shaners added a few based on your post, aaronpk
#
ben_thatmustbeme i'm still hypnotized by jazz hands and swaying images
fmarier and jet__ joined the channel
#
danlyke ben_thatmustbeme I support the notion of "I trust inbound links from the sites in this OPML file".
#
ben_thatmustbeme OPML? does that really gain you anything
#
ben_thatmustbeme a list of links works just as well
#
ben_thatmustbeme plus is readable
thierrymarianne joined the channel
#
ben_thatmustbeme i just can't decide if i want to make that list rel=nofollow or not
KartikPrabhu_ joined the channel
#
ben_thatmustbeme pros or allowing follow, that page can be used as vouch URL for anyone on it. If I trust them to post on my site, I am going to vouch for them elsewhere also makes finding if I can use a person as a vouch for me super easy. cons, anyone can send a webmention on my behalf easily, with rel=no-follow its much harder, the person i've linked too should have been able to collect the referals already anyway.
loic_m__ joined the channel
#
ben_thatmustbeme that page could also just be optional or need not even be complete (hide some connections, etc) its only to make receiving mentions from new people easier
erlehmann joined the channel
#
ben_thatmustbeme maybe i'll have only those I trust / manually entered listed there, others can use links if them know them
#
ben_thatmustbeme s/them know/they know/
#
Loqi ben_thatmustbeme meant to say: maybe i'll have only those I trust / manually entered listed there, others can use links if they know them
krendil joined the channel
#
ben_thatmustbeme with following, it becomes a duel purpose list, "here's a list of people I trust to not be spamming me" AND "Here's a list of people I trust to not spam others"
#
ben_thatmustbeme vs with rel=nofollow its just the first
#
ben_thatmustbeme actually i should rephrase the first to "here's a list of people I trust to not trust any spammers"
#
ben_thatmustbeme s/trust any/link to/
#
Loqi ben_thatmustbeme meant to say: actually i should rephrase the first to "here's a list of people I trust to not link to spammers"
snarfed joined the channel
#
gRegor` I don't get the "con: anyone can send a webmention on my behalf easily" above.
#
ben_thatmustbeme yeah, i couldn't quite figure out how to put that
#
ben_thatmustbeme A links to B, and B links to C
#
ben_thatmustbeme B publishes his list as described, without rel-nofollow
#
ben_thatmustbeme hmm, actually i think i noticed it really doesn't matter
#
ben_thatmustbeme i was going to say that the link from B to C is normally obscured unless someone indexes the site
#
ben_thatmustbeme it doesn't need to be published openly as C always has the link from B's site
#
ben_thatmustbeme and anyone could repeat webmentions from C to A without C's control
#
ben_thatmustbeme but anyone can do that anyway with webmention
#
gRegor` Yeah
#
ben_thatmustbeme and with W+V if they find the link
#
ben_thatmustbeme so I guess it doesn't really matter
#
ben_thatmustbeme trying to think if there are any other disadvantages, but I don't really see any
#
ben_thatmustbeme other than making it potentially too easy for spammers to crawl network since all connections are published
#
ben_thatmustbeme and privacy concerns, which is why i'd say its optional
#
ben_thatmustbeme i like the idea that I could check my neighbors to make sure they aren't allowing insecurity though
#
gRegor` Spammers can crawl, but they still need a way to create content on the vouch-for-me URLs
#
gRegor` I like the idea of expanding the vouch-for-me URLs to include paths, so I could list twitter.com/t instead of all of twitter.
#
gRegor` Which I think would address Kartik's question earlier about getting Twitter like spam
alexhartley joined the channel
#
ben_thatmustbeme i wouldn't trust twitter at all, links don't even include rel=nofollow
#
ben_thatmustbeme and too much autolinking
#
ben_thatmustbeme even if I limited it to a user page, there is still too much risk i feel
#
danlyke ben_thatmustbeme OPML because those tools already exist.
#
gRegor` Hmm
#
gRegor` Maybe I need to start implementing this before I fully grasp it.
#
ben_thatmustbeme danlyke, people first, machines second. plus parsers for html already exist too
#
ben_thatmustbeme besides, you really don't need to fully parse it, you just care about href= and potentially rel=
#
gRegor` If I have linked to twitter.com/t/* and tantek has linked to your ben.thatmustbe.me/*, why shouldn't I trust twitter.com/t/* as a vouch URL for you?
#
danlyke ben_thatmustbeme yes, but the machines need to know that this is a list of trustworthy links.
#
gRegor` Or I guess the problem then becomes what if tantek links to "look at these jerk spammers [link]" in a tweet...
#
danlyke I've got heuristics which grab feeds from /irc-people and there's a lot of emphasis on human readable there, but trying to automate how to get those feeds from what's there is tough.
#
ben_thatmustbeme gRegor` any time its a silo, I can't trust that they don't turn on side bars or promoted tweets, etc, I trust tantek not to post bad content, i don't trust twitter
brianloveswords joined the channel
#
ben_thatmustbeme danlyke, they do, same way we know endpoints etc, you can just specify it as rel='vouch-list' or something like that
#
ben_thatmustbeme or put it in the headers just like endpoints
loic_m_ and mlncn joined the channel
#
ben_thatmustbeme danlyke, everyone should be using h-feed
#
ben_thatmustbeme or a link that has h-feed tag so you know where it is (correct me if i'm wrong here guys, not as strong with mf)
#
shaners ben_thatmustbeme danlyke not everyone wraps their .h-entrys in .h-feed
#
shaners i do. i think it's nice. but some are team "infer an .h-feed as the array of .h-entrys".
KartikPrabhu_ and loic_m__ joined the channel
#
ben_thatmustbeme i somewhat like that about the group, forces any code to watch out of odd cases, there will certainly be more as microformats2 spreads
jet___ and KevinMarks_ joined the channel
#
ShaneHudson shaners: Could we not just say h-entry inside h-feed (especially if multiple on a page) is recommended?
#
shaners i mean, that's what *I* recommend. but not everyone agrees.
#
shaners what is h-feed?
#
Loqi h-feed is a microformats2 experiment with a top level feed object to contain h-entry posts http://indiewebcamp.com/h-feed
#
shaners if i remember right, one of the objections to it is the mf2 design principle of flatness.
#
shaners mf1 had a fair bit of nestedness that confused people
#
ShaneHudson That makes sense but I think if there are multiple *related* h-entrys then semantics say they should be contained by something
#
shaners (not that .h-feed > .h-entry is a lot, but it's one more layer)
#
gRegor` That's an interesting objection. h-adr is still listed as a legit option for h-card, I think
#
ShaneHudson And avoids the case where you may have h-entry in a sidebar or something similar
#
gRegor` s/option/nested option/
#
Loqi gRegor` meant to say: That's an interesting objection. h-adr is still listed as a legit nested option for h-card, I think
#
shaners ShaneHudson again, i agree. i use .h-feed. and i *definitely* would if i had multiple feeds on one page.
#
ben_thatmustbeme i would say it can be recommended, but never assume people will do so
#
ShaneHudson shaners: I didn't know about it, but makes perfect sense to use
#
ben_thatmustbeme web code gets ugly, you should assume there will be people who don't
#
shaners gRegor` correct
#
ShaneHudson ben_thatmustbeme++ very true
#
Loqi ben_thatmustbeme has 23 karma
#
shaners not all nesting is gone in mf2, but it's a design goal to minimize nesting.
#
gRegor` Gotcha
#
shaners that said. i agree with what ben_thatmustbeme just said: recommend it, but don't assume it. infer it if .h-entry(s) are present without an .h-feed
#
gRegor` I only have one h-feed so far, for my notes. It's linked from my <head> with rel=feed, so in that instance I think the h-feed makes sense as a "requirement"
#
gRegor` My main use case for that is bridgy backfeed
#
ben_thatmustbeme gRegor` I disagree, if its linked in the head as rel=feed i'd say there is more of an argument that its NOT needed
#
ben_thatmustbeme any code parsing it would already assume its a feed of h-entries
#
gRegor` Only if you're presuming the code is starting at my homepage.
#
gRegor` What if you just put in my notes feed in your reader?
brianloveswords joined the channel
#
ben_thatmustbeme then again, same as before, if it lacks h-feed and lacks rel=feed, i assume the URL i am given is the feed
#
ben_thatmustbeme and just look for all h-entries
#
shaners yep
#
ben_thatmustbeme in that way, h-feed is actually irrelevant unless you have h-entries you do not need/want in the feed
#
shaners this conversation illustrates my initial point. i like .h-feed. i use it. but not everyone does all the time or ever. and that's ok.
#
gRegor` Agreed
#
@SifuKeithMosher Another great day of writing. My new book is almost writing itself (with a lot of guidance from me of course). #IndieAuthor #indieauth (twitter.com/_/status/521771737122607105)
#
gRegor` Anyone have a handy example of multiple h-entry not in an h-feed?
#
shaners http://aaronparecki.com
#
ShaneHudson I need to re-mf my site. When I moved CMS I completely forgot. Not even got rel=me! Though indieauth still works somehow
#
gRegor` Looks like Shrewdness handles it properly, as I was guessing it would.
#
shaners ShaneHudson indieauth prolly has your rel-me sites cached from when you did have mf2 in your markup
#
ben_thatmustbeme ShaneHudson, I started on WP and SemPress, grabbed the rendered html when I swapped over, so I know i have a lot of mf2 bits wrong
#
ShaneHudson I need to get hold of a shrewdness account, think it would be very useful! Especially once I get micropub working
#
ben_thatmustbeme i really need to go over it all
#
reedstrm shaners: here's hoping it only falls back to the cached values if the current page has none ...
#
shaners that's a question for aaronpk
#
ShaneHudson reedstrm: You can ask it to rescan
#
ShaneHudson shaners: Yeah you are right, dated August :)
#
reedstrm There are two hard problems in Computer Science: Naming things, and cache invalidation :-)
#
shaners and off by one errors
#
gRegor` Odd... h-entry disappeared from my article template.
#
gRegor` shaners++
#
Loqi shaners has 12 karma
#
shaners autoembedding tweets from URLs in note content : http://sbbme-note.herokuapp.com/notes/2014/10/12/gruber-this-is-the-kinda-frozen-in-time
#
ShaneHudson Do we have a page for auto-embedding content?
#
ShaneHudson what is cards
#
Loqi A card in the context of the indieweb are small information summaries—often summaries of specific, external web pages http://indiewebcamp.com/cards
#
shaners what is autolink?
#
Loqi An autolink is a hyperlink that was automatically added to some text to link that text to an obvious or useful destination, e.g http://indiewebcamp.com/autolink
brianloveswords joined the channel
#
ShaneHudson Ok so the basics are there. Might be nice to get some discussion going about when to auto-embed, could be interesting.
#
ShaneHudson Later that is, not right now haha
#
shaners ShaneHudson feel free to ;)
#
ShaneHudson Think I will add it to my list of itches :)
#
snarfed apologies, late to the conversation…but re implied vs explicit h-feed, bridgy's original post discovery (using syndication links) currently expects it to be explicit
#
snarfed we can definitely change that to work without explicit h-feed; we just haven't yet
#
snarfed (cc kylewm)
#
snarfed https://github.com/snarfed/bridgy/blob/master/original_post_discovery.py#L250
#
shaners snarfed: nice that you've already thought about this
#
shaners https://github.com/snarfed/bridgy/blob/master/original_post_discovery.py#L254
#
snarfed oh, duh, you're right. i misspoke; it doesn't require explicit h-feed after all
#
snarfed kylewm++ , he implemented this part of bridgy
#
Loqi kylewm has 67 karma
#
shaners is it actually falling back to h-entrys or is that just a note that it *should* fallback
#
shaners ?
#
shanehudson.net edited /card (+67) "Adding autolink to card's 'see also' section" (view diff)
#
snarfed shaners: looks like it falls back
#
shaners grool. i don't read python very well. ;)
yakker joined the channel
#
shanehudson.net edited /User:ShaneHudson.net (+103) (view diff)
sgreger joined the channel
#
KevinMarks_ So does https://teacup.p3k.io/known.kevinmarks.com/34 appearing mean it failed to post on my site?
bret_ joined the channel
#
KevinMarks_ Publishing a list of possible vouch urls sounds like a subscription list/blog roll variant
#
KevinMarks_ So an html list of links with rel on seems like a good existing pattern
snarfed joined the channel
#
KevinMarks_ Would adding rel="vouch" be redundant? If you link without rel="nofollow" it is already a vouch-worthy link
brianloveswords and caseorganic joined the channel
#
kylewm is there a rel value for subscription list/blog roll?
#
gRegor` @joeld's original idea was a rel-vouch to a text file of URLs, but it could be to HTML. I don't think it was intended for individual external links.
#
kylewm like if i have your domain name, can i get to that list?
#
gRegor` kylewm: I think the indiereader from Portland hack day used something like that.
#
gRegor` There could be a difference between "my subscriptions/blog roll" and "sites I've linked to that I trust as a vouch" too
#
kylewm gRegor`: the indiereader needed you to give it a particular URL of the subscription list
dariusdunlap, willowbl00, lukebrooker, caseorganic, snarfed1, caseorga_ and brianloveswords joined the channel
#
mattl rascul, aaronpk, tantek_ -- it happened again. example of my kind of twitter 'spam' -- https://twitter.com/JordanRaanan/status/521639320449744897?refsrc=email
#
@JordanRaanan Justin Pugh: isn't a good enough word to describe how bad I played (via @MattL ombardo975) http://www.nj.com/giants/index.ssf/2014/10/justin_pugh_there_isnt_a_good_enough_word_to_describe_how_bad_i_played.html https://twitter.com/JordanRaanan/status/521639320449744897/photo/1 (twitter.com/_/status/521639320449744897)
brianloveswords joined the channel
#
@MicropubInfo 6 days ago: http://indiewebcamp.com/micropub The one #indieweb function I still need to dig into. Will be real... https://www.google.com/url?rct=j&sa=t&url=http://timowens.io/2014/micropub&ct=ga&cd=CAIyHDNlNjg4ODQzODIxNzA0ZmU6Y28udWs6ZW46R0I&usg=AFQjCNGqOe5VZ8_dNSPiYgaSloTx_5J9mg&utm_source=twitterfeed&utm_medium=twitter (twitter.com/_/status/521792051210252288)
mlncn joined the channel
#
@almereyda @tunda_hain Hast du egtl. schon @withknown ausprobiert? Sollte einfach zu installieren sein und #IndieWeb macht endlich Spaß! @indiewebcamp (twitter.com/_/status/521792927451086848)
anomalily and KevinMarks__ joined the channel
#
KevinMarks__ so you should nofollow the subscriptions you don't vouch for?
caseorganic joined the channel
#
KevinMarks__ or you don't trust to vouch to you?
#
KevinMarks__ we had rel-directory, but that was the other way around: http://microformats.org/wiki/rel-directory
#
@tunda_hain @almereyda @withknown @indiewebcamp ne noch nicht, bin aber auch dabei alles nen bisschen downzugraden. web 1.0 und so. (twitter.com/_/status/521794260388294658)
#
cr doesnt get ShortCircuit2 reference. the movie?
#
cr why is description font like #ccc on #fff in http://2014.mozillafestival.org/proposals/
willowbl00, caseorga_, willowbl001 and dariusdunlap joined the channel
#
@withknown It was great to see everyone at #indiewebcamp this weekend at MIT. Thanks to @mozilla, @esri, and @reclaimhosting for sponsoring! (twitter.com/_/status/521802346607546368)
#
@ReclaimHosting RT @withknown: It was great to see everyone at #indiewebcamp this weekend at MIT. Thanks to @mozilla, @esri, and @reclaimhosting for sponso… (twitter.com/_/status/521802447388700672)
mlncn and danlyke joined the channel
#
ben_thatmust yeah, rel-directory isn't right
dariusdunlap and erlehmann joined the channel
#
KevinMarks__ if you want a real legacy format for this, that would be XOXO http://microformats.org/wiki/xoxo though I would not recommend it these days
#
ben_thatmust wonder if rel=blogroll would make sense
#
ben_thatmust to add
#
KevinMarks__ to point to what?
#
KevinMarks__ xfn was for marking up blogrolls
brianloveswords joined the channel
#
ben_thatmust we want some way to tag a link to a page off the main page that would be our list of sites we authorize / trust / read whathaveyou
#
ben_thatmust must like how rel=hfeed would indicate where to look for the true hfeed
#
@pwcc @pfefferle Does your WordPress webmentions plugin replace the "Send trackbacks to" function with webmentions? Love the indieweb plugins :D (twitter.com/_/status/521811753051500545)