#indiewebcamp 2014-10-13

2014-10-13 UTC
#
tantek.com
edited /Main_Page (+59) "/* IndieWebCamp */ link to full size"
(view diff)
marclaporte joined the channel
#
KartikPrabhu_
ha awesome jazz hands photo
dariusdunlap joined the channel
#
marclaporte
I am trying to log in to indieauth.com
cmhobbs joined the channel
#
marclaporte
Authenticate using one of the methods below to sign in as http://marclaporte.comError retrieving: http://marclaporte.com
#
marclaporte
but I added <link rel="me" href="https://twitter.com/marclaporte" /> <link rel="me" href="https://github.com/marclaporte" /> to my source, as documented
rascul_ joined the channel
#
rascul_
On my phone
tantek_ joined the channel
#
tantek_
On the web
#
obra
marclaporte: looking
#
tantek_
obra, add yourself to /irc-people ! :)
#
tantek_
(when you're done looking of course ;) )
#
tantek_
Bret - the lower left diamond has unfortunate default linebreaks which confuse the meaning
#
aaronpk_
marclaporte: your site is returning a bad Location header
#
obra
it's your redirect
tantek_ joined the channel
#
aaronpk_
Location: tiki-index.php
#
aaronpk_
it should be Location: /tiki-index.php
#
obra
if I'd known that you guys were going to tosci's..., I'd have stuck around
#
tantek_
bert - in particular, the "target & source" expression seems to bind the two together, when they're each part of separate expressions
#
tantek_
that is
#
tantek_
"does my site accept webmentions to target"
#
tantek_
"does source link to target"
#
tantek_
ideally there would be a line break between those two
#
s.ly
edited /IRC_People (+47) "/* Nicknames */"
(view diff)
#
tantek.com
edited /Vouch (+292) "prepare to use Bret's cleaned up drawing instead at top of page, move photo of whiteboard to section lower down"
(view diff)
#
marclaporte
aaronpk_: thanks. So I tried http://marclaporte.com/Contact and I get 0 supported and verified providers were found! twitter.com/marclaporte An unknown error occurred with this provider. github.com/marclaporte An unknown error occurred with this provider.
#
aaronpk_
if you want to do that, your twitter profile would have to link to the Contact page
Pea1 joined the channel
#
aaronpk_
i think it's failing because twitter.com links to marclaporte.com which still has the bad redirect
#
marclaporte
aaronpk_: I guess I am just good at finding edge cases :-)
#
tantek_
marclaporte - but your home page is you - better to make that work
#
obra
eh. not super important to me. i don't mind if others touch it, though
#
marclaporte
aaronpk_ & tantek_ : so I changed the redirect from tiki-index.php to /tiki-index.php and I am now logged in. Thanks!
#
marclaporte
is it worth logging a feature request / bug report to https://github.com/aaronpk/IndieAuth/issues ? Browsers are able to follow...
#
Loqi
yay!
#
tantek.com
edited /Main_Page (-22) "/* IndieWebCamp */ local link"
(view diff)
#
tantek.com
edited /Main_Page (+22) "revert"
(view diff)
#
ben_thatmust
marclaporte, thats an interesting way about things, I don't think i had seen rel=me links just in the header like that
#
tantek.com
edited /2014/Cambridge (+141) "/* Photos */ add links to animated and swaying versions"
(view diff)
#
marclaporte.com
created /Tiki_Suite (+708) "Say hello to Tiki Suite!"
(view diff)
#
tantek.com
edited /Main_Page (-10) "/* IndieWebCamp */ switch to swaying image for Cambridge"
(view diff)
#
marclaporte.com
edited /web_hosting (+17) "/* Personal Clouds */ Say hello to Tiki Suite!"
(view diff)
#
aaronpk_
marclaporte: I suppose if browsers follow it then indieauth.com should too
#
ben_thatmust
huh, I honestly cannot remember how I added google authenticator support to indieauth
#
ben_thatmust
I want to remove it
#
GWG
ben_thatmust: aaronpk is the only one who can tell you, I think
#
tantek.com
edited /2014/Cambridge (+0) "/* Schedule */ update cleanup"
(view diff)
#
aaronpk_
that is the one thing that indieauth.com provides that can't be published on your website
#
ben_thatmust
i realized that since its technically 1 factor, its actually really insecure
#
aaronpk_
I don't have a way to remove it
#
aaronpk_
s/way/way for you
#
Loqi
aaronpk_ meant to say: I don't have a way for you to remove it
#
gRegor`
My rel-me links are only in the <head> because I haven't found a way to put them in the page contents that I like.
#
aaronpk_
ben_thatmust: it's probably just as secure as SMS auth, possibly more secure
#
tantek.com
edited /2014/Cambridge/Schedule (+39) "/* Sunday, October 12, 2014 (Hack Sessions) */"
(view diff)
dariusdunlap joined the channel
#
GWG
aaronpk_: How many people are using the feature, I wonder?
#
GWG
I know I am
#
ben_thatmust
i don't use sms auth, but i'm guessing sms auth sends a time sensitive code?
#
ben_thatmust
if thats the case i'd know if someone is trying to brute force iit
#
ben_thatmust
google auth doesn't have any recorse for failed attepts, and its a known scheme, 6 digits
#
GWG
aaronpk_: Do you have a feature to disable it after a certain number of failed attempts?
#
aaronpk_
44 people have set up totp auth
#
aaronpk_
sorry, 93 people have set it up, 44 have used it
#
ben_thatmust
so i'll just keep resubmitting some small set of 6 digit combos (as many as i can fit in the time before changes) and eventually google auth will happen upon those that i am submitting
#
aaronpk_
i'm pretty sure they factored that attack in when designing TOTP
#
tantek.com
edited /Vouch (+187) "/* Flow Chart */ use image for max-width styling"
(view diff)
#
marclaporte
But that wasn't enough :-) so I have now pivoted to Tiki Suite: http://suite.tiki.org/Tiki+Suite a FLOSS Server, Web, Mobile and Desktop suite with 80%+ of the features all organizations need
#
@benwerd
Sounds like Team #Indieweb is headed to the Thirsty Scholar, where the opening scenes of The Social Network were filmed.
(twitter.com/_/status/521461623244853248)
#
marclaporte
So for folks that want to manage pretty all their data on their own servers, it's a solution ready TODAY! http://suite.tiki.org/Alternative+to+Google http://suite.tiki.org/Alternative+to+Microsoft
#
marclaporte
pretty -> pretty much
#
tantek.com
edited /Vouch (+116) "update IRC in progress link, add FAQ section stub"
(view diff)
#
ben_thatmust
aaronpk_ that doesn't say anything to brute force attempts
#
ben_thatmust
it still needs to be rate limited
#
ben_thatmust
if a person has your login and password, brute force can still be done on two factor too, its just they have to try as many combinations as possible in the 30 second window they have.
#
GWG
ben_thatmust: Anything can be exploited. Most security is about raising the amount of effort required
#
carmen
antispam obv a good focus to any POST stuff
#
bret
tantek_: I'll fiddle with it a bit and see if I can match the justification
mdik_ joined the channel
#
@dissolve333
Had an excellent couple days at #indiewebcamp Cambridge. Bonus was a tour of the W3C offices.(btmb.me s/2k)
(twitter.com/_/status/521470395514253312)
#
marclaporte.com
edited /Tiki_Suite (+83) "Adding some links"
(view diff)
#
gRegor`
GWG: Sure, but ben's point is that indieauth should be doing rate limiting for gootle authenticator login. With the other indieauth options, they're probably already doing that on their end (Twitter, Github)
#
gRegor`
s/gootle/google/
#
Loqi
gRegor` meant to say: GWG: Sure, but ben's point is that indieauth should be doing rate limiting for google authenticator login. With the other indieauth options, they're probably already doing that on their end (Twitter, Github)
#
GWG
gRegor`: I'm not disagreeing exactly
#
ben_thatmust
yes, and no, i'm saying any other point you have a large possibility of password inputs, the range is much larger when you have a-zA-Z0-9, forget about if you add other characters, but here you have[0-9]{6} always. it basically makes the time factor in it irrelevent
#
ben_thatmust
the reason it works so well as 2 factor auth is that it obscures your password correctness on a brute force. so if you try to brute force password, even if you get it right you have to provide a proper TOTP, so (properly implemented) you don't know if you guessed the password correctly or the TOTP failed
#
ben_thatmust
the search space becomes huge
chrissaad joined the channel
#
marclaporte.com
edited /projects (+273) "Manage pretty much all your content with Tiki Suite!"
(view diff)
#
GWG
ben_thatmust: Then your bigger argument goes back to the fact that nothing 'on your site' related to the TOTP code.
#
ben_thatmust
thats a problem as well
#
timowens.io
edited /Facebook (+106) "/* Articles */"
(view diff)
#
ben_thatmust
but security-wise you should never use TOTP as a single factor auth
#
@kevinmarks
@johncappiello known has the Indieweb protocols built in, they can be added to other CMSs, but it is more work.
(twitter.com/_/status/521479233621614593)
alexhartley, tantek and mlncn joined the channel
#
ben_thatmust
so this got mentioned off the cuff after my demo. But currently (and mainly for proof of concept) I am only pulling my vouch suggentions for my site
#
ben_thatmust
but suppose we did some sort of published endpoint for where to look up a vouch
paulfitz joined the channel
#
marclaporte
feels nostagic and hopeful as he replaced <link rel="openid.delegate" href="http://marclaporte.myopenid.com/"/> by <link rel="me" href="https://github.com/marclaporte" /> today...
#
tantek.com
edited /2014/Cambridge (+184) "/* Photos */ add day 1 schedule"
(view diff)
#
tantek
marclaporte++ for making the jump from openid to indieauth!
#
Loqi
marclaporte has 1 karma
#
tantek
marclaporte: and now that you've done that, see: http://indiewebcamp.com/IndieAuth#Use_IndieAuth_for_your_OpenID
#
@t
#IndieWebCamp Cambridge hack day: * webmention with vouch receive flow chart * #indiecomms conditional Facetime button (ttk.me t4Ya2)
(twitter.com/_/status/521483269498744832)
#
marclaporte.com
created /User:Marclaporte.com (+115) "first version"
(view diff)
#
marclaporte
tantek: oh cool. Done!!
snarfed and chrissaad joined the channel
#
Loqi
giggles
#
tantek
be sure to activate 2-factor auth on github for even more secure goodness
#
mattl
are people still out for dinner, or did i miss that?
#
mattl
and who wants to get a drink? :)
#
tantek
mattl - we're hacking on webmention with vouch at The Lord Hobo
#
mattl
tantek: let me see if i can get over there. If we ever do a IndieWebCamp Boston, I swear I'll be better at it.
#
rascul
mattl you're in the area?
#
mattl
i am. well, i'm in Boston.
#
rascul
well we just had a seat open up!
#
GWG
mattl: I saw you on the feed, I thought, yesterday
#
ben_thatmust
so when is the next IWC Cambridge?
#
mattl
i just asked my watch to get me a car. i'll be there in a bit.
#
GWG
Or maybe I'm misremembering what you look like
#
GWG
When is the next IWC anywhere?
#
marclaporte
now has 2fa activated on Github as per tantek's advice
#
mattl
GWG: I was there for a bit. I am just not good at weekends.
#
ben_thatmust
GWG, dunno, none are listed
#
carmen
georgetown has a conference on rot coming up
#
GWG
mattl: I would have come up if it wasn't a bad weekend for me
#
tantek
marclaporte, congratulations, now you have 2fa indieauth and openid, which IMO, is pretty fricking awesome.
#
GWG
Wasn't someone trying for a DC area IWC?
gr0k joined the channel
#
GWG
And I'm always in favor of an NYC event again
#
mattl
I go to Europe on Tuesday.
#
tantek
GWG, JeremyZilar wants to do another NYC event in November - please reach out to him and help coordinate!
#
GWG
mattl: You do? Where?
#
mattl
Not Wednesday like I thought
#
GWG
tantek: I'd love to. I never hear from him.
#
rascul
GWG there was some talk of a dc indiewebcamp
#
marclaporte
tantek: :-)
#
GWG
rascul: I said that
#
GWG
I have an Uncle down there. I'd go see him.
#
ben_thatmust
When our house is done I'll host IWC Attleboro MA
#
GWG
ben_thatmust: I heard the train doesn't run till noon.
#
rascul
i live not far from dc, 3 hour drive maybe
#
GWG
mattl: Where are you going?
#
rascul
well, 1.5 hours to gaithersburg then take the metro
#
mattl
I'm in Amsterdam, bristol, Exeter, London, Nottingham, York, Leeds, Manchester...
#
GWG
mattl: Sounds fun. I'll be in Belfast and Dublin.
#
mattl
spread the word: shove talksaboutstuff.com at people, GWG
gr0k joined the channel
#
mattl
tantek: on my way.
#
GWG
mattl: Sounds interesting
#
marclaporte
So when I was writing up http://suite.tiki.org/Alternative+to+Google, I used http://en.wikipedia.org/wiki/List_of_Google_products and I was suprised by the large number of items in the "Discontinued products and services" section!
#
GWG
tantek: His gmail address?
#
marclaporte.com
edited /site-deaths (+90) "/* Related */"
(view diff)
#
ben_thatmust
wonders if he can find enough locals for IWC Providence
#
GWG
ben_thatmust: IWC NYC had six I think. If you can find 6 people willing to hang out in Providence...
#
carmen
i'l come down
#
carmen
cambridge drive sme insane. too much "creative" class expensive whitepoeple shit ;)
#
mattl
Me too.
#
mattl
carmen: I'm kinda in that same place w Cambridge
#
carmen
donuts here in Weymouth are 80 cents. in somervile theyre $3.75
tantek joined the channel
#
ben_thatmust
yeah, providence tends to be pretty accessable
#
carmen
if you have a good reason to be there. lke you work @ W3C, i can see making the trip in. obviously cambridge does a lot of cool stuff
#
ben_thatmust
Maybe AS220 could host
#
carmen
Angus Davis.. who sold one of his startups to MSFT for like $900 mllion.. is doing things down in PVD
#
tantek
what is PVD?
#
Loqi
It looks like we don't have a page for "PVD" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=PVD
#
carmen
a lot of the 80s/90s era providence loft squat stuff burned down or was turned into condos
#
carmen
airport code for providence
#
marclaporte.com
edited /site-deaths (+74) "Adding Techcrunch deadpool and Reddit shutdown"
(view diff)
#
marclaporte
confirms that openid via indieauth worked beautifully for http://alternativeto.net/ !
fmarier joined the channel
#
tantek.com
edited /Vouch (+1274) "/* How can a sender find a vouch link */ document my answer from IRC http://indiewebcamp.com/irc/2014-09-28#t1411932421458"
(view diff)
#
KartikPrabhu_
marclaporte++ for moving to indieauth
#
Loqi
marclaporte has 2 karma
mlncn joined the channel
#
bret
marclaporte: and you can use indieauth as an openID provider for legacy support!
#
bret
so for logging into pypi or stack exchange
alexhartley joined the channel
#
@crema
@kartik_prabhu Thank you! I have read your article and found the website of @indiewebcamp . It's really interesting! So I wrote an article
(twitter.com/_/status/521495074224349184)
tantek_1, tantek__ and joshwnj joined the channel
#
tantek__
for bret to catch up on the logs :)
#
tantek__
marclaporte - now add yourself to http://indiewebcamp.com/irc-people
gr0k and caseorganic joined the channel
#
marclaporte.com
edited /IRC_People (+60) "MarcLaporte now on IRC_People"
(view diff)
caseorganic joined the channel
#
tantek.com
edited /Vouch (+953) "document Protocol Summary based on original IRC with some details since, discussed at IndieWebCamp Cambridge. add FAQ re: Is a vouch saying "you may know me from…""
(view diff)
#
aaronpk_
question: is this a reasonable regex to check if one web page links to another? /<a[^>]+href=[\'"]([^\"\']+)[\'"]/
#
aaronpk_
or should I follow the age old advice of never parse HTML with regex
#
marclaporte
bret: yup, really cool! And a lot easier than hosting https://simplesamlphp.org/ :-)
#
aaronpk_
i like how that site has a bloody heart as the first thing you see
#
tantek__
lol at "simplesaml"! Seriously? Seriously?!?
#
aaronpk_
hey if someone can make saml simple for me then more power to them
#
aaronpk_
the less i have to think about that the better
#
KartikPrabhu_
what is saml?
#
Loqi
It looks like we don't have a page for "saml" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=saml
gr0k joined the channel
#
GWG
I'm thinking about contexts again
#
KartikPrabhu_
tantek__: you win! I've started getting spam likes on Twitter :-(
#
aaronpk_
tantek__: this feels kludgy but it might have to do for now: no_link_from_vouch_to_source
#
KartikPrabhu_
have thought about how to use vouch for bridgy backfeeds?
#
GWG
Why is context not a page, but reply-context is?
#
KartikPrabhu_
gwg start one if you have a definition
#
GWG
KartikPrabhu_: Well, a reply-context, a like-context, etc...have definitions, why shouldn't the broader term?
#
KartikPrabhu_
because it is broad
#
marclaporte.com
edited /IRC_People (+80) "Adding an avatar"
(view diff)
#
emmak
aaronpk_: why not use an xml parser instead of regex?
#
KartikPrabhu_
gwg if defining context is useful to you then do it
#
aaronpk_
cause...cause..
#
aaronpk_
i dunno, regex is like one line
#
GWG
KartikPrabhu_: I'll give it a shot. Someone will edit it
#
aaronpk_
emmak: that is pretty good!!
#
aaronpk_
what happens on not-quite-xml-html?
#
aaronpk_
s/-html/ html/
#
Loqi
aaronpk_ meant to say: what happens on not-quite-xml html?
#
emmak
i'm not sure, it depends how lenient the xml parser is
#
tantek.com
edited /Vouch (+453) "add FAQ: Must I trust voucher knows source"
(view diff)
#
emmak
i don't think it has to be strict "xhtml" to work
#
aaronpk_
yeah the method is "loadHTML" which suggests it's somewhat lenient
#
aaronpk_
"The function parses the HTML contained in the string source. Unlike loading XML, HTML does not have to be well-formed to load."
#
tantek.com
edited /Vouch (+0) "/* In Progress */ update IRC"
(view diff)
#
aaronpk_
OK I AM STEALING YOUR LINKSTO FUNCTION THANKS
snarfed joined the channel
#
emmak
glad to help :)
#
aaronpk_
checks the license
#
david.shanske.com
created /contexts (+237) "Another Page"
(view diff)
#
tantek.com
edited /Vouch (+231) "/* FAQ */ what about Twitter?"
(view diff)
#
aaronpk_
apache license!
#
tantek.com
edited /Vouch (+448) "/* FAQ */ Must I always send a vouch per http://indiewebcamp.com/irc/2014-09-28#t1411944176964 ? No."
(view diff)
#
marclaporte.com
edited /site-deaths (+278) "/* 2013 */ GeoURL 503 Service Unavailable"
(view diff)
#
aaronpk_
man so many changes to my webmention endpoint and I have no automated tests for this
#
tantek.com
edited /Vouch (+568) "FAQ: Can a vouch apply to shared membership http://indiewebcamp.com/irc/2014-09-28#t1411945537111"
(view diff)
#
tantek.com
edited /Vouch (+379) "/* How can a sender find a vouch link */ more from http://indiewebcamp.com/irc/2014-09-28#t1411945654037"
(view diff)
#
tantek.com
edited /Vouch (+253) "/* How can a sender find a vouch link */ more from http://indiewebcamp.com/irc/2014-09-28#t1411945707835"
(view diff)
#
tantek.com
edited /Vouch (+281) "/* FAQ */ Is the vouch a sponsor - http://indiewebcamp.com/irc/2014-09-28#t1411945798623"
(view diff)
#
shaners
aaronpk_ Nokogiri in Rubyland provides you similar functionality if you ever find yourself needing to do similar thing for indieauth or whatever.
#
tantek.com
edited /Vouch (+757) "/* FAQ */ Does vouch make all webmentions manual, Does vouch make it too hard to send webmentions - http://indiewebcamp.com/irc/2014-09-28#t1411945993535"
(view diff)
#
tantek.com
edited /Vouch (+0) "/* In Progress */ note in progress IRC permalinks http://indiewebcamp.com/irc/2014-09-28#t1411946065283"
(view diff)
caseorganic joined the channel
#
aaronpk_
shaners: yes I have used nokogiri quite a bit! it's great
#
shaners
aaronpk grool
#
tantek.com
edited /Vouch (+327) "/* Design Considerations */ Zero moderation - http://indiewebcamp.com/irc/2014-09-28#t1411946594810"
(view diff)
chrissaad joined the channel
#
tantek.com
edited /Vouch (+71) "/* In Progress */ current log processing cursor"
(view diff)
#
tantek__
ok I'm done processing Vouch braindump backlog for tonight. Made pretty good progress.
glennjones joined the channel
#
daf
aaronpk_: that regex probably matches some things you wouldn't want it to
#
daf
aaronpk_: like any tag that begins with 'a'
#
daf
aaronpk_: since you only care about the opening tag, a SAX-type parser would probably be easy to use
#
daf
aaronpk_: OTOH, it's not clearly exploitable given that any third party incliuded content is probably reasonably scrubbed
#
daf
aaronpk_: and maybe adding a few \b or \< (depending on regex variant) would be good enough to close any loopholes
rascul_ joined the channel
#
shaners
daf: I'm pretty sure that aaronpk went with emmak's function from neonblog.
fmarier and j12t joined the channel
#
daf
ah nice
#
daf
yeah, there ought to be no excuse for using a real parser these days :)
aaronpk_1 joined the channel
#
aaronpk_1
Yeah I realized pretty quick that a trivial way to hack that is to make a plain text comment that has the text of something that looks like <a href...
#
aaronpk_1
So thanks emmak for the short verify code
wolftune joined the channel
#
@HongPong
RT @aaronpk: "No no no, you *railed* it!" - @obra to @benwerd after solving the issue in the first 30 seconds. #indiewebcamp (http://t.co/q…
(twitter.com/_/status/521530473067991040)
#
daf
obra: interested to see what your cordova code looks like
#
daf
obra: such boilerplate
#
obra
yay apps
#
kylewm
obra: is it specific to known, or might it work for any site with web action handler urls?
#
obra
oh, it's just a tiny shim to turn android share intents into window.location.href
#
kylewm
awesome, that's exactly what i want it to do :)
KartikPrabhu_ joined the channel
#
daf
obra: hmm, so it opens a web browser at a location that allows you to share whatever it is with Known?
tantek, j12t and glennjones_ joined the channel
alexhartley and dariusdunlap joined the channel
#
shaners
is anyone auto embedding flickr photos from flickr.com urls in notes? tantek__ aaronpk
#
kylewm
shaners: I bet mko does, but I can't find an example
#
kylewm
(basing that theory on his general support for oembed)
stream7, lukebrooker, Jihaisse, Pierre-O and cweiske joined the channel
dariusdunlap, ShaneHudson, stream7, alexhartley and eburcat joined the channel
eschnou, loic_m__, j12t, kensanata, dariusdunlap, alexhartley, lukebrooker, krendil, caseorganic, stream7, petermolnar, glennjones, glennjones_, csarven, LauraJ, JohnDuh, Pierre-O, jonnybarnes, adactio and ShaneHudson joined the channel
lukebrooker, erlehmann, tfontaine, mlncn, dariusdunlap and j12t joined the channel
Pierre-O, jeckman, lukebrooker, KartikPrabhu_ and alexhartley joined the channel
ben_thatmust__, lukebrooker, caseorganic, alexhartley, lukebrooker_, Erkan_Yilmaz, dariusdunlap, adactio, ShaneHudson and KartikPrabhu_ joined the channel
#
aaronpk_
ben_thatmust: i'm pretty excited to grep my access log to build the initial cache of potential vouch URLs
#
aaronpk_
then I realized I have 4gb of access logs because I never set up logrotate
#
petermolnar
4G log is not that bad, I ended up with .xsession-errors being 52G once :D
lukebrooker_ and KartikPrabhu_ joined the channel
#
ben_thatmustbeme
aaronpk_ haha, well, grep is fine handling large files, though i'd use sed |sort|uniq personally
#
ben_thatmustbeme
might take some time
#
aaronpk_
i've got time
#
ben_thatmustbeme
so i was looking at the specs for 449 on the train in this morning
#
ben_thatmustbeme
there are some more involved bits
#
ben_thatmustbeme
there is a header that should be set on retry and if received should never return 449
#
aaronpk_
where did you find that?
#
aaronpk_
I was having trouble finding any actual technical docs
#
ben_thatmustbeme
i'll find the link for you in a sec
#
ben_thatmustbeme
and also based on the description, we should in theory set it on source or target missing as well
#
ben_thatmustbeme
and finally the flow chart never checks that vouch is a valid URL either
#
aaronpk_
right now source or target missing is just a 400
#
aaronpk_
which I think is fine
#
aaronpk_
"bad request"
#
aaronpk_
oh yeah I mentioned that to tantek and he said it was implicitly in the vouch approval algorithm
#
aaronpk_
like you can't approve a vouch if it's an invalid URL
#
ben_thatmustbeme
if thats the case the its implicit in source approval algo too
#
ben_thatmustbeme
and the first step only needs test that target is valid url
#
aaronpk_
that's true
thierrymarianne joined the channel
#
aaronpk_
hm, I don't see a reason why we'd need to include the echo request/reply stuff
#
aaronpk_
also according to the algorithm, if a vouch is provided, the server would never return 449 anyway
#
ben_thatmustbeme
I think it might just be some specific on preventing it retrying over and over
#
ben_thatmustbeme
idea being "if its a retry, never tell it to retry again"
#
ben_thatmustbeme
s/never/don't/
#
Loqi
ben_thatmustbeme meant to say: idea being "if its a retry, don't tell it to retry again"
#
aaronpk_
yeah, but that would never happen anyway
KartikPrabhu_ joined the channel
#
ben_thatmustbeme
well, we are talking microsoft products :)
alexhartley and brianloveswords joined the channel
#
ben_thatmustbeme
i was trying to figure out if that ms-echo-reply actually is a good way to tell the client what fields are missing though
#
ben_thatmustbeme
as it shows some feild-value should be included
#
ben_thatmustbeme
thats as far as i got
#
aaronpk_
heh "The field value of the Ms-Echo-Request header is opaque. Its value MUST NOT be examined by the client..."
#
aaronpk_
the client is just supposde to echo that back
#
ben_thatmustbeme
i will still include the list of values that should be set as Reply With source, targer, vouch at least if someone hits the error they can dump the headers and find out what they are missing
#
aaronpk_
yeah I put that in the response body
#
aaronpk_
i don't think you should return 449 for missing source or target tho
#
aaronpk_
449 is explicitly for retry with vouch
#
aaronpk_
missing source or target is already defined by webmention as 400
lukebrooker joined the channel
#
ben_thatmustbeme
i think i have also given up the idea on having my vouch search point published. It would be cool to have that as you could look for vouches from any micropub client, but that also exposes an awful lot, especially since it does curls from the request
#
aaronpk_
yeah I think that's ok
j12t joined the channel
#
ben_thatmustbeme
oh and the search through your access logs isn't what will take a long time, validating that they are all good will
#
mlncn
http://industry-lab.com/ is the coworking space in Cambridge i am at if any holdovers from IndieWebCamp want to come by
#
ben_thatmustbeme
mlncn, i'm at work just across the river
#
aaronpk_
and I now have a database cache of all outbound domains in my posts so my vouch approval algorithm went from 3 seconds grep to milliseconds DB query
#
ben_thatmustbeme
avoids conversation of db vs flat file :D
#
aaronpk_
I said database cache :D
#
ben_thatmustbeme
I really need to add some test framework to my code base, opencart never came with any
gRegor`, willowbl00, lukebrooker_ and Garbee joined the channel
#
gRegor`
Morning, indieweb
willowbl00 and JohnDuh joined the channel
#
ben_thatmustbeme
morning gregor
chalettu, caseorganic, lukebrooker and mlncn joined the channel
#
@joeld
@gRegorLove @t That's a fantastic idea. We could just put <link rel="vouch" src="vouch.txt" />. Text file contains one approved site/line…
(twitter.com/_/status/521474917163106304)
#
gRegor`
I think he means publishing a list of the domains we trust to vouch? Not sure if that would cause problems or not
caseorganic joined the channel
#
gRegor`
Would make it easier for sender to find a vouch URL in common by limiting it to those domains.
#
ben_thatmustbeme
it would make it much easier on the sender for sure
#
gRegor`
I guess it would cause problems if you accidentally had a domain listed that should have been rel-nofollow, and a spammer could easily create an account on that site.
adactio joined the channel
#
ben_thatmustbeme
yes, but it also means you you have an easy way to review that list
#
ben_thatmustbeme
and remove as needed
#
gRegor`
True
#
ben_thatmustbeme
in fact i'd just do it as a page on my site that just didn't include header info, that way i can test if is_site_owner and display needed remove/block links
#
ben_thatmustbeme
and no chance of any of the header or footer messing up the list
#
ben_thatmustbeme
is why no header i mean
#
ben_thatmustbeme
for example my footer contains menus which show recents, etc
#
gRegor`
I might alter the vouch checking to not just be the domain, but anything below a certain path. So that way I could allow a vouch from @t but not @twitterspammer
#
gRegor`
Ah, right
rascul_ joined the channel
#
gRegor`
XVN: XHTML Vouch Network
eburcat_ joined the channel
#
ben_thatmustbeme
i need a method to week bad links out already from possible vouch list for myself, I have received referrer entries from t.co and indieauth.com
#
ben_thatmustbeme
at which my example with adactio started to show indieauth as a suggested vouch
#
rascul_
My sister really likes her known site i setup for her :)
#
ben_thatmustbeme
rascul_ excellent
#
ben_thatmustbeme
i'm going to try setting one up for my wife soon
#
rascul_
Now my sister's site is more functional than mine...
#
ben_thatmustbeme
ugh, I need to basically store regex for any sites i want to black list from vouch use (e.g. indieauth.com) since some i may have to do all subdomains and some not
wolftune joined the channel
#
cweiske
why regex?
#
ben_thatmustbeme
hmm, or maybe not
#
ben_thatmustbeme
block t.co i don't want to blog bat.com, if just straight equals, I do want to block www.t.co
#
ben_thatmustbeme
i think i can just normalize to no subdomain = *.t.co
#
ben_thatmustbeme
which should save me a lot of trouble actually
#
gRegor`
Is this in PHP, ben?
#
gRegor`
if ( parse_url($url, PHP_URL_HOST) == 't.co' )
#
cweiske
this does not match subdomains
#
gRegor`
Presuming you don't want to allow subdomains of anything you've blocked
#
ben_thatmustbeme
thats the bit, I want that to be optional
#
ben_thatmustbeme
i'll just add a flag for "all subdomains" or not
#
ben_thatmustbeme
i knew about the function, swear i did .... *goes to do some quick changes*
#
gRegor`
Oops, need to entity encode. ">^..^<" didn't cross-post to twitter correctly.
#
gRegor`
Heh, I only discovered that function in the last six months. I felt silly.
#
ben_thatmustbeme
well i know of parse_url, i didn't know the passing PHP_URL_HOST bit
#
ben_thatmustbeme
plus i tend to shy away from "parse_<noun>" if i'm just doing a quick check of something
#
ben_thatmustbeme
annoyingly parse_url requires https?:// at the beginning
Pierre-O, willowbl00, reedstrm, caseorganic, snarfed and loic_m joined the channel
#
@anomalily
Pretty cool to see this as the login on the front page of my wordpress login #indieauth #indieweb https://twitter.com/anomalily/status/521686069205426177/photo/1
(twitter.com/_/status/521686069205426177)
#
ben_thatmustbeme
damn, it needs to be some sort of specific mask
#
marclaporte.com
created /OpenHub (+400) "Created page with "The Black Duck Open Hub (formerly Ohloh.net) is an online community and public directory of free and open source software (FOSS), offering analytics and search services for disco...""
(view diff)
#
ben_thatmustbeme
or i'd say all subdomains of co.uk by accident at some point
#
marclaporte.com
edited /Tiki_Suite (+1) "https is better"
(view diff)
eburcat and lukebrooker_ joined the channel
#
marclaporte.com
edited /OpenHub (+103) "Please add any missing tags for protocols:"
(view diff)
#
marclaporte.com
edited /OpenHub (+2) "/* Todo */ line break"
(view diff)
KevinMarks joined the channel
KartikPrabhu_, ShaneHudson, paulfitz, chrissaad, davidmead, tilgovi, lmorchard and lukebrooker joined the channel
#
kylewm.com
edited /Known (+210) "/* Setup Known on nginx */ add my attempt at a nginx configuration"
(view diff)
gavinc joined the channel
#
ben_thatmustbeme
recordReferer, that is, just break it up by . and keep pulling off subdomains, if I ever hit, i discard the referer
tilgovi_ and mko joined the channel
#
ben_thatmustbeme
well damn, major problem for my set up, is how to send vouches for multiple people at the same time
#
ben_thatmustbeme
if I reference more than one person, i only have a vouch for one (with my implementation)
#
reedstrm
ben_thatmustbe - noun that verb! (sounds like a couch w/ a middle-european accent ...)
friedcell joined the channel
#
ShaneHudson
what is znc
#
Loqi
It looks like we don't have a page for "znc" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=znc
lukebrooker_ and thierrymarianne joined the channel
#
reedstrm
catching up on the weekend irc logs - sat. in Cambridge sounds like it was an awesome meeting! I reaaally need to spend some deep thinking time on how indiewebcamp, peer collaboration, and OER (openstax flavored) all fit together ...
#
reedstrm
The UWM 'give every student a domain' thing ++
#
reedstrm
tantek++ for live-ircing the demos
#
Loqi
tantek has 98 karma
Pea1 and tfontaine joined the channel
#
reedstrm
re: un-meeting org - sounds like 'start with demos, then schedule' is a good way to get over various common problems w/ 'schedule as very first thing'
#
gRegor`
reedstrm: There's a youtube archive of the demos too
#
gRegor`
And the sessions in the main room: http://indiewebcamp.com/2014/Cambridge/Live
j12t and reedstrm joined the channel
#
reedstrm
gRegor`: yup, figured that out from the chatlog, though I'm much more of a reader/skimmer than a vid-watcher.
#
reedstrm
hates it when the only doco for some setup is a video ...
chalettu joined the channel
#
waterpigs.co.uk
edited /silo (+66) "/* Perspectives */ added obligatory xkcd"
(view diff)
friedcell joined the channel
#
ben_thatmustbeme
aaronpk_ you might want to ignore homepages too or do something smart to find the permalink, if those end up in my vouches it could pretty much mean plenty of invalid vouches going out
Pierre-O, j12t, loic_m_, danlyke and thierrymarianne1 joined the channel
#
ben_thatmustbeme
huh, additionally https -> http url drops the referrer (probably because i redirect immediately to https
alexhartley joined the channel
#
@OnTheWebz
RT @t: #IndieWebCamp Cambridge hack day: * webmention with vouch receive flow chart * #indiecomms conditional Facetime button (ttk.me t4Ya2)
(twitter.com/_/status/521711551707750400)
lukebrooker and eburcat joined the channel
#
ben_thatmustbeme
what is exppad
#
Loqi
It looks like we don't have a page for "exppad" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=exppad
#
kylewm
who is eliemichel?
sammachin joined the channel
#
ben_thatmustbeme
well i have my ahh
lukebrooker and dariusdunlap_ joined the channel
#
ben_thatmustbeme
my vouch table set up
eburcat joined the channel
#
ben_thatmustbeme
just uning google analytics table and my webmentions table for all the history
lukebrooker, ShaneHudson and brianloveswords joined the channel
#
ShaneHudson
Ok, I think I've got my ZNC bouncer set up properly now :)
jet__ joined the channel
#
@kevinmarks
RT @anomalily: Pretty cool to see this as the login on the front page of my wordpress login #indieauth #indieweb https://twitter.com/anomalily/status/521686069205426177/photo/1
(twitter.com/_/status/521718098965983232)
#
ben_thatmustbeme
nevermind about the redirect, http->https just as long as you use 301 not 302, referrer is sent
cweiske joined the channel
#
reedstrm
oh, never noticed that diff for 301 vs. 302. What browsers have you tested this against? Doesn't seem to be specified in the relevant specs ...
#
gRegor`
301/302 preserving referrer depends on the browser, I believe.
KartikPrabhu_ joined the channel
#
gRegor`
Brief searching seems to indicate the RFCs don't specify referrer behavior for 301/302
#
PMurphs
uh
#
PMurphs
one is like permanent and the other one is temporary
#
ben_thatmustbeme
from what i saw, 301 is reliable, 302 is not
#
gRegor`
We're talking about the HTTP Referer header and whether it's preserrved
#
PMurphs
oh I thought this was a different channel
#
PMurphs
yeah
#
PMurphs
I realized that this was more technical than I could regurgitate like right after I hit enter
#
gRegor`
ben_thatmustbeme: Yeah, that's what I'm seeing as I dig into it more
#
ben_thatmustbeme
either way, i changed it, i redirect http->https with 301 now
#
gRegor`
That spelling of "referer" always bugs me. Don't know why they didn't just fix it.
#
ben_thatmustbeme
i always start second guessing myself or i forget that its misspelled and start always misspelling it
lukebrooker and alexhartley joined the channel
lukebrooker and tfontaine joined the channel
#
GWG
Good day, #indiewebcamp
#
gRegor`
Hi, GWG
#
GWG
Hello, gRegor
#
GWG
Did you enjoy the things that came out of IWC this weekend?
KevinMarks_ and willowbl00 joined the channel
#
gRegor`
Yeah, Vouch seems pretty cool, and Teapot
#
GWG
gRegor, though Teapot is reporting a lot more than I am inclined to bother sharing
#
ben_thatmustbeme
you don't want to share your coffee drinking habits?
#
GWG
I have an idea for something simple that it inspired me to.
#
GWG
ben_thatmustbeme, I don't like coffee
eschnou joined the channel
#
GWG
ben_thatmustbeme, do you want to know my eating habits?
#
GWG
I can see the value in analysis, but do you as an acquaintance of mine want to know?
#
reedstrm
oversharing: the real problem w/ the internet of things
#
reedstrm
reminded of first time parents ... "Little Billie's first boom boom!"
#
GWG
I have a simpler idea for the Pebble though.
#
GWG
I want to have it set up a post draft for me with the GPS coordinates that I can fill in later
#
GWG
Such as... I am having fun now, but I don't want to exit fun to ta
#
GWG
lk about it.
#
GWG
Here, let me press this button to remind me for later.
#
ben_thatmustbeme
i was going to guess mood
#
ben_thatmustbeme
would be easy to track
KartikPrabhu_ joined the channel
#
ben_thatmustbeme
i think i might fragment my MP client in to a ton of little ones, one simple thing per page, so that on mobile I can bookmark them all and save them in 1 folder
#
GWG
With the same menu presets idea.
#
GWG
Sort of like a pro photographers diary
#
GWG
Mood would work.
#
GWG
I am thinking of my upcoming vacation, I guess
#
GWG
Not that I will be doing something like this for then
#
GWG
But future...
#
GWG
ben_thatmustbeme, good idea.
#
GWG
Lower the barrier to posting
#
GWG
I have something like that on my list because it is easier than Micropub
#
gRegor`
I'm not interested in sharing everything, but I am interested in quantified self.
#
KevinMarks_
Did aaronpk invent that new app so he'd have a reason to use http error 418?
#
gRegor`
Heh, I was going to suggest it should return that somewhere.
#
GWG
gRegor, so the same thing, only with a private/public setting?
KartikPrabhu_ joined the channel
#
kylewm
KevinMarks++
#
Loqi
KevinMarks has 67 karma
#
KevinMarks_
Hm, when I try to post to known from teacup I get an error page
#
KevinMarks_
Message: Undefined variable: url
#
kylewm
I get a very exciting blank post https://kylewm.com/note/2014/10/13/1
#
ben_thatmustbeme
can record bathroom breaks that way at /
#
ben_thatmustbeme
damn, emoji were working on here before
alexhartley, kylewm, alexhart_, mlncn and tfontaine joined the channel
#
aaronpk_
kylewm: hm maybe it's not obvious that it doesn't send any "content" value
#
gregorlove.com
edited /bulshytt (+202) "/* Criticism */"
(view diff)
#
aaronpk_
which is probably why yours was blank
#
kylewm
aaronpk_: oh sure, i didn't expect anything else
tfontaine, lukebrooker and JonathanNeal joined the channel
marclaporte, snarfed, dariusdunlap, mlncn, petermolnar and KartikPrabhu_ joined the channel
shaners, KartikPrabhu_, mlncn, lukebrooker, loic_m__, loic_m_ and LauraJ joined the channel
snarfed, paulfitz, dariusdunlap and loic_m__ joined the channel
#
shaners
Very quiet in the channel today.
#
ben_thatmustbeme
everyone burned out from IWC this weekend?
fmarier joined the channel
#
aaronpk_
I wonder if it makes sense to send human-redable content so micropub endpoints sort of "fall back" to that if they don't understand the "p3k-food" field that is sent
#
aaronpk_
not burned out, just working on finishing my vouch code :D
loic_m_ joined the channel
#
ben_thatmustbeme
aaronpk_ you see my issue with sending vouch right now
#
ben_thatmustbeme
I can only send 1
#
marclaporte.com
edited /Tiki_Suite (+1018) "Tiki Suite & Tiki distinction"
(view diff)
#
aaronpk_
what's the issue?
#
shaners
i was up til 4am working on autolinking / embeds for notes. In The Zone.
#
ben_thatmustbeme
well I knew i would have to rip open the Lib, i'm using, but any links for mentions i won't have vouches for
#
aaronpk_
shaners: nice!
#
ben_thatmustbeme
I have a field for a vouch, but i only have 1 vouch, if i'm doing in-reply-to multiple people, it doesn't work
#
ben_thatmustbeme
basically i have to pay attention to every link now, not just one per post
#
shaners
aaronpk_ I knew it was out there (and i've read it before) but i didn't see it last night.
#
aaronpk_
ben_thatmustbeme: ah I see. that's just a problem with the interface thoe right? shoudl be easy to fix
#
aaronpk_
shaners: cool. looks like I didn't do flickr photos for some reason
#
shaners
but this is useful
#
ben_thatmustbeme
yes and no, its a burden on posting
#
ben_thatmustbeme
any post will have this problem
#
aaronpk_
how often do you reply to multiple people?
#
ben_thatmustbeme
not often yet, i do mention a lot of links in articles though
#
aaronpk_
well that sounds like a fun challenge
#
ben_thatmustbeme
i think a public endpoint of acceptable hosts as was discussed isn't actually a bad idea
#
ben_thatmustbeme
that way my webmention code doesn't have to hunt all over, and I should not even need an interface to post a specific vouch, the code can handle it all
#
aaronpk_
are there any security/spam implications with making that kind of index public?
KartikPrabhu_ joined the channel
#
ben_thatmustbeme
i think the only security would be you are no longer protected by the obscurity of it. I personally like the idea for giving myself a place to review the list so i can remove / block entries in ti
#
aaronpk_
KevinMarks: I fixed the weird $url error thanks!
#
ben_thatmustbeme
if i am considering some site as a authorized mention source, then its not like i'm opening up a hole by publishing the list, i'm still just as vulnerable to spam from those sources, but It does reveal to others that i have that security issue
#
ben_thatmustbeme
it could get really interesting to start pulling in your autorized sites's authorized list and check their lists for sites you have blocked, then you could automatically notify them of entries you would recommend against
#
@zakperic
I think I am in favor of What is the IndieWeb: http://indiewebcamp.com
(twitter.com/_/status/521754489679020032)
#
shaners
aaronpk: here's my working autoembeds so far:
#
shaners
I also have audio and video working too, but can't find post for either off hand
#
shaners
It was a good night.
#
Loqi
night night
#
shaners
Oh yeah. I thought I was gonna have to do some extra work for emoji but by the time I got around to it, I got it for free from the combination of Rails 4 + Ruby 2.1 + Postgres.
#
reedstrm
shaners: very nice
#
shaners
reedstrm thanks
#
reedstrm
apropos the Midwest consensus map - what sort of maps would include IL ,but not WI, IA, and MN? Hmm, perhaps they had 'Upper Midwest' as another region.
KartikPrabhu_ joined the channel
#
marclaporte.com
edited /Tiki_Suite (+12) "cosmetic changes"
(view diff)
#
shaners
Today I'm working on this list of autoembeds: tweets, gists, thisismyjam, wikipedia, indiegogo, kickstarter, bandcamp, medium, soundcloud, slideshare, speakerdeck, google maps
#
shaners
added a few based on your post, aaronpk
#
ben_thatmustbeme
i'm still hypnotized by jazz hands and swaying images
fmarier and jet__ joined the channel
#
danlyke
ben_thatmustbeme I support the notion of "I trust inbound links from the sites in this OPML file".
#
ben_thatmustbeme
OPML? does that really gain you anything
#
ben_thatmustbeme
a list of links works just as well
#
ben_thatmustbeme
plus is readable
thierrymarianne joined the channel
#
ben_thatmustbeme
i just can't decide if i want to make that list rel=nofollow or not
KartikPrabhu_ joined the channel
#
ben_thatmustbeme
pros or allowing follow, that page can be used as vouch URL for anyone on it. If I trust them to post on my site, I am going to vouch for them elsewhere also makes finding if I can use a person as a vouch for me super easy. cons, anyone can send a webmention on my behalf easily, with rel=no-follow its much harder, the person i've linked too should have been able to collect the referals already anyway.
loic_m__ joined the channel
#
ben_thatmustbeme
that page could also just be optional or need not even be complete (hide some connections, etc) its only to make receiving mentions from new people easier
erlehmann joined the channel
#
ben_thatmustbeme
maybe i'll have only those I trust / manually entered listed there, others can use links if them know them
#
ben_thatmustbeme
s/them know/they know/
#
Loqi
ben_thatmustbeme meant to say: maybe i'll have only those I trust / manually entered listed there, others can use links if they know them
krendil joined the channel
#
ben_thatmustbeme
with following, it becomes a duel purpose list, "here's a list of people I trust to not be spamming me" AND "Here's a list of people I trust to not spam others"
#
ben_thatmustbeme
vs with rel=nofollow its just the first
#
ben_thatmustbeme
actually i should rephrase the first to "here's a list of people I trust to not trust any spammers"
#
ben_thatmustbeme
s/trust any/link to/
#
Loqi
ben_thatmustbeme meant to say: actually i should rephrase the first to "here's a list of people I trust to not link to spammers"
snarfed joined the channel
#
gRegor`
I don't get the "con: anyone can send a webmention on my behalf easily" above.
#
ben_thatmustbeme
yeah, i couldn't quite figure out how to put that
#
ben_thatmustbeme
A links to B, and B links to C
#
ben_thatmustbeme
B publishes his list as described, without rel-nofollow
#
ben_thatmustbeme
hmm, actually i think i noticed it really doesn't matter
#
ben_thatmustbeme
i was going to say that the link from B to C is normally obscured unless someone indexes the site
#
ben_thatmustbeme
it doesn't need to be published openly as C always has the link from B's site
#
ben_thatmustbeme
and anyone could repeat webmentions from C to A without C's control
#
ben_thatmustbeme
but anyone can do that anyway with webmention
#
gRegor`
Yeah
#
ben_thatmustbeme
and with W+V if they find the link
#
ben_thatmustbeme
so I guess it doesn't really matter
#
ben_thatmustbeme
trying to think if there are any other disadvantages, but I don't really see any
#
ben_thatmustbeme
other than making it potentially too easy for spammers to crawl network since all connections are published
#
ben_thatmustbeme
and privacy concerns, which is why i'd say its optional
#
ben_thatmustbeme
i like the idea that I could check my neighbors to make sure they aren't allowing insecurity though
#
gRegor`
Spammers can crawl, but they still need a way to create content on the vouch-for-me URLs
#
gRegor`
I like the idea of expanding the vouch-for-me URLs to include paths, so I could list twitter.com/t instead of all of twitter.
#
gRegor`
Which I think would address Kartik's question earlier about getting Twitter like spam
alexhartley joined the channel
#
ben_thatmustbeme
i wouldn't trust twitter at all, links don't even include rel=nofollow
#
ben_thatmustbeme
and too much autolinking
#
ben_thatmustbeme
even if I limited it to a user page, there is still too much risk i feel
#
danlyke
ben_thatmustbeme OPML because those tools already exist.
#
gRegor`
Hmm
#
gRegor`
Maybe I need to start implementing this before I fully grasp it.
#
ben_thatmustbeme
danlyke, people first, machines second. plus parsers for html already exist too
#
ben_thatmustbeme
besides, you really don't need to fully parse it, you just care about href= and potentially rel=
#
gRegor`
If I have linked to twitter.com/t/* and tantek has linked to your ben.thatmustbe.me/*, why shouldn't I trust twitter.com/t/* as a vouch URL for you?
#
danlyke
ben_thatmustbeme yes, but the machines need to know that this is a list of trustworthy links.
#
gRegor`
Or I guess the problem then becomes what if tantek links to "look at these jerk spammers [link]" in a tweet...
#
danlyke
I've got heuristics which grab feeds from /irc-people and there's a lot of emphasis on human readable there, but trying to automate how to get those feeds from what's there is tough.
#
ben_thatmustbeme
gRegor` any time its a silo, I can't trust that they don't turn on side bars or promoted tweets, etc, I trust tantek not to post bad content, i don't trust twitter
brianloveswords joined the channel
#
ben_thatmustbeme
danlyke, they do, same way we know endpoints etc, you can just specify it as rel='vouch-list' or something like that
#
ben_thatmustbeme
or put it in the headers just like endpoints
loic_m_ and mlncn joined the channel
#
ben_thatmustbeme
danlyke, everyone should be using h-feed
#
ben_thatmustbeme
or a link that has h-feed tag so you know where it is (correct me if i'm wrong here guys, not as strong with mf)
#
shaners
ben_thatmustbeme danlyke not everyone wraps their .h-entrys in .h-feed
#
shaners
i do. i think it's nice. but some are team "infer an .h-feed as the array of .h-entrys".
KartikPrabhu_ and loic_m__ joined the channel
#
ben_thatmustbeme
i somewhat like that about the group, forces any code to watch out of odd cases, there will certainly be more as microformats2 spreads
jet___ and KevinMarks_ joined the channel
#
ShaneHudson
shaners: Could we not just say h-entry inside h-feed (especially if multiple on a page) is recommended?
#
shaners
i mean, that's what *I* recommend. but not everyone agrees.
#
shaners
what is h-feed?
#
Loqi
h-feed is a microformats2 experiment with a top level feed object to contain h-entry posts http://indiewebcamp.com/h-feed
#
shaners
if i remember right, one of the objections to it is the mf2 design principle of flatness.
#
shaners
mf1 had a fair bit of nestedness that confused people
#
ShaneHudson
That makes sense but I think if there are multiple *related* h-entrys then semantics say they should be contained by something
#
shaners
(not that .h-feed > .h-entry is a lot, but it's one more layer)
#
gRegor`
That's an interesting objection. h-adr is still listed as a legit option for h-card, I think
#
ShaneHudson
And avoids the case where you may have h-entry in a sidebar or something similar
#
gRegor`
s/option/nested option/
#
Loqi
gRegor` meant to say: That's an interesting objection. h-adr is still listed as a legit nested option for h-card, I think
#
shaners
ShaneHudson again, i agree. i use .h-feed. and i *definitely* would if i had multiple feeds on one page.
#
ben_thatmustbeme
i would say it can be recommended, but never assume people will do so
#
ShaneHudson
shaners: I didn't know about it, but makes perfect sense to use
#
ben_thatmustbeme
web code gets ugly, you should assume there will be people who don't
#
shaners
gRegor` correct
#
ShaneHudson
ben_thatmustbeme++ very true
#
Loqi
ben_thatmustbeme has 23 karma
#
shaners
not all nesting is gone in mf2, but it's a design goal to minimize nesting.
#
gRegor`
Gotcha
#
shaners
that said. i agree with what ben_thatmustbeme just said: recommend it, but don't assume it. infer it if .h-entry(s) are present without an .h-feed
#
gRegor`
I only have one h-feed so far, for my notes. It's linked from my <head> with rel=feed, so in that instance I think the h-feed makes sense as a "requirement"
#
gRegor`
My main use case for that is bridgy backfeed
#
ben_thatmustbeme
gRegor` I disagree, if its linked in the head as rel=feed i'd say there is more of an argument that its NOT needed
#
ben_thatmustbeme
any code parsing it would already assume its a feed of h-entries
#
gRegor`
Only if you're presuming the code is starting at my homepage.
#
gRegor`
What if you just put in my notes feed in your reader?
brianloveswords joined the channel
#
ben_thatmustbeme
then again, same as before, if it lacks h-feed and lacks rel=feed, i assume the URL i am given is the feed
#
ben_thatmustbeme
and just look for all h-entries
#
ben_thatmustbeme
in that way, h-feed is actually irrelevant unless you have h-entries you do not need/want in the feed
#
shaners
this conversation illustrates my initial point. i like .h-feed. i use it. but not everyone does all the time or ever. and that's ok.
#
gRegor`
Agreed
#
@SifuKeithMosher
Another great day of writing. My new book is almost writing itself (with a lot of guidance from me of course). #IndieAuthor #indieauth
(twitter.com/_/status/521771737122607105)
#
gRegor`
Anyone have a handy example of multiple h-entry not in an h-feed?
#
ShaneHudson
I need to re-mf my site. When I moved CMS I completely forgot. Not even got rel=me! Though indieauth still works somehow
#
gRegor`
Looks like Shrewdness handles it properly, as I was guessing it would.
#
shaners
ShaneHudson indieauth prolly has your rel-me sites cached from when you did have mf2 in your markup
#
ben_thatmustbeme
ShaneHudson, I started on WP and SemPress, grabbed the rendered html when I swapped over, so I know i have a lot of mf2 bits wrong
#
ShaneHudson
I need to get hold of a shrewdness account, think it would be very useful! Especially once I get micropub working
#
ben_thatmustbeme
i really need to go over it all
#
reedstrm
shaners: here's hoping it only falls back to the cached values if the current page has none ...
#
shaners
that's a question for aaronpk
#
ShaneHudson
reedstrm: You can ask it to rescan
#
ShaneHudson
shaners: Yeah you are right, dated August :)
#
reedstrm
There are two hard problems in Computer Science: Naming things, and cache invalidation :-)
#
shaners
and off by one errors
#
gRegor`
Odd... h-entry disappeared from my article template.
#
gRegor`
shaners++
#
Loqi
shaners has 12 karma
#
ShaneHudson
Do we have a page for auto-embedding content?
#
ShaneHudson
what is cards
#
Loqi
A card in the context of the indieweb are small information summaries—often summaries of specific, external web pages http://indiewebcamp.com/cards
#
shaners
what is autolink?
#
Loqi
An autolink is a hyperlink that was automatically added to some text to link that text to an obvious or useful destination, e.g http://indiewebcamp.com/autolink
brianloveswords joined the channel
#
ShaneHudson
Ok so the basics are there. Might be nice to get some discussion going about when to auto-embed, could be interesting.
#
ShaneHudson
Later that is, not right now haha
#
shaners
ShaneHudson feel free to ;)
#
ShaneHudson
Think I will add it to my list of itches :)
#
snarfed
apologies, late to the conversation…but re implied vs explicit h-feed, bridgy's original post discovery (using syndication links) currently expects it to be explicit
#
snarfed
we can definitely change that to work without explicit h-feed; we just haven't yet
#
snarfed
(cc kylewm)
#
shaners
snarfed: nice that you've already thought about this
#
snarfed
oh, duh, you're right. i misspoke; it doesn't require explicit h-feed after all
#
snarfed
kylewm++ , he implemented this part of bridgy
#
Loqi
kylewm has 67 karma
#
shaners
is it actually falling back to h-entrys or is that just a note that it *should* fallback
#
shanehudson.net
edited /card (+67) "Adding autolink to card's 'see also' section"
(view diff)
#
snarfed
shaners: looks like it falls back
#
shaners
grool. i don't read python very well. ;)
yakker joined the channel
sgreger joined the channel
#
KevinMarks_
So does https://teacup.p3k.io/known.kevinmarks.com/34 appearing mean it failed to post on my site?
bret_ joined the channel
#
KevinMarks_
Publishing a list of possible vouch urls sounds like a subscription list/blog roll variant
#
KevinMarks_
So an html list of links with rel on seems like a good existing pattern
snarfed joined the channel
#
KevinMarks_
Would adding rel="vouch" be redundant? If you link without rel="nofollow" it is already a vouch-worthy link
brianloveswords and caseorganic joined the channel
#
kylewm
is there a rel value for subscription list/blog roll?
#
gRegor`
@joeld's original idea was a rel-vouch to a text file of URLs, but it could be to HTML. I don't think it was intended for individual external links.
#
kylewm
like if i have your domain name, can i get to that list?
#
gRegor`
kylewm: I think the indiereader from Portland hack day used something like that.
#
gRegor`
There could be a difference between "my subscriptions/blog roll" and "sites I've linked to that I trust as a vouch" too
#
kylewm
gRegor`: the indiereader needed you to give it a particular URL of the subscription list
dariusdunlap, willowbl00, lukebrooker, caseorganic, snarfed1, caseorga_ and brianloveswords joined the channel
#
mattl
rascul, aaronpk, tantek_ -- it happened again. example of my kind of twitter 'spam' -- https://twitter.com/JordanRaanan/status/521639320449744897?refsrc=email
brianloveswords joined the channel
mlncn joined the channel
#
@almereyda
@tunda_hain Hast du egtl. schon @withknown ausprobiert? Sollte einfach zu installieren sein und #IndieWeb macht endlich Spaß! @indiewebcamp
(twitter.com/_/status/521792927451086848)
anomalily and KevinMarks__ joined the channel
#
KevinMarks__
so you should nofollow the subscriptions you don't vouch for?
caseorganic joined the channel
#
KevinMarks__
or you don't trust to vouch to you?
#
KevinMarks__
we had rel-directory, but that was the other way around: http://microformats.org/wiki/rel-directory
#
@tunda_hain
@almereyda @withknown @indiewebcamp ne noch nicht, bin aber auch dabei alles nen bisschen downzugraden. web 1.0 und so.
(twitter.com/_/status/521794260388294658)
#
cr
doesnt get ShortCircuit2 reference. the movie?
#
cr
why is description font like #ccc on #fff in http://2014.mozillafestival.org/proposals/
willowbl00, caseorga_, willowbl001 and dariusdunlap joined the channel
#
@withknown
It was great to see everyone at #indiewebcamp this weekend at MIT. Thanks to @mozilla, @esri, and @reclaimhosting for sponsoring!
(twitter.com/_/status/521802346607546368)
#
@ReclaimHosting
RT @withknown: It was great to see everyone at #indiewebcamp this weekend at MIT. Thanks to @mozilla, @esri, and @reclaimhosting for sponso…
(twitter.com/_/status/521802447388700672)
mlncn and danlyke joined the channel
#
ben_thatmust
yeah, rel-directory isn't right
dariusdunlap and erlehmann joined the channel
#
KevinMarks__
if you want a real legacy format for this, that would be XOXO http://microformats.org/wiki/xoxo though I would not recommend it these days
#
ben_thatmust
wonder if rel=blogroll would make sense
#
KevinMarks__
to point to what?
#
KevinMarks__
xfn was for marking up blogrolls
brianloveswords joined the channel
#
ben_thatmust
we want some way to tag a link to a page off the main page that would be our list of sites we authorize / trust / read whathaveyou
#
ben_thatmust
must like how rel=hfeed would indicate where to look for the true hfeed
#
@pwcc
@pfefferle Does your WordPress webmentions plugin replace the "Send trackbacks to" function with webmentions? Love the indieweb plugins :D
(twitter.com/_/status/521811753051500545)