#indiewebcamp 2014-11-30

2014-11-30 UTC
#
tantek hah re: Flickr selling CC-BY photos. And this is why I set my Flickr photos to CC-BY-NC back in the day (2005) - had a feeling something like this might eventually happen.
#
tantek KartikPrabhu: re: rel-bookmark testing - I believe I have a bunch of old blog posts in hAtom with rel-bookmark etc. - do you have a place where I can submit URLs and see the backcompat parsed uf2 JSON response?
#
KartikPrabhu tantek: looking
#
KartikPrabhu tantek: I haven't pulled the changes in yet. Maybe kylewm's parser endpoint does but failing to find the link at the moment
Sovereign1 joined the channel
#
tantek alright let me find you a test case
#
KartikPrabhu yeah that'll be great
#
tantek may want to also consider rel=tag as backcompat for p-category (similarly to rel=bookmark as backcompat for u-url)
#
tantek if we care to
#
KartikPrabhu aah yes nice idea. this also only for h-entry?
#
tantek correct
#
tantek being conservative per comment in that issue
#
tantek which should maybe be captured in a backcompat design principles thing somewhere?
#
KartikPrabhu yes. that'll be good
#
tantek wow apparently Brightkite (former check-in silo) died so badly it got squatted by a spammer
#
tantek KartikPrabhu: here's your test case, my last indie web blog post pre-Falcon: http://tantek.com/log/2008/08.html
#
tantek (so many broken links :( )
#
KartikPrabhu ha... will test it
#
@BirminghamIO Enabling Webmentions by sil http://www.kryogenix.org/days/2014/11/29/enabling-webmentions/ #PlanetBirmingham (twitter.com/_/status/538847900277944320)
#
tantek it's got those rel=tag tags too
#
tantek KevinMarks in particular would / will appreciate the rel=tag backcompat inside hentry
#
KartikPrabhu tantek: yeah your post works on my local copy. something is wrong on my production server but oh well :)
#
tantek hmm
#
tantek and if you want to try parsing *multiple* hentry on a page, try same URL but s/2008/2007
#
KartikPrabhu rel-tag is a good idea too
#
tantek it's likely pretty safe to support inside hentry only
wolftune joined the channel
#
KartikPrabhu yes. and I shold fix my production mfparser
#
tantek !tell aaronpk if you make me a co-host of the FB POSSE copy https://www.facebook.com/events/384152701741072 I can do the adding image thing etc.
#
Loqi Ok, I'll tell them that when I see them next
squeakytoy and KartikPrabhu joined the channel
#
@t @sil welcome! As inventor of #pingback your support is a huge milestone for #webmention. Let's see how soon this ... http://tantek.com/2014/333/t2/welcome-inventor-pingback-support-webmention (twitter.com/_/status/538868025509023744)
caseorganic and colintedford joined the channel
#
@linuxsidareja @planetubuntu: Stuart Langridge: Enabling Webmentions http://www.kryogenix.org/days/2014/11/29/enabling-webmentions/?utm_medium=twitter&utm_term=Planet+Ubuntu&utm_source=twitterfeed #arsipweb (twitter.com/_/status/538873744286949377)
chrissaad and thedod joined the channel
#
thedod hi
#
Loqi thedod: tantek_____ left you a message 1 day ago: are you now posting all notes/tweets/replies from your own site dubiousdod.org/indie and never directly to Twitter ? if so, add yourself to /ownyourdata#IndieWeb_Examples !
fahrstuhl, thedod and mdik joined the channel
#
@tnotm Been awhile twitter... been awhile. Just wanted to say #indieweb and that is all for now. (twitter.com/_/status/538881088643665921)
michielbdejong1 and KartikPrabhu joined the channel
#
dubiousdod.org edited /own_your_data (+1215) "/* IndieWeb Examples */ add thedod" (view diff)
#
dubiousdod.org edited /own_your_data (+72) "/* The Dod */" (view diff)
#
dubiousdod.org edited /own_your_data (-1) "/* The Dod */ typo" (view diff)
#
Loqi [mention] https://dubiousdod.org/indie/2014/11/added-myself-to-indiewebcamps-ownyourdata-page-t linked to https://indiewebcamp.com/own_your_data (webmention)
#
@TheRealDod Added myself to #IndieWebCamps #OwnYourData page @t: I hope I qualify :) https://dubiousdod.org/indie/2014/11/added-myself-to-indiewebcamps-ownyourdata-page-t (twitter.com/_/status/538891385928429568)
j12t, caseorganic, tantek, thedod_, snarfed and chrissaad joined the channel
#
owen1 tantek: i noticed you posted some stuff, but my pubsub client didn't recieve any messege ):
#
owen1 also something that i noticed - when i read your website, it's not easy to understand the conversations. let's take as an example the last item there.
#
owen1 @sil reasonable request. I wrote @cassisjs ellipsize_to_word for that.
#
owen1 @CSS3UI issue captured: https://wiki.csswg.org/spec/css3-ui#issue54
#
owen1 i had no idea what's goin on theree.
#
tantek did you click the permalinks?
#
tantek yeah I decided to include replies on the full composite feed
#
owen1 so i clicked on the date.
#
tantek right that's the permalink
#
owen1 and i found myself here: http://tantek.com/2014/333/t3/request-ellipsize-word-css3ui-issue
#
tantek so far so good
#
owen1 than i clicked on the link on the top - https://twitter.com/sil/status/537627213789949952
#
@sil Can I make text-overflow: ellipsis not break in the middle of a word? So "too long" becomes "too..." even if "too lo..." would fit? (twitter.com/_/status/537627213789949952)
#
owen1 and finaly i understood the conversation
#
tantek right - that link at the top in the grey rectangle is my very minimal /reply-context
#
tantek see http://indiewebcamp.com/reply-context#Levels
#
tantek it can of course be better, but it is better than nothing
#
tantek if you go back to my permalink there's also the additional nicety
#
owen1 but isn't http://tantek.com/ meant for humens?
#
tantek humans yes
#
owen1 sorry. with a (;
#
tantek on the permalink I also have a "View conversation …" link
#
owen1 think of how much time i spent. time and energy, to understand the conversation
#
owen1 time+energy and mouse clicks
#
tantek but you were able to
#
tantek better than not being able to at all
#
tantek that's the point
#
tantek ship and iterate
#
tantek even (especially) if imperfect
#
tantek never let imperfect stop you from shipping and iterating
#
owen1 oh. so it's a work in progress?
#
tantek the web is a work in progress
#
owen1 ahah
#
tantek the only thing which is not a work in progress is all the ideals in people's heads that they never ship
#
owen1 true
#
tantek speaking of
#
tantek owen1: add yourself to http://indiewebcamp.com/irc-people !
cmhobbs joined the channel
#
owen1 i am not sure if i am comfortable with it
#
tantek why?
#
owen1 let me click on that link and understand it better
#
tantek see this too: https://indiewebcamp.com/irc/today#bottom
#
tantek owen1: see also http://indiewebcamp.com/design#Incremental
#
owen1 tantek: i was thinking of privacy issues
#
tantek owen1 what is your personal site?
#
owen1 not sure what does it mean to add myself to that list
#
owen1 tantek: btw, i don't have my own domain, so i couldn't register to the indie site
#
owen1 i do have a site/blog - oren.github.io
#
tantek that's a good start!
#
owen1 and got pgp, twitter and github links with rel and all that is needed.
#
tantek do you want your personal domain/site?
#
owen1 why is it not letting me authenticate without a domain?
#
tantek because that's core to the indieweb - owning your identity
#
owen1 i already have a site and domain. why do i need a domain that I own.
#
tantek as long as you're on someone else's subdomain, you don't own your identity
#
owen1 oh
#
owen1 can i use a domain but change that domain in the future?
#
tantek you can use as many personal domains as you wish
#
tantek and for privacy / security reasons, there is no need to associate them either
#
tantek you can use them pseudonymously
#
owen1 so my domain can be whateverfoo.com
#
tantek that's the point - you have the agency to choose what personal domain you want
#
owen1 as long as it have the requirements for indieauth, right?
#
tantek we've tried to make those simpler than past personal site auth methods
#
tantek and are continuously iterating / improving based on experience
#
tantek but it all depends on you choosing to own your own identity online
#
owen1 is the idea of indieauth is to replace the current auth methods (openid/google/yahoo/user+password etc) ?
#
tantek what is indieauth?
#
Loqi IndieAuth is a way to use your own domain name to sign in to websites http://indiewebcamp.com/IndieAuth
#
tantek there you go
#
tantek feel free to ask any other "what is …" questions for more answers
#
owen1 ok. the ploblem is not many sites support indieAuth
#
owen1 also, i am not strong at cryptography. is indieAuth considered secure?
#
owen1 is online 24/7 but will be in front of a computer in 1 hour.
squeakytoy2 joined the channel
#
KartikPrabhu owen1: well not many sites support anything indieweb
chrissaad joined the channel
#
tantek owen1 - no the problem is - do you want to own your own online identity? or are you ok depending on silos for your online identity?
KartikPrabhu, ben_thatmust and caseorganic joined the channel
#
dubiousdod.org edited /own_your_data (-267) "/* The Dod */ 100% #ownyourdata including phone \o/" (view diff)
chrissaad and squeakytoy joined the channel
#
tantek thedod++ for ownyoudata even on mobile!
#
Loqi thedod has 5 karma
#
KartikPrabhu !tell tantek do I own my data on mobile if I don't use twitter on my mobile and don't post on my website from mobile either?
#
Loqi Ok, I'll tell him that when I see him next
#
thedod_ yo
#
KartikPrabhu yo
Kopfstein, squeakytoy2 and tantek joined the channel
#
tantek Loqi, please playback my messages.
#
Loqi tantek: KartikPrabhu left you a message 35 minutes ago: do I own my data on mobile if I don't use twitter on my mobile and don't post on my website from mobile either?
#
Loqi woot!
#
GWG tantek: Is that new?
#
GWG You can ask now?
#
tantek GWG, no it's a clever sleight of hand ;)
#
GWG tantek: Understood.
#
tantek I simply said something which woke up Loqi. I could have said anything. I just though it would look funny to ask and have Loqi comply.
#
tantek KartikPrabhu: it's a good question. Technically you do beause you're not creating any silo posts on your phone.
#
tantek s/beause/because
#
Loqi tantek meant to say: KartikPrabhu: it's a good question. Technically you do because you're not creating any silo posts on your phone.
#
KartikPrabhu haha :P
#
tantek I fit the same description.
#
tantek not creating any online content on my communicator
#
KartikPrabhu i just don't want all the nonsense social media apps on my phone
#
tantek I do read Twitter on my communicator via the mobile app and mobile website.
#
tantek and sometimes favorite things
#
tantek so I don't ownmyfavorites yet
#
KartikPrabhu aah faving counts are posting no?
#
KartikPrabhu cool
#
GWG I have a question for both of you.
#
tantek faving counts as a minimal bit of posting - since you're updating your favorites "feed"
#
tantek KartikPrabhu: therefore I ownmynotes and ownmyreplies, but I don't yet ownmyfavorites
#
KartikPrabhu true
#
tantek hence the distinctions between per silo, per post type, and per post type per silo https://indiewebcamp.com/wiki/index.php?diff=15794&oldid=15793&rcid=15814#How
#
tantek I mean: https://indiewebcamp.com/own_your_data#How
#
GWG I was mentioning I'm moving my site to a new VPS. And I was thinking of writing about it. But someone pointed out that writing about how you implement your server configuration was a potential security issue. I don't think it is, to a point, but how does one draw that line
#
KartikPrabhu no idea
#
tantek GWG it is a potential security issue because every piece of information you give a potential attacker about your setup helps narrow the space of weaknesses to explore.
#
GWG tantek: So, how do you share information without endangering yourself in that regard?
#
tantek you decide you're not a worthy target, or you decide you'd rather share publicly in the hopes that friends will warn you about any flaws before an attacker exploits them
#
tantek what is security?
#
Loqi security in the context of the indieweb may refer to security concerns regarding personal domains, web hosting, https setup, private data, identity etc http://indiewebcamp.com/security
#
GWG tantek: There is also the third part...never post 100% of information.
#
GWG Such as, do not post complete configuration files, only excerpts.
yakker joined the channel
#
tantek.com edited /security (+226) "emojicon, Web Hosting, fix headings, remove "content injection" handwavy theoretical. security should focus first on reproducible problems, rather than be distracted by hypotheticals" (view diff)
#
tantek What is 🔒?
#
Loqi security in the context of the indieweb may refer to security concerns regarding personal domains, web hosting, https setup, private data, identity etc http://indiewebcamp.com/%F0%9F%94%92
#
tantek :D
#
tantek.com edited /security (-3) "g recent activity" (view diff)
squeakytoy2 and KartikPrabhu joined the channel
#
colintedford.com edited /User:Colintedford.com (-348) "Created "Done" section." (view diff)
squeakytoy2, thedod_ and squeakytoy joined the channel
#
tantek.com edited /FreeMyOAuth (+12) "use twitter security for twitter oauths - seems appropriate" (view diff)
#
tantek.com edited /User:Tantek.com (+125) "/* working on */ community, /vouch" (view diff)
loic_m joined the channel
#
tantek.com edited /User:Tantek.com (+162) "/* working on */ document seamless reply UI approach" (view diff)
squeakytoy joined the channel
#
@cyon Bau Dir mit unserer ownCloud-Anleitung Deine eigene, selbstgehostete Dropbox-Alternative. http://www.cyon.ch/blog/archive/ownCloud?utm_source=cyon.to&utm_medium=social&utm_campaign=owncloud #ownyourdata (twitter.com/_/status/538968218602573824)
KevinMarks__, brianloveswords and j12t joined the channel
#
tantek.com edited /Blogger (+353) "add Data Export section with blogger2kirby script" (view diff)
#
tantek.com edited /User:Tantek.com (+65) "/* working on */ add URL for indieconfig to try out" (view diff)
KartikPrabhu and LauraJ joined the channel
#
owen1 can someone help with with loggin-in to http://indiewebcamp.com/irc-people ? i hit login it takes me https://indiewebcamp.com/Special:UserLogin
#
tantek owen1 - right - you need your own personal domain to login
#
owen1 i click login, it takes me to indieautho.com, i sign the challenge with my GPG key, i am sent to indieauth.com/success, it tells me 'You Successfully Authenticated!' i navigate to http://indiewebcamp.com/irc-people but i am not logged-in.
#
owen1 i would think that the redirect should be to the last url where i left indiecamp, which in my case /irc-people
#
tantek what's your domain?
#
owen1 maybe there is a bug with pgp?
#
owen1 tantek: gamelanguage.com
#
owen1 <link href="key.asc" rel="pgpkey"></link>
#
tantek hmm - might have to ask aaronpk
#
owen1 tantek: thank you!
#
www.kryogenix.org edited /IRC_People (+109) (view diff)
#
www.kryogenix.org created /User:Www.kryogenix.org (+68) "Created page with "is Stuart Langridge. See [http://www.kryogenix.org kryogenix.org]."" (view diff)
#
@xtof_fr Photographe sur #Flickr ? protégez vos oeuvres et optez pour une solution #indieweb http://www.dazeddigital.com/photography/article/22757/1/flickr-is-about-to-sell-off-your-creative-commons-photos /via @EricScherer (twitter.com/_/status/539009651170226177)
KartikPrabhu, LauraJ and j12t joined the channel
#
tantek.com edited /create (+286) "consolidate screenshots for creating posts" (view diff)
#
tantek.com edited /design (-151) "consolidate screenshots for creating posts" (view diff)
#
tantek.com edited /design (+495) "add experiments section with parallax example and warning" (view diff)
#
Loqi [mention] https://brid-gy.appspot.com/like/googleplus/108243663090085262773/z13wi31zpyr5vvlem22qudshituzyxg5e04/103838614558702115128 linked to http://indiewebcamp.com/Webmention (webmention)
#
tantek.com edited /Webmention (+167) "/* de-duplication */ examples" (view diff)
michielbdejong joined the channel
#
tantek !tell barnabywalters how did you solve the http vs https webmention matching problem that you mentioned back in September? http://indiewebcamp.com/irc/2014-09-15#t1410786447360
#
Loqi Ok, I'll tell him that when I see him next
daf, krendil, Erkan_Yilmaz, LauraJ, wolftune, loic_m and j12t joined the channel
#
@xtof_fr via @t : @sil l'inventeur du #Pingback active les #webmentions > http://www.kryogenix.org/days/2014/11/29/enabling-webmentions/ ...) when I write a post .. http://xtof.withknown.com/2014/via-t-sil-linventeur-du-pingback-active-les-webmentions-days20141129enabling-webmentions (twitter.com/_/status/539048556800114689)
#
@AaronGustafson RT @sil: Set up webmentions on my site. http://www.kryogenix.org/days/2014/11/29/enabling-webmentions/ Thank you to @voxpelli for assistance and @AaronGustafson and @adactio for i… (twitter.com/_/status/539050370992205824)
thedod_, danlyke and LauraJ joined the channel
#
@fczuardi RT @IndieHosters: Inventor of pingback jumps on the webmention bandwaggon http://www.kryogenix.org/days/2014/11/29/enabling-webmentions/ (twitter.com/_/status/539063294309720065)
#
Loqi [mention] http://www.webrocker.de/2014/11/30/fiddling-with-the-indie-web-pt4/ linked to http://indiewebcamp.com/webmention (webmention)
#
@fabricatorz RT @IndieHosters: Inventor of pingback jumps on the webmention bandwaggon http://www.kryogenix.org/days/2014/11/29/enabling-webmentions/ (twitter.com/_/status/539066702919524353)
j12t, friedcell, snarfed and chrissaad joined the channel
#
Loqi [mention] http://www.kryogenix.org/days/2014/11/29/enabling-webmentions/ linked to http://indiewebcamp.com/IRC_People (webmention)
#
aquarius winner.
#
aquarius ok, so that all works, and my WM to the irc_people page didn't get rejected, and it was vouched for.
#
aquarius Now: time to write a blog post. :)
#
aquarius if anyone's around and fancies looking at a thing in advance of the blog post, https://hash-for-vouch.herokuapp.com :)
#
snarfed aquarius++ awesome!
#
Loqi aquarius has 3 karma
danlyke, LauraJ and chrissaad joined the channel
#
Loqi [mention] http://www.kryogenix.org/days/2014/11/30/vouching-for-webmentions-hashing-for-vouches/ linked to http://indiewebcamp.com/Webmention (webmention)
#
Loqi [mention] http://www.kryogenix.org/days/2014/11/30/vouching-for-webmentions-hashing-for-vouches/ linked to http://indiewebcamp.com/Vouch (webmention)
#
Loqi [mention] http://www.kryogenix.org/days/2014/11/30/vouching-for-webmentions-hashing-for-vouches/ linked to http://indiewebcamp.com/irc/2014-11-29#t1417292682908 (webmention)
#
Loqi [mention] http://www.kryogenix.org/days/2014/11/30/vouching-for-webmentions-hashing-for-vouches/ linked to http://indiewebcamp.com/IRC (webmention)
j12t joined the channel
#
@sil After an interesting discussion yesterday about webmentions and Vouch, I built a service to help out http://www.kryogenix.org/days/2014/11/30/vouching-for-webmentions-hashing-for-vouches/ (twitter.com/_/status/539093414747574272)
#
aquarius post written
#
aquarius and Loqi noticed. :)
#
@TheRealDod I’ve uninstalled my Twitter app. Here’s the bookmarklet I use instead :) http://codepen.io/thedod/full/WbQQyy/ #IndieWebCamp #OwnYourData (twitter.com/_/status/539094006815539200)
#
@dnewns RT @sil: After an interesting discussion yesterday about webmentions and Vouch, I built a service to help out http://www.kryogenix.org/days/2014/11/30/vouching-for-webmentions-hashing-for-vouches/ (twitter.com/_/status/539094137199689730)
cmhobbs and brianloveswords joined the channel
#
@garyfleming RT @sil: After an interesting discussion yesterday about webmentions and Vouch, I built a service to help out http://www.kryogenix.org/days/2014/11/30/vouching-for-webmentions-hashing-for-vouches/ (twitter.com/_/status/539099724599799808)
#
@Chota1210 Vouching for webmentions; hashing for vouches http://www.kryogenix.org/days/2014/11/30/vouching-for-webmentions-hashing-for-vouches/ (twitter.com/_/status/539099924395089920)
#
aquarius Can I delegate webmentions to a different URL? That is: declare "if you're planning to send a WM to url A, instead please send them with a target of url B"?
#
aquarius I think I can't -- nothing in the spec about it
#
aquarius obviously I can build what amounts to a "proxy endpoint" where A says its endpoint is the proxy and the proxy connects to B's endpoint and passes the source and a target of B.
#
aquarius but that feels a bit hacky
#
@DigiRightsIL RT @TheRealDod: I’ve uninstalled my Twitter app. Here’s the bookmarklet I use instead :) http://codepen.io/thedod/full/WbQQyy/ #IndieWebCamp #OwnYourData (twitter.com/_/status/539102001326342144)
danlyke joined the channel
#
@planet_u_ng Stuart Langridge: Vouching for webmentions; hashing for vouches http://www.kryogenix.org/days/2014/11/30/vouching-for-webmentions-hashing-for-vouches/ (twitter.com/_/status/539103853296488449)
#
@LinuxLibraryNet Stuart Langridge: Vouching for webmentions; hashing for vouches http://www.kryogenix.org/days/2014/11/30/vouching-for-webmentions-hashing-for-vouches/ (twitter.com/_/status/539103887954051072)
#
kylewm aquarius: what's the use-case for redirecting wms from one target to another? i know it has come up with http vs. https before, but that generally feels like something that should be handled by the endpoint
#
Loqi kylewm: KartikPrabhu left you a message on 11/29 at 3:29pm: just confirming that the rel-bookmark change was field tested before I merge the changes
#
aquarius kylewm, use case: I'd quite like WMs sent to hash-for-vouch to actually end up on my blog post *describing* hash-for-vouch, because the blog is all set up to deal with WMs, display them, etc.
#
snarfed aquarius: kylewm: also, this would be mainly for when you don't own the wm endpoint, right? since if you do, you can just redirect to target B yourself
#
aquarius snarfed, yep, although I think that hardcoding magic handling for certain URLs into the endpoint is Not The Right Way To Do It :)
#
kylewm aquarius: ah! that makes sense. and you're right that there's no general way to do that if you don't control the endpoint
#
aquarius but my proxy idea won't work anyway because the eventual endpoint will check the source and say "you do not link to the target"
#
aquarius so I think you're right in that it'd need special handling
#
kylewm Could your blog post query webmention.herokuapp.com for the URL of the vouch-for-hash page when collecting comments?
#
aquarius specifically, an extra <link> element declaring what the "replacement" target is for this URL, every wm sender to send the "original" target and the "replaced" target, and the endpoint to understand this. This is all a lot of work for a pretty edgy edge case ;)
#
aquarius kylewm, ha! that's sneaky and a half
#
aquarius had not thought of that.
#
kylewm :)
#
kylewm !tell KartikPrabhu I think you already tested the mf2py rel-bookmark thing, but I double checked it here https://kylewm.com/services/mf2?url=http%3A%2F%2Ftantek.com%2Flog%2F2007%2F08.html and lgtm
#
Loqi Ok, I'll tell them that when I see them next
#
kylewm aquarius++ great work on the h-f-v implementation by the way!
#
Loqi aquarius has 4 karma
#
aquarius kylewm, cheers!
snarfed joined the channel
#
@benwerd Excited about my first Eurostar trip, not least because I'm going to talk about @withknown and the #indieweb at @Mozilla Paris on Dec 16! (twitter.com/_/status/539116968997961728)
#
@ensowhat RT @FSFEfrance: Mardi 16 décembre, introduction aux technologies IndieWeb et au logiciel Known avec @benwerd chez @MozillaParis http://t.co… (twitter.com/_/status/539117788632449025)
#
@mozilla_fr RT @FSFEfrance: Mardi 16 décembre, introduction aux technologies IndieWeb et au logiciel Known avec @benwerd chez @MozillaParis http://t.co… (twitter.com/_/status/539117788762492929)
#
@MozillaParis RT @FSFEfrance: Mardi 16 décembre, introduction aux technologies IndieWeb et au logiciel Known avec @benwerd chez @MozillaParis http://t.co… (twitter.com/_/status/539117788917673984)
wolftune, loic_m, j12t and tantek joined the channel
#
tantek.com edited /events/2014-12-03-homebrew-website-club (+28) "No Minneapolis this week AFAIK" (view diff)
#
www.kryogenix.org edited /Webmention (+235) "link to hash for vouch implementation" (view diff)
chrissaad and cmhobbs joined the channel
#
GWG That guy is really jumping on the bandwagon.
#
GWG That's great
#
aquarius I try. :)
#
aquarius can't guarantee my activity will stay at this level, but I thought yesterday's discussion was interesting and worthwhile putting together a little service to do what we were talking about
eschnou joined the channel
#
GWG aquarius: That your site?
#
GWG aquarius: Great to have you aboard
#
aquarius kryogenix.org is, yep
#
Loqi [mention] http://bd.summit.net/articles/2014/11/30/stuart-langridge-vouching-for-webmentions-hashing-for-vouches/ linked to http://indiewebcamp.com/Webmention (pingback)
#
Loqi [mention] http://bd.summit.net/articles/2014/11/30/stuart-langridge-vouching-for-webmentions-hashing-for-vouches/ linked to http://indiewebcamp.com/Vouch (pingback)
#
Loqi [mention] http://bd.summit.net/articles/2014/11/30/stuart-langridge-vouching-for-webmentions-hashing-for-vouches/ linked to http://indiewebcamp.com/irc/2014-11-29#t1417292682908 (pingback)
#
Loqi [mention] http://bd.summit.net/articles/2014/11/30/stuart-langridge-vouching-for-webmentions-hashing-for-vouches/ linked to http://indiewebcamp.com/IRC (pingback)
#
aquarius hm. Other useful feature here: find all the people who rob articles from my website and post them ;)
#
GWG aquarius: On one level, you should be flattered
#
GWG Someone thinks you are good enough to steal from
#
aquarius indeed
#
aquarius imitation being, and all that
#
GWG On the other level...how rude
#
aquarius I think I'm less flattered by the sites which just steal the stuff from my rss feed and display it on a page with ads around it, although I gave up the whack-a-mole game of trying to *stop* this sort of thing years ago :)
#
aaronpk aquarius: wow awesome that you launched hash-for-vouch already!
#
Loqi aaronpk: tantek left you a message on 11/29 at 4:39pm: if you make me a co-host of the FB POSSE copy https://www.facebook.com/events/384152701741072 I can do the adding image thing etc.
#
aaronpk I'm trying it out right now. it's doing a aloooooot of work!
#
aquarius aaronpk, spare day, and it's basically a one liner to verify a hash, and everything else is just turning it into a useful service ;)
#
aaronpk heh yeah. I often find it's the "everything else is just turning it into a service" that takes a lot of time :)
#
aaronpk I'm doing something simliar right now actually
#
aaronpk webdav -> flickr, then next is webdav -> micropub
cweiske joined the channel
#
aquarius ha, yeah. Work in the browser takes a bit longer, because it's a slightly slower environment, and because I'm paranoid about not locking up the UI so I chunk the work up quite a bit.
#
aquarius plus, the algorithm isn't deterministic; sometimes it takes a second and sometimes it takes 40 :)
#
aaronpk good call on showing the random "working" messages in the browser. makes me know the browser isn't frozen at least
#
aquarius it took me one single try of going "gah, has it frozen?" during testing to know that I should do that :)
#
aaronpk i'm gonna try sending myself a vouched webmention from your blog post
#
aaronpk I already got a webmention (pingback) from that bd.summit spam post
#
aquarius go for it. I was going to ask you about that; I did try sending one to one of your posts and it didn't work, but I was halfway through debugging everything and so just put it down to weirdness
#
aquarius but if I'm doing something wrong I'd be interested to know what :)
#
aaronpk what did you try?
#
aquarius I tried to WM http://aaronparecki.com/replies/2014/10/17/1/vouch; the detected endpoint was https://aaronparecki.com/webmention?token=(very long token) and the response was This Webmention endpoint has expired
#
aquarius but it wouldn't surprise me if the tokens die after one minute or after one request or something, and I'd done the endpoint detection once and then tried to send the WM with my script dying about sixteen times, so I assumed that it was just that
#
aaronpk oh yeah, my endpoints expire pretty quickly. Maybe I'll increase the timeout so that manual testing is easier
#
aquarius nah; it should all work from now on
#
aaronpk (that was another thought that might prevent some spam, but has yet to be determined if it's effective)
#
aquarius it didn't that time because when I write a post I extract the URLs, endpoint-detect on them, stash them, and then run a separate script which WMs everything in the stash list
#
aquarius but I had to *write* the script first ;)
#
aquarius hence the delay
#
aaronpk haha yeah
#
Loqi rofl
#
aaronpk out of curiousity, do you think that would make any difference in preventing spam? having short-lived webmention endpoints?
#
aaronpk curious to hear your perspective on it, cause you know...
danlyke and verdi_ joined the channel
#
aquarius I think it will help a bit. If in order to send you a WM I have to do a request immediately beforehand to get the endpoint, then that's more constraining than building up a huge list of target/endpoint pairs and then giving them to your botnet
#
aquarius however, in general, WM basically *needs* that fetch-endpoint-then-mention cycle anyway, so I have sorta assumed that spammers will just include it
#
aquarius but it *already* makes spam a less attractive target on webmentions
#
aaronpk i mean the same technique can be applied to pingback
#
aquarius (than on, for example, pingback)
#
aquarius yep. I am prepared to bet one hundred shiny English pounds that pingback spammers do not actually poll for your endpoint
#
aquarius they just go, ok here is a wordpress site, send pingback spam to /wp-xmlrpc.php or whatever it is.
LauraJ joined the channel
#
aquarius If you just renamed that file and updated your <link> I bet it'd kill half the pingback spam out there
#
aaronpk ha!
#
aquarius but having endpoints timeout kills half of what remains, because even if you crawl the web to discover pingback endpoints what you *want* to do is put them in a big list and give the big list to the botnet
#
aquarius and that doesn't work if the endpoints have vanished
#
aquarius this is why hash-for-vouch is pretty aggressive about making vouch pages disappear :)
#
aaronpk ah I was wondering about that. I got h-f-v URL #14 so I immediately tried to see what was on #13 :)
#
aquarius see /details for discussion about it :P
#
aquarius it is to avoid a spammer who does the 10 seconds of computation to get a page vouched for and then alters that page to have one billion URLs on it and sends vouched WMs from it. :)
j12t joined the channel
#
aaronpk hah makes sense
#
aquarius aaronpk, let me know if h-f-v somehow fails to do what it's meant to when you're using it to send vouched WMs :)
brianloveswords joined the channel
#
aaronpk cool. will try in a bit after I launch this thing :)
danlyke joined the channel
#
GWG is tempted to change his pingback link to see what happens
j12t, verdi_, parzzix and krendil joined the channel
#
aaronpk done! https://skitch-to-flickr.p3k.io/
friedcell and KevinMarks_ joined the channel
#
cweiske re skitch: I use shutter together with my shutter scp plugin to publish (annotated) screenshots
#
Loqi cweiske: tantek left you a message 2 days, 3 hours ago: if you're looking for an opportunity to criticize or harshly double-check h-entry *or* hentry adoption, what *would be* useful is checking to see if anyone *dropped* usage, e.g. check http://microformats.org/wiki/hatom-examples-in-wild#examples_by_category and note which (if any) no longer support it.
#
aaronpk nice! I don't think shutter works on osx tho right?
#
cweiske it's perl
#
cweiske I don't see osx packages on http://shutter-project.org/downloads/
#
aaronpk next step is skitch to micropub
#
bret screenshots tend to be pretty disposable in my experience, i just use dropbox
#
aaronpk disposable? I screenshot stuff as an archive all the time
#
cweiske tantek, why did you highlight "They were quite inefficient" but not the following "old scripts" in http://indiewebcamp.com/feed#HubMed ?
#
bret for me ;)
#
cweiske I love to look at 10year old screenshots to see what my computer looked back then
#
bret i mainly use them to be like "this is what I see on my screen"
#
aaronpk I think of it more as taking a picture but with my computer instead of a camera
#
bret lol mine from 2005 https://farm1.staticflickr.com/28/39993137_2b57aa220a_o.jpg
#
aaronpk aww trillium
#
cweiske http://fotos.cweiske.de/screenshots/2007-04-23%20senderPhoto.png
#
cweiske the days I used KDE
#
cweiske and wrote java http://fotos.cweiske.de/screenshots/2006-08-30%20desktop.png
caseorganic joined the channel
#
@rubygems omniauth-indieauth (0.1.2): IndieAuth adapter for OmniAuth http://rubygems.org/gems/omniauth-indieauth (twitter.com/_/status/539162484754886657)
#
aaronpk ohai
#
cweiske again without federation support :/
#
aaronpk that gem is specifically for indieauht.com
#
aaronpk although you can point it at your own https://github.com/aaronpk/omniauth-indieauth#using-a-custom-auth-server
#
@rubygems omniauth-indieauth (0.1.3): An OmniAuth strategy to allow you to authenticate using http://t.co/hCGcchr8bj. http://rubygems.org/gems/omniauth-indieauth (twitter.com/_/status/539165150721626112)
aral, LauraJ, lukebrooker and herbsmn joined the channel
#
aquarius aaronpk, aha, finally got a chance to try a webmention to your site vouched for by hash-for-vouch and it says, vouch URL is not approved, which is I suppose fair enough, and should hopefully leave it in your database so you can decide whether or not to approve in future :)
thedod joined the channel
#
thedod OHAI
#
thedod catches up...
sammachin joined the channel
#
thedod_ a lot to read:
#
thedod_ what is vouch?
#
Loqi The Vouch protocol is an anti-spam extension to Webmention. Webmention with Vouch depends on understanding Webmention http://indiewebcamp.com/Vouch
#
thedod_ reads
#
thedod_ meanwhile, #TIL how to use a bookmarklet on a mobile. so simple it's stupid: https://dubiousdod.org/indie/2014/11/i-ve-uninstalled-my-twitter-app-here-s-the-bookmarklet
lukebrooker, chrissaad and friedcell joined the channel
#
aaronpk aquarius: aha cool! if I post a note that links to http://hash-for-vouch.herokuapp.com/ then it'll add that as an approved vouch. One sec.
#
aaronpk re-processed and there it is!
#
aquarius magnificent victory!
#
aaronpk that's awesome
#
aquarius check that out. VOuched for by hash-for-vouch. Well done, hash-for-vouch; all your little dreams are achieved. :)
#
aaronpk hm, one thought. maybe you could make the vouch URL show a message like "there used to be a vouch here but here's why it's gone now" instead of just 404 not found
#
aquarius I note that the URL you link to will disappear, though...
#
aaronpk since I link to the vouch URL
#
aquarius yeah
#
aquarius just realised that
#
aaronpk thumbsup
#
aquarius the issue is that I don't *know* that one used to be there, because I delete the database record, so I don't end up with a zillion database records :)
#
aaronpk heh
#
aaronpk well if you are generating sequential numbers, you could just keep track of the highest number that's been deleted somewhere
#
aaronpk and anything less can be assumed to have existed at some point
#
aquarius and if I say: it has an ID less than one that already exists, then the postgres gods come around and hit me with sticks ;)
#
aaronpk indeed
#
aquarius ha!
#
aaronpk if you use self-encoded tokens instead of IDs you can avoid the database altogether
#
aquarius um
#
aquarius do explain?
#
aquarius anything including the phrase "avoid the database altogether" is pretty much guaranteed to get my interest, but I'm not sure how it's doable in this case :)
#
aaronpk make the vouch URL something like http://hash-for-vouch.herokuapp.com/vouch/{base64(payload).sha256(payload+secret)}
#
aaronpk where payload is the vouch URL and whatever else you need
#
aaronpk I use JWT for this, but any sort of signature thingy will work
#
aaronpk if you look at my webmention endpoint URLs, you'l see what I mean
#
aaronpk eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJub25jZSI6MTQxNzM4Njk5NS42OTUxLCJleHAiOjE0MTczODcyOTV9._R0Yc8x5_1av04uFr1hKnttnQtL0LYQIDXnvyv6KuQE
#
aquarius hrm.
#
aaronpk split on "." and take the middle chunk and base64-decode it
#
aaronpk {"nonce":1417386995.6951,"exp":1417387295}
#
aquarius it is not possibly to kill a vouch url after a certain number of hits, that way, though
#
aaronpk correct
#
aquarius (I can kill it after *time*, but not after hitcount)
#
aquarius and I deliberately kill vouch URLs after four hits, to avoid the vouch-for-a-million-url-page issue
#
aaronpk if you assume a vouch URL will be used within some time period like 2 hours, you could cache the hits in memcache or something
#
aaronpk but that's kind of a database
#
aquarius I could, I suppose, yeah, but at that point I've got a database, basically; it's just stored in memory ;)
#
aaronpk the pure self-encoded token method is neat because it requires no database and no shared state. but it's a tradeoff.
#
aquarius my desire to avoid databases is because they're an annoying separate dependency :)
#
aaronpk yeah
#
aquarius I like the token method, indeed
#
aquarius but the hitcount thing is, I think, vital.
#
aquarius because it protects against this attack:
#
aquarius I, Mr Spammer, create a page with a million webmention-accepting URLs on it, and then do the computation required to make h4v vouch for me, which takes 30 seconds
#
aquarius then I send a million webmentions, all with source:my-million-urls-page
#
aquarius h4v vouch pages time out in 3 minutes, but you can probably send a million webmentions in three minutes if you've got a botnet.
#
aquarius *but* every webmention endpoint will hit the vouch url (well, they will if they care about being vouched for)
#
aquarius and so after the first four, the vouhch URL goes away and the other 999,996 URLs don't get spammed because they try to verify the vouch url and it's gone.
#
aaronpk so why 4?
#
aaronpk I often have more than 4 links in a blog post for example
#
aquarius hm. 'Cos it was small enough that it gives you a chance to check the vouch url once for paranoia, and then use it, and have a couple of spares.
#
aquarius I generate one vouch url per target, not one per source
#
aquarius but you're right
#
aquarius I should jack that number up higher so it can be used once per source, shouldn't I?
#
Loqi yea!
#
aquarius I mean, if it was 20 it'd still do a good job stopping spam
#
aquarius and it'd let you use one per source, and you can always ask for two if you've got 21 outgoing links in a post
KevinMarks__ joined the channel
#
aquarius aaronpk, done; old vouch pages now say that they used to exist and why they no longer do :)
#
aquarius and you get twenty hits on a vouch page, not 4.
#
aquarius I should really fix my outgoing script to use one per source rather than one per target now :)
#
Loqi yea!
#
aquarius but I'm adding event source stuff to voxpelli's webmentions endpoint first
#
aaronpk :)
#
aaronpk awesome
#
aaronpk ooh eventsource, neat. I was playing with that as well.
#
aaronpk ran into some weird issues with it on php+nginx+osx
#
aquarius that's punishment for using nginx.
#
aquarius I am an Apache person ;) or just node :)
#
aaronpk haha
#
voxpelli is intrigued by possible future PR:s to his code :)
#
aquarius voxpelli, am just trying to work out how the hell I create a fork and push to it, since I just cloned your main repo
#
aquarius I hate git.
#
GWG What's wrong with Nginx?
#
GWG Nginx + OSX sounds a bit weird
#
voxpelli aquarius: git remote add a-name git:a-url
#
aquarius voxpelli, oh, so I can go and fork on github and then add my fork as a new remote?
#
voxpelli aquarius: git push a-name a-branch
#
aquarius didn't think of that.
#
voxpelli Yes :)
#
aaronpk i added a lame but functional signup form for webmention.io!
#
aaronpk now you can create your own account
#
aquarius too late, man, I'm already with voxpelli. you snooze, you lose. ;-)
#
aaronpk :)
#
aaronpk mine still doesn't do styled comments or anything. just has an API
chrissaad and lukebrooker joined the channel
#
aquarius voxpelli, https://github.com/voxpelli/webpage-webmentions/pull/14
#
aquarius I expect it to not land precisely as it is, but it will hopefully provide a useful starting point if nothing else
#
aquarius and then I can implement an eventsource-to-google-talk gateway and Never Miss Someone Talking About My Site Ever Again
#
aaronpk webmention.io supports IRC and jabber notifications. just sayin' ;-)
#
aquarius ha! let the fight begin
#
aquarius two men enter, one man leaves. :)
#
aaronpk just kidding. the source code supports jabber+IRC, but I'm only running the IRC gateway on webmention.io
#
voxpelli aquarius: awesome! thanks :) really appreciate the PR:s!
#
aaronpk someone else added the jabber bot
#
aquarius is gtalk still xmpp enough that you can send jabber messages? or did they go full proprietary?
#
aquarius I don't really want to run a whole phone app *just* to get notifications of wms to kryogenix.org; even I am not that vain, although I admit I'm close.
#
aaronpk some day I will make this http://indiewebcamp.com/mention-app
#
voxpelli aquarius: as last time – please remind me if I forget the PR :) getting late here so will have to take a look tomorrow or so
#
aquarius reads
#
aquarius aaronpk, not sure I get it. How does the app's server know that my site has got a notification?
chrissaad joined the channel
#
aaronpk it would either poll the mention URL or subscribe to it via PuSH
#
aquarius I mean, I've just added an event-source to voxpelli's wm endpoint, and I just made up the URL for it
#
aquarius should I have done that as a PuSH thing? I don't understand PuSH :)
#
aaronpk nobody really does :)
#
aaronpk except maybe julien
#
aaronpk this would rely on your webmention endpoint publishing a URL of all mentions received. for example here's mine http://aaronparecki.com/mentions
#
voxpelli PuSH is server-to-server, EventSource server-to-client I would say
#
aaronpk (doesn't have to be on your domain of course, that could be generated by http://webmention.herokuapp.com/ )
#
aquarius aaronpk, and how does the server know what *format* that endpoint is in? I mean, http://aaronparecki.com/mentions is HTML. https://webmention.herokuapp.com/api/mentions?site=kryogenix.org is JSON. There's no standard for what those feeds should look like, right?
#
voxpelli There is support for such lists in my endpoint, but not in any good standard format yet – something I would like to solve
#
aquarius or should webmention.heroku also be publishing an HTML-formatted list with h-entrys in it?
#
aaronpk microformats-2
#
aaronpk yeah, a bunch of h-entry posts
#
aaronpk http://indiewebcamp.com/mention-app#h-feed_parsing
#
voxpelli There are plenty of standards – microformats, rss/atom, activitystreams json or atom :)
#
aquarius :)
#
aaronpk the idea with h-entry of course is that the page would look good to you reading it in a browser, and also is machine-readable for use by other things like the app
#
aquarius sure
#
aquarius I get that, certainly
#
aaronpk the idea with PuSH is that you can subscribe to my http://aaronparecki.com/mentions page by telling my hub "subscribe to this page and notify me at this URL when something is added"
#
aaronpk then when my site adds a new mention, I ping my hub, which then pings all the subscribers
#
aquarius and I understand that it's nice to have one endpoint with data which is both machine-readable and human-readable. But I'm not convinced that I want APIs to start returning HTML that I have to parse rather than JSON :P
#
@itsneal @kaequan I've been thinking of replacing Wordpress with @withknown, an interesting indieweb platform - https://withknown.com/developers/ (twitter.com/_/status/539199659701305344)
#
aaronpk i think that's the misleading thing. you still have to parse JSON, you just don't realize you're doing it
#
GWG Someone is thinking of leaving WordPress...
#
GWG This is a job for the WordPress Outreach Club.
#
aaronpk nobody parses JSON by hand. they use a library which parses the text and turns it into native data structures. nobody parses HTML by hand either. they use an mf2 parser which turns it into native data structures
#
aquarius JSON.parse(string). Yep, that's hard work, but someone else has already done it for me. Having to include a library is pretty annoying, especially if I'm doing it client side :)
#
aaronpk MF2.parse(string)
#
aquarius ReferenceError: MF2 is not defined.
#
aquarius But I understand your point :)
#
aquarius nobody has written a thing which gateways event-source data into xmpp! what is this, the Middle Ages?
#
aquarius bah. Have to do it myself :)
KartikPrabhu and tantek joined the channel
#
aaronpk good afternoon tantek!
#
tantek good afternoon!
chrissaad joined the channel
#
tantek feels compelled to say the needs of the publishers outweigh the needs of the parsers.
cmhobbs joined the channel
#
aquarius tantek: I *broadly* agree (that the needs of the publishers outweigh the needs of the parsers; more importantly the needs of the *consumers* outweigh the needs of parsers, no?), and there's certainly some merit in basically saying "away with machine APIs! let us always use human-readable data with appropriate markup! no JSON for us!". But that's a reasonably hard sell, especially since we've been talking about it
#
aquarius for years and basically nobody does it. :)
#
aquarius oh, darn.
#
KartikPrabhu Loqi: playback...
#
Loqi KartikPrabhu: kylewm left you a message 6 hours, 34 minutes ago: I think you already tested the mf2py rel-bookmark thing, but I double checked it here https://kylewm.com/services/mf2?url=http%3A%2F%2Ftantek.com%2Flog%2F2007%2F08.html and lgtm
#
Loqi woot!
KevinMarks__ joined the channel