#indiewebcamp 2014-12-07

2014-12-07 UTC
lupinedev1, snarfed, j12t, indie-visitor, Yaso, yaso_, Haxxa, caseorganic, wowaname, GWG, mdik, tantek and DanC_ joined the channel
#
DanC_
I gotta start reverse-syndicating my stuff to madmode.com; e.g. https://www.codementor.io/tips/8242643197/how-to-read-time-with-scanf-in-c
KevinMarks joined the channel
#
KevinMarks
So it's xmaslabels.com time again. What is the indieweb way to store addresses for printing?
#
DanC_
hcard, no?
#
aaronpk
oh neat
#
Loqi
tantek: ben_thatmustbeme left you a message 1 day, 11 hours ago: well I could still be the first to process a person-tag
#
tantek
ben_thatmustbeme: yes!
#
DanC_
hunts for his xmas labels code...
#
aaronpk
doesn't send anything out for xmas. does that make me a bad person?
#
tantek
not it just means you're being carbon conservative ;)
#
tantek
which is a good person :)
#
GWG
I don't send anything out either.
#
GWG
But I have a good excuse
#
KevinMarks
Does anyone store postal addresses for other people in hcards?
#
DanC_
looks like my code dates from when I used a danger hiptop; sync'd the data to RDF, converted to HTML, then to the text input format to http://glabels.sourceforge.net/ using http://dev.w3.org/cvsweb/2001/palmagent/labels.kid
simonv3 joined the channel
#
DanC_
wouldn't you naturally store your addressbook in hcard?
#
tantek
in fact there is already software that does
#
tantek
see microformats.org/wiki/hcard-implementations
j12t joined the channel
#
DanC_
stuff like google contacts will spit out vcard, and uf stuff will convert that to hcard
#
DanC_
(for those of us who have sold our souls to google)
#
DanC_
kid was a precursor to genshi
#
DanC_
bummer... all the tests suites linked from http://microformats.org/wiki/hcard-tests have gone poof
addal joined the channel
#
DanC_
manages to un-earth his uf wiki login... http://microformats.org/wiki/User:DanC
addal joined the channel
#
KevinMarks
I dump the google contacts as csv 'cos that was easier to parse quickly
lupinedev1 joined the channel
#
DanC_
yes, CSV is a real workhorse.
#
DanC_
at the PyData conference, I learned that compressed CSV is the best known way to get bulk data from back-end to front-end. Quicker to decode than JSON, evidently.
#
DanC_
"There is very little actual indieweb ActivityStreams support" really? bummer.
#
DanC_
I hoped there were ActivityStreams tools to help me reverse-syndicate my github activity, tweets, etc.
#
rascul.io
edited /User:Rascul.io/ssl (+4) "/* Nginx Configuration */ fresh tune on the ciphers"
(view diff)
cmhobbs and snarfed joined the channel
#
aaronpk
DanC_: there are some php tools for turning various silo posts into h-entry posts
yaso joined the channel
#
DanC_
"PSR-0 autoloadable"?
#
aaronpk
basically means you can install it via composer, the php package manager
#
snarfed
DanC_: it doesn't support github yet, but i assume you've seen http://github.com/snarfed/activitystreams-unofficial
#
DanC_
no...
#
snarfed
converts fb, g+, twitter, and instagram to mf2 html and json
#
snarfed
linked farther down on that AS wiki page
#
DanC_
well! that's pretty much what I hoped for! so much for "... very little actual indieweb ActivityStreams support"!
#
snarfed
:P we should revise that language
#
aaronpk
what is Activity Streams?
#
aaronpk
oh hey it's already linked there
#
snarfed
it also supports the other direction, ie if you post a reply/like/retweet/etc as mf2 html or json, it can publish that into the silos using their APIs
#
aaronpk
feel free to make it more prominent on that page
#
snarfed
aaronpk: yeah, i meant revise the "very little…support" language
j12t joined the channel
#
DanC_
well, tonight's hack works in one case: https://bitbucket.org/DanC/madmode-blog/src/tip/sync_codementor.py 669df53
KartikPrabhu joined the channel
#
snarfed.org
edited /ActivityStreams (-205) "revise language, promote as-unofficial"
(view diff)
j12t_ joined the channel
simonv3 joined the channel
#
snarfed
any rubyists around?
#
DanC_
argh! codementor doesn't give a published date unless you're logged in
#
DanC_
not even an http last-modified
simonv3, LauraJ, j12t, rknLA, eschnou, elima, bigbluehat, Garbee, marcthiele and indie-visitor joined the channel
#
Loqi
Welcome, indie-visitor! Set your nickname by typing /nick yourname
KartikPrabhu joined the channel
#
@checkdisout
Come on, people! Let's bring this one home: @indie 92% funded, THREE DAYS to go, $ 92,464 donated. https://ind.ie/ #indieweb @indie
(twitter.com/_/status/541539456566960128)
catsup, Phae, benward_____, tommorris, j12t, JonathanNeal, elima, krendil, bret, mattl, jden, Pierre-O, Kopfstein, bigbluehat, simonv3, Pierre-O1, petermolnar, hadleybeeman, rknLA, KartikPrabhu, mlncn-agaric, Garbee, benjamin-agaric and cmhobbs joined the channel
#
GWG
Something is probing a webmention endpoint on a site that has webmentions set up but has never received any.
#
GWG
I hope this is just reading the link in the page, and bots haven't learned about it
KartikPrabhu, j12t, sammachin and tantek_ joined the channel
#
GWG
Good morning, campers
#
tantek_
Eg is indieauth vulnerable to this attack?
#
tantek_
Good reason to use different email address with every site that asks for one.
#
aaronpk
hahaha
#
Loqi
rofl
#
aaronpk
that's classic
#
aaronpk
the problem has little to do with OAuth, mostly has to do with matching up accounts from various OAuth providers
#
GWG
Tantek, the administration of that is a pain though
#
tantek_
GWG nope. I have a bookmark on my mobile browser to create a new email forward. Easy.
#
aaronpk
i create new email forwarding address all the time, so much so that i'm about to make a little web interface for it so that I don't have to edit my mysql DB of email forwarding rules with my osx gui
#
tantek_
And lastly I saw something resembling this attack yesterday when someone created a FB account with my gmail which has never been used on FB before.
#
tantek_
I was able to stop it by clicking the "I did not create a FB account" link in the confirmation email.
#
GWG
I can alias easily, I just can't remember them.
#
aaronpk
basically the way providers can prevent this attack is requiring users to be signed in when connecting other OAuth providers
#
tantek_
But not before receiving ~20 "so and so is now your friend" emails
#
aaronpk
and OAuth providers can be responsible by not returning email addresses in ID responses if the email address is "unconfirmed"
#
tantek_
Thats the key.
#
tantek_
Which OAuth providers have been doing that (returning unverifued emails)?
#
aaronpk
linkedin, amazon, according to that article
#
tantek_
regardless, a good reason not to use email as an identifier fof users
#
aaronpk
unfortunately this isn't even covered in the OAuth 2.0 spec because OAuth is not an identity mechanism, so doesn't even say what to do about returning identity information
#
tantek_
Aaronpk that sounds worthy of you blogging as a correction to that article.
#
tantek_
It was just published today.
#
tantek_
Also anyone got the link for amazon's OAuth what apps are using this page?
#
tantek_
need to add to /FreeMyOAuth
#
aaronpk
oh wow I found it. it's buried
#
aaronpk
it's called "Manage Login with Amazon"
#
aaronpk
it's good though, it includes an english description of the scopes granted
#
aaronpk
the actual article explains the OAuth situation correctly
#
aaronpk
"Today, most social login implementations are based on the OAuth 1.0 and 2.0 authorization protocols, extended to support authentication."
#
GWG
I'm still trying to figure out where I can switch to certificates for authentication.
#
aaronpk
"extended to support authentication" is the key part there, since OAuth 2.0 does not actually do that
#
aaronpk
http://oauth.net/articles/authentication/ "OAuth 2.0 is not an authentication protocol."
KartikPrabhu, wolftune, jonnybarnes, lupinedev1, j12t, LauraJ and gRegor` joined the channel
#
aaronpk
is this medium's business model? https://medium.com/re-form/
#
aaronpk
a collection "presented by BMW"
#
@Bali_Maha
RT @telliowkuwp: #Ccourses and IndieWeb, a Conversation. Join in here at #vialogues https://vialogues.com/vialogues/play/18879 #ccourses #clmooc http://t.co/…
(twitter.com/_/status/541674118572421122)
Gold, eschnou, davidized, j12t, LauraJ and krendil joined the channel
#
DanC_
i'm considering in investing more in facebook as a photo hosting site, so I'm checking out the facebook download...
#
DanC_
it's not bad at all... the HTML has all the photo metadata, comment dates, and stuff
wolftune, addal, KevinMarks, davidized, lukebrooker and colintedford joined the channel
yaso joined the channel
mlncn and j12t joined the channel
#
colintedford.com
edited /User:Colintedford.com (-56) "Rename "Todo" & "Eventually" and flatten "Todo" to bring them in line w/ "Working on" & "Itches" framing (except calling "Itches" "Wants" for greater clarity & to avoid feeling itchy whenever I edit my user page). Also, I'm Gen 2."
(view diff)
carlo_au and yaso joined the channel
#
bret
finished putting my apt temp online https://tempy.herokuapp.com
#
bret
not very interesting
#
bret
so far