#indiewebcamp 2014-12-07

2014-12-07 UTC
lupinedev1, snarfed, j12t, indie-visitor, Yaso, yaso_, Haxxa, caseorganic, wowaname, GWG, mdik, tantek and DanC_ joined the channel
#
DanC_ I gotta start reverse-syndicating my stuff to madmode.com; e.g. https://www.codementor.io/tips/8242643197/how-to-read-time-with-scanf-in-c
KevinMarks joined the channel
#
KevinMarks So it's xmaslabels.com time again. What is the indieweb way to store addresses for printing?
#
DanC_ hcard, no?
#
aaronpk oh neat
#
tantek lol
#
Loqi tantek: ben_thatmustbeme left you a message 1 day, 11 hours ago: well I could still be the first to process a person-tag
#
tantek ben_thatmustbeme: yes!
#
DanC_ hunts for his xmas labels code...
#
aaronpk doesn't send anything out for xmas. does that make me a bad person?
#
tantek not it just means you're being carbon conservative ;)
#
tantek which is a good person :)
#
GWG I don't send anything out either.
#
aaronpk hehe
#
GWG But I have a good excuse
#
KevinMarks Does anyone store postal addresses for other people in hcards?
#
DanC_ looks like my code dates from when I used a danger hiptop; sync'd the data to RDF, converted to HTML, then to the text input format to http://glabels.sourceforge.net/ using http://dev.w3.org/cvsweb/2001/palmagent/labels.kid
simonv3 joined the channel
#
DanC_ wouldn't you naturally store your addressbook in hcard?
#
tantek in fact there is already software that does
#
tantek see microformats.org/wiki/hcard-implementations
j12t joined the channel
#
DanC_ stuff like google contacts will spit out vcard, and uf stuff will convert that to hcard
#
DanC_ (for those of us who have sold our souls to google)
#
DanC_ ah... yes, hcard: http://dev.w3.org/cvsweb/2001/palmagent/labels.kid?rev=1.2;content-type=text%2Fplain
#
DanC_ kid was a precursor to genshi
#
DanC_ bummer... all the tests suites linked from http://microformats.org/wiki/hcard-tests have gone poof
addal joined the channel
#
DanC_ manages to un-earth his uf wiki login... http://microformats.org/wiki/User:DanC
addal joined the channel
#
KevinMarks I dump the google contacts as csv 'cos that was easier to parse quickly
lupinedev1 joined the channel
#
DanC_ yes, CSV is a real workhorse.
#
DanC_ at the PyData conference, I learned that compressed CSV is the best known way to get bulk data from back-end to front-end. Quicker to decode than JSON, evidently.
#
DanC_ "There is very little actual indieweb ActivityStreams support" really? bummer.
#
DanC_ http://indiewebcamp.com/ActivityStreams
#
DanC_ I hoped there were ActivityStreams tools to help me reverse-syndicate my github activity, tweets, etc.
#
rascul.io edited /User:Rascul.io/ssl (+4) "/* Nginx Configuration */ fresh tune on the ciphers" (view diff)
cmhobbs and snarfed joined the channel
#
aaronpk DanC_: there are some php tools for turning various silo posts into h-entry posts
yaso joined the channel
#
aaronpk https://github.com/barnabywalters/php-mf2-shim
#
aaronpk https://github.com/search?q=user%3Aaaronpk+shim
#
DanC_ "PSR-0 autoloadable"?
#
aaronpk basically means you can install it via composer, the php package manager
#
snarfed DanC_: it doesn't support github yet, but i assume you've seen http://github.com/snarfed/activitystreams-unofficial
#
DanC_ no...
#
snarfed converts fb, g+, twitter, and instagram to mf2 html and json
#
snarfed linked farther down on that AS wiki page
#
DanC_ well! that's pretty much what I hoped for! so much for "... very little actual indieweb ActivityStreams support"!
#
snarfed :P we should revise that language
#
aaronpk what is Activity Streams?
#
Loqi https://indiewebcamp.com/activity_streams
#
aaronpk oh hey it's already linked there
#
snarfed it also supports the other direction, ie if you post a reply/like/retweet/etc as mf2 html or json, it can publish that into the silos using their APIs
#
aaronpk feel free to make it more prominent on that page
#
snarfed aaronpk: yeah, i meant revise the "very little…support" language
j12t joined the channel
#
DanC_ well, tonight's hack works in one case: https://bitbucket.org/DanC/madmode-blog/src/tip/sync_codementor.py 669df53
KartikPrabhu joined the channel
#
snarfed.org edited /ActivityStreams (-205) "revise language, promote as-unofficial" (view diff)
j12t_ joined the channel
#
tantek.com created /Twitterinteresting (+20) "R" (view diff)
simonv3 joined the channel
#
snarfed any rubyists around?
#
DanC_ argh! codementor doesn't give a published date unless you're logged in
#
DanC_ not even an http last-modified
simonv3, LauraJ, j12t, rknLA, eschnou, elima, bigbluehat, Garbee, marcthiele and indie-visitor joined the channel
#
Loqi Welcome, indie-visitor! Set your nickname by typing /nick yourname
KartikPrabhu joined the channel
#
@checkdisout Come on, people! Let's bring this one home: @indie 92% funded, THREE DAYS to go, $ 92,464 donated. https://ind.ie/ #indieweb @indie (twitter.com/_/status/541539456566960128)
catsup, Phae, benward_____, tommorris, j12t, JonathanNeal, elima, krendil, bret, mattl, jden, Pierre-O, Kopfstein, bigbluehat, simonv3, Pierre-O1, petermolnar, hadleybeeman, rknLA, KartikPrabhu, mlncn-agaric, Garbee, benjamin-agaric and cmhobbs joined the channel
#
GWG Something is probing a webmention endpoint on a site that has webmentions set up but has never received any.
#
GWG I hope this is just reading the link in the page, and bots haven't learned about it
KartikPrabhu, j12t, sammachin and tantek_ joined the channel
#
GWG Good morning, campers
#
tantek_ Lots here to chew on: http://mobile.techworld.com/news/social-media/3589880/spoofedme-attacks-exploited-linkedin-amazon-social-login-flaws/
#
tantek_ Eg is indieauth vulnerable to this attack?
#
tantek_ Good reason to use different email address with every site that asks for one.
#
aaronpk hahaha
#
Loqi rofl
#
aaronpk that's classic
#
aaronpk the problem has little to do with OAuth, mostly has to do with matching up accounts from various OAuth providers
#
GWG Tantek, the administration of that is a pain though
#
tantek_ GWG nope. I have a bookmark on my mobile browser to create a new email forward. Easy.
#
aaronpk i create new email forwarding address all the time, so much so that i'm about to make a little web interface for it so that I don't have to edit my mysql DB of email forwarding rules with my osx gui
#
tantek_ And lastly I saw something resembling this attack yesterday when someone created a FB account with my gmail which has never been used on FB before.
#
tantek_ I was able to stop it by clicking the "I did not create a FB account" link in the confirmation email.
#
GWG I can alias easily, I just can't remember them.
#
aaronpk basically the way providers can prevent this attack is requiring users to be signed in when connecting other OAuth providers
#
tantek_ But not before receiving ~20 "so and so is now your friend" emails
#
aaronpk and OAuth providers can be responsible by not returning email addresses in ID responses if the email address is "unconfirmed"
#
tantek_ Thats the key.
#
tantek_ Which OAuth providers have been doing that (returning unverifued emails)?
#
aaronpk linkedin, amazon, according to that article
#
tantek_ regardless, a good reason not to use email as an identifier fof users
#
aaronpk unfortunately this isn't even covered in the OAuth 2.0 spec because OAuth is not an identity mechanism, so doesn't even say what to do about returning identity information
#
tantek_ Aaronpk that sounds worthy of you blogging as a correction to that article.
#
tantek_ It was just published today.
#
tantek_ Also anyone got the link for amazon's OAuth what apps are using this page?
#
tantek_ need to add to /FreeMyOAuth
#
aaronpk oh wow I found it. it's buried
#
aaronpk it's called "Manage Login with Amazon"
#
aaronpk https://www.amazon.com/ap/adam
#
aaronpk it's good though, it includes an english description of the scopes granted
#
aaronpk the actual article explains the OAuth situation correctly
#
aaronpk http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers
#
aaronpk "Today, most social login implementations are based on the OAuth 1.0 and 2.0 authorization protocols, extended to support authentication."
#
GWG I'm still trying to figure out where I can switch to certificates for authentication.
#
aaronpk "extended to support authentication" is the key part there, since OAuth 2.0 does not actually do that
#
aaronpk http://oauth.net/articles/authentication/ "OAuth 2.0 is not an authentication protocol."
KartikPrabhu, wolftune, jonnybarnes, lupinedev1, j12t, LauraJ and gRegor` joined the channel
#
aaronpk is this medium's business model? https://medium.com/re-form/
#
aaronpk a collection "presented by BMW"
#
@Bali_Maha RT @telliowkuwp: #Ccourses and IndieWeb, a Conversation. Join in here at #vialogues https://vialogues.com/vialogues/play/18879 #ccourses #clmooc http://t.co/… (twitter.com/_/status/541674118572421122)
Gold, eschnou, davidized, j12t, LauraJ and krendil joined the channel
#
DanC_ i'm considering in investing more in facebook as a photo hosting site, so I'm checking out the facebook download...
#
DanC_ it's not bad at all... the HTML has all the photo metadata, comment dates, and stuff
wolftune, addal, KevinMarks, davidized, lukebrooker and colintedford joined the channel
#
Loqi [mention] https://dubiousdod.org/indie/2014/12/you-can-webmention-the-4-20-clock-now-weeeeeeeeeeee linked to https://indiewebcamp.com/webmention.io (webmention)
#
Loqi [mention] https://dubiousdod.org/indie/2014/12/you-can-webmention-the-4-20-clock-now-weeeeeeeeeeee linked to https://indiewebcamp.com/dogfood (webmention)
yaso joined the channel
#
Loqi [mention] https://dubiousdod.org/indie/2014/12/you-can-webmention-the-4-20-clock-now-weeeeeeeeeeee linked to https://indiewebcamp.com/Webmention (webmention)
#
Loqi [mention] https://dubiousdod.org/indie/2014/12/you-can-webmention-the-4-20-clock-now-weeeeeeeeeeee linked to http://indiewebcamp.com/WebmentionDressing (webmention)
mlncn and j12t joined the channel
#
colintedford.com edited /User:Colintedford.com (-56) "Rename "Todo" & "Eventually" and flatten "Todo" to bring them in line w/ "Working on" & "Itches" framing (except calling "Itches" "Wants" for greater clarity & to avoid feeling itchy whenever I edit my user page). Also, I'm Gen 2." (view diff)
carlo_au and yaso joined the channel
#
bret finished putting my apt temp online https://tempy.herokuapp.com
#
bret not very interesting
#
bret so far