#indiewebcamp 2015-08-11

2015-08-11 UTC
#
tantek.com created /Z (+637) "having just blogged about UTC and thus "Z" time (in use by indieweb servers and projects), this seemed good to capture" (view diff)
#
gRegorLove What is Z?
#
Loqi Z is a suffix used on a time string to indicate that it is in UTC (Coordinated Universal Time), a common technique for the time setting on indieweb servers, and used by programmers to avoid problems dealing with timezones, especially in indieweb projects https://indiewebcamp.com/Z
#
gRegorLove What is UTC?
#
Loqi It looks like we don't have a page for "UTC" yet. Would you like to create it? http://indiewebcamp.com/s/101F
#
tantek.com created /alphabet (+3831) "make a generic page for alphabet which relegates the Inc to a see also, and draft a sample set of indieweb alphabet building blocks, let's see how well they survive community scrutiny" (view diff)
#
aaronpk omg
#
tantek.com edited /alphabet (+72) "/* IndieWeb Alphabet */ s/open source/ownyourdata" (view diff)
lukebrooker joined the channel
#
tantek.com created /architects (+36) "r" (view diff)
#
tantek.com edited /alphabet (+67) "/* IndieWeb Alphabet */ why note" (view diff)
#
@aaronpk A is for article, B is for backfeed, C is for checkin, and 23 others compiled by @t https://indiewebcamp.com/alphabet #indieweb (twitter.com/_/status/630895723534376960)
#
Loqi [mention] Aaron Parecki wrote a post that linked to alphabet https://indiewebcamp.com/alphabet https://webmention.io/notification/yXJ3YGRzN0PpyC9peC84Vw
#
aaronpk hey look a properly formatted webmention notification!
#
loqi.me created /timezones (+21) "prompted by tantek and dfn added by tantek" (view diff)
#
@sglisreading ✌ @Reading "alphabet - IndieWebCamp" https://www.reading.am/p/3VMc (twitter.com/_/status/630896145791885312)
#
tantek.com edited /alphabet (+4) "linky" (view diff)
#
tantek.com edited /timezone (+152) "Z, articles" (view diff)
#
tantek.com edited /Z (+15) "see also alphabet" (view diff)
KartikPrabhu joined the channel
#
tantek Dear Google, we will use your arrogant renaming as an opportunity to educate people about the A to Z of the IndieWeb.
#
@kevinmarks RT @aaronpk: A is for article, B is for backfeed, C is for checkin, and 23 others compiled by @t https://indiewebcamp.com/alphabet #indieweb (twitter.com/_/status/630897062310088705)
lukebrooker joined the channel
#
tantek is it reblogging if I post it to indiewebcamp.com first and then my own site?
#
KevinMarks__ PESOS
#
tantek more like PECOS per /commons ;)
#
aaronpk i was thinking that too but the "e" is elsewhere, PESOS doesn't actually say "silo" at all
#
KevinMarks__ the S is Pesos isn't silo
#
tantek oh damn I should know that having made it up
#
KevinMarks__ EWSOS
#
tantek this is why I write things down / post them
#
Loqi [mention] Kevin Marks reposted a post that linked to alphabet https://indiewebcamp.com/alphabet https://webmention.io/notification/DlHXhVhmfJMglxx7ND-54Q
#
tantek what is PESOS?
#
aaronpk !!!
#
Loqi PESOS is an acronym/abbreviation for Publish Elsewhere, Syndicate (to your) Own Site https://indiewebcamp.com/pesos
#
aaronpk it got it right!
#
tantek nice mention notifications!
cmhobbs and snarfed joined the channel
#
tantek aaronpk: the idea for an A-Z or alphabet of indieweb "stuff" came to me when I curated the alphabetically ordered lists here: http://tantek.com/2015/201/b1/indiewebcamp-2014-year-review#iwc2014-technologies and realized I was getting pretty close to a whole alphabet
#
tantek in particular: http://tantek.com/2015/201/b1/indiewebcamp-2014-year-review#iwc2014-resources has 16 of 26 letters all by itself
#
tantek but rather than try to figure out how to expand that to the whole alphabet I decided to keep it purely about hand selecting key things in 2014
#
tantek thankfully a generic "indieweb alphabet" of building blocks can be made of anything from inception to the present so that was easier :)
#
tantek I think I might stop by a bookstore to quickly browse a few children's alphabet based books to load their phraseologies into my brain for contextual writing.
lukebroo_ joined the channel
#
GWG Isn't Z for Zulu?
#
tantek that's covered in the page
#
@ScreapDK RT @aaronpk: A is for article, B is for backfeed, C is for checkin, and 23 others compiled by @t https://indiewebcamp.com/alphabet #indieweb (twitter.com/_/status/630903694867984384)
#
tantek https://indiewebcamp.com/Z
#
tantek guess I should hurry up and post that as a blog post
#
KartikPrabhu R = reply too
#
KartikPrabhu tantek: should I add stuff to that page or are your curating it
#
KartikPrabhu what is reply?
#
Loqi A reply (or comment) is a kind of post that is a text (typically, though photos are possible too) response to some other post, that makes little or no sense without reading or at least knowing the context of the source post https://indiewebcamp.com/reply
#
tantek good one
#
tantek I forgot that I'd already taken care of moving reply to its own page! yay!
#
Loqi giggles
#
tantek it was stuck on /comment for so long!
#
KartikPrabhu Q = Quill
#
KartikPrabhu R = Reader
#
@energyovertime RT @aaronpk: A is for article, B is for backfeed, C is for checkin, and 23 others compiled by @t https://indiewebcamp.com/alphabet #indieweb (twitter.com/_/status/630905330164043776)
#
tantek.com edited /alphabet (+295) "r really should be reply thanks Kartik, and added Quill and /reader as secondaries as well" (view diff)
#
KartikPrabhu there goes tantek's moment of glory. aaronpk gets all the RTs and Twitter fame
#
tantek happy to share
#
tantek hence why I wrote it on IWC wiki in the first place rather than post first to my blog
#
KartikPrabhu :)
#
tantek KartikPrabhu: I plan to post it to my blog soon (in the next couple of hours) as a timely static snapshot, but then of course I expect it will evolve on its own on the wiki, and will likely even encourage the broader indieweb community to come do so
#
KartikPrabhu true! good way to do it until we actually figure out /edit posts
modem joined the channel
#
tantek right!
#
tantek.com edited /alphabet (+76) "/* IndieWeb Alphabet */ timeline" (view diff)
#
tantek.com edited /alphabet (+31) "integrated reader as building block" (view diff)
#
Loqi [mention] Bradley Allen reposted a post that linked to alphabet https://indiewebcamp.com/alphabet https://webmention.io/notification/HfF7-NYLtlhMKpN81PR7EQ
#
Loqi [mention] Casper Qvortrup reposted a post that linked to alphabet https://indiewebcamp.com/alphabet https://webmention.io/notification/PctIq87GnmEHWejlwvmxIA
#
Loqi [mention] Casper Qvortrup and Bradley Allen liked a post that linked to alphabet https://indiewebcamp.com/alphabet https://webmention.io/notification/X-zVHFsf_WG_l35qbiMtOQ
#
tantek ^^^ clustered like!!!
#
tantek (though I miss that it used to link directly to the tweet)
#
tantek oh wait these are the webmentions to indiewebcamp, not the twitter mentions
#
tantek n.m.
#
tantek Kartik, keep the suggestions coming
#
tantek KartikPrabhu:
#
tantek going to switch locations but will read logs
mlncn joined the channel
#
gRegorLove Yikes. https://twitter.com/OvercastFM/status/630886130955759616
#
@OvercastFM Still tracking down what happened to This American Life’s original feed. Quick fix: Delete and resubscribe to the one in search results. (twitter.com/_/status/630886130955759616)
#
gRegorLove https://twitter.com/OvercastFM/status/630886305279406080
#
@OvercastFM (They changed the feed address and the old one just returns a 404 now.) (twitter.com/_/status/630886305279406080)
#
gRegorLove https://twitter.com/OvercastFM/status/630906410776268800
#
@OvercastFM @mixdup Well, they did redirect for a while, but it’s my fault for not having a mechanism to permanently change a subscribed feed’s URL. (twitter.com/_/status/630906410776268800)
#
tantek oh you mean RSS browsers (AKA feed readers) aren't as robust as Web browsers?
#
tantek I'm shocked, shocked to hear that.
#
tantek Does This American Life have an HTML page equivalent of that "feed" ?
#
gRegorLove Well, I was more surprised that such a huge podcast wouldn't continue with an 301 or 302 redirect
#
tantek Anything we can help them add h-feed to? And then demonstrate KevinMarks's unmung?
#
gRegorLove Perhaps it's something to do with them going independent, which I only recently learned about, so I don't know details.
#
tantek gRegorLove: it sounds like they did "redirect for a while" but that the consuming app/site failed to obey
#
gRegorLove Right. I'm surprised they didn't "continue"
#
gRegorLove vs. a couple months
#
KevinMarks__ aere we sure hey 301'd not 302'd ?
#
tantek looks for an emoji for "collection"
#
gRegorLove I have no idea. I could well see it being 302 accidentally
#
gRegorLove tantek: Yeah, web-based feed: http://www.thisamericanlife.org/radio-archives
#
tantek KevinMarks ^^^ unmung?
#
gRegorLove I'm actually not sure what they're talking about. Just checked on Wayback and the podcast URL is the same as it was in January, http://feed.thisamericanlife.org/talpodcast
#
gRegorLove Wait, nope. I'm wrong. Subdomain used to be feedS
#
gRegorLove Now it's feed.
#
gRegorLove Still feedburner, though. Who knows.
#
tantek.com edited /sleep (+91) "emojicon" (view diff)
#
tantek.com edited /collection (+91) "repurpose emoji for collection posts" (view diff)
#
tantek.com edited /📑 (+2) "r" (view diff)
sparverius joined the channel
#
tantek.com edited /projects (-87) "repurpose its emoji for collection posts" (view diff)
#
tantek.com edited /comics (+92) "emojicon" (view diff)
#
tantek.com created /🎴 (+20) "r" (view diff)
#
tantek.com edited /food (+83) "emojicon" (view diff)
#
tantek.com created /🍛 (+18) "r" (view diff)
#
tantek.com edited /rsvp (+91) "emojicon" (view diff)
#
tantek.com edited /💌 (-5) "repurpose for rsvp" (view diff)
#
tantek.com edited /bookmark (+92) "emojicon" (view diff)
#
tantek.com edited /tag (+4) "what Wikipedia uses it for too - bookmark" (view diff)
#
tantek.com created /🚩 (+21) "r" (view diff)
#
tantek.com edited /checkin (+83) "emojicon" (view diff)
#
tantek.com edited /posts (+104) "/* Kinds of Posts */ add collection, 🎴 for comics, 😴 sleep, 🍛food, 💌 rsvp, 🔖 bookmark, 🚩 checkin" (view diff)
#
KevinMarks__ no actual mp3 links in the html feed
#
tantek filled out a lot more of https://indiewebcamp.com/posts#Kinds_of_Posts - in case anyone was looking for symbols for post kinds
#
KevinMarks__ the feed only has a few entries: http://www.unmung.com/feed?feed=http%3A%2F%2Ffeed.thisamericanlife.org%2Ftalpodcast
#
tantek.com edited /HTML (+87) "building block" (view diff)
lukebrooker joined the channel
#
tantek.com edited /alphabet (+95) "/* IndieWeb Alphabet */ bookmark posts, comics posts, scrobbles too, tags, permalinks" (view diff)
#
gRegorLove Haha, http://abc.wtf
#
tantek lololol
#
gRegorLove Yeah, TAL only publishes the most recent couple episodes in their RSS
#
gRegorLove I thought it was most recent *one* actually
#
gRegorLove "Episodes are available for exactly one week, beginning the Monday after broadcast."
snarfed joined the channel
#
tantek.com edited /deleted (+84) "emojicon" (view diff)
#
tantek.com edited /deleted (+8) "TOC below" (view diff)
#
Loqi [mention] WAKEST liked a post that linked to alphabet https://indiewebcamp.com/alphabet https://webmention.io/notification/iRnI0J1oEJ8Jyv9HamPTJA
#
tantek.com created /🚮 (+21) "r" (view diff)
#
tantek.com edited /alphabet (+357) "d is for design, v is for video posts, notifications, OwnYourGram, longevity, projects" (view diff)
#
@andrewsreading ✌ @Reading "alphabet - IndieWebCamp" https://www.reading.am/p/3VMJ (twitter.com/_/status/630923675236237312)
#
tantek alright, going home now and going to hack up some ::first-letter action to see if I can do something prettier for my blog. I'll be using /custom-post-style for that, naturally :)
#
tantek let me know if I've missed anything critical you think is worth mentioning!
#
tantek critical building blocks, projects, concepts, principles etc.
#
tantek I think https://indiewebcamp.com/alphabet is looking pretty good and may even be a decent primer for folks that think alphabetically
#
@offrayLC Nice to find this presentation about the #IndieWeb http://tantek.com/presentations/2014/06/indieweb/?full#cover at the @OKFN discourse site. A lot of common interest! (twitter.com/_/status/630925878277636096)
KevinMarks joined the channel
#
KevinMarks https://twitter.com/kevinmarks/status/630894075416162306
#
@paulmison As Twitter AB tests replacing stars with hearts, remember one is a feeble meat blood pump, while the other is a ROILING FUSING PLASMA SPHERE (twitter.com/_/status/630894075416162306)
#
KartikPrabhu in reality, both as simplified unrealistic, graphical representations of very complex natural phenomena
#
KartikPrabhu s/as/are
#
Loqi KartikPrabhu meant to say: in reality, both are simplified unrealistic, graphical representations of very complex natural phenomena
snarfed and techlifeweb joined the channel
#
techlifeweb Can you POSSE to Instagram? I pull photos FROM there to my Wordpress site but I'd like to do it the other way round.
#
benwerd techlifeweb: they don't have public publish APIs
#
techlifeweb benwerd: thats what I thought. Bummer.
evalica, mattmar10, KartikPrabhu and cweiske joined the channel
#
bradleyallen.info created /User:Bradleyallen.info (+69) "setting up a basic user page" (view diff)
snarfed, keroberos, KartikPrabhu, tantek, Jihaisse, sanduhrs, eschenal, eschnou, KevinMarks_, loic_m, KevinMarks, friedcell, LukasRos, interactivist, petermolnar, j12t and fkooman joined the channel
#
@fkooman Blog: "Design of a Group Communication Platform for the IndieWeb" https://www.tuxed.net/fkooman/blog/group_communication_platform.html (twitter.com/_/status/631020397744496641)
#
@dustinboston Writing a Rake task to publish a note, syndicate to Twitter, and update the original post. #indieweb - https://dblogit.com/notes/46d25e/ (twitter.com/_/status/631021977919098880)
friedcell joined the channel
#
@kevinmarks @fkooman have you looked at http://indiewebcamp.com/indieweb-messaging already re https://www.tuxed.net/fkooman/blog/group_communication_platform.html ? (twitter.com/_/status/631023268426743808)
#
Loqi [mention] Kevin Marks wrote a post that linked to http://indiewebcamp.com/indieweb-messaging https://webmention.io/notification/X9yjJoHohNCA_T1Eixf-eA
#
KevinMarks__ so why is the tweet 20 seconds ahead of the webmention?
#
fkooman i actually also received a webmention from your post! :D
#
fkooman it still works
#
KevinMarks__ the private messaging stuff is trickier
#
fkooman KevinMarks__, yeah, I read that, but I got really confused, and it seems really complicated...
#
KevinMarks__ well, at some point you end up having to use crypto
#
fkooman why?
#
KevinMarks__ becasue the alternative is a silo
#
fkooman i don't see how that is related to private webmentions :)
#
fkooman also, i think private webmentions shouldn't exist at all...
#
fkooman i think an "inbox" is a much better approach for that
#
fkooman also cleaner, and follows normal OAuth 2.0 flow
#
KevinMarks__ BTW, your writeup has them all on the same domain
#
KevinMarks__ if you have a silo with ACLs, you can use indieauth and webmention, yes
#
KevinMarks__ if you want them to be actually distributed you need public/private key
#
fkooman KevinMarks__, true, the use of "*.example.org" is not meant to indicate all users will be on the same domain
#
KevinMarks__ so pick different domains
#
fkooman it is distributed in the sense that anyone who wants to create a group will be able to choose their instance and other users will for the purpose of this group use the same "silo" yes
#
KevinMarks__ example.xyz
#
fkooman KevinMarks__, now i use the .example TLD :)
#
M-kegan is Loqi's source available anywhere?
#
Loqi :)
#
cweiske I didn't find it when I looked a month ago
#
@dustinboston Writing a Rake task to publish a note, syndicate to Twitter, and update the original post. #indieweb - https://dblogit.com/notes/21a8b5/ (twitter.com/_/status/631029386808963072)
LukasRos, ttepasse, j12t and fkooman joined the channel
#
ben_thatmustbeme M-kegan: no aaronpk likes to keep him a mystery. I think there are a few pieces here and there that are open source
#
M-kegan I see.
#
ben_thatmustbeme But as I understand it hes a really big hack job. Started as wiki notification bit that was hacked to run an outside file in a different language
j12t, adactio, KartikPrabhu, frzn, LanceyWork, smcgregor, glennjones, friedcell, peacekeep3r, alexhartley, mlncn, LukasRos, nedorito, chreekat, fourtonfish and snarfed joined the channel
#
ben_thatmustbeme http://webcache.googleusercontent.com/search?q=cache:https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t&biw=1453&bih=822&noj=1&strip=0&vwsrc=0
#
ben_thatmustbeme have to get the cached version, since it was pulled
j12t, hs0ucy, wolftune, pfefferle, frzn_, ttepasse_ and chalettu joined the channel
#
@jgarber @bthdonohue Was looking at the fragmentation spec the other day (http://indiewebcamp.com/fragmention) and looks like the preferred syntax has changed… (twitter.com/_/status/631116334139617280)
#
@jgarber @bthdonohue …from using double-hash and plusses to single-hash and %20: http://indiewebcamp.com/fragmention (twitter.com/_/status/631116426292633600)
mlncn, j12t and shiflett joined the channel
#
voxpelli "Within 10 minutes, I had a total of 33 bots visit the new URL." https://ma.ttias.be/what-happens-to-a-new-url-the-first-10-minutes-on-the-internet/
#
voxpelli Related to discussion a while back about of the fat pings of PubSubHubbub increasingly no longer really avoids an attack of bots
sanduhrs, LauraJ and friedcell joined the channel
#
aaronpk !tell fkooman re: private webmention vs inbox, do you mean that you think the contents of a private message should be sent in the payload vs retrieved like webmention verification?
#
Loqi Ok, I'll tell them that when I see them next
#
aaronpk KevinMarks__: the webmention notification here is delayed now because of the buffering that's in place to cluster the notifications
KevinMarks_ and friedcell joined the channel
#
aaronpk !tell fkooman re: https://www.tuxed.net/fkooman/blog/group_communication_platform.html how am I supposed to be able to get an access token to your site in order to send you a message? that seems backwards, since that means you have to be able to issue access tokens to arbitrary domains before you have received anything
#
Loqi Ok, I'll tell them that when I see them next
j12t joined the channel
#
voxpelli aaronpk: feels to me like a PuSH-notification would be sufficient to send something to an inbox?
#
voxpelli I'm thinking an IndieWeb:ification of http://www.slideshare.net/Blaine/social-privacy-for-http-over-webfinger
#
voxpelli The only currently "controversial" thing about that one is the WebFinger/e-mail reliance – which the "From"-header relies on – with a different header that flow would work though
#
aaronpk why the sudden "inbox" framing?
adactio joined the channel
#
voxpelli aaronpk: well, if you want to push content to someone, then that's out of scope of WebMentions, so one would need to call the alternative something – inbox could be one name
#
aaronpk i don't see how that's out of scope of webmention at all
#
aaronpk that is exactly what webmention is for
#
aaronpk it's "hey i have this thing you might be interested in"
tantek joined the channel
#
voxpelli WebMentions are merely for pings, while eg. PubSubHubbub are for pushing actual content?
gRegorLove joined the channel
#
aaronpk webmention is a notification of content being available
#
ben_thatmustbeme i do see there being a lot of overlap there honestly
#
aaronpk pubsubhubbub is *also* a notification of content being available, but with PuSH, the receiver has to first subscribe to something
#
voxpelli aaronpk: I did a quick sketch for myself earlier: https://dl.dropboxusercontent.com/u/304233/2015-08-11%20at%2017.56.png
#
aaronpk so PuSH only works for private messaging if I first say "hey i'm going to subscribe to a feed of private messages you want to send to me"
#
aaronpk which seems...awkward
#
ben_thatmustbeme wonders if a way to subscribe to webmentions would suffice
#
voxpelli I think they can work together – WebMention tells me that I've new content and I then answer that they can send it to me at a certain place – a "ping/pong"-moment
#
tantek indeed the entire "inbox" framing is a bad worldview in that it puts too much burden on the receiver, i.e. it prefers spam-type behaviors
#
ben_thatmustbeme since, as I understand it, all current indieweb implementations of PuSH are only using thin pings
#
tantek inbox--
#
Loqi inbox has -2 karma
#
aaronpk voxpelli: okay that's interesting and totally different than PuSH
#
voxpelli ben_thatmustbeme: at least Superfeedr sends indieweb fatpings I believe
#
tantek similarly with fatpings - so many reasons against them (inefficiency, etc.)
#
tantek better to allow the receiver the freedom of if and when to retrieve the content
#
aaronpk it's not PuSH unless the receiver subscribes to a feed, so I think you shouldn't call it that
#
tantek which has many advantages that help mitigate tons of abuse, such as arbitrary random delays, using whitelists / blocklists re: domain etc.
#
tantek fatpings--
#
Loqi fatpings has -1 karma
#
voxpelli aaronpk: well, it would more or less be a one-off subscription PuSH for an individual piece of content – PuSH can subscribe to items as well as feeds
#
aaronpk that seems like an awkward overloading of PuSH, worse than this extension of webmention
#
aaronpk btw i'm only pushing back on the name of this, not on how it works
#
tantek both "inbox" and "fatping" are part of an obsolete email-centric worldview that has been shown to be so susceptible to spam that the only implementations that can deal with it are massive centralized silos like gmail, hotmail, yahoomail etc.
#
tantek we must reframe all problems to prefer maximum number of smaller independent implementations running on a millions of smaller sites, rather than problems where the solutions lend themselves to a centralized bias
#
aaronpk voxpelli: in your diagram, who is sending a message to who? alice to bob?
#
voxpelli PuSH could mean the same mechanism for one-off private content delivery based on WebMention pings as for subscriptions to private feeds as the http://www.slideshare.net/Blaine/social-privacy-for-http-over-webfinger outlined and as fkooman seems to be thinking about
#
voxpelli aaronpk: yep, it is modified from the private message wiki – and is merely a brainstorm for myself
#
aaronpk blaine's slide deck seems to outline something totally different, which is services being authorized to pass private content between users
#
voxpelli which is something we've already solved for webmentions
#
voxpelli rel-webmention is an implicit rel-delegate in the case of blaine's slides as I see it
#
voxpelli or rel-inbox in the case of fkooman
#
voxpelli it's basically just telling Alice that the service that owns the callback that's being sent in is allowed to fetch it for Bob and Bob has verified that with a rel-delegate just like Micropub and WebMention uses rel:s to verify delegation today
snarfed joined the channel
#
kylewm tantek: I don't understand your objection to fat pings, they are only delivered/trusted if you have subscribed to a feed
#
Loqi kylewm: KevinMarks__ left you a message on 8/7 at 11:04am: you need to reauth with facebook so we get HWC pings https://www.brid.gy/facebook/12802152 http://indiewebcamp.com/irc/2015-08-07/line/1438970694907
#
aaronpk voxpelli: i guess i don't see the advantage to adding this many intermediate steps
#
voxpelli aaronpk: one doesn't have to generate any tokens / auth codes – that's one possible advantage
#
aaronpk why is that different from alice just sending the message in a single POST request then?
#
voxpelli it would have all of the advantages of PuSH in being able to subscribe/unsubscribe and it would prohibit spammers as the callback URL:s would be unique per subscription as ordinary in PuSH
#
voxpelli so it's basically just an automated way of telling a trusted sender of a trusted callback
#
kylewm waits for clustered invitations
#
aaronpk subscribe? to what?
#
Loqi [mention] Larry Halff, Bettina Warburg-Johnson, Jeff Rider, Beau Smith, Ryan Sarver, Ben Ward, Kitt Hodsden, Om Malik, Carla Borsoi, Brian Behlendorf, Nate Koechley, Lauren Breuning, Colleen Taylor, Pius Uzamere, Micah Snyder, Dharmishta Rood, Erin Jo Richey, Peter Hirshberg, Justin Ormont, Elizabeth Churchill, Faruk AteÅŸ, Sarah-Jane Morris, Jay Allen, Doc Searls, Benjamin Michael Goering, Pascale Diaine, Zibi Braniecki, Leah Culver, Laura Helen Winn, Dan Gailey, Joichi Ito, Tony Rai, Yoz Grahame, Amy MacKinnon, Justin David Kruger, Matt Mullenweg, Thomas Vander Wal, Jesse Vincent, Karen Nguyen, Tom Coates, Tim O'Reilly, Lillian Christina, Chris Messina, Janet DeHart, Bobby Fishkin, Jason Shellen, Jordan Harband, Simon Law, Megs ORorke, Lonnie Rae, Marie Williams, Rohit Khare, Matthew Levine, Cariwyl Hebert, Stephen Wyatt Bush, Nima Dilmaghani, David Baron, Jeremy Anderson, Kara Murphy, Elisa Jo Harkness, and Erin Stevenson O'Connor were invited to https://indiewebcamp.com/events/2015-08-12-homebrew-website-
#
Loqi [mention] Ariel Waldman, Jessica Suttles, Daniel Appelquist, and Kyle Huey RSVPd no to https://indiewebcamp.com/events/2015-08-12-homebrew-website-club https://webmention.io/notification/sTms08lcWa1rfKbNCH-t8g
#
Loqi [mention] Kevin Marks RSVPd yes to https://indiewebcamp.com/events/2015-08-12-homebrew-website-club https://webmention.io/notification/G-G6nhPA4H3DwvSUfHZScA
#
Loqi [mention] Andi Galpern RSVPd maybe to https://indiewebcamp.com/events/2015-08-12-homebrew-website-club https://webmention.io/notification/eDDNwZgNPRp2ccA1vEissQ
#
Loqi [mention] Lonnie Rae liked http://indiewebcamp.com/events/2014-07-16-homebrew-website-club https://webmention.io/notification/pK3yPDpwmZLf4WWZsmheGQ
#
aaronpk oh no
#
Loqi [mention] Charles Hope, Mary Specht, Yan XZ, and Stephanie Vacher were invited to https://webmention.io/notification/A0TvZoOM8aRRzYQXse5kVw
#
Loqi [mention] Chris Heuer and Tantek Çelik RSVPd yes to https://webmention.io/notification/kA21hsRt05xxQrICLINqhA
#
Loqi [mention] Jon Pierce RSVPd maybe to https://webmention.io/notification/XRdNtkpCPLbHroBCo0GZig
#
ben_thatmustbeme ducks
#
aaronpk hey it's mostly working
#
snarfed totally1
#
Loqi [mention] Jina Anne RSVPd no to https://webmention.io/notification/mcTDJcHlQKHQJrqkzLoZeg
#
Loqi [mention] Lawrence Lessig, PJ Khalil, Ben Metcalfe, David Prager, and Shing Wong were invited to https://webmention.io/notification/wrYmOkil3UTdEGTFgW-qOA
#
snarfed s/1/!/
#
Loqi snarfed meant to say: totally!
#
Loqi [mention] Mathias Crawford, James Craig, Joseph Smarr, Jeff Hodsdon, and Matt Biddulph were invited to https://webmention.io/notification/GGhZVX15yTLZmhaFjeQ1tA
#
Loqi [mention] Paul Mison RSVPd no to https://webmention.io/notification/-bfKvHfi6-rzKqpUzC941A
#
snarfed solid progress
#
aaronpk except i'm not sure why it's not finding the name of the event
#
snarfed launchanditerate++
#
Loqi [mention] Liane Baskin, Simon Willison, Ben Moskowitz, and Sabrina Bruning were invited to https://webmention.io/notification/wOpkVQlp1H6_tH6Ll8qTDw
#
Loqi launchanditerate has 1 karma
#
Loqi [mention] Jordan McArthur was invited to https://webmention.io/notification/DBq5i8mx1yrCLCo13w0u9Q
#
Loqi [mention] Peter McKay RSVPd yes to https://webmention.io/notification/n_gu0hxwamawBydjIIO6pw
#
Loqi [mention] Dan Mosedale RSVPd no to https://webmention.io/notification/NTEaN0gC4q5RbkEVA2b1GQ
#
Loqi [mention] Eddie Codel RSVPd maybe to https://webmention.io/notification/e4uZTDwDwnL6NKJLKq-9zw
#
Loqi [mention] Andi Galpern and Indie Web Camp liked http://indiewebcamp.com/events/2014-07-30-homebrew-website-club https://webmention.io/notification/-qTOIQMDS9mqeQLfkOPGjg
#
snarfed or why there are so many partials clusters
#
Loqi [mention] Mo Kudeki, Kat Lucky, Leonard Lin, Lisa Brewster, Emily Mueller, and Katarzyna Babula were invited to https://webmention.io/notification/4EJwWvmvSDCBpyvCDmKdvQ
#
Loqi [mention] Edward O'Connor posted an invite: invited https://brid-gy.appspot.com/rsvp/facebook/688447421193285/1598264670438562/10153115381968254 that linked to https://indiewebcamp.com/events/2015-08-12-homebrew-website-club https://webmention.io/notification/m-LkNqSzUYnawL4GMlMw_Q
#
snarfed but still, yay
#
Loqi yay!
#
Loqi [mention] Sarah Jeong, Rebecca Daniels, Paul Tarjan, and Natalie Downe were invited to https://webmention.io/notification/qJtgjJbxv2asgAwZGxCsTA
#
Loqi [mention] Susan Kaup RSVPd maybe to https://webmention.io/notification/0edk8ruVzM9GRjYqrGFlxg
#
aaronpk also the script crashed overnight oops
#
Loqi [mention] Martin Atkins, Lizz Noonan, Jet Villegas, Robin Andersen, Jay Zalowitz, and Eva Lee were invited to https://webmention.io/notification/trZRCPJQwxAz3Uu-W6duxw
#
aaronpk i think the window might be too small
#
Loqi [mention] Tina Hui RSVPd yes to https://webmention.io/notification/RYZq9rBr7zUd1CtuxbcMwQ
#
Loqi [mention] Christine Herron, Evan Prodromou, Laura Forrest, Jolie O'Dell, Olya Lapina, and Christian Crumlish were invited to https://webmention.io/notification/x885eV4MgWfMeuVdaVPBfA
#
Loqi [mention] Aza Raskin, Sarah Austin, Thor Muller, C Alaric Moore, Liza Sperling, and Maxwell Salzberg were invited to https://webmention.io/notification/MPleaEQyeEaFATn2_Dd4jw
#
Loqi [mention] Arezu Aghasey RSVPd yes to https://webmention.io/notification/d92FjU6yyZjzFt7FUeWP7A
#
Loqi [mention] Brendan Eich, Michael Owens, Selina Rossi, Mike Sofaer, and John Adams were invited to https://webmention.io/notification/IAWk3yZBKGZSkiM4S0rWVA
#
Loqi [mention] George Kelly RSVPd no to https://webmention.io/notification/nI5zD4Luh3K_LivRI41Q_Q
#
voxpelli aaronpk: it would subscribe to either a single update of the private message or continuous updates for the private message – depending on the consumers – and the sender would asap send the initial state as an "update"
#
Loqi [mention] Jeffrey Veen, Kevin M. Gallagher, Joël Franusic, Will Norris, and Stephanie Haupt Sullivan Rewis were invited to https://webmention.io/notification/PzYekBWtOomF4dwxrIfEVQ
#
Loqi [mention] Matt Harris, Deb Schultz, Lauren Buchman, Kevin Smokler, and Matt Schaar were invited to https://webmention.io/notification/0G3jJhK5uKtiUcT8k-w8lA
#
Loqi [mention] Christopher Carfi, Ben Werdmüller, Ilya Kreymer, and Sarah Dopp were invited to https://webmention.io/notification/S2DCCyQt20McN3Z3KewUyQ
#
Loqi [mention] Laura Gluhanich RSVPd no to https://webmention.io/notification/eQoaYhAt7pvE93vbXfmtmw
#
Loqi [mention] Ben Werdmüller and Zack Fischmann liked http://indiewebcamp.com/events/2014-07-30-homebrew-website-club https://webmention.io/notification/XH0zRG_R1ivBPD2jN_IxlQ
#
Loqi [mention] Ian Fung, Zoe Schiffer, and Katie Johnson were invited to https://webmention.io/notification/GsVucBuvpTnAVkLfqXHFjw
#
Loqi [mention] Paul Hammond and Brynn Evans were invited to https://webmention.io/notification/38aCAJDJrUgSsxVD-84ivg
#
Loqi [mention] Darius Dunlap RSVPd maybe to https://webmention.io/notification/rnmxxsn88fOh-UYnY-SLbg
#
Loqi [mention] Dan Lyke RSVPd no to https://webmention.io/notification/m-rMyyTPUx-v0-PXXM9fMw
#
Loqi [mention] Ryan Barrett, Cari Levay, Adam Rifkin, Jen Bradburn, Daniel Burka, Zack Fischmann, Redg Snodgrass, Monica Wilkinson, and Stacey Rivet were invited to https://webmention.io/notification/uOeia-yackUzRmfV7siNkQ
#
aaronpk well hey this is better
#
snarfed definitely!
#
snarfed can't wait for the next iteration
#
snarfed aaronpk++ for starting on clustered notifs
#
aaronpk ah well step 1 is to check for h-event as well as h-entry
#
Loqi aaronpk has 930 karma
#
aaronpk heh
#
snarfed (and for kindly tolerating my pestering :P)
#
aaronpk :)
#
voxpelli aaronpk: clarified the flow a bit: https://dl.dropboxusercontent.com/u/304233/2015-08-11%20at%2018.18.png
#
aaronpk kylewm: i seem to be getting a crapload of webmentions from your HWC page, but i'm not sure who is sending them. can you think of any reason you'd be sending a couple webmentions per second to the wiki?
Garbee and KevinMarks joined the channel
#
aaronpk kylewm: they are coming from 192.241.192.83
#
kylewm aaronpk: https://www.brid.gy/facebook/688447421193285#
#
kylewm aaronpk: https://www.brid.gy/facebook/688447421193285#
#
kylewm sorry double post
#
aaronpk oh are you sending salmentions?
#
kylewm oh haha 192.241.192.83 is kylewm.com
#
Loqi haha
#
kylewm yes it must be sending a crap ton of salmentions
#
aaronpk okay
#
kylewm that is not great
#
aaronpk clustering is hard :)
#
aaronpk it just means that i'm hitting your server for each one, then ignoring it because the notification of your first webmention was already sent
#
@voxpelli @fkooman So either the data has to be fetched from a trusted source, like with WebMention, or be signed by a trusted source, like Salmon (twitter.com/_/status/631139964483407872)
#
kylewm and I'm probably sending a salmention notification for each invite, even though I'm actually hiding the invite replies
#
aaronpk ah yeah i was wondering why i wasn't seeing those
#
aaronpk voxpelli: okay from what I can tell, all you've really done here is added some extra steps to get to the point of the message being sent to bob's webmention endpoint
#
aaronpk there's no authentication still, so it's just as vulnerable to spam as alice initially sending the message to bob's WM endpoint
#
voxpelli aaronpk: to be fair – there are more steps in the current private messaging flow than there is in mine – not saying mine is better in any way, but the amount of steps seems like the wrong criticims?
#
aaronpk no i'm saying your outline is exactly equivalent to alice just sending the message to bob's WM endpoint in the first place
#
aaronpk (not comparing it to the wiki private messaging flow)
#
voxpelli aaronpk: the authentication are the same as with all PuSH flows – unique callback URL:s?
#
aaronpk that isn't really authentication tho is it?
#
voxpelli and the verification that it's actually Alice that sends them comes from the fact that the hub-discovery is made on Alice's page
#
aaronpk oh hm...
#
voxpelli So Bob knows that it's Alice who sends them and Alice knows that it's Bob who has subscribed to them – that's all that's needed, right?
#
aaronpk thinking...
#
aaronpk okay interesting. i think i see what you've done.
#
aaronpk i'm going to annotate this and also remove webmention/PuSH terminology to illustrate something
#
voxpelli cool
#
aaronpk (I'm pretty sure the From header is not needed as well)
#
aaronpk the important thing to note is that any POST request received cannot be trusted to be from a particular server, which is what all of this lookup is solving
#
voxpelli it would either be the a header or a parameter in the body or query of the request – I guess Blaine wanted to make a generic delegation mechanism, hence rel-delegation and From:
#
Loqi [mention] Kyle Mahan RSVPd no to https://webmention.io/notification/wGNMQ4eMkY_B3sCzkAYocQ
#
Loqi [mention] Justin David Kruger liked http://indiewebcamp.com/events/2014-07-16-homebrew-website-club https://webmention.io/notification/MpwXOPvowU--89-pr0SrSA
#
voxpelli aaronpk: (oh, and btw, I have the raw sequence diagram for https://bramp.github.io/js-sequence-diagrams/ if you want :P )
#
aaronpk oh that'd be helpful
#
aaronpk want to add that to the wiki?
#
voxpelli aaronpk: https://gist.github.com/voxpelli/f9f03f2a2b911900ebca
#
voxpelli not sure where on the wiki to add such very brainstormy things
#
aaronpk well you can always just upload the png image and add the source sequence diagram to the image page
#
@simonv3 Federated hosting and the indieweb: https://blog.sandstorm.io/news/2014-07-21-open-source-web-apps-require-federated-hosting.html (great blog post about 'why?' from @SandstormIO) (twitter.com/_/status/631144841666170880)
#
@krisshaffer Known is a (group) blogging platform, supports IndieWeb technology, open-sourçe, auto installs with Reclaim Hosting. @withknown #digped (twitter.com/_/status/631145319959515136)
tantek joined the channel
#
voxpelli aaronpk: tried to upload it but I get "File extension does not match MIME type." – both when uploading as a png and as a jpeg :P
#
@nobantu 9MoreDays of EBRegistration 4 21st Internet Identity Workshop Oct 27-29 https://www.eventbrite.com/e/internet-identity-workshop-xxi-21-2015b-tickets-16995007525 #IIW #VRM #indieweb +More #unConference (twitter.com/_/status/631147410253676544)
#
aaronpk oh weird
#
Loqi [bridgy] Kevin Marks replied '@jgarber @bthdonohue yes, I read the URL spec more carefully: ## is invalid (breaking some parsers) and + doesn't mean space in fragments.' to a tweet http://indiewebcamp.com/fragmention (https://twitter.com/kevinmarks/status/631147237167337472)
#
tommorris seeing adactio saying it is HWC in Brighton tomorrow, I ought to build some more stuff. :)
#
tantek tommorris: yes! HWC is good motivation to have something new to show, even if minor :)
#
aaronpk voxpelli: http://aaronparecki.com/uploads/private-message-20150811-102719.png
#
voxpelli aaronpk: great! that surfaces the flows much clearer – less plumbing – win!
#
aaronpk yeah!
#
aaronpk so the interesting thing is that the only URLs involved are the two home pages and the two endpoints
#
aaronpk the message itself doesn't need a URL, it just needs an ID
#
voxpelli yeah
#
aaronpk it bugs me a little that there doesn't need to be a URL for the message, because that makes this way less of a webby protocol
#
tommorris tantek: I've been thinking more about checkin and studying how Twitter does it and may build a nice prototype of a "check-in editor" - that is, a simple web front-end that does check-in right
#
aaronpk but it's neat that there's no authentication required for this
#
tommorris Twitter's location is nice because it lets you specify whether you want to be specific or general
#
tommorris so, on the Twitter iPhone app, you tap the location button and it brings up "Tag location" and I can choose between "London, England", "England, United Kingdom" and "United Kingdom" and at the bottom there's a "Share precise location"
#
tommorris which then sends the precise geo-coords. but if that's off, it just tags it as being in London
#
tantek tommorris: Swarm has neighborhoods and city checkins now too
#
tommorris yep.
#
tommorris so, geonames can find things down to the city level
#
tommorris but also geonames now has a fast indexed POI search for OSM
#
aaronpk i would actually argue that Swarm's neighborhood/city thing isn't actually a checkin, since it's all passive
#
tommorris no, you can do active neighbourhood checkin.
#
aaronpk really? i haven't seen that
#
tantek aaronpk - passive is an *option*
hs0ucy joined the channel
#
tommorris I've checked into lots of London neighbourhoods if I'm just wandering around
#
tantek you can explicitly select city / neighborhood
#
tommorris here's something cool though - http://api.geonames.org/findNearbyPOIsOSM?lat=51.51344&lng=-0.13416&username=demo&maxRows=50
#
tommorris you can't do that with the OSM API. I've been trying to build ways to do that, but Geonames just built it and rolled it out
#
tommorris it's not perfect: it doesn't have the OSM ID, but it's good enough to start building on
#
tommorris especially because you can then use the place's name and type to look it up in the OSM API
#
tommorris and you can have a job queue to do that later
#
aaronpk OSM API doesn't have nearby venue search?
#
tommorris nope
#
tommorris OSM doesn't really have a concept of "venues", just nodes and ways and relations and tags
#
tommorris hmm, the Geonames API doesn't have a bunch of data in it that it ought to
#
tommorris only has nodes AFAICT
#
tommorris sigh
KevinMarks, snarfed, snarfed1, KartikPrabhu, tantek, LukasRos, sparverius and afrogeek joined the channel
#
@thomasABoyt I think I'm just going to make a Tumblr instead. Sorry indieweb. (twitter.com/_/status/631173212617994240)
#
KartikPrabhu today in silos gonna silo: https://medium.com/@danrschlosser/linkedin-dark-patterns-3ae726fe1462
#
aaronpk hmm http://indiewebcamp.com/Tumblr needs info on how to use Tumblr in an indieweb-friendly way. e.g. map your own domain to it
#
tantek aaronpk - huh - that info is on a different page
#
tantek perhaps should be moved there?
#
tantek there's this http://indiewebcamp.com/web_hosting#Custom_domain_silos
LukasRos, j12t, afrogeek, sparverius, KartikPrabhu, chreekat, nedorito, KevinMarks_ and snarfed1 joined the channel
#
@schnarfed @thomasABoyt tumblr can be #indieweb! just follow https://t.co/uS6hasFSJ1, then try https://www.brid.gy/about#blogs and https://silo.pub/ (twitter.com/_/status/631183972471443456)
KevinMarks joined the channel
#
tantek Any experienced Tumblr users here who could help with updating /Tumblr with a "how to use Tumblr as an indieweb host" perspective?
KartikPrabhu joined the channel
#
snarfed1 tantek: if he follows those links he'll get pretty far. indieauth, micropub, webmentions in and out
#
snarfed and http://indiewebcamp.com/Tumblr is pretty comprehensive
#
tantek hmm true - maybe just needs a re-ordering of how-tos by expected first steps first / most useful to most people
LukasRos and fkooman joined the channel
#
KevinMarks today in wtf ad news: http://known.kevinmarks.com/2015/content-blockers-bad-ads-and-what-were-doing-about-it-its-so-bad-our-tech-team-has-been-exploring
#
tantek.com edited /Tumblr (+623) "re-order how tos by how to use Tumblr for indieweb hosting, export, how to POSSE etc. to Tumblr as a logical temporal / order of implementation sequence, clarify post types to the 7 currently on Tumblr" (view diff)
#
kevinmarks.com edited /Tumblr (-18) "/* Post via Micropub */ feverdream->silo.pub" (view diff)
#
kevinmarks.com edited /Tumblr (+18) "/* Post via Micropub */" (view diff)
#
fkooman heya
#
aaronpk kylewm++ for silo.pub
#
Loqi fkooman: aaronpk left you a message 4 hours, 21 minutes ago: re: private webmention vs inbox, do you mean that you think the contents of a private message should be sent in the payload vs retrieved like webmention verification? http://indiewebcamp.com/irc/2015-08-11/line/1439307677643
#
Loqi kylewm has 214 karma
#
Loqi fkooman: aaronpk left you a message 4 hours, 14 minutes ago: re: https://www.tuxed.net/fkooman/blog/group_communication_platform.html how am I supposed to be able to get an access token to your site in order to send you a message? that seems backwards, since that means you have to be able to issue access tokens to arbitrary domains before you have received anything http://indiewebcamp.com/irc/2015-08-11/line/1439308114169
#
tantek.com edited /Tumblr (+62) "/* How to */ Use your own domain" (view diff)
#
aaronpk hey fkooman
#
tantek.com edited /Tumblr (+48) "/* Add webmention support */ see https://www.brid.gy/about#blogs for more" (view diff)
#
tantek.com edited /Tumblr (+33) "/* Post via Micropub */ see silo.pub for more" (view diff)
#
fkooman aaronpk, it seems i said some controversial things :) reading up on the log now
#
tantek snarfed++ for replying helpfully on Twitter re: Tumblr for indieweb
#
Loqi snarfed has 129 karma
#
aaronpk :)
#
tantek snarfed, please review https://indiewebcamp.com/Tumblr#How_to - I tried to order by most bang/relevance for the buck as it were for Tumblr users, then those looking to transition from Tumblr to more indepenent web hosting.
interactivist joined the channel
#
snarfed lgtm thanks!
#
fkooman aaronpk, yeah, why not in the payload of the POST message. It is not always ideal, e.g. when sending "big" files, but needing to fetch stuff all around the planet (and keeping a copy) is also not ideal...
#
fkooman the "spam" problem already exists on the indieweb with distributed indieauth
#
snarfed /nick snarfed
#
snarfed ugh
#
aaronpk what does indieauth have to do with spam?
#
fkooman aaronpk, the "client", whichever app that is will obtain an access_token using OAuth, just like any other OAuth client
#
aaronpk fkooman: the difference is in your proposal, i'm expected to dish out access tokens to anyone who asks. the way it's currently described, I only have to dish out an access token to people I send messages to
#
fkooman aaronpk, that was not regarding your comment, but something else from the log, the spam issue when having an "inbox". If your service supports distributed indieauth a spammer can put a lot of spam content on your service using their own indieauth compatible server to grant authentication
#
fkooman aaronpk, yeah, that is not ideal
#
fkooman but the person who asks needs to have their own (https) website listing their authorization server and methods for authenticating
#
fkooman so the restriction is the same as logging in to IWC wiki
#
aaronpk fkooman: what you're describing can be separated into two totally different things. 1) you are describing a "commons", which like the wiki, multiple people can sign in to and add things to. 2) you are describing a notification mechanism
eschnou joined the channel
#
fkooman i guess that's true
#
aaronpk they're basically totally different things and are not dependent on each other
#
fkooman aaronpk, private messages from user to user and notifications (by services)
#
aaronpk yeah
#
fkooman here i was more focused on messages from services, not messages from alice to bob
#
aaronpk sure, but it's the same in the end
#
aaronpk so I have no issues with #1, a shared workspace is one solution to "indie" groups
Lancey joined the channel
#
aaronpk but I have issues with the notification "inbox" mechanism, which I described earlier
#
fkooman yeah, I am also much more fan of email to be honest ;)
#
aaronparecki.com uploaded /Special:Log/upload "uploaded "[[File:private-messaging-brainstorming-flow.png]]""
#
aaronparecki.com edited /File:private-messaging-brainstorming-flow.png (+712) "add source" (view diff)
#
fkooman aaronpk, for service notifications one could probably only accept notifications for services that were logged in to at least once
#
aaronpk accepting notifications is about spam, which is separate from how the message is delivered
#
aaronparecki.com created /private-messaging-brainstorming (+55) "Created page with "[[File:private-messaging-brainstorming-flow.png|700px]]"" (view diff)
#
aaronpk fkooman: i'm curious what your thoughts are on this which voxpelli and I were talking about earlier today https://indiewebcamp.com/private-messaging-brainstorming
#
fkooman aaronpk, yeah i saw that, what is step 6?
#
aaronpk i will add some details
#
@CateBlouke #digitaltoolbox - WebMention - http://indiewebcamp.com/Webmention "a simple way to notify any URL when you link to it on your site." #digped (twitter.com/_/status/631201021247799296)
#
fkooman aaronpk, it looks interesting, so no OAuth involved?
#
aaronpk right
#
aaronpk i'm still trying to figure out if there is a hole in it somewhere
nedorito joined the channel
#
fkooman aaronpk, you probably need to add a nonce somewhere
#
aaronpk something other than the message ID?
#
aaronpk once I walk through this imagining implementing all 4 parts I will have a better idea
#
fkooman aaronpk, well, if you treat the message ID as a nonce I guess it is fine, or is it meant to be sequential?
#
@CateBlouke Another thing to ask @krisshaffer about - POSSE - Publish (on your) Own Site, Syndicate Elsewhere https://indiewebcamp.com/POSSE #digped (twitter.com/_/status/631201717527400448)
#
aaronpk nah arbitrary string
#
aaronpk oops i just realized the numbers in that diagram go 1,2,5,6,7
#
aaronpk can't count
#
aaronparecki.com edited /File:private-messaging-brainstorming-flow.png (+0) (view diff)
#
aaronparecki.com edited /Special:Log/upload () "uploaded a new version of "[[File:private-messaging-brainstorming-flow.png]]"" (view diff)
#
fkooman aaronpk, yeah a bit more detail would help
#
fkooman I like there is no OAuth :)
#
fkooman and it is push
#
fkooman but it looks really interesting!
#
@koutropoulos RT @CateBlouke: Another thing to ask @krisshaffer about - POSSE - Publish (on your) Own Site, Syndicate Elsewhere https://indiewebcamp.com/POSSE #… (twitter.com/_/status/631202966607949824)
#
fkooman aaronpk, but does it prevent spam?
#
aaronpk i'm pretty sure spam prevention is always going to be a separate issue
#
aaronpk and will be a problem regardless of the mechanism
#
aaronpk the only way to prevent spam is to not have a way to accept unsolicited notifications in the first place
#
fkooman that is true, but involving the OAuth flow and only accepting messages from services/sites you have logged in to may make this a lot easier...
#
aaronpk "have logged in to" is a whitelisting mechanism, and works with any of these options
#
fkooman but implicit whitelisting ;)
#
aaronpk sure, that's one possible spam prevention technique, and also doesn't rely on oauth and would work with even existing webmentions
#
aaronpk in order of increasing prevention of spam: 1) accept arbitrary notifications (email, trackback), 2) accept arbitrary notifications where you can verify the sender (pingback, webmention) 3) subscribe-first notifications (PuSH)
#
fkooman but how is private-messaging-brainstorming better than accepting arbitrary notifications?
#
aaronpk it's #2
#
aaronpk because you get verification that the message came from the person it says it's from
#
fkooman aaronpk, ah, i guess my proposed inbox is also #2 then
#
fkooman but maybe more complicated than your proposal
#
fkooman or maybe simpler... i am not quite sure how to quantify that :)
#
aaronpk anything that involves auth is more complicated by default :)
#
fkooman aaronpk, yeah, but regarding the flow maybe not so much :)
#
aaronpk one sec, almost done writing this up
#
Kongaloosh Is there a good way to discover indieweb blogs?
#
fkooman google? :-)
#
aaronpk http://indiewebcamp.com/irc-people is a good start
#
Kongaloosh yeah, I've been looking through irc people.
#
fkooman Kongaloosh, http://indiewebcamp.com/2015/Germany/Guest_List
chreekat joined the channel
#
fkooman Kongaloosh, there is a lot mentioned there, at least the "active" people are there, most with their webpage
#
aaronpk oh yeah. the guest lists! good call
#
Kongaloosh ah, cool!
#
Kongaloosh yeah, I should go through those
#
fkooman Kongaloosh, you are trying to setup a "planet"? :)
#
snarfed also feel free to crawl https://www.brid.gy/users, >2k there
interactivist joined the channel
#
Kongaloosh fkooman: what do you mean by planet?
#
aaronpk what is a planet?
#
Loqi https://indiewebcamp.com/planet
#
Kongaloosh snarfed: cool, thanks!
#
aaronpk hah! that is not a thing
#
aaronpk i want it to be a thing
#
Kongaloosh huh
#
fkooman e.g. planet.gnome.org, planet.fedorapeople.org, an aggregation of people's blogs
#
fkooman runs to implement RSS :P
#
@4c4d @SwiftOnSecurity #indieweb (twitter.com/_/status/631208734639788032)
#
aaronpk nah I wanna do an h-entry planet
#
fkooman http://www.planetplanet.org/
#
aaronparecki.com edited /private-messaging-brainstorming (+1459) (view diff)
#
aaronpk fkooman: https://indiewebcamp.com/private-messaging-brainstorming
#
aaronpk more details!
#
fkooman yeee :)
#
fkooman aaronpk, rel="inbox"?
#
fkooman runs
#
aaronpk bah
#
aaronpk !tell voxpelli for your review: https://indiewebcamp.com/private-messaging-brainstorming
#
Loqi Ok, I'll tell them that when I see them next
#
aaronparecki.com edited /private-messaging-brainstorming (+26) "/* Possible implementations */" (view diff)
#
fkooman aaronpk, looks good though!
#
fkooman aaronpk, i guess it can also work for services...
#
aaronpk yeah i don't see why not
#
fkooman cool :)
#
aaronpk ah i found the place that needs another nonce/id
#
aaronparecki.com edited /private-messaging-brainstorming (+945) "add section about implementation requirements for each role" (view diff)
#
aaronpk I do like how all the work is pushed off to these delegated endpoints
KevinMarks joined the channel
#
fkooman aaronpk, and how does pm.alice get the message?
#
aaronpk that's probably where Alice wrote the message
#
aaronpk i think it's okay that it's unspecified here
#
fkooman aaronpk, yeah, i guess it could be an oauth client that puts a message in "outbox" or something, would also be great to confirm delivery etc by moving it to 'sent' or something :)
#
aaronpk it's basically equivalent to asking "how does alice write a blog post"
#
aaronpk the answer is it varies wildly depending on the implementation
#
fkooman yeah
#
fkooman best to leave it out of the spec yeah
#
aaronpk oh you know what? this can be extended to support sending multiple messages in a row without doing the whole flow again
#
aaronpk basically step 1-2-3 is all about establishing a relationship between the two pm servers
#
aaronpk at that point, pm.alice can send unsolicited messages to pm.bob using the secret that bob generated in step 3
#
fkooman almost oauth again ;)
#
aaronpk hm yes... /me re-reads this imagining step 1-2-3 is actually just the process of obtaining an access token
#
aaronpk this is why I wrote the diagram without mentioning any specific protocols
#
fkooman so then we are getting crazy close to my proposal again...
#
aaronpk kinda
#
tyson.vanoverhill.com edited /events/2015-08-12-homebrew-website-club (+20) "/* Portland */" (view diff)
#
fkooman you basically strip out the authentication completely, and base it on 'client_id' and 'redirect_uri'
#
fkooman it should be possible to keep it simpler
#
aaronpk in https://indiewebcamp.com/private-messaging-brainstorming 1-2-3 can be rephrased "alice: hey I want to send you things. pm.bob: okay you can send things here if you include this token"
#
aaronpk and then pm.alice has a token that can be used repeatedly to send things to pm.bob, and pm.bob knows they came from alice
#
fkooman where did we hear that before yeah... :)
#
aaronpk this is... interesting
#
Loqi [mention] Shaun Guice RSVPd yes to https://webmention.io/notification/fXV4qPuGwdwas_UYzq3qzw
#
aaronpk oh dang, this has the same problem of being obligated to generate tokens based on unverified requests
#
aaronpk needs an extra check in step 3
#
aaronpk "hey there, I heard alice wants to send message 1234 to bob. Is this legit?" pm.alice replies "yes", *then* pm.bob generates a token and tells pm.alice to send the message
#
ylo 21:31:50 HTTP.1 | GET 404 http://fonts.googleapis.com/css?family=Lobster <dns:127.0.0.1> text/html http://pedrocr.pt/text/curated-web/
#
ylo what recourse is there against people that violate the TAG finding on nonconsensual tracking
#
snarfed wat
#
aaronparecki.com edited /File:private-messaging-brainstorming-flow.png (+125) (view diff)
#
aaronparecki.com edited /Special:Log/upload () "uploaded a new version of "[[File:private-messaging-brainstorming-flow.png]]"" (view diff)
#
fkooman aaronpk, to be fair, my 'solution' also verifies before sending an access token
#
aaronpk i'm talking about *generating* an access token, not just sending it
#
fkooman aaronpk, it is generated at the time the authorization_code is exchanged for an access_token, so after the authentication step (and thus domain validation) has taken place
#
aaronpk oh i might be confusing this with something else
#
fkooman just like how OAuth works without client credentials
#
aaronpk no this is what i was thinking
#
aaronpk yes you know the domain validation has passed, but you still have to generate tokens regardless of whether there is a message there
#
aaronpk what i'm saying is if i'm writing a thing that generates tokens, i don't want to be expected to generate tokens for everybody who comes along, i only want to generate tokens if i have an interest in them
#
aaronparecki.com edited /private-messaging-brainstorming (+124) (view diff)
#
fkooman the whole point is that you don't know beforehand if you are interested in them...
#
fkooman anyone with a webpage and valid SSL certificate should be able to send you an (unsolicited) message
#
aaronpk it's the difference between someone trying to send me a message vs not trying to send me a message
#
fkooman &scope=message
#
fkooman done :)
#
aaronpk so this is only going to work if the burden is on the sender
#
aaronpk so whatever the receiver is doing, we have to make sure the sender is doing more
#
fkooman it needs to complete the oauth flow, including authentication
#
aaronpk well i am thoroughly confused now, but at least i have braindumped everything onto the wiki so i can review it later
#
fkooman the "is this legit" step is not really needed i guess, as any other server than the real one would lie anyway
#
aaronpk it's a step that saves bob from generating a token unnecessarily
#
fkooman time for sleep in UTC+2 in any case
#
fkooman i hope we can find something (a lot) simpler and better than oauth for this
#
aaronpk yeah, will be good to take a look at this again tomorrow
#
fkooman ciao :)
Garbee joined the channel
#
gRegorLove On /private-messaging-brainstorming step 6 "secret that was included in step 3. " I think is meant to refer to step 4. Or 3 doesn't mention a secret, at least.
#
@pierreozoux @jfitzgaynard @fo0_ @Togovisions @annagueye @YouTube @Geisingen if you look for hosting? Let me know :) #indieweb (twitter.com/_/status/631229672806850560)
#
aaronpk thanks
#
aaronparecki.com edited /private-messaging-brainstorming (+0) "/* Possible implementations */" (view diff)
#
gRegorLove That token is just a way to validate the message coming back is actually from pm.alice.example.uk?
#
aaronpk yeah because the last step where the message is actually sent needs to be validated somehow
#
aaronpk every solid line is an unsolicited request, the dashed lines are the reply
#
gRegorLove Ah, ok.
#
aaronpk so you have to imagine that at any point, these endpoints may be receiving bogus requests
#
gRegorLove The text explanation helped me understand it a lot better, heh
#
aaronpk the text on the wiki or in the diagram?
#
gRegorLove wiki
#
aaronpk k
#
aaronpk i found the conversational text in the diagram is useful because it guides you through the steps more, but having the details below is where the actual protocol lives
glennjones joined the channel
#
gRegorLove I came into it pretty blind so didn't spend much time trying to understand the diagram earlier. :)
KartikPrabhu joined the channel
#
aaronparecki.com uploaded /Special:Log/upload "uploaded "[[File:private-message-brainstorming-token.png]]""
#
aaronparecki.com edited /File:private-message-brainstorming-token.png (+828) (view diff)
#
aaronparecki.com edited /private-messaging-brainstorming (+382) (view diff)
#
aaronpk gRegorLove: does this make more or less sense? https://indiewebcamp.com/private-messaging-brainstorming#Alternate_Example
#
KartikPrabhu on js;dr: https://twitter.com/craigmod/status/631226759845773312
#
@craigmod JavaScript has been off on the phone for months. And ghostery on on the desktop for weeks. Hard to go back. (twitter.com/_/status/631226759845773312)
#
gRegorLove I can understand it now that I've read the text version and understand it better, but the diagram still seems weird to me. Could just be that I'm not used to reading these type of diagrams.
#
aaronpk yeah it does take a while to get used to them
#
aaronpk but then they are super useful
benwerd joined the channel
#
snarfed aaronpk just fyi bridgy should be able to fetch your https permalinks again, if you want to switch them back
#
aaronpk woo!!
#
aaronpk thanks!!
#
snarfed (gory details in https://github.com/snarfed/bridgy/issues/442)
#
aaronpk i've been watching that thread!
#
aaronpk snarfed++
#
Loqi snarfed has 130 karma
#
snarfed ugh, apologies for watching that thread :P
#
aaronpk haah
#
aaronpk oh man indiewebcat is getting a backlog of mentions now too :)
#
snarfed popular girl
#
KevinMarks_ Is this private messaging like 2-legged OAuth?
#
aaronpk i guess?
#
aaronpk i've never been a fan of the 2-legged vs 3-legged terminology
benwerd joined the channel
#
aaronpk wow when you search google for טוויטר it highlights "twitter" in all the results
#
aaronpk also IRC does not understand RTL
#
aaronpk https://www.google.com/search?q=%D7%98%D7%95%D7%95%D7%99%D7%98%D7%A8
#
KevinMarks it is a confusing terminology; I'm hoping you are defining a better one in your book
#
aaronpk luckily that terminology isn't used at all in oauth2
#
KevinMarks well, it needs a new taxonomy
snarfed1 joined the channel
#
aaronpk oauth2 dropped the initial request token, so the equivalent to oauth1's 2-legged is the client credentials grant, which is literally just one post request