#indieweb 2016-08-14

2016-08-14 UTC
AngeloGladding, mlncn, hoplo2, mindB, Lana, ChrisAldrich, KevinMarks, KevinMarks_, wolftune, keroberos, antipolar and dontTrustOver25 joined the channel
#
@botwikidotorg @Veronica Just playing with webmentions, and yes, it is working! http://webmention.io/api/mentions?target=https%3A%2F%2Fbotwiki.org%2Ftutorials%2Fmake-an-image-posting-twitter-bot%2F #indieweb (twitter.com/_/status/764658986142601217)
KartikPrabhu joined the channel
#
miklb I love the conclusion to Manton's post about Solid & CIMBA http://www.manton.org/2016/08/tim-berners-lees-solid.html
AngeloGladding joined the channel
#
aaronpk snarfed++
#
Loqi snarfed has 239 karma (237 in this channel)
#
GWG !tell tantek Having trouble finding people on their profile who mention NYC
#
Loqi Ok, I'll tell them that when I see them next
#
Loqi GWG: tantek left you a message 15 hours, 30 minutes ago: try a Twitter search for #PDF14 @t - you should find a bunch more NYC folks to consider reaching out to for IWC NYC2! If you could capture their name/@-name on the IWC NYC2 Planning page and reach out to them that would be great! Thanks! -t
ChrisAldrich, snarfed, wolftune and doesntgolf joined the channel
#
@kevinmarks This feels like it's circling around the #indieweb insight, but then veers off like a comet heading out again http://venturebeat.com/2016/08/13/content-management-systems-are-killing-creativity/amp/ (twitter.com/_/status/764694500765609987)
#
Loqi [indieweb] "This feels like it's circling around the #indieweb insight, but then veers off like a comet heading out again http://venturebeat.com/2016/08/13/content-management-systems-are-killing-creativity/amp/" by Kevin Marks http://known.kevinmarks.com/2016/this-feels-like-its-circling-around-the-indieweb-insight-but
KevinMarks, AngeloGladding, snarfed, KevinMarks_, ChrisAldrich and Kopfstein joined the channel
#
Loqi [indieweb] "Comment on The Indieweb Frees Me From “Awaiting Moderation” by Tino Kremer" by Tino Kremer http://boffosocko.com/2016/08/10/the-indieweb-frees-me-from-awaiting-moderation/#comment-31686
gkbrk, aliasd, catsup, lhynes and cmal joined the channel
#
cmal ahoy :)
Logbot1984 joined the channel
#
Loqi [indieweb] "h-feed and pagination; distinction between full and partial feed? u-* properties for previous, next, first, last? #indieweb" by Richard Carls https://www.richardcarls.com/2016/h-feed-and-pagination-distinction-between-full-and-partial-feed-u
#
Loqi [indieweb] "Aaron Parecki https://aaronparecki.com/2016/06/18/7/indieweb-summit-videos" by Richard Carls https://www.richardcarls.com/2016/aaron-parecki-201606187indieweb-summit-videos
Logbot1984 joined the channel
#
voxpelli wow, just replied to that latest post only to find out it's 27 days old: https://www.richardcarls.com/2016/h-feed-and-pagination-distinction-between-full-and-partial-feed-u
#
Loqi [Richard Carls] h-feed and pagination; distinction between full and partial feed? u-* properties for previous, next, first, last? #indieweb
#
voxpelli !tell aaronpk No time limit on Loqi's Superfeedr import? Does it pull in posts whenever Superfeedr finds them, no matter if they are posted weeks ago? Maybe limit to last X days?
#
Loqi Ok, I'll tell them that when I see them next
#
cmal voxpelli++
#
Loqi voxpelli has 89 karma (82 in this channel)
#
cmal never heard of rel-next/prev before :)
#
voxpelli supported by Google: https://support.google.com/webmasters/answer/1663744?hl=en :)
#
cmal :)
#
jboy Good to know. voxpelli++
#
cmal so the French ministry of labour and prime minister just gave a vibrant homage to the now-defunct previous leader of the biggest workers union in France, the CGT. Officially (according to both gov and CGT) they're adversaries trying to tear off each other, but I think that's just the most truthful manifestation we've had so far of the collusions between the two
#
cmal in the past months during the labour law reform opposition movement (which gathered literally millions of people, destroyed many banks and sent many both cops and demonstrants to the hospital), the CGT had its militia assaulting demonstrants and working hand in hand with the police to "stop lawbreakers"
#
cmal so I think it's sort of funny to have a national-socialist government paying its regards to the former head of the fascist pro-business militias who keep it in power :-/
#
cmal reminders of 1936 Spain or 1933 Germany…
#
cmal to get back to the implicit topic, with all the censorship and repression facing activists, we need out-of-the-box encryption/authentication on the #Indieweb (ping aaronpk)
#
voxpelli what is pgp?
#
Loqi OpenPGP (Pretty Good Privacy) is a message exchange format that uses public key cryptography to enable people to exchange encrypted and/or signed data https://indieweb.org/pgp
#
voxpelli ^ some ideas there it looks like
#
cmal yup
#
cmal we were more precisely talking about using PGP signatures as auto-validation mechanisms for webmentions (if remote user PGP key is already locally cached and hasn't been revoked and the content of the source of the webmention is provided with a valid signature, then there's not necessarily a need to parse the source of the webmention)
#
cmal and also potentialy as a vouching mechanism using the PGP Web of Trust (say, allowing person N to interact with you if they have a valid signature from someone you follow)
#
voxpelli wouldn't you need to parse it anyhow to get the signature that you need to verify?
#
voxpelli it's pretty much like Vouch, but instead of relying purely on https and domains, one has signing mechanisms as well
#
voxpelli it could even be Vouch depending on how Vouch defines that an identity should be detected
#
cmal typically a webmention has a source & target, but if you add a third argument containing the signed HTML+mf2 then you don't need the parsing
#
voxpelli what is messaging?
#
Loqi messaging refers to one user sending another user a message (memo, letter, txt, photo …) that they read sometime later; on the IndieWeb, either directly via a personal site, or from one site to another https://indieweb.org/messaging
#
voxpelli ^ sounds like that then
#
voxpelli what is indieweb-messaging?
#
Loqi https://indieweb.org/indieweb_messaging
#
voxpelli ^ meant that one
#
voxpelli is not that good at his Loqi asking apparently
#
voxpelli there's also this alternative in the brainstorming: http://indieweb.org/private-messaging-brainstorming
#
cmal is doing some reading…
#
voxpelli I prefer the alternative solution to the private webmention one
#
cmal you mean the private-messaging-brainstorming?
#
cmal sounds overly complicated, with tokens and all… I think asymmetric cryptography solves many of these problems at once
#
voxpelli the tokens and such are involved in the private webmention one as well
#
cmal 1. authentication can be assured by keys defined in the h-card (that can be cached locally by remote endpoints), 2. encryption is easy 3. giving your endpoint only a subkey of your master key (which you can revoke and change at any time) makes it easier to tackle full-compromission
#
cmal indeed, but maybe that's precisely something that's not that useful? (I'm not sure, I'm wondering)
#
voxpelli the alternative solution is basically just a way to discover each others messaging server and then to ensure that A is actually the one sending something to B
#
voxpelli "2. encryption is easy" – not sure everyone would agree on that part ;)
#
voxpelli I think signing of messages can be great as an enhancement, but not needed as a requirement as long as https is used
#
@CaptainKurtis @schestowitz #indiewebcamp and @withknown are good alternatives too. (twitter.com/_/status/764816268092407808)
mindB2 joined the channel
#
cmal voxpelli: well HTTPS doesn't authenticate the user themselves, it identifies a subdomain/machine which I think is a difference to take into consideration
#
cmal I don't think relying on HTTPS for private communications is a good idea at all. GPG over HTTPS seems slightly better.
#
voxpelli cmal: yes, hence the enhancement part, you at least know it's the right machine and depending on the privacy needs that can be totally okay
#
@TorontoWiki Lost Infrastructure of #SocialMedia Table of #IndieWeb Technology https://indieweb.org/lost_infrastructure | #openweb #blogging (twitter.com/_/status/764818720568905728)
#
cmal (because you have server-to-server authentication/encryption via HTTPS, and user-to-user authentication/encryption via GPG
#
voxpelli the step from https-only to https+pgp is smaller than from nothing to full on https+pgp
#
cmal I mean, it should just be the default out-of-the-box :-/
#
voxpelli I feel such progressive enhancement is important in the indie world, to make it possible for people to build out new functionality step by step, dogfooding their way into the future
#
cmal yup :)
#
cmal also I think it's going to become a critical point for one specific reason: without proper authentication mechanisms we're just going to be spammed all over and over and over
#
cmal for now there's no huge incentives for spammers to troll the Indieweb (although I recall streams.withknown.com has its lot of spamming), but big orgs will think about it twice before implementing webmentions if there's no spam-tolerant easy implementation of webmentions
#
voxpelli one should get pretty far with Vouch
#
voxpelli but it's totally something we need to focus more on
#
cmal seems limited to me, it only requires ONE SINGLE LINK to the vouchee's domain (from the voucher's domain) to get a vouch, am I correct?
#
voxpelli will focus on such things in his endpoint once his Salmentioning and SWAT0:ing is done
#
cmal so that means any XSS undermines vouch, and anyone sharing a subdomain with you (say, in different subfolders) can vouch in your name by just adding a link on their blog
#
cmal (that's my recollection of Vouch as exposed on the wiki)
#
voxpelli the vouching URL would probably be one that doesn't accept user input, and I think it makes sense to ignore any links with eg. rel-nofollow on them
#
cmal (but then if people implement it with followers/contacts lists then it's starting to be a good mechanism)
#
voxpelli so it wouldn't be any link on any page of a domain, but rather a link from a single user profile page
#
cmal that sounds more sane, indeed :)
#
voxpelli and I think it's mainly a way to add an easy mechanism to extends ones web of trust, as it's hard to get a good conversation going of one maintains just a strict static whitelist
#
voxpelli probably makes sense to have other ways to dynamically extend it as well
#
cmal well I think in the context of the social web, this could be handled by followers lists (or, depending on vouching settings, lists of people who follow you and whom you follow)
#
voxpelli yeah, totally
#
voxpelli there has also been ideas about the reverse – a block list: http://indieweb.org/block
#
cmal then the only question is how to handle vouching such as one would not expose their whole contact list (parts of which may be private)
#
voxpelli cmal: http://indieweb.org/private_posts#Public_Page_Upgrading
#
voxpelli public page upgrading is a good one there
#
voxpelli especially for black lists as that one can be pretty troublesome to have public
#
voxpelli people tend to not like being pointed out as troublemakers
#
@arielchuri The indieweb http://arielchuri.tumblr.com/post/148930716434/the-indieweb#_=_ (twitter.com/_/status/764822700145664005)
#
cmal so this is where public-key cryptography can come in handy: when sending a webmention to someone who doesn't trust you yet, you could sign with your key a vouch request to a mutual friend and attach it to the webmention, then the receiver of the webmention could query the mutual friend with the signed vouching request, and if it matches your key and a request to your h-card url, then it would return a valid vouch
#
cmal the problem with this technique is we're back to needing to send a request to the voucher, which might be replaced by some web-of-trust
#
cmal anyway, sorry I think I need to crawl the wiki some more and talk about it with a few friends, then I'll make clearer contributions to the debate
#
cmal mostly right now I'm just pointing out the edge-cases limitations of what people have already wonderfully come up with
#
cmal but if some people are interested in having a precise debate around these specific issues, maybe we could do this some time?
#
voxpelli an IWC is a perfect time if you're planning to attend one
#
cmal unfortunately not anytime soon, but I guess a meeting on IRC + Etherpad could go fine as well? maybe even some Mumble?
#
@rbrt1000 @jeansnow lol this is why everyone needs a local copy of stuff they push to the silo's #indieweb (twitter.com/_/status/764825347414224896)
miklb, dontTrustOver25, aliasd, snarfed, AngeloGladding and mlncn joined the channel
#
Zegnat cmal: it would take some coordinating, but IRC + Etherpad + IWC can work as well. voxpelli and I had some interesting multi-language debate on IRC during IWC Düsseldorf.
#
cmal sounds cool :)
#
Zegnat finally got his credit card and can start planning his trip to IWC Brighton
#
voxpelli Zegnat: this time, we will meet for real, prepare yourself ;)
#
Zegnat That just means we get to gossip in Swedish, right? ;) There was a lot of German going on at the Düsseldorf IWC
#
voxpelli could perhaps be neat to do some multi-lingual work in Brighton, there will be some germans there as well
#
miklb when is IWC Brighton?
#
Loqi what
#
miklb what is IWC Brighton
#
Loqi It looks like we don't have a page for "IWC Brighton" yet. Would you like to create it?
#
miklb heh, I thought Loqi was going to give me the date when responded with 'what'
#
Zegnat What is IndieWebCamp Brighton?
#
Loqi It looks like we don't have a page for "IndieWebCamp Brighton" yet. Would you like to create it?
#
Zegnat Seriously?
#
Zegnat What is 2016/Brighton?
#
Zegnat Hmm, ping aaronpk, is there some syntax to get Loqi tuned to /2016/Brighton?
dontTrustOver25, nitot, leg, cmal and mindB joined the channel
#
cmal actually, I think indieauth could be a very powerful tool to promote both the indieweb and public key authentication on the client side (browser implementation is a nightmare, but indie apps could pave the way)
wolftune joined the channel
#
Zegnat sknebel: have you considered going to IWC Düsseldorf?
#
Zegnat *IWC Brighton ....
dontTrustOver25 joined the channel
#
aaronpk good morning
#
Loqi aaronpk: voxpelli left you a message 3 hours, 57 minutes ago: No time limit on Loqi's Superfeedr import? Does it pull in posts whenever Superfeedr finds them, no matter if they are posted weeks ago? Maybe limit to last X days?
#
Loqi guten morgen
#
aaronpk interesting idea
#
aaronpk yeah right now Loqi just reports any ping that superfeedr sends
#
Zegnat Good morning aaronpk
KevinMarks joined the channel
#
aaronpk i'm going to start by including the date in the line that Loqi reports
#
petermolnar a friendly note for markdown users: pandoc is at least 1, of not 2 magnitude slower that Parsedown (Extra), but on the other hand, if you're compatible with pandoc, you're compatible with everything
gkbrk, Lana, KevinMarks_, squeakytoy, ChrisAldrich and dontTrustOver25 joined the channel
#
KevinMarks_ ipfs << http://www.atnnn.com/p/ipfs-hosting/
#
Loqi There was an error: Array
#
KevinMarks_ Hm
#
KevinMarks_ What is ipfs?
#
Loqi IPFS is an abbreviation for “InterPlanetary File System”, self-described as “a new hypermedia distribution protocol”, yet does not appear to be selfdogfooded, and thus should be considered risky and experimental at best https://indieweb.org/IPFS
#
KevinMarks_ IPFS << http://www.atnnn.com/p/ipfs-hosting/
#
Loqi ok, I added "http://www.atnnn.com/p/ipfs-hosting/" to the "See Also" section of /IPFS
#
KevinMarks_ Is the array error loqi's way of saying no page?
#
aaronpk huh, i thought he checked for the page before trying to add it
Guest49, dontTrustOver25, bttf, reidab, wagle, cmal and KevinMarks joined the channel
#
aaronpk !tell snarfed I made a new page, https://aaronparecki.com/syndicated which only includes posts that are syndicated elsewhere. Hopefully that works with bridgy better now!
#
Loqi Ok, I'll tell them that when I see them next
wolftune joined the channel
#
petermolnar I mentioned on -dev: careful with launching the ipfs daemon, I got a rather surprising mail from hetzner (the company I'm renting my server from): http://pastebin.com/VmVPQU6i
j4y_funabashi joined the channel
#
sknebel petermolnar: yeah, because they scan the local subnet to find local peers... recommended workaround is blocking local networks via firewall: https://github.com/ipfs/go-ipfs/issues/1226 (IMHO they really should add a commandline switch or something for tha)
#
sknebel correction: doesn't need firewall, but special configuration: https://github.com/ipfs/go-ipfs/issues/1226#issuecomment-120494604
cmal joined the channel
#
petermolnar I'm testing that solution
#
petermolnar we'll see
KevinMarks_ joined the channel
#
Zegnat How does ipfs work with /delete ?
dontTrustOver25 and snarfed joined the channel
#
snarfed thanks aaronpk!
#
Loqi snarfed: aaronpk left you a message 1 hour, 4 minutes ago: I made a new page, https://aaronparecki.com/syndicated which only includes posts that are syndicated elsewhere. Hopefully that works with bridgy better now!
#
snarfed you did the right thing by putting it above /all in your html. bridgy does simple in order traversal, first 10 only, per crawl
neilpdx joined the channel
#
GWG afternoon
#
cmal evening :)
#
GWG Greetings cmal.
#
GWG Anything of note there?
#
cmal I don't know, I think mostly brief discussion about IPFS, IWC and private communications :)
dontTrustOver25 joined the channel
#
GWG I have to build a chroot ftp jail today
#
cmal nice :)
#
GWG Not really, I wish I didn't have to use FTP but someone won't communicate any other way. Apparently SCP is beyond them.
#
GWG After that, back to where I am stuck on an Indieweb project.
KevinMarks joined the channel
#
neilpdx is your concern security? SFTP is supported if you can enable SSH for the user
#
GWG My concern is security. But these people won't cooperate.
#
GWG So I invested in an $11/yr VPS to host it.
#
neilpdx right
#
neilpdx Plesk?
#
GWG neilpdx, a discount VPS provider.
#
neilpdx i see GWG
#
GWG As long as I have the thing, it can be a decent spare dev environment
#
neilpdx right
KevinMarks joined the channel
#
@klischka Wo ist das Technorati der 10er-Jahre? The lost infrastructure of social media: https://medium.com/@anildash/the-lost-infrastructure-of-social-media-d2b95662ccd3 Indieweb: https://indieweb.org/lost_infrastructure (twitter.com/_/status/764935557226991617)
#
Loqi [indieweb] "Wo ist das Technorati der 10er-Jahre? The lost infrastructure of social media: https://medium.com/@anildash/the-lost-infrastructure-of-social-media-d2b95662ccd3 Indieweb: https://indieweb.org/lost_infrastructure" by Konrad Lischka on 2016-08-14 https://stromgeber.lischka.cc/2016/wo-ist-das-technorati-der-10er-jahre-the-lost-infrastructure-of
KevinMarks, ChrisAldrich, CherryPuffs, dontTrustOver25 and GWG joined the channel
#
sensiblemn good news for #indiewebcamp android users! I emailed the Url Forwarder dev and asked him to liberate his software with a free software license and he said yes. you can find the code here: https://github.com/daverix/urlforwarder/tree/master It hopefully will be hitting F-droid soon: https://f-droid.org/forums/topic/url-forwarder/
#
miklb so if publish a note to bridgy without a link to Twitter, replies/likes don't link back to the the note?
#
sensiblemn ping ChrisAldrich and snarfed
#
snarfed miklb: can you elaborate?
#
miklb snarfed I've posted a few notes and POSSE'd to Twitter with bridgy but without a link to the note. replies to the note on Twitter don't link back to the original as I understand it?
#
snarfed yeah, in that case you'd need a syndication link on the post on your site
#
snarfed https://brid.gy/about#link
#
miklb OK, thanks!
#
miklb that's going to be tricky with a static site I think
#
snarfed https://medium.com/message and https://medium.com/@message are both valid different blogs
#
snarfed that's...confusing :(
#
aaronpk oops
#
@dym_cx @strugee2 @aaronpk @anildash have you heard of tweetlonger? (or indieweb, where you write on ur site and give link to full text in 1 tweet) (twitter.com/_/status/764967965150306309)
hoplo2 joined the channel
#
Loqi [indieweb] "This feels like it's circling around the #indieweb insight, but then veers off like a comet heading out again http://venturebeat.com/2016/08/13/content-management-systems-are-killing-creativity/amp/" by Kevin Marks on 2016-08-14 http://known.kevinmarks.com/2016/this-feels-like-its-circling-around-the-indieweb-insight-but
mlncn and snarfed joined the channel
#
miklb wonders if anyone has solved how to programmatically add rel=syndication links to a static site