#indieweb 2017-04-21

# friedcell joined the channel
# Pierre-O joined the channel
# nitot joined the channel
# tantek_ joined the channel
#
tantek_
I'm assuming it will be downtown or within easy lightrail ride
#
tantek_
snarfed, are you asking because of hotel?
#
tantek_
gRegorLove++ I went to go update /timeline and you already did it!
#
Loqi
gregorlove has 87 karma in this channel (118 overall)
#
tantek_
ooh we're up to 13 RSVPs, and 9 of those indie rsvps on https://2017.indieweb.org/ !
#
Loqi
IndieWeb Summit
#
tantek_
cleverdevil, did you write a Known plugin for "on this day"? That anyone could install?
# miklb joined the channel
# strk joined the channel
#
strk
any reason why indieauth does not support openid ?
#
strk
I mean, when it asks me for a website, and I give it, it will NOT look for openid rel links at all
#
strk
so either I provide my GPG/PGP key, or an email or an external service
#
cweiske
strk, or use the indieaut-openid proxy
#
strk
which means the only non-external way to authenticate myself is less easy/comfortable than my own openid
#
strk
cweiske: how's that done ? (I remember your nick btw, are you from libravatar ?: )
#
cweiske
yes I am :)
#
cweiske
<link rel="authorization_endpoint" href="http://indieauth.id.cweiske.de/" />
#
cweiske
put that on your homepage
#
cweiske
it proxies indieauth requests to openid requests
#
cweiske
I made it so I can continue to use my openid server for indieauth
#
KartikPrabhu
what is openid?
#
Loqi
OpenID is a method of using an HTTP URL as an identity for signing into websites https://indieweb.org/OpenID
#
KartikPrabhu
what is indieauth?
#
Loqi
IndieAuth is a way to use your own domain name to sign in to websites β€” it's like OpenID, but works with services you likely already use, and is much easier to setup https://indieweb.org/IndieAuth
#
strk
cweiske: nope, that's not what I'm after
#
strk
it's not using indieauth as my openid provider, I already have that
#
strk
I have my openid provider, just want to be able to use that with sites asking me for a "indieweb" auth (or what's it called)
#
cweiske
it means you can use your website at indieauth.com and log in using your openid provider
#
cweiske
what you want
#
cweiske
try it
#
strk
Loqi: to me, given I did already setup OpenID, it is *harder* to setup
#
cweiske
loqi is a bot
#
strk
or... I did set it up, but it will require me to use my email or gpg-sign a piece of text
#
strk
which are both more expensive at use time than my OpenID setup
#
cweiske
http://indieauth.id.cweiske.de/ "This software make it possible to use your OpenID to login to IndieAuth-enabled websites."
#
strk
anyway, other readers can see what I'm talking about :)
#
KartikPrabhu
strk: what is your own URL?
#
strk
does that imply delegating recognition of myself via your service cweiske ?
#
strk
what if you wanted to impersonate me ?
#
strk
would it be straightforward for you ?
#
cweiske
strk, yes I could impersonate you
#
cweiske
which is why you should simply try if it works for you with my setup
#
cweiske
and if it's what you want, host it yourself
#
strk
right, making it again more complex to setup than openid
#
strk
wouldn't it be just much simpler to support openid right away ?
# adactio joined the channel
#
KartikPrabhu
strk: if indieauth does not support something you'd like file a bug/ feature request
#
cweiske
strk, I already tried to fight that
#
cweiske
but people here are not so fond of openid
#
strk
but they are nice to twitter and github ?
#
strk
wow, that's "indie" !
#
KartikPrabhu
strk: yes, nice snark! thanks
#
strk
guess I could install a fork of that thing under /openid/indieauth on my site
#
strk
cweiske: did you file that bug/feature_request already ?
#
cweiske
strk, indieauth.com once supported openid
#
strk
oh !
#
cweiske
something is broken
#
cweiske
strk, another thing you need to understand is that indieauth.com is only a stopgap
#
cweiske
there are enough applications that do not rely on indieauth.com for login
#
cweiske
but implement the indieauth protocol directly
#
cweiske
so having indieauth.com support openid would not help with these
#
strk
how complex is the indieauth protocol ?
#
cweiske
pretty simply
#
cweiske
simple
#
cweiske
which is why my proxy is only 60 LOC or so
#
strk
cweiske: may I suggest to add a link to http://indieauth.id.cweiske.de/ in the README of that project of yours ?
#
strk
I got lost from the repo :)
#
strk
oh, and I assume you're keeping an eye on gitea.io (just in case you missed it)
#
strk
I've added support for OpenID-2.0 consumer there :)
#
cweiske
I'm waiting for openid support
#
cweiske
last time I looked it was missing
#
strk
it's there, check out try.gitea.io
#
strk
and please help me convincing notabug.org people to switch from Gogs to Gitea with OpenID support ! (you can find them in #freepost)
#
cweiske
that's good news, openid support in gitea
#
strk
does your proxy *need* to be in the root dir or will /openid/indieauth work too ?
#
cweiske
no idea
#
cweiske
let me check
# jihaisse joined the channel
#
cweiske
I guess you can symlink /openid/indieauth to the www directory in the git checkout
#
cweiske
that should work
#
strk
I'm actually adding your repo as a submodule of my website git repo
#
strk
(or that's the plan)
#
cweiske
I separated public code (www) from the rest (data)
#
strk
but maybe it takes some local config ? [ I'm hoping for things to be just magic ;)
#
cweiske
needs no config
#
cweiske
just stores some tokens in a sqlite file
#
cweiske
which is stored in the data directory
#
strk
ok so it would be good to make data/ directory not readable by all
#
strk
maybe I'll use an alias then
#
cweiske
that'd be better
#
strk
had you considered proposing your proxy for inclusion in debian packages ?
#
strk
that'd be even more simple :
#
strk
simpleid has a package, for example :)
#
strk
bah anyway its still lots of state
#
strk
I don't like it (the sqlite db) when I already have OpenID state
#
strk
how do implementors decide which things they support and which not ?
#
strk
ie: when indieauth.com tells me it found no supported services (but finds a supported service when I add a github account)
#
strk
is that part of the protocol ?
#
cweiske
as I said, it's a stopgap
#
cweiske
indieauth.com is an indieauth proxy itself
#
cweiske
proxies indieauth requests to other providers
#
cweiske
just as my indieauth proxy proxies to openid
#
strk
what are indieauth consumers required to support ?
#
Loqi
It looks like we don't have a page for "indieauth consumers required to support " yet. Would you like to create it? https://indieweb.org/s/10gy
#
cweiske
what is indieauth protocol?
#
Loqi
IndieAuth for login is a user flow and protocol for web applications to implement user login via an authorization server https://indieweb.org/indieauth_protocol
#
strk
reads
#
cweiske
this is the correct one
#
KartikPrabhu
indieauth.com support common logins thing like Twitter and Github so that people can use the things they already might use
#
cweiske
but indieauth_protocol gives a good overview
#
KartikPrabhu
as cweiske pointed out one can use the indieauth protocol to setup ones own
#
strk
so the protocol is really the same as openid
#
cweiske
less complex
#
cweiske
but also does not deliver any profile data as openid does
#
cweiske
(name, email etc)
#
@kevinmarks
@hmans Right, there are the stalwarts of http://indieweb.org
(twtr.io/1QsaKR_4SNw)
#
strk
ah, got it, so the "me" links are just for indiauth.com while the protocol really wants "authorization_endpoint"
#
strk
the protocol page does not tell how the service is supposed to "verify code"
#
KevinMarks
Is this the relmeauth vs indieauth distinction ?
#
strk
oh, and it's a wiki, is there any "official" (and versioned) document ?
#
cweiske
the protocol page is more a general overview
# friedcell joined the channel
#
strk
"haven't written this part up yet" ...
# Pierre-O joined the channel
#
cweiske
where?
#
strk
" how does the client website register the callback at the server? "
#
cweiske
nobody validates this yet
#
Loqi
RelMeAuth is a proposed open standard for using rel-me links to profiles on OAuth supporting services to authenticate via either those profiles or your own site. RelMeAuth is the technology behind web-sign-in. Editor Tantek Γ‡elik (http://tan...
#
strk
for sure OpenID has its advantages
#
strk
( specification )
#
strk
gets lost in too many "standards"
#
cweiske
no standards yet
#
strk
openid is also using a namespace for the rel, which is helpful in these scenario
#
strk
ie: rel="openid2.provider"
#
strk
compare with: rel="authorization_endpoint"
#
cweiske
aaronpk, this is a good point
#
strk
also versioned, as for openid 1 you had rel="openid.server"
#
strk
unfortunately OpenID-Connect took the "Webfinger" route for discovery, as far as I can tell
#
strk
so it became less easy to setup
#
cweiske
I did not look at openid connect
#
strk
discovery is published as a separate document: https://openid.net/specs/openid-connect-discovery-1_0.html
#
strk
and there's yet another extension for self-registration of providers (which would otherwise need to be known by consumers [web services])
#
strk
so, complexity++
#
strk
and OpenID-Connect is what *deprecates* OpenID-2.0
#
cweiske
sure, but I fail to see the point in openid-connect
#
cweiske
or I did not look hard enough :)
#
cweiske
apart from "hey, lets throw away all the openid2 code and make something new!"
#
strk
it does indeed look like they tried to break the toy, maybe pushed by corps
#
strk
anyway, "connect" is implemented on top of OAuth2, so maybe there was a convenience about that
#
strk
(using other more used standards more)
#
strk
OAuth2 / Webfinger / Dunno what else
# mlncn joined the channel
# KevinMarks joined the channel
# [kevinmarks] joined the channel
#
[kevinmarks]
Openid 2 was trying to replace openid with OAuth, yes
#
[kevinmarks]
But the indirection escalation took over
#
martymcguire[m]
!tell tantek thanks for the reminder. i need to write down the post-HWC steps to be sure i don't miss the wikifying of photos and notes.
#
Loqi
Ok, I'll tell them that when I see them next
#
strk
KevinMarks: OpenID-Connect is using OAuth, OpenID-2.0 was not
# friedcell joined the channel
# loicm_ joined the channel
#
strk
[kevinmarks]: ^
#
GWG
Good day, all
# hs0ucy joined the channel
# KevinMarks joined the channel
# jeremycherfas joined the channel
#
jeremycherfas
Morning all.
#
Loqi
[superfeedr] "@LukasRosenstock Absolutely. Make it easy to host an indieweb capable domain and business can only grow." by Jeremy Cherfas on 2017-04-21 http://stream.jeremycherfas.net/2017/lukasrosenstock-absolutely-make-it-easy-to-host-an-indieweb-capable
#
@EatPodcast
@LukasRosenstock Absolutely. Make it easy to host an indieweb capable domain and business can only grow.
(twtr.io/1QsrN2jUgAQ)
#
aaronpk
Good morning
#
aaronpk
catching up on the IndieAuth discussion, looks like it's sorted
#
Loqi
good morning
#
aaronpk
OpenID 1 is effectively dead, since all the people behind it moved to OpenID Connect, and there are almost no OpenID providers still online anymore
#
aaronpk
sadly, OpenID Connect doesn't really serve the same needs as OpenID 1 did, because it is focused on large companies rather than individuals' domains
#
skippy
I have some implementation questions about h-entry on personal domains. Looking at https://indiewebify.me/validate-h-entry/?url=https%3A%2F%2Fskippy.net%2Fgoogle%2F - I am the only author on this site, and it seems silly to explicitly state "published by skippy" on every post. Is there an IndieWeb recommendation for this kind of thing?
#
skippy
i get that syndicated copies of this content might benefit from such explicit authorship.
#
skippy
similarly, is there h-entry support for publications dates wihtout the full time and timezone format? I don't track the times at which I post content, so the datetime="YYYY-MM-DD HH:MM:SS" format is cumbersome at best for me.
#
ben_thatmustbeme
skippy: you don't have to include the exact time if you don't want to, you can just use datetime="YYYY-MM-DD"
#
skippy
i see. thanks ben_thatmustbeme. The docs I've read haven't made that clear.
#
ben_thatmustbeme
datetime attribute is a part of the html spec i believe
# Pierre-O joined the channel
#
skippy
thanks
#
ben_thatmustbeme
as for putting your info on every post, it doesn't need to be visible, you could have an invisible h-card
#
ben_thatmustbeme
what is authorship
#
Loqi
authorship is a claim about who the author(s) of a post are https://indieweb.org/authorship
#
ben_thatmustbeme
so long as people can find who the author is
#
strk
aaronpk: you're getting versioning wrong
#
strk
aaronpk: there was OpenID-1 (openid.server), OpenID-2 (openid2.provider), OpenID-Connect
#
strk
OpenID-2 does have implementations (Friendica, GNUSocial, SimpleID, ...)
#
strk
+Gitea (recently)
#
aaronpk
IndieAuth.com used to consume OpenID 1, but I never added support for OpenID 2. You could open an issue on it to add support for OpenID 2, although I am unlikely to work on adding it myself.
#
strk
OpenID-1 is provided by some old wordpress.com blogs ( https://github.com/yohcop/openid-go/issues/43 )
#
strk
and I read from IndieAuth.com
#
aaronpk
I removed OpenID support a while ago because it started getting super unreliable, showing very confusing error messages
#
strk
Gitea does not allow logging in via OpenID-1.0
#
strk
I've found confusing errors and partial implementations in OpenID-2.0 libraries too (the one used by GNUSocial and at least another project I used today)
#
strk
but as there's a complete specification I'm trying to fix those free implementations
#
strk
simpleid is a php openid-2.0 provider (not sure if opendi1 too) which has a pluggable backend module
#
strk
anyway, where should I file the ticket ?
#
aaronpk
in the indieweb context, IndieAuth is used more for authorization, and the protocol looks more like OAuth 2.0
#
aaronpk
IndieAuth.com is a URL based authentication service that provides an OAuth2-like API.
#
aaronpk
But if your site is it's own IndieAuth provider, then you'll never see IndieAuth.com when you log in to things that speak it natively
#
aaronpk
... emphasizing again my regret at having called that service IndieAuth.com to begin with
# [kevinmarks] joined the channel
#
[kevinmarks]
Gnusocial supports account login /signup with openid, mastodon doesn't
#
[kevinmarks]
Blogger still lets you login to comment with openid
#
strk
filed 2 tickets
#
strk
GNUSocial also supports (and provides) OpenID-2.0
#
strk
I dunno if it accepts OpenID-1.x, hadn't tried that
#
aaronpk
also anyone feel free to update that wiki page with 1 vs 2 information
#
strk
specify versions there please
#
strk
Openstreetmap (consumes 2.0)
#
strk
^ that's openstreetmap.org
#
aaronpk
strk: you're welcome to edit the page :-)
#
strk
livejournal also provides 2.0
#
strk
friendica consumes 2.0
#
strk
those are not "sites" but "softwares"
#
aaronpk
Sounds like a good distinction to make on the page
#
aaronpk
you can make a new header for Consuming Software and clean that up
#
strk
sorry I have problems logging in :)
# singpolyma joined the channel
#
strk
too much effort (gpg-signing the text) - do you know of a firefox extension to do that ?
#
strk
or confirming the code sent by mail
#
strk
or setting up my openid proxy (not done yet)
#
aaronpk
I use the OS X GPG app with a keyboard shortcut to sign the text
#
strk
keyboard shortcut from within the browser ?
#
aaronpk
No, it's system wide
#
aaronpk
in the "services" menu
#
strk
indeed doesn't need to be browser specific, could be "sign clipboard text"
#
aaronpk
it's "sign selected text" and it replaces the selected text with a signed version
#
strk
bah, still problematic, not ready
#
strk
unless you know the equivalent tool for a Mate desktop
#
strk
and a Gnome one
#
strk
as the wiki is on indieauth.com, right ?
#
aaronpk
Correct, the wiki uses IndieAuth.com to handle authentication
#
aaronpk
cause i didn't want to implement all that logic as a mediawiki plugin :-)
#
strk
wouldn't "all that logic" basically be support for IndieAuth protocol ?
#
strk
or is the "me" links support completely outside of the protocol and specific for indieauth.com ?
# friedcell joined the channel
#
ben_thatmustbeme
indieauth.com gives you the option to use your own indieauth (spec) service if you have one set up
#
ben_thatmustbeme
so while the wiki points to indieauth.com, it does allow you to use your own service
#
strk
yes, I see that
#
skippy
indiewebify.me states "either link to your homepage (which should have your h-card on)from anywhere on the page with rel=author". i have a <link rel="author" ...> in the <head> of the page; but that seems not to be picked up by the h-entry validator. Is the bug on my side or the validator's side?
#
strk
ben_thatmustbeme: but it *adds* support for more auth methods
#
strk
(but not for OpenID)
#
ben_thatmustbeme
you can always make your own indieauth provider that does support OpenID
#
ben_thatmustbeme
skippy: that sounds like a bug in the validator, should file a bug
#
skippy
thanks
#
strk
ben_thatmustbeme: yes, I also understood this, but you can see it's more setup once you already have an openid provider
#
strk
and, so far, it would be just to edit that wiki
# KevinMarks joined the channel
#
ben_thatmustbeme
thats like saying any site X doesn't support OpenID, they have a different login mechanism. It leaves a few choices, file a bug with an existing provider (indieauth.com) and hope someone else adds support, add support, and make a PR for an existing provider, create a new provider, or login via a different method
#
strk
confirmed, this is the situation
#
ben_thatmustbeme
simplest method for you to login wotul be to add a rel="me" href="https://github.com/strk" to strk.kbt.io
#
ben_thatmustbeme
and then you can login for now
#
ben_thatmustbeme
wow, s/wotul/would/
#
strk
yes, but the only reason I'm looking at indieweb is for the "indie" part, so won't do that :)
#
strk
I'd have an indie way, but requires too many gestures
#
ben_thatmustbeme
your login is still your own URL, all that matters at that point is plumbing. nothing about indieweb says you can't utilize external services
#
ben_thatmustbeme
just so long as you have other ways to do it as well, or rather, you don't lose anything if it goes away
#
ben_thatmustbeme
if github.com goes away tomorrow, you set up the same thing via twitter
#
strk
but any github employee could impersonate me today
# mlncn joined the channel
#
strk
(I know how unlikely this is, just pushing to the extreme...)
#
aaronpk
And if that happens then you remove the rel-me URL
#
aaronpk
and you haven't lost the identity, you just change the authentication mechanism you use next time
#
ben_thatmustbeme
technically whoever you registered your domain name could always impersonate you
#
ben_thatmustbeme
or your hosting provider, assuming you don't host at home
#
ben_thatmustbeme
there has to be some infrastructure you depend on
#
strk
true, registrar employees could do that too
#
strk
only way out of this would be for me to send public key to final service
# hs0ucy joined the channel
#
aaronpk
Yep. This is the Indie *Web* so we work within the constraints we are given at that later http://indieweb.org/DNS
#
[kevinmarks]
No, that just means anyone with your private key can impersonate you, as revocation is to hard, or relies on dns
#
ben_thatmustbeme
you can't really be on the web and not have to trust some external authority
#
[kevinmarks]
That's the Salmon mistake again
# dlowe joined the channel
# KevinMarks_ joined the channel
# leg joined the channel
# KevinMarks joined the channel
# KevinMarks joined the channel
# hs0ucy joined the channel
# KevinMarks joined the channel
# KevinMarks joined the channel
# [cleverdevil] joined the channel
#
[cleverdevil]
!tell tantek I did create a plugin for "on this day" for Known, sort of. Currently, it lives here – https://github.com/cleverdevil/CleverCustomize – but, it requires a change to Known core that I haven't yet submitted a PR for.
#
Loqi
Ok, I'll tell them that when I see them next
# KevinMarks joined the channel
# KevinMarks joined the channel
# iboxifoo joined the channel
#
[cleverdevil]
Sounds like I will be speaking (along with one of our cofounders) about IndieWeb at World Hosting Days in Las Vegas later this year.
#
[cleverdevil]
Goal is going to be to get other companies in the industry to adopt / support IndieWeb.
#
aaronpk
wow, awesome
#
aaronpk
is there a date set? add it to https://indieweb.org/Events?
# KevinMarks joined the channel
#
[cleverdevil]
Nothing official, yet. We're submitting the abstract this week. Already have the slot locked up, but need to go through the process.
#
[cleverdevil]
Once we get everything approved, I'll add it!
# snarfed joined the channel
#
Loqi
[superfeedr] "Test #Known --> #Mastodon #indieweb" by Ricardo Mendes on 2017-04-21 https://www.rmendes.net/2017/test-known----mastodon-indieweb
#
[cleverdevil]
:thumbsup:
# [kevinmarks] joined the channel
#
[kevinmarks]
That's great cleverdevil. Stacey has been trying to get GoDaddy to adopt indieweb too
#
[cleverdevil]
The more the merrier!
# wolftune joined the channel
# KevinMarks joined the channel
# cweiske joined the channel
#
cweiske
strk, would is be enough to be able to use an ENV variable to define the sqlite file path?
#
cweiske
s/is/it/
#
strk
cweiske: probably, yes - then maybe you want to create the directory if non existing
#
strk
so the data/ can be dropped
#
strk
but really to make it a git clone away it should also not be under www/
#
strk
so not sure how you want to deal with that
#
strk
*and* default to /tmp/url-encoded-uri/ so that multiple installs on the same server could cohexist
#
cweiske
using www/ is a deliberate decision
#
strk
yes, I understand that decision
#
cweiske
I don't want to have README.rst and things publicly available
#
strk
ok, this also makes sense
#
strk
it's just me being unable to decide on a proper install path :P
#
strk
lack of a "make install" path makes web services installs a nightmare to me :)
#
cweiske
I don't understand why you can't do:
#
cweiske
2. add an alias in your webserver configuration to /usr/local/src/indieauth-openid/www/
#
cweiske
that should be all
#
strk
that's the path I've actually started taking already
#
strk
but a production service in .../src doesn't really look nice
#
strk
yeah, could be
# miklb joined the channel
# KevinMarks_ joined the channel
#
strk
ok, almost there - one more reason to get the homepage in the README: https://id.kbt.io/indieauth/
#
strk
you get lost from there once again, only link is to repo, and there's no link from repo to homepage
#
strk
assuming this is not intentionally center-less
#
cweiske
I don't understand what you mean
#
strk
does your project have an homepage or is it just the git repo ?
#
cweiske
no homepage. just the readme on the repo
# KevinMarks joined the channel
#
strk
now, missing Net/URL2.php
#
strk
cweiske: easy way to obtain ? (or can the code do w/out ?)
#
cweiske
see the updated readme
#
strk
apt-get install php-net-url2
#
cweiske
where is that update?
#
cweiske
pear install net-url2 openid-alpha
#
cweiske
seems I forgot to push at work :/
# gRegorLove joined the channel
#
strk
oh, php-openid too ... that's the one pending a PR I sent some time ago
#
strk
would you like to take a look and help getting it merged ?
#
strk
it's to support openid pages with uppercase <HEAD> tag
#
strk
be tolerant etc.etc.
#
cweiske
where?
#
strk
Failed opening required 'OpenID.php' # so that didn't help (apt-get install php-openid)
#
cweiske
no idea what php-openid is
#
strk
which affects GNUSocial and wordpress-openid (both shipping their own local copy)
#
cweiske
oh man. everywhere the same people.
#
cweiske
world is so small. just saw liayn on the committer list for php-openid
#
strk
it's a small world
#
strk
10 people each with its server. It's the federated clan !
#
strk
well, if you know liayn help merging that thing
#
strk
I had to lowercase my <HEAD> tag just to be able to login into openid enabled websites... that sucks :)
#
strk
I know people made my uppercase tags illegal
#
strk
but I was here *before* those new standards !
#
strk
you still didn't push that new README ?
#
strk
oh, and maybe it would be nice to tag another release :)
#
strk
as the only tag I see has no LICENSE file either
#
cweiske
strk, I'm not at work anymore
#
cweiske
and the readme change was there
#
cweiske
the command that I added was:
#
cweiske
$ pear install net-url2 openid-alpha
#
cweiske
$ pear install net_url2 openid-alpha
#
strk
doesn't help
#
cweiske
check your include path
#
strk
don't you like Go ? :)
#
strk
loved Go as soon as he read some code and tried a single deploy
#
strk
(include_path='.:/usr/share/php:/usr/share/pear')
#
strk
uninstalling:
#
strk
uninstall ok: channel://pear.php.net/Net_URL2-2.2.1
#
strk
pear/openid not installed
#
strk
so maybe the syntax was wrong :)
#
strk
I hope there'll be at least lots of services for my brand new IndieAuth credentials at least :/ -- out with dog anyway, ttyl
#
cweiske
$ pear install openid-alpha
#
cweiske
what do you get?
#
miklb
this might be better in -dev yes?
#
cweiske
strk isn't in #indieweb-dev
#
GWG
Good afternoon
#
gRegorLove
Howdy, GWG
#
GWG
Gregorlove, greetings and salmentions.
#
GWG
I have questions for you
#
GWG
Re local comments
# [kevinmarks] joined the channel
#
@seldo
Apple throwing out iTunes stars in favor of Apple Music hearts deletes 15 years of my data and reduces the cost of switching to Spotify.
(twtr.io/1QtEcP1hi3U)
# [cleverdevil] joined the channel
#
[cleverdevil]
**Annoyed by silo doing silo things.**
#
[cleverdevil]
**Switches to another silo.**
#
Loqi
[superfeedr] "Comment on @Mentions by What Chris Aldrich is doing Now" by What Chris Aldrich is doing Now on 2017-04-21 http://boffosocko.com/mentions/#comment-34505
#
Loqi
[superfeedr] "Comment on About Chris Aldrich by What Chris Aldrich is doing Now" by What Chris Aldrich is doing Now on 2017-04-21 http://boffosocko.com/about/#comment-34506
#
Loqi
[superfeedr] "Comment on 🎞 Margin Call (Lionsgate, 2012) by What Chris Aldrich is doing Now" by What Chris Aldrich is doing Now on 2017-04-21 http://boffosocko.com/2017/04/08/margin-call-lions-gate-2012/#comment-34507
#
Loqi
[superfeedr] "Comment on 🎞 Mr. Blandings Builds His Dream House (RKO Radio Pictures, 1948) by What Chris Aldrich is doing Now" by What Chris Aldrich is doing Now on 2017-04-21 http://boffosocko.com/2017/04/09/mr-blandings-builds-his-dream-house-rko-radio-pictures-1948/#comment-34508
# [chrisaldrich] joined the channel
#
[chrisaldrich]
seriously!! I thought I squashed that bug two weeks ago ^^
# wolftune joined the channel
#
[chrisaldrich]
checks to see if I rolled back code to a previous version by accident.
# snarfed joined the channel
#
strk
cweiske: so back to that proxy (btw, any chance GNUSocial or Friendica plugins exist to act as authorization_endpoint s for indieauth ?
#
strk
would save me a new install ('cause it's true it is 2 .php files, but they require more stuff underneath...)
# KevinMarks joined the channel
# Pierre-O joined the channel
#
cweiske
strk, maybe someone could do that
#
cweiske
but I won't
#
cweiske
let's move this to #indieweb-dev
# barpthewire joined the channel
# funwhilelost joined the channel
#
Loqi
[superfeedr] " The ultimate #Mastodon & #Twitter & Facebook #POSSE test ! all from the great @withknown social blog engine ! #indieweb " by Ricardo Mendes on 2017-04-21 https://www.rmendes.net/2017/the-ultimate-mastodon-twitter-facebook-posse-test-all-from-the
#
strk
I just found myself explaining IndieAuth to others and failed to see the advantage over OpenID
#
strk
I started with: it's easier than OpenID because you don't need to find an OpenID server to delegate authentication to
#
strk
but then.. you still need an IndieAuth server to delegate authentication to, right ?
#
strk
so, how's that different, really ?
#
bear
you don't need IndieAuth server if you have the auth bits in your environment
#
bear
IndieAuth is available for those who don't want to run their own auth service
#
cweiske
strk, the implementation complexity is way lower
#
cweiske
I actually made a dummy auth server in a couple of LOC
# loicm_ joined the channel
#
gRegorLove
!tell rmendes I got a 400 error trying to send this webmention to you: {"error":"source_not_supported","error_text":"Could not interpret source as a comment."} https://gregorlove.com/2017/04/star-the-ultimate-mastodon-twitter/
#
Loqi
Ok, I'll tell them that when I see them next
# marcthiele joined the channel
# KartikPrabhu joined the channel
#
Loqi
Just generated this week's newsletter! You still have a few minutes to make changes, and I'll re-generate it 10 minutes before it gets sent out at 3pm Pacific time. https://indieweb.org/this-week/2017-04-21.html
# snarfed joined the channel
#
@scott_gruber
@indiewebcamp with @veganstraightedge and others in PDX was really important to me. Hope to get up and blabber with ya’ll again soon.✌🏻❀️
(twtr.io/1QtYvWL1u3j)
# iboxifoo joined the channel
# snarfed joined the channel
#
Loqi
[indienews] New post: "Easier POSSE with Micropub Edits?" https://martymcgui.re/2017/04/19/151612/
# mlncn joined the channel
# marcthiele joined the channel
#
strk
cweiske: where's that dummy auth server ? the OpenID server was an apt-get install away, so very easy to get ...
#
cweiske
no idea actually
#
Loqi
Generated the final version of the newsletter! This will be sent out at 3pm Pacific time. https://indieweb.org/this-week/2017-04-21.html
# snarfed joined the channel
#
Salt
yawns and waits for gRegorLove and strugee to return for our IWC:Bham meeting
#
Salt
!tell gRegorLove let's try to reschedule the meeting asap, http://whenisgood.net/mcqkcpz
#
Loqi
Ok, I'll tell them that when I see them next
#
Salt
!tell strugee let's try to reschedule the meeting asap, http://whenisgood.net/mcqkcpz
#
Loqi
Ok, I'll tell them that when I see them next
#
Salt
Anyone interested in participating in the organizing of the very shortly upcoming IndieWebCamp:Bellingham, please feel free to add your good times to meet here: http://whenisgood.net/mcqkcpz
#
@schmarty
Your < 10min update on the #IndieWeb community! This Week in the IndieWeb audio edition for April 15th - 21st, 2017. https://martymcgui.re/2017/04/21/184150/
(twtr.io/1QtjS0fKsxb)
#
@huffduffer
This Week in the IndieWeb for April 15th - 21st, 2017 https://huffduffer.com/schmarty/403592
(twtr.io/1QtjSFBDipL)
#
martymcguire[m]
^^ heads up, this one gets weird at the end :}
# DanC joined the channel
#
aaronpk
I am v curious
# KevinMarks joined the channel
# raucao joined the channel
# KevinMarks_ joined the channel
# wolftune joined the channel
# [cleverdevil] joined the channel
#
[cleverdevil]
Hmm... does Instagram offer an API that could be used to enable Syndication / POSSE?
#
aaronpk
Uh, I'm pretty sure that plugin uses an undocumented API
#
aaronpk
given that the number of installs is 600+
#
aaronpk
officially, Instagram does not have an API to post photos
#
aaronpk
If there was an official API to post photos I wouldn't have made OwnYourGram ;-)
#
[cleverdevil]
That was what I figured.
#
[cleverdevil]
Undocumented API, very likely to get shut down, etc.
#
dansup
oh neat
# wolftune joined the channel
#
aaronpk
I guess at this point ownyourgram is using an "undocumented API" to fetch photos so what's the difference?
# [chrisaldrich] joined the channel
#
[chrisaldrich]
I'm pretty sure the paid version of SNAP does the same thing for WordPress too.
#
@kevinmarks
@matthewhagopian @meganzlock @frontendconf microformats are alive and well and living in #indieweb
(twtr.io/1Qtw1rSmfCo)
# gRegorLove joined the channel
#
gRegorLove
Looks like that WP plugin is using https://github.com/mgp25/Instagram-API
#
Loqi
gRegorLove: Salt left you a message 2 hours, 25 minutes ago: let's try to reschedule the meeting asap, http://whenisgood.net/mcqkcpz
#
gRegorLove
Salt: Sorry I forgot. This week has been chaotic. I'm free now, though.
#
gRegorLove
Hah. "Motivations: After legal measures, Facebook, WhatsApp and Instagram blocked my accounts. In order to use Instagram on my phone I needed a new phone, as they banned my UDID, so that is basically why I made this API."
# snarfed joined the channel
#
dansup
hey snarfed, I made a graphic to explain my AS2 library. https://cl.ly/2n3M1n2R3a2S/o
#
dansup
I still have a lot of work ahead of me :)
#
snarfed
dansup: ok!
#
snarfed
server, interesting. does AS2 specify an API as well as a data model?
#
dansup
it outputs the json with the proper AS2 content-type
#
snarfed
ah, not an API then. ok.
#
snarfed
my only feedback might be, you might want to start top down, with an actual use case, rather than bottom up, starting with plumbing
#
snarfed
(also, while i'm personally partial to AS, even AS2 with all of its complexity...mf2 is generally the lingua franca here :P)
#
dansup
I could make a method to parse a query string and generate one sure, I do have a use case too
#
dansup
I'm working on a statusnet/mastodon clone
#
snarfed
ahh ok
#
dansup
mf2 will be quite important as well, but I found a few awesome libraries :D
#
snarfed
feel free to use granary to convert between AS and mf2
#
dansup
cool, thanks!
#
snarfed
dansup: remind me which version of AS gnu social, statusnet, and mastodon are?
#
dansup
1.1
#
dansup
nobody has implemented 2 to my knowledge
#
snarfed
and afaik they're not very compatible, right?
#
dansup
i want to change that, and add micropub support too
#
dansup
not really
#
snarfed
oh, so you plan to support both AS1 and AS2?
#
dansup
yes
#
snarfed
ambitious
#
dansup
thanks, implementing all these routes will be more time consuming than rewriting the libs. https://github.com/socialnode-org/social-faker/blob/dev/routes/web.php
#
snarfed
yeah, again, maybe just get a small vertical slice MVP working that does something personally want, then gradually expand
# wolftune joined the channel
#
gRegorLove
What is ActivityStreams?
#
gRegorLove
What is ActivityStreams?
#
Loqi
ActivityStreams (AS) is a standardization effort to define common types of objects and actions (verbs) taken on various social media sites https://indieweb.org/ActivityStreams
#
dansup
snarfed, yeah, that is the plan. social-faker can generate as1 feeds from fake data, it cant yet consume them until I finish this library
# singpolyma joined the channel
# wolftune joined the channel
# gmack joined the channel
# wolftune joined the channel
# snarfed joined the channel
#
martymcguire[m]
haha I just relistened to this week's newsletter audio edition. I hope people enjoy my audio riff on /html_regex at the end. A little sillier than I usually play it
#
Loqi
awesome
#
martymcguire[m]
(please forgive this patting myself on the back)
# [eddie] joined the channel
#
[eddie]
martymcguire[m]: I actually listened to it while driving home this evening. It was epic 😁
#
[eddie]
πŸ’―πŸ’―
#
martymcguire[m]
haha, thanks! When I made my script for this week it seemed too fun to pass up.
#
[eddie]
Definitely! πŸ‘
# snarfed joined the channel
# mlncn joined the channel
#
strk
is it intentional not to follow rel=me links ? (I think I read on the wiki that those links were supposed to be followed ?)
#
KartikPrabhu
rel-me links are followed for different purposes
#
KartikPrabhu
indieauth uses them for example
#
strk
my setup is: rel=me points to my homepage, my homepage has rel=authorization_endpoint
#
strk
tried outermost URL to indieauth.com which found all rel=me but did not recurse into them to find authorization_endpoint
#
KartikPrabhu
indieauth does not traverse rel-me to find authorisation endpoint
#
strk
resulting in not finding any "supported" authentication providers (rel=me only points to my homepage and to my OpenID URLs)
#
strk
indieauth the protocol or the .com service ?
#
KartikPrabhu
the authorisation endpoint is assumed to exist on whatever URL you are using as login
#
KartikPrabhu
I think both
#
strk
ok, so the only way to make GNUSocial compatible with indieauth would be to make it act as a proxy, right ?
#
strk
with authorization_endpoint pointing to self and implementing the protocol
#
KartikPrabhu
I'm not familar enough with GNUsocial
#
strk
this is really about indieauth, not gnusocial
#
strk
that is: what does it take for an independent publisher to be able to authenticate self to "indieauth" services
#
strk
I understand there are already 2 different mechanisms being used
#
strk
1. RelMeAuth
#
strk
2. Authorization_Endpoint
#
strk
"compliant" IndieAuth implementations would only deal with 2
#
strk
"compliant" RelMeAuth would deal with 1
#
strk
so a (consuming) service would need to implement both to be as open as possible, correct ?
#
KartikPrabhu
sounds right
#
strk
it shows how hard and important the standardization work is :)
#
strk
openid++ !
#
Loqi
openid has 1 karma in this channel (-1 overall)
#
strk
what's the karma of RelMeAuth ?
#
KartikPrabhu
!karma relmeauth
#
Loqi
relmeauth has 0 karma
#
strk
now, in RelMeAuth, what makes an authentication provider "supported" ?
#
strk
http://microformats.org/wiki/relmeauth says: "links to profiles on OAuth supporting services"
#
Loqi
RelMeAuth is a proposed open standard for using rel-me links to profiles on OAuth supporting services to authenticate via either those profiles or your own site. RelMeAuth is the technology behind web-sign-in. Editor Tantek Γ‡elik (http://tan...
#
strk
how does an implementation know if the linked service supports OAuth ?
#
strk
doesn't mention what it supports
# amz3` joined the channel
#
strk
another issue: directly entering a github profile as your "web address" fails to log you in
#
strk
which means unless you do have a website of your own you just can't login to indieauth web services, right ?
# gRegorLove joined the channel
#
gRegorLove
What is IndieAuth?
#
Loqi
IndieAuth is a way to use your own domain name to sign in to websites β€” it's like OpenID, but works with services you likely already use, and is much easier to setup https://indieweb.org/IndieAuth
#
gRegorLove
Github profile isn't your own domain