#indieweb 2017-10-30

2017-10-30 UTC
EmreSokullu, singpolyma, nitot, eli_oat, [tantek], tantek, snarfed, KartikPrabhu and wolftune joined the channel
#
Loqi
[superfeedr] "The answer for what to do with that leftover lime from your guacamole" by Chris Aldrich on 2017-10-29 http://boffosocko.com/2017/10/29/the-answer-for-what-to-do-with-that-leftover-lime-from-your-guacamole/
#
tantek
infinite redirect loop :P
#
tantek
or maybe just infinite reload loop
#
tantek
weird
#
tantek
also there's no "indieweb" in the content of that post
#
tantek
content of that *page*
#
tantek
only a few references in id and href attributes.
#
tantek
so is superfeedr not parsing the HTML? just scraping the text of the source¿
#
millette
tantek, you mean, superfeedr would track all pages with the word "html" or "body" or "div", with no distinction?
#
tantek
maybe? or maybe they have a block list for those? stop words?
#
tantek
you can check the above for yourself ^^^ no "indieweb" in any visible text
#
tantek
just attributes
#
millette
but content can change, maybe just to spam
#
millette
ah, loopy
EmreSokullu joined the channel
#
tantek
aaronpk knows the exact search that found it ^^^
#
millette
I didn't see any other open relevant issues there.
renem, nitot, aexoxea, [miklb], __number5__, DanC and tantek joined the channel
#
jjuran
I got 200 OK from `curl -I` for the leftover lime link.
cdchapman joined the channel
#
aaronpk
What is the leftover lime link?
#
Loqi
It looks like we don't have a page for "leftover lime link" yet. Would you like to create it?
#
Loqi
[Chris Aldrich] The answer for what to do with that leftover lime from your guacamole Instagram filter used: Clarendon View on Instagram Syndicated copies to: Related Author: Chris Aldrich I'm a biomedical and electrical engineer wi... https://i1.wp.com/boffosocko.com/wp-content/uploads/2017/10/1509326689.jpg?fit=1080%2C1080
#
jjuran
Whoa, that didn’t happen before
#
tantek
is that an ownyourgram result?
#
@t
Event: Homebrew Website Club SF At: 2017-11-01 17:30 @MozSF RSVP: http://tantek.com/e/4rB1
(twitter.com/_/status/924862132474339328)
EmreSokullu, nitot, mblaney, gRegorLove, friedcell, cdchapman, zfphvxmxwt, sebsel, jegqowuhzo, vaqqectsjb, KartikPrabhu and [shurcool] joined the channel
#
[shurcool]
This is still in the early stage of a trial period, but... a milestone I'm happy about it, so I'll share.
#
[shurcool]
As of last night, I've made it possible for me—after being notified about activity on GitHub issues I'm subscribed to—to be able to read, comment on, and react to said GitHub issues completely through my personal site (and open source software I'm actively developing).
#
KartikPrabhu
[shurcool]: very nice!
nitot joined the channel
#
[shurcool]
My goal was to dogfood this software even harder (it's pretty stable and feature complete by now), and most of the issues I deal with are on GitHub, so this only made sense as the next step hehe.
#
[shurcool]
thanks ?
#
[shurcool]
if you point me to your favorite issue on github, I can show a screenshot of what it looks like for me
jihaisse joined the channel
#
KartikPrabhu
[shurcool]: I would suggest you make a page for your software and add screenshots there
#
KartikPrabhu
it does not matter much whether it is open for use by everyone. Simply documenting it would be useful for others too
#
KartikPrabhu
jihaisse: hello!
#
[shurcool]
KartikPrabhu: do you mean on the indieweb.org wiki?
#
KartikPrabhu
[shurcool]: yes
#
[shurcool]
gotcha. It's already there. and screenshots aren't really needed because there are links to where one can see it in action (in a browser). I just offered to share a screenshot of this particular new use case I found for it.
#
KartikPrabhu
screenshots would be useful nonetheless. What is the page for your software?
#
[shurcool]
it's mentioned at https://indieweb.org/Selfdogfood#Dmitri_Shuralyov. I'll update that to say I use it to read GitHub issues as well... but later on, after the dust settles. who knows, i might end up backing out if the experiment doesn't go well.
#
[shurcool]
it's also listed at https://indieweb.org/issue_tracker#Software ?
gnnfhqbppp joined the channel
#
Zegnat
Ooh, that is amazing ^^^
cweiske, [kevinmarks], EmreSokullu, mrhenko, nitot and adactio joined the channel
#
GWG
adactio, what was that room with the murals?
#
adactio
GWG: That's the RSA in London.
#
GWG
Okay. That explains the murals
#
Zegnat
js;dr though
alexhartley joined the channel
#
petermolnar
I'm tempted to add it to the wiki that one shouldn't bother with mf2 if the site is js;dr
#
Zegnat
Well, it would still be parseable by full on browsers and extensions, I guess?
nitot, alexhart_, friedcell, EmreSokullu and [kevinmarks] joined the channel
#
@kevinmarks
@ellenbroad @ayymanduh For more specific ways of going astray, antipattern - examples here https://indieweb.org/antipatterns
(twitter.com/_/status/924971991454683138)
cdchapman joined the channel
#
@synvila
That’s a really cool example of displaying comments! I have added a line about you to the IndieWeb comments page, … http://blog.henrikcarlsson.se/2017/10/9408/
(twitter.com/_/status/924977330551971842)
arush joined the channel
#
Zegnat
Hmm, that tweet is an unfortunate POSSE.
wolftune, mrhenko_, nitot and yar joined the channel
#
@huffduffer
Microcast: On inline comments and indieweb CMSes :: Henrik Carlsson's Blog https://huffduffer.com/snarfed/439067
(twitter.com/_/status/924993006989709313)
hs0ucy, snarfed, mrhenko, friedcell, mrhenko_, botka1 and jeremycherfas joined the channel
#
jeremycherfas
Hello IndieWeb
#
Zegnat
Hellow jeremycherfas
mrhenko, EmreSokullu, mrhenko_, jmelesky, aaronpk, tantek, alexhartley, CherryPuffs, grantcodes and Pierre-O joined the channel
#
@faulancr
a MUST read for everybody interested in the independent web #indieweb https://twitter.com/andrestaltz/status/924975063568474113
(twitter.com/_/status/925029892277919745)
#
Loqi
[Greg] nice
#
tantek
aaronpk that xkcd seems worth adding to /database and /app
#
jjuran
xkcd++
#
Loqi
xkcd has 5 karma in this channel (10 overall)
#
jjuran
books++
#
Loqi
books has 1 karma
#
petermolnar
"java frontend no longer runs" => go static
#
petermolnar
the alt-text is spot on as well
#
tantek
huh? a java frontend means they never had any HTML resources to make static
#
tantek
falls into a dev-trap
wolftune joined the channel
#
petermolnar
web database, so there was, in fact, an html-ish output somewhere
#
tantek
I don't see how you can conclude that
CherryPuffs joined the channel
#
petermolnar
how else would it be a web database without presenting the results in web form?
#
tantek
web database just means a web server that has a database. purely a backend assertion. no implication about front end
#
petermolnar
ah, ok. I forgot those apps where you had a local java client which connected to remote databases.
#
tantek
lots here for citing and adding to various silo articles: https://staltz.com/the-web-began-dying-in-2014-heres-how.html
snarfed1 joined the channel
#
@faulancr
a MUST read for everybody interested in the independent web #indieweb https://twitter.com/andrestaltz/status/924975063568474113
(twitter.com/_/status/925029892277919745)
alexhartley, [miklb], jeremycherfas and arush joined the channel
#
petermolnar
but I don't even know where to start
Loqi_, aaronpk and EmreSokullu joined the channel
#
petermolnar
hi Loqi_ are you the evil twin of Loqi?
#
petermolnar
hi Loqi_ are you the evil twin of Loqi?
#
jeremycherfas
Halloween?
#
Zegnat
It is evil twin month. Kaja is also Kaja_ at the moment (ping sknebel)
#
sknebel
Zegnat: yeah, when it restarts it gets a new name and I haven't added any reset code yet
#
sknebel
sadly it seems the IRC library in tiktokbot doesn't do SASL auth
#
sknebel
(which I think would solve this automatically)
#
aaronpk
looks like it does
Pierre-O joined the channel
#
dgold
am I wrong in thinking that using https/encrypted comms circumvents the Krakt issues?
#
tantek
what is Krakt
#
Loqi
It looks like we don't have a page for "Krakt" yet. Would you like to create it?
#
dgold
its not krakt then - some silly name stuck on the vuln researchers discovered in WPA@
#
Zegnat
That was KRACK.
#
dgold
thank you
#
Zegnat
It doesn’t circumvent it, as attacker would still have access to your WiFi and can monitor the data stream. But it does mean the attacker should be incapable of reading the contents of the stream because that is end-to-end encrypted.
#
dgold
yes, they have access, but they do _anyway_ via the ISP
#
dgold
so https or ssh encryption remains as vulnerable as its ever been
#
Zegnat
Of course once they are on your network they might try other things. E.g. your DNS requests probably aren’t encrypted, so they might feed you dummy DNS and send you to a fake bank site. HTTPS doesn’t matter then because they are in control of the fake bank site.
#
tantek
that's what certificate pinning is supposed to solve
#
Zegnat
KRACK doesn’t make HTTPS/SSH more or less vulnerable, no. You just have new problems because a network you probably treat as secure no longer is.
#
tantek
assuming you've at least once before visited your actual bank site
#
dgold
oh, I don't treat _any_ network as secure
#
Zegnat
Indeed tantek
#
Zegnat
Then KRACK shouldn’t affect you, dgold :)
#
tantek
dgold, you're not implying some sense of absolute security by "as secure" right?
#
dgold
tantek: i can't follow the question, sorry
#
sknebel
dgold: having AES instead of TKIP protects you against packet injection if I remember correctly, so if at all possible you should at least have that. Should be default nowadays, but...
#
dgold
I don't think any connection over the internet is free of surveillance, monitoring and logging by state actors
#
tantek
dgold, your expression "network as secure" seems to imply that a framing of absolute security is possible or even useful as a concept, whereas security is never about absolutes, just about raising barriers
#
dgold
oh, no, I don't think any 'secure network' is _possible_
#
tantek
similarly "free of" seems to imply absolute framing, also not helpful for surveillance, monitoring and logging. again, raising barriers is the point
#
tantek
so there is no point to describing something 'as secure', or 'free of', because it's an impossible goal and thus a distraction from what is achievable
#
dgold
i disagree
#
dgold
it is important, and valid, to make people aware of the fact that their every webclick is monitored
alexhart_ joined the channel
#
dgold
just because there is no point in describing something 'as secure' it doesn't follow that there is no point in describing something as 'manifestly insecure'
#
dgold
e.g. using a 4-digit PIN over http
#
tantek
neither extreme is useful in practice
#
dgold
or accessing a bank website without a secure handshake system
#
tantek
sometimes the smallest incremental barriers add enough cost to prevent the most scripted/mass-attempts
#
tantek
it's always a spectrum for security and privacy
#
dgold
i'm unconcerned with scripted/mass attempts and far more concerned with state action
#
tantek
then we disagree on the probabilities of threat models for the average person (or even anyone here) IMO
#
tantek
yes if you're targeted by a state actor you have much bigger problems
#
dgold
and I have been
#
tantek
that's a very different level of security
#
tantek
and frankly, unachievable for most
#
tantek
(without great cost)
#
dgold
no, not really
nitot joined the channel
#
dgold
it involves a level of non-ease of use that people are (stupidly) unwilling to adopt
#
tantek
really hard to fight that battle with an adversary that has orders of magnitude more time and $
#
dgold
again, it isn't hard to _fight_ that battle, it is hard to _win_ that battle
#
tantek
security that is hard to use (bad UX) usually results in more holes (due to user error from bad UX)
#
dgold
but all anyone really needs to do is _frustrate_ the battle
#
dgold
no, that's not what I mean, tantek, not bad UX - I mean non-use of online services that people take for granted
#
tantek
no, not if you're targeted. greater resources means they will win by exhaustion or just have to wait til you make one mistake
EmreSokullu joined the channel
#
tantek
by "frustration" I would agree with the phrase I used - raising barriers
#
dgold
e.g. the Ireland & Microsoft v. US case ongoing
#
tantek
which works well for mass-attempts
#
dgold
you see, state actors are, largely, both stupid and incompetent
#
tantek
certainly those attributes are not to be underestimated ;)
friedcell and nitot joined the channel
bengo joined the channel
#
@schmarty
Looking forward to @HWCBaltimore this Weds! Join us to work on your personal website and build an #IndieWeb for you (not them)! https://twitter.com/HWCBaltimore/status/922657902413996034
(twitter.com/_/status/925061094577770497)
#
@schmarty
Looking forward to @HWCBaltimore this Weds! Join us to work on your personal website and build an #IndieWeb for you (not them)! https://twitter.com/HWCBaltimore/status/922657902413996034
(twitter.com/_/status/925061094577770497)
tantek, friedcell, EmreSokullu, snarfed, KartikPrabhu, vivus, [kevinmarks] and nitot joined the channel
#
skippy
I'm still dismayed at how much effort it takes to encrypt DNS traffic.
#
Loqi
skippy: [miklb] left you a message 5 days, 16 hours ago: when you were looking at replacements for tt-rss did you look at https://freshrss.org
tantek and raretrack joined the channel
#
myfreeweb
skippy: dnscrypt isn't that hard to set up… OMG wow just looked at https://dnscrypt.org — Yandex.Browser uses it now
#
Loqi
[Kevin Marks] Google is going to protect me from Google with Google's vpn http://known.kevinmarks.com/file/23b7dd365dac314b7890240ad5b712ac/thumb.png
todrobbins joined the channel
#
skippy
I use CoreDNS to send DNS-over-HTTPS to Google, currently.
#
Zegnat
skippy, I think I recently saw something about DNS over TLS? So hopefully it’ll be taken care off soon
#
skippy
dnscrypt requires me to use DNS providers who I dont really know.
#
Loqi
Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit
#
skippy
i've been thinking about various ways to deal with this. None are currently all that elegant.
#
skippy
Zegnat: yeah, I read that, too.
#
skippy
tying in with the above discussion about KRACK and state actors and all that ... I would like some level of control and confidence in my DNS queries.
#
myfreeweb
if you care a lot about privacy, you can use Tor as a DNS resolver. otherwise, set up your local resolver to query root servers directly and check DNSSEC signatures (of course not every domain is signed lol… but some are)
#
skippy
myfreeweb: sure, but my ISP and anyone on the wire can see all my queries. I want the queries themselves encrypted.
#
skippy
Tor is a little more overhead than I want.
#
skippy
but yes, it's an option.
#
skippy
I have a ProtonVPN account. I thought about setting up a Raspberry Pi with an always-on VPN connection and unbound sending requests to the ProtonVPN DNS servers.
#
myfreeweb
Tor is not that slow, especially with a local cache in front of it
nitot, gRegorLove and gkbrk joined the channel
#
@johnjohnston
@mrkrndvs @ChrisAldrich @Inoreader I've managed to get your opml into @Inoreader Aaron, already has Chris's #indieweb one. It is great as I get new feeds as they are added.
(twitter.com/_/status/925098424478912516)
friedcell joined the channel
jjuran, cweiske, [cleverdevil], DanC and tantek joined the channel
#
@jkphl
@cowglow You must be talking about our biweekly Homebrew Website Club https://indieweb.org/Homebrew_Website_Club Has nothing to do w/ brewing though ;)
(twitter.com/_/status/925119116775747584)
friedcell and nitot joined the channel
#
tantek
reads logs
#
tantek
shurcool++ re: "to be able to read, comment on, and react to said GitHub issues completely through my personal site" AMAZING!!!!
#
Loqi
shurcool has 3 karma in this channel (4 overall)
#
tantek
that sure is cool :)
#
tantek
longevity << 2017-10-30 André Staltz: [https://staltz.com/the-web-began-dying-in-2014-heres-how.html The Web began dying in 2014, here's how]
#
Loqi
ok, I added "2017-10-30 André Staltz: [https://staltz.com/the-web-began-dying-in-2014-heres-how.html The Web began dying in 2014, here's how]" to the "See Also" section of /longevity
snarfed, hs0ucy and eli_oat joined the channel