#indieweb 2017-10-30

2017-10-30 UTC
EmreSokullu, singpolyma, nitot, eli_oat, [tantek], tantek, snarfed, KartikPrabhu and wolftune joined the channel
#
Loqi [superfeedr] "The answer for what to do with that leftover lime from your guacamole" by Chris Aldrich on 2017-10-29 http://boffosocko.com/2017/10/29/the-answer-for-what-to-do-with-that-leftover-lime-from-your-guacamole/
#
tantek infinite redirect loop :P
#
tantek or maybe just infinite reload loop
#
tantek weird
#
tantek also there's no "indieweb" in the content of that post
#
tantek content of that *page*
#
tantek only a few references in id and href attributes.
#
tantek so is superfeedr not parsing the HTML? just scraping the text of the source¿
#
millette tantek, you mean, superfeedr would track all pages with the word "html" or "body" or "div", with no distinction?
#
tantek maybe? or maybe they have a block list for those? stop words?
#
tantek you can check the above for yourself ^^^ no "indieweb" in any visible text
#
tantek just attributes
#
millette but content can change, maybe just to spam
#
millette ah, loopy
EmreSokullu joined the channel
#
millette might be worth opening an issue https://github.com/superfeedr/documentation/issues
#
tantek aaronpk knows the exact search that found it ^^^
#
millette I didn't see any other open relevant issues there.
renem, nitot, aexoxea, [miklb], __number5__, DanC and tantek joined the channel
#
jjuran I got 200 OK from `curl -I` for the leftover lime link.
cdchapman joined the channel
#
aaronpk What is the leftover lime link?
#
Loqi It looks like we don't have a page for "leftover lime link" yet. Would you like to create it?
#
jjuran aaronpk: http://boffosocko.com/2017/10/29/the-answer-for-what-to-do-with-that-leftover-lime-from-your-guacamole/
#
Loqi [Chris Aldrich] The answer for what to do with that leftover lime from your guacamole Instagram filter used: Clarendon View on Instagram Syndicated copies to: Related Author: Chris Aldrich I'm a biomedical and electrical engineer wi... https://i1.wp.com/boffosocko.com/wp-content/uploads/2017/10/1509326689.jpg?fit=1080%2C1080
#
jjuran Whoa, that didn’t happen before
#
tantek is that an ownyourgram result?
#
Loqi [superfeedr] "Event" on 2017-10-29 http://tantek.com/2017/305/e1/homebrew-website-club
#
@t Event: Homebrew Website Club SF At: 2017-11-01 17:30 @MozSF RSVP: http://tantek.com/e/4rB1 (twitter.com/_/status/924862132474339328)
EmreSokullu, nitot, mblaney, gRegorLove, friedcell, cdchapman, zfphvxmxwt, sebsel, jegqowuhzo, vaqqectsjb, KartikPrabhu and [shurcool] joined the channel
#
[shurcool] This is still in the early stage of a trial period, but... a milestone I'm happy about it, so I'll share.
#
[shurcool] As of last night, I've made it possible for me—after being notified about activity on GitHub issues I'm subscribed to—to be able to read, comment on, and react to said GitHub issues completely through my personal site (and open source software I'm actively developing).
#
KartikPrabhu [shurcool]: very nice!
nitot joined the channel
#
[shurcool] My goal was to dogfood this software even harder (it's pretty stable and feature complete by now), and most of the issues I deal with are on GitHub, so this only made sense as the next step hehe.
#
[shurcool] thanks ?
#
[shurcool] if you point me to your favorite issue on github, I can show a screenshot of what it looks like for me
jihaisse joined the channel
#
jihaisse hello
#
KartikPrabhu [shurcool]: I would suggest you make a page for your software and add screenshots there
#
KartikPrabhu it does not matter much whether it is open for use by everyone. Simply documenting it would be useful for others too
#
KartikPrabhu jihaisse: hello!
#
[shurcool] KartikPrabhu: do you mean on the indieweb.org wiki?
#
KartikPrabhu [shurcool]: yes
#
[shurcool] gotcha. It's already there. and screenshots aren't really needed because there are links to where one can see it in action (in a browser). I just offered to share a screenshot of this particular new use case I found for it.
#
KartikPrabhu screenshots would be useful nonetheless. What is the page for your software?
#
[shurcool] it's mentioned at https://indieweb.org/Selfdogfood#Dmitri_Shuralyov. I'll update that to say I use it to read GitHub issues as well... but later on, after the dust settles. who knows, i might end up backing out if the experiment doesn't go well.
#
[shurcool] it's also listed at https://indieweb.org/issue_tracker#Software ?
#
KartikPrabhu nice
gnnfhqbppp joined the channel
#
@synvila Microcast: On inline comments and indieweb CMSes http://blog.henrikcarlsson.se/2017/10/microcast-on-inline-comments-and-indieweb-cmses/ (twitter.com/_/status/924912271452667905)
#
Zegnat Ooh, that is amazing ^^^
cweiske, [kevinmarks], EmreSokullu, mrhenko, nitot and adactio joined the channel
#
GWG adactio, what was that room with the murals?
#
adactio GWG: That's the RSA in London.
#
GWG Okay. That explains the murals
#
[kevinmarks] Nice Wikipedia relayout site https://www.wikiwand.com/en/Microformat
#
Zegnat js;dr though
alexhartley joined the channel
#
petermolnar I'm tempted to add it to the wiki that one shouldn't bother with mf2 if the site is js;dr
#
Zegnat Well, it would still be parseable by full on browsers and extensions, I guess?
nitot, alexhart_, friedcell, EmreSokullu and [kevinmarks] joined the channel
#
@kevinmarks @ellenbroad @ayymanduh For more specific ways of going astray, antipattern - examples here https://indieweb.org/antipatterns (twitter.com/_/status/924971991454683138)
cdchapman joined the channel
#
@synvila That’s a really cool example of displaying comments! I have added a line about you to the IndieWeb comments page, … http://blog.henrikcarlsson.se/2017/10/9408/ (twitter.com/_/status/924977330551971842)
arush joined the channel
#
Zegnat Hmm, that tweet is an unfortunate POSSE.
wolftune, mrhenko_, nitot and yar joined the channel
#
@huffduffer Microcast: On inline comments and indieweb CMSes :: Henrik Carlsson's Blog https://huffduffer.com/snarfed/439067 (twitter.com/_/status/924993006989709313)
hs0ucy, snarfed, mrhenko, friedcell, mrhenko_, botka1 and jeremycherfas joined the channel
#
jeremycherfas Hello IndieWeb
#
Zegnat Hellow jeremycherfas
#
jeremycherfas Hi zegnat
mrhenko, EmreSokullu, mrhenko_, jmelesky, aaronpk, tantek, alexhartley, CherryPuffs, grantcodes and Pierre-O joined the channel
#
@faulancr a MUST read for everybody interested in the independent web #indieweb https://twitter.com/andrestaltz/status/924975063568474113 (twitter.com/_/status/925029892277919745)
#
aaronpk this seems relevant https://xkcd.com/1909/
#
Loqi [XKCD] Digital Resource Lifespan https://imgs.xkcd.com/comics/digital_resource_lifespan_2x.png
#
myfreeweb woo bridgy fed works https://unrelenting.technology/replies/2017-10-30-16-04-34
#
Loqi [Greg] nice
#
tantek aaronpk that xkcd seems worth adding to /database and /app
#
jjuran xkcd++
#
Loqi xkcd has 5 karma in this channel (10 overall)
#
jjuran books++
#
Loqi books has 1 karma
#
petermolnar "java frontend no longer runs" => go static
#
petermolnar the alt-text is spot on as well
#
tantek huh? a java frontend means they never had any HTML resources to make static
#
tantek falls into a dev-trap
wolftune joined the channel
#
petermolnar web database, so there was, in fact, an html-ish output somewhere
#
tantek I don't see how you can conclude that
CherryPuffs joined the channel
#
petermolnar how else would it be a web database without presenting the results in web form?
#
tantek web database just means a web server that has a database. purely a backend assertion. no implication about front end
#
petermolnar ah, ok. I forgot those apps where you had a local java client which connected to remote databases.
#
petermolnar brrr
#
tantek lots here for citing and adding to various silo articles: https://staltz.com/the-web-began-dying-in-2014-heres-how.html
snarfed1 joined the channel
#
tantek via https://twitter.com/andrestaltz/status/924975063568474113
#
@andrestaltz It took me months of research to write this new blog post: "The Web began dying in 2014, here's how" https://staltz.com/the-web-began-dying-in-2014-heres-how.html https://pbs.twimg.com/media/DNYr6NZX0AAlREv.jpg (twitter.com/_/status/924975063568474113)
#
tantek via aforementioned https://twitter.com/faulancr/status/925029892277919745
#
@faulancr a MUST read for everybody interested in the independent web #indieweb https://twitter.com/andrestaltz/status/924975063568474113 (twitter.com/_/status/925029892277919745)
alexhartley, [miklb], jeremycherfas and arush joined the channel
#
petermolnar but I don't even know where to start
Loqi_, aaronpk and EmreSokullu joined the channel
#
petermolnar hi Loqi_ are you the evil twin of Loqi?
#
petermolnar hi Loqi_ are you the evil twin of Loqi?
#
aaronpk uhoh
#
aaronpk uhoh
#
jeremycherfas Halloween?
#
Zegnat It is evil twin month. Kaja is also Kaja_ at the moment (ping sknebel)
#
sknebel Zegnat: yeah, when it restarts it gets a new name and I haven't added any reset code yet
#
sknebel sadly it seems the IRC library in tiktokbot doesn't do SASL auth
#
sknebel (which I think would solve this automatically)
#
aaronpk looks like it does
Pierre-O joined the channel
#
dgold am I wrong in thinking that using https/encrypted comms circumvents the Krakt issues?
#
tantek what is Krakt
#
Loqi It looks like we don't have a page for "Krakt" yet. Would you like to create it?
#
dgold its not krakt then - some silly name stuck on the vuln researchers discovered in WPA@
#
Zegnat That was KRACK.
#
dgold thank you
#
Zegnat It doesn’t circumvent it, as attacker would still have access to your WiFi and can monitor the data stream. But it does mean the attacker should be incapable of reading the contents of the stream because that is end-to-end encrypted.
#
dgold yes, they have access, but they do _anyway_ via the ISP
#
dgold so https or ssh encryption remains as vulnerable as its ever been
#
Zegnat Of course once they are on your network they might try other things. E.g. your DNS requests probably aren’t encrypted, so they might feed you dummy DNS and send you to a fake bank site. HTTPS doesn’t matter then because they are in control of the fake bank site.
#
tantek that's what certificate pinning is supposed to solve
#
Zegnat KRACK doesn’t make HTTPS/SSH more or less vulnerable, no. You just have new problems because a network you probably treat as secure no longer is.
#
tantek assuming you've at least once before visited your actual bank site
#
dgold oh, I don't treat _any_ network as secure
#
Zegnat Indeed tantek
#
Zegnat Then KRACK shouldn’t affect you, dgold :)
#
tantek dgold, you're not implying some sense of absolute security by "as secure" right?
#
dgold tantek: i can't follow the question, sorry
#
sknebel dgold: having AES instead of TKIP protects you against packet injection if I remember correctly, so if at all possible you should at least have that. Should be default nowadays, but...
#
dgold I don't think any connection over the internet is free of surveillance, monitoring and logging by state actors
#
tantek dgold, your expression "network as secure" seems to imply that a framing of absolute security is possible or even useful as a concept, whereas security is never about absolutes, just about raising barriers
#
dgold oh, no, I don't think any 'secure network' is _possible_
#
tantek similarly "free of" seems to imply absolute framing, also not helpful for surveillance, monitoring and logging. again, raising barriers is the point
#
tantek so there is no point to describing something 'as secure', or 'free of', because it's an impossible goal and thus a distraction from what is achievable
#
dgold i disagree
#
dgold it is important, and valid, to make people aware of the fact that their every webclick is monitored
alexhart_ joined the channel
#
dgold just because there is no point in describing something 'as secure' it doesn't follow that there is no point in describing something as 'manifestly insecure'
#
dgold e.g. using a 4-digit PIN over http
#
tantek neither extreme is useful in practice
#
dgold or accessing a bank website without a secure handshake system
#
tantek sometimes the smallest incremental barriers add enough cost to prevent the most scripted/mass-attempts
#
tantek it's always a spectrum for security and privacy
#
dgold i'm unconcerned with scripted/mass attempts and far more concerned with state action
#
tantek then we disagree on the probabilities of threat models for the average person (or even anyone here) IMO
#
tantek yes if you're targeted by a state actor you have much bigger problems
#
dgold and I have been
#
tantek that's a very different level of security
#
tantek and frankly, unachievable for most
#
tantek (without great cost)
#
dgold no, not really
nitot joined the channel
#
dgold it involves a level of non-ease of use that people are (stupidly) unwilling to adopt
#
tantek really hard to fight that battle with an adversary that has orders of magnitude more time and $
#
dgold again, it isn't hard to _fight_ that battle, it is hard to _win_ that battle
#
tantek security that is hard to use (bad UX) usually results in more holes (due to user error from bad UX)
#
dgold but all anyone really needs to do is _frustrate_ the battle
#
dgold no, that's not what I mean, tantek, not bad UX - I mean non-use of online services that people take for granted
#
tantek no, not if you're targeted. greater resources means they will win by exhaustion or just have to wait til you make one mistake
EmreSokullu joined the channel
#
tantek by "frustration" I would agree with the phrase I used - raising barriers
#
dgold e.g. the Ireland & Microsoft v. US case ongoing
#
tantek which works well for mass-attempts
#
dgold you see, state actors are, largely, both stupid and incompetent
#
tantek certainly those attributes are not to be underestimated ;)
friedcell and nitot joined the channel
#
@ChrisAldrich I wonder what the longest running tweetstorm is? #IndieWeb https://twitter.com/BristOliver/status/925050186153562112 (twitter.com/_/status/925055785457127426)
#
@ChrisAldrich I wonder what the longest running tweetstorm is? #IndieWeb https://twitter.com/BristOliver/status/925050186153562112 (twitter.com/_/status/925055785457127426)
#
Loqi [superfeedr] "I wonder what the longest running tweetstorm is? #IndieWeb https://twitter.com/BristOliver/status/925050186153562112" by Chris Aldrich on 2017-10-30 http://stream.boffosocko.com/2017/i-wonder-what-the-longest-running-tweetstorm-is-indieweb-bristoliverstatus925050186153562112
bengo joined the channel
#
@schmarty Looking forward to @HWCBaltimore this Weds! Join us to work on your personal website and build an #IndieWeb for you (not them)! https://twitter.com/HWCBaltimore/status/922657902413996034 (twitter.com/_/status/925061094577770497)
#
@schmarty Looking forward to @HWCBaltimore this Weds! Join us to work on your personal website and build an #IndieWeb for you (not them)! https://twitter.com/HWCBaltimore/status/922657902413996034 (twitter.com/_/status/925061094577770497)
tantek, friedcell, EmreSokullu, snarfed, KartikPrabhu, vivus, [kevinmarks] and nitot joined the channel
#
skippy I'm still dismayed at how much effort it takes to encrypt DNS traffic.
#
Loqi skippy: [miklb] left you a message 5 days, 16 hours ago: when you were looking at replacements for tt-rss did you look at https://freshrss.org
tantek and raretrack joined the channel
#
[kevinmarks] http://known.kevinmarks.com/2017/google-is-going-to-protect-me-from-google-with-googles
#
myfreeweb skippy: dnscrypt isn't that hard to set up… OMG wow just looked at https://dnscrypt.org — Yandex.Browser uses it now
#
Loqi [Kevin Marks] Google is going to protect me from Google with Google's vpn http://known.kevinmarks.com/file/23b7dd365dac314b7890240ad5b712ac/thumb.png
todrobbins joined the channel
#
skippy I use CoreDNS to send DNS-over-HTTPS to Google, currently.
#
Zegnat skippy, I think I recently saw something about DNS over TLS? So hopefully it’ll be taken care off soon
#
Zegnat E.g. https://www.xda-developers.com/android-dns-over-tls-website-privacy/
#
skippy dnscrypt requires me to use DNS providers who I dont really know.
#
Loqi Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit
#
skippy i've been thinking about various ways to deal with this. None are currently all that elegant.
#
skippy Zegnat: yeah, I read that, too.
#
skippy tying in with the above discussion about KRACK and state actors and all that ... I would like some level of control and confidence in my DNS queries.
#
myfreeweb if you care a lot about privacy, you can use Tor as a DNS resolver. otherwise, set up your local resolver to query root servers directly and check DNSSEC signatures (of course not every domain is signed lol… but some are)
#
skippy myfreeweb: sure, but my ISP and anyone on the wire can see all my queries. I want the queries themselves encrypted.
#
skippy Tor is a little more overhead than I want.
#
skippy but yes, it's an option.
#
skippy I have a ProtonVPN account. I thought about setting up a Raspberry Pi with an always-on VPN connection and unbound sending requests to the ProtonVPN DNS servers.
#
myfreeweb Tor is not that slow, especially with a local cache in front of it
nitot, gRegorLove and gkbrk joined the channel
#
@johnjohnston @mrkrndvs @ChrisAldrich @Inoreader I've managed to get your opml into @Inoreader Aaron, already has Chris's #indieweb one. It is great as I get new feeds as they are added. (twitter.com/_/status/925098424478912516)
friedcell joined the channel
#
@PercolatorToday Episode 5: Homebrew Website Club https://percolator.today/episode/5 (twitter.com/_/status/925100653730344960)
jjuran, cweiske, [cleverdevil], DanC and tantek joined the channel
#
@jkphl @cowglow You must be talking about our biweekly Homebrew Website Club https://indieweb.org/Homebrew_Website_Club Has nothing to do w/ brewing though ;) (twitter.com/_/status/925119116775747584)
friedcell and nitot joined the channel
#
tantek reads logs
#
tantek shurcool++ re: "to be able to read, comment on, and react to said GitHub issues completely through my personal site" AMAZING!!!!
#
Loqi shurcool has 3 karma in this channel (4 overall)
#
tantek that sure is cool :)
#
tantek longevity << 2017-10-30 André Staltz: [https://staltz.com/the-web-began-dying-in-2014-heres-how.html The Web began dying in 2014, here's how]
#
Loqi ok, I added "2017-10-30 André Staltz: [https://staltz.com/the-web-began-dying-in-2014-heres-how.html The Web began dying in 2014, here's how]" to the "See Also" section of /longevity
snarfed, hs0ucy and eli_oat joined the channel