#indieweb 2018-05-03

2018-05-03 UTC
tantek and [tantek] joined the channel
#
[tantek] Setting up for HWC SF!
eli_oat, markong, tantek, tomasparks and freescholar joined the channel
#
tantek hello from HWC SF!
renem joined the channel
#
GWG How is it going?
cdchapman and KartikPrabhu joined the channel
#
tantek four of us currently
#
GWG tantek, I wish I could tune in
#
tantek GWG maybe we can setup appear in
#
GWG At least narrate
#
tantek GWG see #indieweb-meta
[jgmac1106] joined the channel
#
GWG I knocked
bdesham and [chrisaldrich] joined the channel
#
bdesham In SF we're discussing what the various HTTP error codes imply about whose computer screwed up. Reminds me of this: https://web.archive.org/web/20120710183107/https://twitter.com/DanaDanger/status/183316183494311936
#
bdesham Also, regarding HTTP 502 in particular: https://httpstatusdogs.com/502-bad-gateway
tantek and wolftune joined the channel
#
tantek bdesham: demoing his site now
#
tantek esham.io
#
tantek he's using ownyourgram
#
tantek posting to Instagram, and federating back to his site using Micropub
#
GWG He went to Alfred University...fun.
#
tantek took a photo on 4/18, but then resisted posting it to IG until he had the mechanism setup to post it to his site
#
tantek moved all his micro.blog posts and app.net posts to his own site!
#
tantek worked hard on not having a title on his blog posts
thom_m joined the channel
#
bdesham GWG: not a name many people recognize ;-)
leg, todrobbins and snarfed joined the channel
#
tantek aaronpk demonstrating his thinking on badges for webmention.rocks to give out
#
tantek and the use of indielogin in the updates to webmention.rocks
freescholar, tantek and eli_oat joined the channel
#
GWG I didn't fall asleep. The video is frozen
leg, ajft, thom_m and eli_oat joined the channel
#
pjz pjz
Kyle-K, jalcine and [kevinmarks] joined the channel
#
[kevinmarks] Hi pjz
snarfed joined the channel
#
[kevinmarks] http://known.kevinmarks.com/2018/twitter-suspended-my-account-for-live-tweeting
#
Loqi [Kevin Marks] Twitter suspended my account for live tweeting, but Twitter Approved an Ad Pretending to Be Twitter - Slate Magazine http://nzzl.us/WBddVYa via @nuzzel
#
Loqi [indienews] New post: "Indigenous Development Log #1" https://eddiehinkle.com/2018/05/02/16/article/ (from https://aaronparecki.com/2018/05/02/27/)
cweiske, Strypey, freescholar and KartikPrabhu joined the channel
#
sknebel Good morning Indieweb!
wolftune, jihaisse, AngeloGladding, iasai_, swentel and friedcell joined the channel
#
Zegnat Good morning IndieWeb! :)
what and johannh joined the channel
#
dgold saluton!
jeremycherfas joined the channel
#
Zegnat Hellow dgold, jeremycherfas :)
#
jeremycherfas Howdy both. So, my thing is up, zegnat.
#
Zegnat I love the title
#
jeremycherfas Thank you. I should find an image.
#
jeremycherfas Maybe I will, when I have got more important things out of the way.
#
jeremycherfas ^^^ selfauth
#
Zegnat I was wondering why I hadn’t received any webmention for your post, jeremycherfas. Turns out you go out of your way to spell out my entire name, twice, rather than just “Martijn” or “Zegnat” with a link to my site. Hehe
#
jeremycherfas You're right. I linked to selfauth at the wiki, not at your site. Oops.
#
Zegnat That is fine, of course. I was just surprised it wasn’t simply “to ask <Martijn> to explain” with my name linked. Would have also given me a nice ping when you send webmentions out.
#
Zegnat I think I may have spotted 2 mistakes, one of which seems to be just a brainfart, so you seem to have gotten the gist of it! The flowchart looks right as well
friedcell and anotheryou joined the channel
#
jeremycherfas Did you send me a wm?
#
Zegnat I did not
#
jeremycherfas OK. Send me a DM here.
#
jeremycherfas I've added a link to your home page, may as well do other changes before I update.
catsup, Lukas1, AlsoLakas and [colinwalker] joined the channel
#
[colinwalker] Morning all.
[kevinmarks] joined the channel
#
[kevinmarks] Morning
#
Loqi good morning
loicm and corenominal joined the channel
#
jgmac1106 morning indieweb
adactio joined the channel
#
[colinwalker] sgreger’s post yesterday has certainly given pause for thought on the ethical side of things as well as the legality. The distinction between backfeed and webmentions is obvious but has made me start thinking about micro.blog where webmentions are automatically sent and, therefore, not necessarily known about/intended.
#
Zegnat Yes, I thought sgreger’s verification of intended webmentions was very interesting. He only takes webmentions as intended if the source website itself also supports receiving webmentions, as that would mean the source website at least knows something about it.
#
Zegnat But good observation that it does not hold true for micro.blog ... if micro.blog receives webmentions?
#
petermolnar I still need to read the article, but this is why I only display a link to the response and not the response itself
#
[colinwalker] M.b can receive webmentions but only processes them under certain conditions (that they can be linked to a user account) - it’s just that people are joining m.b and maybe not knowing about the Indieweb underpinnings so would be unaware that mentions are sent regardless.
#
[colinwalker] It’s then a similar situation to backfeeding.
#
Zegnat Yes, and one that even sgreger’s solution doesn’t account for then :( Darn.
#
cweiske <meta name="allow-webmention-embedding" content="1"/>
#
Zegnat Ha
#
Zegnat Alternatively: check if the webmention source has an oembed version you can display
freescholar joined the channel
#
[colinwalker] The meta approach ties in with an idea I was considering for m.b - a user toggle.
#
petermolnar this is actually a bigger question
#
petermolnar right now embeddable is every website by default
#
petermolnar and there's nothing telling anything otherwise
#
[colinwalker] Indeed.
#
petermolnar however... does gdpr say anything about publicly available information, eg. posted online?
#
petermolnar because if it doesn't say anything, embedding, including linking to the source, is perfectly fine - replicating content is the actual question
[jgmac1106] and KapiX joined the channel
#
Zegnat content is not covered by GDPR, but personal data is. So if you store who wrote the content you are embedding, that is (possibly) a no-go
#
Zegnat And from sgreger’s take, you could store that personal data, as long as you can make a good case that you have reason to do so. But even then you need to have informed the person’s who’s data it is of it. And that last step is tricky.
pindonga, iasai_, iasai and friedcell joined the channel
#
petermolnar about that article... "the URL to their Twitter profile" - why on earth is this a personal data?
friedcell left the channel
#
sknebel Because it is information identifing you
#
petermolnar a competely public information which identifies a user on a website
iasai joined the channel
#
petermolnar depending on the website it may or may not be an alterego
[kevinmarks] joined the channel
#
[kevinmarks] Antipattern https://twitter.com/freezydorito/status/992024985463083008?s=19
#
@freezydorito «you know what I really miss? In the modern web? The bonzi buddy toolbar experience» — whoever invented accelerated mobile pages https://pbs.twimg.com/media/DcRhdkBX4AAOQHx.jpg (twitter.com/_/status/992024985463083008)
#
petermolnar bonzi, now that's a 90s flashback
#
sknebel Yes, but that doesn't necessarily matter. I personally think it shouldn't be a big deal either, but I also get that people are careful as long as these things aren't cleared up
barpthewire, iasai, [unoabraham], KapiX and [jgmac1106] joined the channel
#
jgmac1106 @petermolnar Cultural differences over the primacy of privacy and free speech and what counts as public.
#
jgmac1106 think more identifiable data. At heart of GDPR IMO is idenitiable data belons to the person and thus needs privacy protection
#
petermolnar but... that's the thing - what/who it identifies, if it's a made up twitter name?
#
jgmac1106 the person who also used an email address to register that anonymous name. I agree with you. I think public is public and when you share on a private platform you are giving up much of your rights. But I fully understand, and current events demonstrate, why something like GDPR is needed. Most of us our noncommercial small sites but many in community will build these features not out of compliance but a shared cultural code. Plus
#
jgmac1106 Eurpoe is a big market. If folks are thinking long game and monetization, regardless of entity status, might as well be ready
#
petermolnar I'm starting to feel like GDPR is about to become Europe's DMCA, abused with all the takedown requests
leg joined the channel
#
Zegnat A lot of small companies, or just local clubs, are having some struggles with it for sure.
#
Zegnat Or they just do not know that it might impact them at all, as a recent study in Germany suggested
#
Loqi [indienews] New post: "🎧 The value of rituals in a digital world (RN Future Tense)" https://collect.readwriterespond.com/the-value-of-rituals-in-a-digital-world/
snarfed, davy__, tbbrown, tantek, [miklb], thom_m, wolftune, sebsel, maingo, [davidmead], seekr and jmac joined the channel
#
jmac So the out-yonder website that linked to my blog which I was excited about yesterday, as it gave me a real-world non-Bridgy Webmention source to test? It's hosted by Tumblr, and therefore the URL that links to my site is http://t.umblr.com/redirect?blah-blah-blah.
#
jmac Does Webmention work this is somehow, or is this the end of this story becuase they're not using the web correctly?
#
jmac s/this is/with this/
#
aaronpk oh gosh
AngeloGladding joined the channel
#
aaronpk this is gonna get devvy fast -> #indieweb-dev
#
jmac np
snarfed joined the channel
#
jmac I didn't know if this was a political question or a dev one. :)
#
jmac (I know the boundaries are not so solid.)
#
aaronpk hah true
#
sknebel very few webmention implementations handle that
#
sknebel so probably noo
leg, [jgmac1106], vivus, [deeden], doubleloop, thom_m, tantek and [tantek] joined the channel
#
tantek hey kevinmarks you got your twitter back
#
tantek what did they say?
#
aaronpk awesome! manton just launched instagram import in the micro.blog desktop app, and since it uses micropub you can use it for your own website too! http://www.manton.org/2018/05/instagram-import-in-micro-blog.html
#
aaronpk this might just save me from building mass import into ownyourgram!
#
[tantek] Wow!
#
[tantek] Manton++
#
Loqi manton has 42 karma in this channel (46 overall)
#
aaronpk looking forward to giving this a try myself, since i never did import all my old photos once i started using ownyourgram
#
tantek do we have a term for ephemeral or timeboxed POSSE?
#
tantek e.g. deleting your old POSSE posts on silos because no one is seeing them anymore
#
tantek (and the whole point of POSSE was to reach your friends who are dependent on those silos)
#
tantek thinking backfilling & deleting could be a good thing to automate
[eddie] joined the channel
#
[eddie] Oh strange… apparently there is supposed to be a “media.json” in the instagram archive? I don’t think Instagram is providing me any of my posts
#
[eddie] lol
#
tantek e.g. only keep the last year's worth of photos on IG?
#
[eddie] I don’t see any actual photo files either if those are supposed to be in there
thom_m, cdchapman, KartikPrabhu, barpthewire, snarfed, gRegorLove, friedcell and freescholar joined the channel
#
dgold manton++
#
Loqi manton has 43 karma in this channel (47 overall)
#
dgold that is excellent
#
dgold does it preserve timestamps?
cdchapman and thom_m joined the channel; bdesham and vivus left the channel
#
Loqi [indienews/de] New post: "Indieweb und die DSGVO" https://renem.net/post/2018-05-03-indieweb-dsgvo/
AngeloGladding, cdchapman, [kimberlyhirsh], [cleverdevil] and [manton] joined the channel
#
[manton] [dgold] Yes, it'll pass the date/time in the "published" parameter via Micropub so the blog posts have the Instagram-posted date. Only annoying thing is there's no time zone info from Instagram, so it might be off in some cases. It assumes your Mac local time zone is the same as what Instagram has stored for you.
cdchapman and [chrisaldrich] joined the channel
#
skippy https://www.theverge.com/2018/5/3/17316684/twitter-password-bug-security-flaw-exposed-change-now
#
aaronpk [manton]: i was wondering how you were going to handle that! using the mac's local time is clever
#
KartikPrabhu skippy: "There’s apparently no evidence of any breach or misuse, but you should change your password anyway"
#
Zegnat Wow that twitter thing
#
skippy 'recommending that users change their Twitter passwords out of an “abundance of caution,”'
#
KartikPrabhu I wonder when Twitter will recommend it to me who does not read Verge
#
skippy https://twitter.com/TwitterSupport/status/992132808192634881?tfw_site=verge&ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.theverge.com%2F2018%2F5%2F3%2F17316684%2Ftwitter-password-bug-security-flaw-exposed-change-now
#
@TwitterSupport We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html (twitter.com/_/status/992132808192634881)
#
Zegnat My mum just walked in to tell me, because a news app on her phone told her
#
aaronpk wow
#
KartikPrabhu so I have to follow TwitterSupport too now
#
KartikPrabhu <sigh>
#
petermolnar wait, what; that twitter bug: they have the passwords in plain text?!
#
[manton] [aaronpk] Thanks. It's not perfect but I think it's a good default to start with. I wish Instagram's web UI showed the time so it would be easier to double-check. (I checked a few times and they seemed right, but I bet daylight savings time and whatnot will interfere.)
#
Zegnat And that tweet links to the actual post they wrote: https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
tbbrown joined the channel
#
Zegnat petermolnar, they do now, apparently it was logged to internal logs pre-hashing
#
aaronpk petermolnar: no, but they log password attempts and failed to log the hashed value
#
skippy "Due to a bug, passwords were written to an internal log before completing the hashing process." so it doesnt sound like anything leaked; unless some rogue twitter employee(s) leaked something.
#
Zegnat And this is why I didn’t even want to introduce the feature to log failed passwords in selfauth (ping ancarda)
#
aaronpk Zegnat: add that tweet to that github thread!
#
petermolnar lol; the first server I had to take over because it's former admin abandoned it had debug logging on for postfix and logged all passwords in syslog as well
#
petermolnar that was a while ago though
#
skippy Zegnat: logging failed auth attempts is good; logging the password used in said attempts is bad.
wagle joined the channel
#
skippy if i could tie selfauth failures into fail2ban, that would be great.
#
Zegnat skippy, that’s why there is some logging now
#
Zegnat it just doesn’t low passwords
#
Zegnat s/low/log/
wagle, iasai, [dshanske], cdchapman and endi joined the channel
#
Loqi [indienews] New post: "Building Digital Workflows" https://readwriterespond.com/2017/11/workflows/
endi, thrrgilag and [kevinmarks] joined the channel
#
[kevinmarks] “Hello,
#
[kevinmarks]
#
[kevinmarks] Your account is now unlocked, and we’re sorry for the inconvenience.
#
[kevinmarks] Again, we apologize for the inconvenience. Please do not respond to this email as replies will not be monitored.
#
[kevinmarks] Twitter has automated systems that find and remove automated spam accounts and it looks like your account got caught up in one of these spam groups by mistake. This sometimes happens when an account exhibits automated behavior in violation of the Twitter Rules (https://twitter.com/rules).
#
[kevinmarks] Thanks,
#
[kevinmarks] Twitter Support”
#
ancarda Yeah, I had no idea how bad logging passwords could be. It was discussed in the issue tracker
electronicmaji, chimo, thom_m, tantek, ajft, loicm, snarfed, renem, eli_oat and thrrgilag joined the channel