[fluffy] and [dmitshur] joined the channel
wolftune and [jgmac1106] joined the channel
[fluffy], rEnr3n, wolftune, gRegorLove and [manton] joined the channel
wolftune, marcusr, patterson, KartikPrabhu, [Lewis_Cowles] and [aaronpk] joined the channel
[Rose] joined the channel
mblaney, [christophe194], KartikPrabhu, gkmngrgn and discord[m]2 joined the channel
adactio joined the channel
[KevinMarks] joined the channel
blassin6 joined the channel
[tantek] joined the channel
gxt joined the channel
[Lewis_Cowles] joined the channel
[barryf] joined the channel
[frank] joined the channel
patterson joined the channel
gareppa joined the channel
[tonz] joined the channel
[jgmac1106] joined the channel
jbove and [Lewis_Cowles] joined the channel
wolftune and [dmitshur] joined the channel
[frank] joined the channel
[dmitshur] I have a bit of a philosophical question. People here clearly feel positive sentiments on the topic of owning your data. Consider an open source project that has an issue tracker. Right now many live in silos such as on github.com and their issue tracker. So when you file an issue in someone else’s open source project, the issue lives on github.com next to the open source project.
[tonz] joined the channel
[dmitshur] It might be helpful to think about two parts of an issue. One is the original issue body (that the issue author authors, presumably on their site). Another is the “open or closed state”. Perhaps the OSS project should own that, since it’s up to the project author to close the issue when it’s resolved. Maybe? The issue author should be able to close it too...
wolftune joined the channel
[jacek], [fluffy] and [snarfed] joined the channel
[schmarty] joined the channel
dougbeal|mb1, anotheryou, [jgmac1106], KartikPrabhu, [dmitshur], [dougbeal], [Michael_Beckwit, [Rose], [Lewis_Cowles] and brandonkal joined the channel
brandonkal I am looking into IndieAuth again to possibly implement to allow login. I have some concerns about the security of treating a url as an identity.
brandonkal How would a site handle if a user wishes to change their url?
brandonkal No. Because the user would then sign in with their new url (which would not have a redirect) So unless the login systems are all polling to check for 301s, there will be an orphaned account
brandonkal Then there is the issue of a user who loses control of their domain/page.
brandonkal +GWG generally the site keeps some other uid to track you, allowing you to change the username. With an IDP Oauth it's not really an issue, as the grant remains
brandonkal I am not speaking of malicious theft. It just seems to be much more likely that a domain name expires. If that happens and DNS records are changed by the new owner, I am not sure how a user would recover from that.
brandonkal With a centralized IDP (i.e. GitHub, the user would have to lose access to both their account and their email account) and if only the first is lost, the email provides some safety net.
brandonkal Yes. I suppose sites that allow indie auth login would have to ask for an email address (or other backup auth factor) if the user wants a fallback. But I wonder if there is a more elegant way.
brandonkal One thought is the server could read the email address in the TLS cert for the domain used as the identity.
brandonkal For my personal site, it's my full name. brandonkalinowski.com So I am not worried about losing it.
brandonkal Yes it is. So I feel safe using it to log in to the few sites I can with it.
brandonkal For reference, this is the comment that got me thinking again about indieAuth https://aaronparecki.com/2018/06/04/12/gitea-indieauth
gkmngrgn joined the channel
brandonkal In that case, the provider (gitea instance, not necessarily personally hosted, i.e. a company instance) supplies the identity (a user's profile page) because the indieAuth allows an arbitrary url as the ID, which makes it quite flexible.
gkmngrgn, KartikPrabhu, jbove and wolftune joined the channel
gkmn1, fLsh42Discord[m], evantravers, gkmn2, [qubyte] and [snarfed] joined the channel
blassin6, wolftune and gRegorLove joined the channel
dougbeal|mb1, [dougbeal] and [tantek] joined the channel
Loqi [indienews] New post: "Introducing a Microformats API for Eventbrite: eventbrite-mf2.jvt.me" https://www.jvt.me/posts/2019/10/19/microformats-eventbrite/
[asuh] and wolftune joined the channel
[tantek] Eventbrite << 2019-10-19 [https://www.jvt.me/posts/2019/10/19/microformats-eventbrite/ Introducing a Microformats API for Eventbrite: eventbrite-mf2.jvt.me]
Loqi ok, I added "2019-10-19 [https://www.jvt.me/posts/2019/10/19/microformats-eventbrite/ Introducing a Microformats API for Eventbrite: eventbrite-mf2.jvt.me]" to the "See Also" section of /Eventbrite https://indieweb.org/wiki/index.php?diff=65687&oldid=65686
brandonkal What do you guys think of riot.im and the matrix protocol?
brandonkal Yes. Opinions? It would be really slick to have a single pane of glass for all the various communication apps.
brandonkal Looks interesting. Based on the [m] suffix, it looks to be a matrix irc bridge
[grantcodes] joined the channel
brandonkal [grantcodes] what do you use now?