#dev 2016-08-26

2016-08-26 UTC
#
rascul well actually i guess this is also an indicator that some optimizing might be useful
#
rascul if it takes that much longer just to copy files in a slightly different fashion
#
rascul i'll probably have to wait to look into this later on when i'm more comfortable with rust
#
rascul dunno what i'm gonna do yet for parsing microformats, html5ever is supposedly the be all, end all of html parsing in rust but i haven't been able to figure it out yet http://doc.servo.org/html5ever/index.html
#
rascul i'm sure i'll figure it out when i get there though
#
gregorlove.com created /visualization (+437) "stub, indieweb/silo examples" (view diff)
#
miklb lol my jekyll builds take a lot longer than that
#
gRegorLove what is visualization
#
Loqi Visualization is the process of displaying data with graphics or charts https://indieweb.org/visualization
#
gregorlove.com edited /User:Gregorlove.com (+245) "/* Interests */" (view diff)
tantek and chrisaldrich1 joined the channel
#
gregorlove.com edited /next-hwc (+0) "next" (view diff)
#
gregorlove.com edited /Main_Page (+0) "/* Homebrew Website Club */ next" (view diff)
#
gregorlove.com edited /events/2016-09-07-homebrew-website-club (+410) "/* Where */ Bellingham" (view diff)
#
gregorlove.com edited /events/2016-09-07-homebrew-website-club (+73) "/* Bellingham, WA */ rsvp, indie/fb event" (view diff)
KevinMarks and chrisaldrich_ joined the channel
#
KevinMarks Hugo builds a fairly big site quicker than that
#
miklb I have a bottle neck somewhere in checking for received webmentions which is adding some overhead in my build time. I also generate a lot of tag & archive pages
tantek joined the channel
#
rascul miklb well i only have a few test posts, plus a bunch of static stuff
#
rascul also, rust should normally be faster than ruby at most things
#
miklb my site builds faster in Travis that on my old laptop, I'm not rapid posting or need it in seconds so not a big deal. I do have 500+ posts, maybe closer to 600 then all the archive stuff
tantek joined the channel
#
gRegorLove what is tagline
#
Loqi https://indieweb.org/tagline
#
gRegorLove what is tagline
#
Loqi https://indieweb.org/tagline
#
gRegorLove Hm
#
gRegorLove what is personal cloud
#
Loqi A personal cloud is a software solution to administrate services, usually with a nice user interface https://indieweb.org/personal_cloud
#
gRegorLove what is home server
#
Loqi A home server is a machine you keep at home to host some of your services https://indieweb.org/home_server
#
rascul i don't see why tagline doesn't work
#
tantek that's odd about personal cloud, as I'd thought it would be about storing your stuff, not "administrate"
#
rascul i personally wouldn't store stuff in a cloud, it might get rained out
#
gRegorLove what is swag
#
Loqi swag is indieweb apparel and accessories you can purchase https://indieweb.org/swag
#
gRegorLove The whole home server / personal cloud talk was odd the other day.
#
gRegorLove I'm just making sure dfns work for the email newsletter though
#
miklb speaking of newsletter, will there be a last minute post about IWC NY2? Is there still room?
#
gRegorLove what is tagline
#
Loqi A tagline is a short phrase intended to uniquely identify a person, product, or company, usually displayed visually on a web page shortly after the name https://indieweb.org/tagline
#
gRegorLove miklb: Anything you submit to news.indieweb.org before 2PM Pacific tomorrow will go out.
#
unicyclic.com mal edited /projects (-2) "/* Canopy */ fixed copypasta" (view diff)
Loqi_ joined the channel
#
tantek miklb yes we still have room for IWC NYC2!
#
miklb I guess that was meant more of a suggestion to have something in newsletter :)
#
tantek.com edited /form-encoded (+1189) "Why, how, articles" (view diff)
#
tantek miklb are you coming?
#
miklb not able to get up from Tampa this time around. Hope to participate remotely
#
miklb I want to put some polish on the jekyll-indieweb project
#
tantek would be great to have you participate remotely!
#
AngeloGladding rascul can you describe the difference between user and host ssh auth in this context?
#
rascul one minuite
#
rascul AngeloGladding this will possibly look familiar to you, at least most of it https://rascul.xyz/ssh_host.txt
#
rascul in this context, it's essentially the same as a self signed tls certificate, the host telling you this is the certificate without any external confirmation
#
rascul in the context of https, that's where certificate authorities come in, they sign the certificates so that a third party can verify that it's the proper certificate
#
rascul there is nothing like that built in for ssh, so it's up to you to verify that fingerprint the first time you connect, just like with self signed tls certificate it's up to you to verify it's the right certificate the first time you connect
#
AngeloGladding yeah i suppose i've got all that
#
sknebel well, you can use CAs with ssh, it's just very uncommon
#
rascul true
#
AngeloGladding i think i need to better understand vouch to proceed with any real train of thought on this matter
#
rascul what is vouch?
#
Loqi The Vouch protocol is an anti-spam extension to Webmention. Webmention with Vouch depends on understanding Webmention https://indieweb.org/Vouch
#
AngeloGladding and i've yet to implement webmention as well
#
AngeloGladding so i think i'll back up and start with that for the evening
#
AngeloGladding :)
#
rascul i've got lots of work to do before i get to webmentions
#
rascul sknebel there is also this http://roumenpetrov.info/openssh/
#
gRegorLove Hah, so I totally misread miklb earlier. I thought you were asking if there was time to get a post into the newsletter
#
miklb I should have been more clear. Wasn't sure if there was a way for "upcoming events" to lead the newsletter or something. IWCs, HWC, etc
#
Loqi totally
#
rascul AngeloGladding i would be very happy if my browser started doing this (except prettier of course) https://rascul.xyz/https.html
#
AngeloGladding yesss
#
AngeloGladding so close yet so far
#
AngeloGladding nice prototype btw
#
AngeloGladding leave it up until i work my way through webmention/vouch?
#
AngeloGladding or post it to the wiki somehow?
#
sknebel HTTPS Everywhere had a feature where it could compare the cert you see with a central database the EFF ran, something like that could be build with some decentralized sync mechanism instead
#
sknebel (I think that feature doesn't exist anymore, might be interesting to look up what happened to it)
#
rascul AngeloGladding i probably won't take it down anytime soon, feel free to store a local copy though if you want
#
rascul sknebel i used to use https everywhere, not really sure why i don't now
#
rascul maybe i just haven't installed it, i guess i can fix that right now
#
KevinMarks Hm. Is a hash of the cert a candidate for the content addressing model?
#
rascul KevinMarks what do you mean?
#
rascul maybe i don't understand what content addressing model means
#
KevinMarks So, if I stash a copy of your cert on my server when we interact, the hash lookup could find that we both have the same one
#
KevinMarks Have a look at svgur.com/dweb
#
KevinMarks But imagine it for certs rather than SVG files
#
rascul well the hash of the cert should be unique
#
rascul umm i don't think hash of the cert is the right term
#
rascul ahh i guess it is http://security.stackexchange.com/questions/14330/what-is-the-actual-value-of-a-certificate-fingerprint
#
KevinMarks You said sha256 on your page
#
KevinMarks So that fits with the model I'm thinking of
#
KevinMarks And with sri
#
rascul i couldn't recall how the hash was generated, just that it should be unique
#
rascul s/how the has was generated/what the hash was generated from/
#
KevinMarks If it's the hash of the thing you download, it's the same model
#
rascul you might run into problems if there are multiple sites with the same cert though?
#
rascul subject alternative names
#
rascul in those cases, the cert (or hash of the cert) would be able to identify multiple sites
#
sknebel you could look up a cert based on a fingerprint, but I'm not sure you need more than a fingerprint
#
KevinMarks Do I need your cert to receive ssl from you?
#
rascul you shouldn't need more than that
#
Loqi agreed.
#
rascul you need to trust my certificate at least
#
rascul A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made by the private key that corresponds to the certified public key. https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates
#
sknebel but the full certificate chain is transmitted on connection, so you don't need to know anything specific beforehand, just a way to figure out if you trust that certificate once you received it
#
sknebel (e.g. check that there is valid signing chain to a root you trust, verification that the key is the same that was pinned on a previous visit, ...)
#
rascul and that's where certificate authorities come in, a "reliable" third party that tells you which certs are good based on how much money they receive
#
rascul there are standards that the certificate authorities are required to use, but there's plenty of cases where for whatever reason they failed to abide by those standards
#
rascul https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html
#
rascul after checking that last link, note that symantec is the largest ca according to netcraft https://www.netcraft.com/internet-data-mining/ssl-survey/
#
Loqi SSL Survey
#
sknebel what I always disliked is that a webserver can't offer multiple certs for the same domain, that would make experimentation with other verification systems easier
#
rascul hrm i've never thought of that
KevinMarks joined the channel
#
rascul btw https://cabforum.org/ if you're interested in finding out what the certificate authorities are supposed to do, some browsers may require more though
#
Loqi [admin] CA/Browser Forum
#
rascul specifically https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.3.8.pdf
#
rascul https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/
#
rascul sknebel is the observatory what you were referring to earlier irt https everywhere? https://rascul.xyz/observatory.png
KevinMarks_ and loicm joined the channel
#
@wolfman75 i Webmention sono standard W3C https://blog.artera.it/programmazione/webmention #blog #wordpress (twitter.com/_/status/769063969780891648)
chrisaldrich1 and ChrisAldrich joined the channel
#
www.boffosocko.com edited /fragmention (+754) "hypothes.is update; +see also; +indieweb example" (view diff)
KevinMarks, cmal, AngeloGladding, tantek and loicm joined the channel
#
przeorski.pl edited /ReactJS (+15) "added link to official reactjs page" (view diff)
#
przeorski.pl edited /ReactJS (-5) "added link to official reactjs page" (view diff)
tantek, chrisaldrich1, AngeloGladding, loicm and singpolyma joined the channel
#
sknebel rascul: yes
chrisaldrich1, tantek, KevinMarks, Loqi and gRegorLove joined the channel
#
www.boffosocko.com edited /2016/NYC2/Projects_List (+619) "+Chris Aldrich (participating remotely)" (view diff)
plindner joined the channel
#
aaronparecki.com edited /2016/NYC2 (+742) "add sponsors" (view diff)
#
gregorlove.com edited /2016/NYC2/Projects_List (+390) "/* Remote Participants */ +me for Saturday at least" (view diff)
cmal joined the channel
#
aaronparecki.com edited /2016/NYC2/Projects_List (+314) "RSVP myself, will be there at least Sunday to help people with micropub" (view diff)
tantek joined the channel
#
www.svenknebel.de edited /Main_Page (-22) "/* IndieWebCamp */ image link changed to internal link -> no visible HTTPS lock-icon" (view diff)
#
loqi.me created /write.as (+207) "prompted by [kevinmarks] and dfn added by [kevinmarks]" (view diff)
#
gregorlove.com edited /write.as (+17) "links" (view diff)
#
chrisaldrich1 AngeloGladding, did my h-card fix last week solve the problem your parser was having?
#
GWG chrisaldrich1: I responded to your comment.
#
GWG What you are asking is not easy.
#
chrisaldrich1 sorry GWG, I'm aware (sadly)
#
GWG Not one I can trust people will evenly use.
#
AngeloGladding hey chris -- just checked and oddly enough the `mf2py` parser is now returning "ChrisAldrich" without a space
#
chrisaldrich1 I can manage my way around it, but I suspect that "the masses" will require and it's the Masses that will want a standard, easy use case
#
chrisaldrich1 Angelo, hrmmm... Let me double check..
#
AngeloGladding your code should work though
#
AngeloGladding let me check one more thing
#
AngeloGladding nope sorry
#
kodfabrik.se edited /ReactJS (+427) "Extended wiki page with more details" (view diff)
#
AngeloGladding it's technically returning "Chris\nAldrich" which I can handle gracefully
#
AngeloGladding you're good, thanks!
#
chrisaldrich1 excellent! glad I can be "compliant"
#
AngeloGladding talked to tantek about his cert and came up with an interesting path forward with respect to privacy, certs and trust (vouch)
#
chrisaldrich1 I caught a snippet of that conversation and "circle of trust". Just have to be careful as some spammers in facebook used an end-around on part of what you suggested.
#
AngeloGladding random aside -- doubled my build time by including a library to properly sort Mr. Çelik in my "buddy list" -- putting some polish on before I write it up
#
AngeloGladding can you elaborate?
#
chrisaldrich1 In those cases, a spammer would create a new account that duplicated a "friend's" profile. Then by friending a few in their circle and being befriended back by unwitting/unsophisticated users then dupped many others into following.
#
chrisaldrich1 Of course having even one user "poisoning" that well by crying foul can fix the issue, but alternately one bad actor giving a false negative can cause issues on the other side too
#
tantek not sure how that applies at all to certs
#
AngeloGladding fighting the urge to trash FB... this is the model I'm roughly alluding to when i reference "web of trust" https://en.wikipedia.org/wiki/Web_of_trust
#
AngeloGladding need to work my way through /vouch before I can properly contextualize
#
AngeloGladding *working on it* :)
#
tantek OTOH I have no problems criticizing Google Docs.
#
tantek Since when did Google Docs start loading infinite javascripts from 0.docs.google.com, 1.docs.google.com, 2.docs.google.com, etc.... so far up to 23 and no sign of an end in sight.
#
AngeloGladding i'll take this opportunity to express my delight in the presence of /js;dr
voxpelli joined the channel
#
aaronpk oh i've had that happen to me on facebook
#
aaronpk weird friend requests from people who say they went to the same school as me and we have a bunch of friends in common except i know it's a fake account because there were only 8 other people in my high school class
#
aaronpk but once they start having a few friends in common, facebook suggests them as a friend to people who share other common friends and then it just keeps growing
#
tantek aaronpk, same thing has happened in NovemberProject - across cities even
#
tantek to the point where we've had to keep a Google Doc of fake accounts
#
aaronpk wow
#
AngeloGladding per WP: According to Facebook, the real-name policy stems from the position "that way, you always know who you're connecting with. This helps keep our community safe."
#
AngeloGladding love it
#
tantek sigh
#
aaronparecki.com edited /ReactJS (+366) (view diff)
aaronpk, AngeloGladding and ben_thatmustbeme joined the channel
#
tantek.com uploaded /Special:Log/upload "uploaded "[[File:2016-239-FB-sorry-something-wrong.png]]""
#
tantek.com edited /Facebook (+230) "/* Downtime */ 2016-08-26 Partial Outage of some pages" (view diff)
#
tantek anyone else seeing FB errors like ^^^ currently?
#
bear facebook is having issues
#
tantek anything public about it?
#
tantek besides ^^^
#
bear not yet
#
loqi.me created /h2vx (+140) "prompted by gRegorLove and dfn added by gRegorLove" (view diff)
#
loqi.me edited /h2vx (+68) "/* See Also */ new section" (view diff)
#
gregorlove.com edited /h2vx (+3) "link, tweak dfn" (view diff)
#
gRegorLove What is iCalendar
#
Loqi It looks like we don't have a page for "iCalendar" yet. Would you like to create it?
#
gRegorLove iCalendar is /ICS
#
loqi.me created /iCalendar (+16) "prompted by gRegorLove and dfn added by gRegorLove" (view diff)
#
Loqi ok
tommorris_, voxpelli and doesntgolf joined the channel