#dev 2018-01-17

2018-01-17 UTC
#
www.boffosocko.com edited /Posts_about_the_IndieWeb (+2090) "A handful of articles via snarfed, mrkrndvs, chrisaldrich, shaners, altsalt, archived version of 1997 articles added in English/French" (view diff)
snarfed and [eddie] joined the channel
#
[eddie] https://files.slack.com/files-pri/T03QR2B2T-F8TQEUUAF/screen_shot_2018-01-16_at_7.37.18_pm.png?pub_secret=9d7b6cdaae&name=Screen Shot 2018-01-16 at 7.37.18 PM.png
#
[eddie] !tell aaronpk: Is this error correct? https://indiewebcamp.slack.com/files/U433EQWG2/F8TQEUUAF/screen_shot_2018-01-16_at_7.37.18_pm.png it seems like photo[] should be a valid attribute but it doesn’t seem to like it. I’m gonna try photo without the “[]” but I wasn’t sure if micropub.rocks it was behaving properly or not.
#
Loqi Ok, I'll tell them that when I see them next
#
[eddie] eddie mentioned a file: Screen Shot 2018-01-16 at 7.37.18 PM.png.
eli_oat, snarfed and EmreSokullu joined the channel
#
aaronpk which test number is that?
#
Loqi aaronpk: [eddie] left you a message 6 minutes ago: Is this error correct? https://indiewebcamp.slack.com/files/U433EQWG2/F8TQEUUAF/screen_shot_2018-01-16_at_7.37.18_pm.png it seems like photo[] should be a valid attribute but it doesn’t seem to like it. I’m gonna try photo without the “[]” but I wasn’t sure if micropub.rocks it was behaving properly or not.
#
[eddie] 104
#
[eddie] I can verify it worked fine without the []
#
aaronpk i'm trying to remmeber if that was a significant part of the test
#
aaronpk hm yeah, i think it should accept that
#
[eddie] I can create an issue on github
#
aaronpk yeah i think from the client's perspective, the test should allow either
#
www.nitinkhanna.com created /User:Www.nitinkhanna.com (+84) "Created page with "Hey all! I'm Nitin Khanna! Just dipping my toes into this strange and curious world!"" (view diff)
snarfed, EmreSokullu, renem, eli_oat, curve25519 and [joe] joined the channel
#
GWG Is there any functional difference between generating an authorization code and an access token?
#
aaronpk So much
#
aaronpk I mean they can be the same length but they mean very different things and have very different security considerations
#
GWG I meant actually coming up with the code.
#
GWG Aren't they both random strings?
#
GWG They represent different things
#
aaronpk You can use the same random generator for both yes
#
GWG aaronpk, that is what I was getting at
#
GWG I think this might be doable
snarfed, KartikPrabhu and tbbrown joined the channel
#
snarfed hey aaronpk, re https://github.com/snarfed/granary/issues/127 ... you say xray looks up the photo's location to determine the time zone. that only works for photos with locations, right?
#
Loqi [aaronpk] #127 Instagram dates do not include timezone offset
#
snarfed so far i haven't found any other time zone or location info in media or user json objects
#
snarfed heads back to the issue
#
@billbennettnz Hey @phoneboy I don’t quite get how the webmention plugin picks up comments from micro.nlog. How do you make that happen? (twitter.com/_/status/953514804479774720)
cweiske, jjuran and barpthewire joined the channel
#
ignite.digitalignition.net edited /best_nine (+321) "Added details for hosted BestNine" (view diff)
jeremycherfas and iasai joined the channel
#
www.svenknebel.de edited /micro.blog (+199) "/* Criticism */ date-formatted titles for posts from source sites" (view diff)
KartikPrabhu joined the channel
#
Zegnat !tell aaronpk was there a reason https://indieweb.org/Microsub-spec#Per-Item_Data calls out Feedbin for starred items? That was Google Reader behaviour that everyone seems to have copied (NewsBlur, Feed Wranger are 2 more examples with a starred flag)
#
Loqi Ok, I'll tell them that when I see them next
ben_thatmustbeme, John_Ivan, leg, leg1, deathrow1, [kevinmarks] and eli_oat joined the channel
#
aaronpk good morning
#
Loqi aaronpk: Zegnat left you a message 2 hours, 55 minutes ago: was there a reason https://indieweb.org/Microsub-spec#Per-Item_Data calls out Feedbin for starred items? That was Google Reader behaviour that everyone seems to have copied (NewsBlur, Feed Wranger are 2 more examples with a starred flag)
#
aaronpk Zegnat: because I found the API docs for Feedbin easily
#
Loqi good morning!
#
Zegnat Gotcha. I was thinking about linking to other API pages, or adding commentary about how it is a Google Reader idiom and is basically “in reader bookmarking”. But not sure that actually adds anything to the brainstorm itself.
#
aaronpk more examples of past work is always good
#
eli_oat I've hit three indieweb IRC channels this morning to talk about the same issue, whoops
#
eli_oat p-name, I think that is doable
#
eli_oat thanks!
#
aaronpk yeah a common pattern for that is <a href="..." class="u-url p-name">Your Name</a>
snarfed joined the channel
#
dgold :)
#
dgold I thought there were too many chans, then I discovered -meta!
#
eli_oat I'm there too, just not said anything yet :P
#
vanderven.se martijn edited /Microsub-spec (+734) "/* Per-Item Data */ “more examples of past work” and a bit of background on starring" (view diff)
#
Zegnat There you go aaronpk. Not sure it brings the discussion anywhere, but does give an idea of how established that specific per-item state is.
#
Zegnat Just wait until we push you to #microformats to discuss what you think of the line breaks eli_oat ;) (I joke, of course.)
#
eli_oat hahahaha
#
Loqi awesome
#
eli_oat another channel to add
#
Zegnat That channel is really only necessary if you plan to invest some time into microformats.org related / spec related discussion though.
#
snarfed aaronpk: you've checked the instagram timestamps? you know they're UTC?
#
snarfed i know unix timestamps are generally supposed to be, but that's not always very strict, and i hadn't confirmed
#
aaronpk snarfed: unless i'm mistaken, you're dealing with unix timestamps right?
leg joined the channel
#
snarfed "liberal in what you accept" :P
#
aaronpk unix timestamps that are trying to be some sort of local time are wrong
#
aaronpk i'll see if I can verify what instagram is doing tho
#
snarfed agreed! there's lots of wrong out there :P sgtm, thanks
#
Zegnat second based timestamps are pinned to an epoch, that epoch could theoretically be in a specific timezone. But that would be a huge engineering hassle, very unlikely they would do that.
#
aaronpk ok i'm looking at my last photo on instagram
#
aaronpk the HTML ends up with "2018-01-03T20:33:33.000Z"
#
aaronpk the time I posted that was 12:33 local time
#
aaronpk so at least that checks out
#
aaronpk !date 1515011613
#
Loqi 1515011613 is 2018-01-03 12:33:33 PST
#
snarfed thanks! good enough for me
#
aaronpk that's the unix timestamp in the JSON
#
aaronpk so it looks like they are using UTC-based unix timestamps, and then always rendering the datetime attribute with Z
deathrow1 joined the channel
#
ben_thatmustbeme dang, even the w3 validator still doesn't allow <link> inside of <body>
#
ben_thatmustbeme https://validator.w3.org/nu/?doc=https%3A%2F%2Faaronparecki.com%2F2018%2F01%2F11%2F5%2F
#
aaronpk heh
#
sknebel still? does that limit not exist anymore in the specs?
#
ben_thatmustbeme whatwg dropped it in 2015 i believe
leg joined the channel
#
Zegnat It is definitely limited by spec
#
Zegnat Link is only sometimes allowed in body: https://html.spec.whatwg.org/multipage/semantics.html#allowed-in-the-body
#
sknebel as the validator says
#
Zegnat Yep, validator seems right here.
#
ben_thatmustbeme getting a 503 from the validator now
#
ben_thatmustbeme well its not that easy
#
ben_thatmustbeme it says you can use it if the rel tag is defined as body-ok
#
ben_thatmustbeme gives a list of rel tags but says that other specs can define rel tags as body-ok
#
ben_thatmustbeme so basically the parser has no way of knowing when it hits an unknown rel
#
Zegnat That’s true, the validator should be saying that the LINK is not allowed in the body for the rel values defined by the HTML spec.
#
ben_thatmustbeme i've been look at what is wrong with the numbers of the mf2 vs mf1 vs rdf vs microdata
#
ben_thatmustbeme seems like there is a lot of things broken in their parser
#
ben_thatmustbeme apache any23 uses apache tika, which uses something called Grib (which is dead), which uses a very old (2012) version of jSoup, which was still working out html5 bugs
#
sknebel ouch
#
ben_thatmustbeme all of this is what common crawl uses it seems
#
ben_thatmustbeme so common crawl says they support html5, but i don't think they realize they fail to parse anything with say, an unclosed <input> tag
#
sknebel oh, that project is common crawl related? I thought htey just used their data
#
ben_thatmustbeme https://groups.google.com/forum/#!topic/web-data-commons/WOeSOODtj3A
#
ben_thatmustbeme when common crawl added mf2 support, they just said, hey look, any23 does it
#
ben_thatmustbeme but since most mf2 will be on html5 sites, the numbers for mf2 will look dismal
#
aaronpk using a parser that doesn't understand html5 seems like a terrible way to survey the current web
#
sknebel sorry, terminology: they use HTML collections from common crawl, but the "Web data commons" project seems not affiliated with Common Crawl
#
sknebel that was my confusion
#
ben_thatmustbeme ahh
#
aaronpk could you file a bug on the common crawl project with a super simple html5 example (not involving microformats) showing that it completely breaks?
#
sknebel ben already did parse bugs with any23 if I saw right
#
aaronparecki.com edited /p3k_naming_convention (+11) "/* Unused Names */" (view diff)
#
Zegnat What is the state of HTML parsers in programming languages these days anyway? I only know PHP is still relying on libxml2 for its parsing.
#
Loqi It looks like we don't have a page for "state of HTML parsers in programming languages these days anyway" yet. Would you like to create it? (Or just say "state of HTML parsers in programming languages these days anyway is ____", a sentence describing the term)
#
ben_thatmustbeme i added a bug to any23
#
ben_thatmustbeme and i added a comment to that thread on WDC
#
sknebel ben_thatmustbeme++
#
Loqi ben_thatmustbeme has 17 karma in this channel (262 overall)
#
ben_thatmustbeme just hoping this doesn't result in them saying, OK can you provide us another mf2 parser in java
#
ben_thatmustbeme because I don't want to write a second one
#
ben_thatmustbeme lol
#
ben_thatmustbeme parser that is
#
sknebel I would have probably pointed to a few any23 bugs and asked if they have numbers for how many sites they ignored due to that or something like that
#
ben_thatmustbeme i think breaking on <input> not having </input> is going to kill a LOT
#
ben_thatmustbeme but feel free to comment as well
[xavierroy], EmreSokullu and tbbrown joined the channel
#
tantek.com created /principles/discussion (+637) "archive old/inactive discussion to subpage" (view diff)
#
tantek.com edited /principles (-455) "archive old/inactive discussion to subpage" (view diff)
cweiske and barpthewire joined the channel
#
ben_thatmustbeme hmm, supposedly fixed in master branch of any23
#
gRegorLove [miklb] The dates should be correct in my Atom feed now. Going forward they should look right in Evergreen.
snarfed joined the channel
#
tantek.com created /prehistory (+1743) "move prehistoric articles from before the web to a separate page, relevance to the indieweb is not nearly the same level as actual arcticles mentioning / discussing the indieweb an indie web etc." (view diff)
#
tantek.com edited /Posts_about_the_IndieWeb () "(-1067) move prehistoric articles from before the web to a separate page, relevance to the indieweb is not nearly the same level as actual arcticles mentioning / discussing the indieweb an indie web etc." (view diff)
#
aaronpk !tell benwerd your cert on benwerd.com expired and I was using your screenshot tool that's on that domain! any chance you can renew it or move that to werd.io?
#
Loqi Ok, I'll tell them that when I see them next
snarfed joined the channel
#
aaronpk grantcodes: is Together adding this "Like of" and "In reply to" text above the post or is my feed parsing doing something wrong? https://media.aaronpk.com/Screen-Shot-2018-01-17-09-23-18-v5OBeqLjEz.jpg
[tantek] joined the channel
#
[tantek] What is https admin tax?
#
Loqi It looks like we don't have a page for "https admin tax" yet. Would you like to create it? (Or just say "https admin tax is ____", a sentence describing the term)
#
grantcodes aaronpk: I did that
snarfed1 joined the channel
#
aaronpk *whew* ok
[miklb] joined the channel
#
[miklb] is cost of doing business a tax?
#
aaronpk I was confused because it looks like it's part of the content
#
[tantek] https admin tax is the additional amount of nontrivial regular administrative work you or your web host service provider must do to keep your [[https]] site running and available as compared to http. Search IndieWeb irc for "certificate expired" or "cert expired" for examples of failure to pay this admin tax.
#
Loqi ok
#
loqi.me created /https_admin_tax (+337) "prompted by [tantek] and dfn added by [tantek]" (view diff)
#
grantcodes Yeah just the quickest way of showing the link at the moment
#
aaronpk may I suggest some sort of visual indication to make it clear it's not part of the content?
#
grantcodes You can also click that final icon to log the raw json object received from monocle
#
[tantek] Idea: what do people think about receiving a webmention for a posse copy?
#
aaronpk https://media.aaronpk.com/Screen-Shot-2018-01-17-09-26-37-aKddXmbLSb.jpg
#
aaronpk grantcodes: oh that's helpful!
#
aaronpk much easier than what I was doing before haha
#
Loqi haha
#
grantcodes Yeah it's in the works, just not sure the ideal design
#
miklb.com edited /https_admin_tax (+101) (view diff)
#
[tantek] E.g. You post to your site, you posse to twitter, someone @-replies on twitter, and then they put that reply permalink into the "send a webmention" form on your original post permalink?
#
[tantek] Semi manual backfired without bridgy that is
#
grantcodes I'm sure embeds / link unfurling will be involved in that part so I just made it text for now
#
aaronpk yeah, I haven't decided how I want to handle getting that data in monocle either
snarfed and KartikPrabhu joined the channel
#
tantek.com edited /https_admin_tax (+575) "not a requirement since it still works in browsers, is a tax due to failure to pay breaking your site. Fragility section" (view diff)
#
tantek.com edited /https_admin_tax (+87) "fragility examples, 2018-01-17 benwerd.com" (view diff)
#
aaronparecki.com edited /admin_tax (+50) "link to https admin tax" (view diff)
#
aaronparecki.com edited /admin_tax (+176) (view diff)
snarfed joined the channel
#
tantek.com edited /https_admin_tax (+478) "but letscrypt fixing this! no it just reduces it and moves the admin tax" (view diff)
#
aaronparecki.com edited /https_admin_tax (+90) "/* Fragility */" (view diff)
#
aaronparecki.com edited /https_admin_tax (+93) "/* Fragility */" (view diff)
#
snarfed [tantek]: so the indieweb site would special case some silo URLs and translate them to mf2?
#
snarfed i assume you're thinking about github :P
#
aaronparecki.com edited /HTTPS (+22) "/* See Also */" (view diff)
#
aaronparecki.com edited /https_admin_tax (+86) "/* Fragility */" (view diff)
#
snarfed ben_thatmustbeme sknebel: some details (caveats) with common crawl/web data commons for our use cases on http://www.indiemap.org/docs.html#common-crawl
#
aaronparecki.com edited /https_admin_tax (+80) "/* Fragility */" (view diff)
#
aaronparecki.com edited /https_admin_tax (+92) "/* Fragility */ +me" (view diff)
#
aaronparecki.com edited /https_admin_tax (+84) "/* Fragility */" (view diff)
#
aaronpk ok that's enough :)
#
snarfed ...maybe. :P we'll probably eventually want to merge https://indieweb.org/https_admin_tax and https://indieweb.org/HTTPS#Maintenance_tax_and_site_fragility
#
aaronparecki.com edited /https_admin_tax (+175) (view diff)
#
aaronpk probably yeah
#
snarfed favorite quote: "longevity and privacy/security are all worthwhile goals. We should work toward both of them at the same time, instead of seeing them as a (false) dichotomy."
#
[tantek] s/backfired/backfeed lol
#
[tantek] Snarfed that itself is a false dichotomy statement
#
[tantek] Sometimes they are at odds
#
[tantek] Sometimes we can work towards both
#
snarfed sure!
#
snarfed funny, iirc you liked that statement a lot last time we discussed it
#
snarfed not important though
#
[tantek] snarfed, yeah it took me a while to internalize the subtleties
#
[tantek] I still like that statement. We shouldn't assume they are at odds
#
[tantek] We also shouldn't assume they are not
#
[miklb] “it just works” is an odd argument IMVHO
#
snarfed unrelated, [tantek], if your manual backfeed q is motivated by github, another thought would be to sponsor someone to add it to bridgy. i bet we could earmark open collective funds for that.
#
[tantek] Also, probably worth moving/merging the /https section on fragility to the separate page
#
snarfed $300+ available! https://opencollective.com/indieweb
#
snarfed detailed instructions: https://github.com/snarfed/bridgy/#adding-a-new-silo
#
[tantek] snarfed webmention to posse copy was actually motivated by manual backfeed to add a reply to a posse tweet that Bridgy apparently missed
#
snarfed oh huh, sounds like a bug
#
snarfed link pls?
#
aaronpk bridgy can create URLs for tweets it's missed, right?
#
[tantek] It's from 2013 😂
#
aaronpk this https://brid.gy/about#source-urls
#
[tantek] So maybe it is backfeed backfill?
#
snarfed yeah but try "Resend for post" on your user page first!
#
aaronpk maybe a simple interface to accept a tweet permalink and return the bridgy URL for it? then you could paste that URL into your webmention form
#
[tantek] aaronparecki.com/2013/07/05/2/
#
snarfed the form accepts both original and silo post URLs
#
aaronpk what form?
#
snarfed er sorry, "Resend for post" on your bridgy user page
#
[tantek] No replies there but see replies on tweet copy
#
aaronpk oh I never knew that
#
snarfed relatively recent, may 2017
#
snarfed https://github.com/snarfed/bridgy/issues/579
#
Loqi [marcthiele] #579 Get mentions to older posts
#
aaronpk I just pasted in that URL of mine that tantek shared and I don't think it's doing anything
#
aaronpk (pasted into the "resend for post" box)
[cleverdevil] joined the channel
#
snarfed it's async...but yeah it's not perfect. i'll look at logs soon
#
aaronpk is it possible to give bridgy a twitter link that is a reply to one of my posts?
KartikPrabhu joined the channel
#
aaronpk rather than giving it the link to my post
#
snarfed i don't think so. you can try the twitter synd copy. but code path is basically the same
#
[tantek] portability << migration
#
Loqi ok, I added "[[migration]]" to the "See Also" section of /data-portability
#
snarfed looking
#
[tantek] migration << portability
#
Loqi ok, I added "[[data-portability]]" to the "See Also" section of /migration
#
aaronpk oh I remember this conversation happening before
#
snarfed needs a deja vu emoji
#
aaronpk bridgy doesn't know about my original post, so it doesn't know what URL to put as the in-reply-to
#
aaronpk so I can make a bridgy permalink for any tweet, but a webmention from that page won't work since the bridgy page doesn't actually link to my post
#
[miklb] ♻ <- deja vu
#
aaronpk lol
#
[tantek] Already used for repost
#
aaronpk hm where have I seen that symbol used before
#
[tantek] Lol
#
snarfed aaronpk: yeah...but if you plug your post url into the resend form, bridgy should ideally go grab it and see the synd urls
#
snarfed still looking
#
[tantek] Also a good case for including PSL or PSC in your posse copies
#
snarfed heh this one actually does. https://twitter.com/aaronpk/status/353172536109961218
#
@aaronpk @blaine I'm surprised! Most of our work has focused on UX first, protocols second. The reason for self-dogfooding... http://aaron.pk/r4Qr1 (twitter.com/_/status/353172536109961218)
#
[tantek] Huh so why can't bridgy find the original post then?
#
snarfed still looking :P
#
tantek.com edited /Webmention (+15) "/* Resources */ link brainstorming" (view diff)
#
snarfed so far i suspect twitter's flaky search api, which i have to use since they have NO REPLIES API 😡
#
aaronpk oof
#
snarfed yup that's it. i find replies by searching for @aaronpk, as far back as possible, which is only 100, which is 10d :(
#
aaronpk I have that many search results??
#
snarfed yup
#
snarfed https://api.twitter.com/1.1/search/tweets.json?q=%40aaronpk&include_entities=true&tweet_mode=extended&result_type=recent&count=100
#
snarfed (needs auth)
#
snarfed more background in docs, https://brid.gy/about#Twitter+responses
#
aaronpk so the other path here is if I know the twitter URL i'm trying to send a webmention for, how could bridgy find my post that it should put as the in-reply-to URL
#
[tantek] What is original post discovery
#
Loqi original post discovery is a discovery algorithm for starting with a POSSE copy of a post and finding the original post https://indieweb.org/original-post-discovery
#
tantek.com edited /Webmention-brainstorming (+741) "receiving webmentions for POSSE copies" (view diff)
#
[tantek] Ok captured
#
snarfed https://brid.gy/comment/twitter/aaronpk/353172536109961218/353174289194819585 looks good to me...?
#
Loqi [Blaine Cook] @aaronpk @lauraglu designing for yourself isn't the same as designing for users. Dogfooding is eating something not made FOR but BY you.
#
aaronpk I keep track of my own syndicated URLs, so you can put my tweet URL into here to find my copy https://aaronparecki.com/original-of
#
Loqi Aaron Parecki
#
aaronpk snarfed: oh yeah how'd you do that
#
snarfed constructed it manually, https://brid.gy/about#source-urls
#
snarfed so maybe the feature request is a UI for that?
#
aaronpk oh, the URL has *both* tweet IDs
#
snarfed getting pretty niche here though
#
aaronpk I dunno, the high-level feature is pretty straightforward
#
aaronpk "Here's this tweet that is a reply to one of my tweets, I want bridgy to send me a webmention for it"
#
snarfed oh definitely! just hits silo limitations. which we're now coming up with slightly less obvious workarounds for
#
snarfed bleh
#
snarfed but yeah, if you plug the twitter reply url into resend, that should ideally work
#
[tantek] Aaronpk UI with a single URL field right?
#
snarfed remind me, did you try that?
#
aaronpk I did
#
aaronpk wait no
#
snarfed ah!
#
snarfed ([tantek] yup, and the UI is already there)
#
miklb.com edited /https_admin_tax (+194) (view diff)
#
aaronpk I thought "resend for post" was only for *my* posts
#
[tantek] I still think it's interesting as a potential extension to webmention
#
[tantek] Check if target URL is a posse copy
#
aaronpk pastes the reply URL into "resend for post"
#
aaronpk "no webmention targets"
#
aaronpk with that bridgy URL pattern tho, I could make my webmention form accept tweet URLs
#
snarfed sure! i'll also look into the bridgy side
#
aaronpk I think the trick with making bridgy do it is how bridgy will find the link between my post and my POSSE copy
#
snarfed hmm. bridgy already does that OPD though, right? in this case, there was a PSL, but it also handles synd links.
#
aaronpk if it's already crawled that link in the past then it should be fine
#
aaronpk but if there is no PSL on the tweet, then I don't know how bridgy would find my original post if it hasn't already crawled it
#
snarfed oh definitely. esp if it's arbitrarily old. in that case, it needs help.
#
KartikPrabhu aaronpk: with bridgy urls you can actually make any tweet a reply to any other https://brid.gy/comment/twitter/aaronpk/353172536109961218/929819657544052736 so careful with your webmention form
#
Loqi [Kartik Prabhu] Got rid of some fatwigoo ( otsukare.info/2017/11/02/fat… ) from my site! Safe defaults with CSS as enhancement; I like it! (kartikprabhu.com/notes/got-rid-…)
#
aaronpk oh no haha
#
Loqi awesome
#
snarfed hah funny
#
snarfed demonstrates some implicit trust assumptions we all make
#
KartikPrabhu yup. I guess bridgy is simply reconstructing the HTML+mf2 without checking that it is a reply on Twitter
#
aaronpk anyway snarfed do you think you can fix the "resend for post" for this example of mine? If so, I'll hold off on sending that webmention manually
#
snarfed KartikPrabhu: kind of. it does checks that it's a reply, just upstream from that point
#
snarfed aaronpk: yeah i'm filing the issue now, but feel free to go ahead if you want, i have no eta yet
#
KartikPrabhu snarfed: in my example above, my tweet is not a reply to anything much less aaronpk's tweet
#
snarfed KartikPrabhu: yes. which bridgy determines during its regular polls. so it never sent a webmention for that "wrong" reply :P
#
KartikPrabhu snarfed: aah yes that I agree. I just meant I could use that URL in aaronpk's webmention form and it would work :P
#
snarfed sure! you can also publish arbitrary HTML on your site and spoof anything. hence my comment about implicit trust assumptions :P
#
KartikPrabhu true
#
tantek.com edited /Webmention-brainstorming (+925) "move receiving webmentions for POSSE copies to proper section, add rough changes / extension need to the webmention spec, possible way to implement" (view diff)
#
[tantek] That's my contributions for today I think. One positive (receiving webmentions for POSSE copies), and one critical (https admin tax page / example)
#
[miklb] what is microformats tax
#
Loqi It looks like we don't have a page for "microformats tax" yet. Would you like to create it? (Or just say "microformats tax is ____", a sentence describing the term)
#
[miklb] 😉
#
[tantek] It is extra work to be sure miklb. Just less than the alternatives, and leaving it out won't "break" your pages (thus not being a tax per se, more of a cost to get some additional features)
#
aaronpk Microformats tax is the additional effort required to maintain the Microformats markup on a web page when you want to make unrelated changes to the web page.
#
Loqi ok
#
loqi.me created /Microformats_tax (+184) "prompted by [miklb] and dfn added by aaronpk" (view diff)
#
[miklb] aaronpk++
#
Loqi aaronpk has 109 karma in this channel (1540 overall)
#
aaronpk that has been my experience anyway
#
[miklb] likewise
#
[tantek] The flip side is feeling limited in what you can change because you don't want to break the microformats markup.
#
aaronpk definitely
#
KartikPrabhu this sounds the same as maintaining HTML classes so that your CSS does not break or something
#
aaronpk which is super noticeable with wordpress, where it's easy to change themes but limiting because the theme has the microformats
#
KartikPrabhu so there will be some maintenance
#
[tantek] Similar but different kartik
#
aaronpk whereas changing the wordpress theme doesn't break the Atom/JSONFeed
#
[tantek] Aaronpk it can and it does
#
[tantek] And in a worse way, without you or most of your readers noticing
#
[tantek] We know this from experience a technorati.
#
[tantek] Tons of blogs would update and eventually "break" their feeds
#
[miklb] but the browser will still display the page
#
[tantek] Typically the feeds would either go empty, or stale
#
[miklb] which is one of the arguments for keeping http
#
aaronpk sure it's possible to break those feeds. but what i'm saying is a theme change by itself usualyl doesn't have an effect on the feed.
#
[tantek] "Usually"? Do you have experience for that?
#
aaronpk I can go try it right now if you want
#
[tantek] IIRC technorati stats were that only a third or so of feeds actually "worked" for blogs
#
[tantek] So in the long term "usually" didn't matter. Feeds were fragile.
#
[miklb] I can definitely say that changing WordPress themes usually doesn’t have any effect on the feed
#
[tantek] Miklb changing the markup and not the CSS would break the visible page
#
[miklb] breaking mf2 wouldn’t change the display in the browser is my point
#
[tantek] It's like your argument of letsencrypt aaronpk. microformats puts the markup where it will make you see and maintain it. Instead of forgetting about it for a while until it breaks (silently)
#
aaronpk but microformats aren't visible, so I wont know i've broken anything until my posts show up other places broekn
#
[tantek] miklb ideally, yes. In the past we've mixed styling and microformats with the same classes and then breaking one would often break the other.
#
[miklb] browsers to my knowledge do not care if you have `u-syndication' or `z-syndication`
#
aaronpk which is about the same as waiting to notice that my feed has broken
#
[tantek] Except that there's usually different code to generate the feed
#
[tantek] This that code gets out of date (even if it doesn't "break" per se) and your feed content / details go out of date
#
[tantek] Again, similar to an expired cert
#
aaronpk any change you want to make is going to require some amount of testing and spot-checking, whether that change is to the visible page or some sort of internal change
#
[tantek] The positive ideal is that we should be able to add mf2 without breaking or even changing the element markup of a page
#
[tantek] So obv breaking that is unlikely to break the page too
#
[miklb] I’m just advocating that discouraging https because it requires maintenance isn’t a healthy stance.
#
aaronpk I was trying to clarify on that page that just because something is a tax doesn't mean that's discouraging it. perhaps that needs to be clearer.
#
[miklb] what is https admin tax
#
Loqi https admin tax is the additional amount of nontrivial regular administrative work you or your web host service provider must do to keep your https site running and available as compared to http https://indieweb.org/https_admin_tax
#
[tantek] It's not a discouragement. It's an acknowledgment.
#
aaronparecki.com edited /Microformats_tax (+174) (view diff)
#
[miklb] “non trivial” and “more fragile” sound discouraging to me ¯\_(ツ)_/¯
#
[tantek] They're unfortunately true in practice
#
[tantek] It's also being transparent about them so you can make an informed decision when you decide to add https to your site
#
[miklb] but my devil’s advocate stance is that mf2 is also “non trivial” and “more fragile” so where as a community does the line get drawn?
#
[tantek] As opposed to "just add let's encrypt! It's easy!"
#
[tantek] adding mf2 should be trivial.
#
[miklb] “just add mf2! It’s easy!”
#
[tantek] Doesn't mean it is, especially in more complex systems.
#
[miklb] followed by “why doesn’t my webmentions work?” Oh, you need to wrap that in a `p-name` and you have nested properties so you need to change, this, this ,and ths.
#
[tantek] and adding it doesn't make your site more fragile.
#
[tantek] Whereas https-only does, as evidenced
#
[miklb] OK
#
aaronpk depends on your definition of "fragile"
#
aaronpk showing up broken in micro.blog for example
#
[miklb] If i don’t change the oil in my car, it will soon be fragile.
#
aaronpk and now also in Monocle
#
[tantek] True
#
[tantek] aaronpk breaking existing functionality (being able to view the website) is what the fragility problem is
#
GWG Howdy
#
[tantek] Not, getting it right for the new functionality. That's a differ t issue
#
aaronpk "existing functionality" also refers to maintaining your posts showing up in micro.blog or Monocle
#
aaronpk after you've done the first step of getting the mf2 added in the first place
#
[tantek] No that's the point. That's all part of the new functionality you're getting
#
aaronpk sure adding mf2 is not hard (tho that depends on whether you are writing your HTML yourself or using something like wordpress themes), but i'm talking about the maintenance of it
#
[tantek] By adding mf2
#
[tantek] Yeah themes are harder because ideally the theme author handles all your markup including your mf2.
#
aaronpk right now my baseline is my site works and my posts show up in micro.blog and in Monocle. now whenever I change anything I have to make sure I maintain the Microformats to ensure that continues to be true.
#
[tantek] Sure but that's different than losing functionality you had before.
#
aaronpk before what? I am literally talking about losing functionality
#
[tantek] That should be normal for any new feature you add. It requires maintenance to keep it working, but it should break other features.
#
[tantek] should not* break
#
[miklb] tantek, my argument is that the wiki is a community resource and as we as a community encourage mf2, webmentions and the like, having pages like that https admin tax page reflects on the community as a whole. I wouldn’t care if you wrote a blog post on your site with that opinion.
#
[tantek] adding https-only has the potential (and examples) of breaking *everything else* on the site
#
[tantek] That's a categorically different kind of fragility vulnerability.
#
aaronpk [miklb]: I still dont think the intent of that page is to discourage https, so if that is not clear then the wording needs to be changed.
#
[tantek] We should make the risks clear. That's the point.
[kevinmarks] joined the channel
#
[kevinmarks] I'm still working on my crazy metadata post, and the mf tax is a lot lower than the schema one.
#
Loqi yea
#
[tantek] I would discourage the average IndieWeb person from going https-only because even several experts around here can't keep that working.
#
[tantek] That's based on real world experiences
#
[kevinmarks] I'm not sure why I need 2 lots of schema markup http://www.kevinmarks.com/partialsilos.html
#
Loqi Partial Silos 2018-01-15
#
aaronpk the real sneaky one is HSTS since it prevents the browser from switching back to http at all
EmreSokullu joined the channel
#
aaronpk so that's definitely something to be aware of once you turn that on
#
GWG Is https required for anything in the community?
#
[tantek] We need a better name for /freemyoauth
#
aaronpk auth stuff
#
GWG Is there any feature that is only safe behind it?
#
aaronpk since we generally use bearer tokens instead of signed stuff, any time any tokens are transmitted https is required
#
GWG So, token and authorization endpoints?
#
[miklb] tantek, great, write a blog post discouraging https. I don’t think the wiki is the place to take that stance is my point.
#
aaronpk GWG: and micropub endpoint
#
aaronpk and outside of micropub/indieauth stuff, accessing your own admin interface
#
GWG aaronpk, so I should file an issue in the Micropub plugin to flag that?
#
GWG For users?
#
[tantek] Mikb why is it wrong to document such failures breakage and fragility?
#
GWG As a recommendation if nothing else
#
aaronpk oh like if they install the micropub plugin and their site doesn't have https?
#
[tantek] Those are just factual
#
aaronpk that would be a good thing to point out as a banner notice or whatever wordpress calls those
#
Zegnat GWG, only if the same “flagging” happens for the WP REST API ;) That’s basically the same as Micropub.
#
aaronpk true
#
[miklb] tantek documenting what is required is one thing, painting https as not recommended is another
#
GWG Zegnat, the REST API has no built in authentication
#
aaronpk that doesn't sound right
#
aaronpk it must use something for authentication
#
Zegnat I thought the REST API allowed for new posts to be created? Must have some sort of auth...
#
GWG aaronpk, all the methods are in plugins
#
GWG The only built in one is cookie
#
[miklb] tantek, you are going beyond documentation and are editorializing IMO
#
Zegnat Yes, but sending a cookie along with the HTTP request isn’t functionally different from sending an Authorization header, GWG.
#
aaronparecki.com edited /https_admin_tax (-43) "remove confrontational wording, move chat search into examples section" (view diff)
#
Zegnat If the REST API gives methods that require authentication (even if it is a cookie) the same security concerns apply.
#
aaronpk [miklb]: is that better?
#
GWG Zegnat, it is the same cookie used for the login
#
aaronpk GWG: if that cookie is sent over http, someone can intercept it and then be logged in as you and use the REST API
#
Zegnat Yes, and really, you should have your WP admin page on HTTPS.
#
Zegnat That’s what I mean, you can add a security advisory to Micropub (“have HTTPS”), but that same advisory extends to WP’s own REST API.
#
[miklb] aaronpk, yes.
#
GWG https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/
#
GWG Can't be used outside of WordPress
#
[kevinmarks] Interesting https://twitter.com/cramforce/status/953677965388275712
#
@cramforce 💥 OMG biggest news in web performance in, like, a decade: Technology independent performance based ranking in Google Search. I've been waiting for this to be ready for such a long time. So happy to see it out there!!! https://webmasters.googleblog.com/2018/01/using-page-speed-in-mobile-search.html (twitter.com/_/status/953677965388275712)
#
GWG aaronpk, is it easier to build a token endpoint first, an authorization endpoint, or both concurrently?
#
aaronpk probably a token endpoint since there is no UI involved with that
#
GWG I started laying out a simple design for a token endpoint because it looked easier
#
GWG Can I effectively use a token endpoint on my site but Indieauth.com for authorization?
#
aaronpk yes
#
GWG I thought so. If I am lucky, I will have something by Sunday night
#
GWG Possibly with help from aaronpk
#
aaronpk 🎉
barpthewire joined the channel
#
Zegnat Does anyone do redirect processing? I definitely do not.
#
Zegnat Hmm, [tantek] wrote “like you would for redirect processing of a target URL” for https://indieweb.org/Webmention-brainstorming#receiving_webmentions_for_POSSE_copies
#
aaronpk I do
#
aaronpk otherwise i'd lose webmentions that were sent to old URLs
#
sknebel I do
#
Zegnat Do you handle those through some internal lookup, or actual HTTP requests?
#
sknebel I think actual requests
#
aaronpk both
#
Zegnat Interesting. I wouldn’t want to do those required HTTP requests in that synchronous part of the webmention receiver.
#
aaronpk I don't think that's required in the synchronous part
#
aaronpk https://www.w3.org/TR/webmention/#request-verification
#
aaronpk "The receiver should check that target is a valid resource for which it can accept Webmentions."
#
aaronpk if you accept webmentions to targets that are redirects like bit.ly, then "valid" has a broad definition for your site
#
aaronpk you can just accept any URL in that step, and resolve the redirect in the asynchronous part
#
[tantek] Miklb, to be clear I encourage adoption of https, with transparency about the the potential costs (including time)
#
Zegnat Hmm, true. I guess because [tantek] was writing about “verification” of target my mind leapt to the valid resource check.
#
Zegnat E.g. I do not have further target verification after the valid resource check.'
#
Zegnat My mind: “Request Verification” is synchronous and contains target verification, “Webmention Verification” is asynchronous and contains source verifications.
#
Zegnat But of course there is no reason further target verification can’t happen during Webmention Verification.
#
[tantek] The reason I referred to it as an admin tax is that it is required just to keep your site up & running even if you do nothing else.
#
[tantek] And the fragility is about what happens with just the passage of time
#
[tantek] E.g. You setup a static site with https and leave it alone, it will break eventually.
#
[tantek] Compare that to:
#
[tantek] You add microformats to a static site, and leave it alone, it's not worse than if you didn't do anything. It stays up
#
[miklb] why would it break eventually?
#
[tantek] Because cert expires
#
[tantek] It's the "can you go on vacation test"?
#
[miklb] and scripts can break or security flaws exposed, or forget to renew a domain. Those are all inherit to having a website.
#
[tantek] Hence example of static site.
#
[tantek] Yes as soon as you use a popular CMS that requires irregular security update, it will also break when left alone
#
Zegnat Domain renewal is definitely another admin tax though. Not sure it is mentioned on the wiki as such? We should have plenty examples of domains not getting renewed.
#
sknebel Zegnat: just checked, I do full target verification synchronously
#
[miklb] static site doesn’t mean it’s etched in a stone tablet. There’s still a webserver
#
[tantek] Zegnat we do on site-deaths pretty sure
#
[tantek] Though we could try to start another page if there's enough confirmed examples
#
Zegnat “renewing your domain names” is actually on /admin_tax already. Above HTTPS even :)
#
[tantek] People in practice seem pretty good about renewing their domains, much more so than renewing their certs
#
[miklb] just because some people haven’t taken the time (myself included) to update how they are using letsencrypt to auto-renew and make sure nginx restarts doesn’t mean it is a broken process.
#
[miklb] I’m just lazy and forgetful.
#
[tantek] Which is why we see more cert expired errors than DNS lookup errors
#
dgold but surely its just an additional 'cost' based on an increased security need?
#
dgold therefore divorced from the cost of the site _qua_ site
#
[tantek] It's not about lazy/forgetful, it's the opposite, not costing users (us) more time and cognitive load
#
[tantek] That you could instead be spending time actually posting
#
[miklb] Those arguments sound like they could be used to **not** have a site at all and stick with silos.
#
[tantek] Rather than adminning for example
#
[tantek] They are used for that
#
[tantek] It's a primary challenge. To make the UX and time/mental cost of being in the IndieWeb as cheap as using a silo
#
[tantek] Especially as we get to gen 3/4, it will be a requirement.
#
[miklb] which letsencrpyt has done yeoman’s work to minimize
#
dgold notes that ssl-layer encryption is a pretty essential 1st step for GDPR compliance
#
[tantek] Theoretically yes
gRegorLove joined the channel
#
[tantek] As long as we still see examples of cert expirations by folks here, especially those using letsencrypt, the cost is still too high
#
[tantek] Why does any IndieWeb site need to worry about GDPR?
#
[miklb] tantek, I’m not saying those aren’t all valid points to document, but with snarknition type additions to the wiki, I personally do not think it’s productive.
#
[tantek] The point is not snark, the point is documenting explicit risks instead of candy coating
#
dgold [tantek]: because the current GDPR is a first step towards EU citizens having generally applicable privacy rights
#
[miklb] but I am telling you that it comes across as snark to me
#
[tantek] Then we should fix that
#
dgold agrees with [miklb]
#
[tantek] Miklb "required in 2018" was also pure opinion right?
#
aaronpk same, which is why I was trying to fix the page and make it more factual
#
Zegnat “Why does any IndieWeb site need to worry about GDPR?” – displaying comments, for one, probably.
#
[miklb] Again, speaking for myself, I assume the wiki is a community resource, not your personal document. That is what our personal blogs, the main thing we advocate for, should be used for.
#
[tantek] Miklb no lecture. I wrote facts with citations/examples.
#
[tantek] You added an opinion uncited.
#
[tantek] Perhaps heed your own advice?
#
[miklb] Uncited?
#
[tantek] "Required in 2018". Your first edit to that page
#
[tantek] You added your opinion no citation no examples no reasoning
#
[miklb] yes, then someone responded with a “just works” which I then cited why I added that
#
[tantek] So please do not lecture
#
[miklb] lol
#
aaronparecki.com edited /https_admin_tax (-62) "delete argument and replace with cited facts" (view diff)
#
dgold what was the deal with eli_oat's name h-card thing?
#
[tantek] As it is a community wiki please *do* add alternative perspectives with citations/examples or at least some reasoning.
#
[tantek] I'd rather see multiple reasoned/sourced perspectives than none
#
eli_oat From arronpk earlier:
#
eli_oat - that's the implied name parsing at work
#
eli_oat - yeah a common pattern for that is <a href="..." class="u-url p-name">Your Name</a>
#
eli_oat - if you add p-name around the tag that has your name it'll fix it
#
aaronpk dgold: he didn't have "p-name" so it was generating an implied name
#
[miklb] tantek, what citations/examples did you use when you created the page?
#
eli_oat I promise I'll fix it when I get home! GEEEZE :P
#
dgold NO ELI!! Fix it NOOOOW!
#
[tantek] Benwerd.com the whole reason that drove me to create the page
#
dgold :)
#
[tantek] Because aaronpk brought it up here
#
[tantek] Literally what happened. Example given, page created accordingly since it was the nth example in recent memory
#
[miklb] fine tantek
#
[tantek] Also regardless of any address bar UI warning, Chrome will still show an http page without alert / prompt / block or anything else
#
[tantek] So that's a far cry from "required" by any practical measure
#
dgold they will for now
#
aaronpk it does have a warning icon now
#
[tantek] And if they don't people will switch browsers.
#
aaronpk it's grey right now, but it's still an additional UI element
#
[tantek] Too much of the web is http only and won't ever be updated
#
[tantek] Aaronpk it's just a UI annoyance and like every red warning light that stays on a lot will just get ignored by users.
#
Zegnat Too bad HTTPS will be required for new JS and CSS features though :(
#
aaronpk that was exactly their reason for not making it red
#
Zegnat https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere/ - at least in Firefox.
#
Loqi [Anne van Kesteren] Secure Contexts Everywhere
#
aaronpk wow "Effective immediately, all new features that are web-exposed are to be restricted to secure contexts."
#
Zegnat Yep
#
aaronpk "A feature can be anything from ... a new CSS property"
#
[tantek] zegnat no more like new DOM APIs in practice
#
[tantek] Aaronpk that's overstating it afaik and I'll follow up when back from vacation
#
[tantek] Same with new JS language features, too hard to subset JS Lang processing just for http so that will likely stay equivalent until / unless JS is turned off completely for http (which I've actually asked for by default)
#
aaronparecki.com edited /https_admin_tax (+87) "add screenshot of current display of http sites" (view diff)
#
Zegnat Yes, “requiring secure contexts results in undue implementation complexity” is a given reason for exception from the rule [tantek]. So that probably applies to JS language features.
#
Zegnat But CSS properties are specifically mentioned as an example of things that will go on secure context only. So that will be interesting to see.
#
[tantek] AFAIK there is no such https only policy for new CSS features e.g. discussed/agreed on W3C www-style or csswg github issues
#
aaronpk I was just citing that mozilla blog post
#
[tantek] And I didn't see that post cite anything to back the CSS properties claim
#
aaronpk it sounded like they were saying it was a mozilla decision
#
[tantek] Then it should have linked to the Mozilla discussion thereof
#
[tantek] E.g. On dev-platform
#
[tantek] Or bugzilla
#
[miklb] https://github.com/w3ctag/design-principles/pull/75
#
Loqi [dbaron] #75 Describe when features should be limited to secure contexts.
#
[tantek] Like I said, I'll look into more when I'm back but without a citation for the discussion for that claim, I'm skeptical. I'm sure that's what Anne wants, so it's a good stake in the ground, but AFAIK that hasn't been agreed to on dev-platform, bugzilla, www-style, or even the W3C TAG
#
[tantek] ^^^ all sources you or anyone can search for any such evidence
#
[tantek] Good find miklb
#
[miklb] that is linked to from that blog post
#
[miklb] first paragraph
#
[tantek] And that thread shows debate in progress, not a conclusion.
#
[tantek] E.g. Hober's comment at the bottom is spot on
#
[tantek] On another subject which is sort of dev like, "freemyoauth" is too wordy / jargony to communicate to typical web users
#
[tantek] (And I know I think I came up with that page name initially)
#
[tantek] So what do people think of moving that page to a more user friendly / relevant page name like /appaccess ?
#
[tantek] Easy to say, easy to hear, and says exactly why the user should care -
#
[tantek] Want to check which apps have access to your accounts?
#
[tantek] Go check IndieWeb.org/appaccess and click on the account you want to look up
#
[tantek] Thoughts?
#
[miklb] that blog post also links to this almost 3 year old post https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
#
[tantek] (Also note the exception for CSS there)
#
[tantek] If there are no objections to (or other / better suggestions to) "appaccess", I'll move the page in ~10 min
#
[tantek] I figure there are enough opinionated folks active right now to speak up if necessary :)
#
[miklb] sure, the latest post points out “new CSS color keyword would likely not be restricted to secure contexts.”
iasai joined the channel
#
tantek.com edited /Webmention-developer (+31) "/* See Also */ brainstorming" (view diff)
#
tantek.com edited /Webmention-brainstorming (+47) "/* Alternatives */ add LDN" (view diff)
#
tantek.com edited /Checkmention (+45) "see also wm-dev" (view diff)
#
tantek.com edited /webmention-implementation-guide (+35) "/* Resources */ main Checkmention article" (view diff)
#
tantek.com edited /Checkmention (+136) "expand dfn from the resources listing, see also implementation guide" (view diff)
#
tantek.com edited /Webmention (+166) "clean-up see also, clearly separate Webmention Development subpages that used to be part of this page" (view diff)
#
tantek.com edited /HTTPS (+799) "/* Why */ Better browser UX: move Chrome http behavior to reasons why https, questions about doorhanger" (view diff)
KartikPrabhu joined the channel
#
tantek.com edited /https_admin_tax (+129) "note even if you make no other changes to your site, note should add HTTPS per existing reasons, move Chrome treatment to HTTPS page because it has nothing to do with the admin tax in particular, note HSTS can add more fragility, https-only outages" (view diff)
#
aaronparecki.com edited /HTTPS (+1) (view diff)
#
tantek.com edited /performance (+94) "/* See Also */ mobile site perf search" (view diff)
#
tantek.com edited /https_admin_tax (+825) "more examples from https, explicit FAQ with letsencrypt and comparison to domain registration" (view diff)
#
tantek.com edited /HTTPS (-337) "/* Maintenance tax and site fragility */ main article, move examples to main article" (view diff)
#
tantek.com moved /FreeMyOAuth to /appaccess "way more user friendly name, much easier to share with a typical user as a page to use to see what apps have what access to their accounts"
#
tantek.com edited /freemyoauth (-2) "-r" (view diff)
#
tantek.com created /AppAccess (+23) "in case a user capitalizes (camelcases) the term when linking / navigating to it" (view diff)
#
tantek.com edited /appaccess (+1) "App Access dfn" (view diff)
#
[tantek] What is appaccess?
#
Loqi App Access helps you find what apps and sites have access to your accounts on various services https://indieweb.org/appaccess
#
[tantek] Hoping that makes it more real world shareable with friends who get strange emails notifying them that they just granted access to a particular service / account with certain privileges etc
#
tantek.com edited /appaccess (+278) "to do, fix raw stylesheet on mobile" (view diff)
#
www.svenknebel.de edited /Let's_Encrypt (+153) "ref software with inbuilt support" (view diff)
#
sknebel all this is very "own server" centric, but I guess that makes sense - on a normal webhost you are going to leave these things to them and might not even know if it is let's encrypt or somebody else providing the certificate in the end
#
tantek.com edited /GNU_social (+491) "/* History */ status.net site death, link to archived e14n post" (view diff)
#
[tantek] Sknebel "normal webhost"? Not sure there is anything normal there
#
[tantek] Ideally yes. But you should actually document which web hosts *do* deal with updating your cert for you automatically if you know of any
#
[tantek] What is a web host?
#
Loqi Web hosting can be the primary regular cost in maintaining an IndieWeb site; this page lists several options from free on up depending on your publishing needs, like a static, shared, private, or dedicated server https://indieweb.org/web_host
#
[tantek] Should exist (ideal, opinion) and does typically exist (can cite examples) are two different things, things I feel are often errantly conflated here
#
sknebel should have said "shared hosting". E.g. the Let's Encrypt page primarily talks about using it with certbot on your own server, including "you need some kind of access to your server" when e.g. Dreamhost shared hosting has it integrated into their management UI and does all the details for you
#
[tantek] Also not typical even on shared hosting
#
[tantek] I have shared hosting, my provider doesn't do it for example.
#
[tantek] You should assume providers do not do all the details for you unless you can actually link to their docs and/or UI (preferably with screenshots)
#
www.svenknebel.de edited /HTTPS (-261) "/* Obtain */ StartSSL is not a thing anymore" (view diff)
[miklb] joined the channel
#
[miklb] what is kind a funny, I had already planned for tonight to switch my single site WP install to multi-site and set up letsencrypt certs for all of the sites. I’m going to need a tax cut
#
Loqi It looks like we don't have a page for "kind a funny, I had already planned for tonight to switch my single site WP install to multi-site and set up letsencrypt certs for all of the sites. I’m going to need a tax cut" yet. Would you like to create it? (Or just say "kind a funny, I had already planned for tonight to switch my single site WP install to multi-site and set up letsencrypt certs for all of the sites. I’m going to need a tax cut is ____", a sentence describing the term)
#
[miklb] lol
#
www.svenknebel.de edited /HTTPS (-191) "/* Obtain */ remove Wosign - distrusted, currently not offering free certificates as a consequence" (view diff)
#
sknebel lol
#
sknebel I think we also shouldn't list CACert on there - objections? While I kind of like the idea of what they are trying to do, they are a far-off choice and not something a typical Indieweb site should use
[kevinmarks] joined the channel
#
[kevinmarks] google cloud now manages certs for you via letsencrypt
#
www.svenknebel.de edited /HTTPS (+273) "/* Obtain */ via Dreamhost" (view diff)
#
sknebel aaronpk: where did you buy your wildcard certs?
#
kevinmarks.com edited /HTTPS (+202) "/* provider-specific */ Google Cloud" (view diff)
#
kevinmarks.com edited /App_Engine (+106) "/* IndieWeb Examples */ fix KM examples" (view diff)
#
aaronpk I was using startssl but they are gone now
#
kevinmarks.com edited /Heroku (+97) "/* IndieWeb Examples */" (view diff)
#
sknebel I thought you had bought one somewhere, must have misremembered
#
aaronpk well I paid StartSSL for the verification thing which let me make free wildcard certs
#
aaronpk a long time ago I bought a wildcard cert somewhere, but I forgot where
#
aaronpk like... probably 2013-ish
[miklb] and [mrkrndvs] joined the channel