#dev 2018-01-17

2018-01-17 UTC
#
www.boffosocko.com
edited /Posts_about_the_IndieWeb (+2090) "A handful of articles via snarfed, mrkrndvs, chrisaldrich, shaners, altsalt, archived version of 1997 articles added in English/French"
(view diff)
snarfed and [eddie] joined the channel
#
[eddie]
!tell aaronpk: Is this error correct? https://indiewebcamp.slack.com/files/U433EQWG2/F8TQEUUAF/screen_shot_2018-01-16_at_7.37.18_pm.png it seems like photo[] should be a valid attribute but it doesn’t seem to like it. I’m gonna try photo without the “[]” but I wasn’t sure if micropub.rocks it was behaving properly or not.
#
Loqi
Ok, I'll tell them that when I see them next
#
[eddie]
eddie mentioned a file: Screen Shot 2018-01-16 at 7.37.18 PM.png.
eli_oat, snarfed and EmreSokullu joined the channel
#
aaronpk
which test number is that?
#
Loqi
aaronpk: [eddie] left you a message 6 minutes ago: Is this error correct? https://indiewebcamp.slack.com/files/U433EQWG2/F8TQEUUAF/screen_shot_2018-01-16_at_7.37.18_pm.png it seems like photo[] should be a valid attribute but it doesn’t seem to like it. I’m gonna try photo without the “[]” but I wasn’t sure if micropub.rocks it was behaving properly or not.
#
[eddie]
I can verify it worked fine without the []
#
aaronpk
i'm trying to remmeber if that was a significant part of the test
#
aaronpk
hm yeah, i think it should accept that
#
[eddie]
I can create an issue on github
#
aaronpk
yeah i think from the client's perspective, the test should allow either
#
www.nitinkhanna.com
created /User:Www.nitinkhanna.com (+84) "Created page with "Hey all! I'm Nitin Khanna! Just dipping my toes into this strange and curious world!""
(view diff)
snarfed, EmreSokullu, renem, eli_oat, curve25519 and [joe] joined the channel
#
GWG
Is there any functional difference between generating an authorization code and an access token?
#
aaronpk
So much
#
aaronpk
I mean they can be the same length but they mean very different things and have very different security considerations
#
GWG
I meant actually coming up with the code.
#
GWG
Aren't they both random strings?
#
GWG
They represent different things
#
aaronpk
You can use the same random generator for both yes
#
GWG
aaronpk, that is what I was getting at
#
GWG
I think this might be doable
snarfed, KartikPrabhu and tbbrown joined the channel
#
snarfed
hey aaronpk, re https://github.com/snarfed/granary/issues/127 ... you say xray looks up the photo's location to determine the time zone. that only works for photos with locations, right?
#
Loqi
[aaronpk] #127 Instagram dates do not include timezone offset
#
snarfed
so far i haven't found any other time zone or location info in media or user json objects
#
snarfed
heads back to the issue
#
@billbennettnz
Hey @phoneboy I don’t quite get how the webmention plugin picks up comments from micro.nlog. How do you make that happen?
(twitter.com/_/status/953514804479774720)
cweiske, jjuran and barpthewire joined the channel
#
ignite.digitalignition.net
edited /best_nine (+321) "Added details for hosted BestNine"
(view diff)
jeremycherfas and iasai joined the channel
#
www.svenknebel.de
edited /micro.blog (+199) "/* Criticism */ date-formatted titles for posts from source sites"
(view diff)
KartikPrabhu joined the channel
#
Zegnat
!tell aaronpk was there a reason https://indieweb.org/Microsub-spec#Per-Item_Data calls out Feedbin for starred items? That was Google Reader behaviour that everyone seems to have copied (NewsBlur, Feed Wranger are 2 more examples with a starred flag)
#
Loqi
Ok, I'll tell them that when I see them next
ben_thatmustbeme, John_Ivan, leg, leg1, deathrow1, [kevinmarks] and eli_oat joined the channel
#
aaronpk
good morning
#
Loqi
aaronpk: Zegnat left you a message 2 hours, 55 minutes ago: was there a reason https://indieweb.org/Microsub-spec#Per-Item_Data calls out Feedbin for starred items? That was Google Reader behaviour that everyone seems to have copied (NewsBlur, Feed Wranger are 2 more examples with a starred flag)
#
aaronpk
Zegnat: because I found the API docs for Feedbin easily
#
Loqi
good morning!
#
Zegnat
Gotcha. I was thinking about linking to other API pages, or adding commentary about how it is a Google Reader idiom and is basically “in reader bookmarking”. But not sure that actually adds anything to the brainstorm itself.
#
aaronpk
more examples of past work is always good
#
eli_oat
I've hit three indieweb IRC channels this morning to talk about the same issue, whoops
#
eli_oat
p-name, I think that is doable
#
eli_oat
thanks!
#
aaronpk
yeah a common pattern for that is <a href="..." class="u-url p-name">Your Name</a>
snarfed joined the channel
#
dgold
I thought there were too many chans, then I discovered -meta!
#
eli_oat
I'm there too, just not said anything yet :P
#
vanderven.se martijn
edited /Microsub-spec (+734) "/* Per-Item Data */ “more examples of past work” and a bit of background on starring"
(view diff)
#
Zegnat
There you go aaronpk. Not sure it brings the discussion anywhere, but does give an idea of how established that specific per-item state is.
#
Zegnat
Just wait until we push you to #microformats to discuss what you think of the line breaks eli_oat ;) (I joke, of course.)
#
eli_oat
hahahaha
#
Loqi
awesome
#
eli_oat
another channel to add
#
Zegnat
That channel is really only necessary if you plan to invest some time into microformats.org related / spec related discussion though.
#
snarfed
aaronpk: you've checked the instagram timestamps? you know they're UTC?
#
snarfed
i know unix timestamps are generally supposed to be, but that's not always very strict, and i hadn't confirmed
#
aaronpk
snarfed: unless i'm mistaken, you're dealing with unix timestamps right?
leg joined the channel
#
snarfed
"liberal in what you accept" :P
#
aaronpk
unix timestamps that are trying to be some sort of local time are wrong
#
aaronpk
i'll see if I can verify what instagram is doing tho
#
snarfed
agreed! there's lots of wrong out there :P sgtm, thanks
#
Zegnat
second based timestamps are pinned to an epoch, that epoch could theoretically be in a specific timezone. But that would be a huge engineering hassle, very unlikely they would do that.
#
aaronpk
ok i'm looking at my last photo on instagram
#
aaronpk
the HTML ends up with "2018-01-03T20:33:33.000Z"
#
aaronpk
the time I posted that was 12:33 local time
#
aaronpk
so at least that checks out
#
aaronpk
!date 1515011613
#
Loqi
1515011613 is 2018-01-03 12:33:33 PST
#
snarfed
thanks! good enough for me
#
aaronpk
that's the unix timestamp in the JSON
#
aaronpk
so it looks like they are using UTC-based unix timestamps, and then always rendering the datetime attribute with Z
deathrow1 joined the channel
#
ben_thatmustbeme
dang, even the w3 validator still doesn't allow <link> inside of <body>
#
sknebel
still? does that limit not exist anymore in the specs?
#
ben_thatmustbeme
whatwg dropped it in 2015 i believe
leg joined the channel
#
Zegnat
It is definitely limited by spec
#
sknebel
as the validator says
#
Zegnat
Yep, validator seems right here.
#
ben_thatmustbeme
getting a 503 from the validator now
#
ben_thatmustbeme
well its not that easy
#
ben_thatmustbeme
it says you can use it if the rel tag is defined as body-ok
#
ben_thatmustbeme
gives a list of rel tags but says that other specs can define rel tags as body-ok
#
ben_thatmustbeme
so basically the parser has no way of knowing when it hits an unknown rel
#
Zegnat
That’s true, the validator should be saying that the LINK is not allowed in the body for the rel values defined by the HTML spec.
#
ben_thatmustbeme
i've been look at what is wrong with the numbers of the mf2 vs mf1 vs rdf vs microdata
#
ben_thatmustbeme
seems like there is a lot of things broken in their parser
#
ben_thatmustbeme
apache any23 uses apache tika, which uses something called Grib (which is dead), which uses a very old (2012) version of jSoup, which was still working out html5 bugs
#
ben_thatmustbeme
all of this is what common crawl uses it seems
#
ben_thatmustbeme
so common crawl says they support html5, but i don't think they realize they fail to parse anything with say, an unclosed <input> tag
#
sknebel
oh, that project is common crawl related? I thought htey just used their data
#
ben_thatmustbeme
when common crawl added mf2 support, they just said, hey look, any23 does it
#
ben_thatmustbeme
but since most mf2 will be on html5 sites, the numbers for mf2 will look dismal
#
aaronpk
using a parser that doesn't understand html5 seems like a terrible way to survey the current web
#
sknebel
sorry, terminology: they use HTML collections from common crawl, but the "Web data commons" project seems not affiliated with Common Crawl
#
sknebel
that was my confusion
#
aaronpk
could you file a bug on the common crawl project with a super simple html5 example (not involving microformats) showing that it completely breaks?
#
sknebel
ben already did parse bugs with any23 if I saw right
#
aaronparecki.com
edited /p3k_naming_convention (+11) "/* Unused Names */"
(view diff)
#
Zegnat
What is the state of HTML parsers in programming languages these days anyway? I only know PHP is still relying on libxml2 for its parsing.
#
Loqi
It looks like we don't have a page for "state of HTML parsers in programming languages these days anyway" yet. Would you like to create it? (Or just say "state of HTML parsers in programming languages these days anyway is ____", a sentence describing the term)
#
ben_thatmustbeme
i added a bug to any23
#
ben_thatmustbeme
and i added a comment to that thread on WDC
#
sknebel
ben_thatmustbeme++
#
Loqi
ben_thatmustbeme has 17 karma in this channel (262 overall)
#
ben_thatmustbeme
just hoping this doesn't result in them saying, OK can you provide us another mf2 parser in java
#
ben_thatmustbeme
because I don't want to write a second one
#
ben_thatmustbeme
parser that is
#
sknebel
I would have probably pointed to a few any23 bugs and asked if they have numbers for how many sites they ignored due to that or something like that
#
ben_thatmustbeme
i think breaking on <input> not having </input> is going to kill a LOT
#
ben_thatmustbeme
but feel free to comment as well
[xavierroy], EmreSokullu and tbbrown joined the channel
#
tantek.com
created /principles/discussion (+637) "archive old/inactive discussion to subpage"
(view diff)
#
tantek.com
edited /principles (-455) "archive old/inactive discussion to subpage"
(view diff)
cweiske and barpthewire joined the channel
#
ben_thatmustbeme
hmm, supposedly fixed in master branch of any23
#
gRegorLove
[miklb] The dates should be correct in my Atom feed now. Going forward they should look right in Evergreen.
snarfed joined the channel
#
tantek.com
created /prehistory (+1743) "move prehistoric articles from before the web to a separate page, relevance to the indieweb is not nearly the same level as actual arcticles mentioning / discussing the indieweb an indie web etc."
(view diff)
#
tantek.com
edited /Posts_about_the_IndieWeb () "(-1067) move prehistoric articles from before the web to a separate page, relevance to the indieweb is not nearly the same level as actual arcticles mentioning / discussing the indieweb an indie web etc."
(view diff)
#
aaronpk
!tell benwerd your cert on benwerd.com expired and I was using your screenshot tool that's on that domain! any chance you can renew it or move that to werd.io?
#
Loqi
Ok, I'll tell them that when I see them next
snarfed joined the channel
#
aaronpk
grantcodes: is Together adding this "Like of" and "In reply to" text above the post or is my feed parsing doing something wrong? https://media.aaronpk.com/Screen-Shot-2018-01-17-09-23-18-v5OBeqLjEz.jpg
[tantek] joined the channel
#
[tantek]
What is https admin tax?
#
Loqi
It looks like we don't have a page for "https admin tax" yet. Would you like to create it? (Or just say "https admin tax is ____", a sentence describing the term)
#
grantcodes
aaronpk: I did that
snarfed1 joined the channel
#
aaronpk
*whew* ok
[miklb] joined the channel
#
[miklb]
is cost of doing business a tax?
#
aaronpk
I was confused because it looks like it's part of the content
#
[tantek]
https admin tax is the additional amount of nontrivial regular administrative work you or your web host service provider must do to keep your [[https]] site running and available as compared to http. Search IndieWeb irc for "certificate expired" or "cert expired" for examples of failure to pay this admin tax.
#
loqi.me
created /https_admin_tax (+337) "prompted by [tantek] and dfn added by [tantek]"
(view diff)
#
grantcodes
Yeah just the quickest way of showing the link at the moment
#
aaronpk
may I suggest some sort of visual indication to make it clear it's not part of the content?
#
grantcodes
You can also click that final icon to log the raw json object received from monocle
#
[tantek]
Idea: what do people think about receiving a webmention for a posse copy?
#
aaronpk
grantcodes: oh that's helpful!
#
aaronpk
much easier than what I was doing before haha
#
Loqi
haha
#
grantcodes
Yeah it's in the works, just not sure the ideal design
#
[tantek]
E.g. You post to your site, you posse to twitter, someone @-replies on twitter, and then they put that reply permalink into the "send a webmention" form on your original post permalink?
#
[tantek]
Semi manual backfired without bridgy that is
#
grantcodes
I'm sure embeds / link unfurling will be involved in that part so I just made it text for now
#
aaronpk
yeah, I haven't decided how I want to handle getting that data in monocle either
snarfed and KartikPrabhu joined the channel
#
tantek.com
edited /https_admin_tax (+575) "not a requirement since it still works in browsers, is a tax due to failure to pay breaking your site. Fragility section"
(view diff)
#
tantek.com
edited /https_admin_tax (+87) "fragility examples, 2018-01-17 benwerd.com"
(view diff)
#
aaronparecki.com
edited /admin_tax (+50) "link to https admin tax"
(view diff)
snarfed joined the channel
#
tantek.com
edited /https_admin_tax (+478) "but letscrypt fixing this! no it just reduces it and moves the admin tax"
(view diff)
#
aaronparecki.com
edited /https_admin_tax (+90) "/* Fragility */"
(view diff)
#
aaronparecki.com
edited /https_admin_tax (+93) "/* Fragility */"
(view diff)
#
snarfed
[tantek]: so the indieweb site would special case some silo URLs and translate them to mf2?
#
snarfed
i assume you're thinking about github :P
#
aaronparecki.com
edited /HTTPS (+22) "/* See Also */"
(view diff)
#
aaronparecki.com
edited /https_admin_tax (+86) "/* Fragility */"
(view diff)
#
snarfed
ben_thatmustbeme sknebel: some details (caveats) with common crawl/web data commons for our use cases on http://www.indiemap.org/docs.html#common-crawl
#
aaronparecki.com
edited /https_admin_tax (+80) "/* Fragility */"
(view diff)
#
aaronparecki.com
edited /https_admin_tax (+92) "/* Fragility */ +me"
(view diff)
#
aaronparecki.com
edited /https_admin_tax (+84) "/* Fragility */"
(view diff)
#
aaronpk
ok that's enough :)
#
aaronpk
probably yeah
#
snarfed
favorite quote: "longevity and privacy/security are all worthwhile goals. We should work toward both of them at the same time, instead of seeing them as a (false) dichotomy."
#
[tantek]
s/backfired/backfeed lol
#
[tantek]
Snarfed that itself is a false dichotomy statement
#
[tantek]
Sometimes they are at odds
#
[tantek]
Sometimes we can work towards both
#
snarfed
funny, iirc you liked that statement a lot last time we discussed it
#
snarfed
not important though
#
[tantek]
snarfed, yeah it took me a while to internalize the subtleties
#
[tantek]
I still like that statement. We shouldn't assume they are at odds
#
[tantek]
We also shouldn't assume they are not
#
[miklb]
“it just works” is an odd argument IMVHO
#
snarfed
unrelated, [tantek], if your manual backfeed q is motivated by github, another thought would be to sponsor someone to add it to bridgy. i bet we could earmark open collective funds for that.
#
[tantek]
Also, probably worth moving/merging the /https section on fragility to the separate page
#
[tantek]
snarfed webmention to posse copy was actually motivated by manual backfeed to add a reply to a posse tweet that Bridgy apparently missed
#
snarfed
oh huh, sounds like a bug
#
snarfed
link pls?
#
aaronpk
bridgy can create URLs for tweets it's missed, right?
#
[tantek]
It's from 2013 😂
#
[tantek]
So maybe it is backfeed backfill?
#
snarfed
yeah but try "Resend for post" on your user page first!
#
aaronpk
maybe a simple interface to accept a tweet permalink and return the bridgy URL for it? then you could paste that URL into your webmention form
#
[tantek]
aaronparecki.com/2013/07/05/2/
#
snarfed
the form accepts both original and silo post URLs
#
aaronpk
what form?
#
snarfed
er sorry, "Resend for post" on your bridgy user page
#
[tantek]
No replies there but see replies on tweet copy
#
aaronpk
oh I never knew that
#
snarfed
relatively recent, may 2017
#
Loqi
[marcthiele] #579 Get mentions to older posts
#
aaronpk
I just pasted in that URL of mine that tantek shared and I don't think it's doing anything
#
aaronpk
(pasted into the "resend for post" box)
[cleverdevil] joined the channel
#
snarfed
it's async...but yeah it's not perfect. i'll look at logs soon
#
aaronpk
is it possible to give bridgy a twitter link that is a reply to one of my posts?
KartikPrabhu joined the channel
#
aaronpk
rather than giving it the link to my post
#
snarfed
i don't think so. you can try the twitter synd copy. but code path is basically the same
#
[tantek]
portability << migration
#
Loqi
ok, I added "[[migration]]" to the "See Also" section of /data-portability
#
snarfed
looking
#
[tantek]
migration << portability
#
Loqi
ok, I added "[[data-portability]]" to the "See Also" section of /migration
#
aaronpk
oh I remember this conversation happening before
#
snarfed
needs a deja vu emoji
#
aaronpk
bridgy doesn't know about my original post, so it doesn't know what URL to put as the in-reply-to
#
aaronpk
so I can make a bridgy permalink for any tweet, but a webmention from that page won't work since the bridgy page doesn't actually link to my post
#
[miklb]
♻ <- deja vu
#
[tantek]
Already used for repost
#
aaronpk
hm where have I seen that symbol used before
#
snarfed
aaronpk: yeah...but if you plug your post url into the resend form, bridgy should ideally go grab it and see the synd urls
#
snarfed
still looking
#
[tantek]
Also a good case for including PSL or PSC in your posse copies
#
@aaronpk
@blaine I'm surprised! Most of our work has focused on UX first, protocols second. The reason for self-dogfooding... http://aaron.pk/r4Qr1
(twitter.com/_/status/353172536109961218)
#
[tantek]
Huh so why can't bridgy find the original post then?
#
snarfed
still looking :P
#
tantek.com
edited /Webmention (+15) "/* Resources */ link brainstorming"
(view diff)
#
snarfed
so far i suspect twitter's flaky search api, which i have to use since they have NO REPLIES API 😡
#
snarfed
yup that's it. i find replies by searching for @aaronpk, as far back as possible, which is only 100, which is 10d :(
#
aaronpk
I have that many search results??
#
snarfed
(needs auth)
#
aaronpk
so the other path here is if I know the twitter URL i'm trying to send a webmention for, how could bridgy find my post that it should put as the in-reply-to URL
#
[tantek]
What is original post discovery
#
Loqi
original post discovery is a discovery algorithm for starting with a POSSE copy of a post and finding the original post https://indieweb.org/original-post-discovery
#
tantek.com
edited /Webmention-brainstorming (+741) "receiving webmentions for POSSE copies"
(view diff)
#
[tantek]
Ok captured
#
Loqi
[Blaine Cook] @aaronpk @lauraglu designing for yourself isn't the same as designing for users. Dogfooding is eating something not made FOR but BY you.
#
aaronpk
I keep track of my own syndicated URLs, so you can put my tweet URL into here to find my copy https://aaronparecki.com/original-of
#
Loqi
Aaron Parecki
#
aaronpk
snarfed: oh yeah how'd you do that
#
snarfed
so maybe the feature request is a UI for that?
#
aaronpk
oh, the URL has *both* tweet IDs
#
snarfed
getting pretty niche here though
#
aaronpk
I dunno, the high-level feature is pretty straightforward
#
aaronpk
"Here's this tweet that is a reply to one of my tweets, I want bridgy to send me a webmention for it"
#
snarfed
oh definitely! just hits silo limitations. which we're now coming up with slightly less obvious workarounds for
#
snarfed
but yeah, if you plug the twitter reply url into resend, that should ideally work
#
[tantek]
Aaronpk UI with a single URL field right?
#
snarfed
remind me, did you try that?
#
aaronpk
wait no
#
snarfed
([tantek] yup, and the UI is already there)
#
aaronpk
I thought "resend for post" was only for *my* posts
#
[tantek]
I still think it's interesting as a potential extension to webmention
#
[tantek]
Check if target URL is a posse copy
#
aaronpk
pastes the reply URL into "resend for post"
#
aaronpk
"no webmention targets"
#
aaronpk
with that bridgy URL pattern tho, I could make my webmention form accept tweet URLs
#
snarfed
sure! i'll also look into the bridgy side
#
aaronpk
I think the trick with making bridgy do it is how bridgy will find the link between my post and my POSSE copy
#
snarfed
hmm. bridgy already does that OPD though, right? in this case, there was a PSL, but it also handles synd links.
#
aaronpk
if it's already crawled that link in the past then it should be fine
#
aaronpk
but if there is no PSL on the tweet, then I don't know how bridgy would find my original post if it hasn't already crawled it
#
snarfed
oh definitely. esp if it's arbitrarily old. in that case, it needs help.
#
KartikPrabhu
aaronpk: with bridgy urls you can actually make any tweet a reply to any other https://brid.gy/comment/twitter/aaronpk/353172536109961218/929819657544052736 so careful with your webmention form
#
Loqi
[Kartik Prabhu] Got rid of some fatwigoo ( otsukare.info/2017/11/02/fat… ) from my site! Safe defaults with CSS as enhancement; I like it! (kartikprabhu.com/notes/got-rid-…)
#
aaronpk
oh no haha
#
Loqi
awesome
#
snarfed
hah funny
#
snarfed
demonstrates some implicit trust assumptions we all make
#
KartikPrabhu
yup. I guess bridgy is simply reconstructing the HTML+mf2 without checking that it is a reply on Twitter
#
aaronpk
anyway snarfed do you think you can fix the "resend for post" for this example of mine? If so, I'll hold off on sending that webmention manually
#
snarfed
KartikPrabhu: kind of. it does checks that it's a reply, just upstream from that point
#
snarfed
aaronpk: yeah i'm filing the issue now, but feel free to go ahead if you want, i have no eta yet
#
KartikPrabhu
snarfed: in my example above, my tweet is not a reply to anything much less aaronpk's tweet
#
snarfed
KartikPrabhu: yes. which bridgy determines during its regular polls. so it never sent a webmention for that "wrong" reply :P
#
KartikPrabhu
snarfed: aah yes that I agree. I just meant I could use that URL in aaronpk's webmention form and it would work :P
#
snarfed
sure! you can also publish arbitrary HTML on your site and spoof anything. hence my comment about implicit trust assumptions :P
#
tantek.com
edited /Webmention-brainstorming (+925) "move receiving webmentions for POSSE copies to proper section, add rough changes / extension need to the webmention spec, possible way to implement"
(view diff)
#
[tantek]
That's my contributions for today I think. One positive (receiving webmentions for POSSE copies), and one critical (https admin tax page / example)
#
[miklb]
what is microformats tax
#
Loqi
It looks like we don't have a page for "microformats tax" yet. Would you like to create it? (Or just say "microformats tax is ____", a sentence describing the term)
#
[tantek]
It is extra work to be sure miklb. Just less than the alternatives, and leaving it out won't "break" your pages (thus not being a tax per se, more of a cost to get some additional features)
#
aaronpk
Microformats tax is the additional effort required to maintain the Microformats markup on a web page when you want to make unrelated changes to the web page.
#
loqi.me
created /Microformats_tax (+184) "prompted by [miklb] and dfn added by aaronpk"
(view diff)
#
[miklb]
aaronpk++
#
Loqi
aaronpk has 109 karma in this channel (1540 overall)
#
aaronpk
that has been my experience anyway
#
[miklb]
likewise
#
[tantek]
The flip side is feeling limited in what you can change because you don't want to break the microformats markup.
#
aaronpk
definitely
#
KartikPrabhu
this sounds the same as maintaining HTML classes so that your CSS does not break or something
#
aaronpk
which is super noticeable with wordpress, where it's easy to change themes but limiting because the theme has the microformats
#
KartikPrabhu
so there will be some maintenance
#
[tantek]
Similar but different kartik
#
aaronpk
whereas changing the wordpress theme doesn't break the Atom/JSONFeed
#
[tantek]
Aaronpk it can and it does
#
[tantek]
And in a worse way, without you or most of your readers noticing
#
[tantek]
We know this from experience a technorati.
#
[tantek]
Tons of blogs would update and eventually "break" their feeds
#
[miklb]
but the browser will still display the page
#
[tantek]
Typically the feeds would either go empty, or stale
#
[miklb]
which is one of the arguments for keeping http
#
aaronpk
sure it's possible to break those feeds. but what i'm saying is a theme change by itself usualyl doesn't have an effect on the feed.
#
[tantek]
"Usually"? Do you have experience for that?
#
aaronpk
I can go try it right now if you want
#
[tantek]
IIRC technorati stats were that only a third or so of feeds actually "worked" for blogs
#
[tantek]
So in the long term "usually" didn't matter. Feeds were fragile.
#
[miklb]
I can definitely say that changing WordPress themes usually doesn’t have any effect on the feed
#
[tantek]
Miklb changing the markup and not the CSS would break the visible page
#
[miklb]
breaking mf2 wouldn’t change the display in the browser is my point
#
[tantek]
It's like your argument of letsencrypt aaronpk. microformats puts the markup where it will make you see and maintain it. Instead of forgetting about it for a while until it breaks (silently)
#
aaronpk
but microformats aren't visible, so I wont know i've broken anything until my posts show up other places broekn
#
[tantek]
miklb ideally, yes. In the past we've mixed styling and microformats with the same classes and then breaking one would often break the other.
#
[miklb]
browsers to my knowledge do not care if you have `u-syndication' or `z-syndication`
#
aaronpk
which is about the same as waiting to notice that my feed has broken
#
[tantek]
Except that there's usually different code to generate the feed
#
[tantek]
This that code gets out of date (even if it doesn't "break" per se) and your feed content / details go out of date
#
[tantek]
Again, similar to an expired cert
#
aaronpk
any change you want to make is going to require some amount of testing and spot-checking, whether that change is to the visible page or some sort of internal change
#
[tantek]
The positive ideal is that we should be able to add mf2 without breaking or even changing the element markup of a page
#
[tantek]
So obv breaking that is unlikely to break the page too
#
[miklb]
I’m just advocating that discouraging https because it requires maintenance isn’t a healthy stance.
#
aaronpk
I was trying to clarify on that page that just because something is a tax doesn't mean that's discouraging it. perhaps that needs to be clearer.
#
[miklb]
what is https admin tax
#
Loqi
https admin tax is the additional amount of nontrivial regular administrative work you or your web host service provider must do to keep your https site running and available as compared to http https://indieweb.org/https_admin_tax
#
[tantek]
It's not a discouragement. It's an acknowledgment.
#
[miklb]
“non trivial” and “more fragile” sound discouraging to me ¯\_(ツ)_/¯
#
[tantek]
They're unfortunately true in practice
#
[tantek]
It's also being transparent about them so you can make an informed decision when you decide to add https to your site
#
[miklb]
but my devil’s advocate stance is that mf2 is also “non trivial” and “more fragile” so where as a community does the line get drawn?
#
[tantek]
As opposed to "just add let's encrypt! It's easy!"
#
[tantek]
adding mf2 should be trivial.
#
[miklb]
“just add mf2! It’s easy!”
#
[tantek]
Doesn't mean it is, especially in more complex systems.
#
[miklb]
followed by “why doesn’t my webmentions work?” Oh, you need to wrap that in a `p-name` and you have nested properties so you need to change, this, this ,and ths.
#
[tantek]
and adding it doesn't make your site more fragile.
#
[tantek]
Whereas https-only does, as evidenced
#
aaronpk
depends on your definition of "fragile"
#
aaronpk
showing up broken in micro.blog for example
#
[miklb]
If i don’t change the oil in my car, it will soon be fragile.
#
aaronpk
and now also in Monocle
#
[tantek]
aaronpk breaking existing functionality (being able to view the website) is what the fragility problem is
#
GWG
Howdy
#
[tantek]
Not, getting it right for the new functionality. That's a differ t issue
#
aaronpk
"existing functionality" also refers to maintaining your posts showing up in micro.blog or Monocle
#
aaronpk
after you've done the first step of getting the mf2 added in the first place
#
[tantek]
No that's the point. That's all part of the new functionality you're getting
#
aaronpk
sure adding mf2 is not hard (tho that depends on whether you are writing your HTML yourself or using something like wordpress themes), but i'm talking about the maintenance of it
#
[tantek]
By adding mf2
#
[tantek]
Yeah themes are harder because ideally the theme author handles all your markup including your mf2.
#
aaronpk
right now my baseline is my site works and my posts show up in micro.blog and in Monocle. now whenever I change anything I have to make sure I maintain the Microformats to ensure that continues to be true.
#
[tantek]
Sure but that's different than losing functionality you had before.
#
aaronpk
before what? I am literally talking about losing functionality
#
[tantek]
That should be normal for any new feature you add. It requires maintenance to keep it working, but it should break other features.
#
[tantek]
should not* break
#
[miklb]
tantek, my argument is that the wiki is a community resource and as we as a community encourage mf2, webmentions and the like, having pages like that https admin tax page reflects on the community as a whole. I wouldn’t care if you wrote a blog post on your site with that opinion.
#
[tantek]
adding https-only has the potential (and examples) of breaking *everything else* on the site
#
[tantek]
That's a categorically different kind of fragility vulnerability.
#
aaronpk
[miklb]: I still dont think the intent of that page is to discourage https, so if that is not clear then the wording needs to be changed.
#
[tantek]
We should make the risks clear. That's the point.
[kevinmarks] joined the channel
#
[kevinmarks]
I'm still working on my crazy metadata post, and the mf tax is a lot lower than the schema one.
#
[tantek]
I would discourage the average IndieWeb person from going https-only because even several experts around here can't keep that working.
#
[tantek]
That's based on real world experiences
#
[kevinmarks]
I'm not sure why I need 2 lots of schema markup http://www.kevinmarks.com/partialsilos.html
#
Loqi
Partial Silos 2018-01-15
#
aaronpk
the real sneaky one is HSTS since it prevents the browser from switching back to http at all
EmreSokullu joined the channel
#
aaronpk
so that's definitely something to be aware of once you turn that on
#
GWG
Is https required for anything in the community?
#
[tantek]
We need a better name for /freemyoauth
#
aaronpk
auth stuff
#
GWG
Is there any feature that is only safe behind it?
#
aaronpk
since we generally use bearer tokens instead of signed stuff, any time any tokens are transmitted https is required
#
GWG
So, token and authorization endpoints?
#
[miklb]
tantek, great, write a blog post discouraging https. I don’t think the wiki is the place to take that stance is my point.
#
aaronpk
GWG: and micropub endpoint
#
aaronpk
and outside of micropub/indieauth stuff, accessing your own admin interface
#
GWG
aaronpk, so I should file an issue in the Micropub plugin to flag that?
#
GWG
For users?
#
[tantek]
Mikb why is it wrong to document such failures breakage and fragility?
#
GWG
As a recommendation if nothing else
#
aaronpk
oh like if they install the micropub plugin and their site doesn't have https?
#
[tantek]
Those are just factual
#
aaronpk
that would be a good thing to point out as a banner notice or whatever wordpress calls those
#
Zegnat
GWG, only if the same “flagging” happens for the WP REST API ;) That’s basically the same as Micropub.
#
[miklb]
tantek documenting what is required is one thing, painting https as not recommended is another
#
GWG
Zegnat, the REST API has no built in authentication
#
aaronpk
that doesn't sound right
#
aaronpk
it must use something for authentication
#
Zegnat
I thought the REST API allowed for new posts to be created? Must have some sort of auth...
#
GWG
aaronpk, all the methods are in plugins
#
GWG
The only built in one is cookie
#
[miklb]
tantek, you are going beyond documentation and are editorializing IMO
#
Zegnat
Yes, but sending a cookie along with the HTTP request isn’t functionally different from sending an Authorization header, GWG.
#
aaronparecki.com
edited /https_admin_tax (-43) "remove confrontational wording, move chat search into examples section"
(view diff)
#
Zegnat
If the REST API gives methods that require authentication (even if it is a cookie) the same security concerns apply.
#
aaronpk
[miklb]: is that better?
#
GWG
Zegnat, it is the same cookie used for the login
#
aaronpk
GWG: if that cookie is sent over http, someone can intercept it and then be logged in as you and use the REST API
#
Zegnat
Yes, and really, you should have your WP admin page on HTTPS.
#
Zegnat
That’s what I mean, you can add a security advisory to Micropub (“have HTTPS”), but that same advisory extends to WP’s own REST API.
#
[miklb]
aaronpk, yes.
#
GWG
Can't be used outside of WordPress
#
@cramforce
💥 OMG biggest news in web performance in, like, a decade: Technology independent performance based ranking in Google Search. I've been waiting for this to be ready for such a long time. So happy to see it out there!!! https://webmasters.googleblog.com/2018/01/using-page-speed-in-mobile-search.html
(twitter.com/_/status/953677965388275712)
#
GWG
aaronpk, is it easier to build a token endpoint first, an authorization endpoint, or both concurrently?
#
aaronpk
probably a token endpoint since there is no UI involved with that
#
GWG
I started laying out a simple design for a token endpoint because it looked easier
#
GWG
Can I effectively use a token endpoint on my site but Indieauth.com for authorization?
#
GWG
I thought so. If I am lucky, I will have something by Sunday night
#
GWG
Possibly with help from aaronpk
barpthewire joined the channel
#
Zegnat
Does anyone do redirect processing? I definitely do not.
#
Zegnat
Hmm, [tantek] wrote “like you would for redirect processing of a target URL” for https://indieweb.org/Webmention-brainstorming#receiving_webmentions_for_POSSE_copies
#
aaronpk
otherwise i'd lose webmentions that were sent to old URLs
#
Zegnat
Do you handle those through some internal lookup, or actual HTTP requests?
#
sknebel
I think actual requests
#
Zegnat
Interesting. I wouldn’t want to do those required HTTP requests in that synchronous part of the webmention receiver.
#
aaronpk
I don't think that's required in the synchronous part
#
aaronpk
"The receiver should check that target is a valid resource for which it can accept Webmentions."
#
aaronpk
if you accept webmentions to targets that are redirects like bit.ly, then "valid" has a broad definition for your site
#
aaronpk
you can just accept any URL in that step, and resolve the redirect in the asynchronous part
#
[tantek]
Miklb, to be clear I encourage adoption of https, with transparency about the the potential costs (including time)
#
Zegnat
Hmm, true. I guess because [tantek] was writing about “verification” of target my mind leapt to the valid resource check.
#
Zegnat
E.g. I do not have further target verification after the valid resource check.'
#
Zegnat
My mind: “Request Verification” is synchronous and contains target verification, “Webmention Verification” is asynchronous and contains source verifications.
#
Zegnat
But of course there is no reason further target verification can’t happen during Webmention Verification.
#
[tantek]
The reason I referred to it as an admin tax is that it is required just to keep your site up & running even if you do nothing else.
#
[tantek]
And the fragility is about what happens with just the passage of time
#
[tantek]
E.g. You setup a static site with https and leave it alone, it will break eventually.
#
[tantek]
Compare that to:
#
[tantek]
You add microformats to a static site, and leave it alone, it's not worse than if you didn't do anything. It stays up
#
[miklb]
why would it break eventually?
#
[tantek]
Because cert expires
#
[tantek]
It's the "can you go on vacation test"?
#
[miklb]
and scripts can break or security flaws exposed, or forget to renew a domain. Those are all inherit to having a website.
#
[tantek]
Hence example of static site.
#
[tantek]
Yes as soon as you use a popular CMS that requires irregular security update, it will also break when left alone
#
Zegnat
Domain renewal is definitely another admin tax though. Not sure it is mentioned on the wiki as such? We should have plenty examples of domains not getting renewed.
#
sknebel
Zegnat: just checked, I do full target verification synchronously
#
[miklb]
static site doesn’t mean it’s etched in a stone tablet. There’s still a webserver
#
[tantek]
Zegnat we do on site-deaths pretty sure
#
[tantek]
Though we could try to start another page if there's enough confirmed examples
#
Zegnat
“renewing your domain names” is actually on /admin_tax already. Above HTTPS even :)
#
[tantek]
People in practice seem pretty good about renewing their domains, much more so than renewing their certs
#
[miklb]
just because some people haven’t taken the time (myself included) to update how they are using letsencrypt to auto-renew and make sure nginx restarts doesn’t mean it is a broken process.
#
[miklb]
I’m just lazy and forgetful.
#
[tantek]
Which is why we see more cert expired errors than DNS lookup errors
#
dgold
but surely its just an additional 'cost' based on an increased security need?
#
dgold
therefore divorced from the cost of the site _qua_ site
#
[tantek]
It's not about lazy/forgetful, it's the opposite, not costing users (us) more time and cognitive load
#
[tantek]
That you could instead be spending time actually posting
#
[miklb]
Those arguments sound like they could be used to **not** have a site at all and stick with silos.
#
[tantek]
Rather than adminning for example
#
[tantek]
They are used for that
#
[tantek]
It's a primary challenge. To make the UX and time/mental cost of being in the IndieWeb as cheap as using a silo
#
[tantek]
Especially as we get to gen 3/4, it will be a requirement.
#
[miklb]
which letsencrpyt has done yeoman’s work to minimize
#
dgold
notes that ssl-layer encryption is a pretty essential 1st step for GDPR compliance
#
[tantek]
Theoretically yes
gRegorLove joined the channel
#
[tantek]
As long as we still see examples of cert expirations by folks here, especially those using letsencrypt, the cost is still too high
#
[tantek]
Why does any IndieWeb site need to worry about GDPR?
#
[miklb]
tantek, I’m not saying those aren’t all valid points to document, but with snarknition type additions to the wiki, I personally do not think it’s productive.
#
[tantek]
The point is not snark, the point is documenting explicit risks instead of candy coating
#
dgold
[tantek]: because the current GDPR is a first step towards EU citizens having generally applicable privacy rights
#
[miklb]
but I am telling you that it comes across as snark to me
#
[tantek]
Then we should fix that
#
dgold
agrees with [miklb]
#
[tantek]
Miklb "required in 2018" was also pure opinion right?
#
aaronpk
same, which is why I was trying to fix the page and make it more factual
#
Zegnat
“Why does any IndieWeb site need to worry about GDPR?” – displaying comments, for one, probably.
#
[miklb]
Again, speaking for myself, I assume the wiki is a community resource, not your personal document. That is what our personal blogs, the main thing we advocate for, should be used for.
#
[tantek]
Miklb no lecture. I wrote facts with citations/examples.
#
[tantek]
You added an opinion uncited.
#
[tantek]
Perhaps heed your own advice?
#
[miklb]
Uncited?
#
[tantek]
"Required in 2018". Your first edit to that page
#
[tantek]
You added your opinion no citation no examples no reasoning
#
[miklb]
yes, then someone responded with a “just works” which I then cited why I added that
#
[tantek]
So please do not lecture
#
aaronparecki.com
edited /https_admin_tax (-62) "delete argument and replace with cited facts"
(view diff)
#
dgold
what was the deal with eli_oat's name h-card thing?
#
[tantek]
As it is a community wiki please *do* add alternative perspectives with citations/examples or at least some reasoning.
#
[tantek]
I'd rather see multiple reasoned/sourced perspectives than none
#
eli_oat
From arronpk earlier:
#
eli_oat
- that's the implied name parsing at work
#
eli_oat
- yeah a common pattern for that is <a href="..." class="u-url p-name">Your Name</a>
#
eli_oat
- if you add p-name around the tag that has your name it'll fix it
#
aaronpk
dgold: he didn't have "p-name" so it was generating an implied name
#
[miklb]
tantek, what citations/examples did you use when you created the page?
#
eli_oat
I promise I'll fix it when I get home! GEEEZE :P
#
dgold
NO ELI!! Fix it NOOOOW!
#
[tantek]
Benwerd.com the whole reason that drove me to create the page
#
[tantek]
Because aaronpk brought it up here
#
[tantek]
Literally what happened. Example given, page created accordingly since it was the nth example in recent memory
#
[miklb]
fine tantek
#
[tantek]
Also regardless of any address bar UI warning, Chrome will still show an http page without alert / prompt / block or anything else
#
[tantek]
So that's a far cry from "required" by any practical measure
#
dgold
they will for now
#
aaronpk
it does have a warning icon now
#
[tantek]
And if they don't people will switch browsers.
#
aaronpk
it's grey right now, but it's still an additional UI element
#
[tantek]
Too much of the web is http only and won't ever be updated
#
[tantek]
Aaronpk it's just a UI annoyance and like every red warning light that stays on a lot will just get ignored by users.
#
Zegnat
Too bad HTTPS will be required for new JS and CSS features though :(
#
aaronpk
that was exactly their reason for not making it red
#
Loqi
[Anne van Kesteren] Secure Contexts Everywhere
#
aaronpk
wow "Effective immediately, all new features that are web-exposed are to be restricted to secure contexts."
#
aaronpk
"A feature can be anything from ... a new CSS property"
#
[tantek]
zegnat no more like new DOM APIs in practice
#
[tantek]
Aaronpk that's overstating it afaik and I'll follow up when back from vacation
#
[tantek]
Same with new JS language features, too hard to subset JS Lang processing just for http so that will likely stay equivalent until / unless JS is turned off completely for http (which I've actually asked for by default)
#
aaronparecki.com
edited /https_admin_tax (+87) "add screenshot of current display of http sites"
(view diff)
#
Zegnat
Yes, “requiring secure contexts results in undue implementation complexity” is a given reason for exception from the rule [tantek]. So that probably applies to JS language features.
#
Zegnat
But CSS properties are specifically mentioned as an example of things that will go on secure context only. So that will be interesting to see.
#
[tantek]
AFAIK there is no such https only policy for new CSS features e.g. discussed/agreed on W3C www-style or csswg github issues
#
aaronpk
I was just citing that mozilla blog post
#
[tantek]
And I didn't see that post cite anything to back the CSS properties claim
#
aaronpk
it sounded like they were saying it was a mozilla decision
#
[tantek]
Then it should have linked to the Mozilla discussion thereof
#
[tantek]
E.g. On dev-platform
#
[tantek]
Or bugzilla
#
Loqi
[dbaron] #75 Describe when features should be limited to secure contexts.
#
[tantek]
Like I said, I'll look into more when I'm back but without a citation for the discussion for that claim, I'm skeptical. I'm sure that's what Anne wants, so it's a good stake in the ground, but AFAIK that hasn't been agreed to on dev-platform, bugzilla, www-style, or even the W3C TAG
#
[tantek]
^^^ all sources you or anyone can search for any such evidence
#
[tantek]
Good find miklb
#
[miklb]
that is linked to from that blog post
#
[miklb]
first paragraph
#
[tantek]
And that thread shows debate in progress, not a conclusion.
#
[tantek]
E.g. Hober's comment at the bottom is spot on
#
[tantek]
On another subject which is sort of dev like, "freemyoauth" is too wordy / jargony to communicate to typical web users
#
[tantek]
(And I know I think I came up with that page name initially)
#
[tantek]
So what do people think of moving that page to a more user friendly / relevant page name like /appaccess ?
#
[tantek]
Easy to say, easy to hear, and says exactly why the user should care -
#
[tantek]
Want to check which apps have access to your accounts?
#
[tantek]
Go check IndieWeb.org/appaccess and click on the account you want to look up
#
[tantek]
Thoughts?
#
[miklb]
that blog post also links to this almost 3 year old post https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
#
[tantek]
(Also note the exception for CSS there)
#
[tantek]
If there are no objections to (or other / better suggestions to) "appaccess", I'll move the page in ~10 min
#
[tantek]
I figure there are enough opinionated folks active right now to speak up if necessary :)
#
[miklb]
sure, the latest post points out “new CSS color keyword would likely not be restricted to secure contexts.”
iasai joined the channel
#
tantek.com
edited /Webmention-developer (+31) "/* See Also */ brainstorming"
(view diff)
#
tantek.com
edited /Webmention-brainstorming (+47) "/* Alternatives */ add LDN"
(view diff)
#
tantek.com
edited /Checkmention (+45) "see also wm-dev"
(view diff)
#
tantek.com
edited /webmention-implementation-guide (+35) "/* Resources */ main Checkmention article"
(view diff)
#
tantek.com
edited /Checkmention (+136) "expand dfn from the resources listing, see also implementation guide"
(view diff)
#
tantek.com
edited /Webmention (+166) "clean-up see also, clearly separate Webmention Development subpages that used to be part of this page"
(view diff)
#
tantek.com
edited /HTTPS (+799) "/* Why */ Better browser UX: move Chrome http behavior to reasons why https, questions about doorhanger"
(view diff)
KartikPrabhu joined the channel
#
tantek.com
edited /https_admin_tax (+129) "note even if you make no other changes to your site, note should add HTTPS per existing reasons, move Chrome treatment to HTTPS page because it has nothing to do with the admin tax in particular, note HSTS can add more fragility, https-only outages"
(view diff)
#
tantek.com
edited /performance (+94) "/* See Also */ mobile site perf search"
(view diff)
#
tantek.com
edited /https_admin_tax (+825) "more examples from https, explicit FAQ with letsencrypt and comparison to domain registration"
(view diff)
#
tantek.com
edited /HTTPS (-337) "/* Maintenance tax and site fragility */ main article, move examples to main article"
(view diff)
#
tantek.com
moved /FreeMyOAuth to /appaccess "way more user friendly name, much easier to share with a typical user as a page to use to see what apps have what access to their accounts"
#
tantek.com
created /AppAccess (+23) "in case a user capitalizes (camelcases) the term when linking / navigating to it"
(view diff)
#
tantek.com
edited /appaccess (+1) "App Access dfn"
(view diff)
#
[tantek]
What is appaccess?
#
Loqi
App Access helps you find what apps and sites have access to your accounts on various services https://indieweb.org/appaccess
#
[tantek]
Hoping that makes it more real world shareable with friends who get strange emails notifying them that they just granted access to a particular service / account with certain privileges etc
#
tantek.com
edited /appaccess (+278) "to do, fix raw stylesheet on mobile"
(view diff)
#
www.svenknebel.de
edited /Let's_Encrypt (+153) "ref software with inbuilt support"
(view diff)
#
sknebel
all this is very "own server" centric, but I guess that makes sense - on a normal webhost you are going to leave these things to them and might not even know if it is let's encrypt or somebody else providing the certificate in the end
#
tantek.com
edited /GNU_social (+491) "/* History */ status.net site death, link to archived e14n post"
(view diff)
#
[tantek]
Sknebel "normal webhost"? Not sure there is anything normal there
#
[tantek]
Ideally yes. But you should actually document which web hosts *do* deal with updating your cert for you automatically if you know of any
#
[tantek]
What is a web host?
#
Loqi
Web hosting can be the primary regular cost in maintaining an IndieWeb site; this page lists several options from free on up depending on your publishing needs, like a static, shared, private, or dedicated server https://indieweb.org/web_host
#
[tantek]
Should exist (ideal, opinion) and does typically exist (can cite examples) are two different things, things I feel are often errantly conflated here
#
sknebel
should have said "shared hosting". E.g. the Let's Encrypt page primarily talks about using it with certbot on your own server, including "you need some kind of access to your server" when e.g. Dreamhost shared hosting has it integrated into their management UI and does all the details for you
#
[tantek]
Also not typical even on shared hosting
#
[tantek]
I have shared hosting, my provider doesn't do it for example.
#
[tantek]
You should assume providers do not do all the details for you unless you can actually link to their docs and/or UI (preferably with screenshots)
#
www.svenknebel.de
edited /HTTPS (-261) "/* Obtain */ StartSSL is not a thing anymore"
(view diff)
[miklb] joined the channel
#
[miklb]
what is kind a funny, I had already planned for tonight to switch my single site WP install to multi-site and set up letsencrypt certs for all of the sites. I’m going to need a tax cut
#
Loqi
It looks like we don't have a page for "kind a funny, I had already planned for tonight to switch my single site WP install to multi-site and set up letsencrypt certs for all of the sites. I’m going to need a tax cut" yet. Would you like to create it? (Or just say "kind a funny, I had already planned for tonight to switch my single site WP install to multi-site and set up letsencrypt certs for all of the sites. I’m going to need a tax cut is ____", a sentence describing the term)
#
www.svenknebel.de
edited /HTTPS (-191) "/* Obtain */ remove Wosign - distrusted, currently not offering free certificates as a consequence"
(view diff)
#
sknebel
I think we also shouldn't list CACert on there - objections? While I kind of like the idea of what they are trying to do, they are a far-off choice and not something a typical Indieweb site should use
[kevinmarks] joined the channel
#
[kevinmarks]
google cloud now manages certs for you via letsencrypt
#
www.svenknebel.de
edited /HTTPS (+273) "/* Obtain */ via Dreamhost"
(view diff)
#
sknebel
aaronpk: where did you buy your wildcard certs?
#
kevinmarks.com
edited /HTTPS (+202) "/* provider-specific */ Google Cloud"
(view diff)
#
kevinmarks.com
edited /App_Engine (+106) "/* IndieWeb Examples */ fix KM examples"
(view diff)
#
aaronpk
I was using startssl but they are gone now
#
kevinmarks.com
edited /Heroku (+97) "/* IndieWeb Examples */"
(view diff)
#
sknebel
I thought you had bought one somewhere, must have misremembered
#
aaronpk
well I paid StartSSL for the verification thing which let me make free wildcard certs
#
aaronpk
a long time ago I bought a wildcard cert somewhere, but I forgot where
#
aaronpk
like... probably 2013-ish
[miklb] and [mrkrndvs] joined the channel