#dev 2018-06-05

2018-06-05 UTC
#
loqi.me created /laragit (+185) "prompted by tantek and dfn added by tantek" (view diff)
#
kaja.sknebel.net edited /laragit (+1) "linkify ('x is y. <url>.' pattern)" (view diff)
#
loqi.me edited /laragit (+70) "tantek__ added "https://mastodon.social/@dansup/100134637851969731" to "See Also"" (view diff)
KartikPrabhu joined the channel
#
tantek.com edited /laragit (+17) "work in progress" (view diff)
#
tantek.com edited /indielogin.com (+25) "linky" (view diff)
#
loqi.me created /temporal_navigation (+42) "prompted by tantek and redirect added by tantek" (view diff)
#
loqi.me created /sequential_navigation (+31) "prompted by tantek and redirect added by tantek" (view diff)
#
tantek finally popped the stack to try comment on comment test per snarfed request
#
tantek !tell snarfed per your request, comment vs comment test posted, also failed. so it's curious that silo.pub can do this while bridgy cannot. hmmm https://brid.gy/log?start_time=1528157967&key=aglzfmJyaWQtZ3lyRQsSDVB1Ymxpc2hlZFBhZ2UiHmh0dHA6Ly90YW50ZWsuY29tLzIwMTgvMTU1L3QxLwwLEgdQdWJsaXNoGICAgICA5JEKDA
#
Loqi Ok, I'll tell them that when I see them next
#
snarfed tantek: thanks! did bridgy return 400 with decent error message?
#
Loqi snarfed: tantek left you a message 1 minute ago: per your request, comment vs comment test posted, also failed. so it's curious that silo.pub can do this while bridgy cannot. hmmm https://brid.gy/log?start_time=1528157967&key=aglzfmJyaWQtZ3lyRQsSDVB1Ymxpc2hlZFBhZ2UiHmh0dHA6Ly90YW50ZWsuY29tLzIwMTgvMTU1L3QxLwwLEgdQdWJsaXNoGICAgICA5JEKDA
#
tantek well the log certainly is friendlier and has the link to the docs
#
tantek I still haven't fixed my own code to propagate the error from Bridgy back up to my UI
#
tantek wanted to try it asap to answer your question first
#
snarfed heh, np. it did, based on the log
#
snarfed i expect silo.pub uses a different, older github API that avoids the permission check somehow
#
snarfed bridgy uses the v4 GraphQL API
#
aaronpk oh yeah silo.pub doesn't use graphql
#
snarfed surprising that github access control is only on some APIs though :P
#
snarfed (if that really is the root cause)
#
tantek snarfed, do you have an issue to track this? or is this a won't fix? or ... ?
#
snarfed no issue yet, no. feel free to file one, but it'd obviously need more investigation. eg not sure where it ultimately belongs btw silo.pub, bridgy, and github themselves
#
tantek snarfed, presumably it's too much work for Bridgy to fallback to the older GitHub API when the new API fails like this?
#
snarfed hah, good point. low priority, yes, but doable! i'd happily consider accepting a PR
#
tantek low priority but doable is good enough to file an issue for
#
jalcine clever idea, tantek
#
Loqi jalcine: tantek left you a message 42 minutes ago: What do (features on your website) do you want to finish / launch / start using *before* IWS? Can you add to your entry in https://indieweb.org/2018/Guest_Book ? See mine for example: "Working: for IWS 2018(link)"
#
tantek alright, so manual for now for this comment, so I can get past it and file the issue
renem joined the channel
#
snarfed tantek++, thanks for filing
#
Loqi tantek has 35 karma in this channel (440 overall)
snarfed joined the channel
#
tantek !tell aaronpk any particular reason you didn't backlink from your POSSE comment copy to your original on your site? https://github.com/go-gitea/gitea/issues/3837#issuecomment-394359165
#
Loqi Ok, I'll tell them that when I see them next
#
Loqi [aaronpk] > What we really need is federated authentication, but that doesn't exist yet. This sounds like a great use case for IndieAuth. https://www.w3.org/TR/indieauth/ IndieAuth is an OAuth 2.0 extension, which avoids the centralized problems with ex...
#
aaronpk my silo.pub integration isn't configured to do that automatically and I didn't think to edit the comment afterwards
#
Loqi aaronpk: tantek left you a message 4 minutes ago: any particular reason you didn't backlink from your POSSE comment copy to your original on your site? https://github.com/go-gitea/gitea/issues/3837#issuecomment-394359165
#
tantek aaronpk - made it harder to track down your original
#
tantek so I could peer to peer directly reply to it
#
tantek.com edited /GitHub (+916) "/* POSSE to GitHub */ POSSE reply to comment, and when POSSEing any reply, if issue or prev comment has indie permalink, be sure to in-reply-to that" (view diff)
#
tantek this might be the first time for that actually: http://tantek.com/2018/155/t1/
#
aaronpk yeah. I feel like most of the github comments I make aren't long enough to justify the link at the bottom
#
Loqi [Tantek Çelik] I think IndieAuth makes a lot of sense as the way to implement a federated login protocol to provide a "simpler UX for OAuth2" login for Gitea as this issue is named. It would also be possible to provide support for the "with GitHub" portion (as ori...
#
aaronpk but that one should have had it
#
tantek indie reply to an indie reply to a github issue
#
tantek starting to demonstrate how federating git would actually work in practice
#
tantek especially in combination with some folks being on a git silo
#
aaronpk yeah that was a huge improvement when I got that working for twitter replies
#
aaronpk now when I reply or favorite an indie URL that is also syndicated, I can automatically syndicate that to twitter as well
#
tantek can you do that when you reply or react to an indie URL that is also syndicated to GitHub?
#
aaronpk yea
#
tantek I added this minimal documentation accordingly: https://indieweb.org/GitHub#POSSE_reply_to_comment
#
aaronpk if the micropub client says to syndicate the post to github, but the in-reply-to URL is not a github URL, then my site checks the actual post i'm replying to and sees if it has a syndication URL that is a github URL, and uses that instead
#
aaronpk it does mean that someone can trick me in to favoriting or replying to a random post on github/twitter, but I feel like that's a low risk right now
#
tantek so if I supported showing reacji on my posts and you posted a :thumbs-up: to my reply http://tantek.com/2018/155/t1/ then your code would automatically syndicate that reacji to the github POSSE copy also?
#
Loqi [Tantek Çelik] I think IndieAuth makes a lot of sense as the way to implement a federated login protocol to provide a "simpler UX for OAuth2" login for Gitea as this issue is named. It would also be possible to provide support for the "with GitHub" portion (as ori...
#
aaronpk hm I don't actualy remember if silo.pub supports reacji
cloud-maingo joined the channel
#
aaronpk also... your post doesn't link to the github copy
#
tantek oops manual POSSE needs manual link
#
tantek fixing
#
tantek reload
#
tantek.com edited /GitHub (+396) "POSSE reacji to issue or comment" (view diff)
#
tantek gah seem to be running into this permissions issue a lot
#
tantek with Bridgy Publish to GH
eli_oat, renem, leg, iasai, snarfed and tantek joined the channel
#
tantek goodness sakes
#
tantek BBEdit++ for making a local copy of any text file you open from an SFTP server
#
Loqi bbedit has 1 karma
#
tantek and then just leaving them in the trash until you empty them.
#
aaronpk BBEdit got a shoutout during the Apple keynote today!
#
tantek whoa
AngeloGladding, snarfed, [jeremycherfas] and loicm joined the channel
#
@dkpmarketing Reads, Listens, Watches, and Editable Webmention Types and Avatars in the IndieWeb WordP... http://upflow.co/l/Qidv https://t.co/hDdNiGnJh2 (twitter.com/_/status/1003883429786734598)
cweiske joined the channel
#
ancarda tantek: Thanks, Tantek!
#
Loqi ancarda: tantek left you a message 7 hours, 53 minutes ago: re: what to work on after you get indiewebify.me stuff working, check out https://indieweb.org/IndieMark for step by step new things to add support for to your site, in incremental increasing order of challenge / functionality
#
ancarda Yeah, I'm reply to that very message, Loqi
iasai joined the channel
#
ancarda I think I have level 1 nailed. I don't require JS to do anything on my site, but the experience is slightly enhanced if you have JavaScript. Might want to make sure it's not degraded in anyway (e.g. flash of unstyled content)
swentel joined the channel
#
sknebel another thing you could do is look through the post types on https://indieweb.org/posts#Types_of_Posts and see if there's anything interesting you want to have
#
ancarda Huh, I didn't know `h-entry` should use `<article>` (kind forgot about that tag)
#
ancarda Bookmark, yes -- I'd be happy to move off Pinboard to my personal website. I do have some private bookmarks, so I'll need to figure out how I can show them to myself (can I login via IndieAuth into my own website?)
#
ancarda IndieMark Level 2 stresses notes. I have hundreds of posts I got from a silo some time ago, so I could do microblogging there too
#
sknebel you could. or build your own login system and have your own site run an indieauth endpoint, so you can use that to log into other sites instead of indieauth.com
#
ancarda I can login today using Selfauth, I just can't initiate that login
#
ancarda I really barely understand OAuth 2, so I don't want to get into that
#
sknebel have a look at https://github.com/indieweb/indieauth-client-php#quick-start
#
Loqi [indieweb] indieauth-client-php: Sample implementation and helper methods for an IndieAuth client.
#
ancarda Thanks, sknebel
#
sknebel (you're using PHP now, right?)
#
ancarda Since the commit labeled "Quickly rebuild entire website", yes
#
sknebel :)
#
sknebel !tell aaronpk: where on IndieAuth should we list client libraries lik https://github.com/indieweb/indieauth-client-php#quick-start ? make a subsection of "Implementations"?
#
Loqi Ok, I'll tell them that when I see them next
#
Loqi [indieweb] indieauth-client-php: Sample implementation and helper methods for an IndieAuth client.
#
ancarda Don't worry, the source is safely held on GitHub now. Nothing bad will happen to GitHub :)
#
cweiske I feel vindicated for hosting my git repositories on my own server
renem, swentel and jeremycherfas joined the channel
#
ancarda People doing POSSE/PESOS/etc..., are you also syndicating comments? e.g. I post an `h-entry` to my website, syndicate it to $silo, and $friend comments on $silo. Do you syndicate that comment back to your website, so it's visible there?
#
sknebel some do.
#
sknebel what is backfeed?
#
Loqi Backfeed is the process of syndicating interactions on your POSSE copies back (AKA reverse syndicating) to your original posts https://indieweb.org/backfeed
#
ancarda Oh, TIL
#
ancarda Thanks
#
swentel I do that a lot
#
swentel everything on https://realize.be/notes for instance
#
swentel when there are comments, those are usually from twitter
#
swentel and I push comments back to twitter as well
#
swentel works pretty nicely
#
ancarda Oh that's really cool
#
ancarda I guess then, you could just block Facebook/Twitter (to prevent all tracking), and have your server deal with the posting
#
swentel yeah, I almost don't use twitter anymore
#
ancarda That's half the reason I haven't just blocked Facebook in `/etc/hosts` (or similar), as I sometimes need to go use Facebook Messenger or reply to a comment
#
swentel never used facebook ever, so I'm good there heh
firmware joined the channel
#
firmware i want to ask if can be made a system in wich ads are not used on websites but instead use mining 10% of CPU power of every visitor of a website, legally with a button to accept or not?
#
swentel I'd block your site in an instant to be honest :)
#
ancarda Yeah, please don't do that
#
ancarda Shame we don't have an article about Monero or in-browser mining
#
ancarda Can we collate some criticisms with that here? I'd be happy to write up a wiki page tonight
yoroy joined the channel
#
petermolnar what is Monero?
#
Loqi It looks like we don't have a page for "Monero" yet. Would you like to create it? (Or just say "Monero is ____", a sentence describing the term)
#
petermolnar ^^^ there
#
ancarda I've written up wiki pages before, I meant building up a section like https://indieweb.org/bitcoin#Criticism
#
ancarda Outside "High CPU usage for visitors", I can't actually think of other problems with mining to pay for a website's hosting costs
#
ancarda It doesn't need to require JavaScript; the no-JS visitors could be propped up by those browsing with JavaScript
#
ancarda And CPU usage doesn't need to be high (as firmware said, it could be capped at a low % of CPU power)
#
firmware could be a setting from 1% to whatever user like
barpthewire joined the channel
#
ancarda Perhaps a more interesting question: is hosting actually that expensive? It seems like it's never been more affordable
#
cweiske maybe people want to get paid to create the content, not only to host the content
#
ancarda Good point
#
ancarda It's a shame Flattr didn't really take off much
#
sknebel all the browser mining things have laughably small pay-offs
#
@LoudTechie Reads, Listens, Watches, and Editable Webmention Types and Avatars in the IndieWeb WordP... http://upflow.co/l/ip0v https://t.co/zEq9PloxbC (twitter.com/_/status/1003954019822456832)
#
sknebel when coin-hive started I measured that my laptop would generate ~0.002 $ per hour. Now limit CPU to 10 % to not annoy the user...
#
aaronpk Good morning!
#
Loqi aaronpk: sknebel left you a message 3 hours, 14 minutes ago: where on IndieAuth should we list client libraries lik https://github.com/indieweb/indieauth-client-php#quick-start ? make a subsection of "Implementations"?
#
aaronpk Yeah that sounds good. We've done that with Micropub and Webmention right? Probably just copy whatever those pages have
#
ancarda So, my website has been preloaded since about April this year. When do you think it's safe to just turn off port 80? Next year, perhaps?
#
ancarda I wonder if that will make me ineligible for HSTS preloading in the future if they ever go to verify eligibility ... as I'd no longer have a service on port 80 to redirect people to 443.
#
sknebel you don't need port 80, it's just that *if* you have something on port 80 it needs to redirect
#
sknebel in an indieweb context I'd be wary of non-browser tools though, which don#t know about HSTS
#
ancarda Hmm, yeah `curl http://markdain.net` would fail if I turned off port 80
#
sknebel e.g. if I link to your site from mine, and accidentially write http://, my webmention sender will not figure out to use HTTPS if there's no redirect
#
ancarda Good point
#
ancarda Perhaps you could have your WebMention sender try HTTPS as well? I believe many (most?) IndieWeb sites are using SSL
[jgmac1106] joined the channel
#
aaronpk That'd be nice, but I don't think we're quite there yet
#
ancarda I was thinking pulling down the HSTS preload list could help here but preloading isn't listed here: https://indieweb.org/HTTPS#IndieMark_Levels
#
ancarda So, few IndieWeb sites might have it :/
#
aaronpk I'm a bit scared of turning on HSTS cause it means basically never going back
#
aaronpk But I've run https on my site for a few years now so maybe it's time
#
ancarda Honestly, that's why I turned it on; once I had SSL working, I preloaded the site so everything I built going forward *had to work with SSL*
#
ancarda Is there a procedure for adding "Level 7" to that page? Sort of tempted to add that to list HSTS Preloading, CAA DNS records, HTTP/2, and maybe TLS 1.3 support.
#
ancarda I have 3/4 of those - just waiting for TLS 1.3 to be more widely available
#
ancarda aaronpk: If you have mandatory SSL (as in HTTP redirects to HTTPS), then preloading won't really make much of a difference - people already can't use the site without SSL
#
aaronpk Well it's more like I become unable to turn off https ever
#
ancarda Would you, though? If you've been using it for years, are you going to find a reason to turn it off tomorrow?
#
aaronpk This was more of a concern before letsencrypt, since https certs were kind of a racket and there was no guarantee theyd stay cheap
#
ancarda I am worried about everyone using Let's Encrypt - they may get too big to fail. Hopefully other ACME providers will show up
#
aaronpk Yeah I've been surprised to see even major hosting companies using letsencrypt for their auto https features
#
aaronpk even github issues letsencrypt certs for custom domain github pages
#
sknebel becoming a CA is *expensive*
#
ancarda Yeah, especially becoming a free one
#
ancarda aaronpk: In some ways, I think you are already past the point of no return. Since you've been requiring SSL for years, many links to your website go to `https://`. Just now, I searched for your name and the first link on Google was `https://aaronparecki.com/`. You'd need to redirect HTTPS traffic to HTTP. Even with a 301, it could take weeks/months/years? until links are fixed, bookmarks are updated, etc...
#
ancarda Would preloading actually make that worse? You'd still need to support HTTPS in some capacity for a few years while browsers are updated to no longer hardcode your domain
#
aaronpk Yeah, like I said, the last time I considered turning on HSTS was a few years ago, and I just haven't thought about it since
#
ancarda So, these days, would you do it?
#
aaronpk Probably, tho I might wait til there's another ACME issuer so that i have another free cert option
#
ancarda Yeah, that's probably a good idea
#
ancarda sknebel: Just how expensive are we talking?
#
ancarda I wonder if CloudFlare, maybe Apple, could run ACME CAs. They both (claim to, at-least) care about privacy and security
#
sknebel good question, would have to look for sources. Let's encrypt spends a few million per year.
#
aaronpk Apple is in a good position to do it. They use CAs for all their provisioning anyway
#
sknebel amazon and Google have CAs, but only for their customers
#
sknebel Apple does not seem like a company that would run such a service for public benefit
#
sknebel although true, they have established root certs as far as I know
#
ancarda Well, I actually think they would; they really care about privacy. Just an example from yesterday is building anti-Facebook tracking into Safari. They also push hard for HTTPS on apps - App Transport Security - for and security privacy reasons
#
ancarda It's much easier for Apple to argue "you can't disable ATS anymore" if they provide free SSL to the public
#
ancarda Also yeah, the internal CAs could now be accessible over a different ACME server, so it's possible to automate code signing
#
ancarda Then again, neither CloudFlare or Apple show up on https://letsencrypt.org/sponsors/
#
ancarda But Google and Facebook are listed
[filosofikode], snarfed and [kevinmarks] joined the channel
#
[kevinmarks] Trying to set up letsencrypt at the moment, but it's behind a load balancer so it keeps getting the wrong server for the challenge
leg joined the channel
#
ancarda [kevinmarks]: Can you reverse proxy the `acme-challenge` directory to the 1 server that has the challenge files?
#
ancarda So the load balancer talks to Box 5, which just reverse proxies to the main server, Box 1?
KartikPrabhu, swentel_, cloud-maingo, yoroy and iasai joined the channel
#
[kevinmarks] Oh derp. I forgot this site has blessed IP's only. I'll have to use another method.
tantek joined the channel
#
aaronparecki.com edited /Category:IndieAuth (+20) "link to [[IndieAuth]] page" (view diff)
#
aaronpk looks forward to hearing schmarty's recap of all these indieauth wiki changes
[schmarty] joined the channel
#
[schmarty] "Thanks to Aaron Parecki for all the wiki gardening around the topics of IndieAuth, IndieLogin, and IndieAuth.com"
#
[schmarty] ;}
#
Loqi [schmarty]: tantek left you a message 15 hours, 58 minutes ago: What do (features on your website) do you want to finish / launch / start using *before* IWS? Can you add to your entry in https://indieweb.org/2018/Guest_Book ? See mine for example: "Working: for IWS 2018(link)"
#
Loqi [schmarty]: tantek left you a message 15 hours, 58 minutes ago: What do (features on your website) do you want to finish / launch / start using *before* IWS? Can you add to your entry in https://indieweb.org/2018/Guest_Book ? See mine for example: "Working: for IWS 2018(link)"
#
aaronparecki.com edited /IndieAuth (+235) "/* Services */ clarify indielogin.com/indieauth.com" (view diff)
#
aaronpk hehe
tantek and yoroy joined the channel
#
aaronparecki.com edited /IndieAuth (-5) "indieauth.com faq" (view diff)
snarfed and AngeloGladding joined the channel
#
aaronpk considering breaking this OpenID/IndieAuth comparison into its own page
#
aaronpk this is gonna get long
#
snarfed oof. aaronpk++
#
aaronpk trying to state things as facts without any sort of opinionated language
#
aaronpk is there a less confrontational word than "vs" that I can use in this page title?
#
aaronpk "vs" implies there's a battle
#
sknebel comparison?
#
aaronpk maybe I should just make the page title the whole question
#
aaronpk "How is IndieAuth different from OpenID Connect"
#
aaronparecki.com edited /IndieAuth (+112) "link to IndieAuth/OpenID Connect page" (view diff)
[colinwalker] and tantek joined the channel
#
aaronpk writing this up, it's a bit sad to see how far away openid connect has gotten from the original openid goals
#
sknebel yeah, seems like they pushed all the "interesting" bits into extensions, and no URL-based discovery anymore?
[cleverdevil] joined the channel
#
aaronpk I *think* url based discovery is still technically possible according to the spec, but I don't think anyone actually does that
#
sknebel oh, I only saw the Webfinger thing
tantek joined the channel
#
aaronpk oh, yeah that's what I was talking about
#
aaronpk I guess that's only kind of url-based discovery
#
aaronpk it's not follow-your-nose discovery
#
tantek interesting - I just edited one of my manual POSSEs to GitHub and saw a drop-down notification that "Comment edit history is now public"
#
tantek This is good to see, especially since people other than the author are able to edit comments on GitHub!
#
tantek interesting they also give the option to view previous versions and "Delete revision from history"
#
aaronparecki.com created /How_is_IndieAuth_different_from_OpenID_Connect (+2793) "first few questions answered, more to come" (view diff)
#
tantek was there a blog post on this? this seems like a pretty big feature to ship
[grantcodes] joined the channel
#
[grantcodes] My bookmark syncing plugin is almost ready to go! Gives me a reason to actually tidy up my bookmarks for the first time in years!
#
aaronpk feel free to add stuff here https://indieweb.org/How_is_IndieAuth_different_from_OpenID_Connect
#
tantek whoa a whole page
#
aaronpk i've got more coming
#
aaronpk i'll see if I can write moreon the next flight
#
tantek took a bunch of screenshots on the GitHub comment revisions UI
snarfed joined the channel
#
snarfed tantek: you've seen facebook's edit history feature too, right?
[kevinmarks] joined the channel
#
jay.funabashi.co.uk edited /inari (+89) "/* Itches */" (view diff)
#
tantek yes I believe we have that captured somewhere on the wiki
#
tantek what is version
#
Loqi A version is a historical state of a post or other item https://indieweb.org/version
#
snarfed.org edited /Facebook (-87) "/* Bridgy */ no more POSSE" (view diff)
#
tantek not even waiting til August?
#
tantek snarfed: see https://indieweb.org/versioning#Facebook for FB Edit History screenshots
#
tantek what is edit history
#
Loqi It looks like we don't have a page for "edit history" yet. Would you like to create it? (Or just say "edit history is ____", a sentence describing the term)
#
tantek edit history is /versioning
#
Loqi ok
#
loqi.me created /edit_history (+23) "prompted by tantek and redirect added by tantek" (view diff)
#
tantek.com edited /versioning (+29) "add edit history to dfn" (view diff)
#
[kevinmarks] I like it so far, Aaron - OpenID Connect not being OpenID in anything but name is about right
#
[kevinmarks] webfinger--
#
Loqi webfinger has -1 karma in this channel (-11 overall)
#
aaronpk Yeah I'm trying to point that out without making it look like a fight
#
tantek webfinger--
#
Loqi webfinger has -2 karma in this channel (-12 overall)
#
tantek Gee I wonder if that (name perpetuation, or what jwz would call "brand necrophilia"), could have anything to do with there being a well-corp-funded *OpenID* Foundation that has to do something to perpetuate its reason for existing
#
snarfed bridgy facebook publish will keep working until august, but i'm starting to remove docs now
#
snarfed (august 1)
#
tantek maybe shorten BP to FB docs to just announcing deprecation and linking to the respective GitHub issue for more details?
#
tantek rather than complete removal?
#
snarfed yup, did that
#
snarfed https://brid.gy/about#rip-facebook
#
snarfed facebook sign up button on https://brid.gy/ now links there
KartikPrabhu joined the channel
#
tantek snarfed++ thanks for keeping it working as much as you have!
#
Loqi snarfed has 62 karma in this channel (386 overall)
#
snarfed aww you're welcome! sad to lose it.
[tantek] and tantek joined the channel
#
loqi.me created /OID (+19) "prompted by tantek and redirect added by tantek" (view diff)
#
sknebel What is SSB?
#
Loqi Secure Scuttlebutt is a P2P system to sync message feeds, used to build (among others) social applications that work in off-grid/sneakernet scenarios https://indieweb.org/SSB
#
sknebel SSB << [https://git.scuttlebot.io/%25RPKzL382v2fAia5HuDNHD5kkFdlP7bGvXQApSXqOBwc%3D.sha256 Guide to using Git on top of Scuttlebutt]
#
Loqi ok, I added "[https://git.scuttlebot.io/%25RPKzL382v2fAia5HuDNHD5kkFdlP7bGvXQApSXqOBwc%3D.sha256 Guide to using Git on top of Scuttlebutt]" to a new "See Also" section of /Secure_Scuttlebutt https://indieweb.org/wiki/index.php?diff=48340&oldid=47055
#
loqi.me edited /Secure_Scuttlebutt (+145) "sknebel added "[https://git.scuttlebot.io/%25RPKzL382v2fAia5HuDNHD5kkFdlP7bGvXQApSXqOBwc%3D.sha256 Guide to using Git on top of Scuttlebutt]" to "See Also"" (view diff)
[wiobyrne] joined the channel
#
tantek IndieAuth << How_is_IndieAuth_different_from_OpenID_Connect
#
Loqi ok, I added "[[How is IndieAuth different from OpenID Connect]]" to the "See Also" section of /IndieAuth https://indieweb.org/wiki/index.php?diff=48341&oldid=48330
snarfed joined the channel
#
tantek what is OpenID Connect
#
Loqi It looks like we don't have a page for "OpenID Connect" yet. Would you like to create it? (Or just say "OpenID Connect is ____", a sentence describing the term)
jjuran joined the channel
#
tantek OpenID Connect is an authentication protocol built on OAuth 2.0, that in practice is not implemented to provide open identifiers across systems, nor does it have anything to do with [[OpenID]] (1 or 2), but is a way to connect (tie) you to one specific identity provider to use that provider’s services. http://openid.net/connect/
#
Loqi ok
#
loqi.me created /OpenID_Connect (+360) "prompted by tantek and dfn added by tantek" (view diff)
#
kaja.sknebel.net edited /OpenID_Connect (+1) "linkify ('x is y. <url>.' pattern)" (view diff)
#
tantek OpenID Connect << How_is_IndieAuth_different_from_OpenID_Connect
#
Loqi ok, I added "[[How is IndieAuth different from OpenID Connect]]" to a brand new "See Also" section of /OpenID_Connect https://indieweb.org/wiki/index.php?diff=48345&oldid=48344
#
loqi.me edited /OpenID_Connect (+70) "tantek added "[[How is IndieAuth different from OpenID Connect]]" to "See Also"" (view diff)
#
loqi.me created /OIDC (+27) "prompted by tantek and redirect added by tantek" (view diff)
#
tantek feel free to de-snark if that dfn seems too harsh, and move criticisms to an Issues or Criticisms section
#
snarfed interesting, NextScripts SNAP added scraping code (i think) to do FB POSSE via web to get around the API restrictions. https://www.nextscripts.com/news/2018/05/facebook-officially-closed-unrestricted-access-to-its-api/
#
snarfed (paid)
#
snarfed complete with people in the comments complaining that FB disabled their accounts when they started using it 😂
#
jay.funabashi.co.uk edited /inari (+366) "/* Itches */" (view diff)
#
snarfed oof, yeah, you have to give it your cookie: https://www.nextscripts.com/instructions/facebook-social-networks-auto-poster-setup-installation/
#
Loqi Setup/Installation: Facebook - Social Networks Auto-Poster How to setup Facebook in SNAP WordPress plugin and API ...
#
aaronparecki.com edited /OpenID_Connect (-37) "Let’s not assume malintent, and just state facts" (view diff)
gRegorLove joined the channel
#
tantek.com edited /OpenID_Connect (+41) "open meaning portable, except in name and foundation" (view diff)
#
tantek.com edited /OpenID_Connect (-15) "foundation is too ambig for dfn, technical foundation vs political etc." (view diff)
tantek_ joined the channel
#
tantek_ what is POSSE to Facebook
#
Loqi POSSE to Facebook is the act of syndicating (at least some of) your content from your own site to Facebook https://indieweb.org/POSSE_to_Facebook
#
snarfed updated ^ just now
#
tantek_ POSSE to Facebook << https://www.nextscripts.com/news/2018/05/facebook-officially-closed-unrestricted-access-to-its-api/ (note people in comments complaining FB disabled their accounts when they started using it)
#
Loqi ok, I added "https://www.nextscripts.com/news/2018/05/facebook-officially-closed-unrestricted-access-to-its-api/ (note people in comments complaining FB disabled their accounts when they started using it)" to the "See Also" section of /POSSE_to_Facebook https://indieweb.org/wiki/index.php?diff=48352&oldid=48351
#
tantek_ POSSE to Facebook << https://www.nextscripts.com/instructions/facebook-social-networks-auto-poster-setup-installation/ spoiler: you have to give it your cookie
#
Loqi ok, I added "https://www.nextscripts.com/instructions/facebook-social-networks-auto-poster-setup-installation/ spoiler: you have to give it your cookie" to the "See Also" section of /POSSE_to_Facebook https://indieweb.org/wiki/index.php?diff=48353&oldid=48352
#
Loqi Setup/Installation: Facebook - Social Networks Auto-Poster How to setup Facebook in SNAP WordPress plugin and API ...
#
snarfed (to be fair, i also ask for facebook cookies in https://facebook-atom.appspot.com/ . it's horrible practice, i hate doing it. silver lining is, that app doesn't actually store them anywhere...but still.)
#
tantek_ snarfed, also that's for *reading* not posting right?
#
tantek_ very different use-case
#
snarfed right, but the practice is just as horrible. cookies have no permissions or compartmentalization. i could easily go wipe out someone's account or do anything else i want with their cookie
#
aaronpk This is why we have OAuth in the first place lol
#
snarfed yuuuuup
#
aaronpk So ironically, by Facebook preventing apps from using oauth, they are now effectively encouraging these other terrible behaviors because users have no other options
#
snarfed which facebook is correctly using, and imposing reasonable policy to not allow the use case i'm working around (horribly) by asking for cookies
#
snarfed eh. "encouraging" is maybe a bit too strong. but sure.
#
snarfed we castigate them for not protecting users' privacy enough, then complain when they restrict access. consistency is hard. :P
#
aaronpk Incentivizing?
#
aaronpk I dunno, they are clearly blocking legitimate use cases that people want
#
snarfed ...with legitimate privacy policies that many other people (almost certainly more) clearly want
#
snarfed can't please everyone 🤷‍♀️ at least not easily
#
aaronpk Again comes back to the IndieWeb. If Facebook were not a monopoly, people could choose whichever platform they wanted
#
@bradenslen Listening: # An Indieweb Podcast: Episode 4 “Webmentions and Privacy”. Also on: * ### _Related_ (https://ramblinggit.com/2018/06/295/) (twitter.com/_/status/1004064192209530882)
#
[kevinmarks] I need to write this up. The "who is this on behalf of" is key here, and the ideas in GDPR express this.
KartikPrabhu, barpthewire, yoroy, snarfed and swentel joined the channel
#
dgold okay - so I can login to my self-hosted git instance using my own website.
#
dgold living in the future
#
snarfed dgold++
#
Loqi dgold has 21 karma in this channel (49 overall)
#
swentel that's cool :)
#
swentel with gitlab?
[pfefferle] joined the channel
#
dgold gitea
[schmarty] joined the channel
#
[schmarty] dgold: that is very cool! using indieauth as an OpenID provider?
#
dgold [schmarty]: yes, indeed!
#
dgold saw the setting in the gitea config file, so I did some noodling about
#
dgold had some orking to do in between, but I'm super-pleased to have it functional
#
[schmarty] i have a local gitlab setup that i have been itching to replace with gitea, so that is a great reason to do so!
[jgmac1106], AngeloGladding, yoroy, iasai, yoroy_, gRegorLove and eli_oat joined the channel
#
@dsample ↩️ I can see that point, but sites like OpenHub, Launchpad and other aggregation sites (GitHub could be one) can help with that, like. If we could also use OpenID for SSO, and WebHooks/WebMentions for comms, then we could potentially provide community across distributed remotes too. (twitter.com/_/status/1004111376422449152)
KartikPrabhu, gRegorLove, snarfed, AngeloGladding and [grantcodes] joined the channel
#
[grantcodes] Ha cool! Managed to sync my actual browser bookmarks to my site! http://grant.codes/bookmarks
[tantek] and [jgmac1106] joined the channel
#
aaronpk Whoa!
snarfed and [grantcodes] joined the channel
#
[grantcodes] Also got my mf2 editor (for micropub clients) supporting just about every property I can think of 😃 With inline preview of images, audio and video. Will need to release it as a reusable react component once it's done
#
[grantcodes] Guess I'll need to add a rich editor to get it to be suitable for just about anything
#
cjwillcock.ca edited /IRC_People (+56) "/* Nicknames */" (view diff)
[cleverdevil] joined the channel
#
[cleverdevil] So cool, [grantcodes]!
#
[cleverdevil] I'd love to see that be a part of Together eventually 😉
#
[grantcodes] Oh yeah once it's done it should be fairly trivial to drop in
#
KartikPrabhu what's a mf2 editor?
#
[grantcodes] The biggest pain is always going to be going from client to server to micropub endpoint (really starting to loath cors). Especially with the media files, I'll need to think about that
leg and snarfed joined the channel