#meta 2020-12-21

2020-12-21 UTC
[fluffy], [schmarty], craftyphotons__, jeremycherfas and gRegorLove joined the channel
# 04:50 
@ChrisAldrich ↩️ Some thoughts:
Non-technical IndieWeb: Fun, Creativity, Community, and “Content” 
https://boffosocko.com/2020/12/20/non-technical-indieweb-fun-creativity-community-and-content/ (twitter.com/_/status/1340881751925649409)
# 05:00 
@ChrisAldrich ↩️ Mentioned in: https://boffosocko.com/2020/12/20/non-technical-indieweb-fun-creativity-community-and-content/ (twitter.com/_/status/1340884178083094528)
[tantek], alex11, petermolnar and [fluffy] joined the channel
# 12:15 
@nicolascluz ↩️ https://twitter.com/Korben/status/1340985299271335936 by Korben (Twitter)
Est-il encore utile de posséder un site web en 2021 ? #kbn https://www.24joursdeweb.fr/2020/est-il-encore-utile-de-posseder-un-site-web-en-2021/
POSSE, C’était l’idée de base de l’indieweb (https://mabulledu.net/posse/) (twitter.com/_/status/1340993167542382592)
[KevinMarks] joined the channel
# 13:00 
[KevinMarks] I wonder if POSSE could works as a french verb, given that posser means 'to own' so POSSE could be read as possé, meaning 'owned'
# 13:30 
@wwwLMtSorg Wir befinden uns im Jahre 2020 n.Chr. Das Internet ist von  großen Konzernen besetzt und durchkommerzialisiert ... Das ganze Internet? Nein! Eine kleine Gruppe hört nicht auf, Widerstand zu leisten: 
https://indieweb.org (twitter.com/_/status/1341012213415424001)
# 13:44 
[KevinMarks] Is that an Asterix reference in German?
# 13:45 
@ikm Webmention - IndieWeb https://indieweb.org/Webmention (twitter.com/_/status/1341015788468105216)
# 13:46 
[KevinMarks] https://tvtropes.org/pmwiki/pmwiki.php/Main/UndefeatableLittleVillage
[Raphael_Luckom] joined the channel
# 15:23 
sknebel [KevinMarks]: yes
# 15:35 
@beep ↩️ wow the indieweb got indepressing (twitter.com/_/status/1341043912086052864)
[tantek] and [fluffy] joined the channel
# 17:29 
[tantek] Huh?
[schmarty] joined the channel
# 17:31 
[schmarty] looked like just a thread of goofin' around
nickodd, gRegorLove, [Raphael_Luckom] and ciccarellome[m] joined the channel; nickodd left the channel
# 19:24 
boffosocko.com edited /Template:organizing (+27) "link to photography policy" (view diff)
# 19:40 
tantek.com edited /discuss (+1) "/* indieweb channel */ grammar fix" (view diff)
jeremycherfas and [chrisaldrich] joined the channel
# 20:38 
lahacker gotta say i'm still a bit irked from the negativity yesterday in -dev..
# 20:39 
aaronpk the password thing? sorry, wasn't trying to be mean.
# 20:39 
[chrisaldrich] WithKnown << https://werd.io/2020/a-known-update
# 20:39 
Loqi ok, I added "https://werd.io/2020/a-known-update" to the "See Also" section of /WithKnown https://indieweb.org/wiki/index.php?diff=74061&oldid=56325 
# 20:39 
[chrisaldrich] Known << https://werd.io/2020/a-known-update
# 20:39 
Loqi ok, I added "https://werd.io/2020/a-known-update" to the "See Also" section of /Known https://indieweb.org/wiki/index.php?diff=74062&oldid=73471 
jeremycherfas, [KevinMarks] and [schmarty] joined the channel
# 21:13 
lahacker it was more the dismissiveness.. the industry dogma applies to centralized third-party apps with databases of Twitter username/passwords that *must* be held in plaintext for re-use.. my context is so vastly different, really more akin to an in-browser password manager.. and even though it was acknowledged that the system wasn't built for my context i was still practically bullied into complying anyway
# 21:13 
lahacker "actively harming everyone in the industry"
# 21:13 
lahacker "you’re free to do anything you want, just know that you’re "on the wrong side of history here"
# 21:13 
tantek.com created /URL_format (+24) "r" (view diff)
# 21:13 
lahacker "we’re just discouraging you from shipping that software to anyone else and encouraging them to use it the same way"
# 21:14 
aaronpk let me rephrase my comment to be more about personal experiences
# 21:15 
aaronpk "...actively working against the security education work that myself and my coworkers do"
# 21:16 
aaronpk i'm sorry it came across as bullying, that wasn't my intent, but i'm not likely to change my opinion on the matter itself
# 21:17 
[KevinMarks] You did trigger a cultural memory of bad practice there. Reviving "enter your password" is likely to cause backlash from the places whose passwords you're entering, which is a little hypocritical, yes, given that many of them used to do it too. The thing is, OAuth was a big mutual disarmament treaty for that kind of thing.
# 21:24 
lahacker so if i ship my open source software with "Angelo Gladding's Canopy" app token and Alice modifies that code to Follow/Unfollow users in rapid fire a la https://www.programmableweb.com/news/twitter-revokes-api-access-automated-followunfollow-services/brief/2019/02/01 someone at Twitter could simply decide to revoke the the app token entirely..
# 21:25 
lahacker i spent OVER A YEAR talking to a Twitter bot to try to get an old account recovered.. they pushed a new auth system and something changed and I was able to recover..
# 21:25 
lahacker i tweeted @TwitterHelp dozens of times over months
# 21:29 
lahacker i'd be a complete fool to assume that doing "the right thing" now won't result in a revoked token when i have users..
jeremycherfas joined the channel
# 21:33 
lahacker why don't they have a simple user token? to maintain this precise level of control and authority over their service..
# 21:33 
lahacker it's inherently user-hostile
# 21:33 
lahacker and yet i'm the malicious actor
willnorris joined the channel
# 21:36 
[KevinMarks] A user token would be a big improvement, yes
# 21:37 
lahacker and T R I V I A L, no? am i missing something? like, the lack of a user token should say everything
# 21:37 
lahacker i mean i'm just going to go for a walk, come back, start writing some aggressive prose to describe the situation to the end user
joe1 joined the channel
# 22:02 
aaronpk well this is the other problem with twitter's API... it requires a client secret (or whatever it was called in oauth 1) which has that exact problem you mention, you can't safely ship software like an ios app or SPA containing that secret cause then other users could abuse it
# 22:03 
aaronpk a user token seems like it'd solve all these concerns, and plenty of other services support that kind of thing already too
# 22:06 
[tantek] this is a general problem of building anything on top of Twitter *for others to use*
# 22:07 
[tantek] that's perhaps something we should start considering recommending against because of both the process tax (what lahacker described as OVER A YEAR above), and the API permission (token / client secret?) fragility
[Emma_Humphries] and [fluffy] joined the channel
# 22:45 
[fluffy] Yeah, my experience with adding Twitter auth to Authl was… not fun. Twitter’s API really isn’t intended for any experience other than building a Twitter client, except ironically they’ve removed all the stuff that’s useful for Twitter clients too.
# 22:46 
[fluffy] So basically all you’re left with is something built to auto-tweet things you do on other websites and MAYBE use twitter as a centralized/siloed authentication service.
[snarfed] joined the channel