#meta 2022-05-13

2022-05-13 UTC
jacky joined the channel
jacky joined the channel
#
[tantek]
Hey folks, while in Düsseldorf, a few of us there started chatting IWC Berlin options so I wanted to ask folks here who would consider traveling to please add your availability/pref to the Planning section for IWC Berlin this September: https://indieweb.org/Planning#Berlin
#
[tantek]
^ GWG, aaronpk in particular
#
GWG
[tantek]: Thank you for thinking of me
#
[tantek]
We still need a venue but hopefully we can start to collect some interest on dates
jacky joined the channel
#
david.shanske.com
edited /Planning (+97) "/* Berlin */"
(view diff)
#
david.shanske.com
edited /Planning (+84) "/* Berlin */"
(view diff)
#
[chrisaldrich]
misses the Summit
[sebsel] joined the channel
#
GWG
Are we only going to try for IWCs in Europe?
#
[tantek]
also misses the summit
#
[tantek]
GWG, we're going to try wherever someone is willing to do the work to find a venue and be upfront about participation requirements etc.
#
[tantek]
so far that's been Europe
#
GWG
I've never had luck with venues. I have no connections.
#
GWG
Maybe we should also try to get some popups on the agenda.
#
GWG
[tantek]: I'm only willing to do non-venue work.
#
[tantek]
GWG, the remote participation and session recording/posting work you've done has been great
#
GWG
I meant, at a physical event. I am willing to come and do things, but I think finding the venue is not my strength
#
GWG
I don't have the contacts
#
[tantek]
before I forget, the iPad with Zoom + Jabra Speak solution was the winner at IWC DUS
#
[tantek]
also Joschi's amazing 360deg camera with built-in Android that somehow had a Zoom client :exploding_head:
#
GWG
I have a few items I'm contemplating for future in person events.
#
[tantek]
GWG, this is why we need a diversity of organizers with different skillsets
#
[tantek]
e.g. I have better luck finding venues than setting up remote participation
#
[tantek]
Joschi's 360deg camera may be worth an impulse buy at some point
#
GWG
[tantek]: Wasn't it around 900?
#
[tantek]
actually, what did that look / feel like from your perspective GWG? the view of the "main room" with the two rows of participants
#
[tantek]
and how was the audio?
#
GWG
It looked and worked very well.
#
[tantek]
yes it may have been ~900. though considering that includes essentially a whole computer setup to do Zoom that may be worth it
#
GWG
I will continue to look for lower alternatives, but it may be worth having one of them if we pick up
jacky joined the channel
#
IWDiscordGateway
<fncll> I’d be happy to help organize something but don’t have the skills or knowledge to be more than an assistant. For online or Seattle/Tacoma or possibly Portland areas.
jacky joined the channel
#
GWG
fncll: There's venue that is an issue.
#
Loqi
Just generated the first draft of this week's newsletter! https://indieweb.org/this-week/2022-05-13.html I'll generate a draft again tomorrow, so please add to it before then! https://indieweb.org/this-week#How_to
#
denmchenry.com
edited /User:Denmchenry.com (+26) "Moved webmentions from itches to scratched."
(view diff)
#
[Chris_Lott]
I was just registering my support.
mro joined the channel
#
@brianwisti
Slowly but surely streamlining that tumblelog flow, which also means I'm spending more time in Emacs. That's just weird. Anyways, checking out how share links work, for some near future ideas for serverless #IndieWeb POSSE syndication. https://randomgeekery.life/posts/2022/05/1652421774/
(twitter.com/_/status/1524995627058348033)
mro and jamietanna joined the channel
#
omz13.com
edited /well-known (+221) "Add pointers to the specification and registry"
(view diff)
#
sknebel
omz13: that link belongs more on https://indieweb.org/.well-known and is there already afaik (bit confusing ,but one page is for the general pattern and the other for the specific /.well-known/ path)
mro joined the channel
#
omz13
sknebel: yes but no: .well-known as a page should not exist. Any half-decent web server deployment would be configured to filter out /.well-known requests and serve up its content from an admin writable only folder... or the wiki engine should do it. It is mis-configuration not a problem.
#
sknebel
a) the page .well-known is distinct from the folder, which is indeed restricted b) but our wiki anyways makes this distinction, so please put the things in the right pages anyways
#
omz13
Then somebody should alias well-known page to .well-known page because it is not obvious
#
omz13
or vice-versa. or whatever.
#
aaronpk
saying every web server should only serve .well-known from an admin writable folder is kind of silly, that's like saying every web server should make sure they are aware of every possible mechanism anyone might use and block access to those paths. which also kind of goes to show the problem with .well-known to begin with, that if a path there enables some sort of functionality then anyone who might be
#
aaronpk
able to create that path can turn it on
#
aaronparecki.com
edited /.well-known (+221) "move reference from [[well-known]]"
(view diff)
#
aaronparecki.com
edited /well-known (-221) "move reference to [[.well-known]]"
(view diff)
#
omz13
what I was trying to say was if you don't configure (harden) your server or application correctly, don't complain when people do stupid stuff if you let them play in your .well-known folder
#
omz13
do we need to add a trigger warning whenever .well-known is mentioned because that is how it feels around here
[Murray] joined the channel
#
aaronpk
the point is .well-known is not the only way to do well-known URLs, so just blocking .well-known from being user-editable isn't enough, you have to go list out every possible well-known URL that might cause a problem if it's user-editable and block that too
#
aaronpk
that's also why there are two different wiki pages
#
omz13
am I missing something because if request path starts with /.well-known/ then burp
#
aaronpk
also robots.txt and humans.txt and whatever else anyone comes up with
#
IWDiscordGateway
<capjamesg> tech-stack.txt
#
IWDiscordGateway
<capjamesg> credits.txt
#
IWDiscordGateway
<capjamesg> sponsors.txt
#
IWDiscordGateway
<capjamesg> Let's txt everything!
#
IWDiscordGateway
<capjamesg> (sarcasm)
#
aaronpk
this is arguably the reason _for_ putting all well-known things in the .well-known folder but there's nothing stopping someone from creating something that doesn't do that
#
omz13
capjamesg: let's json everything?! /s
#
[KevinMarks]
Well there's another 2 layers of that with LRRD and webfinger
#
omz13
wearing my BOFH hat, it is far easier to put all that meta-thing into /.well-known/thing because it can be locked down so lusers don't twiddle with things they are not meant to twiddle with... and you can do evil things with reverse proxy or application middleware to achieve that
#
petermolnar
that is certainly the BOFH hat, thinking .well-known is out of the context of the site. That is exactly why it shouldn't exist, particularly for non-web protocols, eg. mta-sts, which should be killed with fire.
#
[tantek]
"nothing stopping someone from creating something that doesn't do that" <-- this is exactly what happened with "security.txt" AFAIK, which was created *after* .well-known became a "thing". And yes they're both RFCs 🙄
#
[tantek]
.well-known << Criticism: bad approach that is counter to the read-write web and adds extra [[admintax]] to all server maintainers: https://chat.indieweb.org/meta/2022-05-13/1652432145141300
#
Loqi
ok, I added "Criticism: bad approach that is counter to the read-write web and adds extra [[admintax]] to all server maintainers: https://chat.indieweb.org/meta/2022-05-13/1652432145141300" to the "See Also" section of /.well-known https://indieweb.org/wiki/index.php?diff=81414&oldid=81413
#
[tantek]
.well-known << Criticism: unnecessary domain-level assumption for use-cases that can by handled by resource-level discovery: it's almost always a web architecture error to design something for a domain (also includes root /noun.txt approaches) instead of designing for an arbitrary URL (HTML at some page).
#
Loqi
ok, I added "Criticism: unnecessary domain-level assumption for use-cases that can by handled by resource-level discovery: it's almost always a web architecture error to design something for a domain (also includes root /noun.txt approaches) instead of designing for an arbitrary URL (HTML at some page)." to the "See Also" section of /.well-known https://indieweb.org/wiki/index.php?diff=81415&oldid=81414
#
[tantek]
.well-known << Alternative: instead of forcing/squatting a specific path on web server admins, use link rel for discovery. The W3C [[Social Web Working Group]] resolved on this methodology (also known as "follow your nose") years ago for all the approaches being considered, and subsequently all of the W3C Recommendations they produce used link rel discovery, without any need for ".well-known"
#
Loqi
ok, I added "Alternative: instead of forcing/squatting a specific path on web server admins, use link rel for discovery. The W3C [[Social Web Working Group]] resolved on this methodology (also known as "follow your nose") years ago for all the approaches being considered, and subsequently all of the W3C Recommendations they produce used link rel discovery, without any need for ".well-known"" to the "See Also" section of /.well-known https://indieweb.org/wiki/index.php?diff=81416&oldid=81415
#
omz13
"For websites, the security.txt file should be placed under the /.well-known/ path (/.well-known/security.txt) [RFC8615]. It can also be placed in the root directory (/security.txt) of a website, especially if the /.well-known/ directory cannot be used for technical reasons, or simply as a fallback. The file can be placed in both locations of a website at the same time."
#
[tantek]
right, so they squatted two paths with that language. really bad design
#
omz13
close reading = preferred location is under /.well-known/
#
[tantek]
the referenced RFC8615 even uses the term "might" as the caveat for placing at /security.txt ("might" is not in RFC2119, but is in RFC6919)
#
loqi.me
created /HODL (+142) "prompted by [tantek] and dfn added by [tantek]"
(view diff)
#
loqi.me
edited /HODL (+40) "[tantek] added "[[commonplace book]]" to "See Also""
(view diff)
#
[tantek]
> For legacy compatibility, a "security.txt" file might be placed at the top-level path or redirect"
jacky joined the channel
#
omz13
[tantek] feel free to raise your concerns at https://github.com/securitytxt/security-txt and kindly note: security.txt is now RFC9116
#
Loqi
[securitytxt] security-txt: A proposed standard that allows websites to define security policies.
jacky joined the channel
#
[tantek]
omz13, yeah I'm considering a blog post or at least a tweet asking "Anyone know of an effort to write-up a "/noun.txt proposals considered harmful" blog post, finding etc.? " and security.txt will likely get a mention since they were sloppy about not being strictly confined to .well-known. Also the use of "might" without citing 6919, tsk tsk tsk
#
[tantek]
indeed, perhaps as a syndication target
#
[tantek]
aaronpk, have you done any POSSE-to-RFC-errata? 😉
#
[tantek]
(looks like that target does generate permalinks for submissions so that would work)
#
omz13
[tantek] I'm sure an errata submitted from you would be more appreciated and beneficial than all that "tsk tsk tsk" et al
#
[tantek]
omz13 I'll have to consider what the exact fix would be, beyond pointing out the problem
#
[tantek]
since several potential fixes are possible
#
[tantek]
considers redirecting any top-level path squats from specs to a rickroll
#
omz13
concrete proposals and suggestions are always better than just saying something "sucks" or pounding on "criticism"
jacky joined the channel
#
@ton_zylstra
↩️ http://micro.blog? IndieWeb? ActivityPub? Meer een vraag van adoptie dan techniek lijkt me. Publicspaces?
(twitter.com/_/status/1525110522940637186)
#
@DamnitPharmer
↩️ @Shoq @indiewebcamp @NewYorker I think we’ve more than proven that we need policed., It just needs to be by affair and just hand.
(twitter.com/_/status/1524929965376012289)
#
tantek.com
edited /js;dr (+328) "move some examples from See Also to Unsorted"
(view diff)
#
tantek.com
edited /js;dr (+9) "move In Print up, Unsorted down"
(view diff)
#
[tantek]
omz13, true re: concrete proposals and suggestions are always better
#
tantek.com
edited /js;dr (+172) "move Dead To History Examples up as that particularly proves the point"
(view diff)
mro and jacky joined the channel
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
jacky and mro joined the channel
#
jacky.wtf
edited /Koype (+515) "/* Features */ add proposal to support duration values in 'limit' and 'offset' for pagination"
(view diff)
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
[jgmac1106] joined the channel
#
loqi.me
created /Known_project (+18) "prompted by [kaichanvong] and redirect added by aaronpk"
(view diff)
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
jacky and mro joined the channel
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
jacky joined the channel
#
Loqi
[Event Updated] tracydurnell.com updated "May 11, 2022 6:00pm Homebrew Website Club - Pacific" changed summary "added note to summary" https://events.indieweb.org/event/368/history/1081/diff
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
mro joined the channel
#
@Shoq
↩️ really stupid mistakes lately, but this is one we definitely do not want to make again. I am making it my mission to remind us all of our options, and probably offering a few on my own. If you don’t know about the #POSSE and other #Indieweb concepts, learn.
(twitter.com/_/status/1525175507515588610)
jacky joined the channel
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
jacky joined the channel
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
mro joined the channel
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
mro joined the channel
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
gRegor joined the channel
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
[jgarber] joined the channel
#
www.ciccarello.me
edited /Instagram (+42) "clean up downtime"
(view diff)
jacky joined the channel
#
[tantek]
hmm wonder how our /POSSE traffic is doing
#
[tantek]
^ one of the top /POSSE referers
mro joined the channel
#
www.ciccarello.me
edited /Instagram (+11) "organize criticism"
(view diff)
#
Loqi
Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
#
[tantek]
aciccarello++ nice cleanup on IG Criticism and incorporating from See Also!
#
Loqi
aciccarello has 1 karma over the last year
jacky joined the channel
#
www.ciccarello.me
edited /Instagram (+2) "move criticism of policy"
(view diff)
#
[aciccarello]
Thanks, my brain can't parse the See Also sections when they get overloaded like that. It's also interesting to look at what criticisms are collected. Probably could be organized more but I'm done for now.
#
gregorlove.com
created /events/2022-04-27-hwc-pacific (+1224) "archive etherpad"
(view diff)
#
gregorlove.com
created /events/2022-04-20-hwc-pacific (+647) "archive etherpad"
(view diff)
#
jacky.wtf
edited /curlability (+17) "add reference to js;dr"
(view diff)
#
gregorlove.com
created /events/2022-04-13-hwc-pacific (+2402) "archive etherpad"
(view diff)
#
Loqi
Just generated this week's newsletter! You still have a few minutes to make changes, and I'll re-generate it 10 minutes before it gets sent out at 3pm Pacific time. https://indieweb.org/this-week/2022-05-13.html
#
Loqi
Generated the final version of the newsletter! This will be sent out at 3pm Pacific time. https://indieweb.org/this-week/2022-05-13.html
#
tantek.com
edited /create (+62) "see also mew, incorporate see alsos into content"
(view diff)
#
tantek.com
edited /2022/Düsseldorf (+41) "btconf side event description"
(view diff)
jacky joined the channel
#
tantek.com
edited /2022/Düsseldorf/btconf-side-event (+109) "use archive.org link since current btconf side-events link redirects to speakers page!"
(view diff)
#
tantek.com
edited /2022/Düsseldorf (+111) "/* Friday Informal Social */ note To1980 put away their outdoor seting"
(view diff)
#
tantek.com
edited /2022/Düsseldorf (+0) "/* Friday Informal Social */ 2022"
(view diff)
#
[chrisaldrich]
I just realized it's Friday and not Thursday. Thanks for bursting my bubble Loqi. I did want to add a few things... perhaps tomorrow when there's more time.