#meta 2022-05-13

2022-05-13 UTC
jacky joined the channel
#
[chrisaldrich] robots txt << for [[fun]]: https://www.last.fm/robots.txt with details at https://www.wired.com/2010/08/robot-laws/
#
Loqi ok, I added "for [[fun]]: https://www.last.fm/robots.txt with details at https://www.wired.com/2010/08/robot-laws/" to the "See Also" section of /robots_txt https://indieweb.org/wiki/index.php?diff=81406&oldid=76748
jacky joined the channel
#
[tantek] Hey folks, while in Düsseldorf, a few of us there started chatting IWC Berlin options so I wanted to ask folks here who would consider traveling to please add your availability/pref to the Planning section for IWC Berlin this September: https://indieweb.org/Planning#Berlin
#
[tantek] ^ GWG, aaronpk in particular
#
GWG [tantek]: Thank you for thinking of me
#
[tantek] We still need a venue but hopefully we can start to collect some interest on dates
jacky joined the channel
#
david.shanske.com edited /Planning (+97) "/* Berlin */" (view diff)
#
david.shanske.com edited /Planning (+84) "/* Berlin */" (view diff)
#
[chrisaldrich] misses the Summit
[sebsel] joined the channel
#
GWG Are we only going to try for IWCs in Europe?
#
[tantek] also misses the summit
#
[tantek] GWG, we're going to try wherever someone is willing to do the work to find a venue and be upfront about participation requirements etc.
#
[tantek] so far that's been Europe
#
GWG I've never had luck with venues. I have no connections.
#
GWG Maybe we should also try to get some popups on the agenda.
#
GWG [tantek]: I'm only willing to do non-venue work.
#
[tantek] GWG, the remote participation and session recording/posting work you've done has been great
#
GWG I meant, at a physical event. I am willing to come and do things, but I think finding the venue is not my strength
#
GWG I don't have the contacts
#
[tantek] before I forget, the iPad with Zoom + Jabra Speak solution was the winner at IWC DUS
#
[tantek] also Joschi's amazing 360deg camera with built-in Android that somehow had a Zoom client :exploding_head:
#
GWG I have a few items I'm contemplating for future in person events.
#
[tantek] GWG, this is why we need a diversity of organizers with different skillsets
#
[tantek] e.g. I have better luck finding venues than setting up remote participation
#
[tantek] Joschi's 360deg camera may be worth an impulse buy at some point
#
GWG [tantek]: Wasn't it around 900?
#
[tantek] actually, what did that look / feel like from your perspective GWG? the view of the "main room" with the two rows of participants
#
[tantek] and how was the audio?
#
GWG It looked and worked very well.
#
[tantek] yes it may have been ~900. though considering that includes essentially a whole computer setup to do Zoom that may be worth it
#
GWG I will continue to look for lower alternatives, but it may be worth having one of them if we pick up
jacky joined the channel
#
IWDiscordGateway <fncll> I’d be happy to help organize something but don’t have the skills or knowledge to be more than an assistant. For online or Seattle/Tacoma or possibly Portland areas.
jacky joined the channel
#
GWG fncll: There's venue that is an issue.
#
Loqi Just generated the first draft of this week's newsletter! https://indieweb.org/this-week/2022-05-13.html I'll generate a draft again tomorrow, so please add to it before then! https://indieweb.org/this-week#How_to
#
denmchenry.com edited /User:Denmchenry.com (+26) "Moved webmentions from itches to scratched." (view diff)
#
[Chris_Lott] I was just registering my support.
mro joined the channel
#
@brianwisti Slowly but surely streamlining that tumblelog flow, which also means I'm spending more time in Emacs. That's just weird. Anyways, checking out how share links work, for some near future ideas for serverless #IndieWeb POSSE syndication. https://randomgeekery.life/posts/2022/05/1652421774/ (twitter.com/_/status/1524995627058348033)
mro and jamietanna joined the channel
#
omz13.com edited /well-known (+221) "Add pointers to the specification and registry" (view diff)
#
sknebel omz13: that link belongs more on https://indieweb.org/.well-known and is there already afaik (bit confusing ,but one page is for the general pattern and the other for the specific /.well-known/ path)
mro joined the channel
#
omz13 sknebel: yes but no: .well-known as a page should not exist. Any half-decent web server deployment would be configured to filter out /.well-known requests and serve up its content from an admin writable only folder... or the wiki engine should do it. It is mis-configuration not a problem.
#
sknebel a) the page .well-known is distinct from the folder, which is indeed restricted b) but our wiki anyways makes this distinction, so please put the things in the right pages anyways
#
omz13 Then somebody should alias well-known page to .well-known page because it is not obvious
#
omz13 or vice-versa. or whatever.
#
aaronpk saying every web server should only serve .well-known from an admin writable folder is kind of silly, that's like saying every web server should make sure they are aware of every possible mechanism anyone might use and block access to those paths. which also kind of goes to show the problem with .well-known to begin with, that if a path there enables some sort of functionality then anyone who might be
#
aaronpk able to create that path can turn it on
#
aaronparecki.com edited /.well-known (+221) "move reference from [[well-known]]" (view diff)
#
aaronparecki.com edited /well-known (-221) "move reference to [[.well-known]]" (view diff)
#
omz13 what I was trying to say was if you don't configure (harden) your server or application correctly, don't complain when people do stupid stuff if you let them play in your .well-known folder
#
omz13 do we need to add a trigger warning whenever .well-known is mentioned because that is how it feels around here
[Murray] joined the channel
#
aaronpk the point is .well-known is not the only way to do well-known URLs, so just blocking .well-known from being user-editable isn't enough, you have to go list out every possible well-known URL that might cause a problem if it's user-editable and block that too
#
aaronpk that's also why there are two different wiki pages
#
omz13 am I missing something because if request path starts with /.well-known/ then burp
#
aaronpk also robots.txt and humans.txt and whatever else anyone comes up with
#
IWDiscordGateway <capjamesg> tech-stack.txt
#
IWDiscordGateway <capjamesg> credits.txt
#
IWDiscordGateway <capjamesg> sponsors.txt
#
IWDiscordGateway <capjamesg> Let's txt everything!
#
IWDiscordGateway <capjamesg> (sarcasm)
#
aaronpk this is arguably the reason _for_ putting all well-known things in the .well-known folder but there's nothing stopping someone from creating something that doesn't do that
#
omz13 capjamesg: let's json everything?! /s
#
[KevinMarks] Well there's another 2 layers of that with LRRD and webfinger
#
omz13 wearing my BOFH hat, it is far easier to put all that meta-thing into /.well-known/thing because it can be locked down so lusers don't twiddle with things they are not meant to twiddle with... and you can do evil things with reverse proxy or application middleware to achieve that
#
petermolnar that is certainly the BOFH hat, thinking .well-known is out of the context of the site. That is exactly why it shouldn't exist, particularly for non-web protocols, eg. mta-sts, which should be killed with fire.
#
[tantek] "nothing stopping someone from creating something that doesn't do that" <-- this is exactly what happened with "security.txt" AFAIK, which was created *after* .well-known became a "thing". And yes they're both RFCs 🙄
#
[tantek] .well-known << Criticism: bad approach that is counter to the read-write web and adds extra [[admintax]] to all server maintainers: https://chat.indieweb.org/meta/2022-05-13/1652432145141300
#
Loqi ok, I added "Criticism: bad approach that is counter to the read-write web and adds extra [[admintax]] to all server maintainers: https://chat.indieweb.org/meta/2022-05-13/1652432145141300" to the "See Also" section of /.well-known https://indieweb.org/wiki/index.php?diff=81414&oldid=81413
#
[tantek] .well-known << Criticism: unnecessary domain-level assumption for use-cases that can by handled by resource-level discovery: it's almost always a web architecture error to design something for a domain (also includes root /noun.txt approaches) instead of designing for an arbitrary URL (HTML at some page).
#
Loqi ok, I added "Criticism: unnecessary domain-level assumption for use-cases that can by handled by resource-level discovery: it's almost always a web architecture error to design something for a domain (also includes root /noun.txt approaches) instead of designing for an arbitrary URL (HTML at some page)." to the "See Also" section of /.well-known https://indieweb.org/wiki/index.php?diff=81415&oldid=81414
#
[tantek] .well-known << Alternative: instead of forcing/squatting a specific path on web server admins, use link rel for discovery. The W3C [[Social Web Working Group]] resolved on this methodology (also known as "follow your nose") years ago for all the approaches being considered, and subsequently all of the W3C Recommendations they produce used link rel discovery, without any need for ".well-known"
#
Loqi ok, I added "Alternative: instead of forcing/squatting a specific path on web server admins, use link rel for discovery. The W3C [[Social Web Working Group]] resolved on this methodology (also known as "follow your nose") years ago for all the approaches being considered, and subsequently all of the W3C Recommendations they produce used link rel discovery, without any need for ".well-known"" to the "See Also" section of /.well-known https://indieweb.org/wiki/index.php?diff=81416&oldid=81415
#
omz13 "For websites, the security.txt file should be placed under the /.well-known/ path (/.well-known/security.txt) [RFC8615]. It can also be placed in the root directory (/security.txt) of a website, especially if the /.well-known/ directory cannot be used for technical reasons, or simply as a fallback. The file can be placed in both locations of a website at the same time."
#
[tantek] right, so they squatted two paths with that language. really bad design
#
omz13 close reading = preferred location is under /.well-known/
#
[tantek] the referenced RFC8615 even uses the term "might" as the caveat for placing at /security.txt ("might" is not in RFC2119, but is in RFC6919)
#
loqi.me created /HODL (+142) "prompted by [tantek] and dfn added by [tantek]" (view diff)
#
loqi.me edited /HODL (+40) "[tantek] added "[[commonplace book]]" to "See Also"" (view diff)
#
[tantek] sorry not RFC8615 but rather https://www.ietf.org/rfc/rfc9116.txt
#
[tantek] > For legacy compatibility, a "security.txt" file might be placed at the top-level path or redirect"
jacky joined the channel
#
omz13 [tantek] feel free to raise your concerns at https://github.com/securitytxt/security-txt and kindly note: security.txt is now RFC9116
#
Loqi [securitytxt] security-txt: A proposed standard that allows websites to define security policies.
jacky joined the channel
#
[tantek] omz13, yeah I'm considering a blog post or at least a tweet asking "Anyone know of an effort to write-up a "/noun.txt proposals considered harmful" blog post, finding etc.? " and security.txt will likely get a mention since they were sloppy about not being strictly confined to .well-known. Also the use of "might" without citing 6919, tsk tsk tsk
#
omz13 https://www.rfc-editor.org/errata.php#reportnew
#
[tantek] indeed, perhaps as a syndication target
#
[tantek] aaronpk, have you done any POSSE-to-RFC-errata? 😉
#
[tantek] (looks like that target does generate permalinks for submissions so that would work)
#
omz13 [tantek] I'm sure an errata submitted from you would be more appreciated and beneficial than all that "tsk tsk tsk" et al
#
[tantek] omz13 I'll have to consider what the exact fix would be, beyond pointing out the problem
#
[tantek] since several potential fixes are possible
#
[tantek] considers redirecting any top-level path squats from specs to a rickroll
#
omz13 concrete proposals and suggestions are always better than just saying something "sucks" or pounding on "criticism"
jacky joined the channel
#
@ton_zylstra ↩️ http://micro.blog? IndieWeb? ActivityPub? Meer een vraag van adoptie dan techniek lijkt me. Publicspaces? (twitter.com/_/status/1525110522940637186)
#
@DamnitPharmer ↩️ @Shoq @indiewebcamp @NewYorker I think we’ve more than proven that we need policed., It just needs to be by affair and just hand. (twitter.com/_/status/1524929965376012289)
#
tantek.com edited /js;dr (+328) "move some examples from See Also to Unsorted" (view diff)
#
tantek.com edited /js;dr (+9) "move In Print up, Unsorted down" (view diff)
#
[tantek] omz13, true re: concrete proposals and suggestions are always better
#
tantek.com edited /js;dr (+172) "move Dead To History Examples up as that particularly proves the point" (view diff)
mro and jacky joined the channel
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
jacky and mro joined the channel
#
jacky.wtf edited /Koype (+515) "/* Features */ add proposal to support duration values in 'limit' and 'offset' for pagination" (view diff)
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
[jgmac1106] joined the channel
#
loqi.me created /Known_project (+18) "prompted by [kaichanvong] and redirect added by aaronpk" (view diff)
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
jacky and mro joined the channel
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
jacky joined the channel
#
Loqi [Event Updated] tracydurnell.com updated "May 11, 2022 6:00pm Homebrew Website Club - Pacific" changed summary "added note to summary" https://events.indieweb.org/event/368/history/1081/diff
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
mro joined the channel
#
@Shoq ↩️ really stupid mistakes lately, but this is one we definitely do not want to make again. I am making it my mission to remind us all of our options, and probably offering a few on my own. If you don’t know about the #POSSE and other #Indieweb concepts, learn. (twitter.com/_/status/1525175507515588610)
jacky joined the channel
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
jacky joined the channel
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
mro joined the channel
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
mro joined the channel
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
gRegor joined the channel
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
[jgarber] joined the channel
#
www.ciccarello.me edited /Instagram (+42) "clean up downtime" (view diff)
jacky joined the channel
#
[tantek] hmm wonder how our /POSSE traffic is doing
#
[tantek] this is great: https://app.usefathom.com/share/zphfryaa/indieweb.org#/?filters=%5B%7B%22property%22%3A%22Path%22%2[…]%2FPOSSE%22%7D%5D&range=last_7_days&site=20823
#
[tantek] good times: https://thewebisfucked.com/
#
[tantek] ^ one of the top /POSSE referers
mro joined the channel
#
www.ciccarello.me edited /Instagram (+11) "organize criticism" (view diff)
#
Loqi Generated a new draft of the newsletter! https://indieweb.org/this-week/2022-05-13.html
#
[tantek] aciccarello++ nice cleanup on IG Criticism and incorporating from See Also!
#
Loqi aciccarello has 1 karma over the last year
jacky joined the channel
#
www.ciccarello.me edited /Instagram (+2) "move criticism of policy" (view diff)
#
[aciccarello] Thanks, my brain can't parse the See Also sections when they get overloaded like that. It's also interesting to look at what criticisms are collected. Probably could be organized more but I'm done for now.
#
gregorlove.com created /events/2022-04-27-hwc-pacific (+1224) "archive etherpad" (view diff)
#
gregorlove.com edited /Template:Homebrew_Website_Club (+91) "+04/27" (view diff)
#
gregorlove.com created /events/2022-04-20-hwc-pacific (+647) "archive etherpad" (view diff)
#
gregorlove.com edited /Template:Homebrew_Website_Club (+91) "+04/20" (view diff)
#
jacky.wtf edited /curlability (+17) "add reference to js;dr" (view diff)
#
gregorlove.com created /events/2022-04-13-hwc-pacific (+2402) "archive etherpad" (view diff)
#
gregorlove.com edited /Template:Homebrew_Website_Club (+91) "+04/13" (view diff)
#
Loqi Just generated this week's newsletter! You still have a few minutes to make changes, and I'll re-generate it 10 minutes before it gets sent out at 3pm Pacific time. https://indieweb.org/this-week/2022-05-13.html
#
Loqi Generated the final version of the newsletter! This will be sent out at 3pm Pacific time. https://indieweb.org/this-week/2022-05-13.html
#
tantek.com edited /create (+62) "see also mew, incorporate see alsos into content" (view diff)
#
tantek.com created /2022/Düsseldorf/btconf-side-event (+2071) "archive from https://beyondtellerrand.com/events/dusseldorf-2022/side-events" (view diff)
#
tantek.com edited /2022/Düsseldorf (+41) "btconf side event description" (view diff)
#
@indiewebcamp This week in the #indieweb https://indieweb.org/this-week/2022-05-13.html (twitter.com/_/status/1525238214729949185)
jacky joined the channel
#
tantek.com edited /2022/Düsseldorf/btconf-side-event (+109) "use archive.org link since current btconf side-events link redirects to speakers page!" (view diff)
#
tantek.com edited /2022/Düsseldorf (+111) "/* Friday Informal Social */ note To1980 put away their outdoor seting" (view diff)
#
tantek.com edited /2022/Düsseldorf (+0) "/* Friday Informal Social */ 2022" (view diff)
#
[chrisaldrich] I just realized it's Friday and not Thursday. Thanks for bursting my bubble Loqi. I did want to add a few things... perhaps tomorrow when there's more time.