#social 2015-05-14
2015-05-14 UTC
bengo and jasnell joined the channel
# 
ben_thatmustbeme elf-pavlik: obviously its better to use https for security reasons. People have mostly not wanted to require https because new users find it difficult to set up their own ssl cert, or just don't want to spend any money
jasnell, bblfish, bengo, tilgovi, KevinMarks, the_frey, bret, kylewm, shepazu, rhiaro, raucao, the_frey_, melvster1, elf-pavlik, wilkie, rhiaro_, jaywink and stevenroose joined the channel
# 
elf-pavlik ben_thatmustbeme, re: "new users find it difficult to set up their own ssl cert, or just don't want to spend any money", as I said by the time specs we work on here will reach status of W3C TR, https://letsencrypt.org should work and more similar solutions start to appear
# elf-pavlik anyways
# elf-pavlik action-64
# elf-pavlik oshepherd, http://foo.me != https://foo.me and if people start using http: URIs for their identity, switching them to https: later might come with some challenges
the_frey joined the channel
# ben_thatmustbeme we've found in practice its better to treat https:// == http:// or at least provide a notification of the change and upgrade their account on said system
# ben_thatmustbeme technically facebook.com/me and facebook.com/ME are different, but always treated the same. most web servers force case incensitivity. Don't get me wrong i would prefer https:// everywhere
# elf-pavlik IMO using https://foo.name/bar and http://foo.name/bar for different resources also doesn't really make much sense
# ben_thatmustbeme it doesn't. its technically possible, but seems rather foolish, far to many applications assume them to be the same
gx joined the channel
# ben_thatmustbeme we have started to suggest people warn those logging in without https and recommend they upgrade, but we don't require it
# ben_thatmustbeme I could see requiring it for private messaging though.
# elf-pavlik using HTTP with IndieAuth sounds like pretty bad idea, especially currently with rather centralized indieauth.com, i think on hot spots someone could rather easily explit redirects and spoof ...
# elf-pavlik better leaves it to security experts to deal with it..
# elf-pavlik afk for ~2h
# ben_thatmustbeme tries to think through indieauth for a sec. well there are 2 layers to it. I doubt anyone would be running their server on a local wifi. if you are trying to log in to a site with HTTPS via indie-auth a person would have to be sniffing traffic between the servers (you never load your own site directly)
# ben_thatmustbeme if you are logging in to a system without https.... all you post is your URL, that redirects you to https on indieauth, where you have actually auth, but the redirect links back to your site are able to be sniffed and thus gain access
jasnell joined the channel
# ben_thatmustbeme its not giving away ability to log in generically, but you could steal a single log in, which depending on how much access is give, that could be bad, yeah
# elf-pavlik ben_thatmustbeme, can you elaborate on "how much access" part?
# elf-pavlik will need to run in 15min but will check logs later
# elf-pavlik if i run micropub client, can i have any restrictions on what i can post to people's micropub endpoints of for how long i can write to them?
# elf-pavlik action-62
# ben_thatmustbeme elf-pavlik, that depends entirely on their implementation. I expire tokens for my micropub endpoint after a month going unused. I was talking more about auth vs getting a token
# ben_thatmustbeme for micropub i would definitely strongly recommend https
# elf-pavlik needs to catch up on authentication vs. authorization in IndieAuth
# ben_thatmustbeme although its possible even when its only auth to just rewrite their original request to ask for post access
# ben_thatmustbeme elf-pavlik: its pretty simple, if there is a scope defined after authentication, then it goes on to the token endpoint to get an auth token for that scope
# ben_thatmustbeme you see the scope requested on indieauth when logging in, it clearly says what scopes it is asking for. but I'm sure many people will ignore that
# elf-pavlik ben_thatmustbeme, where i can sign in to see request of access for certain scope?
# ben_thatmustbeme any micropub endpoint
# ben_thatmustbeme s/endpoint/client
# elf-pavlik "No Auth Endpoint Found"
# ben_thatmustbeme just type in my URL
# elf-pavlik https://monocle.p3k.io/ logs me in but i don't see it asking for scope
# elf-pavlik post
# elf-pavlik edit
# elf-pavlik delete
# ben_thatmustbeme ahh, yeah, i need to recheck that. i believe i limit to no dirs
# elf-pavlik remoteStorage does scopes per 'module'
# elf-pavlik contacts, todos etc.
# ben_thatmustbeme i added edit and delete. i believe its something that would have to be standardized
# ben_thatmustbeme as your site has to know what the hell 'edit' means
# elf-pavlik so app for events don't messes with contacts etc.
# ben_thatmustbeme I started to play with that actually, https://ben.thatmustbe.me/manage/contacts?url=tantek.com
# elf-pavlik ben_thatmustbeme++
# elf-pavlik okie doke, got to run :)
# ben_thatmustbeme i think that seems pretty reasonable post, contacts, etc
# elf-pavlik todos
# elf-pavlik calendar
# elf-pavlik wishlist
# elf-pavlik etc.
# elf-pavlik maps
# ben_thatmustbeme definitely something that would have to be thought through. I don't think i'd want one for every post type 'post', 'checkin', etc
# elf-pavlik needs to check how Android defines access categories
# elf-pavlik IMO IndieWeb seems very blogger centric while i see social going much broader than posting notes
# elf-pavlik afk
# ben_thatmustbeme i'd say thats a fair evaluation. Its mostly where the simplest starting point is.
aaronpk, bengo, tilgovi, elf-pavlik_, the_frey and LCyrin joined the channel
# 
LCyrin hey wilkie
# LCyrin wilkie, what do you use for image uploads on rstatus
bengo joined the channel
# elf-pavlik raucao, have you looked at https://demo.cozycloud.cc/#home ?
# elf-pavlik it uses vCard and iCalendar (also CardDAV and CalDAV), both vCard and iCalendasr have RDF definitions published by W3C
# elf-pavlik we could focus on getting those working across remoteStorage, CozyCloud and Social Data we work with here
# elf-pavlik SoLiD also has contact manager and meeting scheduler apps https://github.com/linkeddata/SoLiD#applications
# raucao sounds good
# bengo nice share
# bengo What is the point of the as:Article objectType that just extends as:Content but doesn't encourage any new properties?
# bengo The only qualifier for that subset of as:Content is 'multi-paragraph'. Does that mean if I'm accepting user input, I should call one-paragraph Content as:Content and everything else as:Article (or extension)?
# bengo (same for as:Note, which is non-normatively ""A Short note, typically less than a single paragraph. A \"tweet\" is an example, or a \"status update\""@en ."
bengo joined the channel
# elf-pavlik jasnell, maybe you can answer bengo's questions? ^
KevinMarks joined the channel
# bengo kinda seems like a 'no right answers' sort of thing. I'm implementing now and may just make everything Content
# bengo or our own extensions
# bengo Does that mean if I'm accepting user input, I should call one-paragraph Content as:Content and everything else as:Article (or extension)?
bblfish joined the channel
# bengo Got it, thanks for the context :)
# bengo @jasnell It'd be awesome if someday the utility of this lib was eventually baked into browsers. https://github.com/jasnell/linkeddata-vocabs
# bengo That way every lib that needs to say "Is this LD object a subclass of as:Content" wouldn't need to bundle it itself
# bengo *browser lib
# bengo e.g. yesterday I tried to browserify/uglify/gz https://www.npmjs.com/package/activitystrea.ms and it was 88k gripped https://cloudup.com/cI5DiuvvCea
# bengo not that that was necessarily because of linkeddata-vocabs, but every byte saved is nice!
almereyda joined the channel
# elf-pavlik issue-12
# bengo thanks @elf-pavlik
# bengo Or maybe a good browser feature is a json-ld expansion feature that automatically knows about type inferences from w3c-published ontologies like AS/Annotation
LCyrin and bblfish joined the channel
# elf-pavlik action-43
# elf-pavlik going to sleep :)
Arnaud joined the channel
# bengo aaronpk not tight now afaict
# bengo http://linkeddatafragments.org/ would be a good pattern to support for it
# bengo Anyone ever implemented AS2 for 'flag as spam' or 'flag as inappropriate'?
# bengo How do you model the difference?
# bengo Discrete subclassOf as:Flag?
# bengo or target: property of as:Flag instance?
bengo joined the channel
# bengo nvm the wiki answers "The Flag activity is generalized here without specifying detail about *why* the content was flagged. Subclasses of the Flag activity can be used to provide more detail... e.g.
# bengo :FlagAsAbusive a as:Activity ;
# bengo rdfs:subClassOf as:Flag ."
# bengo For now I will do
# bengo * as:Flag
# bengo - lf:Flag
# bengo - lf:FlagSpam
# bengo - lf:FlagOffensive
# bengo - lf:Disagree
# bengo - lf:OffTopic
# bengo ooh
# bengo interesting
# bengo hard for me to think about what the independent semantics of lf:Spam would be there
# bengo e.g. how to interpret [as:Content, lf:Spam]
# bengo According to http://www.w3.org/TR/2015/WD-activitystreams-vocabulary-20150129/#dfn-mention, the as:Mention ObjectType is owl:subclassOf as:Link
# bengo however: as:Link a owl:Class ;
# bengo owl:disjointWith as:Object ;
# bengo Wouldn't that mean that as:Mention is not an as:Object. And then it's weird that it's listed under "Object Types"?
# bengo it is the only "Object Type" that extends as:Link
# bengo thx
melvster1 joined the channel
# melvster1 elf-pavlik: so does your webid work?
bengo, tilgovi and Arnaud1 joined the channel