#social 2015-05-16

2015-05-16 UTC
bengo, bblfish, jasnell, tilgovi, almereyda, LCyrin and jasnell_ joined the channel
#
elf-pavlik raucao, next week in Berlin! http://dtn.is/ “Terra nemo” is a Latin expression meaning “No man’s land”. Data Terra Nemo is a technical conference for discussing the ideas behind systems and protocols without centralized ownership and how they impact the landscape of the Internet.
#
elf-pavlik i know people who coordinate this event and could ask them to give you a ticket :)
tilgovi joined the channel
#
elf-pavlik rhiaro, could you maybe also support "Accept: application/ld+json" on http://rhiaro.co.uk/activities for easy use in http://json-ld.org/playground/ ?
#
rhiaro elf-pavlik: sure
#
elf-pavlik this way we can share playground links like http://tinyurl.com/npswymb
#
elf-pavlik which simply points JSON-LD playground to load remote document :)
#
rhiaro elf-pavlik: done
#
elf-pavlik rhiaro++ http://tinyurl.com/n99wn77
#
Loqi rhiaro has 93 karma
#
rhiaro hmm
#
rhiaro oh it just took a second
#
rhiaro I thought it was empty
#
rhiaro is grossed out by blank nodes, gonna give the activities ids ;)
#
elf-pavlik {
#
elf-pavlik "@type": "me:Consume",
#
elf-pavlik "actor": "about#me",
#
elf-pavlik "object": "http://llog.rhiaro.co.uk/1431704069",
#
elf-pavlik "published": "2015-05-15T16:34:29+01:00",
#
elf-pavlik "result": "http://llog.rhiaro.co.uk/1431704069"
#
elf-pavlik }
#
rhiaro I know
#
rhiaro known issue that I consume blog posts :p
#
elf-pavlik :D
#
rhiaro gonna publish notes from doing the conversion in a sec
#
rhiaro I don't have URIs for all the food, so not sure what I'm going to do with this yet
#
rhiaro but that reminds me, I need to log breakfast
#
elf-pavlik you could create Meal object
#
elf-pavlik maybe with something like http://schema.org/TypeAndQuantityNode
#
elf-pavlik Meal could have http://schema.org/includesObject
#
elf-pavlik we can discuss it in https://www.w3.org/community/restonto/ ;)
#
elf-pavlik BTW have you seen http://openmensa.org ?
#
rhiaro it seems like a lot of work to make objects for every meal, at the moment all I want to do is display them, so strings are serving me fine
#
rhiaro If I wanted to cross-query with what other people eat, then every individual thing having a URI would be useful
#
rhiaro But there are defniitely other things I'm prioritising first
#
elf-pavlik you can still have object with type Meal and just use textual description for now
#
elf-pavlik https://twitter.com/elfpavlik/status/599490293667332096
#
Loqi @elfpavlik :: @openmensa would you like to join https://www.w3.org/community/restonto/ ? interop++ custom_parsing--
#
elf-pavlik { "@type": "me:Consume", "displayName": "eate an apple", "object": { "@type": "me:Meal", "displayName": "an apple" }}
#
rhiaro mmhm
#
elf-pavlik this way you could easily upgrade it to use strucutred data while still keeping simple "displayName" (value)
#
elf-pavlik better starts publishing it himself instead bothering rhiaro :)
#
rhiaro heh
#
rhiaro Current task is to find out why my micropub endpoint has been dropping all lat/lon
#
rhiaro well, it's been storing them, but dropping the post URI, so I have a bunch of lat/lon in my store all attached to the same empty node :P
#
elf-pavlik oops
#
rhiaro http://rhiaro.co.uk/endpoint.php?query=prefix+as2%3A+%3Chttp%3A%2F%2Fwww.w3.org%2Fns%2Factivitystreams%23%3E%0D%0ASELECT+*+WHERE+%7B%0D%0A++GRAPH+%3Fg+%7B+%3Fs+as2%3Alatitude+%3Flat+.+%3Fs+as2%3Alongitude+%3Flon+.+%7D%0D%0A%7D&output=turtle&jsonp=&key=&show_inline=1
#
elf-pavlik maybe you could store all payloads so you can later play them back ?
#
elf-pavlik needs to PESOS https://github.com/elf-pavlik?tab=activity using https://github.com/antoniogarrote/json-ld-macros
#
rhiaro ooh nice, I want to publish git commits
#
elf-pavlik i'll try out at some point http://git2prov.org/
#
rhiaro elf-pavlik: lol oops http://rhiaro.co.uk/endpoint.php?query=prefix+as2%3A+%3Chttp%3A%2F%2Fwww.w3.org%2Fns%2Factivitystreams%23%3E%0D%0Adescribe+%3Chttp%3A%2F%2Frhiaro.co.uk%2Fmicropub.php%3E&output=turtle&jsonp=&key=&show_inline=1
#
rhiaro hmm it seems incorrect to attach lat and lon to the post, but it's so much easier than creating location objects...
#
elf-pavlik http://schema.org/location
#
elf-pavlik Values expected to be one of these types
#
elf-pavlik Place
#
elf-pavlik PostalAddress
#
elf-pavlik i think geo: URI also fit here
#
elf-pavlik maybe Write activity would have location (you wrote it somewhere)
#
elf-pavlik but its result h-entry would have createdAt property or something like that
#
elf-pavlik http://dublincore.org/documents/dcmi-terms/#terms-spatial
#
elf-pavlik AS2 core already includes dc: and dct: prefixes http://www.w3.org/TR/activitystreams-core/#compact-iris
#
elf-pavlik dct:spatial seems older and more established than mf2:location
#
elf-pavlik http://microformats.org/wiki/location
#
rhiaro I haven't even thought about mf yet as I'm not displaying location
#
rhiaro but just fixed my bug, so next step is to display
jasnell joined the channel
#
rhiaro I'm leaving lat/lon on the post for now, might remodel some other time
#
elf-pavlik adds invitee, Invite and Invitation to https://github.com/w3c-social/social-vocab
stevenroose, bblfish_ and melvster joined the channel
#
melvster elf-pavlik: do you run GOLD? I think there's a keygen in there too
#
elf-pavlik gold?
bblfish joined the channel
#
melvster https://github.com/linkeddata/gold
jaywink joined the channel
#
elf-pavlik melvster, deoploying gold server sounds like steep entry just to generate WebID certificate, once again i recommend checking out super nice setup guided experience offered by https://indiecert.net/
#
elf-pavlik bblfish, http://webid.info/ maybe could provide way to generate certificates?
#
bblfish yes, good idea. Need to get round to doing that....
#
melvster elf-pavlik: creating webids by hand is not recommended for casual users, id suggested using databox.me
#
elf-pavlik http://databox.me/ doesn't allow me to specify my WebID :D
#
elf-pavlik if i just want to generate cert
#
melvster i wish indiecerty had supported webid instead of reinventing
#
elf-pavlik melvster, it does what it needs and people who use HTTPS can also use their WebID certificates
#
elf-pavlik as you see as of today WebID can give someone a really hard time just to bootstrap and give it a try
#
elf-pavlik while indiecert bootstrap takes < 5min and guides person step by step
#
elf-pavlik does http://webid.info/ have issues tracker?
#
melvster yes, but it should support the existing webid user base instead of balkanizing
#
melvster nih
#
melvster i think it's bad form to create a competing technology that excludes most of an existing user base, when that didnt have to be done at all
#
elf-pavlik if it doesn't support HTTPS WebIDs i'll file issue and work with fkooman on fixing it
#
elf-pavlik melvster, i hope you took some time to understand how indieauth/indiecert work and why fkooman decided to only support HTTPS ...
#
melvster elf-palvik: sorry, im only interested in convergence at this point, not divergence
#
melvster if indiecert will interoperate that's great
#
melvster but i did try it and it rejected my profile so far, ive left feedback already on github
#
elf-pavlik melvster, re: "existing webid user base" i read all the 15-20 people using WebID-TLS
#
melvster including me, bblfish, timbl and many people here
#
elf-pavlik https://github.com/fkooman/indiecert/issues/6#issuecomment-81187957
#
elf-pavlik melvster, can you name all those *many* people? besides those who you already mentioned maybe only rhiaro uses WebID-TLS and i'll add it as it becomes more friendly to bootstrap
melvster1 joined the channel
#
elf-pavlik ok deiu & sandro as well, i still may overestimated saying 15-20 people ...
#
elf-pavlik aaronpk, do you have any statistics on how many people uses IndieAuth? i guess most of them as of today use https://indieauth.com/
#
elf-pavlik once again jaywink++ for http://the-federation.info/
#
melvster1 elf-pavlik: im not sure what point you are trying to make
#
melvster1 other than to try and belittle another community which i dont find cool
#
elf-pavlik http://indiecert.net starts enabling everyone who uses IndieAuth to use client certs
#
elf-pavlik http://socialwg.indiewebcamp.com/irc/social/2015-05-16/line/1431780059365
#
melvster1 if you want to improve the user experience why dont you work on that?
#
melvster1 but people dont try and put other communities down
#
elf-pavlik i see myself willing to give WebID-TLS a try but as of it current state not really seeing myself very coninced of it usability
#
melvster1 i find that very hard to believve
#
melvster1 you took 2 years to add turtle to your profile
#
melvster1 you criticize it every chance you get
#
elf-pavlik not only criticize but try provide constructive feedback, like adding <script type="text/turtle"> ... </script> for much easier bootstrapping
#
melvster1 if you were really interested you would have followed the spec
#
elf-pavlik and taking inspiration from indiecert on how service can help someone to bootstrap in < 5min
#
elf-pavlik so far support you could offer me on bootstrapping my WebID-TLS 1) suggestion to try deploying 'gold' server 2) sending me to http://databox.me which doesn't really let me generate cert for my independent WebID
#
melvster1 elf-pavlik: rtfm
#
elf-pavlik it may corelate to current 'existing webid(-tls) user base' which i still think includes < 15 people
#
melvster1 i dont know where you get those stats
#
elf-pavlik reading http://webid.info/
#
elf-pavlik and searching for *Try it!* similar to one on https://indiecert.net/
#
elf-pavlik most likely inspired by *Try it!* on https://indieauth.com/ which would take one to 1. 2. 3. done! https://indieauth.com/setup
#
melvster1 elf-pavlik: read the spec, why not try and create the user experience, if you like it, why didnt indiecert support the existing work and converge, rather than trying to diverge, i dont respect you trying to belittle a community for being small, with made up statistics ...
#
bblfish indiecert mixes all kinds of authentification technologies no
#
bblfish ?
#
elf-pavlik melvster, do you refer to fkooman's choice of requiring HTTPS for WebIDs which want to delegate IndieAuth to https://indiecert.net ?
#
elf-pavlik bblfish, http://indiewebcamp.com/indieauth does
#
elf-pavlik currently https://indiecert.net/ pretty much enables people to use IndieAuth protocol with their client certificates
#
bblfish anyway, its cool the indieweb is doing client side certificates. I wonder how they use that for authentication though?
#
bblfish so it's used for authenticating to one web site only?
#
melvster1 yes
#
bblfish ah, there are a lot of sites that do that.
#
elf-pavlik what do you mean 'one web site only' ?
#
elf-pavlik one can use it with *any* relying party which implements https://indiewebcamp.com/distributed-indieauth
#
bblfish so how does the site know about the identity?
#
bblfish of the user
#
elf-pavlik see for example this Micropub client (server side one) https://reader.kylewm.com/
#
bblfish if I get an idieauth site and I go to bblfish.net how does bblfish.net know your identity?
#
elf-pavlik you can enter there: https://wwelves.org/perpetual-tripper
#
bblfish if you get an idieauth cert, how when you go to bblfish.net does bblfish.net know your identity?
#
elf-pavlik bblfish.net needs to show me input field where i can enter URI of my online identity
#
bblfish ah good
#
bblfish damn you guys are good
#
bblfish melvster1: we can't compete there
#
bblfish they are too numerous
#
elf-pavlik bblfish, after you add HTTPS to you website try: https://indiecert.net/ and enter https://bblfish.net
#
bblfish I am going to add https this weekend hopefully
#
elf-pavlik indiecert supports sites which use https://www.cacert.org/ for HTTPS
#
elf-pavlik cool, you'll see that indiecert.net will get you going in < 5 minutes
#
melvster1 bit it's centralized
#
elf-pavlik it may still have bug for identities with # but i will ask fkooman to work on fixing it
#
melvster1 webid is decentralized
#
elf-pavlik melvster, how centralized ?
#
melvster1 it depends on indiecert.net
#
elf-pavlik https://indiewebcamp.com/distributed-indieauth
#
elf-pavlik no!
#
melvster1 webid doesnt have any dependency
#
melvster1 webid just depends on web standards such as HTTP and follow your nose
#
melvster1 there's no trusted third party there
#
elf-pavlik melvster, possibly you don't understand https://indiewebcamp.com/distributed-indieauth
#
elf-pavlik trusted third party != centralized
#
elf-pavlik i can choose my trusted third party including running one myself
#
melvster1 compared to webid it is
#
elf-pavlik and it all works by 'follow your nose'
#
melvster1 webid just uses http and x.509
#
melvster1 if indiecet.net went down no one would able to log in anywhere
#
bblfish melvster1: what they have done is invent a little relying party protocol like we used to have
#
melvster1 that's centralization
#
melvster1 yes
#
elf-pavlik melvster1, i can host my own <link rel="authorization_endpoint" >
#
bblfish we could piggyback on that relying party protocol if they develop it well
#
melvster1 yes but at this point in time its not convergent
#
elf-pavlik sorry but i find what you talk nonsens, IMO based on not taking time to understand particular technology before developing opinion about it
#
bblfish we don't need the relying party protocol. And we did not standardise that
#
bblfish but it can be useful.
#
melvster1 bblfish++
#
Loqi bblfish has 11 karma
#
elf-pavlik nonsense i refered to http://socialwg.indiewebcamp.com/irc/social/2015-05-16/line/1431782993007
#
bblfish elf-pavlik: how does the site know that I logged in? It probably redirects to a URL that then sends some signed identifier no?
#
bblfish elf-pavlik: how does bblfish.net know that I am who I Said I am? It probably redirects to a URL that then sends some signed identifier no?
#
bblfish elf-pavlik: how does bblfish.net know that you are who you Said you were? It probably send the identifier to a URL that then sends a signed response no?
#
bblfish s/It/indiecert/
#
elf-pavlik bblfish, please see 1) http://indiewebcamp.com/indieauth 2) http://indiewebcamp.com/IndieAuthProtocol 3) http://indiewebcamp.com/distributed-indieauth 4) http://indiewebcamp.com/auth-brainstorming
#
bblfish This http://indiewebcamp.com/IndieAuthProtocol looks very much like OpenId
#
elf-pavlik sorry but i will not try to explain it here :|
#
elf-pavlik runs to prepare salad
#
melvster1 if indiecert.net went down no one would be able to log in, at this point in time, with webid tls, you'd need the whole internet to go down
#
bblfish https://blogs.oracle.com/bblfish/entry/the_openid_sequence_diagram
#
bblfish it's very similar.
#
melvster1 yes
#
bblfish so melvster1, they're not really competing with WebID-TLS but rather with OpenID.
#
melvster1 true
#
melvster1 but if they supported webid then the whole webid community could reuse the work
#
melvster1 its another example of divergence
#
bblfish Well the spec is there. Too simple perhaps.
#
bblfish or perhaps no hidden control point
#
bblfish ok, better get back to writing some code
#
melvster1 me too
jasnell, elf-pavlik_, tilgovi and melvster joined the channel
#
melvster elf_pavlik_: I would not recommend your pattern of self hosting to casual users, but GOLD contains a cert gen ... please dont expect individual 1 on 1 support, there's a mailing list for webid, which is the best place to go for questions, i believe you've posted support queries on there before, and they've been answered quickly https://databox.me/,system/newCert
#
melvster if generating an SSL keypair is not something you're comfortable with, id strongly recommend using the managed profile on a service like rww.io or databox.me
#
melvster and a few more will be coming soon, including world citizen we hope
#
aaronpk http://indiewebcamp.com/IndieAuthProtocol looks kind of like OpenID Connect because both are an identity layer on top of OAuth 2.0
#
melvster aronpk++
#
Loqi aronpk has 1 karma
#
melvster aaronpk: criticism of such systems are that there are central points of control, and that they can track the sites your use
#
aaronpk not sure what you mean.. there are no central points of control in indieauth
#
melvster sure there are
#
aaronpk are you sure you actually read it?
#
melvster yup
#
aaronpk you're going to have to clarify then
#
melvster it's the same as mozilla persona
#
melvster if the indieauth website went down a large % of the system would go down, id suspect that's close to 100%
#
aaronpk no, your'e totally missing the point
#
melvster i dont think i am
#
melvster we've had services like that before, and persona used one
#
aaronpk i explained this pretty well at indiewebcamp germany last weekend
#
aaronpk it's unfortunately confusing because of the two distinct roles indieauth.com plays
#
melvster no im not, in any case, webid + tls doesnt have any central points of failure in the same way
#
melvster it just uses PKI
#
aaronpk nobody is saying you have to use indieauth.com
#
melvster yes i get it
#
aaronpk it's a way to bootstrap indieauth from both sides, both users wanting their own authorization server, and services wanting to sign users in
#
melvster yes yes, this is exactly what mozilla said
#
melvster but years later people were still using it
#
aaronpk persona was too hard to implement so there was basically only one implementation
#
aaronpk there are already more indieauth servers implemented than persona
#
aaronpk this is the same reason openid failed, it was too hard
#
melvster openid failed due to politics
#
melvster i think it's still used by some tho
#
aaronpk almost all openid 1.0 provider services have shut down, there are still some consumers though. there's a surprising number of people who find indieauth.com because they need an openid 1.0 provider still
#
aaronpk the openid community has even moved on to OpenID Connect which is fundamentally different from OpenID 1.0 since it's built on OAuth 2.0
#
melvster aaronpk: there never really was a grass roots community in openid like there id with indieweb
#
melvster only maybe the first few weeks with bradfitz et all
#
melvster at livejournal
#
melvster by the time it got to 2.0 it was mainly big companies
#
melvster and they didnt want to support the self hosted version
#
melvster the original vision of openid i actually liked quite a lot
#
melvster but these things tend to get more centralized with time
#
melvster people tend to favour convenience over security and privacy
jasnell joined the channel
#
melvster aaronpk: in any case one of the criticisms of oauth / openid was that the third party gets a history of where there user has logged in
#
aaronpk that's really more of a side effect of using a third-party provider rather than using your own
#
aaronpk i ran my own openid provider so nobody else was involved in me signing in to sites
melvster joined the channel
#
melvster elf_pavlik_: id be interested to know where you got your stats on webid+tls usage (15-20 users) also do you know how many people use indiecert?
bblfish joined the channel
#
elf-pavlik melvster, can you point me to site supporting WebID-TLS login and using Nginx? I would like to take a look at how one configures Nginx for WebID-TLS
#
elf-pavlik bblfish, maybe you have link to configuring WebID-TLS login with Nginx? ^
#
melvster elf-pavlik: sorry, i dont use nginx personally, i run apache / GOLD
#
melvster ive had both of those working with webid tls
#
elf-pavlik melvster, any simple guide comparable to https://indiecert.net/rp
#
melvster elf-pavlik: no, I would not recommend setting up a server for webid tls unless you're thoroughly familiar with how X.509 and how PKI works, if you want to do it, I'd suggest the webid community group mail list
#
melvster ** a new server such as nginx I mean
#
elf-pavlik 'new' ?
#
melvster elf-pavlik: sorry, i dont have any experience with nginx, i cant guide you, try the ML
#
elf-pavlik i hope you understand why i don't consider WebID-TLS a technology ready for wide adoption
#
elf-pavlik while i very much like it as pioneering experiment
#
melvster no, i dont at all, but you're entitled to your opinion
#
melvster id encourage you to try the mailing list for someone that can help you
#
melvster sounds to me that you were going to be negative about it whatever the response was, i really suggest if you want to use this technology with nginx to talk to someone that's done that already, im sorry, that person is not me
#
melvster please try the ML
#
melvster webid is the widest deployed identity system on the internet
#
melvster if you want to use the TLS part with a specific server, you really need to go and find someone that is willing to help you
#
melvster i understand your frustration with the documentation, but you instead of making sweeping generalized negative comments, why not try and make it better?
#
elf-pavlik https://www.w3.org/Search/Mail/Public/search?keywords=nginx&hdr-1-name=subject&hdr-1-query=&index-grp=Public_FULL&index-type=t&type-index=public-webid
melvster joined the channel
#
elf-pavlik melvster, http://socialwg.indiewebcamp.com/irc/social/2015-05-16/line/1431808804274
#
melvster great, good luck, let us know how you get on with nginx ... i dont use that personally, so not really interesting to me, why not continue the discussion on the webid list, i think it's off topic here
#
elf-pavlik hopes melvster noticed dates from 2012
#
melvster yes and in 3 years you didnt follow the spec :)
#
melvster but im glad you are now serving a webid with turtle
#
elf-pavlik melvster, have you looked at https://indieauth.com/gpg
#
melvster no
#
melvster and i dont run osx
#
elf-pavlik aaronpk, i think IndieCert should use rel="publickey" instead of rel="me"
#
elf-pavlik eg. this line on my homepage <link rel="me" href="ni:///sha-256;Jppu8cEVKIdh-1MqyL3IIMJG5gwI3cb6kA-NmznmPS4?ct=application/x-x509-user-cert" />
#
elf-pavlik melvster, If you use gpg from the command line you can sign a text message with the following command.
#
elf-pavlik $ echo '(message from indieauth)' | gpg --sign --armor
#
melvster no, i dont, sorry
#
melvster id be more interested to use the web crypto api in a browser than opening an command line
#
melvster i think it's easy to spoof GPG keys anyway, isnt it
#
melvster the challenge has always been to get GPG into the browser with a good UX
#
melvster but nice idea
#
melvster im also unsure why you'd link a gpg key to an http page, or what that means
#
melvster x.509 was designed to do this
#
melvster iirc gpg was designed with email encryption in mind, x.509 designed with HTTP encryption in mind, and RSA was designed to encrypt anything
#
melvster as a quick hack, it's neat, but from a standards POV ie something that we may want to be around in 10-20 years time, it makes more sense to me to use the right tool for the right job, e.g. for a person to have control of a key, or certificate containing a key
#
melvster http page -> user -> key
#
melvster or
#
melvster http page -> user -> GPG key
#
melvster http page -> GPG key
#
melvster seems a bit hacky
#
melvster coincidentally we just visited an immigration office regarding giving stateless people a world citizen ship
#
melvster the comment I just got was: 'all those criticisms of PGP and the web of trust keep ringing in my head because I can see what a challenge this is going to be' ... 'just helping people become tech literate will be hard enough'
#
elf-pavlik needs to catch some sleep and tomorrow start preparing for http://dtn.is/
#
elf-pavlik gnight melvster!
#
melvster cu
#
aaronpk elf-pavlik: I agree about not using rel=me for the key, but you'd have to talk to indiecert about that :)
LCyrin joined the channel