#social 2015-07-15

2015-07-15 UTC
bblfish, bblfish_, jasnell, melvster, tilgovi, jasnell_, shepazu, jaywink, melvster1 and csarven joined the channel
# 10:19 
csarven re: KevinMarks 's comment here http://socialwg.indiewebcamp.com/irc/social/2015-07-14#t1436896293079 . I don't see any reference to mf(2) requirement in the Webmentions spec ( http://webmention.org/ ?), hence, even for the sake of the argument SoLiD employed Webmentions, it doesn't imply that it needs to use mf2. That's my understanding of the Webmentions spec - please correct me if I'm wrong.
# 10:30 
ben_thatmustbeme You are quite correct csarven
# 10:30 
csarven Webmention + HTTP headers is probably the only common ground which can be made without looking at the response body. As it stands, Webmention URLs can contain any serialization e.g., JSON-LD, Turtle, HTML+RDFa / mf2
# 10:31 
melvster1 csarven++
# 10:31 
Loqi csarven has 10 karma
bblfish and tilgovi joined the channel
# 12:45 
csarven Proposal to simplify Webmention: The Webmention endpoint receives a POST with the source URL, where its response contains the target URL. If the endpoint wishes to do anything further with the contents of the source URL, it can do so as it likes.
# 13:01 
ben_thatmustbeme being discussed on #indiewebcamp on freenode
# 13:01 
csarven Thanks ben_thatmustbeme
# 13:01 
csarven Will try to summarize here at a later time.
# 13:07 
melvster1 ben_thatmustbeme: I'd love to see webmention support JSON
# 13:08 
ben_thatmustbeme adding JSON just adds extra parsing, its pointless
# 13:08 
ben_thatmustbeme plus why would you want to
# 13:09 
ben_thatmustbeme and when i say extra parsing i mean in ALL cases.  You cannot trust JSON passed directly to you from an external source.  You have to parse it even in JSON
# 13:09 
ben_thatmustbeme POST requests are handled by the server/programming language already
# 13:09 
melvster1 it depends on the json
# 13:10 
ben_thatmustbeme no, we established that fact at F2F2.  Tim agreed, if you receive JSON from an external source, its an extra parsing step, JSON is not native to any language except javascript and even in node you should be parsing it and not passing it directly (for safety)
# 13:11 
melvster1 i dont remember that :)
# 13:11 
melvster1 SSL is secure
# 13:11 
melvster1 ... for example
# 13:11 
ben_thatmustbeme doesn't matter, SSL just prevents injection, you have to trust the source
# 13:11 
ben_thatmustbeme and then you are only covering a set of cases
# 13:11 
ben_thatmustbeme not all
# 13:12 
ben_thatmustbeme plus you are putting a pretty big trust on other people not being compromised
# 13:12 
ben_thatmustbeme also, webmentions can be over SSL
# 13:12 
melvster1 ben_thatmustbeme: doesnt webfinger *always* put pretty big trust on the other person not being compromised?
# 13:12 
melvster1 s/webfinger/webmention
# 13:13 
melvster1 webfinger--
# 13:13 
Loqi webfinger has -8 karma
# 13:14 
ben_thatmustbeme no, it only checks that there is a site there, how much you trust the data returned from that site is at a different level
# 13:14 
ben_thatmustbeme but in indieweb, you use only text (few use the actual html for that very reason)
bblfish joined the channel
# 13:15 
ben_thatmustbeme so if someone else's site is compromized, the most they get is some text on my site, there is no injection possible
bblfish, bblfish_ and almereyda joined the channel
# 13:38 
csarven ben_thatmustbeme et al.. I'm not sure how much more to summarize the discussion in #indiewebcamp , but it boils down to the idea that if an endpoint is made aware of some source URL, it can decide to go and get its response, look inside, and do whatever it wants with it. It is merely about finding/verifying "x has a relation to y". The kind of relation to use (i.e., property/ies and in whatever data model or serialization) is completely open - this is inli
# 13:38 
csarven ne with the current Webmention.
# 13:41 
ben_thatmustbeme Source url  And the target it refers to,  yes
# 13:49 
melvster1 it's a pity you cant use the From: header in HTTP
# 13:49 
melvster1 ben_thatmustbeme: is source generally a User?
# 13:50 
melvster1 in indieweb
# 13:58 
ben_thatmustbeme headers are generally more of a pain to parse in consuming code (at least in my opinion)
# 13:58 
ben_thatmustbeme a user?
# 13:59 
ben_thatmustbeme for example in this https://ben.thatmustbe.me/note/2015/7/10/2/
# 13:59 
ben_thatmustbeme i reply to  http://known.kevinmarks.com/2015/would-micropub-chaining-work-with-silo-shims-too
# 14:00 
ben_thatmustbeme so i curl ' http://known.kevinmarks.com/2015/would-micropub-chaining-work-with-silo-shims-too' and look for its webmention endpoint
# 14:00 
ben_thatmustbeme then send that endpoint source=https://ben.thatmustbe.me/note/2015/7/10/2/ and target=http://known.kevinmarks.com/2015/would-micropub-chaining-work-with-silo-shims-too
# 14:01 
ben_thatmustbeme what he does with it after that point is up to him, but i informed him that there is a reference of some sort to his post found at that url
# 14:02 
ben_thatmustbeme i could be on a blocked domain, or an auto accepted one, i don't really know or care
# 14:02 
ben_thatmustbeme i did my due dilligence
# 14:03 
ben_thatmustbeme generally if i update this post (which could be a reply was received to it) i can always send another webmention with the same source and target, so he knows there has been an update and to check back
# 14:50 
melvster1 ben_thatmustbeme: thanks for the explanation ... quite a complicated workflow imho, but great that you have it working and implemented
# 14:51 
melvster1 so the user header would not be a good match here
# 14:51 
melvster1 headers are normally not too difficult to parse, even for beginners
# 14:52 
ben_thatmustbeme what would putting it in the headers get you?
# 14:53 
ben_thatmustbeme quite complicated,  all i do as a publisher is fire off a POST, it doesn't get much simpler.. for the receiver i just check the URL i'm told to and process that
# 14:53 
ben_thatmustbeme s/complicated,/complicated?/
# 14:55 
melvster1 ben_thatmustbeme: we send a user header when we want to indentify to a server which user is making the request, or the server sends back a User header when it's authenticated a user ... it's very useful for client side apps ... consider it like caller display on your phone, or writing your name on the back of a postal envelope
# 14:55 
csarven Question on firing off a POST. Is that something you or others do manually i.e., go to the endpoint and enter the input, or does your system know what to do with the relations you make in your items/activity/post/note..
# 14:58 
ben_thatmustbeme my system does it automatically for every URL mentioned in a post immediately after i create it
# 14:58 
ben_thatmustbeme if they don't have a WM endpoint, then oh well, they don't get a webmention
# 14:58 
csarven Cool.
# 14:59 
csarven So, is that based off the terms it recognizes under iwc/interactions ?
# 14:59 
csarven Do you have a local list of terms to watch out for?
guangyuan joined the channel
# 15:06 
ben_thatmustbeme that looks like it covers them all,  and since it defaults to a generic "mention" anything new falls back to that.   I actually just use a library that i give it the parse MF2 and the URL its supposed to refer to and it returns the type for me
# 15:07 
melvster1 ben_thatmustbeme: it's useful for the direct messaging user story, so you know who is sending stuff to who ... direct messaging is quite easy you just have a sender a recipient and a message ... I think webmention is overkill for that ...
# 15:10 
aaronpk "know who is sending stuff to who" but you can't trust any of the input of an unsolicited post request even if it has headers ...
# 15:20 
raucao yes, the header would need to contain some auth, like e.g. a browserid assertion or sth
# 15:20 
raucao maybe webid has sth similar?
jasnell and hhalpin joined the channel
# 15:52 
hhalpin Anyone want to go forward with the Social IG meeting today or should we just cancel?
# 15:52 
hhalpin Ann sent regrets and there does not appear to be an agenda
# 15:53 
hhalpin Thus, my inclination is to cancel
# 15:53 
hhalpin If folks want to chat about things informally, we can still use the WebEx
# 15:53 
hhalpin Any opinions?
# 15:56 
ben_thatmustbeme i was on last weeks call and there were only 3 people
# 15:56 
hhalpin OK, given no opinions let's do it informally.
# 15:56 
hhalpin Precisely ben. Maybe we should cancel the IG if there's no purpose or energy.
# 15:57 
hhalpin In the mean time, let's cancel today's meeting.
tantek, the_frey, tilgovi, jasnell, csarven, jaywink, Arnaud and KevinMarks joined the channel
# 20:50 
jasnell fyi https://github.com/jasnell/w3c-socialwg-activitystreams/pull/191
KevinMarks and the_frey joined the channel