#social 2015-07-24

2015-07-24 UTC
bblfish, jasnell, tessierashpool_, ElijahLynn, tilgovi and the_frey joined the channel
# 08:40 
Loqi Akuckart made 2 edits to [[Socialwg/2015-07-28]] https://www.w3.org/wiki/index.php?diff=85179&oldid=85155
jaywink joined the channel
# 08:50 
Loqi Akuckart made 1 edit to [[Socialwg/2015-07-28]] https://www.w3.org/wiki/index.php?diff=85180&oldid=85179
the_frey_, the_frey and melvster joined the channel
# 11:40 
melvster work in progress: http://gitpay.org/linkeddata/SoLiD
the_frey, dwhly, bblfish, the_frey_, the_fre__, jasnell, shepazu and tilgovi joined the channel
# 16:28 
melvster so I worked out a good rule of thumb about URIs
# 16:29 
melvster question:  should it have an ETag?
# 16:29 
melvster Yes:  it's an HTTP Document
# 16:29 
melvster No: it's PART of a document (use a fragment)
# 16:29 
melvster so blog can also be a doc
# 16:30 
melvster (web log)
# 16:30 
melvster but a person cant
# 16:30 
melvster (logically)
# 16:31 
melvster use that ^^ and you'll be fine
otharwa, tilgovi, bblfish, jasnell, jasnell_, KevinMarks and the_frey joined the channel
# 21:07 
melvster aaronpk / raucao : do you have technology to verify irc accounts as authentic ...
# 21:07 
aaronpk that's normally done at the IRC server level or by a privileged bot like NickServ
# 21:08 
melvster aaronpk: yes I like NickServe, but I'd like to also be able to do a two way link between irc and gitpay ... like you do with rel me auth ... is it possible?
# 21:08 
aaronpk not unless NickServ enforces nicks
# 21:08 
melvster aaronpk: let's assume it does ...
# 21:08 
melvster you can register nicks and hold them a long time
# 21:09 
aaronpk on Freenode it does, so you can be reasonably sure that if someone is connected as "aaronpk" then it really is that person
# 21:09 
melvster im more interested in the two way link because they you can transfer funds between irc and gitpay
# 21:09 
raucao there was a grace period last time i checked
# 21:09 
aaronpk oh you might be right
# 21:09 
raucao so you can be a different nick for a few seconds
# 21:09 
aaronpk gives your client a couple seconds to send the password
# 21:09 
raucao which means it's not to be trusted with money
# 21:09 
raucao in fact, there's no other way to do it really
# 21:10 
aaronpk i was thinking about adding a sort of "login session" to IRC nicks via indieauth
# 21:10 
melvster damn
# 21:10 
aaronpk you could do a login dance where a bot PMs you a code and stuff, and you'd be authenticated as long as you don't disconnect or change your nick
# 21:10 
melvster oh yeah
# 21:10 
melvster that works
# 21:11 
aaronpk but even then it's not 100% because if there's a netsplit, someone can come in on one of the split servers and pretend to be you
# 21:11 
raucao i have a feeling it's going to be more complex and less reliable than just making someone click on a link and do auth outside of irc
# 21:11 
melvster aaronpk: still doesnt answer my question on how to to do reciprocal linking, i can link FROM gitpay to irc, but how to link BACK?
# 21:11 
aaronpk raucao: yeah that's what i was thinking basically
# 21:11 
aaronpk it'd pm you a link which would verify you in a browser, and then you'd be authenticated as that nick until you disconnected/changed nicks
# 21:12 
melvster oic
# 21:12 
melvster so run a bot
# 21:12 
melvster that's smart
# 21:12 
melvster yes i can do that
# 21:12 
melvster BUT
# 21:12 
melvster can i prove it for audit?
# 21:12 
aaronpk probably not, since you can netmask yourself on IRC to hide your IP address
# 21:13 
melvster but if the channel is logged independently?
# 21:13 
melvster link this one ...
# 21:13 
melvster then the bot and the logger would have to collude
# 21:13 
melvster so if you trust 1 of 2
# 21:13 
melvster you are ok?
# 21:13 
aaronpk if the messages were sent in a public channel? hmm maybe?
# 21:13 
melvster aaronpk: yes that works, so what would the message need to look like, do you think?
# 21:13 
ben_thatmustbeme irc actually reports if your nick is authed or not, but its highly dependant on your client / library as to if it reports it
# 21:14 
aaronpk ben_thatmustbeme: that's server-dependent
# 21:14 
melvster btw ... when you have a web of trust security problems tend to go away
# 21:14 
ben_thatmustbeme yes that too
# 21:14 
aaronpk IRC servers are all basically their own silos, so you're gonna have to do silo-specific stuff with each one
# 21:14 
melvster gah
# 21:14 
aaronpk e.g. freenode has a very strict NickServ, but w3c IRC does not
# 21:14 
melvster yeah but no one's gonna log on the w3c irc to steal money!
# 21:15 
ben_thatmustbeme and i don't mean nickserve, i'm pretty sure the base IRC has some flag on every message saying its an authed name or not,  if we are already assuming in the same that there is  a nickserv, and you can have extremely long auth times
# 21:15 
aaronpk what i'm saying is you should be talking about freenode specifically, not IRC generically
# 21:15 
ben_thatmustbeme i think freenode does it as well
# 21:15 
ben_thatmustbeme again, almost nothing reports it though
# 21:16 
aaronpk ben_thatmustbeme: i think that's only if the user is authed at the server level, which is usually resreved for only the special bots like nickserv and chanserv
# 21:16 
aaronpk afaik the freenode irc protocol doesn't know about authentication at all
# 21:16 
ben_thatmustbeme i'm pretty sure it does.  it comes in with every single message as i recall when writing my bot a while back
# 21:16 
ben_thatmustbeme its just a boolean
# 21:17 
aaronpk hmm
# 21:17 
aaronpk digs up IRC protocol docs :/
# 21:17 
ben_thatmustbeme might be non-standard, not sure
# 21:17 
raucao auth is not part of irc iirc
# 21:17 
ben_thatmustbeme its not
# 21:17 
raucao hah, that's a good acronym combo
# 21:17 
ben_thatmustbeme hah
# 21:19 
aaronpk so freenode added their own flag to the protocol?
# 21:19 
raucao hmm, 3.1+ specs contain some account stuff, making it seem like there's a concept of accounts before 3.1 http://ircv3.net/irc/
# 21:19 
ben_thatmustbeme as i remember i saw something like that
# 21:20 
ben_thatmustbeme it may have been a different status, like ops, voiced, authed, none
# 21:20 
ben_thatmustbeme not sure
# 21:21 
ben_thatmustbeme i remember looking it to it as i wanted to be sure logs were actuall by the people they cliamed to be
# 21:21 
ben_thatmustbeme but i ended up working out that it was a lot of trouble
# 21:22 
ben_thatmustbeme i wonder if you can query nickserv
# 21:22 
melvster im more interested in adoption than bullet proof security
# 21:22 
melvster probably not the most popular thing ever said by a programmer!
# 21:22 
aaronpk i think you can ask nickserv
# 21:22 
melvster yes
# 21:23 
melvster by the sounds of it the security is too big a barrier
# 21:23 
melvster for me at least
# 21:23 
aaronpk  /msg NickServ INFO tantek
# 21:23 
aaronpk Last seen  : Jul 24 18:22:47 2015 (3h 0m 29s ago)
# 21:24 
ben_thatmustbeme  /msg NickServ INFO melvster
# 21:25 
ben_thatmustbeme weird
# 21:25 
raucao i don't see any response when doing the same. ben_thatmustbeme you need to remove the leading space
# 21:25 
ben_thatmustbeme that should have actually run the command, even without nickserv
# 21:25 
ben_thatmustbeme didn't think i had one
# 21:25 
ben_thatmustbeme weird
# 21:26 
melvster most payments on the web are not actually secure at all
# 21:26 
aaronpk i typed a space so that it would show up here
# 21:26 
ben_thatmustbeme weird that when i hit up to pull back the command there was no space
# 21:26 
ben_thatmustbeme i didn't copy-pasta from you, i had typed it
# 21:26 
ben_thatmustbeme meh