06:56 <Loqi> [[Special:Log/newusers]] create2 * 64.236.138.3 * created new account User:Mediajunkie.com

14:29 <tantek> this is an interesting high-level article that touches on some of the same problems that the indieweb is addressing: http://boagworld.com/usability/are-you-forcing-your-users-into-social-silos/ via barnabywalters

14:31 <barnabywalters> he makes some good points. The blog/forum interaction is something I've suggested to a few people but has never been implemented. I'd do it but I've never had a need

14:38 <tantek> barnabywalters, I'm fairly convinced from a few key experiences that I don't want general open comments on my site. I *may* implement a whitelist based commenting system at some point.

14:38 <barnabywalters> it's something I'm deliberating over at the mo

14:38 <tantek> i.e. if you're on my blogroll, or I follow you on Twitter, then you can comment. that kind of thing.

14:39 <barnabywalters> my plan is to pull in responses from the cloned content on related networks - on my scale it will be easy to manage

14:39 <tantek> the average person, even the average friend of a friend, or following of a following, cannot really be trusted to not be trolling. some people I follow on Twitter themselves follow some trolls for example.

14:40 <barnabywalters> And it's too much trouble to moderate everything. Hmm

14:40 <tantek> yeah, pulling in responses from cloned content (what I call reverse-syndication in my diso2 summary) is a good approach.

14:40 <tantek> right moderation is a pain

14:40 <tantek> I don't want to even have to waste time moderating

14:40 <barnabywalters> I call it backfeedback :)

14:40 <tantek> hah - awesome

14:40 <tantek> I kind of want to treat comments on my site like comments in my living room. I have to have already trusted you well enough to let you walk into my house, and hang out and have a conversation.

14:41 <tantek> If I don't know you or feel comfortable with you, then you're likely not getting invited into my living room.

14:41 <tantek> with some notable exceptions, like a sweetheart of a friend etc. (per XFN)

14:41 <tantek> or perhaps even a date of a friend

14:42 <barnabywalters> one thing that did occur to me was the domain messaging system that's mentioned somewhere on indiewebcamp

14:42 <tantek> oh yeah - that's a fun hack that aaronpk and I thought up last year

14:42 <barnabywalters> it sends a ping back to the supposed originating server to check to see if it's a legit message

14:42 <tantek> right

14:42 <barnabywalters> I thought it could be applied to commenting

14:42 <tantek> it could be applied to lots of things

14:42 <barnabywalters> better than trackback as it provides a more consistent interface

14:42 <tantek> we thought about it as a building block

14:42 <tantek> to build on

14:42 <tantek> right

14:42 <tantek> similar to pingback though

14:43 <tantek> btw I like your thorough analysis of what portions of the post-type schema work for you and your site: http://waterpigs.co.uk/musings/post/post-type-schema

14:43 <barnabywalters> yes, but potentially without the spam problems

14:43 <barnabywalters> cheers, I've been using my site as a semi-wiki to document stuff as I go along, in case it can help others

14:43 <tantek> great idea - really enjoying your thinking out loud

14:43 <barnabywalters> helps me get things in order too — I had 'status' marked down as a content type until I actually wrote about it

14:43 <aaronpk> yes great writeup! I really enjoy seeing this stuff written more

14:43 <tantek> status is an odd one for sure

14:44 <tantek> in my experience it requires in-person discussion before it makes sense

14:44 <tantek> I'm still suspicious of its utility

14:44 <barnabywalters> I'm still undecided about status vs note

14:44 <tantek> but I have a few possible uses

14:44 <tantek> statuses aren't notes, statuses tend to have some sort of temporally decaying relevance. that's the key insight.

14:44 <barnabywalters> I'm determined that there should be something (preferably note) for meaningful articles without structure

14:45 <tantek> right, that's note

14:45 <tantek> I write long notes sometimes

14:45 <tantek> status is more like IM status

14:45 <tantek> like "away" or "on the phone"

14:45 <barnabywalters> Well, I thought that for a while — but then where does all the nonsensical rubbish people post on twitter go?

14:46 <barnabywalters> It has entertainment value, after all

14:46 <barnabywalters> not meaningful enough for a note, but too wordy for the use of status you're proposing

14:49 <tantek> I think the twitter nonsense you speak of is more note-like than status-like in general

14:49 <tantek> though some folks do use twitter to post statuses

14:50 <tantek> e.g. eating a cheese sandwich

14:50 <tantek> would qualify as a status, its meaning/relevance decays with time.

14:50 <tantek> the "shouts" on foursquare checkins are also statuses

14:51 <tantek> as they're also typically only temporarily relevant

14:51 <barnabywalters> okay, not familiar with those but I see the theme — statuses are extremely short (nanoblogging?) and decay very quickly

14:52 <barnabywalters> but the difference between a status-note and an article-note is too large for me to consider them equal

14:53 <barnabywalters> e.g. I would serve article-notes in a blog-type feed, but not status-notes

14:56 <barnabywalters> well, signing off now. Bye for the mo.

23:29 <aaronpk> indieauth success!!!

23:29 <aaronpk> "Congrats! You've signed in as aaronparecki.com."

23:38 <aaronpk> tantek: just got the basis of IndieAuth working!!

23:38 <tantek> WOOT!

23:38 <Loqi> ACTION giggles

23:39 <tantek> some sort of relmeauth verification service? or just the rel-me part?

23:39 <aaronpk> so far it does the relmeauth verification, the next step is to store the session somewhere and hand off a token to the site that requested the login

23:43 <aaronpk> the premise is this: you direct your users to http://indieauth.com/auth?me=aaronparecki.com&redirect_uri=http://example.com/indieauth

23:44 <aaronpk> indieauth.com does the relmeauth verification, does the OAuth process, and redirects the user back to:

23:44 <aaronpk> http://example.com/indieauth?token=XXXXXXXXX

23:44 <tantek> does that require that the calling application divulge it's OAuth secret to to indieauth.com though?

23:44 <tantek> its

23:44 <aaronpk> nope, it'll be handled by an IndieAuth app for each service

23:44 <tantek> seems like a bit of a chokepoint vulnerability

23:44 <aaronpk> then you can use the token to ping indieauth.com/verify?token=XXXXXX and if it's known, you'll get back the domain name of the user

23:47 <aaronpk> so basically it's a way for example.com to verify the identity of any user by their domain name without having to write any oauth code. obviously example.com wouldn't have any authorization to do anything with the user's accounts (can't read tweets, whatever), which is probably a good thing anyway

23:48 <aaronpk> it's just the identity/authentication part of the picture, not the authorization. it seems like a reasonable replacement for OpenID

23:48 <aaronpk> the other nice thing is that anyone can run this indieauth service on their own systems and put in their own app credentials if they wanted. I'll just have one version of it running on indieauth.com for people who don't want to go to the trouble of setting it up themselves!

23:50 <aaronpk> alright that's all for tonight, see you tomorrow!

23:53 <tantek> ah ok - for auth-only this is a good bootstrap

23:53 <tantek> I guess the key I found is the ability upgrade permissions to read or readwrite

23:53 <tantek> but that's only for Falcon like syndication access

23:54 <tantek> perhaps for web-sign-in, an auth-only service is sufficient!