#indiewebcamp 2014-03-28

2014-03-28 UTC
#
tantek
if you need a block that is completely wiki-ignored, you can use <nowiki> … </nowiki>
#
kartikprabhu.com
edited /h-feed (+805) "/* Brainstorming */ added truncated feed u-uid thoughts"
(view diff)
indie-visitor joined the channel
#
KartikPrabhu
alright feel free to add to the h-feed brainstorm, specially folks building using readers like aaronpk, barnabywalters
#
@anildash
@kellan @waxpancake @mrgan understood. My question is whether indieweb is essentially an entirely different ecosystem now.
(twitter.com/_/status/449336613064421376)
caseorga_ and KevinMarks joined the channel
#
kbs
would it be okay to expand on the /pgp page to add ideas/brainstorming related to authentication, etc?
#
kbs
is not quite sure of the protocol here, apologies for any naive questions ;-)
#
KartikPrabhu
kbs yes it is a wiki for that reason. Add a new brainstorming section and write away
#
kbs
great
#
KartikPrabhu
!tell demis: I see weird boxes (unicode undefined chars?) for the profile links on your homepage. Font not loading?
#
Loqi
Ok, I'll tell them that when I see them next
#
KartikPrabhu
feeds/reader: question - It seems that the way peopel subscribe to sites is by linking the hompage into their reader which then finds the feeds using rel="alternate". So all the relevant feeds can be linked on the homepage for dscovery. How should this be done using h-feed since each feed will have a separate link. How can we link this right on the homepage?
snarfed joined the channel
#
tantek
KartikPrabhu - not sure - we'll have to ask people building indie readers
#
@anildash
@kellan @waxpancake @mrgan understood. My question is whether indieweb is essentially an entirely different ecosystem now.
(twitter.com/_/status/449336613064421376)
#
KartikPrabhu
isn't barnabywalters building a reader?
#
KartikPrabhu
also i don't understand what that thread has to do with indieweb. indieweb = bubble?
#
kylewm
yeah Dash's mention of indieweb seems apropos of nothing
ttepasse, sparverius, scor, fmarier, KevinMarks and snarfed joined the channel
#
acegiak
KartikPrabhu: Re: your reader question. I'm checking rel="alternate" for rss/atom feeds and if I don't find any I assume that the homepage IS the main h-feed and try and parse it
#
KartikPrabhu
acegiak: i figured that is how current ones work with rss/atom. But how would somethign based completely on h-feed work? or should work?
#
acegiak
so we're saying what if the h-feed isn't on the main page?
#
acegiak
really the rel="alternate" for rss/atom shouldn't point to a feed that isn't a clone of the content on the current page but a lot of people use it to point to an rss/atom feed for updates that aren't presented on the front page
#
KartikPrabhu
yes like many people publish multiple ones like notes and articles
#
acegiak
so if we accept that as standard usage you could rel="alternate" point to another html page that is h-feed marked up even though the semantics are fucked up OR we could use a different semantic keyword like rel="feed"
#
KartikPrabhu
i was going to suggest rel="feed" too
#
KartikPrabhu
would be an interesting experiment
#
acegiak
KartikPrabhu: my wife's site (which I'm helping her add microformats etc to) is a potential test for this because she's an artist and wants her landing page to be quite specific in appearance
#
KartikPrabhu
very cool... I currently show only the first 5 articles on mine too...
snarfed joined the channel
#
@kevinmarks
@anildash @kellan @waxpancake @mrgan the point of #indieweb is to build an antifragile system that can grow in the face of bubbles bursting
(twitter.com/_/status/449361916738027520)
#
@kevinmarks
@anildash @kellan @waxpancake @mrgan I didn't say it was complete, but it is a design centre. See http://indiewebcamp.com/monoculture for example
(twitter.com/_/status/449364774262808576)
#
KevinMarks
The rel alternate with type pattern is established
#
KevinMarks
One with type html would be legitimate
netweb joined the channel
#
kbsriram.com
edited /pgp (+2912) "added brainstorming sections - authentication, integrity"
(view diff)
#
KartikPrabhu
KevinMarks: but the semantics of alternate suggest that it is a different version of the sam page which is not the case
#
KartikPrabhu
there is a rel="feed" in the POSH section (http://microformats.org/wiki/existing-rel-values#POSH_usage) cc: acegiak
#
KevinMarks
I'd use rel="feed alternate" and an html type
#
KartikPrabhu
KevinMarks: even if you are marking up all feeds on the homepage i.e. article-feed, note-feed etc...?
#
KartikPrabhu
oh sorry misread that... feed and alternates
#
KevinMarks
Use title to show what they are
#
KevinMarks
Though that isn't for <a> links
#
KartikPrabhu
aah nice nice... title="Notes" etc..
#
KartikPrabhu
this is a good little brainstorming. What would be a good place to document this?
#
acegiak
the title attribute is a nifty idea
#
KevinMarks
I'm on the phone on the train, so a bit laggy
#
KartikPrabhu
np. will add to /feeds brainstorming.
#
acegiak
ohshit that's right I was gonna add a bit of discussion to the /like page
#
kartikprabhu.com
edited /h-feed (+737) "/* Brainstorming */ h-feed auto-discovery"
(view diff)
#
kartikprabhu.com
edited /h-feed (+432) "/* autodiscovery of h-feeds from homepage */ added acegiak quote"
(view diff)
#
KartikPrabhu
acegiak ^^ feel free to remove the quote if you do not wish to be quoted. I thought that was a good use case
#
acegiak.net
edited /like (+804) "adding self plus discussion re: facebook page likes"
(view diff)
#
kartikprabhu.com
edited /reader (+204) "/* Brainstorming */ crosslinked to h-feed brainstorming"
(view diff)
#
acegiak
KartikPrabhu: I'm always happy to be quoted
#
kartikprabhu.com
edited /reader (-40) "/* Brainstorming */"
(view diff)
#
KartikPrabhu
alright folks... good brainstorming. back to science doing
#
KartikPrabhu
feedback on brainstorming above is appreciated :)
snarfed and pfenwick1 joined the channel
#
kartikprabhu.com
edited /h-feed (+12) "/* autodiscovery of h-feeds from homepage */"
(view diff)
melvster joined the channel
#
kartikprabhu.com
uploaded /File:autodiscovery-feed-example-adactio.jpg "auto-discovery of multiple RSS feeds from adactio.com"
#
kylewm.com
edited /storage (+0) "/* Databases */ fix copy pasta typo"
(view diff)
#
kartikprabhu.com
edited /h-feed (+209) "/* autodiscovery of h-feeds from homepage */ added example screenshot"
(view diff)
#
KartikPrabhu
!tell adactio: any reason your feeds show different avatars? ref: http://indiewebcamp.com/File:autodiscovery-feed-example-adactio.jpg
#
Loqi
Ok, I'll tell them that when I see them next
gRegor`, kbs and bnvk joined the channel
#
snarfed
hey KartikPrabhu! saw you retried the post for the bug i fixed. i haven't deployed that fix yet, sorry. i'll do that now.
#
KartikPrabhu
aah np snarfed was just playing around
#
snarfed
k, deployed
#
KartikPrabhu
snarfed: very nice!
#
snarfed
KartikPrabhu: thanks!
#
KartikPrabhu
if i may make a suggestion: Is it possible to return the preview as a textfield, and then have the user edit it and tweet the edit?
#
snarfed
sure! feel free to file that as a feature request
#
snarfed
right now i'm prioritizing the automated side a bit, as opposed to manual, but that shouldn't be too hard
#
KartikPrabhu
yes that would make less sense as an automated response...
#
KartikPrabhu
in any case Bridgy is really cool stuff... really a bridge to silos!
#
KartikPrabhu
snarfed++
#
Loqi
snarfed has 9 karma
#
snarfed
also, kylewm, retry response buttons
#
snarfed
aww thanks KartikPrabhu! glad you like it
#
kylewm
snarfed++
#
Loqi
snarfed has 10 karma
#
kylewm
looks great!
#
kylewm
I had another use for them today fixing a bug (was counting all 'like's from facebook as the same)
#
snarfed
ah good timing then
tantek joined the channel
#
@remka
Discovered http://indiewebcamp.com during yesterday’s Ride The Lightning. I like how they formulate it. #indieweb
(twitter.com/_/status/449418328977592320)
netweb and demis joined the channel
#
Loqi
demis: KartikPrabhu left you a message 5 hours, 6 minutes ago: I see weird boxes (unicode undefined chars?) for the profile links on your homepage. Font not loading?
snarfed, eschnou, bnvk, cweiske and pfenwick joined the channel
heathjs joined the channel
#
cweiske
did you ever notice the similarity of the CAS and indieauth protocols?
#
cweiske
the only difference are names of parameters and the format of the token verification response
#
cweiske
and of course that CAS is from 2005
#
cweiske
and supports autologin, whereas this is missing in indieauth
pfenwick1, LauraJ, Jihaisse, eschnou, julien51 and bnvk joined the channel
basal, jsilvestre, voxpelli and squeakytoy joined the channel
#
@voxpelli
@superfeedr When you've added it, send a pull request with an example of your markup to https://github.com/voxpelli/node-webmention-testpinger to help compatibility :)
(twitter.com/_/status/449473650589462528)
friedcell, bnvk, alistair and Sebastien-L joined the channel
#
alistair
I'm here because I just watched https://www.youtube.com/watch?v=Au4bHb5twF4 (Amber Case - Rise of the Indieweb) via @adactio
#
alistair
waves
tobiastom, michel_v, pfenwick, alistair and barnabywalters joined the channel
#
Loqi
barnabywalters: tantek left you a message on 3/27 at 1:23pm: hickup with http://waterpigs.co.uk/services/webmention-io-comments/ ? I'm seeing many fewer (or no) results today on URLs that had lots of results yesterday
#
barnabywalters
!tell tantek RE indiewebify comments, I updated some libraries but it shouldn’t have affected anything — do you have an example URL? e.g. http://waterpigs.co.uk/services/webmention-io-comments/?url=http://tantek.com/2014/084/b1/urls-people-focused-mobile-communication seems to be working fine
#
Loqi
Ok, I'll tell him that when I see him next
#
barnabywalters
creepy, looks like someone attacked waterpigs.co.uk earlier today
#
barnabywalters
I have tonnes of requests in the log with URLs like /articles/modules.php/?app=user_reg
#
barnabywalters
these must be common URLs in some other piece of software
jonnybarnes, scor and melvster joined the channel
#
barnabywalters
documented attack, URLs here for anyone interested: http://waterpigs.co.uk/notes/4VHBCQ/
#
arcatan
i get tons of that kind of requests for my site (which has only static html)
#
arcatan
i guess it's just bots blindly crawling the web to find exploitable sites
#
barnabywalters
arcatan: probably, yeah
#
arcatan
similarly i get tons of SSH login attempts for non-existing usernames
adactio joined the channel
#
Loqi
adactio: KartikPrabhu left you a message 8 hours, 25 minutes ago: any reason your feeds show different avatars? ref: http://indiewebcamp.com/File:autodiscovery-feed-example-adactio.jpg
pasevin and scor joined the channel
#
tommorris
barnabywalters, arcatan: I keep getting emails to clifford at tommorris.org - I even got a very apologetic-seeming email from a marketing person apologising for getting my name wrong… sent to ‘clifford’. ;)
#
barnabywalters
tommorris: that’s hilarious
#
cweiske
just spam
#
cweiske
I disabled the catchall on cweiske.de years ago
#
barnabywalters
or a prank — someone signed you up for spam under that email address
#
tommorris
I use catchall for a reason: so I can give out facebook at tommorris.org to facebook and so on, then know who flogged my email address off to spammers
#
arcatan
a coworker of mine has a common name and apparently his namesake is the ceo of a mid-sized company
#
barnabywalters
cweiske: likewise
#
arcatan
and the hr dept keeps sending personal information to my coworker's gmail address
#
cweiske
tommorris, I use sub-adressing for this
#
barnabywalters
tommorris: IIRC gmail allows you to “tag” email addresses somehow to do that same thing
#
barnabywalters
my mailserver doesn’t though
#
barnabywalters
cweiske: ah, that’s it! didn’t know it was called sub-addressing
#
Loqi
cweiske has 4 karma
#
tommorris
is post-Gmail, and now uses fastmail
#
tommorris
also, barnabywalters: about the indieweb killing your facebook usage meme? sign me the fuck up. I’ve been doing FB app development too much this week.
#
barnabywalters
tommorris: ow, nasty. I still use it as a reader, and chat for people who can’t be easily contacted otherwise
#
barnabywalters
is their API still as slow and nasty as I remember?
#
arcatan
i should figure out how to do all this indieweb stuff like posseing and webmentioning with my site that is static html generated by hakyll
voxpelli joined the channel
#
tommorris
barnabywalters: slow, nasty, inconsistent, poorly-documented and painful to use
#
barnabywalters
arcatan: bret and voxpelli have been doing some great work getting static HTML sites to do things like that
#
tommorris
Especially because they now encourage you to use their JS API exclusively.
#
cweiske
arcatan, I use a standalone tool for my static site
#
barnabywalters
tommorris: :(
#
cweiske
you can delegate webmention receiving easily
#
cweiske
and load the received comments via javascript
#
tommorris
I may write some FB bridge code for my site to post into FB, mostly because I now know more about the FB API than I ever wanted to know before.
#
barnabywalters
cweiske: I think some other people have also incorporated that step into their build process, so whenver they rebuild their site, new comments are saved into the HTML
bnvk joined the channel
#
cweiske
that's possible of course
#
cweiske
is there a way to provide webaction buttons that work without a browser extension?
#
barnabywalters
if you’re delegating webmention support to webmention.io, I made a little tool you can use to load comments in, either as an iframe or with javascript: http://waterpigs.co.uk/services/webmention-io-comments/?url=YOUR_URL_HERE
#
barnabywalters
cweiske: you can put fallback inside the <action> tag
#
voxpelli
and I made https://webmention.herokuapp.com/ for a way to receive and javascript-embed webmentions
#
cweiske
I don't want a fallback, I want something like subtome for everything
#
tommorris
might delegate to webmention.io over the weekend until he has time to fix up his own solution
#
barnabywalters
cweiske: how would that work?
#
cweiske
that's what I'm asking
#
cweiske
and I want it decentralized
#
barnabywalters
cweiske: ah, okay, I thought you had an idea for how to do it :)
#
voxpelli
cweiske: have you talked with Julien who has made Subtome?
#
cweiske
so that the user's preference is used first if he set one
#
barnabywalters
well that’s the issue — subtome works great but IIRC relies on JS being hosted somewhere
#
cweiske
yes, that's the problem with subtome
#
cweiske
custom url schemas could be the solution here
#
arcatan
right, maybe javascript-embedding webmentions would be great at least as an initial step.
#
barnabywalters
web actions are the opposite, they’re just a markup pattern with fallback which clients can progressively enhange
pfenwick joined the channel
#
barnabywalters
cweiske: interesting idea!
#
cweiske
or better
#
cweiske
web+reply:...
#
cweiske
because only a couple of non-web+-prefixed protocols are allowed to be registered by web sites
#
cweiske
this would automatically jump to the website that registered as protocol handler for web+reply
#
cweiske
the question is how to handle failure
#
cweiske
somehow we have to detect if the protocol handler is registered
#
cweiske
which does not
#
cweiske
since the html5 spec does not have such an API method
#
cweiske
you can't ask "is there a handler for web+reply:?"
#
cweiske
only "is the handler for web+reply: set to http://example.org/"
#
cweiske
and even that is not supported in chrome
#
cweiske
just in firefox
#
cweiske
we need to solve that differently
#
cweiske
IIRC you can load an URL via javascript and check if that worked
#
cweiske
if it did not, we know no handler is registered
#
cweiske
probably
#
cweiske
if yes, we can redirect to it again
#
cweiske
if there is no handler registered, *then* we can jump to a subtome-lookalike for twitter/facebook/whatever/appstore/
#
cweiske
that's my rough idea
#
barnabywalters
cweiske: it’s a good idea! it solves the discovery problem
#
barnabywalters
it could even be incorporated into the webaction extension
#
voxpelli
there should be some discussions regarding that flow to look up on the web, it was the main target before focus shifted to web intents/web actions
#
cweiske
voxpelli, do you have links?
tantek joined the channel
#
Loqi
tantek: barnabywalters left you a message 2 hours, 18 minutes ago: RE indiewebify comments, I updated some libraries but it shouldn’t have affected anything — do you have an example URL? e.g. http://waterpigs.co.uk/services/webmention-io-comments/?url=http://tantek.com/2014/084/b1/urls-people-focused-mobile-communication seems to be working fine
kbs joined the channel
#
cweiske
voxpelli, that's the original idea
#
cweiske
it sounded to me that there was a discussion why webactions are better
#
voxpelli
I’m searching to see if I can find it
#
barnabywalters
I actually had no idea this existed — I knew apps could register to be custom protocol handlers, but not webpages, and not that discovery and selection UIs had already been built
#
barnabywalters
presumably either I researched it badly, or by the time I was looking at this stuff it had already been disregarded as a potential solution
scor joined the channel
#
cweiske
thanks
#
cweiske
I guess that this problems don't apply to us
#
tantek
webactions focus on the user experience, whereas Google's Webintents was all about inventing new plumbing
#
cweiske
we want to bookmark a URL, like a URL and reply to a URL
#
cweiske
we always have a URL
#
tantek
and Google eventually removed their webintents support from Chrome *because* the user experience was bad.
#
barnabywalters
ah, so webintents disregarded it because it can’t be used to pass arbitrary data
#
cweiske
seems so
#
voxpelli
a big problem with protocol handlers right now is that there is no way of detetcing whether there is one or not – so you can degrade gracefully for the ones with no handler registered
#
cweiske
yes, that's my problem, too
#
tantek
voxpelli - agreed, that's what I ran into in my analysis
#
barnabywalters
voxpelli: any idea why that constraint exists? is it maybe a security concern?
#
tantek
I think the browser needs to do a better job at that
#
cweiske
you don't want an adserver see what you use to read your mail
#
cweiske
you getprotocolhandlerurl() is a bad idea
#
voxpelli
there seems to be plans to add a isProtocolHandlerRegistered() – but seems like that will only be able to check for whether a specific handler is registered, not if any handler at all is registered
#
cweiske
but at least isprotocolhandlerregistered() should be implemented
#
tantek
you don't need to disclose that much
#
barnabywalters
but we just need to know whether one exists or now
#
tantek
is there a spec for isProtocolHandlerRegistered?
#
Loqi
barnabywalters meant to say: but we just need to knot whether one exists or not
#
tantek
so next question, is there a Firefox bug filed for this in Bugzilla?
#
tantek
if one of you finds it / files it, let me know and I can help push it along
#
cweiske
voxpelli, the already implemented version requires you to give the url
#
voxpelli
cweiske: is there already an implemented version? can’t find it in my firefox
#
cweiske
firefox doesn't have it
#
cweiske
chromium has
#
cweiske
I use it at work for tel: urls
#
cweiske
to control our VoIP phones
#
voxpelli
cweiske: what Chrome version? My Chrome Canary didn’t have it either. Hidden behind flags?
gRegor` joined the channel
#
cweiske
no, standard IIRC
#
cweiske
let me check
#
cweiske
neither firefox nor chromium show that tel: is registerd
#
cweiske
that must have been some previous version
#
cweiske
opera 12 supports it :)
#
cweiske
but since opera switched to webkit, it went away
#
cweiske
same image in firefox and chrome
#
voxpelli
I think it will be hard to create a protocol-powered action approach that is secure, because to enable graceful degradation for those without a protocol you need to allow all webpages to check whether a user has registered a protocol – and that’s not okay
#
cweiske
what do you mean with "that's not ok"?
basal joined the channel
#
voxpelli
for a web page to check for an ”indieweb”-protocol without me knowing it to see if I’m an indieweb-participant or not wouldn’t be too good - right?
#
cweiske
voxpelli, as long as the web page does not know what tool i use
#
cweiske
i'd be fine with it
#
voxpelli
Would make fingerprinting easier: https://wiki.mozilla.org/Fingerprinting
#
voxpelli
And my impression is that the browser community generally wants to make it harder, not easier
#
tommorris
Yep, slippery marketing types will use that for finger printing.
#
tantek
we should still try
#
Loqi
I agree
#
tantek
whether or not you have a protocolhandler registered at all should be ok
#
tantek
barnabywalters, cweiske, please comment in the bug with the use-cases you have in mind
#
julien51
barnabywalters JS is hosted in your browser! It’s AppCache, so loaded once, and then never again
#
julien51
tantek: no Chrome retired WebIntents suppport (at least publicly because it’s still there last time I checked) because they couldn’t not get the Firefox team to agree on anything with them as to compatibility. Typical NIH syndrome.
#
julien51
Now, FF has argued they did not want WebIntent because they did not like the UX… but that was not Chrome’s decision.
#
voxpelli
cweiske: looking at it, the iframe with custom protocol that uses postMessage() to send back users preferences actually enables graceful degradation
#
voxpelli
cweiske: so something like this to expose ones wanted endpoints https://gist.github.com/voxpelli/36b6485da8c54e98243c and have sites embed through indieweb:something ?
#
cweiske
voxpelli, I don't quite understand
#
cweiske
<iframe src="indieweb:foo"/>?
#
voxpelli
cweiske: yes
#
cweiske
another layer of indirection :/
#
voxpelli
one could perhaps use document.referrer + localStorage to maintain a whitelist of pages or something if one doesn’t want to send ones configuration all sites asking
#
voxpelli
using a confirm() to ask whether to send settings or not
connextrum, alistair and CheckDavid joined the channel
#
ben_thatmustbeme
good morning #indiewebcamp
julien51, LauraJ and kbs joined the channel
#
ben_thatmustbeme
hey kbs, i was reading back in the logs, saw you talking about some sort of pgp key stuff
snarfed joined the channel
#
barnabywalters
julien51: RE subtome js location
#
barnabywalters
according to http://docs.subtome.com/publishers/ publishers add a button which loads javascript hosted on subtome.com
julien51 joined the channel
#
kbs
ben_thatmustbeme: yea :) Would love to hear what you're thinking about here
#
kbs
I'm kinda trying to map some of the ideas in indieauth over to validating pgp keys [I guess an indieweb way to functionally achieve what keybase does]
_6a68 joined the channel
#
kbs
ben_thatmustbeme: scenario is - Alice wants to get indieweb user Bob's public key with some degree of confidence from Bob's canonical site. How does Bob link "proof-I'm-Bob" from other sites [eg: prove he's also @bob on twitter, +Robert on g+, etc]
#
ben_thatmustbeme
well I would think Bob has a rel=me link to his site and he could just have the public key posted on his site
#
ben_thatmustbeme
basically eliminate the keybase altogether
#
kbs
yep - that's exactly the idea :-) just formalizing this notion.
#
ben_thatmustbeme
when I get done with my site (or at least the basics of it I'll put up my public key on a page with a link thats along the lines you guys were talking about rel="publickey"
#
ben_thatmustbeme
alternatively, i don't know if any keybases have web-pages you can directly access to get the public key
#
ben_thatmustbeme
if they do I would say a rel=me to your key on the keybase's website
snarfed joined the channel
#
kbs
I have a sample page over at kbsriram.com that's doing this - some nitty-gritty on the [keybase.io-free] apprach is to handle sites that don't permit embedding a fingerprint (that's sufficient) on a profile page.
#
ben_thatmustbeme
I had been thinking about this as well as i want to be able to generate specific keys to send between sites, and the safest way would be to use pgp and it cuts out a user having to log in at all. I just use the cannonical name to refer to a user, and the tech would do the rest
#
kbs
yep.
#
kbs
I think we've independently reached similar conclusions - so on the specifics, here's what I did. Embed a rel=key from my canonical page, pointing to a public key. For each rel=me link that lets me add a fingerprint to a profile page, I do so. Otherwise, I add a rel=pgp-fingerprint link with a post [that can be linked back to an owner] which contains a fingerprint.
#
ben_thatmustbeme
actually, would be very cool to put it in the h-card, I'm interested in getting some contacts list auto-pulled from h-cards
#
ben_thatmustbeme
to be able to auto-fetch their pgp could be very useful
#
kbs
Right - absolutely. I think the actual act of pulling in a public key is reasonably in place [h-card, etc] - the act of verifying proofs with other sites isn't there yet.
#
ben_thatmustbeme
ahh, i see what your concern is more now. basically you want to use multiple sites to verify that the key you are getting is correct
#
kbs
yep, exactly
#
ben_thatmustbeme
so if site A has the same key as site B, we can be sure it is correct
#
ben_thatmustbeme
but isn't that a bit of overkill, the fact that both sites point to each other with rel=me should be the authentication that either of them can provide the correct key
#
kbs
So it depends on where the key is linked, if that makes sense.right, that's exactly it :-) It's best that one site [the canonical user site] provide the key, and the supporting sites provide fingerprints.
#
ben_thatmustbeme
i guess it guards against either site being hacked and only the pgp key getting changed. but if my site gets hacked, i'm going to change my other sites to break the rel=me relationship
#
kbs
that's true
#
kbs
though by using the key, going to all the rel=me sites and breaking the link is not necessary either
#
ben_thatmustbeme
I see, it does secure that connection
#
ben_thatmustbeme
i'm just concerned its getting too complex for most use cases
#
ben_thatmustbeme
the fingerprint would have to be on a site that isn't just a generic key store, as the violated cannonical site could just change the link to the key store
#
ben_thatmustbeme
it would have to be on another secure site, which for the trust to exist would likely mean a silo of some sort
#
ben_thatmustbeme
thats my thinking anyway
#
kbs
You're quite right. I think this is essentially the parallel to indieauth.
#
kbs
indieauth effectively says - the person who can edit site A has a login at site B (where B = g+, twitter, etc)
#
kbs
as you say :-)
#
kbs
The work [from the perspective of the key-owner] is just about as much as indieauth, and the work [from the perspective of a validator] is less than needed by indieauth
#
kbs
Link to a key from canonical site, and either tweet a fingerprint or update profile on major silo
#
kbs
From a validator - simply follow the rel=me links, check for fingerprint
#
kbs
or follow rel=pgp-fingerprint links and check for fingerprint
#
kbs
People are already doing this -- https://www.google.com/search?q=site%3Atwitter.com+pgp+fingerprint+-php -- just formalizing this :-)
tilgovi joined the channel
#
ben_thatmustbeme
my concern is that because of POSSE just tweeting is giving a false sense of security. I'd want something that my site cannot automatically post to
#
ben_thatmustbeme
putting it in profiles makes sense, tweets become just as compromised the second your site becomes compromised
#
kbs
That's a good thought
#
kbs
I have mine linked to a gist (for the github-linked identity)
#
kbs
Curious - does twitter have omnipotent oauth tokens, or are they restricted by capability etc?
voxpelli joined the channel
#
ben_thatmustbeme
no clue, i have not worked with it at all
scor joined the channel
#
kbs
You're quite right - any canonical site that just stores passwords for linked silos on the site, would be vulnerable :-) as would indieauth, etc I guess
#
kbs
So the second thought/observation here is to also include the TOFU idea from ssl [trust-on-first-use] - flag when a new key is posted
#
kbs
As you say, this makes the most sense to add contact info [hcard, etc.] So I expect consumers will effectively store the key locally along with the contact info. TOFU ought to be another line of defense for some of these things maybe?
LauraJ and Sebastien-L joined the channel
#
kbs
(and yea, it does seem like twitter has just one token-type - and an update_profile api :-)
demis joined the channel
#
ben_thatmustbeme
kbs, i think the most secure way would be to have one silo that is used for auth but does not have profile update api
#
kbs
I think g+ fits that bill, at least at the moment
#
kbs
I also think github fits it [but more because of the immutable commit - can link to a specific version of a gist, etc.]
#
ben_thatmustbeme
true, so long as the link is somewhere immutable too
#
ben_thatmustbeme
anyone have any thoughts on storing the slug in DB at time of creation vs creating it on the fly?
iangreenleaf joined the channel
#
@vmvisor
RT @hertling: IndieWeb is hugely important, but I hope we can include more than just programming technorati in the movement. http://t.co/hz…
(twitter.com/_/status/449575529985744896)
demis and voxpelli joined the channel
#
@kyle_wm
RT @hertling: IndieWeb is hugely important, but I hope we can include more than just programming technorati in the movement. http://t.co/hz…
(twitter.com/_/status/449580692427386880)
#
bear
@t do you know if anyone in Mozilla Portland codes with NodeJS?
caseorganic and pasevin joined the channel
#
aaronpk
"However, some developers love wheel-reinvention (it can make a diverting break from yak-shaving)." http://www.brucelawson.co.uk/2014/notes-on-accessibility-of-web-components/
benprew joined the channel
#
kbs
aaronpk: speaking of wheel-reinvention :) do you have any thoughts on this pgp 'indieauth-style' checking conversation?
#
aaronpk
i haven't been able to follow it too closely just yet
scor joined the channel
#
kbs
Gotcha. I saw you've done some nice things here, would be much interested in your thoughts when you get around to it
#
aaronpk
is any of it on the wiki? or do I have to catch up on the irc logs?
#
kbs
I put a massive missive on /pgp - but it's too long and I'll pare it down sometime today
#
kbs
has the bad habit of babbling
#
aaronpk
cool, if you update the wiki text I'll go over that this weekend. make sure to phrase it as a user-centric problem rather than just explaining the protocols
#
kbs
yep :) appreciate the advice - (that's what tantek suggested as well) - so iterating on the writeup
snarfed joined the channel
#
gRegor`
ben_thatmustbeme: Since the slug is usually based on information that doesn't change and isn't intended to be changed, I'd say store it at post creation time.
#
gRegor`
And if you do change it, be sure to set up a 301 redirect.
#
gRegor`
kbs, ben_thatmustbeme: Cool PGP conversation. I hope TLS on your domain is implied in all this. :)
paulcp joined the channel
#
kbs
gRegor`: ah, actually :) specifically for fingerprint-validation - do you think it's required? I thought a bit about this and I can't find any holes - I thought that was an advantage or something...
LauraJ joined the channel
#
kbs
but quite possibly I've missed something - won't be the first time :)
#
gRegor`
If you're serving your PGP key on your domain without TLS, I wouldn't trust it, personally.
#
gRegor`
Well, I suppose if your fingerprint is on multiple other sites (twitter profile, etc) then yeah, I'd trust it.
#
kbs
*nod* - yea - that's just it -- the typical domain is non-TLS
#
kbs
and I figure this would actually enable leveraging additional safeguards that would otherwise not be possible
#
gRegor`
Without TLS, I feel like I would want to verify the fingerprint on two other sites. With TLS, I would accept just one other site.
#
kbs
I hear you :) and you're more distrustful than indieauth, I guess ;)
#
snarfed
kbs: re your twitter q, they don't do oauth scopes, sadly, but they do have coarse permission buckets for app ids: read only, read/write, and r/w + direct messages
#
gRegor`
It's just the MITM attack vector if the key isn't over TLS that concerns me.
#
kbs
snarfed: ah, okay - thanks for the clarification. Oh well.
#
kbs
gRegor`: yep, makes sense. Though, even with a single silo verification (and non-TLS from the original domain) - the attacker would need to also MITM the silo connection to be effective
#
kbs
and _those_ are TLS'ed pretty much...
#
gRegor`
I was thinking of gaining access to the Twitter, not MITM it. But you're right
snarfed joined the channel
#
gRegor`
Hopefully anyone putting their fingerprint on Twitter also has 2FA on. :)
tantek joined the channel
#
kbs
gRegor`: :-) ah, yes indeed. ben_thatmustbeme also pointed this out - convinced me that twitter [especially with most indiewebsites having omni-tokens on their sites] is probably not too hard to get into.
pasevin and snarfed joined the channel
#
ben_thatmustbeme
yay, url parsing works
#
Loqi
yay!
#
Loqi
you're welcome
#
ben_thatmustbeme
I love you Loqi
#
Loqi
loves ben_thatmustbeme
#
ben_thatmustbeme
Loqi, will you marry me?
#
ben_thatmustbeme
its okay, you think about it
#
ben_thatmustbeme
Gah, every time I think I'm ready to swap out my new code as a temporarily working site, I realize I forgot something
#
ben_thatmustbeme
author page grrr
#
aaronpk
yay john carmack encouraging people to blog! https://twitter.com/ID_AA_Carmack/status/449594122936922112
#
@ID_AA_Carmack
(3/3) What are the hazards? What should be done to guard against them? What are the tests for failure? Blog and I'll read.
(twitter.com/_/status/449594122936922112)
benprew joined the channel
#
@SocialSafe
Jump to any date in your social networking history: http://www.youtube.com/ via @YouTube #OwnYourData #IRememeberWhen
(twitter.com/_/status/449599118793383936)
#
barnabywalters
some writings and experimentation with PuSH fragment identifiers and the problems with them: http://waterpigs.co.uk/articles/problems-with-hash-fragment-subscriptions/
#
ben_thatmustbeme
well, version 0.1 is up and running
#
ben_thatmustbeme
I have a lot of work to do, but at least I have a working site.
#
barnabywalters
ben_thatmustbeme: nice work!
#
kbs
ah, sorry to ask a dumb questions - and won't be the last I'm sure - but does the typical publishing system essentially run remotely, rather than somehow proxying data from a locally running setup to a remote site?
#
ben_thatmustbeme
I suppose it could be either, but mostly I've seen everything runs on the server and you just deal with it all there. Prevents any need for client software on your local machine
#
ben_thatmustbeme
if I understand you correctly
#
kbs
ben_thatmustbeme: yep - thanks for the clarification :) (and - congrats on round#1 of getting the moving pieces fitted!)
#
ben_thatmustbeme
and not to worry, asking dumb questions is how you learn. I ask plenty
#
kbs
I think it was my early misread of POSSE -- I took "own site" to be something I could run on my computer, rather than "owning a domain" :)
#
kylewm
kbs: with something like Jekyll (a static site generator), you can do it the other way... generate the html files and stuff on your local machine and just transfer it to a public server somewhere
#
kbs
kylewm: aah - okay. Thanks for that pointer as well. Does it periodically also ah, check for webmentions and so on via a cron job or something
#
kbs
so it can merge them back into the files it generates?
LauraJ joined the channel
#
kylewm
that would definitely be a good approach -- i'm not sure what work has been done with static site generators so far. I believe bret's bret.io is a jekyll site that accepts webmentions, might be interesting to see what he does
#
kbs
Oh, I see - gotcha.
#
aaronpk
barnaby made a thing that loads mentions webmention.io from javascript and renders them as comments
#
aaronpk
i think he linkde to it here yesterday
#
kbs
*nod* makes sense, at least conceptually :)
#
kylewm
and it looks like bret does something similar with pingback.me
#
kylewm
oh, that's the same site... oops :)
#
aaronpk
pingback.me == webmention.io
#
aaronpk
i made it before we had webmention
#
kbs
(noscript makes me miss all the good stuff :)
bnvk joined the channel
benward, bnvk and julien51 joined the channel
#
kylewm
question about /databases-antipattern ... my instinct building a flat-file store would be to put everything in JSON blobs organized like year/month/day/note_1 ... but then am i not just building a pale imitation of mongo?
#
julien51
barnabywalters yes, the load the js ONCE from https://subtome.com WHEN the user clicks on the button. If no one clicks on the button, the JS is never loaded and if it’s been loaded ONCE for a visitor it will never be loaded again…
#
aaronpk
kylewm: sorta yeah, but even then it's better than (especially) mongo
#
kylewm
hehe, I have no experience with mongo. I just mean, I want to heed the warning about databases without just rebuilding something worse :)
#
kylewm
but if the main point is to have things in stable, easy-to-backup files, then I tihnk I'm good
#
aaronpk
easy to back up, and easy to move around
#
aaronpk
and easy to read as technology changes
#
aaronpk
(e.g. not a binary sqlite format that requires a specific version of sqlite to parse)
#
kylewm
thanks aaronpk. you made a point the other day about transferring data between development server/production server that definitely resonated with me
#
kylewm
because that is not easy right now
bnvk, pasevin, voxpelli and cweiske joined the channel
#
cweiske
aaronpk, I was wrong yesterday
#
cweiske
my lib parses html to check for linkback urls
#
cweiske
but somehow it decided that does not have to do it for the wiki
#
aaronpk
oh ok, and it's not finding the url for the wiki?
#
cweiske
it does a HEAD request
#
cweiske
and then decides that it does not need to do a GET
#
cweiske
probably because it thinks the page is not htm
#
cweiske
I have to investigate
#
aaronpk
oh strange, ok
#
cweiske
I guess it's because of the charset attribute in the content-type header
#
aaronpk
"Content-Type: text/html
#
aaronpk
charset=UTF-8"?
#
cweiske
need to split that
#
cweiske
there is the problem
#
cweiske
ok, works
#
Loqi
woot
Kopfstein joined the channel
#
cweiske
a good way to see stapibas doing work in progress
tilgovi and tantek joined the channel
#
tantek
good day #indiewebcamp!
#
tantek
lots of early morning discussion!
#
KartikPrabhu
good day! tantek
#
ben_thatmustbeme
good afternoon tantek
eschnou joined the channel
#
tantek
kbs, ben_thatmustbeme you guys have seen this right? http://microformats.org/wiki/key-examples
#
tantek
in particular the use-cases etc.
#
kbs
tantek: yep - info read and digested by what's left of my few brain cells :)
ttepasse joined the channel
#
ben_thatmustbeme
I had not. It seems no matter what I discuss there is a page for it somewhere. I think I need to just sit down and read every wiki page for like a month first
#
aaronpk
nah, just search first :)
#
tantek
ben_thatmustbeme: what aaronpk said. search first. then ask if there's a page on "x".
#
ben_thatmustbeme
i'm slowly getting in to that habit
#
tantek
and by search first, start with checking directly for an indiewebcamp.com page on the subject.
#
tantek
and if none found, and your subject is something formats / protocol related, then also check the microformats.org/wiki/
#
tantek
and only after that try Google search
CheckDavid joined the channel
#
tantek
so many subjects this morning!
eschnou joined the channel
#
kbs
(btw, I don't know that adding a key to a keyserver actually changes anything as far as the provenance of a key goes :) cf. https://hkps.pool.sks-keyservers.net/pks/lookup?op=vindex&search=president@whitehouse.gov
#
tantek
more moving pieces
#
tantek
ben_thatmustbeme: nice start on your user page!
#
ben_thatmustbeme
tantek, thanks. I'm trying to keep the code behind it as clean as possible, I want to make something super easy to hack on
tilgovi joined the channel
#
tantek
but have TrsstProject binaries been selfdogfooded?
#
tantek
and why are they "binary"?!?
#
KartikPrabhu
looks at TrsstProject
#
cweiske
compiled java classes
#
cweiske
binary
#
KartikPrabhu
aah so it is a Atom publishing/reading application built in Java
#
KartikPrabhu
desktop application
#
tantek
how is that indie*web*?
#
cweiske
there are java web apps, you know
#
tantek
you mean java apps delivered over HTTP?
#
tantek
has yet to see anything "web" about any java "apps"
#
cweiske
java web servers
#
cweiske
$ java -jar target/trsst-client-0.2-SNAPSHOT-exe.jar port 8181
#
cweiske
Services now available at: https://192.168.1.5:8181/feed
#
cweiske
like php
#
cweiske
accepting HTTP requests, responding with HTTP responses
#
tantek
ah ok that makes more sense now. thanks for clarifying cweiske.
#
Loqi
it'll be ok
#
cweiske
don't laugh at it. it's sad. and they won't adopt indieauth
#
tantek
not laughing - that was an unhappy face :(
#
cweiske
I had the words already written
#
tantek
ok so they dropped it from their main UI but they still support it?
iangreenleaf joined the channel
#
cweiske
if you know the hidden button
#
tantek
yeah we should probably note this on the /openid page :/
#
cweiske
s/button/url parameter/
#
Loqi
cweiske meant to say: if you know the hidden url parameter
snarfed joined the channel
#
tantek
could you add an entry there and cite your blog post cweiske?
#
cweiske
2013-10-29 SourceForge.net is considering phasing out OpenID login
#
cweiske
I already wrote that
#
cweiske
half a year ago
#
snarfed
tommorris: saw you mentioned posseing to facebook from your web site! obligatory plug, just fyi: https://snarfed.org/2014-03-25_bridgy-publish
#
cweiske
my memory isn't really that well
#
tantek
but the UI thing is new? or happened back then?
#
tantek
sorry I'm confused
#
cweiske
same thing
#
cweiske
nothing is new as I now found out
yaf joined the channel
#
tantek.com
edited /OpenID (+176) "/* Shutdowns */ note sourceforge removal of OpenID from UI, but still supporting through old URL param, citation cweiske blogpost"
(view diff)
#
tantek
hey KevinMarks - what was the old terminology for full feeds vs. partial feeds that only had a title and link, or title summary link etc? I remember there was a specific term you used while at Technorati
#
tantek
I'm going with "partial feeds" until / unless someone provides a better / more canonical term
#
KartikPrabhu
tantek: I used truncated feeds but that doesn't seems so nice :)
#
tantek
KartikPrabhu: I've never heard that phrase used before, nor is it really accurate - as there's nothing that's "truncated" typically, but rather a choice of only title, or only summary, rather than full content
#
KartikPrabhu
agreed. That was just something that came up in my head while writing.
#
tantek
totally fine. much better to get something written first, then clean up terminology etc. later
#
tantek
thank you for writing that up
#
KartikPrabhu
sure thing! :)
#
KartikPrabhu
a Google search reveals a lot of articles saying "partial feeds" so that seems good
#
tantek
yeah I'm pretty sure I've heard that before but I know KevinMarks would know the canonical term for it
grantmacken joined the channel
#
tantek.com
created /feed_files (+23) "r"
(view diff)
#
tantek.com
edited /h-feed (+746) "edit summary definition, use term partial rather than truncated, re-order content slightly for intro/use-case, subheads"
(view diff)
#
tantek
KartikPrabhu - take a look and see if my edits still make sense with what you were thinking - I tried to keep the intent/meaning of what you wrote and just expand on it: http://indiewebcamp.com/h-feed#Brainstorming
#
cweiske
I didn't get why you think I compared apples with oranges last night
#
tantek
because you're not comparing the same content
#
tantek
in two different formats
#
tantek
comparing a full feed vs. a partial feed with permalinks
#
kartikprabhu.com
edited /h-feed (+7) "/* prior work */ typpo fixed"
(view diff)
#
tantek
no matter what format(s) you use in that comparison
#
tantek
you'll get the same result
#
tantek
so you proved only that a full feed is smaller than partial feed with permalinks
#
KartikPrabhu
tantek: edited a small typo but otherwise pretty good. also reads better than my version
#
tantek
nothing about whether RSS or Atom or h-feed is more or less efficient
#
cweiske
tantek, my atom feed is a full feed
#
tantek
cweiske - so is mine - so?
#
cweiske
where is the partial feed you're talking about?
#
tantek
KartikPrabhu: good catch!
#
tantek
cweiske - the h-feed in your example is a partial feed
#
KartikPrabhu
tantek: now changing crosslinks from reader page
#
tantek
KartikPrabhu: great - that's how a wiki is supposed to work! collaboration :)
#
cweiske
sure, because I don't have a special h-feed file
#
tantek
sure - that's your design choice - not a format difference
#
cweiske
DRY and all that stuff
#
tantek
right, that's another issue - DRY violations
#
tantek
again, you can DRY violate with any format
#
kartikprabhu.com
edited /reader (-35) "/* Brainstorming */ changed crosslinks to h-feed brainstorming"
(view diff)
#
cweiske
so to get the same content, the h-feed consists of 11 files
#
tantek
it's the having a separate file/URL that's the violation
#
cweiske
so the DRY h-feed is 2.3 times larger than the atom feed
#
tantek
cweiske - that's your choice, nothing to do with the format
#
tantek
nope a DRY h-feed would just be full content on your home page
#
tantek
but you chose not to have full content - which is fine, that's your design choice
#
tantek
so you could havea feed.xml file and a feed.html file and compare them
#
tantek
that would actually compare the efficiency of the formats
#
tantek
by comparing one feed file to a partial feed + permalink pages, you are comparing one apple to many oranges
#
aaronpk
question: say I have a home page with only headlines (or headlines + summary) *and* a feed.html file with the full text of everything. does that violate DRY or not?
#
tantek
you could do the converse and have worse results too: a full h-feed feed.html, and a partial feed.xml that linked to permalinks
#
cweiske
but following the "spirit" or "reason" for h-feed forces me get rid of a full-content feed, or forces me to abandon my design choices
#
tantek
aaronpk - well it violates what's been duplicated
#
tantek
cweiske it does not
#
tantek
you simply replace your feed.xml with a feed.html. done
catsup joined the channel
#
cweiske
then I repeat myself
#
cweiske
which is I thought the reason for h-feed
#
cweiske
to not repeat yourself
#
tantek
it's *one of* the reasons for h-feed
#
tantek
it enables DRYer publishing
#
tantek
if you choose for your own design to violate DRY - that's your choice
#
tantek
you can use any random set of formats to violate DRY
#
tantek
h-feed gives you the *possibility* of being DRYer than any other separate XML/RDF/JSON formats
#
cweiske
everyone violates DRY by having permalinks that are not anchors on the main page
#
tantek
this is the whole reason for microformats in the first place
#
tantek
and also why even RDF folks push RDFa now. and others push microdata.
#
tantek
the point is to *minimize* DRY violations
#
tantek
just as the point is to minimize errors
#
tantek
minimize security violations
#
tantek
/ vulnerabilities etc.
#
KartikPrabhu
!tell snarfed: trying webmention discovery on "https://www.brid.gy/about" gives an SSLError.
#
Loqi
Ok, I'll tell them that when I see them next
#
tantek
i.e. saying, well my code is a little crappy is no excuse for making your code even crappier.
#
KartikPrabhu
IMO all of these design principles are guidelines. You can choose how much to sacrifice one of them for the other. Being very black & white about it seems counterproductive
#
tantek.com
edited /storage (+21) "/* Databases */ idno uses MongoDB currently"
(view diff)
#
tantek
KartikPrabhu: yes they're ideals, and we should work to achieve them
#
tantek
but sometimes there are other things we prefer instead, such as the user experience design of our pages
#
KartikPrabhu
"ideals tempered with pragmatism" this should be a quote by someone famous
#
KartikPrabhu
tantek: would a flat file (as opposed to DB) system be better for having a easy-installation for Gen>2 users?
#
tantek.com
created /MongoDB (+174) "stub"
(view diff)
#
tantek
KartikPrabhu: and freedom to pursue ideals
#
tantek
that's the problem with side files and in particular random XML formats - they *force* you to compromise ideals
#
tantek
if you're going to compromise an ideal, you should do so for a good user-centered-reason, not a crappy-designed plumbing-centered reason.
#
tantek.com
created /favourite (+22) "r"
(view diff)
#
KartikPrabhu
yup. In fact I have a partial atom feed, mainly because I had posts that used custom CSS and scripts that don't render in feed readers anyway. I could have full feeds for normal posts and partial for custom ones, but now I am not inclined to dive into Atom/RSS to do this
#
KartikPrabhu
it would be great if I could syndicate http://kartikprabhu.com/article/life in some meaningful way, but I don't see how
#
tantek
KartikPrabhu: right. there is too little benefit to you to bother with Atom/RSS to do this
#
tantek.com
edited /pgp (+201) "/* Key Lookup Algorithm */ note look for representative h-card first, since that's what microformats.org/wiki/key-examples has found and documented"
(view diff)
#
cweiske
who hosts webmention.org?
#
cweiske
it does not support HEAD requests
#
cweiske
curl -I webmention.org
#
cweiske
HTTP/1.1 503 Service Temporarily Unavailable
#
cweiske
Server: nginx/1.4.4
#
KartikPrabhu
that seems to just redirect to github
#
tantek
I think github is the host
#
aaronpk
i think sandeep hosts webmention.org on his server and sends a redirect
#
aaronpk
you've gotta handle 503 errors from hosts that don't accept head requests tho ;)
#
aaronpk
the world is a wild place
#
cweiske
not accepting head requests is a different status code
#
cweiske
method not allowed
#
aaronpk
s/don't accept head requests/are misbehaving/
#
cweiske
oh, I've got another github.com URL that exhibits the same error
#
cweiske
so it's probably github
Jeena joined the channel
#
tantek
there's probably a github/github where you can file issues like that ;)
#
cweiske
just checked my mails
#
cweiske
I sent them a report in oct 2013
#
cweiske
"Thanks very much for the report! I'll mention this to the team so they can check out our help application."
KevinMarks and josephboyle joined the channel
#
jonnybarnes
anyone here any good at PHP, I want to do something to a URL variable unless the url is a twitter.com or pbs.twimg.com url
#
jonnybarnes
this doesnt work:
#
jonnybarnes
$url = parse_url($content['photo'])['host']
#
jonnybarnes
if($url != 'twitter.com' || $url != 'pbs.twimg.com') { ... }
#
tantek
you want &&
#
tantek
that || statement will always be true :)
#
KartikPrabhu
sorry about the mention spam... just fixed some webmention sending
#
tantek
it's a nice reminder when people update their blog posts ;)
#
tantek
but Loqi has no idea it's a Create webmention vs an Update webmention
#
KartikPrabhu
it isn't an updating of post, just fixed some webmention sending code that had failed when I wrote the post
#
tantek
even better reason
#
KartikPrabhu
it is very useful to see if mentions are working. good job Loqi!
#
Loqi
grins profusely
#
jonnybarnes
thanks tantek
Jeena joined the channel
#
tantek
np! elementary boolean logic my dear ;)
#
KartikPrabhu
kylewm: I broke your share (http://kylewm.com/share/2014/03/27/1) by sending a faulty mention. apologies, please delete it :(
#
KartikPrabhu
also let this be a lesson to not directly post a 1000 word essay in replies... :P
#
tantek
oh my goodness did you send your article as a reply to his comment on your article?!?
#
KartikPrabhu
unfortunately yes :(
#
tantek
that shouldn't have shown up because your article is not "in-reply-to" his comment!
#
tantek
I mean, you just found a bug in his code!
#
KartikPrabhu
possibly! :P
#
KartikPrabhu
weekend project: fix this whole webmention fiasco on PT!
#
KartikPrabhu
I should send mentions only to the links in the first h-entry. is that a good policy?
#
Loqi
yea!
#
tantek
you should send mentions to all the links in your h-entry
#
tantek
it's up to the destinations to properly interpret them
#
kylewm
KartikPrabhu: :D it is in my databaes as a "reference" but I do not display them differently yet (mostly because nobody would have a reason to reference me on anything)
#
KartikPrabhu
tantek: but I shouldn't have sent a mention to kylewm's reply in the first place right?
#
KartikPrabhu
even though it is in my h-entry
#
tantek
so the right question to ask is
#
aaronpk
think of the webmention as just saying "hey there, this page of mine linked to this page of yours"
#
tantek
what's the use case for your article sending a webmention to kyle's reply?
#
KartikPrabhu
aaronpl: come on! :P
#
KartikPrabhu
aaronpk ^^
#
tantek
and at least *one* answer to that use-case question is:
#
tantek
if you update your article title, or summary, etc. at the top, by sending a webmention to all the replies to your article, you give them a chance to update their reply-contexts accordingly!
#
tantek
I have no idea if anybody does this - but it's a good idea
#
tantek
and how we keep that info up to date via notifications
#
KartikPrabhu
but I really shouldn't have sent a mention to my own article from kyle's comment on my article!
#
KartikPrabhu
or I should have handled that better on the incoming side?
#
tantek
you should have handled it better on the incoming side
#
tantek
a-ha I *have* written up reply-context updating before!
#
Loqi
agreed.
#
KartikPrabhu
I see. good points to implement over the weekend
#
tantek
and check out the Delete possibility too
#
KartikPrabhu
I actually implement the delete possibility myself!
#
tantek
see these kinds of interactions are what the indieweb is about -
#
tantek
actually implementing federated commenting, updating, deleting etc.
#
tantek
which are *user level* features
#
tantek
and have nothing to do with the petty format wars of old.
#
tantek
or plumbing-centric discussions
#
tantek
that was perhaps the worst part of the RSS/Atom wars - it distracted so many smart people away from actual important things
#
kylewm
so as the receiver, I can only know that the webmention is from the thing I originally replied to by checking it against my existing reply-contexts right?
#
tantek
and the sadder part is that some of those folks are *still* spending time fighting that war instead of working on user-facing features
#
KartikPrabhu
oh well...
#
KartikPrabhu
kylewm: i think so. yes
#
kylewm
looking at the mf2 on KartikPrabhu's page, I don't think there is a way to distinguish a uncategorized reference
#
tantek
kylewm - of course there is
#
tantek
*you* know by looking at *your* page that the "source" of that webmention happens to be the reply-to of your comment!
#
KartikPrabhu
yeah. one that has no u-in-reply-to , u-like-of etc...
#
tantek
and thus you should treat it as a reply-context update
pfenwick joined the channel
#
KartikPrabhu
!tell snarfed: also sending a mention to https://snarfed.org/ returned a 404. Seems like somethign the wordpress plugin does in general. also happened on dariusdunlap's site
#
Loqi
Ok, I'll tell them that when I see them next
#
KartikPrabhu
this is such a complicated puzzle. this federated comments thing... very interesting
#
tantek
KartikPrabhu - interesting thing is - I'm pretty sure we're the first to actually solve this properly, from a user-experience perspective: real time notifications, updates, deletes, reply-contexts etc.
#
tantek
*distributed/decentralized* across sites
#
KartikPrabhu
yeah i think the distributed part is what makes it harder
#
KartikPrabhu
but that is why it is cool
#
KevinMarks
venturebeat is hiring in SF for PHP+js in wordpress - anyone interested?
ttepasse joined the channel
#
kbsriram.com
edited /pgp (+1204) "Focus on authentication, better user-centric scenarios"
(view diff)
kbs joined the channel
#
kbs
aaronpk et. al - have at it :) http://indiewebcamp.com/pgp#Secure_communication hopefully less-worse than the last iteration
ttepasse, pfenwick, designdream and _6a68 joined the channel
#
bret
been playing around with feedbin lately. really happy with it. makes following lots of small websites a joy... for now
#
bret
every feed reader I have used ends up becoming a major maintanance chore after a while and the noise floor tends to gorw over time
#
KartikPrabhu
bret: would be great to document those frustrations, niceties as people build indie readers
#
bret
I still have not found a filtering or training system for a reader that I like, and I think it stems from treating all posts and feeds as the same
#
bret
KartikPrabhu: ill try to get these down right now
tantek joined the channel
#
aaronpk
would be interesting to re-explore my thoughts on twitter stream filtering but in the contenxt of indie readers https://aaronparecki.com/articles/2010/09/21/1/bayesian-twitter-client
#
bret
aaronpk: have not see that
#
aaronpk
it's quite old
#
bret
even something like quicksilver or awesome bar level of ++ or --
#
bret
on feeds/posts
#
bret
i honestly miss the sort by magic from google reader
#
bret
that would dig up the weirest stuff and it was great