#indiewebcamp 2014-04-02

2014-04-02 UTC
#
kbsriram.com
edited /authorship (+315) "update links, point to sample pastebin"
(view diff)
KevinMarks and kbs joined the channel
#
tantek
tilgovi - annoying that "public-*" isn't already implied
#
tantek
and that "private-*" whatever could be the exception
#
tantek
thanks kbs
#
tantek
and thanks aaronpk and barnabywalters for hosting the spoofed content
#
kbs
no worries - good discussion too :) appreciate the insights
#
tantek
it's useful to have a real world example to point to
#
tantek
to illustrate the problem
#
tantek
brb. restarting to clear out VM. darn leaky browsers and other apps. :/
KevinMarks and tantek joined the channel
#
tantek
KevinMarks what's your ETA at 21A? I may stop by depending on how late at work etc.
#
pauloppenheim
aaronpk: catching up with backlog, i think most people feel burned by REST after using it, basically variations on: Oh this is cool -> i guess i can sandwich these weird cases in with these verbs -> dammit I need self-defined verbs and error codes, this is causing bugs and downtime -> <sound of pitchforks and torches>
#
pauloppenheim
like the stages of grieving
#
tantek
huh that's pretty funny
#
KevinMarks
About 6:45
#
KevinMarks
If we have three webmention hosting services, can we converge the APIs?
#
KevinMarks
Documenting the difference
#
pauloppenheim
is webmention a misnomer now? webnotify? webping? webheysomeonesaidsomethingaboutyou?
#
KevinMarks
"someone said something about you" is a longwinded way of saying mention
#
KevinMarks
And that is the key. They do need to link to you
#
pauloppenheim
actually, that's a misnomer
#
pauloppenheim
i was making a funny, but it backfired
#
pauloppenheim
because it is now also someone said something *to* you
#
KevinMarks
Websubtweet
#
pauloppenheim
webindirectimplication
#
KevinMarks
No, because they didn't necessarily send the mention
#
pauloppenheim
but how perfectly passive aggressive would that be, amirite
#
pauloppenheim
"mention" seems to be getting stretched a bit
#
KevinMarks
If barnaby writes a crawler, it could send the mentions
#
KevinMarks
Which is closer to the Technorati case
#
pauloppenheim
but i guess it's just a name, and it's pretty good for now
#
KevinMarks
WebVisiblyLinkedToYou
KartikPrabhu joined the channel
#
pauloppenheim
but it might not even be visible anymore!
#
pauloppenheim
private messaging
#
pauloppenheim
i mean, it's an amazingly simple little idea, that small kernel can be used for so many asynchronous things
#
pauloppenheim
tantek: i know you laughed earlier, but there is a provably secure microkernel: http://ssrg.nicta.com.au/projects/seL4/
#
pauloppenheim
tantek: it's also one of the most used pieces of software in the world
#
tantek
pauloppenheim: webmention is fine, because it refers to the lowest common semantic denominator
#
tantek
re: provably secure microkernel - interesting - open source?
#
pauloppenheim
tantek: yeah
#
pauloppenheim
tantek: it's a whole world of its own, i still haven't spent enough time digging into it, but anyone who's been in mobile for a while should know a bit about it
#
pauloppenheim
"the final turtle"
#
tantek
if it's open source
#
tantek
then you get to the question of the hardware
#
tantek
and how much of that is open hardware
#
tantek
and then the manufacturing thereof
#
pauloppenheim
MIPS, ARM, x86
#
tantek
so no, it's not a "final turtle", by any means
#
pauloppenheim
oh right, of course
#
tantek
because from a security perspective, exploits can be introduced at any of those layers, and *have* been
#
pauloppenheim
but as far as the software part goes
#
tantek
basically, since we can't trust USB charging cables and USB sticks, we're basically toast.
#
pauloppenheim
tantek: there're certainly more details to it, but the tools exist if you have the right practices
#
tantek
um, I'm not sure the tools exist for fab verification except to very rich entities
#
tantek
that's part of the problem
#
pauloppenheim
tantek: rogue USB should not be able to take down seL4
#
KevinMarks
Or SD cards or batteries
#
tantek
we're not actually going to "solve" this until we can "compile" the hardware ourselves from open hardware specs on our home replicators
#
tantek
and even then - the replicators themselves have to be self-inspectable
#
pauloppenheim
there's mitigation for much of this
#
tantek
to make sure they're not compiling in any exploits
#
pauloppenheim
i hate to hand wave, but i'm already beating a dead horse by posting that source
#
tantek
pauloppenheim: I used to believe that. not any more. not since the USB cable/stick exploits.
#
KevinMarks
Right, there's the Ken Thompson attack
#
tantek
at this point we have to assume that well-off attackers have access to those vectors
#
pauloppenheim
tantek: there are several replies to the classic "trusting trust" paper these days
#
tantek
so we're basically stuck. until we can rebuild things inspectably from scratch.
#
tantek
and those will be interesting times.
#
pauloppenheim
no, there are mitigations
#
pauloppenheim
finding references right now
#
tantek
don't worry - don't have time to read them anyway
#
tantek
and they're likely just the usual probabilistic stuff
#
tantek
good to know the name of the attack
#
KevinMarks
you can write Compiler B yourself for a computer you built yourself from vacuum tubes that you made yourself.
#
KevinMarks
Now that's full stack engineering
#
KevinMarks
Weird, Firefox doesn't show up in the running apps ux on android
#
tantek
KevinMarks - I'm hoping for matter compiler access to transistors at least as a starting point :)
#
tantek
rather than vacuum tubes
basal joined the channel
#
KevinMarks
This reminds me of QuickTime - we had a special compiler for release builds that took ages but was measurably better at optimising
#
tantek
KevinMarks - I seem to remember that for PPC in general
#
tantek
when at Apple
#
KevinMarks
Yes, it was some IBM compiler
#
tantek
right
#
tantek
and I think we used MetroWerks as the "fast" compiler that produce not as optimal code
#
KevinMarks
Then of course there is the accidentally Turing complete problem http://beza1e1.tuxen.de/articles/accidentally_turing_complete.html
#
pauloppenheim
oh codewarrior
#
KevinMarks
QT was built on all kinds of weird systems. Breaking the build on solaris or Windows nt was an issue
#
KevinMarks
Endian macros
#
KevinMarks
I'm reflecting on this after the annoying experience with qt (the other one) earlier
#
pauloppenheim
KevinMarks: i saw that indiecreddit uses qt - should it build cross-platform?
#
@benwerd
I'd missed this, but it's a great introduction to the #indieweb and why it's interesting: http://kartikprabhu.com/article/indieweb-love-blog
(twitter.com/_/status/451165922418388992)
#
KevinMarks
Yes, it should, but I had trouble getting a usable binary on Mac OS
#
tantek
Yeah KartikPrabhu! :)
#
KartikPrabhu
can I haz indiecred?
#
tantek
KartikPrabhu++
#
Loqi
KartikPrabhu has 17 karma
#
KevinMarks
You can build it...
#
KevinMarks
I need to work out why it isn't generating any coins yet
#
KevinMarks
I think there is a parameter that wants a long enough blockchain first
#
pauloppenheim
KevinMarks: are there any transactions yet?
#
KevinMarks
Which is a bit chicken and egg
#
KevinMarks
Can't have transactions without coins
#
pauloppenheim
hey man, i only read the code, i don't use the stuff ;)
#
pauloppenheim
KevinMarks: genesis block should have made some
#
KevinMarks
Well, I was mostly following a recipe
#
KevinMarks
So how do I find them?
#
KevinMarks
I need to inspect the blockchain better
#
KevinMarks
Seeing as I started at 9pm and finished at 8am I was getting a bit fuzzy at that point
#
KevinMarks
Right, this is two or three forks from that
#
KevinMarks
I need a blockchain Explorer for lightcoin
#
@kevinmarks
RT @benwerd: I'd missed this, but it's a great introduction to the #indieweb and why it's interesting: http://kartikprabhu.com/article/indieweb-love-blog
(twitter.com/_/status/451168637307457536)
kbs joined the channel
#
KevinMarks
I need to go back and read some code
#
KevinMarks
The point of this exercise for me is to understand this stuff more, as well as lulz
kbs joined the channel
#
kbs
pauloppenheim (and bnvk if you're awake) good time to talk about pgp :)?
#
pauloppenheim
kbs: i can briefly
#
kbs
have you been playing with something already? I saw aaronpk and sandeep's quick demo on /pgp - that's about all I know on what's already been done
#
pauloppenheim
kbs: i don't have a working piece of software, if that is what you are asking
#
kbs
or ideas too - think this is very much in the thinking stage for me at least
#
pauloppenheim
due to crypto being crypto, i'd love to have as little of my own code as possible;
#
pauloppenheim
i've been talking about several different ways to do private messaging with several people, at which point i decided to take more of the "code or gtfo" mantra and only talk about what works today
#
pauloppenheim
kbs: your quick demo is probably the most impressive thing going, but it's also not web
#
pauloppenheim
but it *is* indie! :D
#
kbs
yep. makes sense. I sort divvied thingh up into auth, sign and encrypt
#
kbs
over at http://indiewebcamp.com/pgp#Secure_communication so maybe we can all put ideas there
#
kbs
I think the auth bit is probably quite reasonable to layer on top of the indieauth rel=me mechanism - all it takes really is to add a fingerprint to either a "silo"'s profile site or lnk to a tweet/post etc
#
pauloppenheim
kbs: ahh, i think the private messaging page has more
#
kbs
yea. I have a feeling that having a browser-based client is probably somewhat orthogonal [to my conception at least :)] of indieweb
#
kbs
ah, thanks - looking...
#
pauloppenheim
kbs: yeah, i don't think crypto in-browser makes sense
#
kbs
ah yes - I have looked at this page
#
kbs
so my feeling here is that this is acls implemented by the server, and I'd love to see an even more resiliant structure [ie, end-to-end] if at all possible
#
kbs
I was thinking that aaronpk and sandeep's idea might basically be the thing to build upon - but I had a couple of gotchas surrounding it
#
pauloppenheim
kbs: yes, this is server ACLs
#
kbs
one thing I note about webmentions as it stands, is that it's susecptible to an amplification atatck
#
pauloppenheim
kbs: yeah, as i mentioned at the meetup, i think using both together is a good idea
#
kbs
ah - that's an interesting thought indeed
#
pauloppenheim
kbs: yup, but depending on what you implement, that might not be a problem
#
kbs
thinks
#
kbs
so I'm not sure how to avoid amplification without some extra params to the web-mention
#
pauloppenheim
kbs: webmention is pretty fluid
#
pauloppenheim
but also there's the kernel of identity in here
#
pauloppenheim
source url should be somewhat known
#
pauloppenheim
and if not, possibly queued
#
kbs
but the sender of the webmention is not, which is where I see the issues coming from...
#
pauloppenheim
i mean, it could lead to you pummeling a known place, if there's no domain rate limiting
#
pauloppenheim
you could flood two co-conspirators out from each other, but that could be detected and worked around with new params, as you said
#
pauloppenheim
you could even sign the mention and attach that
#
pauloppenheim
so many solutions :)
#
kbs
yep! If I am forced to add a signature - that would do it, that's what I was thinking of as well
#
pauloppenheim
kbs: if there's a problem domain, ie, mallory is tryiing to keep you and I from messaging
#
pauloppenheim
kbs: then i can talk with you and we can do sig exchange, if we have keys
#
kbs
yea [or the less secure but probably more usable method of the rel=me fingerprints]
#
pauloppenheim
kbs: there's also some even more fun ideas i have, like having different webmention endpoints for logged in users
#
kbs
do tell
tantek joined the channel
#
pauloppenheim
kbs: a general extension of sign-in - in addition to suddenly seeing more data (such as my phone number) you also see the existing data change - my non-marked email for instance, and so the webmention link could be different as well
#
KartikPrabhu
pauloppenheim: I seems that a little waiting and the months filter in Django 1.6 started working?! some sort of python cache ing happening?
#
kbs
ah - so you indieauth a user, then proceed from there
#
kbs
nice, gotcha.
#
pauloppenheim
KartikPrabhu: i can't recall the specifics, but is it an apache mpm_prefork issue? workers holding bad state with too long of a lifecycle?
#
pauloppenheim
kbs: yeah, basically going back to the iceberg model
#
KartikPrabhu
it happened on local server and now on my apache, don't recall specifics of server
#
KartikPrabhu
apologises for interupting conversation flow!
#
pauloppenheim
kbs: "oh, this is what the world actually looks like" (yes, to *you*, my mom sees something different from that too)
#
pauloppenheim
KartikPrabhu: no prob
#
pauloppenheim
KartikPrabhu: it's irc :)
#
kbs
pauloppenheim: gotcha.
#
kbs
(and ditto KartikPrabhu)
tantek and lukebrooker joined the channel
#
KartikPrabhu
me got short urls working! http://kartikprabhu.com/n/3QFQqy cc: tantek, kylewm (thanks for the base60 code)
#
pauloppenheim
KartikPrabhu: well, i recall you tried the query and it actually showed data manually, and then there was confusion about the state of database connections
#
kbs
so as far as actual code goes, it so happens that I have some appengine thing going on for an unrelated project [basically it behaves as a store-and-forward system for transient, signed messages] and probably might not be too hard to repurpose it as a store-and-forward webmention thing
#
kbs
has a static site, and works entirely via cron jobs and random scripts
#
KartikPrabhu
pauloppenheim: yes then I gave up and wait and after a few days of doing other unrelated things it worked!
#
pauloppenheim
KartikPrabhu: unfortunately i have seen many web apps not behave well with mod_wsgi and apache worker pools, whether fork or thread
#
tantek
KartikPrabhu: Woot!
#
Loqi
giggles
#
pauloppenheim
kbs: yeah, my site is also primarily static, not very interested in busying up a computer for every request that comes in over the network willy-nllly
basal joined the channel
#
kbs
pauloppenheim: great - hopefully whatever either of us build will work for the other :)
#
pauloppenheim
kbs: sounds reasonable to use that codebase if you think it works
#
pauloppenheim
kbs: and if not, we can debug here :)
#
kbs
I've slowly been putting together a locally running server that does the auth validation bits bits [ie, given a url - find keys, rel=me links to various silos, and validates fingerprints on silos.]
#
pauloppenheim
kbs: your own indieauth node?
#
kbs
pauloppenheim: something like that yea. So it's basically a locally running java web server with a browser that's essentially a UI to it. I feed it a URL (say, http://waterpigs.co.uk/ - it goes there, figures out the h-card etc, find's theres a key, then chases rel=me links for fingerprints
#
kbs
trying to be a crude contact manager app really - although right now all it's doing is validating rel=me links, and potentially also keys and fingerprints
#
kbs
eg: barnaby has chosen to syndicate his fingerprint (marked as rel='pgp-fingerprint') to twitter
#
kbs
I follow that link, and check taht it actually belongs to @barnabywalters - and that this profile is also a rel=me link.
#
pauloppenheim
ahh, like a more reasonable keybase.io
#
pauloppenheim
actually checking the network of keys and re-verifying
#
pauloppenheim
i like that
#
pauloppenheim
in some ways i'm not super worried about trying to see if a key is authentic online
#
pauloppenheim
i've got my own key store, i just check that
kbs joined the channel
#
pauloppenheim
kbs: not sure how much of that your caught before network flake
kbs` joined the channel
#
kbs`
I'll catch up from the web logs - think this connection from my phone is getting more and more flaky :)
snarfed and KevinMarks joined the channel
#
tantek.com
edited /https (+133) "sessions section, link to etherpad for now (needs archiving to wiki!)"
(view diff)
tantek joined the channel
#
KartikPrabhu
tantek: do you include your permashortlinks in your posts for others to use? or is it just for personal POSSEing
#
KartikPrabhu
eh, the question is more along the lines of "should I" or "why not"...
#
tantek
KartikPrabhu: I used to have permashortlinks in my posts for copy/paste
#
KartikPrabhu
any reason you removed them?
#
tantek
but eventually I decided it was not a significant enough of a use-case to keep them in the UI of the site
#
tantek
… in the UI of my posts
#
GWG
How should a post sent from a personal site to a Siloed site be formatted is a question that occurs to me based on that statement.
#
tantek
so now mostly for POSSEing
#
tantek
GWG - lots of write up on that question on the /Twitter page
#
tantek
and welcome GWG!
#
KartikPrabhu
points to tantek's answer instead of wrting a long one
#
tantek
GWG, go ahead and add yourself to http://indiewebcamp.com/irc-people
#
KartikPrabhu
need indieauth for that no?
#
tantek
KartikPrabhu: yes of course :)
#
tantek
it's an encouragment to get it working
#
KartikPrabhu
snarfed: does bridgy send mentions to everything that you have POSSEd when you first enable it?
#
tantek
KartikPrabhu: I do include the permashortcitation in all my posts so that it is googlable
#
KartikPrabhu
hmm interesting
#
GWG
I'm still new around here. May ask some questions.
#
tantek
i.e. if you *search* for the permashortcitation at the end of my POSSEd tweets / fb posts, you will find the *original* post via google
#
KartikPrabhu
snarfed: I want to get some sample backfeeds to play with so I can have better webmention receiving test cases
#
tantek
in that way, I use the permashortcitation kind of lik a per-post watermark
#
KartikPrabhu
think PSC is a cool idea... too bad it didn't catch
#
tantek
so that even if/when spammers copy my posts, they end up copying my watermark too
#
tantek
KartikPrabhu: yeah I don't know anyone else who is publishing them currently, though I've seen folks experiment with them
#
snarfed
KartikPrabhu: it goes back a ways, yes
#
snarfed
not forever, but a ways
#
KartikPrabhu
aah ok wth... my parsing is so messed up that I can mess it up more with pre-mature bridgy mentions :)
#
KartikPrabhu
signing up for bridgy twitter :)
#
Loqi
woot
#
snarfed
loqi you should sign up too
#
Loqi
who, me?
#
KartikPrabhu
ok signed up this will be a shit show
#
snarfed
:P yeah a few 500s
#
snarfed
all part of the game
#
KartikPrabhu
don't worry about errors from me yet... I'll get to fixing those
#
GWG
tantek: Am I a regular though? Going to go read that Twitter page though
#
tantek
GWG - hopefully! if you're already looking at questions of how to POSSE your content
#
KartikPrabhu
GWG: asking questions is the best way to start...
#
KartikPrabhu
don't need to be a regular
#
GWG
Understood. It just said regular. I will add in a bit.
#
GWG
tantek: You are one of the people organizing the IndieWebCampNYC, I see?
#
GWG
I am a New Yorker.
#
tantek.com
created /2014/SF/https (+2863) "archive the notes from the etherpad"
(view diff)
#
tantek
GWG - awesome!
#
tantek
let's get you setup on IndieAuth then
#
tantek.com
edited /https (-26) "/* Sessions */ make it into its own page"
(view diff)
#
GWG
I'm set up on indieauth.
#
tantek
sweet! then definitely add yourself to the /irc-people page
#
tantek
let's start with that :)
#
GWG
I already had registered GWG on IRC.
#
tantek
no problem
#
GWG
I think I need a User page to link to first.
#
KartikPrabhu
does anyone POSSE to flickr? trying to convert a friend to indieweb!
#
GWG
I'm sure there is a template somewhere here...
#
GWG
Will find it
#
KartikPrabhu
GWG: I made my userpage yesterday. no hurry :P
#
GWG
KartikPrabhu: How long have you been involved here?
#
KartikPrabhu
eh... months at least
#
KartikPrabhu
was just making things... then added to userpage :)
#
GWG
Not sure I like my username, being as it is my domain name.
#
GWG
That seems a bit long.
josephboyle joined the channel
#
KartikPrabhu
GWG: i think identifying yourself with your url is the point :)
#
KartikPrabhu
btw which one of the long usernames is yours?
pauloppenheim joined the channel
#
tantek
!tell aaronpk looks like the IndieWebCamp logo (http://indiewebcamp.com/wiki/skins/indieweb/indiewebcamp-logo-500px.png) is the only thing preventing https://indiewebcamp.com/https from being fully HTTPS
#
Loqi
Ok, I'll tell them that when I see them next
paulcp joined the channel
#
KartikPrabhu
my MySQL database gave an error due to too long SQL!!
#
KartikPrabhu
another reason to switch to no DB
GWG joined the channel
#
GWG
Did I miss anything? My bouncer went down.
#
GWG
This is what happens when you pay only $19 a year for your server
#
GWG
Hmm...so you didn't see me answering your question
#
GWG
Okay.
#
KartikPrabhu
snarfed: http://kartikprabhu.com/article/indieweb-love-blog#responses shows the shittiness of my webmention parsing! :P
#
snarfed
it's a start!
#
snarfed
step by step
#
snarfed
great that they're there!
#
GWG
KartikPrabhu: I had asked you where the usernames list is. I was curious to see who had a username longer than mine
#
KartikPrabhu
notice also that a lot of them do not have a userpage
#
GWG
I would be the longest
#
KartikPrabhu
GWG: someone has to be :P
#
KartikPrabhu
snarfed: at least that gives me a lead into how to improve it
#
KartikPrabhu
is there documentation for the format of bridgy's mentions?
#
snarfed
format?
#
snarfed
of the source pages?
#
snarfed
they're just mf2. you're welcome to look at one if you want, you can fetch the source URL that it sends
#
KartikPrabhu
aah yes of course :)
#
KartikPrabhu
snarfed: retweet is considered a "like-of" not "repost-of" ?
#
snarfed
no, it should be repost-of
caseorganic joined the channel
#
KartikPrabhu
snarfed: eh! sorry. was looking at the wrong tab!!
#
KartikPrabhu
must sleep...
#
GWG
What is this sleep thing?
#
KartikPrabhu
GWG: yeah I said that on monday... not a good decision
#
GWG
Never enough hours.
KevinMarks joined the channel
#
KartikPrabhu
specially if you have three diff. things to do
#
KartikPrabhu
make that four
#
GWG
KartikPrabhu: Good luck?
#
KartikPrabhu
thanks! I'm out peace \m/
tantek joined the channel
#
@erinjo
@stephandle If you're available, you should consider coming to IndieWebCamp Cambridge this Oct. We'd love to have you http://indiewebcamp.com/2014/Cambridge
(twitter.com/_/status/451228514029563904)
#
kylewm
snarfed: hey good evening! do you know why i'm getting error 500 from bridgy publish? I tried to run this from the command line curl -d 'source=http://kylewm.com/note/2014/04/02/1&target=http://brid.gy/publish/facebook' https://www.brid.gy/publish/webmention
#
snarfed
hey kylewm! not sure. first place i'd look is the log, linked from your user page
eschnou joined the channel
#
snarfed
https://www.brid.gy/facebook/12802152 , the "X ago" links under "Recently published"
#
kylewm
oh cool, I had not seen that before
#
snarfed
looks like facebook itself is returning a 500 :/
#
pauloppenheim
hey man, sometimes when you gotta go, you gotta go
#
kylewm
oh? i couldn't tell if it was coming from them or me
#
snarfed
i wonder if it's the newlines. i can take a todo to strip them
#
snarfed
yeah, looking at the log, the 500 comes from urllib2.urlopen of an fb api call
#
kylewm
Just tried it with one without newlines
#
kylewm
same deal
#
kylewm
oh or at least... i don't intend for it to have newlines, but it looks like it still does
#
snarfed
that's just a random guess, not at all sure it's the cause
#
snarfed
but i'll try in a bit
#
kylewm
thanks! no hurry of course, i am just messing around
#
snarfed
deploying that change now. i give it maybe 1 in 3 that it works
#
kylewm
i said no hurry!
#
snarfed
yup. you caught me at a good time
#
snarfed
deployed, feel free to try again
#
kylewm
hrmph, same thing
#
snarfed
yeah. sorry :/
#
kylewm
love opaque error messages, although i guess 500 means "something bad happened and we dont' even know what it was"
#
snarfed
yeah. there may be a response body. sad that i'm not surfacing it
#
KevinMarks
It means PHP, dudes, who even knows Bro
#
snarfed
fb does 500 my api calls surprisingly often
#
kylewm
i can just ask you what i was trying to find out -- does bridgy send back the ID of the published post? i'm guessing that would require it to be synchronous
#
snarfed
yes and yes
#
kylewm
rad, thanks you
#
snarfed
the response is json with id and url params, and sometimes more
#
snarfed
not much more for fb, but for twitter you get a full tweet api entity
#
snarfed
i should document that on https://www.brid.gy/about . i'll take a todo
#
Loqi
it is probable
#
kylewm
still trying to figure out how i want to do syndication ... can never seem to get automatic formatting/posting quite right
#
kylewm
i sort of like the stopgap solution that i think willnorris said he uses where there are just silo-provided "share this on ..." links in his posting ui. but then i don't think there is a way to know the id of the created post
#
aaronpk
kylewm: i think he said that some silos return the ID in the js callback and others don't. not sure if he documented it anywhere.
#
Loqi
aaronpk: tantek left you a message 1 hour, 46 minutes ago: looks like the IndieWebCamp logo (http://indiewebcamp.com/wiki/skins/indieweb/indiewebcamp-logo-500px.png) is the only thing preventing https://indiewebcamp.com/https from being fully HTTPS
cweiske and snarfed joined the channel
#
aaronpk
that is fixed now :)
#
snarfed
kylewm: agreed. i've been using bridgy publish for lots of likes/favorites/RTs, but actual posts are still manual
#
caseorganic.com
edited /2014/Cambridge/Guest_List (+0) "/* Venue Capacity: 20 */"
(view diff)
#
caseorganic
is excited to see the signups for IndieWebCamp Cambridge 2014! http://indiewebcamp.com/2014/Cambridge/Guest_List
#
caseorganic.com
uploaded /File:harvard-berkman-center.jpg "Berkman Center Photo Credit: Berkman Center for Internet & Society at 23 Everett Street, Cambridge MA. Taken 20110716 by [http://commons.wikimedia.org/wiki/User:Fletcher6 Fletcher6]."
npdoty, basal, snarfed and LauraJ joined the channel
#
caseorganic.com
edited /2014/Cambridge (+582) "/* IndieWebCampCambridge 2014 */"
(view diff)
Jihaisse joined the channel
#
caseorganic.com
edited /2014/Cambridge (-2) "/* RSVP */"
(view diff)
caseorganic and voxpelli joined the channel
#
Loqi
voxpelli: KevinMarks left you a message on 4/1 at 9:27am: only one url per github account?
#
voxpelli
!tell KevinMarks One can add as many url:s/domains per account as one want
#
Loqi
Ok, I'll tell them that when I see them next
#
KevinMarks
Didn't worth for me, u I'll retry
#
Loqi
KevinMarks: voxpelli left you a message 1 minute ago: One can add as many url:s/domains per account as one want
tobiastom, carlo_au, eschnou, krendil, friedcell, LauraJ, Sebastien-L, jsilvestre, tilgovi, caseorganic, vf5761, KevinMarks_, josephboyle, glennjones, basal, pfenwick, bnvk, pasevin, scor, melvster and peck_lx joined the channel
CheckDavid, LauraJ, ttepasse and peck_lx joined the channel
#
ben_thatmustbeme
this is the first time i wasn't able to catch up fully on the logs on my train ride in
#
ben_thatmustbeme
my god there was a lot of discussion
peck_lx and snarfed joined the channel
#
KevinMarks
Heh. I'm on a train now and seen to have nothing since last night
#
KevinMarks
I changed the reward model of Indiecreddit.com and now I have coins
#
KevinMarks
Not sure if that works globally
#
bnvk
KevinMarks: are you really making an Indie crypto currency?
#
KevinMarks
It was an April Fools joke, but it is a functioning altcoin
#
KevinMarks
Because that's funnier
#
bnvk
the troll is strong with this one
KevinMarks_ joined the channel
#
ben_thatmustbeme
okay, read up on enough of yesterday's discussion. I'll admit i ended up just skipping bits
#
ben_thatmustbeme
my one question of the webmention queue link really kicked things off
KevinMarks joined the channel
#
KevinMarks_
OK, indiecreddit.com now signed up to https://webmention.herokuapp.com
#
ben_thatmustbeme
Only an osx client though.
#
ben_thatmustbeme
s/make/makes/
#
Loqi
ben_thatmustbeme meant to say: makes me sad
#
KevinMarks_
feel free to build the others
#
KevinMarks_
I didn't set up VMs to do it
#
KevinMarks_
especially windows
#
KevinMarks_
also, getting the mac one to work is still a work in progress, as it requires external libs installed with brew or macports at the moment
#
ben_thatmustbeme
once you get that all set i can build it on my funtoo machine. Should be just a matter of writing an ebuild file
#
ben_thatmustbeme
i have a ton of work to do on my site anyway. And probably some work-work.
#
ben_thatmustbeme
at least i beat 2048 Numberwang, so I can stop playing that.... Thanks a bunch for that one.
#
KevinMarks_
when it rotates the board, that is worth it
#
ben_thatmustbeme
yeah, that scared me the first time it happened
#
KevinMarks_
if you want to try on linux, the code's checked in
#
KevinMarks_
Linux -Qt This is by a long shot the easiest wallet to compile,
#
KevinMarks_
apparently it's just qmake "USE_UPNP=-" then make
jedahan, gRegor`, LauraJ, KevinMarks and josephboyle joined the channel
#
KevinMarks
!tell tantek I got the 7am train. is there breakfast at the w3c thing?
#
Loqi
Ok, I'll tell him that when I see him next
KevinMarks2 joined the channel
#
KevinMarks2
And into the tunnel. I suspect that you won't see the machine I still have running at home. I need to get port forwarding set up.
#
KevinMarks2
Also upnp may help there
#
ben_thatmustbeme
installing qtmake. apparently not on this machine
#
KevinMarks2
There are some dependecies
#
KevinMarks2
http://www.w3.org/TR/2014/WD-dpub-annotation-uc-20140313/ the use cases in the first section all sound like webmention
gRegor`, caseorganic, fungoat and snarfed joined the channel
#
ben_thatmustbeme
ack, package slots causing error on one machine and my other machine is having issues doing qmake
iangreenleaf and tantek joined the channel
#
Loqi
tantek: KevinMarks left you a message 50 minutes ago: I got the 7am train. is there breakfast at the w3c thing?
KevinMarks and KevinMarks2 joined the channel
#
GWG
I still can't get Twitter right. Darn you 140 characters.
#
KevinMarks
WebMention shoutout by Shepers
#
hober
KevinMarks: are you here?
#
Loqi
hober: tantek left you a message on 4/1 at 4:37pm: any of you going to the W3C Workshop on Annotations tomorrow?
#
Loqi
hober: tantek left you a message on 4/1 at 4:39pm: any of you going to the W3C Workshop on Annotations tomorrow? http://www.w3.org/2014/04/annotation/ can apparently register late (today) as an "Interested Attendee" without a paper! https://www.eventbrite.com/e/w3c-web-annotations-conference-tickets-10982205071?team_reg_type=individual
#
KevinMarks
yes, 2nd table at the back on the left
#
KevinMarks
is there a hashtag for this event?
#
hober
dunno
#
hober
i think that's the event that this is collocated with
npdoty joined the channel
#
KevinMarks
is there an irc for the event?
tilgovi joined the channel
#
KevinMarks
irc.w3.org #innovation
peck_lx joined the channel
#
@kevinmarks
#annotation @tilgovi: we need feed discovery - Activity Streams. Also we need to publish locally and use WebMention http://indiewebcamp.com/webmention
(twitter.com/_/status/451392646859481089)
paulcp, squeakytoy and tantek joined the channel
#
tantek
also for those that want to lurk, there is a scribe taking notes/minutes here: irc://irc.w3.org/annotation
bnvk joined the channel
#
KevinMarks
plus I'm tweeting it at #annotation
#
aaronpk
KevinMarks: is there a list of the dependencies I need to install to run indiecreddit-qt?
#
@t
#ianno14 @W3C Web Annotations Workshop: great @tilgovi intro noted #webmention & #microformats. GDoc slides: http://tantek.com/2014/092/t1/ianno14-web-annotations-webmention-microformats
(twitter.com/_/status/451398336156016640)
#
KevinMarks
is what I based it on
#
KevinMarks
sudo port install boost db48 qt4-mac openssl miniupnpc git
#
tantek
KevinMarks oh oops I used different hashtag
#
aaronpk
perfect thanks
#
KevinMarks
boost (C++ libraries) db48 (Berkeley DB 4.8) qt4-mac (Open Source QT 4.8.4, includes qmake) openssl (ssl dev libraries) git (to move source back and forth to the repository) miniupnpc (UPNP dev libraries, optional–honestly I say skip this crap)
#
@JakeHartnell
RT @t: #ianno14 @W3C Web Annotations Workshop: great @tilgovi intro noted #webmention & #microformats. GDoc slides: http://tantek.com/2014/092/t1/ianno14-web-annotations-webmention-microformats
(twitter.com/_/status/451398568301981696)
#
KevinMarks
I think UPNP may be useful to get past locla IPs
#
KevinMarks
I suspect I need to put a client on a VPS with a public IP to connect the chain
#
@domenicoperri
RT @t: #ianno14 @W3C Web Annotations Workshop: great @tilgovi intro noted #webmention & #microformats. GDoc slides: http://tantek.com/2014/092/t1/ianno14-web-annotations-webmention-microformats
(twitter.com/_/status/451399230364868608)
bupkes joined the channel
#
bupkes
hello
#
KevinMarks
hi bupkes
#
bupkes
Hi Kevin, I'm Matt :)
#
Loqi
ben_thatmustbeme meant to say: hey there
#
bupkes
hey ben
#
bupkes
This is my first ever IRC chat. I'm amazed how easy it was to join
#
KevinMarks
that's good to hear
#
bupkes
Though I'm using a Google Chrome client which doesn't seem to jive with #indieweb too well...
#
@kzakza
RT @t: #ianno14 @W3C Web Annotations Workshop: great @tilgovi intro noted #webmention & #microformats. GDoc slides: http://tantek.com/2014/092/t1/ianno14-web-annotations-webmention-microformats
(twitter.com/_/status/451401571008397312)
#
KevinMarks
I use the chrome client
#
KevinMarks
I think that's OK as it's using an open protocol
benprew and kbs joined the channel
#
@kevinmarks
#annotation #ianno14 #indieweb my notes on the w3C annotations meeting are up at http://www.kevinmarks.com/w3cannotation.html
(twitter.com/_/status/451403550929584129)
#
aaronpk
pretty much the rule of thumb is avoid lock-in
#
aaronpk
so as long as you can switch to another client if you suddenly disagree with the chrome client, that's fine
#
aaronpk
nobody is saying you can't use closed-source or proprietary software or software created by megacorps
#
bupkes
I'm very much a non-coder, non-technical person but like the idea of indieweb so am tinkering with my site. Have webmentions etc up and running through a bunch of WP plugins and stuff
#
KevinMarks
excellent
#
bupkes
damn have to go as my mum just arrived and needs a cup of tea :) Well thanks for teh welcome and I will return to pick your brains hopefully
#
Loqi
tea has 1 karma
#
kbs
do you know how many verified rel=me sites you have, KevinMarks? :)
#
KevinMarks
it used to be 20 but they have rotted a bit
#
KevinMarks
I have a lot linked from my google profile
#
@JakeHartnell
RT @kevinmarks: #annotation #ianno14 #indieweb my notes on the w3C annotations meeting are up at http://www.kevinmarks.com/w3cannotation.html
(twitter.com/_/status/451405412718215168)
#
kbs
I count 24 in all - hope you're POSSE'ing to the max :)
benwerd joined the channel
#
Loqi
benwerd: tantek left you a message on 4/1 at 4:37pm: any of you going to the W3C Workshop on Annotations tomorrow?
#
Loqi
benwerd: tantek left you a message on 4/1 at 4:39pm: any of you going to the W3C Workshop on Annotations tomorrow? http://www.w3.org/2014/04/annotation/ can apparently register late (today) as an "Interested Attendee" without a paper! https://www.eventbrite.com/e/w3c-web-annotations-conference-tickets-10982205071?team_reg_type=individual
#
@naypinya
RT @kevinmarks: #annotation #ianno14 #indieweb my notes on the w3C annotations meeting are up at http://www.kevinmarks.com/w3cannotation.html
(twitter.com/_/status/451405882706767873)
bnvk joined the channel
#
ben_thatmustbeme
aaronpk, was there any consensus on format for webhook notifications or is it just was is in the brainstorming section of /webmention?
#
tantek
ben_thatmustbeme: which part? (but yes it's all in http://indiewebcamp.com/webmention#Asynchronous_status_notification )
jsilvestre_ joined the channel
#
KevinMarks
shorter wiley: interop is hard, so we made a silo
paulcp joined the channel
#
bnvk
whoa, Max got a Sloan grant for his crazy cool Dat project https://twitter.com/maxogden/status/451405975954550785
#
@maxogden
big news: I'm getting a $260k grant from Sloan to make Dat work for open science http://usodi.org/2014/04/02/dat and will have a small team!
(twitter.com/_/status/451405975954550785)
#
tantek
Wat is Dat?
#
bnvk
tantek: a github for just data replication http://dat-data.com
#
tantek
neat!
#
KevinMarks
was talkig about those yesterday
catsup joined the channel
#
ben_thatmustbeme
tantek, I see so the status=<httpcode> is what we are going to be returning
jjuran joined the channel
#
ben_thatmustbeme
to the callback
#
KartikPrabhu
seems like a lot of Dat's time will be spent on trying to convert between xls and other formats...
#
tantek
KartikPrabhu: CSV!
#
KevinMarks
CSV is evil
JasonO joined the channel
#
KartikPrabhu
yeah a lot of those things
#
KevinMarks
you can use TSV and label it CSV
#
tantek
ben_thatmustbeme: yes - it makes the protocol consistent between sync and async versions
#
tantek
thus hopefully simplifying both webmention sending and receiving code
#
KevinMarks
there is not a good format for representing spreadsheets with formulae in
josephboyle joined the channel
#
KartikPrabhu
KevinMarks: is there a good reason or just that no one have made one?
#
ben_thatmustbeme
so then we would be expanding what we are returning for sync version to include 201 and not do the new header proposed?
#
tantek
KevinMarks: mathematica?
#
KevinMarks
people have made several
#
KevinMarks
they end up complicated and proprietary
#
KartikPrabhu
tantek: the Mathematica backend is complicated as hell
#
KartikPrabhu
any data structure in Mathematica depends on that propreitary processing backend
#
tantek
ben_thatmustbeme: no I think we realized that 201 is inaccurate there as we are not creating the webmention endpoint itself
#
tantek
are there remnants of 201? I thought we removed it all
#
KevinMarks
.xlsx and .ops are the complex ones, SYLK and .dif the retro ones
#
KartikPrabhu
does hdf5 represent computations?
#
ben_thatmustbeme
status=201 had me confused
#
tantek.com
edited /webmention (+0) "/* Asynchronous status notification */ fix remaining ref to 201 to be 200"
(view diff)
#
tantek
ben_thatmustbeme: yes, just found it and fixed. thanks.
#
KevinMarks
R and Matlab and iPython are growing support
#
KevinMarks
Mathematica is cool, but very silo
#
KartikPrabhu
I thought iPython was an interative shell thing... not a storage format
#
ben_thatmustbeme
I'll try to write up the spec as I have understood it. and maybe we can actually get it all written out to make sure we are on the same page. That conversation got quite long and intertwined with other things
#
KevinMarks
they have notebooks that you cna share
#
KevinMarks
also heroku dataclips are like gists for db tables
#
KartikPrabhu
true. but it still does not solve "store computations in tables" problem does it?
#
KevinMarks
the notebooks do.
#
KartikPrabhu
interesting... more formats! heyo...
#
@jsuttor
@kevinmarks #annotation #ianno14 #indieweb can't help but think these ideas sound familiar... Oh yeah, HyTime ISO 10744:1997 :-)
(twitter.com/_/status/451417469744209920)
tobiastom joined the channel
#
@mrmzholland
@TCBarrett thanks mate. trying some #indieweb stuff and would like to get POSSE working with my site. https://indiewebcamp.com/POSSE
(twitter.com/_/status/451419799323942913)
bupkes joined the channel
#
bupkes
oh that was my tweet then. dodn't realise it would show up here
#
bupkes
*didn't
#
KevinMarks
loqi looks for webmentions of indieweb stuff
#
Loqi
who, me?
#
bupkes
nice
#
KevinMarks
I often tweet with #indieweb tag to throw things in here
#
bupkes
nice idea.
#
bupkes
trying to find a way to push 'status' format WP posts out to twitter/app.net etc. Annoyingly it doesn't seem as simple as finding an RSS feed. Thankfully I have a WP pro chap looking into it...
#
bupkes
I'd use a category but that'd mess up my main rss feed.
cjuehring, Jeena and KartikPrabhu joined the channel
#
ben_thatmustbeme
tantek: I don't know where to put in pending human moderation really, but this is what I have worked up thus far https://github.com/dissolve/webmention
pauloppenheim joined the channel
#
ben_thatmustbeme
I'm trying to keep it as unified as possible with the callback/queue messages reflecting what would be returned if there were no queue and it returned immediately
npdoty and basal joined the channel
#
ben_thatmustbeme
there are a lot of people named Ben in here
#
bupkes
hey jeena :)
eschnou and kbs joined the channel
#
@emasters
RT @kevinmarks: #annotation #ianno14 #indieweb my notes on the w3C annotations meeting are up at http://www.kevinmarks.com/w3cannotation.html
(twitter.com/_/status/451432011421720576)
#
tantek.com
edited /repost (+55) "move publify notes from Twitter section to its own section"
(view diff)
#
kbs
hi ben_thatmustbeme
tantek joined the channel
#
ben_thatmustbeme
saw that whole conversation about security yesterday, got pretty involved
#
kbs
heh. There must be some equivalent of godwin's law for such conversations - the moment turtles are mentioned :)
#
Loqi
rofl
#
ben_thatmustbeme
so long as it didn't turn to Hitler Turtle, we are good
#
kbs
indeed :)
#
ben_thatmustbeme
It did get me thinking though, Unless we have some sort of trusted central service, there is no real way to validate that a key is correct
#
kbs
to some extent, yea. I think as in all such things, there's really a sliding scale
#
kbs
one could trust a group of services (a.k.a. indieauth) or one could directly verify keys (a.k.a. PGP verification) I think
#
ben_thatmustbeme
well, indieauth only says that you are talking to the owner of a site, and that person also owns this other account
Kopfstein joined the channel
#
kbs
right - and implicitly, indieauth trusts that atleast one of these two sites is telling the truth
#
ben_thatmustbeme
to prevent a hacked site from being abused, basically you have to have a separate site that required an alternate security method. You basically require that both sites agree on a key
#
ben_thatmustbeme
in indie auth, one site not-telling the truth means the link to the other could be false
#
ben_thatmustbeme
so you need something that is a single central service so that you know the link to the alternate site isn't a lie
#
ben_thatmustbeme
basically its the SSL key model
#
kbs
let me take a specific example, so it's easier for me to follow along [forgive my diminishing brain cells :)]
#
gRegor`
We talking about sharing/verifying PGP keys?
ShaneHudson joined the channel
#
ben_thatmustbeme
kbs had been asking about this a while back
#
kbs
let's say that I have a site Indie, that's running some vulnerable server plugin, so some script kiddie can randomly change stuff on my site
#
kbs
let's also say [for the sake of argument if that's ok] that I also have a g+ account, and that the script kiddie finds it harder to hack into that
#
ShaneHudson
I really must sort out my irc client at some point, it completely broke. But I have now got incoming webmentions and brid.gy working on my site now :) just need to style it (http://www.shanehudson.net/2014/03/11/what-is-the-web/)
#
kbs
so the question is - let's say someone finds a h-note sitting on my site - how do they know that I really wrote it
#
kbs
doesn't contain something fishy [assuming they trust "me"] that is
#
gRegor`
Nice work, ShaneHudson
#
ben_thatmustbeme
kbs, IF they know you through your G+ account, they key on G+ is what they can use to verify (assuming you posted in there). However, for the general case, as soon as the script kiddie is on your site, they could change all your keys and most importantly, the link to your G+ account, to point to their own
#
gRegor`
kbs: Has this person verified your PGP key signature out of band?
#
bupkes
hooray i think i have posse-fied my site. in a way, at least.
#
ben_thatmustbeme
now if someone only knows you through your site, they are incorrectly getting the posts as valid from you
#
kbs
gRegor`: haven't come to pgp plumbing yet, just trying to set up the conditions and the threats
#
kbs
ben_thatmustbeme: re the change-link scenario. So someone is likely to "know" me from my g+ (also twitter, etc) accounts. If they don't know me other than my web-site, then yes - there's no way to 'authenticate' it unless they know me in another way
#
gRegor`
The most secure scenario is that you've signed your h-note with a PGP key and the reader has verified your key out of band. Or via a secure channel that is linked from your site, but not able to be updated via your site. Like ben_thatmustbeme said, if they can compromise your site, all bets are off.
#
ben_thatmustbeme
the way this is handled through SSL (validates that you are actually talking to whoever registered the key) is to go to a central repository of public keys and find the one for your site. The assumption is that the SSL registrar is not hacked. SSL keys for the SSL registrar are usually distributed from manufacturers so you know your connection to them is validated
#
kbs
I actually think there's a middle ground here
#
kbs
It's the same middle ground as indieauth. That is, if someone "knows" me from my twitter, g+ etc profiles, there is in fact a way to validate things
#
kbs
so the specific threat model is: Indie is compromised, but not g+, twitter and other profiles
KartikPrabhu joined the channel
#
kbs
By placing a pgp key on Indie, and fingerprinst on g+, twitter, etc - an automated way to validate that is already feasible
tantek joined the channel
#
gRegor`
And people actively do that currently
#
kbs
Yes - so I'd just like to automate that cleanly - that's the middle ground :)
#
ben_thatmustbeme
it does make validation through known connections possible, but those connections have to be made first, if they get them from your site, again, it could be compromised links
#
ben_thatmustbeme
seems to be some spotty connections today
#
kbs
ben_thatmustbeme: hm, not following you fully there. Let's say someone points to +xxyyzz with a new fingerprint -- wouldn't I know that +xxyyzz is not actually +kbsriram?
#
KartikPrabhu
bupkes: did you implement automatic POSSEing?
#
gRegor`
The automation wouldn't know, kbs. It would just follow the rel=me/rel=fingerprint (or whatever)
#
ben_thatmustbeme
if I know that +kbsriram is you, then yes, i can validate that way... assuming i trust that G+ isn't compromised too
#
kbs
yes, :) the assumption is indeed that the user sees the associated profiles before use
#
bupkes
kartik: I used this feed : http://bupk.es/feed/?post_format=status to post my 'status' posts to my app.net account, and from there on to my twitter. not pretty, but it worked. i think.
#
ben_thatmustbeme
then yes, I would agree that would work. but also assuming your private key isn't stored on your site
#
gRegor`
I'm not sure I follow. Just a visual inspection to confirm it's +kbsriram?
#
kbs
ben_thatmustbeme: yep - indeed
#
gRegor`
What if the attacker makes a similar looking profile?
#
KartikPrabhu
bupkes: interesting approach...
#
ben_thatmustbeme
gRegor`: we are assuming that we know the profile beforehand
#
bupkes
kartik: best i could do with zero coding skills :)
#
KartikPrabhu
bupkes: you should write about the details of doing that/setting it up so others can see and try it too
#
kbs
gRegor`: yes, pretty much. It doesn't prevent phishing (someone creates +kb$riram I guess) but like most things - it's a simple enough step that seems worth the automated effort
#
ben_thatmustbeme
so if I were to personally know kbs, and thus trust that his g+ account is kbsriram
#
bupkes
oh ok will do. embarrassingly simple but might help someone i guess
#
gRegor`
Hm
#
KartikPrabhu
bupkes: yeah such things might not be simple for others (I actually have no idea what app.net does :P )
#
ben_thatmustbeme
aaronpk, you around?
#
bupkes
kartik: well using app.net is not obligatory, i just used what i had at hand :)
#
gRegor`
If we already know them / trust their profile, shouldn't that be cached? "kbsriram's fingerprint is XYZ" and match that against the signed h-note?
#
kbs
yep - taht's a good idea.So the thought I have is more on the lines of a contact manager that I'd use to contact someone. I enter a URL (say, http://gregorlove.com
#
gRegor`
I guess I'm wondering about the "first time" experience, when you don't really know kbsriram from anyone else.
#
kbs
It crawls the rel=me links, and any keys it finds
#
kbs
it then shows the vcard, + all associated sites, + any validated keys
#
ben_thatmustbeme
gRegor`: thats what I was saying, with this model, if you only know him from URL... thats all you have, there is no validity
#
kbs
right
#
kbs
if all you know is just my site, then it does nothing
#
ben_thatmustbeme
because if the site is hacked at first crawl, all bets are off
#
kbs
er, only if you don't know my other profiles :)
#
ben_thatmustbeme
well, no, you would discover the wrong profiles
#
ben_thatmustbeme
in that case
#
kbs
correct, but that's ok
#
kbs
because you wouldn't think it's "me"
#
gRegor`
Er
#
ben_thatmustbeme
i suppose thats true
#
gRegor`
I don't see how that's true.
#
ben_thatmustbeme
you are really doing the same as indieauth, validating that the set accounts are all the same person, not that they are a specific person IRL
#
kbs
yep - exactly :)
#
kbs
I think it's a reasonable middle ground
#
kbs
and can be automated also quite simply
#
kbs
of course - I expect the paranoid would call me up and ask me to read out my pgp words, but that's always feasible :)
#
ben_thatmustbeme
thats why there used to be pgp key signing parties
#
gRegor`
I guess I still don't understand the use-case.
#
kbs
so let's say I happen to know tantek as @tantek
#
ben_thatmustbeme
kbs, the better question is, doesn't this make all the keys unnecessary?
#
ben_thatmustbeme
the links between the sites will suffice to validate they are all the same person
#
gRegor`
If you want to ensure that I wrote on gregorlove.com, and you're checking a key signature on the note against the fingerprint posted on my twitter...
#
gRegor`
Then an attacker can compromise my site, change the note signature, link to @gregorl0ve (zero instead of "o"), list the corresponding signature on twitter, and your system still validates it.
#
kbs
ben_thatmustbeme: no, actually not :) because the script-kiddie can change the content, but not the key - and, therefore, now I can sign my pages to mark that abuse
#
kbs
gRegor`: yes - it doesn't prevent phishing attacks indeed
#
ben_thatmustbeme
kbs, i get you
#
kbs
however, if you use the tofu model, you might be able to mitigate phishing by watching for changes
#
kbs
gRegor`: I think the 'automation' is merely in displaying the set of profiles - the user still decides whether to trust that key or not [and they can always use the traditional pgp model if they so choose]
#
gRegor`
Adding the key / fingerprint check doesn't seem to add any value I can see. Still a single point of failure - my domain
yaf joined the channel
#
kbs
hm - do you feel so? Because it doesn't prevent phishing attacks?
#
gRegor`
Because in either situation, it relies on information that is on the domain.
#
gRegor`
They key / external site fingerprint check doesn't mitigate if my domain is compromised.
#
ben_thatmustbeme
btw gRegor` this is what I have worked up thus far https://github.com/dissolve/webmention
#
ben_thatmustbeme
just don't know about the waiting for moderation thing
#
kbs
gRegor`: hm - could you elaborate more on why? [assuming that there isn't a phishing attack involved]
#
kbs
so the assumption is - you know one or more of my other profiles on twitter/g+/github etc
#
kbs
but my primary domain is potentially untrustworthy
#
gRegor`
kbs: What you're trying to do is let anyone be able to verify that the note on your domain was actually written by you, not another party, correct?
#
kbs
gRegor`: I'm coming to that, but right now, I just want to be able to verify that a pgp key on my domain, specifically, belongs to me
#
ben_thatmustbeme
gRegor`: yes, I think thats the idea
#
gRegor`
Ok
#
kbs
once I have that - I can simply sign pages (or sections of pages) to prove the rest
#
gRegor`
You cannot *reliably* do that unless someone can verify your PGP fingerprint out-of-band.
#
kbs
gRegor`: yes, understood - the goal is simply to do better than what's otherwise possible
#
ben_thatmustbeme
yeah, gRegor`, thats the idea of putting your fingerprint on G+, IFF someone knows you through your G+ then that is the verification
#
kbs
so specifically, if I know your g+ and github profiles, *and* I assume that those have not been compromised
#
gRegor`
*and* the fingerprint appears on both g+ and github, sure.
#
kbs
yep - that's really it :)
#
kbs
just - automate the linkages and checks and show the 'confirming' sites in the UI
#
gRegor`
The thing I worry about is:
#
gRegor`
Yes, it's great if I know kbs' profile.
#
gRegor`
But this could easily be relied on too heavily and people start using it to trust everyone's keys
#
gRegor`
Especially if people get in the habit of going through 20 profiles of people they know, clicking "Accept key." Eventually they're like "yeah yeah... *click*"
#
gRegor`
Presuming there's 20 people in the world using PGP... ;) I kid, I kid
#
kbs
indeed :)
#
kbs
that's why I think I'm really looking for a better middle ground
#
gRegor`
Interesting conversation. I'm very interested in using PGP more (but have barely begun).
#
gRegor`
I have to get going for now. Look forward to talking more.
#
kbs
thanks for the thoughts gRegor` - love to hear more about what you're thinking here
#
gRegor`
ben_thatmustbeme: I'll have to take a look at the webmention stuff later
peakwinter joined the channel
#
peakwinter
hallo indiewebcamp!
#
peakwinter
please excuse my momentary evangelization, but my project is looking for a "co-founder" and I wanted to make sure it gets spread around in case anyone is interested by the idea
#
peakwinter
feel free to check it out and shoot me an email if you're interested. cheers!!
#
kbs
ben_thatmustbeme: thanks the feedback - good points as always :)
#
kbs
fwiw, I've had the signing bits sort-of-kind-of vaguely in place for a couple of days - each page on the site (eg: http://kbsriram.com/2013/01/finding-a-gpg-vulnerability-by-fuzzing.html links with <link rel="signature">) to its signed version http://kbsriram.com/2013/01/finding-a-gpg-vulnerability-by-fuzzing.html.asc) so someone coming in from a webmention can choose to check that first
#
kbs
and this works pretty much mostly for static content - I'm not sure signing things on the server is a good idea, as you say :)
#
kbs
'syndicates' from local files
#
ben_thatmustbeme
Post on User System, Syndicate to Yoursite
#
kbs
naughty :)
#
kbs
tantek helped me come up with 'selfie' - syndicate everywhere from local files I edit
#
ben_thatmustbeme
yeah, i saw that
#
kbs
ah, ok :)
#
ben_thatmustbeme
!tell tantek I don't know where to put in pending human moderation really, but this is what I have worked up thus far https://github.com/dissolve/webmention
#
Loqi
Ok, I'll tell him that when I see him next
#
ben_thatmustbeme
!tell aaronpk I don't know where to put in pending human moderation really, but this is what I have worked up thus far https://github.com/dissolve/webmention
#
Loqi
Ok, I'll tell them that when I see them next
KevinMarks joined the channel
#
bupkes
oh gosh sorry it looks like my tweets have spammed the channel
tilgovi, snarfed, paulcp_ and tantek joined the channel
#
Loqi
tantek: ben_thatmustbeme left you a message 16 minutes ago: I don't know where to put in pending human moderation really, but this is what I have worked up thus far https://github.com/dissolve/webmention
#
tantek
!tell bupkes Welcome! And nice domain name :)
#
Loqi
Ok, I'll tell them that when I see them next
#
tantek
whoa there are a lot of bens in the channel
#
ben_thatmustbeme
hah, I said that earlier
#
ben_thatmustbeme
We are taking over
#
snarfed.org
edited /Twitter (+268) "/* Porting to the IndieWeb */ freedom.io, no reply or favorites api"
(view diff)
#
snarfed.org
edited /Twitter (+38) "/* Implementations */ fix typo, source link"
(view diff)
#
KevinMarks
that's not spamming, spamming is when I live tweet an actual indiewebcamp
#
ben_thatmustbeme
I can only imagine
#
benwerd
for one, really deeply appreciates KevinMarks's notetaking, particularly on days like today when he can't attend in person
#
snarfed.org
edited /Facebook (+254) "/* Exporting your data */ freedom.io"
(view diff)
#
benwerd
(and everyone else's notetaking & tweets!)
#
snarfed.org
edited /Google+ (+240) "/* Exporting your data */ freedom.io"
(view diff)
bnvk and friedcell joined the channel
#
snarfed.org
edited /Facebook (+31) "/* Exporting your data */ tweak"
(view diff)
#
snarfed.org
edited /Instagram (+263) "/* Exporting your data */ freedom.io"
(view diff)
#
ben_thatmustbeme
KevinMarks, Leo is talking about you talking about Tantek again on TWiG
#
tantek
three degrees of separation reference? or four?
#
tantek
ben_thatmustbeme: what are they saying - is there an IRC channel?
#
KevinMarks
there is
#
ben_thatmustbeme
there is, buts its CHAOS
#
tantek
bring it!
#
ben_thatmustbeme
irc.twit.tv #twitlive
#
tantek
joined
#
tantek
ben_thatmustbeme: is there an archive you can point to?
#
KevinMarks
the archive of the show will go up tonight
#
KevinMarks
youtube nad mp3
#
tantek
IRC archive?
#
KevinMarks
hm, I think so
#
ben_thatmustbeme
yeah, he just mentioned briefly, Kevin mentioned your posts last week and the week before
#
tantek
oh the Personal Comms stuff ok
#
ben_thatmustbeme
but they really like the "click a link and start a call" type stuff
#
KevinMarks
they liked the concept, but leo wants it in a car?
#
ben_thatmustbeme
leo wants it in everything I'm sure
KartikPrabhu joined the channel
#
ben_thatmustbeme
he wants the "OK House: start a call with Kevin Marks" and have it replace his TV with a video call
#
ben_thatmustbeme
or maybe thats just me
#
benwerd
seems totally reasonable to me? particularly if everything (tv, calls, etc) is in a browser
#
KevinMarks
chromecast
#
ben_thatmustbeme
I love the chromecast. been selling it to my friends slowly
#
KevinMarks
tho' it doesn't have a camera or mic, so maybe xbox
#
ben_thatmustbeme
my apple only friend loved it when I showed her she could stream her home plex server to my TV
#
KevinMarks
it needs a way to turn off the TV again
#
KevinMarks
I should look at plex
#
benwerd
agnostic: use the microphone / camera servers in the web platform, and pick which screen. then just change which "tab" has focus
#
Loqi
yea!
#
ben_thatmustbeme
after seeing how nice it is, I may have to play with plex too
#
tantek
ben_thatmustbeme: hmm - I don't seem to be able to get into the irc://irc.twit.tv/#twitlive channel
#
KevinMarks
the only thing is that chromecast doesn't route to the external speakers, only the TV ones
#
ben_thatmustbeme
what drives me crazy is our router doesn't seem to bridge 2.4 and 5 g correctly, so if i'm on 5g it doesn't see the chromecast
#
KevinMarks
use the web verstion, tantek ?
#
ben_thatmustbeme
KevinMarks, I route all TV audio through our sound system via audio out
#
ben_thatmustbeme
I abuse the headphones port really
#
KevinMarks
to get surround I have optical from the cable box, and the DVD player makes it work for netflix/amazon
#
KevinMarks
s/DVD/Blu-ray/
#
Loqi
KevinMarks meant to say: to get surround I have optical from the cable box, and the Blu-ray player makes it work for netflix/amazon
#
ben_thatmustbeme
There always ends up something missing, You need like a surround system that has HDMI in and out
#
ben_thatmustbeme
but then the turn-on-the-tv automatically thing would not work
snarfed joined the channel
#
ben_thatmustbeme
too much to watch that chat,
#
tantek.com
edited /repost (+854) "/* Twitter */ the most reposted thing"
(view diff)
scor and krendil joined the channel
#
tantek.com
edited /repost (+126) "/* The Most Reposted Thing */ note cite previous most shared tweet"
(view diff)
jsilvestre joined the channel
#
bear
tantek - there is no archive of twit's irc but I am the admin so have access to the logs if you are looking for something specific
paulcp and pfenwick joined the channel
#
tantek
bear - mentions of say, indieweb indiewebcamp microformats tantek :)
#
tantek
well especially today
#
bear
let me run a grep and get some log snippets
#
tantek
thanks!
#
bear
@tantek - zero hits
#
bear
which, knowing the folks who are in their chat, does not surprise me
#
tantek
really? not even to URLs to my personal comms posts? Kevin had said he discussed them / referenced them during last week's ep (or week before?)
LauraJ joined the channel
#
tantek
so is the chat not really a reflection of the show then?
#
bear
oh - other than today?
#
bear
I only grepped for today
#
tantek
oh ok cool
#
bear
k, changing date range
#
KevinMarks
I post URLs in the chat when I'm on
#
KevinMarks
they sometimes add them to show records too
#
KevinMarks
wasn't there something called common tags before?
#
bear
@tantek - ok, 3 references on two days - i've grep'd out the whole hour - how do you want it? 2263 lines
#
KevinMarks
just got pointed to http://commontags.org/ which is interesting use of hashtags
#
GWG
Good afternoon/evening/day.
KevinMarks2 joined the channel
#
GWG
Still trying to get some of the indieweb standards set up. As a Wordpress person, wondering if anyone had any good examples of someone who has set up a site using it that they would recommend for inspiration.
ttepasse joined the channel
#
tantek
KevinMarks that's very different from http://commontag.org/ ;)
#
tantek
GWG - lots of WordPress folks here
#
tantek
e.g. ping snarfed :)
#
KevinMarks
aha. I thought that name rang a faint bell from the past
#
tantek
bear - thanks! looks just like a few references to the Personal Comms blog post(s) as I thought
#
GWG
tantek: I will see if any of them pops up tonight. I'm trying to figure out the right combination of theme hacking and plugins. But I'll look at their sites.
#
bear
tantek - your welcome
#
tantek
GWG - hanni also has quite a bit of WordPress experience :)
#
GWG
tantek: Thank you. WIll find their sites in the directory and look at the source/design for inspiration
#
tantek
GWG - there's also the /WordPress page with a good list of IndieWeb Examples
#
GWG
I've been looking there
#
GWG
I'm customizing the appearance of my site. So I might look at a bunch of Indieweb type sites
#
CheckDavid
Showe an indie site now!
#
CheckDavid
Lol
lukebrooker joined the channel
#
GWG
Why do I need HTTPS on my own server? Most content sites don't need it...
#
GWG
Assuming Loqi is a bot, I probably won't get an answer.
#
GWG
Or is that just a cut and paste?
snarfed joined the channel
#
KartikPrabhu
GWG: those are tweets that Loqi tracks
ttepasse and kbs joined the channel
#
gRegor`
And secure all the things. Make it harder for the creeps in the NSA and GCHQ
#
gRegor`
:)
#
GWG
KartikPrabhu: I figured
#
kbs
a dumb question - are rel attributes expected to relate to the entire document [rather than being scoped to a section?] eg: a rel=author would refer to the author of the page
#
kbs
KartikPrabhu: great, thank you
#
GWG
KartikPrabhu: But, what is the scenario for wanting HTTPS on a site? It seems like, if you are't doing commerce...
#
KartikPrabhu
GWG: it is just to make your connection secure... depends on how secure you want it
#
bear.im
edited /nginx (+151) "add ietf draft doc link"
(view diff)
#
GWG
KartikPrabhu: I'm looking at higher priorities right now
#
GWG
Even I don't want to visit my site right now
#
KartikPrabhu
of course... HTTPS is later
#
GWG
I'm learning a lot though, which I suppose is helpful.
#
bear.im
edited /https (+151) "add ietf draft doc link"
(view diff)
#
GWG
I'd nver toched some of his stuff
#
GWG
this stuff
#
KartikPrabhu
yeah... it is useful to just lurk around here and tinker with your site
#
GWG
I do lurk. But I also enjoy pleasant discourse when I can
#
snarfed
GWG: there are two main reasons to do ssl on your own site: 1) security for your own login and admin activities, 2) privacy for your users/readers
catsup joined the channel
#
gRegor`
GWG: Reasons for SSL - make surveillance expensive as possible, privacy should be on by default. And it's not too difficult to add. See Eric Mill's post https://konklone.com/post/switch-to-https-now-for-free
#
gRegor`
Haha, sorta jinx.
#
gRegor`
Eric's post links to Tim Bray's. :)
#
GWG
The thing is...my site shares an IP with other sites.
#
GWG
Will have to look into it
#
KartikPrabhu
GWG: I recommend getting your site in order for posting and POSSEing before diving into SSL.
#
GWG
I am.
#
GWG
I like to bookmark things to read at lunch though
#
GWG
I can't POSSE and eat at the same time
#
kbs
apparently I can't type either
pasevin joined the channel
#
gRegor`
kbs: I was thinking about keys and verification some more, and maybe expanded the scope, heh...
#
kbs
do tell :)
#
snarfed
GWG: with SNI, SSL no longer requires a dedicated IP except for very very old clients. details and link http://indiewebcamp.com/https
#
snarfed
…but KartikPrabhu is definitely right. first things first…ie the things you personally care about most
#
gRegor`
I was thinking it would be nice to have a network of trust. E.g. if Y has verified and trusts Z, and I trust Y, then it could allow me to automatically trust Z.
#
gRegor`
And perhaps specify how "strong" that verification was. E.g. if I verified your PGP signature over the phone or in person, that's really strong.
#
kbs
gRegor`: gotcha - so baking the web-of-trust model into the 'web', literally I guess :)
#
gRegor`
Yeah
#
gRegor`
Doesn't really change the core challenge. Just adds on to it. :)
#
gRegor`
indieweb of indietrust. Haha
#
kbs
:-) it's a nifty idea
pauloppenheim joined the channel
#
kbs
fwiw, the PGP crowd has had a hard time maknig the WoT model work in practice
#
kbs
but it sure would be interesting to see whether something might work better over the web + some tools.
#
GWG
snarfed: I know. But I thought the certificate I'd need would require money.
#
GWG
snarfed: Trying to get Wordpress to do some of the sync stuff I want it to
#
snarfed
GWG: cert is independent of SNI, and there are a few free cert providers. details on http://indiewebcamp.com/https
#
GWG
I've been an indieweb person apparently for years. I just discovered my personal philosophy had a movement.
#
snarfed
heh, same with me
#
kbs
haha GWG :)
#
gRegor`
Hehe, same here GWG. Probably for a lot of us
#
snarfed
re sync, do you mean posse? lots of good options there, and it sounds like you're already reading http://indiewebcamp.com/WordPress . i'd recommend jetpack publicize, mailchimp social, or nextscripts snap
#
tantek.com
edited /repost (+87) "/* The Most Reposted Thing */ add blockquote of tweet itself"
(view diff)
#
GWG
snarfed: No. Backfeed
#
gRegor`
GWG: are you on the wiki yet? If so, you should add yourself to http://indiewebcamp.com/IRC_People
#
snarfed
GWG: aha. afaik brid.gy is the only substantial backfeed implementation right now
#
snarfed
ie, that's not a one-off script
#
snarfed
i'd love to see more though!
#
snarfed
if you're thinking about plugins to support it, pfefferle's indieweb bundle plugin alone should do it
#
gRegor`
Do we wait until closer to the HWC meeting to add them? I was going to add a stub for the 4/9 meeting.
#
gRegor`
Homepage still has the 3/26 meeting
#
gRegor`
^ tantek aaronpk
#
gRegor`
Also, KartikPrabhu and I need to decide where to meet :)
#
KartikPrabhu
gRegor`: yes. sorry. very busy week :)
#
gRegor`
No worries
#
tantek
gRegor`: go ahead and make the page for the 2014-04-09 HWC meeting!
#
gRegor`
I was definitely planning on 6:30 central - so not in sync with west coast.
#
tantek
clone from the 2014-03-26 meeting
#
GWG
gRegor`: I'm waiting to get my site up to snuff
#
gRegor`
tantek: same locations for SF and PDX as last time?
#
tantek
and just be sure to fix all the copy/pastes
#
tantek
gRegor - pretty sure I can get MozSF so leave that in
#
GWG
snarfed: Nextscript's SNAP does import @replies and Facebook comments.
#
tantek
and anything you're not sure about, use HTML comments to comment it out
#
tantek
e.g. <!-- PDX location: …. -->
#
snarfed
GWG: ah right, good point!
#
gRegor`
Ok, will do
#
tantek
Thanks!
#
snarfed
GWG: mailchimp social might too?
#
GWG
snarfed: But not likes. And for some reason, my friends are lazy
#
KartikPrabhu
gRegor`: the intelligentsia downtown on Jackson closes at 6pm so that is out
#
gRegor`
KartikPrabhu: I was looking at Randolph
#
gRegor`
Yelp says 8pm
#
KartikPrabhu
gRegor`: walking back home. will be back in a bit. we can decide time/place.
#
gRegor`
k
jedahan joined the channel
#
gregorlove.com
created /events/2014-04-09-homebrew-website-club (+3125) "Basic event information. Please confirm PDX location."
(view diff)
#
gRegor`
Going to work on a template to easily navigate past HWC in the footer, too.
#
kbs
are some of you already 'extracting' vcard-equivalent data from plus.google.com pages? any sample code you have handy - starting to poke at what attributes it has
#
kbs
but maybe someone has done the dirty work already :)
#
kbs
oh! I guess it's using the itemprop idea
jedahan_ joined the channel
#
tantek
kbs - they keep changing it up
#
kbs
oh, I see - okay
#
tantek.com
edited /Readmill (+823) "put JSON example inline from IRC"
(view diff)
#
tantek
kbs - I think originally KevinMarks added nice simple microformats to their pages
#
tantek
then someone went through and changed it to RDFa
#
tantek
then someone went through and changed it to microdata
#
tantek
who knows what's next
#
tantek
maybe they'll add microformats2 next! :)
#
kbs
:-) ah yes, the joys of a big company
#
tantek
it is an interesting long term challenge
#
tantek
well, especially when no one is measurably consuming what they're doing
#
tantek
they have little incentive NOT to keep changing things around
lukebrooker_ joined the channel
#
@t
#ianno14 1. Annotation servers fragile til proven otherwise. E.g. @Readmill shutdown 2014-07-01 http://indiewebcamp.com/site-deaths#Readmill (ttk.me t4VN3)
(twitter.com/_/status/451501824412229632)
KartikPrabhu joined the channel
#
gregorlove.com
edited /events/2014-04-09-homebrew-website-club (+1) "/* Previously */ Fix dates. Will work on template to easily fill these in."
(view diff)
#
KartikPrabhu
gRegor`: back
#
gregorlove.com
edited /Main_Page (+10) "/* Homebrew Website Club */"
(view diff)
#
tantek.com
edited /Readmill (+79) "add export and twitter links"
(view diff)
#
gRegor`
wb KartikPrabhu
#
KartikPrabhu
the Randolph one looks good
#
@azaroth42
RT @t: #ianno14 1. Annotation servers fragile til proven otherwise. E.g. @Readmill shutdown 2014-07-01 http://indiewebcamp.com/site-deaths#Readmill (ttk.me t4VN3)
(twitter.com/_/status/451503893805924354)
jedahan joined the channel
#
gRegor`
Cool. I'll put it on the wiki
#
@t
#ianno14 ... despite shutdown, @Readmill exports can inform data models, highlights, locators: http://indiewebcamp.com/Readmill (ttk.me t4VN4)
(twitter.com/_/status/451504750534860800)
#
gregorlove.com
edited /events/2014-04-09-homebrew-website-club (+377) "/* Where */ added Chicago location"
(view diff)
jedahan joined the channel
#
kbs
just realizes twitter apparently has its own cool little markup
#
kbs
and i guess og:foo is facebook
#
kbs
this is entertaining :) all the spec authors must have the patience of Job
#
KartikPrabhu
kbs: yes. everyone has their own markup unfortunately
#
gregorlove.com
edited /User:Gregorlove.com/sandbox () "(-3652) clean slate"
(view diff)
#
KartikPrabhu
gRegor`: since we are at a diff. time we should put that on the wiki too... 1830 is it?
#
benward
@kbs: We have our own set of meta-tags for Cards, but we parse og: as well for the common things like `description`, `title`, `photo` and so on.
#
kbs
benward: ah, gotcha - thanks for the tip.
#
kbs
[context is that I'm doing this foolhardy attempt at doing the parsing locally, so I guess I need to figure out all the different markup formats
#
kbs
or atleast the interesting subset.]
#
gRegor`
Was just thinking that.
#
gregorlove.com
edited /events/2014-04-09-homebrew-website-club (+46) "/* Where */ clarify CDT for Chicago"
(view diff)
#
gRegor`
Separate h-events might be a good idea in the future. Good problem to have. :)
#
snarfed
kbs: you're scraping instead of using apis?
#
snarfed
totally ok, just curious
#
KartikPrabhu
snarfed: so bridgy sent me fav/retweets from benwerd's tweet too!
#
kbs
snarfed: that's what I'm doing at the moment
#
kbs
but I have a feeling I might need to go down the api path for more reliable results
#
snarfed
KartikPrabhu: yup, it's promiscuous like that
#
snarfed
kbs: yup. more work but more reliable
#
gRegor`
Wish it was easier to work with MediaWiki templates, not requiring special modules or plugins.
#
KartikPrabhu
nice! :) I was surprised since I had more activity on my page than on twitter...
#
KartikPrabhu
very cool :)
#
kbs
snarfed: thanks for the tip - agreed
#
kbs
[scrape indieweb and use apis for silos, I guess, essentially]