#indiewebcamp 2014-05-31

2014-05-31 UTC
#
tantek.com created /manifest (+278) "stub" (view diff)
chrissaad joined the channel
#
tantek.com edited /manifest (+11) "see also icon" (view diff)
#
tantek.com edited /store (+41) "see also" (view diff)
#
tantek.com edited /Main_Page (+102) "/* Homebrew Website Club */ update image to 2014-05-21" (view diff)
benwerd and caseorganic joined the channel
#
aaronpk wow facebook broke the stupid external link redirects
#
aaronpk clicked on a link in a facebook message thread from a few months ago and it tells me "Something Went Wrong"
#
aaronpk even though the link it tells me there's a problem with works fine if I visit it directly
#
aaronpk wtf facebook
#
KartikPrabhu oh facebook!
krendil, emmak, mlinksva_ and j12t joined the channel
#
@MogulAzam RT @benwerd: Backing up the #indieweb: some evidence http://werd.io/2014/backing-up-the-indieweb-some-evidence (twitter.com/_/status/472577349511565312)
#
KartikPrabhu does anyone know the .htaccess blurb to write to redirect www to non-www and http to https. So that all of the following http://example.com/post http://www.example.com/post https://www.example.com/post redirect to https://example.com/post ?
tantek joined the channel
#
tantek http://no-www.org
#
tantek KartikPrabhu: ^^^
#
tantek Maybe we should stub a /www page with that info and FAQ ;)
#
tantek aaronpk: Is it worse / different from http://indiewebcamp.com/facebook#Hyperlink_Fear_Interstitial
#
tantek If so maybe screenshot?
#
KartikPrabhu tantek: I know how to do www to non-www and http to https separately but was hoping there would be a blurb to do both in one fell swoop
#
KartikPrabhu writing 3 diff htaccess blurbs seems not pretty
#
tantek Like what's the best way? Good q. Maybe ask the level 4-5 /https folks?
#
KartikPrabhu yes. for instance I don't want http://www.example.com to be first redirected to http://example.com and then redirected again to https . seems inefficient
#
tantek Makes sense
#
rascul i don't remember apache rewrite stuff
#
KartikPrabhu the interwebs don't seem to know either. I found the individual redirect codes for both cases but no one-shot solution to both
#
rascul best to put that in the config though and not use htaccess
#
rascul disable htaccess altogether if you can, htaccess is mostly just extra file reads for no good reason
#
KartikPrabhu by config you mean what ever my backend URL config is?
#
rascul web server config
dybskiy joined the channel
#
KartikPrabhu rascul: my web hosts say to use htaccess for this
#
rascul yeah because that's easiest, not best
#
rascul not gonna hurt anything, i was just mentioning a better way :)
tantek, catsup, rektide, jacus, binbasti, ddysart_, danfowle1, dybskiy, nloadholtes and KevinMarks joined the channel
#
bear you want to redirect www to non-www first otherwise you will be then redirecting https www which will most likely get a cert error unless you have a wildcard cert
#
KartikPrabhu bear: true but I wanted to avoid multiple redirections and do the whole thing in one swoop
#
bear I've never seen it down with .htaccess
#
bear because of how rewritecond rules are handled
#
KartikPrabhu hmm unfortunate
#
KartikPrabhu is doing multiple redirections actually inefficient?
#
bear not really
#
bear they happen a lot for ads and stuff
#
KartikPrabhu unless I
#
bear you visit a url for a blog, that will get sent to a tracker, then sent to cdn and then to the content
#
KartikPrabhu not with my site... hopefully :)
#
bear this is the fanciest i've seen it - but my htaccess fu is very old
#
bear RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
#
bear RewriteCond %{HTTPS} off
#
bear RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
#
bear RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
#
bear the [OR] is the magic
#
bear but all of the above is why I hug my nginx server every night
#
KartikPrabhu why the second condition with www check?
#
KartikPrabhu nginix uses dconf or something right?
#
bear because your building an OR for https and not https checks
#
bear no - with nginx you can specify the server name to be www.example.com or example.com
#
bear and then do a single redirect to https://example.com
#
KartikPrabhu hmm ok
#
bear for port 80
#
KartikPrabhu thanks :)
#
bear anytime
#
kylewm !tell aaronpk I'm getting a weird error from instagram trying to auth with ownyourgram: https://gist.github.com/kylewm/4b1a28516f7f94c0c5e4 maybe something to do with me switching to https?
#
Loqi Ok, I'll tell them that when I see them next
#
bear.im edited /https (+170) "/* Level 5 security */" (view diff)
#
bear.im edited /https (+1) "/* Level 5 security */" (view diff)
dybskiy joined the channel
#
bear.im edited /https (+72) "/* Level 5 security */" (view diff)
#
bear.im edited /Nginx (-282) "update cipher list for nginx with latest PFS, Beast and Heartbleed mitigation" (view diff)
#
bear.im edited /Nginx (+4) "/* /etc/nginx/nginx.conf */" (view diff)
#
bear.im edited /Nginx (-1) "/* /etc/nginx/nginx.conf */" (view diff)
glennjones, smcgregor, dybskiy, brianloveswords and squeakytoy joined the channel
#
@veganstraightedge Had an awesome late night talk with @okayjeffrey introducing him to @homesteadingio and the #indieweb. (twitter.com/_/status/472666031656140800)
carlo_au joined the channel
#
@jeena Reading A List Apart's #yesallwomen article made me think about the #indieweb I k… http://alistapart.com/blog/post/work-to-do-yesallwomen more at https://jeena.net/notes/172 (twitter.com/_/status/472669766378061824)
garietyxxx joined the channel
#
garietyxxx IndieAuth givin' me some stress: You just authenticated as 'https://twitter.com/garietyxxx' but your website linked to 'http://twitter.com/garietyxxx'
Garbee_ joined the channel
#
garietyxxx Shouldn't the http/https be resolved automatically y indieauth?
#
garietyxxx It should be able to tell that http://twitter.com and https://twitter.com are the same site, right?
#
Jeena but they don't need to be, do they?
#
KartikPrabhu garietyxxx: do a !tell to aaronpk... I'm sure he'd like to fix that :)
netweb joined the channel
#
KartikPrabhu Jeena: also replied to your latest note
#
garietyxxx !tell aaronpk IndieAuth givin' me some stress: You just authenticated as 'https://twitter.com/garietyxxx' but your website linked to 'http://twitter.com/garietyxxx'
#
Loqi Ok, I'll tell them that when I see them next
#
garietyxxx like that?
#
KartikPrabhu yup :)
bnvk, edge226, tantek, barnabywalters, nloadholtes, dns53, friedcell, garietyxxx, carlo_au, ttepasse, brianloveswords and chrissaad joined the channel
#
@benwerd Today in "the dangers of silos": justin.tv removes all archived videos with just one week's notice. http://blog.justin.tv/2014/05/29/changes-to-video-archive-system/ #indieweb (twitter.com/_/status/472756400427253760)
#
Loqi [mention] https://brid-gy.appspot.com/like/twitter/t/469255534307049472/2534568314 linked to http://indiewebcamp.com/File:2014-05-21-twitter-j-compromised.png (webmention)
carlo_au and KevinMarks_ joined the channel
#
aaronpk good morning!
#
Loqi aaronpk: kylewm left you a message 10 hours, 36 minutes ago: I'm getting a weird error from instagram trying to auth with ownyourgram: https://gist.github.com/kylewm/4b1a28516f7f94c0c5e4 maybe something to do with me switching to https?
#
Loqi aaronpk: garietyxxx left you a message 6 hours, 28 minutes ago: IndieAuth givin' me some stress: You just authenticated as 'https://twitter.com/garietyxxx' but your website linked to 'http://twitter.com/garietyxxx'
#
bnvk mornin
#
aaronpk !tell kylewm thanks, fixed! I switched the site over to ssl-only and forgot to update the setting in the instagram app
#
Loqi Ok, I'll tell them that when I see them next
#
aaronpk morning bnvk!
#
bnvk howdi
#
aaronpk how goes the archiving?
#
bnvk goin ok, got the formatting pretty much down
#
bnvk figuring out downloading of attachments now
#
aaronpk nice
#
kylewm working again, thanks aaronpk :)
#
Loqi kylewm: aaronpk left you a message 7 minutes ago: thanks, fixed! I switched the site over to ssl-only and forgot to update the setting in the instagram app
#
aaronpk great
#
aaronpk thinking about this twitter http/https issue now
snarfed joined the channel
#
aaronpk I think I can avoid all the rabbit holes of comparing equivalencies of URLs by checking to see if the actual username from the providers matches
#
@ShaneHudson RT @Johannes_Ernst: Marcus Povey and PGP-based login http://upon2020.com/blog/?p=1962 #indieweb #lid #pgp #gpg (twitter.com/_/status/472781152248659968)
#
KevinMarks_ because they have a known URL pattern?
#
aaronpk no because they all return a username after authenticating
#
aaronpk well yes, the known URL pattern happens first, so if I see a rel-me link like "http://twitter.com/aaronpk" then I know what username to expect
#
aaronpk the problem is when my site links to http://twitter.com/aaronpk but I reconstruct the URL as "https://twitter.com/aaronpk" after I sign in.
#
aaronpk so if I just don't try to reconstruct it and instead just compare the username afterwards then it should avoid that problem
#
aaronparecki.com edited /site-deaths (+282) "move some to past, add justin.tv deleting all archives" (view diff)
#
aaronpk ah crap but google returns a "uid" which is not the username
#
aaronpk google plus messes this all up
#
aaronpk alright i'm just gonna have to hackily compare URLs
bnvk, ScruffyDan and petermolnar joined the channel
#
aaronpk ok... pushing out a change. would love some help testing
#
petermolnar how can we help?
#
aaronpk try signing in at indieauth.com
#
petermolnar ok
#
aaronpk with as many different providers as you can
#
petermolnar ok
#
petermolnar although my https-only page only works if I explicitly enter the whole url
#
aaronpk that should be fixed now too
#
petermolnar oh, testing that then :)
#
aaronpk :)
#
petermolnar hm
#
petermolnar it's semi-fixed: it now finds the urls but tries to backlink to http instead of https and therefore the urls are invalid
#
petermolnar making screenshot, just a minute
#
aaronpk k
#
petermolnar https://petermolnar.eu/tmp/indieauth.png
#
petermolnar http is 301 redirected to https
#
aaronpk oh my
#
aaronpk k this gives me something to work with
#
aaronpk good lord this is complicated
#
aaronparecki.com created /IndieAuth-redirect-handling (+588) "add two examples" (view diff)
#
aaronparecki.com edited /IndieAuth-redirect-handling (+258) "add dreev.es example" (view diff)
snarfed, j12t and garietyxxx joined the channel
#
snarfed aaronpk: worked for me w/twitter, g+, and github (all https)
#
aaronpk snarfed: yay cool
dariusdunlap joined the channel
#
Loqi dariusdunlap: tantek left you a message on 5/28 at 2:28pm: when did you start supporting https for your admin pages with a self-signed cert per https://indiewebcamp.com/https#Level_2_security ? Was it at IWC SF?
#
Loqi dariusdunlap: tantek left you a message on 5/29 at 7:18pm: well done with IndieAuth login to your blog! Is that a plug-in to add to /WordPress ?
#
aaronpk snarfed: but you probably entered https in the sign-in field?
#
snarfed for my domain? yes
#
snarfed i also did http://snarfed.org , that worked w/twitter for old scanned rel-me values
#
aaronpk heh caching
#
snarfed but re-scanning complains about all providers, since all rel-mes link to https
#
snarfed which is fine
#
snarfed love that you support 2fa now too! off to try it
#
aaronpk I think if you type http it should still work
KartikPrabhu joined the channel
#
aaronpk by that I mean I want it to work
#
snarfed i'm not seeing that right now. rescanning http://snarfed.org
#
snarfed complains that it can't find rel-me links for tw, g+, and gh
#
aaronparecki.com edited /IndieAuth-redirect-handling (+398) "add description of the case when http profile redirects to https but http was entered" (view diff)
#
aaronpk right, doesn't work right now because of what I just described there ^
#
snarfed cool, np
#
snarfed is google authenticator fully supported yet? scanning the barcode worked, but i couldn't find a description of what the rel-me link would look like
#
aaronpk yeah it works, but it's more like registering an account on indieauth.com
#
aaronpk which is kind of weird
#
aaronpk but it does work, I use it all the time, especially on slow networks because it avoids all the http requests involved in oauth requests
#
snarfed ok. so…how do i log in with it?
#
aaronpk you have it added to your authenticator app now?
#
snarfed yes
#
aaronpk go try to sign in to the wiki, and you'll see it listed as an option
#
@iamaegibson Gonna give this indieweb stuff a try.: has inspired me. time to give it a try. http://aegibson.com/?p=11 (twitter.com/_/status/472810226953904128)
#
snarfed ahhhh ok
#
snarfed aha, it's listed
#
snarfed and works! cool!
#
snarfed great addition
#
aaronpk cool!
#
snarfed minor feature request: maybe make enter in the token text box submit
#
aaronpk yeah it's been there since last summer http://aaronparecki.com/articles/2013/07/15/1/password-less-logins-from-your-own-domain-with-a-pebble-watch
#
aaronpk i just haven't promoted it much yet
#
snarfed np!
jonnybarnes joined the channel
#
Loqi jonnybarnes: luxagraf left you a message on 5/30 at 1:32pm: - thanks for all your help debugging my ssl issues. everything is working now.
caseorganic joined the channel
#
aaronpk petermolnar: snarfed: ok I think I fixed it, so if you enter http for your URL
#
snarfed aaronpk: rescanning still complains for mine
#
snarfed (…that it can't find rel-me links)
#
snarfed (and btw, obviously don't feel obligated to fix this for me…but i'm happy to help test!)
#
aaronpk ohh does your site respond on both http and https?
edge226 joined the channel
#
aaronpk yep, that's not gonna work then
#
aaronpk should work for petermolnar since he returns 301 on http
tilgovi joined the channel
#
snarfed ah yeah, my hsts header usage is pretty unusual
#
snarfed i say ignore it
#
aaronpk without the 301 link, your http and https pages are technically completely separate URLs
#
aaronpk whereas returning 301 from http to https makes them equivalent
#
snarfed yup!
#
aaronpk oh goddammit... now there's a trailing slash issue
#
snarfed ahahaha nothing's ever easy :/
#
Loqi hehe
#
snarfed (btw, background on my hsts setup in case you're morbidly curious: https://willnorris.com/2014/03/using-hsts-with-http-requests , but no need to read it unless you're really bored)
#
aaronpk is not that bored yet
#
aaronpk trying to chew through these indieauth issues
#
snarfed good
#
jonnybarnes.net edited /https (+94) "/* IndieMark Levels */ bump up to Level 5" (view diff)
#
jonnybarnes upto indiemark level 5, feels good
#
jonnybarnes aaronpk: had a tiny hiccup loggin into indiewebcamp
#
aaronpk how tiny?
#
aaronpk i'm making a bunch of changes right now so i'm not surprised, heh
#
jonnybarnes clicked log in, typed in url, clicked google link, was back at indiewebcam.com but not logged in, so I tried again, and was then logged in
#
aaronpk oh odd...that sounds different
#
aaronpk will look at that in a bit
#
aaronpk ok fixing the trailing slash issue now...
#
jonnybarnes.net edited /https (+6) "/* Level 5 security */ fit the style" (view diff)
Kopfstein joined the channel
#
@Johannes_Ernst New motto: "Cloud - is Out". #privacy #indieweb http://upon2020.com/banter/?p=239 (twitter.com/_/status/472833408062586880)
glennjones and chrissaad joined the channel
#
aaronpk ugh flickr search just stopped working
#
petermolnar aaronpk yes, it's fixed now & working very nice ^^
#
aaronpk yaaaayyyy
#
KartikPrabhu apparently I can't query multiple post types in Django without creating a whole another database with all the posts in it! :|
friedcell, tantek and nloadholtes joined the channel
#
aaronparecki.com edited /site-deaths (-2) "loom and myopenid not actually offline yet" (view diff)
#
KartikPrabhu aaronpk: I have noticed that sometimes Quill does not post anything when I use the Homescreen bookmark. but it works if I re-log in. Any reason?
#
aaronpk that is odd
#
aaronpk you mean you click the home screen bookmark and see the interface, but a post after that fails?
#
aaronpk does the debug output show you anything useful in the http headers?
#
KartikPrabhu no. it still shows the last response. I think it doesn't even hit my server as I return some response for everything
#
aaronpk clicking "post" should make it show something in the debug section under the button, do you mean it doesn't even do that?
#
KartikPrabhu no. the fields I filled become blank, but the debug section still shows the "Last response received" blurb
#
aaronpk hmm strange! could you check the browser console to see if it's getting some weird error there?
#
KartikPrabhu which is the very last successful one, not the one you'd expect out of the currect micropub request
brianloveswords joined the channel
#
tantek.com edited /site-deaths (+249) "move justin.tv to upcoming since June 8 hasn't happened yet. Editorially user data backups available til 2014-12-31. update dates for loom, myopenid checks" (view diff)
#
tantek hmmm… looks like a bunch of the stuff added in the http://indiewebcamp.com/site-deaths#citations_needed section aren't actually sites but tools and such
#
tantek going to move them to company specific pages accordingly
#
tantek if it's not a site death, probably doesn't belong on /site-deaths
#
tantek hmm - how do we not have a /Yahoo page ?
grantmacken and snarfed joined the channel
#
tantek.com edited /Google (-37) "dead services died" (view diff)
KevinMarks joined the channel
#
KartikPrabhu aaronpk: unable to repeat that situation now. WIll keep an eye on it though
#
tantek.com created /Yahoo (+820) "stub with dead silos, tools" (view diff)
scor joined the channel
#
tantek.com edited /site-deaths (+327) "/* citations needed */ move a couple of tools to Yahoo page, found citation for the rest" (view diff)
#
aaronpk KartikPrabhu: ok cool
ttepasse and j12t joined the channel
#
tantek.com edited /site-deaths (+664) "/* Past */ another citation, note presumed shutdown, need for verification" (view diff)
#
aaronpk thoughts on whether it's worth trying to resurrect OpenID support for indieauth.com?
#
aaronpk I'm thinking no, given that the OpenID group has moved on to Open ID Connect
#
aaronpk also becomes less important if indieauth.com can auth against your site treating it as an oauth provider (basically that's what openid connect is)
#
tantek aaronpk - until someone asks for it specifically (i.e. their own site natively acts as an openid provider for themselves), we can probably punt it
#
aaronpk yeah, I know of at least a couple people who are their own openid provider who have mentioned it, but I think it's probably not important anymore since it's officially deprecated and everything
edge226 joined the channel
#
@HKoren #ownyourdata - use http:/// to extract existing photos from FB, then @IFTTT to grab subsequent ones (twitter.com/_/status/472876436144275456)
#
aaronpk not even deprecated, actually obsolete
#
aaronpk http://openid.net/developers/specs/
#
tantek well that's that then
#
aaronpk I do still want to fix the openid provider side so it can be used to sign in to pypi.org
#
aaronpk er, pypi.python.org
#
aaronpk well this is progress... at least now it looks like it's pypi's fault: https://pypi.python.org/pypi?%3Aaction=login&openid_identifier=http://aaronparecki.com/
#
aaronpk slashdot seems to have dropped openid login
#
aaronpk same with sourceforge
#
tantek any announcement of it?
#
aaronpk http://sourceforge.net/p/forge/site-support/5782/#0f5e
#
aaronparecki.com edited /OpenID (+459) "/* Consuming Sites */ update status of some consumers" (view diff)
#
aaronparecki.com uploaded /Special:Log/upload "uploaded "[[File:2014-05-31-hootsuite-dropping-openid-support.png]]""
scor joined the channel
#
KartikPrabhu so sourceforge is switching to silo login instead of OpenID...
#
aaronpk so.. pypi is sending as assoc request with session_type set to an empty string.
#
aaronpk what do I even do for that
#
aaronparecki.com edited /OpenID (-32) "/* Consuming Sites */" (view diff)
#
aaronpk hm default is blank http://openid.net/specs/openid-authentication-1_1.html#mode_associate
#
aaronpk meaning cleartext, no encryption
#
aaronpk holy crap i fixed it!
#
aaronpk I had to force session_type to 'no-encryption' rather than an empty string. that would appear to be a bug in the ruby-openid gem
KevinMarks joined the channel
#
tantek.com edited /Yahoo (+656) "Citizen Sports looks like it was just an app/tool, minimal user data if any, no sign of any site data" (view diff)
#
tantek huh, looks like Yahoo restored the Yahoo! WebPlayer
#
tantek https://info.yahoo.com/privacy/us/yahoo/webplayer/
#
aaronpk wtf is this crap http://openid.net/specs/specs-1.0.bml
#
aaronpk some weird templating langauge?
#
aaronpk issue filed on the ruby-openid gem, we'll see if anyone cares https://github.com/openid/ruby-openid/issues/77
chrissaad joined the channel
#
tantek.com edited /Yahoo (+735) "Embeddable Services - Yahoo! WebPlayer was scheduled for shutdown, but restored/rescued somehow" (view diff)
#
tantek.com edited /site-deaths () "(-991) citizen sports no sign of site content, Yahoo! WebPlayer was scheduled for shutdown, but restored/rescued somehow. also a service, not a content site" (view diff)