#indiewebcamp 2015-08-11

2015-08-11 UTC
#
tantek.com
created /Z (+637) "having just blogged about UTC and thus "Z" time (in use by indieweb servers and projects), this seemed good to capture"
(view diff)
#
gRegorLove
What is Z?
#
Loqi
Z is a suffix used on a time string to indicate that it is in UTC (Coordinated Universal Time), a common technique for the time setting on indieweb servers, and used by programmers to avoid problems dealing with timezones, especially in indieweb projects https://indiewebcamp.com/Z
#
gRegorLove
What is UTC?
#
Loqi
It looks like we don't have a page for "UTC" yet. Would you like to create it? http://indiewebcamp.com/s/101F
#
tantek.com
created /alphabet (+3831) "make a generic page for alphabet which relegates the Inc to a see also, and draft a sample set of indieweb alphabet building blocks, let's see how well they survive community scrutiny"
(view diff)
#
tantek.com
edited /alphabet (+72) "/* IndieWeb Alphabet */ s/open source/ownyourdata"
(view diff)
lukebrooker joined the channel
#
tantek.com
created /architects (+36) "r"
(view diff)
#
tantek.com
edited /alphabet (+67) "/* IndieWeb Alphabet */ why note"
(view diff)
#
@aaronpk
A is for article, B is for backfeed, C is for checkin, and 23 others compiled by @t https://indiewebcamp.com/alphabet #indieweb
(twitter.com/_/status/630895723534376960)
#
aaronpk
hey look a properly formatted webmention notification!
#
loqi.me
created /timezones (+21) "prompted by tantek and dfn added by tantek"
(view diff)
#
tantek.com
edited /alphabet (+4) "linky"
(view diff)
#
tantek.com
edited /timezone (+152) "Z, articles"
(view diff)
#
tantek.com
edited /Z (+15) "see also alphabet"
(view diff)
KartikPrabhu joined the channel
#
tantek
Dear Google, we will use your arrogant renaming as an opportunity to educate people about the A to Z of the IndieWeb.
#
@kevinmarks
RT @aaronpk: A is for article, B is for backfeed, C is for checkin, and 23 others compiled by @t https://indiewebcamp.com/alphabet #indieweb
(twitter.com/_/status/630897062310088705)
lukebrooker joined the channel
#
tantek
is it reblogging if I post it to indiewebcamp.com first and then my own site?
#
tantek
more like PECOS per /commons ;)
#
aaronpk
i was thinking that too but the "e" is elsewhere, PESOS doesn't actually say "silo" at all
#
KevinMarks__
the S is Pesos isn't silo
#
tantek
oh damn I should know that having made it up
#
tantek
this is why I write things down / post them
#
tantek
what is PESOS?
#
Loqi
PESOS is an acronym/abbreviation for Publish Elsewhere, Syndicate (to your) Own Site https://indiewebcamp.com/pesos
#
aaronpk
it got it right!
#
tantek
nice mention notifications!
cmhobbs and snarfed joined the channel
#
tantek
aaronpk: the idea for an A-Z or alphabet of indieweb "stuff" came to me when I curated the alphabetically ordered lists here: http://tantek.com/2015/201/b1/indiewebcamp-2014-year-review#iwc2014-technologies and realized I was getting pretty close to a whole alphabet
#
tantek
but rather than try to figure out how to expand that to the whole alphabet I decided to keep it purely about hand selecting key things in 2014
#
tantek
thankfully a generic "indieweb alphabet" of building blocks can be made of anything from inception to the present so that was easier :)
#
tantek
I think I might stop by a bookstore to quickly browse a few children's alphabet based books to load their phraseologies into my brain for contextual writing.
lukebroo_ joined the channel
#
GWG
Isn't Z for Zulu?
#
tantek
that's covered in the page
#
@ScreapDK
RT @aaronpk: A is for article, B is for backfeed, C is for checkin, and 23 others compiled by @t https://indiewebcamp.com/alphabet #indieweb
(twitter.com/_/status/630903694867984384)
#
tantek
guess I should hurry up and post that as a blog post
#
KartikPrabhu
R = reply too
#
KartikPrabhu
tantek: should I add stuff to that page or are your curating it
#
KartikPrabhu
what is reply?
#
Loqi
A reply (or comment) is a kind of post that is a text (typically, though photos are possible too) response to some other post, that makes little or no sense without reading or at least knowing the context of the source post https://indiewebcamp.com/reply
#
tantek
good one
#
tantek
I forgot that I'd already taken care of moving reply to its own page! yay!
#
Loqi
giggles
#
tantek
it was stuck on /comment for so long!
#
KartikPrabhu
Q = Quill
#
KartikPrabhu
R = Reader
#
@energyovertime
RT @aaronpk: A is for article, B is for backfeed, C is for checkin, and 23 others compiled by @t https://indiewebcamp.com/alphabet #indieweb
(twitter.com/_/status/630905330164043776)
#
tantek.com
edited /alphabet (+295) "r really should be reply thanks Kartik, and added Quill and /reader as secondaries as well"
(view diff)
#
KartikPrabhu
there goes tantek's moment of glory. aaronpk gets all the RTs and Twitter fame
#
tantek
happy to share
#
tantek
hence why I wrote it on IWC wiki in the first place rather than post first to my blog
#
tantek
KartikPrabhu: I plan to post it to my blog soon (in the next couple of hours) as a timely static snapshot, but then of course I expect it will evolve on its own on the wiki, and will likely even encourage the broader indieweb community to come do so
#
KartikPrabhu
true! good way to do it until we actually figure out /edit posts
modem joined the channel
#
tantek
right!
#
tantek.com
edited /alphabet (+76) "/* IndieWeb Alphabet */ timeline"
(view diff)
#
tantek.com
edited /alphabet (+31) "integrated reader as building block"
(view diff)
#
Loqi
[mention] Bradley Allen reposted a post that linked to alphabet https://indiewebcamp.com/alphabet https://webmention.io/notification/HfF7-NYLtlhMKpN81PR7EQ
#
Loqi
[mention] Casper Qvortrup reposted a post that linked to alphabet https://indiewebcamp.com/alphabet https://webmention.io/notification/PctIq87GnmEHWejlwvmxIA
#
Loqi
[mention] Casper Qvortrup and Bradley Allen liked a post that linked to alphabet https://indiewebcamp.com/alphabet https://webmention.io/notification/X-zVHFsf_WG_l35qbiMtOQ
#
tantek
^^^ clustered like!!!
#
tantek
(though I miss that it used to link directly to the tweet)
#
tantek
oh wait these are the webmentions to indiewebcamp, not the twitter mentions
#
tantek
Kartik, keep the suggestions coming
#
tantek
KartikPrabhu:
#
tantek
going to switch locations but will read logs
mlncn joined the channel
#
@OvercastFM
Still tracking down what happened to This American Life’s original feed. Quick fix: Delete and resubscribe to the one in search results.
(twitter.com/_/status/630886130955759616)
#
@OvercastFM
(They changed the feed address and the old one just returns a 404 now.)
(twitter.com/_/status/630886305279406080)
#
@OvercastFM
@mixdup Well, they did redirect for a while, but it’s my fault for not having a mechanism to permanently change a subscribed feed’s URL.
(twitter.com/_/status/630906410776268800)
#
tantek
oh you mean RSS browsers (AKA feed readers) aren't as robust as Web browsers?
#
tantek
I'm shocked, shocked to hear that.
#
tantek
Does This American Life have an HTML page equivalent of that "feed" ?
#
gRegorLove
Well, I was more surprised that such a huge podcast wouldn't continue with an 301 or 302 redirect
#
tantek
Anything we can help them add h-feed to? And then demonstrate KevinMarks's unmung?
#
gRegorLove
Perhaps it's something to do with them going independent, which I only recently learned about, so I don't know details.
#
tantek
gRegorLove: it sounds like they did "redirect for a while" but that the consuming app/site failed to obey
#
gRegorLove
Right. I'm surprised they didn't "continue"
#
gRegorLove
vs. a couple months
#
KevinMarks__
aere we sure hey 301'd not 302'd ?
#
tantek
looks for an emoji for "collection"
#
gRegorLove
I have no idea. I could well see it being 302 accidentally
#
tantek
KevinMarks ^^^ unmung?
#
gRegorLove
I'm actually not sure what they're talking about. Just checked on Wayback and the podcast URL is the same as it was in January, http://feed.thisamericanlife.org/talpodcast
#
gRegorLove
Wait, nope. I'm wrong. Subdomain used to be feedS
#
gRegorLove
Now it's feed.
#
gRegorLove
Still feedburner, though. Who knows.
#
tantek.com
edited /sleep (+91) "emojicon"
(view diff)
#
tantek.com
edited /collection (+91) "repurpose emoji for collection posts"
(view diff)
sparverius joined the channel
#
tantek.com
edited /projects (-87) "repurpose its emoji for collection posts"
(view diff)
#
tantek.com
edited /comics (+92) "emojicon"
(view diff)
#
tantek.com
created /🎴 (+20) "r"
(view diff)
#
tantek.com
edited /food (+83) "emojicon"
(view diff)
#
tantek.com
created /🍛 (+18) "r"
(view diff)
#
tantek.com
edited /rsvp (+91) "emojicon"
(view diff)
#
tantek.com
edited /💌 (-5) "repurpose for rsvp"
(view diff)
#
tantek.com
edited /bookmark (+92) "emojicon"
(view diff)
#
tantek.com
edited /tag (+4) "what Wikipedia uses it for too - bookmark"
(view diff)
#
tantek.com
created /🚩 (+21) "r"
(view diff)
#
tantek.com
edited /checkin (+83) "emojicon"
(view diff)
#
tantek.com
edited /posts (+104) "/* Kinds of Posts */ add collection, 🎴 for comics, 😴 sleep, 🍛food, 💌 rsvp, 🔖 bookmark, 🚩 checkin"
(view diff)
#
KevinMarks__
no actual mp3 links in the html feed
#
tantek
filled out a lot more of https://indiewebcamp.com/posts#Kinds_of_Posts - in case anyone was looking for symbols for post kinds
#
tantek.com
edited /HTML (+87) "building block"
(view diff)
lukebrooker joined the channel
#
tantek.com
edited /alphabet (+95) "/* IndieWeb Alphabet */ bookmark posts, comics posts, scrobbles too, tags, permalinks"
(view diff)
#
tantek
lololol
#
gRegorLove
Yeah, TAL only publishes the most recent couple episodes in their RSS
#
gRegorLove
I thought it was most recent *one* actually
#
gRegorLove
"Episodes are available for exactly one week, beginning the Monday after broadcast."
snarfed joined the channel
#
tantek.com
edited /deleted (+84) "emojicon"
(view diff)
#
tantek.com
edited /deleted (+8) "TOC below"
(view diff)
#
Loqi
[mention] WAKEST liked a post that linked to alphabet https://indiewebcamp.com/alphabet https://webmention.io/notification/iRnI0J1oEJ8Jyv9HamPTJA
#
tantek.com
created /🚮 (+21) "r"
(view diff)
#
tantek.com
edited /alphabet (+357) "d is for design, v is for video posts, notifications, OwnYourGram, longevity, projects"
(view diff)
#
tantek
alright, going home now and going to hack up some ::first-letter action to see if I can do something prettier for my blog. I'll be using /custom-post-style for that, naturally :)
#
tantek
let me know if I've missed anything critical you think is worth mentioning!
#
tantek
critical building blocks, projects, concepts, principles etc.
#
tantek
I think https://indiewebcamp.com/alphabet is looking pretty good and may even be a decent primer for folks that think alphabetically
#
@offrayLC
Nice to find this presentation about the #IndieWeb http://tantek.com/presentations/2014/06/indieweb/?full#cover at the @OKFN discourse site. A lot of common interest!
(twitter.com/_/status/630925878277636096)
KevinMarks joined the channel
#
@paulmison
As Twitter AB tests replacing stars with hearts, remember one is a feeble meat blood pump, while the other is a ROILING FUSING PLASMA SPHERE
(twitter.com/_/status/630894075416162306)
#
KartikPrabhu
in reality, both as simplified unrealistic, graphical representations of very complex natural phenomena
#
Loqi
KartikPrabhu meant to say: in reality, both are simplified unrealistic, graphical representations of very complex natural phenomena
snarfed and techlifeweb joined the channel
#
techlifeweb
Can you POSSE to Instagram? I pull photos FROM there to my Wordpress site but I'd like to do it the other way round.
#
benwerd
techlifeweb: they don't have public publish APIs
#
techlifeweb
benwerd: thats what I thought. Bummer.
evalica, mattmar10, KartikPrabhu and cweiske joined the channel
#
bradleyallen.info
created /User:Bradleyallen.info (+69) "setting up a basic user page"
(view diff)
snarfed, keroberos, KartikPrabhu, tantek, Jihaisse, sanduhrs, eschenal, eschnou, KevinMarks_, loic_m, KevinMarks, friedcell, LukasRos, interactivist, petermolnar, j12t and fkooman joined the channel
#
@dustinboston
Writing a Rake task to publish a note, syndicate to Twitter, and update the original post. #indieweb - https://dblogit.com/notes/46d25e/
(twitter.com/_/status/631021977919098880)
friedcell joined the channel
#
KevinMarks__
so why is the tweet 20 seconds ahead of the webmention?
#
fkooman
i actually also received a webmention from your post! :D
#
fkooman
it still works
#
KevinMarks__
the private messaging stuff is trickier
#
fkooman
KevinMarks__, yeah, I read that, but I got really confused, and it seems really complicated...
#
KevinMarks__
well, at some point you end up having to use crypto
#
fkooman
why?
#
KevinMarks__
becasue the alternative is a silo
#
fkooman
i don't see how that is related to private webmentions :)
#
fkooman
also, i think private webmentions shouldn't exist at all...
#
fkooman
i think an "inbox" is a much better approach for that
#
fkooman
also cleaner, and follows normal OAuth 2.0 flow
#
KevinMarks__
BTW, your writeup has them all on the same domain
#
KevinMarks__
if you have a silo with ACLs, you can use indieauth and webmention, yes
#
KevinMarks__
if you want them to be actually distributed you need public/private key
#
fkooman
KevinMarks__, true, the use of "*.example.org" is not meant to indicate all users will be on the same domain
#
KevinMarks__
so pick different domains
#
fkooman
it is distributed in the sense that anyone who wants to create a group will be able to choose their instance and other users will for the purpose of this group use the same "silo" yes
#
KevinMarks__
example.xyz
#
fkooman
KevinMarks__, now i use the .example TLD :)
#
M-kegan
is Loqi's source available anywhere?
#
cweiske
I didn't find it when I looked a month ago
#
@dustinboston
Writing a Rake task to publish a note, syndicate to Twitter, and update the original post. #indieweb - https://dblogit.com/notes/21a8b5/
(twitter.com/_/status/631029386808963072)
LukasRos, ttepasse, j12t and fkooman joined the channel
#
ben_thatmustbeme
M-kegan: no aaronpk likes to keep him a mystery. I think there are a few pieces here and there that are open source
#
M-kegan
I see.
#
ben_thatmustbeme
But as I understand it hes a really big hack job. Started as wiki notification bit that was hacked to run an outside file in a different language
j12t, adactio, KartikPrabhu, frzn, LanceyWork, smcgregor, glennjones, friedcell, peacekeep3r, alexhartley, mlncn, LukasRos, nedorito, chreekat, fourtonfish and snarfed joined the channel
#
ben_thatmustbeme
have to get the cached version, since it was pulled
j12t, hs0ucy, wolftune, pfefferle, frzn_, ttepasse_ and chalettu joined the channel
#
@jgarber
@bthdonohue Was looking at the fragmentation spec the other day (http://indiewebcamp.com/fragmention) and looks like the preferred syntax has changed…
(twitter.com/_/status/631116334139617280)
#
@jgarber
@bthdonohue …from using double-hash and plusses to single-hash and %20: http://indiewebcamp.com/fragmention
(twitter.com/_/status/631116426292633600)
mlncn, j12t and shiflett joined the channel
#
voxpelli
"Within 10 minutes, I had a total of 33 bots visit the new URL." https://ma.ttias.be/what-happens-to-a-new-url-the-first-10-minutes-on-the-internet/
#
voxpelli
Related to discussion a while back about of the fat pings of PubSubHubbub increasingly no longer really avoids an attack of bots
sanduhrs, LauraJ and friedcell joined the channel
#
aaronpk
!tell fkooman re: private webmention vs inbox, do you mean that you think the contents of a private message should be sent in the payload vs retrieved like webmention verification?
#
Loqi
Ok, I'll tell them that when I see them next
#
aaronpk
KevinMarks__: the webmention notification here is delayed now because of the buffering that's in place to cluster the notifications
KevinMarks_ and friedcell joined the channel
#
aaronpk
!tell fkooman re: https://www.tuxed.net/fkooman/blog/group_communication_platform.html how am I supposed to be able to get an access token to your site in order to send you a message? that seems backwards, since that means you have to be able to issue access tokens to arbitrary domains before you have received anything
#
Loqi
Ok, I'll tell them that when I see them next
j12t joined the channel
#
voxpelli
aaronpk: feels to me like a PuSH-notification would be sufficient to send something to an inbox?
#
voxpelli
The only currently "controversial" thing about that one is the WebFinger/e-mail reliance – which the "From"-header relies on – with a different header that flow would work though
#
aaronpk
why the sudden "inbox" framing?
adactio joined the channel
#
voxpelli
aaronpk: well, if you want to push content to someone, then that's out of scope of WebMentions, so one would need to call the alternative something – inbox could be one name
#
aaronpk
i don't see how that's out of scope of webmention at all
#
aaronpk
that is exactly what webmention is for
#
aaronpk
it's "hey i have this thing you might be interested in"
tantek joined the channel
#
voxpelli
WebMentions are merely for pings, while eg. PubSubHubbub are for pushing actual content?
gRegorLove joined the channel
#
aaronpk
webmention is a notification of content being available
#
ben_thatmustbeme
i do see there being a lot of overlap there honestly
#
aaronpk
pubsubhubbub is *also* a notification of content being available, but with PuSH, the receiver has to first subscribe to something
#
aaronpk
so PuSH only works for private messaging if I first say "hey i'm going to subscribe to a feed of private messages you want to send to me"
#
aaronpk
which seems...awkward
#
ben_thatmustbeme
wonders if a way to subscribe to webmentions would suffice
#
voxpelli
I think they can work together – WebMention tells me that I've new content and I then answer that they can send it to me at a certain place – a "ping/pong"-moment
#
tantek
indeed the entire "inbox" framing is a bad worldview in that it puts too much burden on the receiver, i.e. it prefers spam-type behaviors
#
ben_thatmustbeme
since, as I understand it, all current indieweb implementations of PuSH are only using thin pings
#
tantek
inbox--
#
Loqi
inbox has -2 karma
#
aaronpk
voxpelli: okay that's interesting and totally different than PuSH
#
voxpelli
ben_thatmustbeme: at least Superfeedr sends indieweb fatpings I believe
#
tantek
similarly with fatpings - so many reasons against them (inefficiency, etc.)
#
tantek
better to allow the receiver the freedom of if and when to retrieve the content
#
aaronpk
it's not PuSH unless the receiver subscribes to a feed, so I think you shouldn't call it that
#
tantek
which has many advantages that help mitigate tons of abuse, such as arbitrary random delays, using whitelists / blocklists re: domain etc.
#
tantek
fatpings--
#
Loqi
fatpings has -1 karma
#
voxpelli
aaronpk: well, it would more or less be a one-off subscription PuSH for an individual piece of content – PuSH can subscribe to items as well as feeds
#
aaronpk
that seems like an awkward overloading of PuSH, worse than this extension of webmention
#
aaronpk
btw i'm only pushing back on the name of this, not on how it works
#
tantek
both "inbox" and "fatping" are part of an obsolete email-centric worldview that has been shown to be so susceptible to spam that the only implementations that can deal with it are massive centralized silos like gmail, hotmail, yahoomail etc.
#
tantek
we must reframe all problems to prefer maximum number of smaller independent implementations running on a millions of smaller sites, rather than problems where the solutions lend themselves to a centralized bias
#
aaronpk
voxpelli: in your diagram, who is sending a message to who? alice to bob?
#
voxpelli
PuSH could mean the same mechanism for one-off private content delivery based on WebMention pings as for subscriptions to private feeds as the http://www.slideshare.net/Blaine/social-privacy-for-http-over-webfinger outlined and as fkooman seems to be thinking about
#
voxpelli
aaronpk: yep, it is modified from the private message wiki – and is merely a brainstorm for myself
#
aaronpk
blaine's slide deck seems to outline something totally different, which is services being authorized to pass private content between users
#
voxpelli
which is something we've already solved for webmentions
#
voxpelli
rel-webmention is an implicit rel-delegate in the case of blaine's slides as I see it
#
voxpelli
or rel-inbox in the case of fkooman
#
voxpelli
it's basically just telling Alice that the service that owns the callback that's being sent in is allowed to fetch it for Bob and Bob has verified that with a rel-delegate just like Micropub and WebMention uses rel:s to verify delegation today
snarfed joined the channel
#
kylewm
tantek: I don't understand your objection to fat pings, they are only delivered/trusted if you have subscribed to a feed
#
Loqi
kylewm: KevinMarks__ left you a message on 8/7 at 11:04am: you need to reauth with facebook so we get HWC pings https://www.brid.gy/facebook/12802152 http://indiewebcamp.com/irc/2015-08-07/line/1438970694907
#
aaronpk
voxpelli: i guess i don't see the advantage to adding this many intermediate steps
#
voxpelli
aaronpk: one doesn't have to generate any tokens / auth codes – that's one possible advantage
#
aaronpk
why is that different from alice just sending the message in a single POST request then?
#
voxpelli
it would have all of the advantages of PuSH in being able to subscribe/unsubscribe and it would prohibit spammers as the callback URL:s would be unique per subscription as ordinary in PuSH
#
voxpelli
so it's basically just an automated way of telling a trusted sender of a trusted callback
#
kylewm
waits for clustered invitations
#
aaronpk
subscribe? to what?
#
Loqi
[mention] Larry Halff, Bettina Warburg-Johnson, Jeff Rider, Beau Smith, Ryan Sarver, Ben Ward, Kitt Hodsden, Om Malik, Carla Borsoi, Brian Behlendorf, Nate Koechley, Lauren Breuning, Colleen Taylor, Pius Uzamere, Micah Snyder, Dharmishta Rood, Erin Jo Richey, Peter Hirshberg, Justin Ormont, Elizabeth Churchill, Faruk AteÅŸ, Sarah-Jane Morris, Jay Allen, Doc Searls, Benjamin Michael Goering, Pascale Diaine, Zibi Braniecki, Leah Culver, Laura Helen Winn, Dan Gailey, Joichi Ito, Tony Rai, Yoz Grahame, Amy MacKinnon, Justin David Kruger, Matt Mullenweg, Thomas Vander Wal, Jesse Vincent, Karen Nguyen, Tom Coates, Tim O'Reilly, Lillian Christina, Chris Messina, Janet DeHart, Bobby Fishkin, Jason Shellen, Jordan Harband, Simon Law, Megs ORorke, Lonnie Rae, Marie Williams, Rohit Khare, Matthew Levine, Cariwyl Hebert, Stephen Wyatt Bush, Nima Dilmaghani, David Baron, Jeremy Anderson, Kara Murphy, Elisa Jo Harkness, and Erin Stevenson O'Connor were invited to https://indiewebcamp.com/events/2015-08-12-homebrew-website-
#
Loqi
[mention] Ariel Waldman, Jessica Suttles, Daniel Appelquist, and Kyle Huey RSVPd no to https://indiewebcamp.com/events/2015-08-12-homebrew-website-club https://webmention.io/notification/sTms08lcWa1rfKbNCH-t8g
#
Loqi
[mention] Charles Hope, Mary Specht, Yan XZ, and Stephanie Vacher were invited to https://webmention.io/notification/A0TvZoOM8aRRzYQXse5kVw
#
Loqi
[mention] Chris Heuer and Tantek Çelik RSVPd yes to https://webmention.io/notification/kA21hsRt05xxQrICLINqhA
#
aaronpk
hey it's mostly working
#
snarfed
totally1
#
Loqi
[mention] Lawrence Lessig, PJ Khalil, Ben Metcalfe, David Prager, and Shing Wong were invited to https://webmention.io/notification/wrYmOkil3UTdEGTFgW-qOA
#
snarfed
s/1/!/
#
Loqi
snarfed meant to say: totally!
#
Loqi
[mention] Mathias Crawford, James Craig, Joseph Smarr, Jeff Hodsdon, and Matt Biddulph were invited to https://webmention.io/notification/GGhZVX15yTLZmhaFjeQ1tA
#
snarfed
solid progress
#
aaronpk
except i'm not sure why it's not finding the name of the event
#
snarfed
launchanditerate++
#
Loqi
[mention] Liane Baskin, Simon Willison, Ben Moskowitz, and Sabrina Bruning were invited to https://webmention.io/notification/wOpkVQlp1H6_tH6Ll8qTDw
#
Loqi
launchanditerate has 1 karma
#
snarfed
or why there are so many partials clusters
#
Loqi
[mention] Mo Kudeki, Kat Lucky, Leonard Lin, Lisa Brewster, Emily Mueller, and Katarzyna Babula were invited to https://webmention.io/notification/4EJwWvmvSDCBpyvCDmKdvQ
#
snarfed
but still, yay
#
Loqi
yay!
#
Loqi
[mention] Sarah Jeong, Rebecca Daniels, Paul Tarjan, and Natalie Downe were invited to https://webmention.io/notification/qJtgjJbxv2asgAwZGxCsTA
#
aaronpk
also the script crashed overnight oops
#
Loqi
[mention] Martin Atkins, Lizz Noonan, Jet Villegas, Robin Andersen, Jay Zalowitz, and Eva Lee were invited to https://webmention.io/notification/trZRCPJQwxAz3Uu-W6duxw
#
aaronpk
i think the window might be too small
#
Loqi
[mention] Christine Herron, Evan Prodromou, Laura Forrest, Jolie O'Dell, Olya Lapina, and Christian Crumlish were invited to https://webmention.io/notification/x885eV4MgWfMeuVdaVPBfA
#
Loqi
[mention] Aza Raskin, Sarah Austin, Thor Muller, C Alaric Moore, Liza Sperling, and Maxwell Salzberg were invited to https://webmention.io/notification/MPleaEQyeEaFATn2_Dd4jw
#
Loqi
[mention] Brendan Eich, Michael Owens, Selina Rossi, Mike Sofaer, and John Adams were invited to https://webmention.io/notification/IAWk3yZBKGZSkiM4S0rWVA
#
voxpelli
aaronpk: it would subscribe to either a single update of the private message or continuous updates for the private message – depending on the consumers – and the sender would asap send the initial state as an "update"
#
Loqi
[mention] Jeffrey Veen, Kevin M. Gallagher, Joël Franusic, Will Norris, and Stephanie Haupt Sullivan Rewis were invited to https://webmention.io/notification/PzYekBWtOomF4dwxrIfEVQ
#
Loqi
[mention] Matt Harris, Deb Schultz, Lauren Buchman, Kevin Smokler, and Matt Schaar were invited to https://webmention.io/notification/0G3jJhK5uKtiUcT8k-w8lA
#
Loqi
[mention] Christopher Carfi, Ben Werdmüller, Ilya Kreymer, and Sarah Dopp were invited to https://webmention.io/notification/S2DCCyQt20McN3Z3KewUyQ
#
Loqi
[mention] Ian Fung, Zoe Schiffer, and Katie Johnson were invited to https://webmention.io/notification/GsVucBuvpTnAVkLfqXHFjw
#
Loqi
[mention] Paul Hammond and Brynn Evans were invited to https://webmention.io/notification/38aCAJDJrUgSsxVD-84ivg
#
Loqi
[mention] Ryan Barrett, Cari Levay, Adam Rifkin, Jen Bradburn, Daniel Burka, Zack Fischmann, Redg Snodgrass, Monica Wilkinson, and Stacey Rivet were invited to https://webmention.io/notification/uOeia-yackUzRmfV7siNkQ
#
aaronpk
well hey this is better
#
snarfed
definitely!
#
snarfed
can't wait for the next iteration
#
snarfed
aaronpk++ for starting on clustered notifs
#
aaronpk
ah well step 1 is to check for h-event as well as h-entry
#
Loqi
aaronpk has 930 karma
#
snarfed
(and for kindly tolerating my pestering :P)
#
aaronpk
kylewm: i seem to be getting a crapload of webmentions from your HWC page, but i'm not sure who is sending them. can you think of any reason you'd be sending a couple webmentions per second to the wiki?
Garbee and KevinMarks joined the channel
#
aaronpk
kylewm: they are coming from 192.241.192.83
#
kylewm
sorry double post
#
aaronpk
oh are you sending salmentions?
#
kylewm
oh haha 192.241.192.83 is kylewm.com
#
Loqi
haha
#
kylewm
yes it must be sending a crap ton of salmentions
#
kylewm
that is not great
#
aaronpk
clustering is hard :)
#
aaronpk
it just means that i'm hitting your server for each one, then ignoring it because the notification of your first webmention was already sent
#
@voxpelli
@fkooman So either the data has to be fetched from a trusted source, like with WebMention, or be signed by a trusted source, like Salmon
(twitter.com/_/status/631139964483407872)
#
kylewm
and I'm probably sending a salmention notification for each invite, even though I'm actually hiding the invite replies
#
aaronpk
ah yeah i was wondering why i wasn't seeing those
#
aaronpk
voxpelli: okay from what I can tell, all you've really done here is added some extra steps to get to the point of the message being sent to bob's webmention endpoint
#
aaronpk
there's no authentication still, so it's just as vulnerable to spam as alice initially sending the message to bob's WM endpoint
#
voxpelli
aaronpk: to be fair – there are more steps in the current private messaging flow than there is in mine – not saying mine is better in any way, but the amount of steps seems like the wrong criticims?
#
aaronpk
no i'm saying your outline is exactly equivalent to alice just sending the message to bob's WM endpoint in the first place
#
aaronpk
(not comparing it to the wiki private messaging flow)
#
voxpelli
aaronpk: the authentication are the same as with all PuSH flows – unique callback URL:s?
#
aaronpk
that isn't really authentication tho is it?
#
voxpelli
and the verification that it's actually Alice that sends them comes from the fact that the hub-discovery is made on Alice's page
#
aaronpk
oh hm...
#
voxpelli
So Bob knows that it's Alice who sends them and Alice knows that it's Bob who has subscribed to them – that's all that's needed, right?
#
aaronpk
thinking...
#
aaronpk
okay interesting. i think i see what you've done.
#
aaronpk
i'm going to annotate this and also remove webmention/PuSH terminology to illustrate something
#
aaronpk
(I'm pretty sure the From header is not needed as well)
#
aaronpk
the important thing to note is that any POST request received cannot be trusted to be from a particular server, which is what all of this lookup is solving
#
voxpelli
it would either be the a header or a parameter in the body or query of the request – I guess Blaine wanted to make a generic delegation mechanism, hence rel-delegation and From:
#
voxpelli
aaronpk: (oh, and btw, I have the raw sequence diagram for https://bramp.github.io/js-sequence-diagrams/ if you want :P )
#
aaronpk
oh that'd be helpful
#
aaronpk
want to add that to the wiki?
#
voxpelli
not sure where on the wiki to add such very brainstormy things
#
aaronpk
well you can always just upload the png image and add the source sequence diagram to the image page
#
@krisshaffer
Known is a (group) blogging platform, supports IndieWeb technology, open-sourçe, auto installs with Reclaim Hosting. @withknown #digped
(twitter.com/_/status/631145319959515136)
tantek joined the channel
#
voxpelli
aaronpk: tried to upload it but I get "File extension does not match MIME type." – both when uploading as a png and as a jpeg :P
#
@nobantu
9MoreDays of EBRegistration 4 21st Internet Identity Workshop Oct 27-29 https://www.eventbrite.com/e/internet-identity-workshop-xxi-21-2015b-tickets-16995007525 #IIW #VRM #indieweb +More #unConference
(twitter.com/_/status/631147410253676544)
#
aaronpk
oh weird
#
Loqi
[bridgy] Kevin Marks replied '@jgarber @bthdonohue yes, I read the URL spec more carefully: ## is invalid (breaking some parsers) and + doesn't mean space in fragments.' to a tweet http://indiewebcamp.com/fragmention (https://twitter.com/kevinmarks/status/631147237167337472)
#
tommorris
seeing adactio saying it is HWC in Brighton tomorrow, I ought to build some more stuff. :)
#
tantek
tommorris: yes! HWC is good motivation to have something new to show, even if minor :)
#
voxpelli
aaronpk: great! that surfaces the flows much clearer – less plumbing – win!
#
aaronpk
so the interesting thing is that the only URLs involved are the two home pages and the two endpoints
#
aaronpk
the message itself doesn't need a URL, it just needs an ID
#
aaronpk
it bugs me a little that there doesn't need to be a URL for the message, because that makes this way less of a webby protocol
#
tommorris
tantek: I've been thinking more about checkin and studying how Twitter does it and may build a nice prototype of a "check-in editor" - that is, a simple web front-end that does check-in right
#
aaronpk
but it's neat that there's no authentication required for this
#
tommorris
Twitter's location is nice because it lets you specify whether you want to be specific or general
#
tommorris
so, on the Twitter iPhone app, you tap the location button and it brings up "Tag location" and I can choose between "London, England", "England, United Kingdom" and "United Kingdom" and at the bottom there's a "Share precise location"
#
tommorris
which then sends the precise geo-coords. but if that's off, it just tags it as being in London
#
tantek
tommorris: Swarm has neighborhoods and city checkins now too
#
tommorris
so, geonames can find things down to the city level
#
tommorris
but also geonames now has a fast indexed POI search for OSM
#
aaronpk
i would actually argue that Swarm's neighborhood/city thing isn't actually a checkin, since it's all passive
#
tommorris
no, you can do active neighbourhood checkin.
#
aaronpk
really? i haven't seen that
#
tantek
aaronpk - passive is an *option*
hs0ucy joined the channel
#
tommorris
I've checked into lots of London neighbourhoods if I'm just wandering around
#
tantek
you can explicitly select city / neighborhood
#
tommorris
you can't do that with the OSM API. I've been trying to build ways to do that, but Geonames just built it and rolled it out
#
tommorris
it's not perfect: it doesn't have the OSM ID, but it's good enough to start building on
#
tommorris
especially because you can then use the place's name and type to look it up in the OSM API
#
tommorris
and you can have a job queue to do that later
#
aaronpk
OSM API doesn't have nearby venue search?
#
tommorris
OSM doesn't really have a concept of "venues", just nodes and ways and relations and tags
#
tommorris
hmm, the Geonames API doesn't have a bunch of data in it that it ought to
#
tommorris
only has nodes AFAICT
KevinMarks, snarfed, snarfed1, KartikPrabhu, tantek, LukasRos, sparverius and afrogeek joined the channel
#
@thomasABoyt
I think I'm just going to make a Tumblr instead. Sorry indieweb.
(twitter.com/_/status/631173212617994240)
#
aaronpk
hmm http://indiewebcamp.com/Tumblr needs info on how to use Tumblr in an indieweb-friendly way. e.g. map your own domain to it
#
tantek
aaronpk - huh - that info is on a different page
#
tantek
perhaps should be moved there?
LukasRos, j12t, afrogeek, sparverius, KartikPrabhu, chreekat, nedorito, KevinMarks_ and snarfed1 joined the channel
KevinMarks joined the channel
#
tantek
Any experienced Tumblr users here who could help with updating /Tumblr with a "how to use Tumblr as an indieweb host" perspective?
KartikPrabhu joined the channel
#
snarfed1
tantek: if he follows those links he'll get pretty far. indieauth, micropub, webmentions in and out
#
snarfed
and http://indiewebcamp.com/Tumblr is pretty comprehensive
#
tantek
hmm true - maybe just needs a re-ordering of how-tos by expected first steps first / most useful to most people
LukasRos and fkooman joined the channel
#
tantek.com
edited /Tumblr (+623) "re-order how tos by how to use Tumblr for indieweb hosting, export, how to POSSE etc. to Tumblr as a logical temporal / order of implementation sequence, clarify post types to the 7 currently on Tumblr"
(view diff)
#
kevinmarks.com
edited /Tumblr (-18) "/* Post via Micropub */ feverdream->silo.pub"
(view diff)
#
kevinmarks.com
edited /Tumblr (+18) "/* Post via Micropub */"
(view diff)
#
fkooman
heya
#
aaronpk
kylewm++ for silo.pub
#
Loqi
fkooman: aaronpk left you a message 4 hours, 21 minutes ago: re: private webmention vs inbox, do you mean that you think the contents of a private message should be sent in the payload vs retrieved like webmention verification? http://indiewebcamp.com/irc/2015-08-11/line/1439307677643
#
Loqi
kylewm has 214 karma
#
Loqi
fkooman: aaronpk left you a message 4 hours, 14 minutes ago: re: https://www.tuxed.net/fkooman/blog/group_communication_platform.html how am I supposed to be able to get an access token to your site in order to send you a message? that seems backwards, since that means you have to be able to issue access tokens to arbitrary domains before you have received anything http://indiewebcamp.com/irc/2015-08-11/line/1439308114169
#
tantek.com
edited /Tumblr (+62) "/* How to */ Use your own domain"
(view diff)
#
aaronpk
hey fkooman
#
tantek.com
edited /Tumblr (+48) "/* Add webmention support */ see https://www.brid.gy/about#blogs for more"
(view diff)
#
tantek.com
edited /Tumblr (+33) "/* Post via Micropub */ see silo.pub for more"
(view diff)
#
fkooman
aaronpk, it seems i said some controversial things :) reading up on the log now
#
tantek
snarfed++ for replying helpfully on Twitter re: Tumblr for indieweb
#
Loqi
snarfed has 129 karma
#
tantek
snarfed, please review https://indiewebcamp.com/Tumblr#How_to - I tried to order by most bang/relevance for the buck as it were for Tumblr users, then those looking to transition from Tumblr to more indepenent web hosting.
interactivist joined the channel
#
snarfed
lgtm thanks!
#
fkooman
aaronpk, yeah, why not in the payload of the POST message. It is not always ideal, e.g. when sending "big" files, but needing to fetch stuff all around the planet (and keeping a copy) is also not ideal...
#
fkooman
the "spam" problem already exists on the indieweb with distributed indieauth
#
aaronpk
what does indieauth have to do with spam?
#
fkooman
aaronpk, the "client", whichever app that is will obtain an access_token using OAuth, just like any other OAuth client
#
aaronpk
fkooman: the difference is in your proposal, i'm expected to dish out access tokens to anyone who asks. the way it's currently described, I only have to dish out an access token to people I send messages to
#
fkooman
aaronpk, that was not regarding your comment, but something else from the log, the spam issue when having an "inbox". If your service supports distributed indieauth a spammer can put a lot of spam content on your service using their own indieauth compatible server to grant authentication
#
fkooman
aaronpk, yeah, that is not ideal
#
fkooman
but the person who asks needs to have their own (https) website listing their authorization server and methods for authenticating
#
fkooman
so the restriction is the same as logging in to IWC wiki
#
aaronpk
fkooman: what you're describing can be separated into two totally different things. 1) you are describing a "commons", which like the wiki, multiple people can sign in to and add things to. 2) you are describing a notification mechanism
eschnou joined the channel
#
fkooman
i guess that's true
#
aaronpk
they're basically totally different things and are not dependent on each other
#
fkooman
aaronpk, private messages from user to user and notifications (by services)
#
fkooman
here i was more focused on messages from services, not messages from alice to bob
#
aaronpk
sure, but it's the same in the end
#
aaronpk
so I have no issues with #1, a shared workspace is one solution to "indie" groups
Lancey joined the channel
#
aaronpk
but I have issues with the notification "inbox" mechanism, which I described earlier
#
fkooman
yeah, I am also much more fan of email to be honest ;)
#
fkooman
aaronpk, for service notifications one could probably only accept notifications for services that were logged in to at least once
#
aaronpk
accepting notifications is about spam, which is separate from how the message is delivered
#
aaronpk
fkooman: i'm curious what your thoughts are on this which voxpelli and I were talking about earlier today https://indiewebcamp.com/private-messaging-brainstorming
#
fkooman
aaronpk, yeah i saw that, what is step 6?
#
aaronpk
i will add some details
#
@CateBlouke
#digitaltoolbox - WebMention - http://indiewebcamp.com/Webmention "a simple way to notify any URL when you link to it on your site." #digped
(twitter.com/_/status/631201021247799296)
#
fkooman
aaronpk, it looks interesting, so no OAuth involved?
#
aaronpk
i'm still trying to figure out if there is a hole in it somewhere
nedorito joined the channel
#
fkooman
aaronpk, you probably need to add a nonce somewhere
#
aaronpk
something other than the message ID?
#
aaronpk
once I walk through this imagining implementing all 4 parts I will have a better idea
#
fkooman
aaronpk, well, if you treat the message ID as a nonce I guess it is fine, or is it meant to be sequential?
#
@CateBlouke
Another thing to ask @krisshaffer about - POSSE - Publish (on your) Own Site, Syndicate Elsewhere https://indiewebcamp.com/POSSE #digped
(twitter.com/_/status/631201717527400448)
#
aaronpk
nah arbitrary string
#
aaronpk
oops i just realized the numbers in that diagram go 1,2,5,6,7
#
aaronpk
can't count
#
fkooman
aaronpk, yeah a bit more detail would help
#
fkooman
I like there is no OAuth :)
#
fkooman
and it is push
#
fkooman
but it looks really interesting!
#
@koutropoulos
RT @CateBlouke: Another thing to ask @krisshaffer about - POSSE - Publish (on your) Own Site, Syndicate Elsewhere https://indiewebcamp.com/POSSE #…
(twitter.com/_/status/631202966607949824)
#
fkooman
aaronpk, but does it prevent spam?
#
aaronpk
i'm pretty sure spam prevention is always going to be a separate issue
#
aaronpk
and will be a problem regardless of the mechanism
#
aaronpk
the only way to prevent spam is to not have a way to accept unsolicited notifications in the first place
#
fkooman
that is true, but involving the OAuth flow and only accepting messages from services/sites you have logged in to may make this a lot easier...
#
aaronpk
"have logged in to" is a whitelisting mechanism, and works with any of these options
#
fkooman
but implicit whitelisting ;)
#
aaronpk
sure, that's one possible spam prevention technique, and also doesn't rely on oauth and would work with even existing webmentions
#
aaronpk
in order of increasing prevention of spam: 1) accept arbitrary notifications (email, trackback), 2) accept arbitrary notifications where you can verify the sender (pingback, webmention) 3) subscribe-first notifications (PuSH)
#
fkooman
but how is private-messaging-brainstorming better than accepting arbitrary notifications?
#
aaronpk
it's #2
#
aaronpk
because you get verification that the message came from the person it says it's from
#
fkooman
aaronpk, ah, i guess my proposed inbox is also #2 then
#
fkooman
but maybe more complicated than your proposal
#
fkooman
or maybe simpler... i am not quite sure how to quantify that :)
#
aaronpk
anything that involves auth is more complicated by default :)
#
fkooman
aaronpk, yeah, but regarding the flow maybe not so much :)
#
aaronpk
one sec, almost done writing this up
#
Kongaloosh
Is there a good way to discover indieweb blogs?
#
fkooman
google? :-)
#
Kongaloosh
yeah, I've been looking through irc people.
chreekat joined the channel
#
fkooman
Kongaloosh, there is a lot mentioned there, at least the "active" people are there, most with their webpage
#
aaronpk
oh yeah. the guest lists! good call
#
Kongaloosh
ah, cool!
#
Kongaloosh
yeah, I should go through those
#
fkooman
Kongaloosh, you are trying to setup a "planet"? :)
#
snarfed
also feel free to crawl https://www.brid.gy/users, >2k there
interactivist joined the channel
#
Kongaloosh
fkooman: what do you mean by planet?
#
aaronpk
what is a planet?
#
Kongaloosh
snarfed: cool, thanks!
#
aaronpk
hah! that is not a thing
#
aaronpk
i want it to be a thing
#
fkooman
e.g. planet.gnome.org, planet.fedorapeople.org, an aggregation of people's blogs
#
fkooman
runs to implement RSS :P
#
aaronpk
nah I wanna do an h-entry planet
#
aaronpk
more details!
#
fkooman
yeee :)
#
fkooman
aaronpk, rel="inbox"?
#
fkooman
runs
#
Loqi
Ok, I'll tell them that when I see them next
#
aaronparecki.com
edited /private-messaging-brainstorming (+26) "/* Possible implementations */"
(view diff)
#
fkooman
aaronpk, looks good though!
#
fkooman
aaronpk, i guess it can also work for services...
#
aaronpk
yeah i don't see why not
#
fkooman
cool :)
#
aaronpk
ah i found the place that needs another nonce/id
#
aaronparecki.com
edited /private-messaging-brainstorming (+945) "add section about implementation requirements for each role"
(view diff)
#
aaronpk
I do like how all the work is pushed off to these delegated endpoints
KevinMarks joined the channel
#
fkooman
aaronpk, and how does pm.alice get the message?
#
aaronpk
that's probably where Alice wrote the message
#
aaronpk
i think it's okay that it's unspecified here
#
fkooman
aaronpk, yeah, i guess it could be an oauth client that puts a message in "outbox" or something, would also be great to confirm delivery etc by moving it to 'sent' or something :)
#
aaronpk
it's basically equivalent to asking "how does alice write a blog post"
#
aaronpk
the answer is it varies wildly depending on the implementation
#
fkooman
yeah
#
fkooman
best to leave it out of the spec yeah
#
aaronpk
oh you know what? this can be extended to support sending multiple messages in a row without doing the whole flow again
#
aaronpk
basically step 1-2-3 is all about establishing a relationship between the two pm servers
#
aaronpk
at that point, pm.alice can send unsolicited messages to pm.bob using the secret that bob generated in step 3
#
fkooman
almost oauth again ;)
#
aaronpk
hm yes... /me re-reads this imagining step 1-2-3 is actually just the process of obtaining an access token
#
aaronpk
this is why I wrote the diagram without mentioning any specific protocols
#
fkooman
so then we are getting crazy close to my proposal again...
#
fkooman
you basically strip out the authentication completely, and base it on 'client_id' and 'redirect_uri'
#
fkooman
it should be possible to keep it simpler
#
aaronpk
in https://indiewebcamp.com/private-messaging-brainstorming 1-2-3 can be rephrased "alice: hey I want to send you things. pm.bob: okay you can send things here if you include this token"
#
aaronpk
and then pm.alice has a token that can be used repeatedly to send things to pm.bob, and pm.bob knows they came from alice
#
fkooman
where did we hear that before yeah... :)
#
aaronpk
this is... interesting
#
aaronpk
oh dang, this has the same problem of being obligated to generate tokens based on unverified requests
#
aaronpk
needs an extra check in step 3
#
aaronpk
"hey there, I heard alice wants to send message 1234 to bob. Is this legit?" pm.alice replies "yes", *then* pm.bob generates a token and tells pm.alice to send the message
#
ylo
21:31:50 HTTP.1 | GET 404 http://fonts.googleapis.com/css?family=Lobster <dns:127.0.0.1> text/html http://pedrocr.pt/text/curated-web/
#
ylo
what recourse is there against people that violate the TAG finding on nonconsensual tracking
#
fkooman
aaronpk, to be fair, my 'solution' also verifies before sending an access token
#
aaronpk
i'm talking about *generating* an access token, not just sending it
#
fkooman
aaronpk, it is generated at the time the authorization_code is exchanged for an access_token, so after the authentication step (and thus domain validation) has taken place
#
aaronpk
oh i might be confusing this with something else
#
fkooman
just like how OAuth works without client credentials
#
aaronpk
no this is what i was thinking
#
aaronpk
yes you know the domain validation has passed, but you still have to generate tokens regardless of whether there is a message there
#
aaronpk
what i'm saying is if i'm writing a thing that generates tokens, i don't want to be expected to generate tokens for everybody who comes along, i only want to generate tokens if i have an interest in them
#
fkooman
the whole point is that you don't know beforehand if you are interested in them...
#
fkooman
anyone with a webpage and valid SSL certificate should be able to send you an (unsolicited) message
#
aaronpk
it's the difference between someone trying to send me a message vs not trying to send me a message
#
fkooman
&scope=message
#
fkooman
done :)
#
aaronpk
so this is only going to work if the burden is on the sender
#
aaronpk
so whatever the receiver is doing, we have to make sure the sender is doing more
#
fkooman
it needs to complete the oauth flow, including authentication
#
aaronpk
well i am thoroughly confused now, but at least i have braindumped everything onto the wiki so i can review it later
#
fkooman
the "is this legit" step is not really needed i guess, as any other server than the real one would lie anyway
#
aaronpk
it's a step that saves bob from generating a token unnecessarily
#
fkooman
time for sleep in UTC+2 in any case
#
fkooman
i hope we can find something (a lot) simpler and better than oauth for this
#
aaronpk
yeah, will be good to take a look at this again tomorrow
#
fkooman
ciao :)
Garbee joined the channel
#
gRegorLove
On /private-messaging-brainstorming step 6 "secret that was included in step 3. " I think is meant to refer to step 4. Or 3 doesn't mention a secret, at least.
#
aaronpk
thanks
#
aaronparecki.com
edited /private-messaging-brainstorming (+0) "/* Possible implementations */"
(view diff)
#
gRegorLove
That token is just a way to validate the message coming back is actually from pm.alice.example.uk?
#
aaronpk
yeah because the last step where the message is actually sent needs to be validated somehow
#
aaronpk
every solid line is an unsolicited request, the dashed lines are the reply
#
aaronpk
so you have to imagine that at any point, these endpoints may be receiving bogus requests
#
gRegorLove
The text explanation helped me understand it a lot better, heh
#
aaronpk
the text on the wiki or in the diagram?
#
aaronpk
i found the conversational text in the diagram is useful because it guides you through the steps more, but having the details below is where the actual protocol lives
glennjones joined the channel
#
gRegorLove
I came into it pretty blind so didn't spend much time trying to understand the diagram earlier. :)
KartikPrabhu joined the channel
#
@craigmod
JavaScript has been off on the phone for months. And ghostery on on the desktop for weeks. Hard to go back.
(twitter.com/_/status/631226759845773312)
#
gRegorLove
I can understand it now that I've read the text version and understand it better, but the diagram still seems weird to me. Could just be that I'm not used to reading these type of diagrams.
#
aaronpk
yeah it does take a while to get used to them
#
aaronpk
but then they are super useful
benwerd joined the channel
#
snarfed
aaronpk just fyi bridgy should be able to fetch your https permalinks again, if you want to switch them back
#
aaronpk
thanks!!
#
aaronpk
i've been watching that thread!
#
aaronpk
snarfed++
#
Loqi
snarfed has 130 karma
#
snarfed
ugh, apologies for watching that thread :P
#
aaronpk
oh man indiewebcat is getting a backlog of mentions now too :)
#
snarfed
popular girl
#
KevinMarks_
Is this private messaging like 2-legged OAuth?
#
aaronpk
i guess?
#
aaronpk
i've never been a fan of the 2-legged vs 3-legged terminology
benwerd joined the channel
#
aaronpk
wow when you search google for טוויטר it highlights "twitter" in all the results
#
aaronpk
also IRC does not understand RTL
#
KevinMarks
it is a confusing terminology; I'm hoping you are defining a better one in your book
#
aaronpk
luckily that terminology isn't used at all in oauth2
#
KevinMarks
well, it needs a new taxonomy
snarfed1 joined the channel
#
aaronpk
oauth2 dropped the initial request token, so the equivalent to oauth1's 2-legged is the client credentials grant, which is literally just one post request