#indiewebcamp 2012-11-02

2012-11-02 UTC
tantek and zztr joined the channel
#
tantek.com
created /creator (+22) "r"
(view diff)
#
tantek.com
edited /User:Tantek.com (+576) "skills"
(view diff)
wajiii-afk, borior, barnabywalters, adactio, hober and melvster joined the channel
#
melvster
hi all .. i met tantec at TPAC this week and he suggested visiting this channel ... im interested in participating in indie web if possible! :)
#
barnabywalters
hey melvster, welcome to #indiewebcamp!
#
melvster
thanks!
#
barnabywalters
the best place to look is the getting started page on the wiki: http://indiewebcamp.com/Getting_Started
#
barnabywalters
do you have your own domain already?
#
melvster
reading now
#
melvster
barnabywalters: ok so i have a personal domain at http://melvincarvalho.com/ it contains information about me, my social graph, some of my interests, and a distributed 'like' button that i was prototyping ...
#
melvster
let me look at POSSE
#
barnabywalters
melvster: are you in the UK too?
#
melvster
barnabywalters: i have some family there but i move around a bit
#
melvster
so i have a couple of blogs one wordpress, one smob but i dont think smob is developed anymore but it used to be a distributed microblogging service
#
melvster
but i suppose i can write a simple blogging engine if necessary
#
barnabywalters
hm, I have not come across smob before
#
barnabywalters
I think there are a few wordpress plugins which allow you to do POSSE-like publishing from WP
#
melvster
it's quite old and im not sure if its still maintained
#
barnabywalters
I’m seeing PHP errors on the front page
#
melvster
hmm maybe i should just remove it
#
barnabywalters
right now, quite a few of us are writing our own indieweb blogging/microblogging software
#
melvster
thanks for the heads up ... yes that does look a bit of a mess!
#
melvster
oh cool
#
barnabywalters
and we tend to be open sourcing useful components we’ve built instead of the entire things
#
barnabywalters
e.g. I made a microformats 2 parser
#
barnabywalters
I think the general approach is “I’m going to make something which works for me right now, and the release it to the public when it’s stable”
#
melvster
one thing i discussed with tantek was that maybe it would be cool if we could get a prototype of person to person messaging working
#
melvster
facebook have this feature and it's quite popular
#
melvster
but they are a single site
#
barnabywalters
melvster: private messaging (as in secure, encrypted)?
#
barnabywalters
there was some work done at IWC portland this(?) year to develop person-to-person messaging: http://indiewebcamp.com/projects#IndieWeb_Messaging
#
melvster
barnabywalters: i like to build things with an incremental approach where possible, so to begin with you might not need encryption and/or security for the initial prototype, but that can be layered on top after you reach step 1 ... does that make any sense?
#
barnabywalters
melvster: sure!
#
barnabywalters
so it looks like http://aaronparecki.com/2011/213/article/1/indieweb-messaging is a working if insecure protoype
#
barnabywalters
which has been implemented on a couple of sites
#
barnabywalters
so that looks like a good starting point to build from
#
melvster
so the 3 classic models i take for messaging are 1) postal mail 2) email 3) the teleophone ... it strikes me that in those 3 scalable systems the key thing is to know the address/identity of the other party in a non colliding way
#
melvster
the web version of this it would be logical to use an HTTP URI
#
melvster
and for messaging it could be as simple as HTTP POST
#
barnabywalters
I think that’s what indieweb-messaging proposed
#
barnabywalters
all you need to do to send a message is send a POST request to the recipients url
#
melvster
facebook also have a pretty nice API to do this RESTfully
#
barnabywalters
melvster: I have not played with the fb messaging API, but I do know they expose XMPP
#
melvster
you basically have the recipient, a title, the descriptoin
#
barnabywalters
my ideal for 1-1 messaging on the web would be something like indieweb-messaging, but with public key verification and encryption
#
melvster
but in their case they add a link and a picture too (optionally)
#
melvster
have you seen crypto cat?
#
barnabywalters
it’s something I did have a go at implementing using Salmon, but turns out Salmon’s hideously complicated and depends on Webfinger which is yuk.
#
barnabywalters
melvster: nope (looks up)
#
melvster
well webfinger we just dont know what it will be right now ... it's in its 4th year and changes often, but great idea in principle
#
melvster
ive heard that everyone implements salmon differently yes
#
melvster
an interesting point on webfinger
#
barnabywalters
melvster: I used to think webfinger was the solution to all our identity problems. Then I tried to actually use it, and now I hate it ;)
#
barnabywalters
DRY violating, dependant on non-web IDs which can be hugely confusing… I’m not keen on webfinger
#
melvster
i was explaining it to timbl (tim berners lee) at tpac this week and he said the most logical place to get information on an email address is SMTP! he also said they actually implemented it but turned if off as it was deemed a security risk :)
#
barnabywalters
hah, that makes sense!
#
barnabywalters
just like the only way to “verify” an email address is to send mail to it :)
#
barnabywalters
I didn’t know the IANA had rolled out the .cat domain yet!
#
melvster
david dahl of mozilla did a very impressive demo of encyrpt/decrypt in the browser
#
melvster
so maybe we can do better than crypto cat using shared secrets, security by obscurity, or assymetric pki
#
barnabywalters
actual cryptography is more singpolyma’s field than mine
#
melvster
'bob.com asks alice.com "did you send this message?" and presents a small factoring problem to solve'
#
melvster
interesting
barnabywalters_ joined the channel
#
melvster
nice that you can use curl
barnabywalters_ joined the channel
#
barnabywalters_
melvster: yep, it’s a nice straightforward protocol
#
melvster
did you know there's a way to attack a public key onto curl?
#
barnabywalters_
melvster: ooh, that sounds interesting
#
melvster
either a GPG key or a .p12 or SSH key works with it I think
#
melvster
im not saying that the best way to do it, just that it's a possible option
#
melvster
--pubkey
#
barnabywalters_
my previous attempt to do verifiable 1:1 messaging on the web was pretty much indieweb-messaging but wrapped in a magic envelope
#
melvster
is for the private key
#
barnabywalters_
is off to have lunch. Back in a bit
#
melvster
that works too ... ok nice to chat to you!
barnabywalters, morrocco_mole, dascher, zztr, sandeepshetty, borior, tilgovi, aaronpk_ and josephboyle1 joined the channel