#indiewebcamp 2014-09-16

2014-09-16 UTC
gavinc, moizsyed and mdik joined the channel
#
@RonKJeffries
This status started at my IndieWeb http:/ronkjeffries.withknown.com site. Brid.gy will send me my Twitter activities. Cool. @withknown
(twitter.com/_/status/511675813733748736)
paulcp_, parzzix, moizsyed and parzzix_ joined the channel
#
parzzix
Hello everyone, new here.
#
GWG
Hi, parzzix
#
parzzix
Saw thing about indieweb on twig. I really like the concept
#
GWG
parzzix: Thinking of joining in?
gRegor` joined the channel
#
parzzix
Yes I am GWG
#
GWG
parzzix: Have you a domain?
#
parzzix
A couple...lol.
#
kylewm
hi parzzix, welcome!
#
parzzix
Was thinking best to use my name.. timapple.com have a blog there now. Thought I may replace it with known
#
GWG
parzzix: It's an option. Some people prefer to roll their own solution.
#
parzzix
Or are their better options?
#
GWG
I'm sticking to Wordpress myself.
#
GWG
parzzix: All options are good.
snarfed1 joined the channel
#
parzzix
I figured I may throw known on a digitalocean droplet. With nginx instead of apache...or I may try hosted a little bit just to get a feel.
#
kylewm
parzzix: Known is awesome
#
gRegor`
Welcome, parzzix!
#
GWG
kylewm: Agreed. But, like many things...you should make a full decision.
#
kylewm
hehe, yes that's true, GWG
#
gRegor`
Ooh, running ghost, parzzix?
#
kylewm
it takes a little bit of work to get Known to talk to nginx, elliottucker posted about it
#
GWG
kylewm: What if he wanted to use Redwind?
#
parzzix
I always have trouble get apache going without maxing my resources
#
parzzix
Whats redwind?
#
GWG
Who doesn't?
#
kylewm
what is Red Wind?
#
kylewm.com
edited /Red_Wind (-9) "/* Description */ add <dfn>, re-word slightly"
(view diff)
#
kylewm
what is Red Wind?
#
Loqi
Red Wind (source code) is Kyle Mahan's IndieWebi-ready blog software written in Python and running on Flask http://indiewebcamp.com/Red_Wind
#
gRegor`
parzzix: Since you have a domain alraedy, and links to social networks, you could sign in to the wiki easily. That's a common early step we recommend: http://indiewebcamp.com/How_to_set_up_web_sign-in_on_your_own_domain
#
gregorlove.com
edited /Red_Wind (-1) "/* Description */ typo"
(view diff)
#
kylewm
thx, gRegor`
#
parzzix
so who is the winner in the redwind vs known debate...lol
#
gRegor`
Though "IndieWebi-ready" is kinda fun to say
#
kylewm
parzzix: you have to read the next sentence of the description ;) "...but unstable and undocumented and probably not of much use to anyone but the author, at least for now."
#
gRegor`
parzzix: Well, you have a site with a blog already, so that's a great start. Are you looking to move away from Ghost?
#
GWG
parzzix: Lots of choices. I just wanted to make the point is that Indieweb is not Known.
#
kylewm
GWG++
#
Loqi
GWG has 19 karma
#
GWG
That's the point. The Indieweb is Independent of platform.
#
gRegor`
"indieweb" is a plurality. Lots of people using different server software, blog software, but interacting with a core set of protocols / building blocks. It's really flexible that way.
#
parzzix
gRegor`, not exactly. But I like to keep it simple, I'm not a coder by any means. And the Idea of throwing things under one umbrella easily is appealing.
scor joined the channel
#
gRegor`
Yeah, good point. Known is solid and will have good support here, too.
#
GWG
It is very tempting.
#
kylewm
Ghost seems promising, but I don't *think* anyone has written indieweb plugins for it yet
#
GWG
kylewm: A challenge
#
gRegor`
Does it have a plugin architecture yet?
#
parzzix
I wonder if I self host, will known udate through itself, like wp. Or will I have to manually have to update via command line.
#
gRegor`
It's been a while, but last I heard it was "coming"
#
parzzix
gRegor`, it is very nice, plugin api isn't released yet, but coming
#
gRegor`
doesn't know the Known update procedure on self-hosted.
#
kylewm
no plugin api? that is... disappointing
#
gRegor`
Yeah :/
#
kylewm
parzzix: Known does not auto-update (yet?)
#
gRegor`
I'm totally guessing, but I presume the Known update process should be relatively painless. Upload new files, maybe run a PHP script that updates the database.
#
gRegor`
Also, since the creator is a regular in here, and it's written in PHP, you should find good support in here. :)
#
parzzix
They say they will eventually let us move to self hosted. Maybe I'll ride the hosted path a little until it's out of beta.
#
gRegor`
Sounds like a good idea. A couple people here have set up subdomains to try out the self-hosted version
#
kylewm
+1 that plan. and i think you can message them if you want to redirect your domain name to whatever.withknown.com
#
parzzix
ok....cool, I think I will give it a go.
lukebrooker joined the channel
#
parzzix
what do the withknown folks go by on here?
annevk_ joined the channel
#
kylewm
parzzix: benwerd and erinjo
annevk joined the channel
#
@parzzix
Just started using Known... joining the #indieweb
(twitter.com/_/status/511689559285825537)
#
parzzix
Lol....How did that just happen?
#
parzzix
kylewm, thanks
#
GWG
parzzix: Magic
#
parzzix
GWG, interesting
snarfed joined the channel
#
kylewm
parzzix: Loqi searches twitter for a handful of terms, like indieweb and indiewebcamp
#
GWG
He does tricks
#
GWG
Who is kylewm?
#
GWG
That one used to work
#
GWG
What is kylewm?
#
Loqi
It looks like we don't have a page for "kylewm" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=kylewm
#
kylewm
thanks, deletionists
#
kylewm
(just kidding, I think I asked aaron to delete it)
#
GWG
kylewm: You'll always be the poster child for my webmention testing.
GWG, chrissaad and npdoty joined the channel
#
gRegor`
who is tantek?
#
gRegor`
Course Loqi takes a break now
#
Loqi
yeah!
#
gRegor`
no
#
rascul
Loqi doesn't know who we are
Loqi joined the channel
#
tantek
welcome back Loqi!
#
Loqi
dude
KartikPrabhu joined the channel
#
tantek
Loqi, are you going to now post all those tweets you missed while you were sleeping?
scor, Pea1, Sebastien-L and chrissaad joined the channel
#
dlyke
kylewm, re webmentions: Yeah, I'm already looking for mentions to blog entries from sites in my OPML feed reader. I want to expand this to find friend's OPML files (or maybe I just need to semi-intelligently spider links in sites I read looking for more RSS feeds)
#
dlyke
kylewm but that lets the spam problem be one of inclusion and discovery through semi-trusted sources, rather than exclusion, as webmention is.
#
dlyke
kylewm also, Webmention looks like a horrendous DDOS amplification attack vector, and given that the guys next cube over spend much of their days figuring out how to mitigate amplification attacks, that's a concern.
#
kylewm
dlyke: barnabywalters has done a little thinking about spidering 2nd level mentions and XFN friend lists to make a pretty inclusive whitelist
#
tantek
ooh - anything coded?
#
barnabywalters
but yeah building a webmention spam/abuse-prevention proxy is one of the goals of Shrewdness, and one of the false starts made before building it as mentioned on indiewebcamp.com/Shrewdness
#
kylewm
dlyke: but I definitely like the idea of getting out in front of some of this. could you elaborate on the DDOS issue? basically I send a thousand webmentions to a thosand servers with the 'source' all set as the attack target, and then those thousand servers all try to GET at once?
#
dlyke
kylewm: exactly.
#
tantek
that DDOS issues has not be a problem in practice, since e.g. Pingback has the same vulnerability, and that particular issue has not been a problem with Pingback
#
tantek
(other problems have)
#
bret
we must have higher hopes for webmention! >:D
#
tantek
(and Pingback is far far more widely deployed)
#
dlyke
Yeah, I went and looked at my logs yesterday... added a whole bunch more IP addresses to my ufw rules, but I definitely don't want to recreate the {track,ping}back disaster.
#
dlyke
But I'm light-weight spidering (checking for changes in as light a weight way as HTTP allows) 196 RSS feeds daily for mentions to my blog, there's no reason that couldn't be a few thousand.
#
dlyke
And I could probably do half that spidering off my feed reader anyway if I thought that was getting too heavy-weight.
#
ben_thatmustbeme
i like the idea a while back of shared black-list / white-list with friends
#
ben_thatmustbeme
as far as the spam issue
Reykjavik___ joined the channel
#
dlyke
tantek, searching for "pingback ddos", or asking the ops guys in the next cube over, suggests that it is a pretty big problem.
#
KartikPrabhu
dlyke: is it good to try and "solve" this, even before one DDOS has been done using webmention?
#
bret
how do you even solve ddos issues?
#
dlyke
KartikPrabhu, so far as I can tell, the only reason webmention isn't a vector like pingback is is that it isn't widely deployed yet.
#
KartikPrabhu
same for spam. but trying to solve a problem before it even exists is strange
#
@hugoroyd
@tieguy except brid.gy is agnostic regarding which platforms you use as long as it supports #webmentions
(twitter.com/_/status/511903977701924864)
#
bret
if you started getting ddos'ed via webmention, wouldn't the easiest thing to do is turn of webmention?
#
dlyke
The vector for spam seems largely to be from the lack of an introduction protocol. If you just do mention discovery by friend-of-a-friend RSS feeds, you have an opt-in spam prevention system, rather than opt-out.
#
@dsearls
RT @indieboxproject: @stopthecyborgs @charlieok @bruces #indyIOT: I like it! Or better #indieIOT to go with #indieweb, indie music etc.?
(twitter.com/_/status/511904260360261632)
#
@dsearls
RT @stopthecyborgs: @indieboxproject @charlieok @bruces cool can't believe noone coined it before should connect with #indieweb also check …
(twitter.com/_/status/511904382406098944)
#
dlyke
bret, having been through this with three different protocols before (Referer tracking, trackback, pingback, and, yes, all with "make sure the linked page actually references your page"), I'm uninterested in doing much more coding to recreate the mistakes of the past.
#
kylewm
bret: the DDOS wouldn't look like a webmention to you though, it'd just be somebody fetching a random page on your site
#
dlyke
I don't have anything against y'all doing webmention, aside from what names the ops guys in that next cube over will be calling it if it ever gains traction, I'm just interested in a different way to build that network of discussion.
#
kylewm
KartikPrabhu: i agree insofar as solving a problem that doesn't exist is premature optimization, but if webmention is a "better version" of a protocol that does have those problems, we know they're coming :)
eschnou joined the channel
#
bret
dlyke: what do you think would work? anything that already exists? propsals?
frzn joined the channel
#
frzn
hey guys, which server are you using?
#
dlyke
As I said, what I'm doing right now is spidering my OPML file for RSS feeds, checking for mentions of my site in those RSS feeds. What I'd *like* to do is auto-discover the next ring out of RSS (and, yes, Atom) feeds.
#
bret
frzn: whichever one you want! a pretty good mix of apache and nginx
#
frzn
I'm finally configuring my domain: www.leal.io
#
frzn
bret: I mean Amazon AWS, DigitalOcean, etc. I'm planning to us DO, because they are very cheap and reliable
#
bret
frzn: DO is definately a fav around here. linode also. I use FDC servers but not a fan of them
#
KartikPrabhu
frzn: might want to look at : http://indiewebcamp.com/hosting
#
dlyke
I think FOAF had some capability for this, but nobody ever really published anything interesting in that...
#
frzn
KartikPrabhu: great!
#
bret
dlyke: do you have examples of discovered info?
#
dlyke
Design sucks, but see the "inbound links" section on an entry like http://www.flutterby.com/archives/comments/20030.html
#
neuro`
dlyke: the design is OK :)
#
tantek
dlyke: thanks for the heads about searching for it. re-reading now.
#
dlyke
(Amusingly, I'm finding that I link back to myself a lot)
#
dlyke
tantek, yep. Of course Wordpress overall is a hosting provider's worst nightmare.
#
barnabywalters
would the suggested fix in the original wordpress bug report (of only fetching if the webmention request came from the same host as the source URL) work?
#
bret
dlyke: overal design is simple, but tottally fine. what would make that better is actually present useful information from that link in thread like the actual comment or conversation thread if approrpiate
#
barnabywalters
can host be spoofed if the sites are both using TLS?
#
bret
ohh barnabywalters are you hinting at using ssl as a trust mechanism for wm?
#
barnabywalters
bret: asking if it is possible, because I don’t know much about it
#
dlyke
bret, yes: I should probably coordinate with the few people who converse with me that way to put some sort of excerpt/mention tag in their site so I can easily figure out a good excerpt to grab. Or just grab the whole damned thing.
#
bret
uf2 is exceptional for that purpose :)
#
bret
sorry microformats 2
#
kylewm
barnabywalters: i was wondering that too. it would be a bummer for willnorris's go/webmention command line thinger
#
barnabywalters
kylewm: yeah, and things like bridgy. But they could just be added to a whitelist
#
bret
what about gpg signed wm?
#
bret
source, target, signature
#
barnabywalters
bret: super complicated and requires private keys on servers
#
bret
true
#
bret
hrmmm
#
barnabywalters
otherwise some sort of crypto would be an excellent solution
#
barnabywalters
except it would just DDOS people’s public keys instead :)
#
dlyke
I think the real question is: What does the auto-discovery mechanism get you? RSS sucks because it's polled, but Webmention+whitelist is really just recreating NNTP, but less elegantly.
#
bret
ha true
#
bret
im sorry did you just call NNTP elegant? :p
#
dlyke
bret, only in comparison :-)
#
barnabywalters
can someone who understands such things please clarify whether TLS + source host checking would fix the problem?
#
dlyke
(Wondering if I should re-enable the NNTP gateway in my blog software)
#
bret
i dont see it
#
bret
do it
#
dlyke
Just source host checking would help the DDOS issue (if everyone implements it), but won't do anything against the spam problem.
#
barnabywalters
if nothing else it’s a good incentive for people to implement TLS on their sites
#
bret
dusts off my file decompressions software from the good old days of usenet
#
barnabywalters
dlyke: that’s fine, they’re completely different issues
#
dlyke
barnabywalters: agreed.
#
bret
curiouse about the TLS stuff... would it be similar to dkim signed emails?
#
bret
publicly, whitelisting could be maintained by some kind of community hub similar to how bridgy works
ShaneHudson joined the channel
#
bret
part of the wm verifications is pinging the hub with the source and essentially asking, "is there any reason to know this person?"
#
KartikPrabhu
is still not sure these should be called problem yet :P
#
bret
could be*
#
barnabywalters
KartikPrabhu: well, the DDOS stuff has been demonstrated publically several times
#
ben_thatmustbeme
hmm, that should take care of it... should be able to edit and/or delete comments from my site now
#
barnabywalters
and webmention is pingback without the XMLRPC
#
KartikPrabhu
dlyke: what is NNTP?
#
dlyke
KartikPrabhu if we reinvented open SMTP gateways but said "It's okay, because HELO and EHLO are now deprecated in favor of OLEH", we'd all be rolling our eyes.
#
bret
dlyke: the orgins of wm was literally "hey pingbacks look useful for notification but they use xmlrpc, lets just do pure http parameters"
#
neuro`
tantek: hilarious (or not)
#
KartikPrabhu
dlyke: errr I didn't understand any of that unfortuntely :P
#
tantek
dlyke - I believe the state of /webmention vulnerability to spam is fairly well documented at the top of http://indiewebcamp.com/spam#The_Coming_Spam_Storm
#
dlyke
KartikPrabhu NNTP is Network News Transfer Protocol, a system for distributing articles that underlies the (alas, now no longer usable because of spam) Usenet discussion network which used to be the backbone of Internet discussions, but is also used in many private discussion networks.
#
kylewm
dlyke++ for innovating OLEH
#
Loqi
dlyke has 1 karma
#
tantek
feel free to add more to that if you think more warning / caveats are needed
#
tantek
dlyke what's your personal site (sorry if I missed it earlier)
#
dlyke
tantek, yeah, that's why I'll probably turn off webmentions, and an hoping for a proactive rather than reactive discovery system.
wolftune joined the channel
#
dlyke
KartikPrabhu re "... didn't understand any of that ...", I hate to be an old fart, but "...something something learn from history condemned to something..." [grin]
#
tantek
dlyke the approach I've been taking is to be very upfront about documenting the expected vulnerability, while still building upon the tech since it is very simple to build upon
#
tantek
s/vulnerability/vulnerabilities
#
Loqi
tantek meant to say: dlyke the approach I've been taking is to be very upfront about documenting the expected vulnerabilities, while still building upon the tech since it is very simple to build upon
#
dlyke
tantek, I'm also "danlyke" but logged in from work IRC, where I have identity conflict issues. So blog is at http://www.flutterby.com/, personal publishing happens from http://www.flutterby.net/User:DanLyke
ShaneHud_ joined the channel
#
bret.io
edited /spam (+99) "/* Other */ Added link to pump.io's spam filtering tool"
(view diff)
#
KartikPrabhu
dlyke: what i mean to say is, "turning of webmentions" because it might be used for spam in the future is pre-mature
#
tantek
dlyke: go ahead and add yourself to http://indiewebcamp.com/irc-people
#
www.flutterby.net user:danlyke
edited /IRC_People (+103) "/* Nicknames */"
(view diff)
KevinMarks_ joined the channel
#
dlyke
KartikPrabhu well, my webmention implementation is also really half-baked, and I'm also looking for a compelling reason to finish it vs pursuing alternate mechanisms which don't explicitly recreate the problems of the previous systems.
bitwit joined the channel
#
dlyke
tantek, done, on the same line so it's obvious I'm the same person (identity is hard)
#
barnabywalters
another anti-DDOS option is to require a hashcash header/parameter of suitable difficulty
#
barnabywalters
which could be implemented in addition to other measures
#
barnabywalters
is currently testing HTTPS+host checking
#
tantek
dlyke: ooh I think that might break the Loqi parser
#
dlyke
Does the Loqi parser deal with separate lines okay?
paulcp joined the channel
#
dlyke
tantek, actually, I should probably just use a different client for personal IRC, huh?
#
tantek
a bunch of us just add _s to the end of our nicks
#
tantek
and Loqi knows to associate those with the same person
#
@SocialSafe
Don't miss our simple guide showing you how to download your #Facebook Messages: http://www.slideshare.net/socialsafe/how-to-download-all-your-facebook-messages-to-your-own-machine-with-socialsafe #YourLifestyle #OwnYourData
(twitter.com/_/status/511912817017225216)
#
dlyke
Okay, let's see if Loqi is better with that.
#
ben_thatmustbeme
problem is my name is too long to add an _ at the end
#
Loqi
yeah!
#
@RonKJeffries
What's new w/ http://pump.io @evanpro ? Are you active in #indieweb, e.g. @kevinmarks Also http://withknown.com seems interesting
(twitter.com/_/status/511913174581641217)
#
danlyke
Hah! Or, maybe, rather than cluttering up the wiki I should just learn how to use IRC.
#
ben.thatmustbe.me
edited /IRC_People (+115) "/* Nicknames */ alt_nick"
(view diff)
#
barnabywalters
it looks like getting the request host (at least from my VPS) is totally unreliable, but the IP is reliable, so looking up the IP of the source domain and comparing it to the client IP might work
paulcp_ joined the channel
#
tantek
who here is in SF and available to post an indie event for http://indiewebcamp.com/events/2014-09-24-homebrew-website-club ?
#
danlyke
tantek did you mean "post" or "host"? I'm North Bay, but could probably work out technical issues for "post". Nobody's gonna come up to Petaluma if I offered to host, though.
#
tantek
well post - if you have the ability to post indie events
#
tantek
not many do!
#
danlyke
tantek: Ah, yeah. See my earlier comments about half-baked webmention implementation... But, good counter-example to my assertion that friend-of-friend trust web discovery is sufficient.
#
tantek.com
edited /Known (+96) "known knowns"
(view diff)
#
tantek
danlyke - you could use /irc-people as a first-order white list :)
#
ben_thatmustbeme
tantek, indie events is on my todo list
#
ShaneHud_
I don't really have the indie event use-case currently, being in the UK. But think I could set it up pretty quickly
#
tantek
ben_thatmustbeme: I don't see events on your list(s) here: http://indiewebcamp.com/User:Ben.thatmustbe.me ;)
#
tantek.com
edited /Events (+0) "move 09-10 HWC to recent"
(view diff)
#
ben_thatmustbeme
well "expand to other types (currently only posts and notes)"
#
tantek
!tell benwerd are you able to make it to Homebrew Website Club meetup on the 24th? http://indiewebcamp.com/events/2014-09-24-homebrew-website-club
#
Loqi
Ok, I'll tell them that when I see them next
#
ben_thatmustbeme
that kinda covers it.. but you are correct, I am currently just keeping my todo in google keep
#
tantek
I encourage you to share on the wiki!
#
ben.thatmustbe.me
edited /User:Ben.thatmustbe.me (+218) "OpenBlog TODO list updated"
(view diff)
#
ben_thatmustbeme
btw, tantek, did you see that conversation of micropub syndicate-to / in-reply-to with multiple values discussion? It was short
#
ben_thatmustbeme
micropub uses ',' to seperate URLs, don't know how common a url with a comma in it is
#
tantek
ben_thatmustbeme: interesting - not common in indieweb. w3c uses them a bunch.
#
ben_thatmustbeme
for syndicate-to i could see it being not much of an issue, its rare that they will have a fragment, fragmention, media query, or anything like that
#
ben_thatmustbeme
but for in-reply-to (as I want to add ability to have micropub submit multiple) it could certainly come up
#
www.flutterby.net user:danlyke
edited /IRC_People (-128) "/* Nicknames */ removing dlyke dupe of danlyke because I figured out IRC"
(view diff)
#
barnabywalters
okay I implemented anti-DDOS measures on my webmention endpoint
aaronpk_ joined the channel
#
barnabywalters
hello aaronpk_!
#
barnabywalters
trying to make waterpigs.co.uk help DDOS a site from the command line is now hopefully nontrivial
#
aaronpk_
ooh did you write that up anywhere?
#
barnabywalters
aaronpk_: just about to
chrissaad joined the channel
#
danlyke
tantek so spidering http://indiewebcamp.com/irc-people still means I need to dig through the /User:... pages looking for likely URLs that might host RSS feeds. Any brainstorms for not just spidering every damned link on someone's user page there?
#
tantek
danlyke - nope, no need to dig. just use the domain after the "User:"
#
aaronpk_
does anyone happen to have logs from this channel from 7:15pm PDT last night until 8am PDT this morning?
#
tantek
no spidering, just parse /irc-people
#
tantek
in fact
#
jonnybarnes
barnabywalters: kind of nice
#
tantek
danlyke - go get the URLs from the h-cards: e.g. http://pin13.net/mf2/?url=http://indiewebcamp.com/irc-people
#
jonnybarnes
but wouldn't this stop me from going crap my website borked, lets manually send the webmention to waterpigs.co.uk?
#
barnabywalters
jonnybarnes: yep, it has exactly that problem
#
barnabywalters
I’m also going to implement accepting a hashcache parameter though, to give people another option
#
bret
i am likely not going to be sending wm from the same server as the site. this is going to break that no?
#
jonnybarnes
ahhh, I get it, without this waterpigs.co.uk would make a request from the source url, so someone could use all these webmention endpoints in a DDOS attack
#
barnabywalters
bret: unless additional measures (e.g. hashcash) are implemented, then yes
#
jonnybarnes
could one also think about reatelimiting requests to the webmention endpoint?
#
jonnybarnes
*rate-limiting
#
bret
i read that as realtiming
#
ben.thatmustbe.me
edited /User:Ben.thatmustbe.me (+193) "/* OpenBlog */"
(view diff)
#
barnabywalters
jonnybarnes: single site rate-limiting doesn’t solve the problem — it’s *distributed* DOS which this is preventing
#
bret
seems like the payoff of ddosing an individuals site woudld be pretty weak
#
jonnybarnes
as in if someone gets a load of computers to all make requests to your endpoint tp make your endpoint make *loads* of requests to the source?
#
@techlifeweb
#indieweb folks, when you POSSE, are you indicating that your content is syndicated? I’m experimenting. http://t.co/L3HMPrWRD1
(twitter.com/_/status/511923880760717312)
paulcp and aaronpk joined the channel
#
jonnybarnes
how come #indiewebcamp has moderators but #indiechat doesnt?
#
aaronpk
I didn't register #indiechat
#
jonnybarnes
also barnabywalters, how are you checking ip address/hostname? as in my vps has several domains pointed at its ip address, could that cause a hiccup?
#
barnabywalters
jonnybarnes: currently writing it up w/ example code
#
jonnybarnes
excellent
#
danlyke
tantek aha! duh. Process to grab all of those sites HTML is running now, will then parse those for RSS, lather, rinse, repeat.
#
tantek
danlyke - no need to parse for RSS - get their h-feed via the same phpmf2 parser!
#
danlyke
bret, re effort to attack a single site: you'd be amazed at how much effort the unwashed masses will go through to make an individual's life hell, if, for whatever reason, they choose to pick on a person.
#
barnabywalters
I don’t know much about how DDOS attacks work, but I’m amazed that the cited wordpress pingback attack is actually a big deal, because the attacker has to send as many requests as are sent by the network
#
barnabywalters
is the problem that there isn’t a single IP address that the victim can block?
#
tantek
hence the first D
petermolnar joined the channel
#
barnabywalters
okay, understood
#
danlyke
barnabywalters, the problem is the amplification: If you can find a big file on a target site, you're only sending a few hundred bytes to the intermediate sites, but each of those can ask the target site to serve a few megabytes (if that target site is hosting, say, a video).
#
barnabywalters
danlyke: ah okay, so it’s not amplification of # of requests but of server load
#
danlyke
Exactly. Dealing with these issues in ntp(!) and DNS is a continuous ongoing process for any network provider.
#
danlyke
let alone HTTP meta-protocols.
#
barnabywalters
so that particular aspect could maybe be prevented by clients doing a HEAD request and check for a text/html content type before fetching full content
#
barnabywalters
but it still doesn’t prevent the hundreds of thousands of fake requests
#
barnabywalters
(by “clients” I actually mean webmention-supporting sites)
#
danlyke
barnabywalters: yes, but the Content-Length of flutterby.com's index.html is currently 46131 bytes, if the initial POST request can be made in 400 bytes, that's a 100 to 1 amplification right there.
Sebastien-L joined the channel
#
danlyke
If you hit someone's dynamically generated page, you can not only peg their bandwidth, but also their CPU to unusable levels (happened to me when some guy in Russia was spidering a friend's site hosted on one of my colo servers).
#
ben_thatmustbeme
yay, https for everything on my site now
#
Loqi
giggles
#
ben_thatmustbeme
1 line change and a few references fixed, (i was still using a gravatar link)
#
ben_thatmustbeme
oh, actually, 3 lines, 2 in .htaccess
#
KartikPrabhu
any recommendations on installing and running a local dev copy of Wordpress on Linux? The internet at large does not seem to be good at actual recommendations
#
danlyke
tantek ah, seeing the "h-feed" now on some of those linked pages. Seems way easier to get the <link rel="alternate" Atom & RSS feeds than debugging yet another parser...
#
danlyke
KartikPrabhu uh? Install your favorite distro (I use Ubuntu at home, SL6 at work, both suck in different ways), they probably have a default Apache package, install WordPress under that?
#
tantek
danlyke - no need to debug as lots of folks running it depending on it already
#
GWG
KartikPrabhu, where are you failing?
#
KartikPrabhu
GWG: errr I don't know how to start to fail... :P
#
GWG
Did you read the 5 minute install?
#
waterpigs.co.uk
created /DDOS (+2342) "Stubbed page with definition, webmention example, potential solutions, example code, myself as indieweb example"
(view diff)
#
barnabywalters
okay, finally got that done
#
barnabywalters
bret jonnybarnes danlyke please review ^^^
#
barnabywalters
heading off now, bbiab!
#
KartikPrabhu
GWG: I have installed wordpress on ubuntu from the repo. How do I do something with it thgouh?
#
kylewm.com
edited /webmention (+154) "/* Issues */ add link to DDOS page"
(view diff)
pauloppenheim joined the channel
#
GWG
I've never used a repository. Not sure where they put the configuration file
#
waterpigs.co.uk
edited /DDOS (+232) "Added additional possible preventative measure, using expiring webmention endpoints"
(view diff)
#
bret.io
edited /DDOS (+468) "/* Webmention */"
(view diff)
#
tantek.com
edited /h-card (-1) "fix simple example"
(view diff)
#
aaronparecki.com
edited /DDOS (-470) "pre tags"
(view diff)
#
aaronpk
edit conflict?
#
aaronparecki.com
edited /DDOS (+468) "resolve edit conflict"
(view diff)
#
tantek.com
edited /Talk:h-card () "(-778) fixed error - thanks for the report!"
(view diff)
#
tantek.com
edited /why (-50) "/* See also */ remove some links that are not helpful"
(view diff)
cmhobbs_ joined the channel
#
kylewm.com
edited /Known (+300) "added link to elliottucker's nginx howto"
(view diff)
#
kylewm
does anybody here publish an XFN style friends list?
#
bret
tommorris i think
#
kylewm
bret: ah, thanks!
#
jonnybarnes.uk
edited /DDOS (+211) "/* Webmention */ comment that cURL requests should still be possible"
(view diff)
#
kylewm.com
edited /spam (+4) "/* Spam Prevention Service Brainstorming */ link XFN"
(view diff)
#
www.flutterby.net user:danlyke
edited /DDOS (+111) "/* Webmention */ added suggestion to spread load out temporally"
(view diff)
#
kylewm.com
edited /XFN (+123) "add IndieWeb Examples and tommorris"
(view diff)
alexhartley joined the channel
#
@kyle_wm
RT @jkphl: #IndieWeb folks, this may be one for you: #bono14 tickets on sale now, first speakers announced. Thx for ur support! https://t.c…
(twitter.com/_/status/511936655763058688)
paulcp, chrissaad, alanpear_ and alanpea__ joined the channel
#
@mfbonafide
RT @PBSMediaShift: IndieWeb advocates launch Known so bloggers can be social and still control their content (@mathewi via @GigaOm) http://…
(twitter.com/_/status/511939073326723072)
#
bret
!tell barnabywalters you also managed to break your "Written a response to this post? Let me know the URL:" box :(:(
#
Loqi
Ok, I'll tell him that when I see him next
alanpear_ and indie-visitor joined the channel
#
Loqi
Welcome, indie-visitor! Set your nickname by typing /nick yourname
#
ben_thatmustbeme
woah, i changed to https:// and brid.gy resent every comment/like
#
danlyke
ben_thatmustbeme (and others doing SSL/https), what's the cheapest way to get SNI certs? I hate paying the extortion money to the CAs, but see that SSL is in my future...
#
KartikPrabhu
ok wordpress installed locally with success... phew
#
danlyke
KartikPrabhu: congrats!
#
alanpearce
You shouldn't need to pay for SNI.
#
alanpearce
It's a server/client thing
#
alanpearce
StartSSL's free cert will do just nicely
#
danlyke
alanpearce, thanks, a friend suggested that on my blog, but didn't link it and whatever I was typing in was redirecting to Trustico. I'll wade into the StartSSL thing and see about getting that working.
eschnou joined the channel
#
alanpearce
danlyke: Just make sure you generate your own CSR, they make it (too) easy for them to generate your private key for you.
#
danlyke
alanpearce thanks, yeah, I already distrust CAs...
paulcp joined the channel
#
KartikPrabhu
GWG: do you dev your theme locally?
#
KartikPrabhu
or any other Wordpress person? I have a local site setup now, but the only way to install themes is to upload a zip file through the wp interface...
indie-visitor joined the channel
#
ben_thatmustbeme
danlyke, I just ordered through my hosting provider (hostt.net) as they only had $12 per year certs
#
aaronpk
KartikPrabhu: themes are just in folders in the wp-content folder
#
aaronpk
you can edit files there
#
KartikPrabhu
oh cool... theanks aaronpk
#
gRegor`
danlyke: A good post that walked me through setting up a StartSSL cert: https://konklone.com/post/switch-to-https-now-for-free
barnabywalters joined the channel
#
kylewm
anybody have feelings for or against CAcert.org?
#
kylewm
as a free non-profit cert provider (that is not installed in browsers by default)
paulcp joined the channel
#
barnabywalters
has a cacert signup form somewhere
#
Loqi
barnabywalters: bret left you a message 49 minutes ago: you also managed to break your "Written a response to this post? Let me know the URL:" box :(:(
indie-visitor joined the channel
#
barnabywalters
bret: ugh yeah that’s a good point — I should add CSRF protection and allow those requests
#
aaronpk
i'm not convinced that's the best ddos protection technique
#
aaronpk
as bret points out, he won't be able to send you webmentions because his webmention code doesn't run on his web server
#
barnabywalters
given all the options I think the expiring webmention endpoint technique might be the best idea
#
bret
maybe only turn that on when you are being ddosd
#
aaronpk
yeah that's a neat trick. also doesn't require any changes to anybody's code!
#
barnabywalters
bret: it’s not a protection against being DDOSed, it’s protection against being used to DDOS others
#
kylewm
(except bridgy's)
#
bret
barnabywalters! ya that might work
#
aaronpk
bridgy caches the endpoints?
#
barnabywalters
it would mean that an attacker has to send 2x the amount of requests they want to make
#
kylewm
aaronpk: yes it does, short term at least
#
aaronpk
the only potential change needed is senders have to discover the webmention endpoint for each post with no caching
#
aaronpk
if you're already not caching, then no change needed (the vast majority of implemetnations i assume)
#
barnabywalters
how short term? probably fine to have them expire in an hour or a day
#
barnabywalters
really what you’re preventing is people building huge lists of webmention endpoints which can all be used for DDOSing
#
barnabywalters
which I’m assuming fixes the problem, but again do not have a solid understanding of this stuff
#
kylewm
yeah if there were some overlap where one is expiring and a new endpoint is turning on, that would probably be bridgy compatible
xtof joined the channel
#
barnabywalters
I’d probably implement it by encrypting the current time, then decrypting it and making sure it’s not from more than X seconds/minutes/hours in the past
#
barnabywalters
of course that approach can’t be used for static sites
#
aaronpk
that's a great use of self-encoded tokens. you really don't want to be storing those tokens anywhere :)
#
barnabywalters
okay, I’ll modify my existing code to do that instead of client IP checking
#
kylewm
barnabywalters++ great idea
#
Loqi
barnabywalters has 64 karma
#
bret
barnabywalters++
#
Loqi
barnabywalters has 65 karma
#
gRegor`
expiring webmention endpoints?
#
bret
Loqi, why didn't you think of this?
#
Loqi
is done
#
gRegor`
What does that mean?
#
aaronpk
the webmention endpoint you discover on one of barnaby's posts is going to change
#
aaronpk
and after some amount of time, the endpoint will not accept webmentions
ttepasse joined the channel
#
gRegor`
Ah. Hm.
#
aaronpk
so say you want to send a mention to this post: https://waterpigs.co.uk/notes/4Y9F2R/ you'd discover the webmention endpoint which might be https://waterpigs.co.uk/webmention?expires=20140916T130000
#
aaronpk
and then after that time the endpoint would not accept mentions
#
aaronpk
(of course the expiration date would be encrypted or signed so that it can't be forged)
#
Mark87
you'll have to have a scheme of randomizing the expiration resets
#
aaronpk
what do you mean?
#
barnabywalters
Mark87: not if the tokens are encrypted — the client only ever sees an opaque string
#
barnabywalters
not a hackable datetime
#
aaronpk
example of encoding that as JWT:
#
gRegor`
I was planning to / working on caching wm endpoints, so this is good to know.
#
bret
aaronpk. what about also expire after some random number of uses?
#
bret
barnabywalters ^^
#
gRegor`
sexy urls :)
#
Mark87
thats better, but what about also allowing different expirations for trusted partes. For instance, if a request comes in from bridgy, you might give them a weeklong, cacheable endpoint
#
aaronpk
you'd have to know who is fetching the page, but sure
#
Mark87
or is that a bad idea
#
barnabywalters
aaronpk: well to be fair that’s what my approach is at the moment
#
barnabywalters
or at least is attempting to do — obv. not everyone has a static IP
#
Mark87
no i think thats a bad idea
#
aaronpk
in fact pages fetched with an access token could return an authenticated webmention endpoint so that you know who is sending the webmention
#
aaronpk
"if the request comes from bridgy" is actually hard to know
#
barnabywalters
aaronpk: maybe we’ll worry about that when people are actually fetching pages with access tokens :)
#
aaronpk
yeah. for now time-based expiration is a good start
#
aaronpk
bret: yeah one-time webmention endpoints could work too, but then you'd have to store state somewhere
#
aaronpk
the advantage of time based ones is you don't need to store anything since everything you need is encoded
#
kylewm
mitsuhiko++
#
Loqi
mitsuhiko has 1 karma
#
aaronpk
i think i'm gonna go implement expiring webmention endpoints now too
#
Mark87
how are blogs who use a third party webmention server going to utilize expiring endpoints?
#
aaronpk
if the blog can run server-side code, then the blog and the third party webmention server could agree on how to generate expiring endpoints
#
barnabywalters
Mark87: there are also other measures (as specified on /DDOS) which can be used to mitigate this threat
#
aaronpk
e.g. for webmention.io, I could provide you a way to sign in and get a secret which you use to sign JWT tokens. that way your blog could encode the expiration date
#
barnabywalters
e.g. hashcash could work with hosted sites, but requires everyone to make code changes
#
aaronpk
hm, while we're encoding things in the webmention URL, I wonder if there's any benefit to also encoding the target_url
#
barnabywalters
aaronpk: what do you mean?
#
aaronpk
so your endpoint for this post https://waterpigs.co.uk/notes/4Y9F2R/ might also include the post URL in the encoded data
#
gRegor`
What is JWT?
#
Loqi
It looks like we don't have a page for "JWT" yet. Would you like to create it? http://indiewebcamp.com/wiki/index.php?action=edit&title=JWT
#
aaronpk
you could then compare the target_url sent int he webmention request against the encoded target and toss it out right away as spam if it doesn't match
#
aaronpk
gRegor`: on it :)
paulcp joined the channel
#
Mark87
I'm a little skeptical on the expiring endpoints. If I'm an attacker, the expirations prevent me from building a long-lived list of endpoints, but i can still build a list of urls that have endpoints. Presumably I can troll that entire list to get the latest endpoint list and then launch my attack. Expiring the endpoints just adds an extra step
#
mko
Agreed, Mark87.
#
aaronpk
there is never a perfect solution, so it's a matter of adding complexity for attackers and taking many incremental steps
#
barnabywalters
I’m guessing that requiring the extra step will be enough of a deterrant for a few years at least
#
barnabywalters
it prevents the attack which was used on wordpress, which was “I know the wordpress URL structure and I can get a list of wordpress sites”
#
kylewm
Mark87: mko: it takes away the amplification factor, they have to GET nearly as many bytes as they are forcing others to GET
#
reedstrm
agreed aaronpk - been there, done that, on a submit-a-bug web form. Had to leave it open to not-authenticated, so had to add every trick we could think of to avoid spambots. encrypted timestamp was one of those.
alexhartley joined the channel
#
reedstrm
Another was some honeypot fields - temptingly named fields in the form that were hidden via css, so real humans never filled them out.
#
aaronpk
honeypot fields are great. I did that with JS (swapping the value in JS so bots submit the wrong one) and that solved like 99% of form spam
#
kylewm
well, it reduces the amplification factor at least; i guess they could issue 100 webmentions to each of a thousand servers
#
mko
I'm not saying that it's not a good idea. I actually like the idea of them. I'm just not sure it solves the problem well-enough to be the first line of defense.
#
aaronpk
open to suggestions :)
#
barnabywalters
mko: well at the moment the problem is near-theoretical anyway
#
mko
Yeah. I've been lurking and thinking about it.
#
aaronpk
I also don't see any harm in doing so, especially since it doesn't require a protocol or code change
#
barnabywalters
but I was bored of the discussion so implemented something :)
#
aaronpk
barnabywalters++
#
Loqi
barnabywalters has 66 karma
#
mko
lol. I like that.
#
mko
barnabywalters++
#
Loqi
barnabywalters has 67 karma
#
barnabywalters
okay, rolled out expiring token endpoints
#
barnabywalters
bret: want to try sending that webmention again?
#
barnabywalters
you’ll have to do a lookup stage
#
bret
sure
#
reedstrm
btw, my experience w/ spam runs is that _any_ error code will send them off to the next target, even one that just requires a refetch to solve.
#
barnabywalters
is a little sad about not getting to use the client IP checking as it felt clever, but knows that is usually a bad sign anyway
#
ben_thatmustbeme
hmmm, i just realized, if I ask for post access when a person logs in i can easily check if they have a micropub endpoint and then let them reply to my posts without leaving my site
#
aaronpk
yeah, same. that's basically the "greylisting" email spam technique. if someone is sending you an email you first reply back with "come back later" and 80% of spam bots just go away, but real mail tries again.
#
reedstrm
(unlike the damn poorly coded spiders, who've been known to spin hard on a 4XX error to the point that I had to block it at the network stack layer, and was considering talking to upstream about a border blockade)
#
aaronpk
ben_thatmustbeme: yes but I am not likely to approve post access to your site
#
danlyke
reedstrm I have pages and pages of 404 and 5xx hits from the same IP address attempting to spam. I have yet to see evidence of error checking in spamming bots.
#
bret
barnabywalters HTTP/1.0 500 Internal Server Error
#
ben_thatmustbeme
aaronpk, yeah, I'd have to have some sort of interface for that to give some reason for it
#
barnabywalters
bret: dammit — thanks! looking into it now
#
ben_thatmustbeme
or maybe ask them to upgrade the first time they try to reply
#
ben_thatmustbeme
definitely not optimal though
#
aaronpk
you'd have to have a really good reason and I would have to trust you in person. I *may* be willing to issue you a short-lived access token, but even that is not likely
#
barnabywalters
heh, I’m getting yet more “attack” requests to /notes/tiki-register.php/
#
jonnybarnes
wow, rolling your own bookmarks service, nice
#
gregorlove.com
edited /comment (+81) "/* Make a comment */ Clarifying rel="in-reply-to" should only appear on the comment's permalink page"
(view diff)
#
jonnybarnes
I asked before but does anyone happen to know of a JS library to autosave form contents to localstorage?
#
KartikPrabhu
phew... finally setup local themeing so I can finally write a theme... even Wordpress is annoyingly hard
#
kylewm
it seems like there should be an easy way to say docker build wordpress-development-environment and go
#
gRegor`
Sorry to hear you chose WordPress, KartikPrabhu ;)
#
alanpearce
Probably more likely that there's a vagrant box for it than docker
#
bear
mail spam, anti relay configs, and other issues is what drove me to use mailroute as my primary mx and have them send me a sane mail streama
#
aaronpk
jonnybarnes: yeah it's part of Quill now so you can use it too :D
#
reedstrm
jonnybarnes: never used it but found http://sisyphus-js.herokuapp.com/ sounds about right.
#
gRegor`
What's the trouble you're running into with theme writing, though?
#
jonnybarnes
thanks reedstrm
#
KartikPrabhu
gRegor`: Wordpress does have pretty good plugin thigns going on though
#
KartikPrabhu
wow! 6 simultaneous msgs!
paulcp joined the channel
#
KartikPrabhu
gRegor`: the local WP install could not find a theme I put in the themes folder... turns out I had to simlink it to somewhere else and all that
#
jonnybarnes
aaronpk: and my token endpoint still works!!!
#
Reykjavik___
anybody have a suggestion about where to start with homesteading?
#
aaronpk
hooray!
barnabywalters joined the channel
#
aaronpk
jonnybarnes: click the "bookmark" link at the bottom!
#
KartikPrabhu
Reykjavik___: honmesteading as in posting to your own site?
#
aaronpk
also the bookmarklet is super useful! with it you can select text on a page, click the button, then it fills in the url,title and content on quill
#
jonnybarnes
aaronpk: presumably `bookmark` is for a URL?
#
gRegor`
KartikPrabhu: Odd. I've never setup a local WP for dev though
#
Reykjavik___
http://indiewebcamp.com/Homesteading is what i was more or less talking about. I'm pretty new to ruby but im trying to learn more about posting and then syndecating elsewhere
#
Reykjavik___
ruby is typically the best route to go right?
#
aaronpk
the best route to go is entirely up to you
#
aaronpk
there are good tools (parsers, etc) in Ruby, PHP and Node.js now
#
kylewm
and Python ;)
#
aaronpk
oh right
#
Mark87
i code all my websites in assembly
#
aaronpk
sorry :D
#
mko
Reykjavik___: Homesteading.io is actually not "ready to install" so it's actually more of a "Upcoming" platform.
#
jonnybarnes
Mark87: theres definitely a relavent xkcd for this
#
gRegor`
Binary or bust
#
mko
Reykjavik___: If you're looking for an off-the-shelf way to get started on the IndieWeb, you could try http://withknown.com if you wanted.
#
jonnybarnes
erm, does sisyphus ( https://github.com/simsalabim/sisyphus ) require jQuery?
#
kylewm
jonnybarnes: looks that way from its bower.json
#
jonnybarnes
poo, I dont use jQuery atm, was hoping to find something that didnt require it
#
alanpearce
You could always try to unravel it :)
#
Reykjavik___
i guess maybe if i were to explain it better, im more of a front end guy and designer and im trying to get my feet wet in more dev stuff. and parsing info has been something ive always been meaning to figure out
#
Reykjavik___
but im not quite sure where to start with it
Mark87_ joined the channel
#
Reykjavik___
wasnt sure if there were any good resources out there to explain parsing and syndicating better
#
alanpearce
Hmm, someone came up with the zen of indieweb the other day.
#
danlyke
benthatmustbeme yeah, namecheap sells Comodo certs for ~$10/year, but I can't tell if they're SNI and not SHA-1
#
alanpearce
But I forgot the quote :(
#
danlyke
gRegor` thanks, will get that set up on my various domains...
#
kylewm
Reykjavik___: do you have a domain name already?
barnabywalters joined the channel
#
gRegor`
Reykjavik___: Have you seen http://indiewebcamp.com/Getting_Started yet?
#
gRegor`
It's recommended to start with the simpler things. Set up basic contact info on a personal domain, set up web sign-in, and work your way up
#
Reykjavik___
ahhh im an idiot, i just found this page, http://indiewebcamp.com/POSSE i must've overlooked it
#
Reykjavik___
yeah good call, ill work my way up, thanks for the help guys
#
mko
Not an idiot. Onboarding and Wiki organization is something we're continually in need of improving.
#
gRegor`
Yep. Which reminds me, I started work on a revised Getting Started page. Need to get back on that.
scor joined the channel
#
danlyke
Not at all sure what this proves, but I grabbed all the pages of people listed in the irc-people page, and...
#
alanpearce
grep can count on its own with -c :)
paulcp_ joined the channel
#
alanpearce
Bit of a unix violation, but eh.
#
danlyke
alanpearce, -c prints the number of matches per file, and prints 0.
#
alanpearce
Oh, fun.
scor joined the channel
#
kylewm
love the low tech approach to indie-stats
#
danlyke
Also interesting:
#
danlyke
$ cat h-feed.txt rss.txt atom.txt | sort | uniq | wc -l
caseorganic, KartikPrabhu and barnabywalters joined the channel
#
kylewm
danlyke: practically speaking you can top-level h-entries as an h-feed even if there isn't one
#
kylewm
just fyi
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (+895) "/* Publish (on your) Own Site, Syndicate Elsewhere */"
(view diff)
Mark87 joined the channel
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (+0) "/* Set up your home page and web sign in */"
(view diff)
#
bear
alanpearce - I mentioned one at 14:10 here https://indiewebcamp.com/irc/2014-09-13
#
alanpearce
bear: the 14:14 one was better :D
#
bear
I thought so also
#
barnabywalters
bret: only just figured out what the webmention problem was, quite embarassingly simple :/
#
bret
hey hey! welcome to my world
#
aaronparecki.com
created /JWT (+594) "stub with dfn and links"
(view diff)
#
bret
barnabywalters should I try again?
#
barnabywalters
bret: should work now, yep :)
#
bret
oh oops need to get the new endpoint
#
bret
weeee
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (+1134) "/* Optional / Bonus Steps */"
(view diff)
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (+0) "/* Set up your home page and web sign in */"
(view diff)
#
danlyke
kylewm since I have the infrastructure to deal with RSS & Atom, I'll toss them in first.
#
danlyke
(Need to do some actual work before that, though...)
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (+337) "/* Share and Join Us */"
(view diff)
#
gRegor`
"Set up another indiewebcamp wiki" is an odd step for the Getting Started page, even if it's categorized as optional, heh
#
aaronpk
ha yeah
#
kylewm
if you want to make an apple pie from scratch...
#
neuro`
World is small. Browsing CC photos in Flickr to illustrate a blog post, ended picking one from adactio
#
neuro`
Too bad he's not here tonight
paulcp, krendil, wolftune and paulcp_ joined the channel
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (-180) "/* Get a personal domain */"
(view diff)
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (-7) "/* Get a place for your content */"
(view diff)
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (+12) "/* Get a place for your content */"
(view diff)
#
kylewm
neuro`: ha yeah i had that experience recently when i found the answer to a StackOverflow question from one of my coworkers
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (+4) "/* Set up a personal URL shortener */"
(view diff)
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started () "(-3605) /* Getting Started on the Indieweb */"
(view diff)
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (-10) "/* Get a place for your content */"
(view diff)
IanVellosa joined the channel
#
barnabywalters
bret: yay! thanks for the test ping
#
Loqi
woot
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (-262) "Current live version of Getting Started for wiki history comparison"
(view diff)
paulcp joined the channel
#
gregorlove.com
edited /User:Gregorlove.com/Getting_Started (+228) "My suggested changes to Getting Started"
(view diff)
#
ben_thatmustbeme
huh... never realized that PHP does not like having multiple Link: headers
#
gRegor`
Mainly I changed the headings to be action phrases, re-ordered a couple of them, and moved the optional ones under an "optional" section.
#
gRegor`
!tell tantek: Made some suggested changes to /Getting_Started I preserved the current live version in the history so you can compare :) http://indiewebcamp.com/User:Gregorlove.com/Getting_Started
#
Loqi
Ok, I'll tell him that when I see him next
#
ben_thatmustbeme
i wonder if that creates a problem for anyone
#
gRegor`
How so, ben? I mean, under what circumstances is PHP having a problem with it?
#
ben_thatmustbeme
curl -D - -s -L -o /dev/null ben.thatmustbe.me |grep Link
#
ben_thatmustbeme
curl -D - -s -o /dev/null aaronparecki.com |grep Link
#
ben_thatmustbeme
thats the difference i noticed
#
ben_thatmustbeme
actually until a minute ago it was only putting in my micropub one, by default php overwrites the previous
Mark87 joined the channel
#
gRegor`
So PHP is not liking parsing aaron's?
#
ben_thatmustbeme
no, just confused why php puts it all in one line, not in multiple
#
ben_thatmustbeme
but on further reading it looks like php is doing it right
#
ben_thatmustbeme
everyone tends to check the headers and the <head> data for those links so if it was a problem i don't think anyone would have even noticed
#
ben_thatmustbeme
makes me somewhat want to remove my links in <head> to see if anything breaks
#
bret
quill could actually send wm's if it uses the 202 created address it gets bac
#
gRegor`
Interesting. Are you using header() to output the Link:?
#
bret
quill could actually send wm's if it uses the 202 created address it gets bacl
#
gRegor`
bach
#
ben_thatmustbeme
gRegor` yes, I realized a few minutes ago i had to use header('Link : ...', FALSE); or i would only get one of them
#
gRegor`
Ah, did not know that. Cool
#
ben_thatmustbeme
danlyke's indiestats via curl and such are what got me going on it
#
ben_thatmustbeme
curling everyones pages myself now
#
@equivalentideas
IndieWebCampUK 2014 Hack Day Demos: HTTPS, #webactions, new & improved #indieweb sites http://tantek.com/2014/259/b1/indiewebcampuk-hack-day-https-webactions
(twitter.com/_/status/511984281212563456)
#
ben_thatmustbeme
should have saved load times too
#
ben_thatmustbeme
as one of them seems to be taking forever
#
IanVellosa
Hi Guys, after listening to the TWIT podcast I thought I'd come and play, but I'm having a few issues getting started. I'm trying to use dyndns and host my own server, but I think the http://indieauth.com server is having issues resolving my domain name. Has anyone else tried using dyndns before? Searching the WIKI and googling around, I've not been able to find anything.
#
gRegor`
Welcome, IanVellosa.
#
gRegor`
aaronpk runs indieauth.com so can help
#
gRegor`
It's not finding your site to scan for the social profile links?
#
bear
ben_thatmustbeme - I ran into that doing the initial coding on my indie-stats python app
pfefferle joined the channel
#
IanVellosa
Hi gRegor, I'm getting an error come back "Error retrieving: http://www.vellosa.com" which makes me think it's not resolving the domain name even
#
ben_thatmustbeme
wish i had a more curated list of sites to work from bear. it sucks having to wait like 3 minutes for a connection to timeout
#
bear
ben_thatmustbeme - that is one of the issues that was talked about - how to get a simple directory of active indieweb sites
#
bear
my code stores the result of the request so it could remove a site from the list if it failed
#
bear
or move it to a try again list
#
bear
or if you want I can put it online so that you could just pull down the days data that it gathers
#
gRegor`
IanVellosa: I'm getting "DNS lookup failed" too.
#
gRegor`
I don't have experience with dyndns though
#
bear
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35733
#
bear
that is the result of a DIG request for www.vellosa.com
#
bear
so dyndns is having problems responding to the request
#
IanVellosa
I get a response
#
IanVellosa
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25133
#
bear
i'm using google's dns server
#
bear
your probably using dyndns'
#
IanVellosa
I've also been trying to use a service http://ismywebsiteupnow.com/ which tests the site from a number of locations, and only about a thrid of them work for me
#
IanVellosa
but the dyndns support guys get 100% pass rates there too
#
bear
right - with dns they could be having trouble connecting to other dns root servers
#
bear
so it's a roll of the dice who has a valid zone file
#
Mark87
are you on the Personal dyndns plan?
#
IanVellosa
I'm actually using https://www.overplay.net for dns, so that I can bypass some geo ip services
#
Mark87
I ran nslookup from cmd and got 5.105.90.231
#
IanVellosa
that's my ipaddress
#
gRegor`
Looks like CA doesn't have it yet: https://www.whatsmydns.net/#A/vellosa.com
#
IanVellosa
I've had the same address for months, so it's a little anoying, but thanks for that link, makes it interesting again
#
bear
I would use something like freendns or dnsimple then
#
bear
they both have fast zone updates (because of their size)
#
IanVellosa
thanks all for the help, I'll go off investigating again (tomorrow)
glennjones joined the channel
#
gRegor`
I don't get the WordPress disclaimer reactions ^
Pea1 joined the channel
#
aaronpk
they're complaining that journalists write "Wordpress is funded by" rather than "Automattic is funded by"
Mark87 joined the channel
#
@portenkirchner
IndieWebCampUK 2014 Hack Day Demos: HTTPS, #webactions, new & improved #indieweb sites http://tantek.com/2014/259/b1/indiewebcampuk-hack-day-https-webactions
(twitter.com/_/status/511995093193351169)
wolftune and brianloveswords joined the channel
#
KartikPrabhu
gRegor`: re /Getting_Started revision: maybe this "Connect with indieweb experts and pioneers in our chat room" could be changed to suggest "people who have already set indieweb up" or something instead of "experts and pioneers"
#
gRegor`
Yeah, good idea. That line didn't sit great with me
Pierre-O joined the channel
#
gRegor`
"Connect with other indieweb people in our chat room"
paulcp joined the channel
#
KartikPrabhu
yeah better. but there might be a need to suggest that chat room people have experience with this already
#
reedstrm
well, lots of us newbies recently ... :-)
#
GWG
KartikPrabhu: I use a cheap VPS for dev work
#
KartikPrabhu
reedstrm: yup! but you did come here under the impression that someone knows what they're doing right? :)
glennjones_ joined the channel
#
bret
i love signing into stack exchange with indieauth
#
kylewm
reedstrm: you should add yourself to http://indiewebcamp.com/irc-people :)
#
reedstrm
Yup. Agreed
#
reedstrm
Gee, I sign in for 3 days in a row, and suddenly I'm part of the crowd! Cool!
#
Mark87
reedstrm++
#
Loqi
reedstrm has 2 karma
#
rascul
you came back twice, now you're stuck with us
paulcp joined the channel
#
reedstrm
heck, I even authenticated against the wiki, so I _can_ edit it. I'll do it tonight.
#
kylewm
you too Mark87!
#
jonnybarnes
youve scared them away kylewm
#
kylewm
lol, certainly seems that way
#
GWG
What's going on?
techlifeweb joined the channel
#
GWG
Hello techlifeweb
techlifeweb joined the channel
#
GWG
What is new?
#
Loqi
Welcome to news about the IndieWeb where recent notable articles about the IndieWeb are cited and linked to keep you up to date http://indiewebcamp.com/new
#
GWG
That was unexpected
#
techlifeweb
Not too much.
#
bret
ohh we need to get that gigaom article up there
lukebrooker joined the channel
Mark87 and fmarier joined the channel
KartikPrabhu, chrissaad, alexhartley, paulcp_ and moizsyed joined the channel
#
bret
yay distributed social networking with strangers on the internet: http://bret.io/2014/09/16/lazyweb-how-can-i-c/
alexhart_ joined the channel
#
gRegor`
Interesting use of a second twitter syndication link for the updated note, bret.
#
mko
I like it.
#
bret
pretty much freeformed that one
#
mko
bret++
#
Loqi
bret has 24 karma
#
bret
need to attribute kylewm :)
barnabywalters and alexhart_ joined the channel
#
techlifeweb
"yay distributed social networking with strangers on the internet" = Lazy Web. Nice
#
Loqi
giggles
#
techlifeweb
Loqi: you make me want to learn about irc bots
Loqi joined the channel
#
indie-visitor
Anyone installed known on a godaddy shared linux hosting plan?
bitraten2 and ben_thatmust__1 joined the channel
indie-visitor_ and indie-visitor joined the channel
#
techlifeweb
kylewm: guess not
#
kylewm
indie-visitor: go ahead and change your name using the /nick nickname command
#
kylewm
I haven't heard from anyone using godaddy specifically... someone was asking about bluehost yesterday
#
kylewm
welcome, johnmorton :)
#
johnmorton
Sorry haven't used irc in a looong time.
#
techlifeweb
johnmorton: no worries
#
johnmorton
I have known almost installed on godaddy
#
johnmorton
I get a "No input file specified" error
#
johnmorton
which I believe has to do with mod rewrite
#
kylewm
do you know what versiona of apache and php they are running?
#
johnmorton
I know it's php 5.4 trying to figure out apache version now...
#
kylewm
johnmorton: honestly I don't know if the apache version matters :p
#
danlyke
Okay, some choice things to say about people who tag their links "rel="alternative" rather than "rel="alternate"", or don't put semantic information in their links at all and just say "You can read <a href="/atom.xml">my RSS feed</a>" or similar, but the pages from which I could make a good guess at finding RSS and Atom that are linked as participants from http://indiewebcamp.com/irc-people are now checked for inbound links to flutterby.com, and
#
danlyke
inbound links are mentioned on entries above the comments.
#
danlyke
Oh, and it's 2014, people, can we just agree to use UTF-8 and scratch Latin-1 forever?
#
barnabywalters
there are people in /irc-people not serving content over UTF-8? huh
#
barnabywalters
maybe we can help them out
#
barnabywalters
danlyke++ for bringing up webmention issues and building an alternative
#
Loqi
is done
#
Loqi
danlyke has 1 karma
#
johnmorton
kylewm: googling tells me to adjust the htaccess file, but so far no change
#
kylewm
johnmorton: yeah google is where i'm at too... seeing lots of random suggestions but nothing definitive
#
kylewm
maybe somebody who knows Apache better can weigh in?
chrissaad joined the channel
#
danlyke
barnabywalters: I had to adjust my parser to try Latin-1 as a fallback. But part of my impetus for rewriting the Flutterby.net CMS in C++ is trying to get character set issues right. Between Apache and Perl and PostgreSQL, everything things it's an expert...
#
kylewm
johnmorton: did you already try "RewriteBase /"?
alexhartley joined the channel
#
johnmorton
kylewm: No. adding that after RewriteEngine On?
#
acegiak
morning, all
#
kylewm
johnmorton: yes but I am literally just repeating stuff I saw on stackoverflow, so it is probably dangerous and wrong ;)
techlifeweb joined the channel
#
danlyke
barnabywalters: non-UTF8 in: http://caseorganic.com/ http://techlifeweb.com http://tiagopinto.pt . I'd suggest shipping them off to the reducation camps, but glass houses and stones and all...
#
johnmorton
kylewm: That's pretty much what I've been doing last couple hours :) but I didn't see that one.
hober joined the channel
#
techlifeweb
Im not UTF8? I'll check into it
#
barnabywalters
caseorganic.com appears to be UTF8
#
barnabywalters
although there have been a couple of weird character encoding glitches in p3k
#
waterpigs.co.uk
edited /spam (+42) "/* See also */ linked"
(view diff)
#
techlifeweb
Perhaps I'm not understanding the UTF-8 issue.
#
techlifeweb
All those sites have <meta charset="utf-8">
#
waterpigs.co.uk
edited /DDOS (+3) "/* Webmention */"
(view diff)