IndieWebCamp March 13-20, 2015

This is an automatically-generated summary of the IndieWebCamp wiki edits from March 13-20, 2015

Table of Contents

New Pages

Changed Pages

New Pages


Created by on March 19

  • Thu, March 19 clone of 2014
  • Thu, March 19 /* Saturday, October 11, 2014 (Brainstorming) */
  • Thu, March 19
  • Thu, March 19 /* Thursday, March 19, 2015 (Brainstorming) */
  • Thu, March 19
  • Thu, March 19 /* Thursday, March 19, 2015 (Brainstorming) */
  • Thu, March 19 do photos + lunch before session scheduling
  • Thu, March 19 /* Thursday, March 19, 2015 (Brainstorming) */ links to 14:00 sessions
  • Thu, March 19 etherpad for live links
  • Thu, March 19 /* Thursday, March 19, 2015 (Brainstorming) */
  • Thu, March 19 /* Friday, March 20, 2015 (Hack Sessions) */
  • Thu, March 19 /* Thursday, March 19, 2015 (Brainstorming) */ dinner
  • Thu, March 19 /* Friday, March 20, 2015 (Hack Sessions) */ update rooms
  • Fri, March 20 /* Friday, March 20, 2015 (Hack Sessions) */
  • Fri, March 20 /* Friday, March 20, 2015 (Hack Sessions) */ correct times for day 2 schedule

IndieWebCampCambridge 2015 Schedule

See for links to live etherpads.

Thursday, March 19, 2015 (Brainstorming)

MIT Stata Center, room 32-D463, 32 Vassar St, Cambridge, MA, US, 02139.

Photo of schedule grid:

Time Main Room 312 Open Seating Near Open Seating Far
9:00 Camp opens. Badge creation, networking, and breakfast.
10:20 Introductions, lots of Selfdogfood Demos of what works today
12:00 Group Photo, then Lunch at Co-op
13:00 Session Scheduling
14:00 userinfo thoughtpost
15:00 tilde chromify
16:00 messaging
17:00 kindsofposts future drupal analytics
18:00 Intro to Hack Day, head to dinner at The Asgard!

Friday, March 20, 2015 (Hack Sessions)

MIT Stata Center, room 32-D463, 32 Vassar St, Cambridge, MA, US, 02139.

Time Main Room Kiva (312) after 11:30 D507 until 13:30 Open Seating
9:30 Breakfast
10:10 Day 2 Kickoff, Hack Day Intro
10:30 - 12:00 XXXXXXXXX
12:00 - 1:00 Catered Lunch
13:00 - 14:00 XXXX
14:00 - 15:00 XXXXXXXXX
15:00 - 16:00 XXXXXXXXX
16:00 Demos
17:30 community cleanup
18:00 camp closed!
19:00 after party - ?

See also


Created by on March 20

IndieAuth is a protocol to log users into web applications through an authorization server. The authorization server is linked from the user's home page.


Authorization process


  1. User enters his homepage URL in the login form of the web application and clicks "Login"
  2. Web application discovers the authorization endpoint by fetching the user's homepage
  3. Web application redirects the user's browser to the authorization endpoint
  4. Authorization endpoint verifies the user, e.g. by logging in
  5. Authorization endpoint redirects the browser back to the web application, including a token
  6. Web application verifies the token directly with the authorization endpoint
  7. User is logged into the web application

Creating an Authorization Endpoint

An authorization endpoint must be able to both generate authorization codes as well as verify authorization codes.

Identification header

Every endpoint MUST return a

IndieAuth: authorization_endpoint

HTTP header in all responses.

It is used to verify that it's really an endpoint.

1. Login form

The site contains a web sign-in form prompting the user to enter their URL to sign in. Upon submitting the form, the site begins the auth process by discovering the user's auth endpoint.


2. Endpoint Discovery

The web application checks the user's website for a link with a rel-value of "authorization_endpoint":

<link rel="authorization_endpoint" href="">

Use this URL as endpoint for processing.

If no authorization_endpoint link can be found, the IndieAuth client software may fall back to e.g. by using as URL.

TODO: MUST HTTP header links be supported?

3. Redirect to authorization endpoint

Directing the user's browser to the auth endpoint is usually done via a HTTP Location header, but can optionally be an <a> tag with an href set to the authorization URL.

Note: Values are shown without URL encoding for readability.


Full URI of the user's homepage
Full URI of the application's/website's home page. Used to identify the application. An authorization endpoint may show the application's icon and title to the user during the auth process.
Full URI to redirect back to when the login process is finished
Web application-internal state variable; can contain anything
Optional. Auth endpoints MUST support them, though.
id (identification only) or code (identification + authorization)
Optional. Defaults to id.
Not used and omitted in identification mode (request_type=id)
For authorization, the scope contains a value (often a verb) that the web application requests permission for, e.g. "post". Multiple values are supported, e.g. post,delete

4. Verify user

The authorization server should present an interface describing the request being made. It must indicate:

The client_id making the request
Including the name and logo if an h-card is found on the client_id URL
The scope if authorization is requested.

TODO: Example. See h-x-app.

Redirect URI verification

why is redirect_uri separate from state?
the callback URL shouldn't be dynamic per request so that callback URLs can be registered. "state" is allowed to vary per request
why should callback urls be registered?
without registration it's easier to perform a redirect attack. more background here:
how does the client website register the callback at the server?
haven't written this part up yet, but the idea is for the client to publish its registered redirect URIs on its web page with a <link> tag
since client IDs are always URLs, it's all discoverable that way
for client_id a server can find its valid redirect URIs by looking for <link rel="redirect_uri" href=""> at

5. Redirect to web application

The authorization server presents the request information to the user, and when he approves, generates an authorization code and redirects the user to the redirect URI specified.

HTTP/1.1 302 Found


Authorization code
State variable sent by the web application
Full URI of the user's homepage

6. Token verification

The web application finally queries the authorization endpoint to verify the auth code given by making a POST request with the following values:

Content-type: application/x-www-form-urlencoded


After the authorization server verifies that redirect_uri, client_id and state match the code given, the response will include the "me" and optionally the "scope" value:

HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded



Full URI of the user's homepage
Not used and omitted in identification mode (request_type=id)
For authorization, the scope contains one or multiple (comma-separated) values the user gave his permission for.

Using an Authorization Service

You can use an existing authorization service such as if you don't want to build your own authorization service.


Why are auth codes verified with a POST instead of a GET

If auth codes are sent as a GET request in the query string, they may leak to log files or the HTTP "referer". The decision was made by the OAuth 2.0 working group to use POST requests and the HTTP Authorization header for sending these sensitive tokens and auth codes.

Can the authorization codes be used more than once

No, the authorization code must not be used more than once. If the code is used more than once, the authorization server must deny the request.[1] A maximum lifetime of 10 minutes is recommended for the authorization codes, although many implementations have a lifetime of 30-60 seconds.

Can I add additional parameters for the authorization request

No, but you can use the "state" parameter to encode or reference additional application-specific parameters. The state parameter will be passed around and was designed for this purpose as well as to prevent CSRF attacks.

Does the auth server have to support the state parameter

Yes, the state parameter can be used by the client to maintain state between the request and the callback, so the auth server must support it. It is also used to prevent CSRF attacks.


Created by on March 19

The opening IndieWebCamp 2015 Cambridge session.

IndieWebCamp leaders will lead you through:

  1. Announce: Welcome to the second IndieWebCampCambridge!
  2. Show Squarespace parody video
  3. Tell brief history:
  4. Show home page and principles
  5. Note explicit decision to focus on
    • personal site "scratch your own itch" doers, doing, selfdogfooding, demoing
  6. Overview of IndieWebCamp Two Days:
    • day 1: intro/demos, lunch, brainstorming sessions, dinner
    • day 2: day two hack sessions, lunch, hack sessions, demos
  7. Show code-of-conduct, point out organizers to go to in case of anything
  8. Demos of what works on your site today
  9. Explanation of today (brainstorming sessions) vs tomorrow (hack sessions)
  10. Intro to how Barcamp sessions are scheduled: write THREE THINGS on a notecard:
    1. session name,
    2. your name,
    3. session #hashtag - used for tagging and
  11. Session scheduling!
  12. Camp leaders call *start your sesssions* at start time



See Also

Created by on March 17

  1. Progress


  • I bought some domains, including You'll see others show up over time.
  • I spun up a Google Compute Engine server (Ubuntu 14.04 LTS) with a certain IP. I then created a DNS A record of to that IP (.is nameserver swapping is difficult through
  • I `apt-get install nginx` and `service nginx start`, then edited the default HTML to be sufficient enough for IndieAuth.
  • I can now edit wiki pages!
  1. TODO:
  • Have an official avatar URL on a domain I control. Not just wk0lcdq6cj.jpg
  • Post a note
  • Support HTTPS at . Who should sign that cert if I want you to trust me the most? :)
  • Be able to post a note in reply to people when I disagree with them :P
  1. Ideas


Created by on March 17

  • Tue, March 17 prompted by tantek and dfn added by tantek
  • Wed, March 18
  • Wed, March 18 in general vs in context of

A meme in general is an idea that propagates through minds by replication (the idea itself encourages those understanding it to propagate it to others) and in the context of the IndieWeb it is also a post type consisting of a funny or provocative image with a brief text note overlaid on top of it, usually in white all capitals text outlined in black, similar to a single-pane comic, yet with text that reads like prose rather than a caption.


Created by on March 18

  • Wed, March 18 Created page with "{{stub}} '''<dfn>[ Jekmentions]</dfn>''' is a service that works as webmention endpoint and saves the received webmentions in a GitHub repository. =..."
  • Wed, March 18

Jekmentions is a service that works as webmention endpoint and saves the received webmentions in a GitHub repository.


Sites that use Jekmentions


Jekmentions works only with Jekyll sites hosted on GitHub pages, but, differently from Javascript-based webmention endpoints designed for static sites like and, Jekmentions doesn't require Javascript and doesn't store the contents of the received webmentions.

Instead, whenever Jekmentions receives a webmention, it pushes it to the GitHub repository which is hosting the Jekyll site, which then uses some magic to render that webmention in the correct page or post it belongs.

How to use

Jekmentions will save one file for each webmention received, all them inside the
directory on the root of the repository, and then under the path corresponding to the actual path of the page targeted:

Knowing that path and file structure, and reading about Jekyll collections, the feature that makes this possible, you can use your imagination and implement a layout that renders the webmentions at their correct page.

See Also


Created by on March 15

Cambridge Massachusetts is one of several cities where IndieWebCamp events have been held, first in 2014, and then again in 2015.


Created by on March 16

  • Mon, March 16 stub with dfn and link. prompted by shaners
  • Wed, March 18

Monocle is an open source IndieWeb-enabled reader developed by Aaron Parecki.

Available at

See Also


Created by on March 19


Thought Draft Post

A session at IndieWebCamp Cambridge 2015, archived from live notes at

Welcome to the Thought -> Draft -> Post session

IndieWebCamp Cambridge 2015

All contribution to these notes CC0.



Remote Participation



Tantek comments that the stuff he posts is a small percentage of the things he WANTS to post. A common problem. Currently organizes with two text files. In one, brain dumps thoughts with links and date. On occasion, for an occasion, cherry picks thoughts from the first file into a second, scheduled to be finished by a particular time, such as a conference.

Collection of ideas/Prioritization....Distraction!!

Is there a good way to collect one's ideas easily?

Is there a good draft selection method?

There are 4 layers of posting for tantek

  1. collecting random ideas
  2. prioritizing some of them as to be done before an event
  3. sorting/clustering ideas into a cohesive narrative as a post
  4. good writing, proper prose, article structure, beginning / middle / end
  5. posted - I post my drafts to my site semi-privately and iterate within my site so I have full control of the iterations.


Problem Statement

I have some thoughts but don't have time to write a post.

I want to write some posts before an event, e.g. for that event.

I don't know what to write about!

My post is getting too big - how do I split it?

  • How do I constrain the subject sooner to not overwrite or get lost on a tangent?

If the topic is able to split, then you know that or you don't.

If it can be split, then you've got a chapter book.

Your splits are more like pause for breath.

Sometimes I'm purposely pausing for input, which can benefit writing more about it later.


Write a few sentences, just a paragraph, short note commentary about what you've read.

Tagging can help organize the random ideas.

Then later collect a bunch of notes into a longer blog post


Timebox: set aside an hour to blog with the goal of publishing at least one finished post. More is better! If you get one post done, go for it and do a second one.


What is the level below draft?

Why not start in the same format and just keep it moving along?


Created by on March 16

Livefyre is an Enterprise Social Web Platform used by hundreds of Publishers and Brands for commenting, chat, reviews, and social content marketing.

Products (Social APIs + Social Web Components) include:

  • Real-time Commenting and Chat
  • Ratings and Reviews
  • User/Topic Following and Aggregation
  • Content Collection Hosting and tools for curating social Content from SNS like,,, and many more
  • A JavaScript SDK for building custom social web components
  • An App Web Service that models application lifecycle management for social web components
  • User Management and Social Authentication

For more answers, visit Livefyre Answer Central.

See Also

  • . . .

Created by on March 16

I only started on my Indieweb journey in 2015 because I'd not heard about it before then; however, I have been blogging since 2002 and have always valued my independent part of the internet so the principles behind the Indieweb resonant with me.

I'm a Jekyll user. So far I have been working on adding microformats2 markup to meet as much of the IndieMark level 1 and 2 requirements as I can. Where I'm completely lacking (and therefore my next focus) is POSSEing some kind of content.

Relevant posts from my site

WordPress shortlink

Created by on March 16

  • Mon, March 16 Created page with "== Replacing the build in WordPress Shortlink == remove_action( 'wp_head', 'wp_shortlink_wp_head', 10, 0 ); add_action( 'wp_head', 'replace_shortlink'); function rep..."

Replacing the build in WordPress Shortlink

   remove_action( 'wp_head', 'wp_shortlink_wp_head', 10, 0 );
   add_action( 'wp_head', 'replace_shortlink');
   function replace_shortlink () {
       // make the new shortlink here somehow, for example, this is what I used:
       global $post;
       if ( !empty(SHORTDOMAIN) ) {
           $short = SHORTDOMAIN . $post->ID;
       else {
           $url = rtrim( get_bloginfo('url'), '/' ) . '/';
           $short = $url.'?p='.$post->ID;
       printf ('<link rel="shortlink" href="%s" />%s', $short, "\n") ;

nginx redirection for shortlink id to not nice WordPress URL

   # dom.ain
   server {
       listen 80;
       server_name .dom.ain;
       rewrite "^/([0-9]{1,6}).*$"$1 permanent;
       # fallback
       rewrite ^(.*)$$1 permanent;

2015/Cambridge/Hack Day Intro

Created by on March 20

IndieWebCamp Cambridge 2015

Day 2 of IndieWebCamp is our hack, create, design, and build day.

General Advice

  1. Still not sure what to hack on? Checkout IndieMark for some next steps for your site.
  2. Find one really simple thing to add to your site before lunch, one more challenging thing after lunch.
  3. Ask for help if you're stuck at all - you are short on time, but surrounded by high-bandwidth expertise. Ask on IRC, ask your neighbors, ask an organizer.
  4. Help someone get unstuck. Listen and if you hear a question about something you know something about, take a few minutes to help someone or direct them to a resource on the wiki.

Hack Sessions

Hack Session Proposals

  1. write down on a sticky note:
    • what you're going to work on
    • your name
    • hashtag
  2. Announce what you're doing
    • pick an area / room / space
    • before/after lunch
    • and put your sticky up on the grid

Join forces with others working on similar things.


Created by on March 20

  • Fri, March 20 prompted by ben_thatmustbeme and dfn added by ben_thatmustbeme

game is you have just lost the game

after the game

Created by on March 20

  • Fri, March 20 prompted by tantek and dfn added by tantek

after the game is before the game. — S. Herberger


Created by on March 13

  • Fri, March 13 prompted by aaronpk and dfn added by KevinMarks

Realtime is a well-defined software field where computing has to complete or fail cleanly by a deadline, because latency is paramount.


Created by on March 15

  • Sun, March 15 prompted by tantek and dfn added by aaronpk

centurylink is an ISP providing gigabit Internet service to some parts of Portland, Oregon

Google Container Engine

Created by on March 16

  • Mon, March 16 prompted by gRegor` and dfn added by gRegor`

Google Container Engine is


Created by on March 15

  • Sun, March 15 prompted by tantek and dfn added by aaronpk

followed is a post that indicates the author has just subscribed to someone's feed


Created by on March 17

  • Tue, March 17 prompted by tantek and dfn added by bengo

Localize.js is A small company building a platform to make Localization of web pages as easy as possible.


Created by on March 19

  • Thu, March 19 prompted by tommorris

Diigo is a silo for storing bookmarks and research annotations.

POSSE usage


Created by on March 19

  • Thu, March 19 prompted by tantek and dfn added by gRegor`

mkdocs is


Created by on March 19

  • Thu, March 19 prompted by aaronpk and dfn added by benwerd

OExchange is a simple web-based convention for sharing any website via any platform on the web. It is supported by AddThis among other services, and includes provisions for sharing services to be auto-discovered by browsers and other tools.


Created by on March 20

GET / HTTP/1.1
User-Info: byoung

.htaccess for Apache:

RewriteCond %{HTTP:User-Info} (.*)
RewriteRule ^$ %1.txt [QSA,L]


  • .htaccess for Apache
  • nginx config


Created by on March 20

Welcome to the ~tildeClub session IndieWebCamp Cambridge 2015 Participants:

Background Story: Tilde Club

GitHub Repo:



Created by on March 20

  • Fri, March 20 dump from etherpad, not sure of organization of this, there was little to no grouping on the etherpad

Drupal - - is a content management framework supporting some 2% of the web including many large and prominent sites. It is free software and has a very large and active community.

this seems to be the best shot at Webmentions

working on getting contrib access here.

should implement this - already a bug is flagged for pingback spam, how do we implement spam control?? see

auto-link URLs directly - the input filters can do this auto-link @-names to Twitter profiles - the Twitter module can do this and some others too (


  h-geo or h-adr

  • This can be done with feeds module
  • h-feed and h-entry. should be semantic tags on the views entries

Development strategy:

Microformat background info

h-atom enabled using drupal referenced:

one of these or similar should be able to ingest dang near any microformat

here is the wordpress approach

wordpress glue modules list

here is a test sandbox of salmon for comments


Created by on March 19

  • Thu, March 19 Created page with "Current live stream can be found at []"

Current live stream can be found at

Created by on March 17

  • Tue, March 17 prompted by bengo and dfn added by bengo is a hosted, social networking service that runs Previously it was based on StatusNet.

See Also


Created by on March 18

  • Wed, March 18 Created page with "<span class="h-card">{{sparkline|}} [[|Giovanni T. Parra]]</span>"

Giovanni T. Parra


Created by on March 20

Indie Messaging Indiewebcamp 2015 Cambridge



Ben Roberts is aggregating IRC back onto his own site as a start

direct messag to ben_thawr on IRC logs to my site

Firefox Hello and other systems already exist to handle direct video in the browser but not really for texting

/contact pages could contain a form to send a message directly to the person on whatever method they prefer at that moment

indication of when messages have been received: BBM - the original "better than SMS"

  • showed sent/received/read status of every message sent

E.g. Facebook messenger shows various message sending/sent/received states

  • sending to server: spinning ?
  • failed to reach server: red exclamation point
  • server received: small empty circle
  • device received: small empty circle with a dot inside - receiver's device has the message
  • has been read: small circle replaced completely by small disc of receiver's icon

iMessage / Messages

  • sending to server. progress bar
  • failed to reach server: red exclamation point
  • device received. "Delivered"
  • has been read: "Read" (can be disabled by receiver)

AIM (oscar protocol)

  • showed when a user was typing if they had this option set
  • pidgin (libpurple) plugin for "Psychic mode" showed when a message box was opened to you before even receiving a message


Created by on March 20

5PM presentation of different kinds of posts

How we represent these different posts and replies stylistically

  • reviewed Kyles' approach to this and twitter's first.


  • like
  • favorite
  • share
  • bookmark
  • linkblog
  • listen
  • repost
  • reply
so.. can you add a comment to a like? there is not unity but that is how people can explore the design space. what does it provide the other person? stars are effectively like comments. Stars looking at ben werdmullers setupp with favorites

if you check in at a bar and post some more updates would you reply to the checkin or have a separate post altogether? and a geo note or not?

which direction are UI's going? post types may confuse people. ux testing shows it trips every new user. does it wreck the attention span.

twitter just has one post type. you can add location or photo but they are not separate post type.

pointing out they use the ellipsis ... on twitter to put the action commands away because more than three

options get confusing. UX testing probably led to this.

suggest FontAwesome if you want font glyphs http://fortawesome.

Changed Pages


14 edits by,

2015/Cambridge/Guest List

11 edits by,,,,,,


9 edits by


7 edits by,,
  • Wed, March 18 /* OpenID support */ delete this section since it was on github for the project, not the indieauth spec
  • Wed, March 18 /* See Also */
  • Wed, March 18 /* Details */
  • Wed, March 18 /* Source Code */ Feature Requests, Followings & Location Information, cite Upcoming KS Project Update #11
  • Wed, March 18 /* The IndieAuth API */ clarify that != IndieAuth the protocol
  • Wed, March 18 /* Source Code */
  • Fri, March 20 /* See Also */


6 edits by
  • Tue, March 17 /* Bug Reports */ dt-published needs timezone
  • Tue, March 17 /* Itches */ PESOS Nike Running
  • Tue, March 17 /* dt-published needs timezone */ reword problems
  • Tue, March 17 /* Bug Reports */ dt-published has timezone now in all post types (notes, articles, likes) ! all the way back to the start 2010-01-01 :)
  • Fri, March 20 /* event posts */ note presentational goal
  • Fri, March 20 /* event posts */ clarify what fields I want to display in roughly what order / cardinality


5 edits by,

How to publish and consume PubSubHubbub

5 edits by,,


5 edits by,,


4 edits by
  • Wed, March 18 /* Sites that support distributed IndieAuth */
  • Thu, March 19 link auth endpoint
  • Fri, March 20 /* Level 2: Host your own authorization server */
  • Fri, March 20 /* Level 2: Host your own authorization server */


4 edits by,
  • Wed, March 18 adding known sponsors and food vendors. Need to confirm with Tim that he is with Reclaim Hosting
  • Wed, March 18 catering all set
  • Fri, March 20 sponsor updates
  • Fri, March 20 header summary with link to higher level pages


3 edits by,


2 edits by
  • Fri, March 20 collapse Silo Examples, sort FB, most recent to top
  • Fri, March 20 /* Brainstorming */ Markup design


2 edits by,
  • Sun, March 15 /* Open Discussions */
  • Sun, March 15 /* Open Discussions */ follow-up, do we need something without actual problem reports or other examples


2 edits by


2 edits by


2 edits by
  • Mon, March 16 /* Level 3 security */ remove me from mixed-content warning
  • Mon, March 16 /* Level 4 security */

2 edits by


2 edits by,
  • Wed, March 18 /* checking target validity */ expand to not restrict validity to your own site's URLs
  • Thu, March 19 /* Publishing Software */ update known


2 edits by
  • Wed, March 18 /* Hubs */ add link to conversation with haxor
  • Thu, March 19 /* How To */ remove redundant sections, bold link to [[How to publish and consume PubSubHubbub]]


2 edits by,
  • Wed, March 18 /* markup for hypertext design */ markup of times should include timezone explicitly
  • Thu, March 19 /* Kartik Prabhu */


2 edits by
  • Thu, March 19 Made with the open source "sdedit" tool. Sequence code: #![IndieAuth: Authorization process] browser:Browser "User browser" webapp:Application "Web application" server:Webserver "User web server" authendpoint:Webserver "Auth endpoint" browser:3. Redir
  • Thu, March 19


1 edits by


1 edits by


1 edits by
  • Mon, March 16 /* Specialized Silos */ linking exercise


1 edits by

Federated Social Web Summit

1 edits by
  • Sun, March 15 /* San Francisco 2012 */ use of h-as-* may have started here, I don't remember offhand if I implemented it myself before the summit

WordPress Plugins

1 edits by


1 edits by

1 edits by
  • Sun, March 15 /* Jonny Barnes */ Adding stuff and h-card to my User page as per /wikifying


1 edits by
  • Sun, March 15 /* Use with microformats2 */ note 2011 post about as-* classnames, cite post about using h-as-*, considering removing h-as-* class names perpetual-tripper

1 edits by perpetual-tripper


1 edits by


1 edits by


1 edits by
  • Wed, March 18 /* Be a good POSSE destination */


1 edits by

web hosting

1 edits by
  • Thu, March 19 /* Static domain hosting */ Add Google Drive

IRC People

1 edits by

1 edits by

1 edits by