2013-05-29 UTC
scor, spinnerin, tantek, peck_lx, heath, elf-pavlik, b0bg0d and cweiske joined the channel
# 06:05 bret aaronpk, I'm working on implementing some simple javascript code to display webmention data from pingback.me on a static web page, but so far I only see how to make api requests with the api key which is private. Are you able to make it so I can access the data without revealing the API key?
# 06:15 cweiske I can't think how this would be possible using direct communication from browser to pingback.me
# 06:17 bret bascially, I would make my pinback.me data public
elf-pavlik joined the channel
# 06:20 bret if you request the data without an API key it indicates that there might be a way to make the data public
# 06:21 cweiske that's why I couldn't understand how to access private data from a user's browser without real authentication
# 06:22 bret maybe eventually, there could be some kind of dashboard to moderate the data a little
# 06:23 bret but for now, just making it public would get it working fine
b0bg0d, seyz, andreypopp and hmans joined the channel
friedcell, peck_lx, andreypopp, hmans and barnabywalters joined the channel
brbcoding, mxuribe, pbeaulieu, scor and barnabywalters joined the channel
scor, b0bg0d, josephboyle and xtof joined the channel
brianloveswords, erinjo, tantek, b0bg0d and andreypopp joined the channel
# 16:59 tantek !tell sandeepshetty PuSH was trivial to implement as a publisher. I think it's a good spec, except for the Atom dependency, which yes we should fix to work with HTML (hAtom/h-entry) in addition.
# 17:00 Loqi Ok, I'll tell them that when I see them next
# 17:09 tantek aaronpk - can we confirm a venue sufficiently to put it on the home page and /2013 page? Instead of the bold TBD for Where?
seyz joined the channel
morrocco_mole and scor joined the channel
eschnou joined the channel
spinnerin joined the channel
eschnou and sandeepshetty joined the channel
# 19:27 Loqi sandeepshetty: tantek left you a message 2 hours, 27 minutes ago: PuSH was trivial to implement as a publisher. I think it's a good spec, except for the Atom dependency, which yes we should fix to work with HTML (hAtom/h-entry) in addition.
andreypopp and josephboyle joined the channel
b0bg0d joined the channel
# 19:31 sandeepshetty aaronpk: There's only so much context I can add in 140 chars... I was specifically talking about feeds...
# 19:31 tantek sandeepshetty - then you should have blogged it on your own site
# 19:31 tantek no one here should EVER be using the "only so much context I can add in 140 chars" excuse.
# 19:32 aaronpk lol yea that's not an excuse here :) I go over 140 chars all the time!
# 19:32 sandeepshetty I know :) Was on the move all day so just quickly jotted down stuff... will be converted to blog posts soon..
# 19:34 barnabywalters I haven’t timed it but I’m pretty sure I can post notes to my site faster than I can to twitter
# 19:35 sandeepshetty No 3G where I was and edge is very slow... so firing a mobile client and typing is faster than browsing...
# 19:35 barnabywalters with web-action style URL param autofilling you can also make the home screen icons prefill tags and such things
# 19:36 tantek sandeepshetty - sounds like you need to investigate the "email to post" stuff that barnabywalters has working.
# 19:36 barnabywalters tantek: that thread’s interesting — anil seems to be talking about the granny antipattern
# 19:38 barnabywalters btw tantek — just working on new version of Taproot, using 6 char SXG epoch days + SXG seconds for note IDs
# 19:39 tantek exactly, 500 years should be good enough for anyone (reasonably human-like)
# 19:39 sandeepshetty anyone syndicating content on their site (webmention, feed, etc)? How do you deal with security?
# 19:40 tantek sandeepshetty - we're all syndicating out plenty via POSSE
# 19:40 sandeepshetty If you add webmention content on your site and it's html then how do you deal with security
# 19:41 tantek sandeepshetty - eschnou obv - indieweb comments
# 19:41 aaronpk I do, but only because the mf2 parser does it for me
# 19:41 aaronpk and then yea I re-link. which has the interesting side effect that other people's hashtags end up linking to my own tag pages
# 19:42 sandeepshetty this brings me to stuff I've been thinking about feeds... they have the same problem no?
# 19:42 barnabywalters all it takes is someone to mark up their content as e-summary instead of p-summary and you’ve got injection
# 19:42 aaronpk barnabywalters: you should document that on the parser :)
# 19:42 barnabywalters aaronpk: I do mention that the parser does no filtering and all data should be suitably filtered, but I should add that particular case as an example
# 19:44 tantek sandeepshetty - "all the big silos only do…" is also a poor justification for anything
# 19:44 tantek mobile email clients are MUCH better behaved on slow mobile networks (Edge etc.) compared to any kind of mobile native posting client.
# 19:44 tantek sandeepshetty - doesn't your mobile device have a web browser?
# 19:46 sandeepshetty tantek: I prefer looking across the board... there's always stuff to learn...
eschnou joined the channel
# 19:48 aaronpk I was assuming plaintext feeds without realizing it
# 19:49 tantek sandeepshetty - sure, there's plenty to learn, even from bad examples, but it's always better to look at good examples first
# 19:49 aaronpk although there are well-established practices for sanitizing html at this point. just look at wordpress, mediawiki, forums, etc etc
# 19:53 tantek aaronpk - sounds like something you could add to the wiki
# 19:53 tantek since you're saying it's "well-established" ;)
bretolius joined the channel
# 19:55 tantek aaronpk - I think that's reasonable, get something simple built quickly
# 19:55 sandeepshetty will you ever be implementing a feed reader on your site? I want my site to be both a medium for publishing and consuming..
# 19:56 sandeepshetty aaronpk: sorry I might have missed this but how are you ensuring you're getting plain text when the content is external?
# 19:57 aaronpk sandeepshetty: apparently i'm not, but I thought I was. my assumption was that the "name" property from the mf2 parser was always plaintext
# 19:58 tantek or someone can also embed literal < > & in the plaintext as well
# 19:58 eschnou aaronpk, did I just read you display indie comments?
# 19:58 sandeepshetty and with what eschnou there seems to be a big security hole.. which is why I left out the bit about what to do with the webmention in the spec
# 19:58 tantek if someone puts "&" in the text, you should keep it, and escape when publishing if necessary
# 19:58 aaronpk tantek: yea my goal is plaintext, whatever that takes
# 19:59 tantek and if I name my blog post: About the <time> element
# 19:59 barnabywalters if you htmlencode the entities from php-mf2 the worst that will happen is that you’ll get html showing up in the output
# 20:00 aaronpk tantek: yes that is what I want to do. if you publish html on your site that renders as <time> you have to have escaped those characters
# 20:00 aaronpk which means by the time I get it, i don't get <, I get <
# 20:00 tantek you can't assume the data will go into an HTML context
# 20:01 tantek premature html escaping causes plaintext corruption
# 20:02 tantek.com edited /2013/Guest_List (+405) "/* Creators */ putting in placeholder images for folks that forgot to - based on what they have at their site, github, twitter, or otherwise linkto from the contact/about pages. feel free to change, but something is better than nothing, public URLs" (
view diff )
# 20:02 tantek ok folks I just added a bunch of images for the slackers
# 20:02 eschnou aaronpk, hmm.. just commented and it didn't show up...
# 20:03 tantek so if you want a different image (ahem, caseorganic, termie), you might want to edit your RSVP
# 20:03 eschnou aaronpk, pingback
# 20:03 aaronpk eschnou: did you get a successful reply from the pingback?
# 20:04 eschnou is digging in the logs
# 20:04 eschnou aaronpk, mm... no_link_found
# 20:05 sandeepshetty so the reason I brought this up is that if everyone plans to do plain text feeds then how do we add the lost context (microforats related to citation, etc.)
# 20:05 barnabywalters sandeepshetty: it’s safe to parse microformats and display the data in whatever way you see fit — provided the output is all htmlencoded
# 20:06 tantek sandeepshetty - type it into the new page - there's already too many hanging questions / answers here in IRC to track
# 20:08 barnabywalters if you’re displaying the content as HTML you can assume it’s going in an HTML context and html-encode it
# 20:09 tantek barnabywalters - the parser should not be escaping plain text
# 20:09 tantek except for JSON - since that's where it puts it
# 20:10 eschnou I did not follow you plaintext discussion, but is it not just a matter of strip_tags, and allowing some safe tags (e.g. a anchors, span, etc?)
# 20:10 tantek eschnou - unfortunately no - nothing is "just a matter of…" right now
# 20:10 tantek WE can't follow the plaintext discussion because we exceeded IRC thread readability
# 20:11 tantek hence pointing people to write up their questions/answers on the wiki
# 20:11 tantek just need to recognize them and know when to move things elsewhere
# 20:11 eschnou tantek, as long as we don't move to a mailing list, I'm fine :)
# 20:12 sandeep.shetty.in created /plaintext (+285) "Created page with "* Displaying HTML content from external sites (feeds, webmention, etc.) posses a security risk. * Prefer plaintext * Whats the right way to sanitize external content. * However c..."" (
view diff )
# 20:12 tantek so I start writing an @-reply, and then realize I can improve the UI-flow of my @-reply authoring, so I jump into writing code...
# 20:13 eschnou I like IRC, and the fact we log the channel, I actually like to get my morning coffee reading your discussions of the night :-)
# 20:16 aaronpk eschnou: what's the post you tried to reply to me with?
# 20:17 eschnou but the issue may be there: that link actually 301 to my domain at eschnou.com, maybe that your code does not follow these redirects
# 20:17 sandeepshetty barnabywalters: how do decide if the external content is plaintext or html?
# 20:17 eschnou aaronpk, I should use the cname domain, but my current implementation makes it tricky and I didn't spend the time on this yet.
# 20:18 barnabywalters sandeepshetty: go by the microformats spec (assume plaintext from name, summary and HTML from content) and if you overencode, it’s the publisher’s problem which needs to be fixed on their end
# 20:18 aaronpk barnabywalters: wait what! now you say name has to be plaintext?
# 20:19 sandeepshetty This isn't a publishing problem.. it's a security one... assume malicious parties...
# 20:19 aaronpk eschnou: yea probably I am not following the redirect...
# 20:20 sandeepshetty barnabywalters: you'll have to explain.. are you saying you won't encode the name and summary?
# 20:20 barnabywalters with the logic I described, the worst that happens assuming a malicious party is you get some escaped HTML showing up on your site
# 20:23 termie tantek: looking now
# 20:24 termie tantek: that's a good image, it will make people not recognize me
# 20:24 termie tantek: so i can sneak up on them and get all indieweb
# 20:24 eschnou aaronpk, well, I think this is more the case of you 'subscribing' to the comments feed
# 20:24 termie and yay caseorganic, she was fun to talk to at xoxo
# 20:24 eschnou aaronpk, how to subscribe and to which feed is what to discuss
# 20:25 tantek eschnou - subscription eventually comes down to PuSH notifications
# 20:25 tantek so if we're talking about a notification based protocol, we should consider multiple possibilities
# 20:25 eschnou tantek, absolutely and the discussion we previously had on PuSH and microformats support
# 20:26 tantek we don't know what combination of each would actually work best in this use-case
# 20:26 eschnou tantek, well, as a (lazy) developer, I would mind if we just settle on one for now :-)
# 20:26 sandeepshetty People that have implemented PuSH: do you also subscribe to feeds with regular rss/atom?
# 20:26 tantek eschnou - sometimes an ounce of thinking can prevent a pound of wasted coding
# 20:26 tantek that's the problem with the "just settle on one for now"
# 20:26 aaronpk sandeepshetty: I publish to a hub, but don't subscribe to anything because it's too hard
# 20:27 tantek aaronpk - but you have no problems receiving webmentions
# 20:27 aaronpk yea, subscribing in PuSH is too hard because of the extra round-trip the request has to make
# 20:27 sandeepshetty I would just prefer building in a feed reader into my site.. why go PuSH?
# 20:27 tantek sandeepshetty - depends on how "real time" you want it
# 20:28 tantek if you want your feed updates to be as fresh as txt messages on your phone, you want PuSH
# 20:28 aaronpk no, webmention isn't subscribing, because anybody can send me a webmention unsolicited. subscribing implies intent on my behalf
# 20:28 aaronpk realtime is not overrated. I get IRC notiications about all sorts of stuff in realtime and it's great
# 20:28 tantek aaronpk - I think you meant was, subscribing implies an open connection / relationship of sorts
# 20:29 aaronpk anybody can send me a webmention whether I want it or not
# 20:29 tantek you specifically asked for future webmentions for a specific post's comments
# 20:29 aaronpk no, I said "I want to be notified of barnaby's reply", nothing about protocol
# 20:30 aaronpk yes in this case I really do want to subscribe to that thread, and the thread on barnaby's site too. which is going to quickly turn into a de-duplication problem :)
# 20:31 tantek aaronpk - so, you're going to create that right? ;)
# 20:32 tantek gives up on incremental coding improvement for now, but has noted what functions he needs to change to get the incremental UI improvement he wanted.
# 20:35 eschnou aaronpk, I cheated and pinged manually with the good link and it is there, yeah!
# 20:37 barnabywalters there is indeed a potential overescaping problem when dealing with incoming e-* content
# 20:38 barnabywalters my initial thoughts on how to fix it are to see if the content which is expected to be e-* parses as HTML
# 20:39 barnabywalters the problem mainly is that if you expect a property to be parsed as e-* but it was marked up and parsed as p-*, you’re either going to get incorrect HTML or mistake encoded HTML for literal HTML
# 20:40 tantek barnabywalters - worth bringing that up in #microformats
# 20:40 barnabywalters my brain is frazzled from a day of statistical stuff and an evening of whatever it was we were just discussing ;) off to bed now
# 20:43 tantek is still doing lots of catch-up coding on the whole comments / reply-contexts thing.
# 20:43 sandeepshetty aaronpk: re getting notifications about new comments.. old school blogs used to have a "email me when a new comment is posted" type feature
# 20:43 tantek aaronpk - can we use any of those email providers you mentioned/listed on the wiki for that use-case?
# 20:43 eschnou sandeepshetty, I actually do have this feature :-)
# 20:43 aaronpk hah yes, but I don't *really* want to get them via email
# 20:43 tantek eshnou - did you implement it? or do you use an email provider to send?
# 20:44 tantek and it's something they can get from your site, that they can't get from Twitter!!@
# 20:44 eschnou tantek, well, I just use the php send email stuff
# 20:44 eschnou tantek, I guess you can configure the smtp gateway of your choice etc.
# 20:44 aaronpk heh yea I gave up on sending email from my own servers a long time ago. really not fun dealing with delivery issues
# 20:45 eschnou one of the challenge is that I do all this synchronously, but when the comment thread gets long, it means someone posting a new comment sees the waiter rolling for a while...
# 20:46 aaronpk eschnou: I implemented a simple task queuing system into p3k this weekend
# 20:46 eschnou the good thing is I never really have much comments on my site anyway :-)
# 20:46 eschnou aaronpk, that's what I need indeed...
# 20:46 aaronpk check out beanstalkd. works with any/multiple language
# 20:46 eschnou thanks, will have a look
# 20:47 sandeepshetty you could also do a lo-fi solution... add an entry and have a corn send out the email..
# 20:48 eschnou well, I'm off as well, cheers all!
# 20:48 aaronpk yea that would be cool too. simpler/slower queuing, fewer moving parts
b0bg0d and texburgher joined the channel
# 20:52 sandeep.shetty.in created /queueing (+158) "Created page with "Approaches to handle work asynchronously * A proper queuing system like beanstalkd, gearman * Make an entry somewhere for the task and then have a cron do it."" (
view diff )
# 20:52 tantek I was using an h-as-reply class for my replies, but now I'm finding I don't have much use for it
# 20:53 tantek for display purposes (e.g. reply contexts) I can simply ask, does this post have an in-reply-to URL or not?
# 20:53 tantek and if does, display it as a reply with reply context
# 20:55 tantek can I just say I love having #ownyourdata @-reply support?
# 20:56 tantek like I can finally have threaded conversations with Twitter sharecroppers again.
# 20:56 tantek speaking of which, I have to respond to Anil.
andreypopp joined the channel
# 21:21 tantek ok, done replying. Feel free to add more if you think I missed anything.
# 21:21 tantek (still holding the but-why-are-you-still-sharecropping-on-twitter-then ace for later use)
# 21:22 tantek and keep an eye out for genmon in case he actually shows up!
# 21:23 tantek he's in the UK so he may be off for the night.
# 21:23 aaronpk you can !tell him something so you get pinged when he joins!
# 21:23 tantek aaronpk - I'm not sure what his irc nick will be
# 21:24 tantek !tell genmon welcome to #indiewebcamp! how may we service your #indieweb needs? :)
# 21:24 Loqi Ok, I'll tell them that when I see them next
# 21:29 tantek man, posting all those @-replies really makes it clear I need reply-context on my replies on my own site
# 21:29 tantek or at least "View conversation on Twitter" rel syndication links
andreypopp joined the channel
# 21:46 tantek in figuring out what to prioritize implementing, sometimes it's hard for me to tell which itch is hurting more
# 21:46 aaronpk that would at least let me auto-discover your syndicated posts when replying. also when reading your site it's not a big deal to click through to a tweet most of the time
# 21:46 tantek so outside perspective can help a lot there :)
# 21:54 tantek so e.g. "View on Twitter" and "View conversation on Twitter" links then?
# 21:54 tantek would that be click-through discoverable enough?
# 21:54 aaronpk tantek: yes those titles sound completely reasonable
# 21:55 aaronpk or instead of "View on Twitter" it could be "Reply on Twitter" if you want something more actionable
# 21:55 aaronpk that was my reasoning for using "reply on twitter"
# 21:55 tantek I don't want to send a message that I'm advocating using Twitter for replies
# 21:56 tantek since that doesn't seem like a good idea to propagate vis-a-vis supporting an #indieweb way
# 22:04 tantek I'm really glad I'm documenting this itching intuition before/while implementing this stuff, as then it feels much more real than the hypothetical "if only …" or "I wish…" type declarations people usually make
# 22:04 tantek as I implement each one, I plan to move the reasoning bits to the generic pages on each subject
# 22:05 tantek I don't think we can avoid "threading" at least semantically whatever we do. Threading happens naturally due to the freedom of hypertext structures and our use of in-reply-to links
# 22:06 tantek this is independent of any protocol decisions/design
# 22:06 aaronpk i'm not talking about threading in terms of nesting and indented displays
# 22:06 tantek I'm saying it's useful to acknowledge that semantic threading is inevitable
# 22:06 tantek as that helps inform the design of anything related
# 22:07 tantek we can choose to flatten or not in protocol or in display for other reasons
# 22:07 tantek I think Option 2 is something we're going to have to solve any way for multi-replies
# 22:08 tantek which IMO is the right way to approach solving it - solve multireplies
# 22:08 tantek in terms of "much more careful markup to make work properly", perhaps we can combine in-reply-to and breadcrumbs
spinnerin joined the channel
# 22:11 aaronpk I used to implement strict breadcrumbs both on my personal site and also commercial sites I was making, eventually just dropped the whole thing.
# 22:12 tantek they're only useful if they help the reader with a sense of where they are
# 22:12 tantek and if the crumbs are actually useful places to go
# 22:12 tantek re: Option 1 btw - I think subscribing to comments is fascinating and part of a larger "subscribing to an indieweb site" discussion
# 22:12 aaronpk I find the "Where you are" only really applies when you're reading really big sites that have a full TOC like reference manuals
sandeepshetty joined the channel
# 22:13 sandeepshetty aaronpk: re Comment-Notifications I think what you are looking for is doen by salmon..
# 22:14 aaronpk possibly. I would have to dig back into xml land to figure that out, and I remember it being really painful before
# 22:15 sandeepshetty tantek: re the '&' bug: if you encode "tantek & aaronpk" only during displaying it as html, then it still "appears" as "tantek & aaronpk"
# 22:15 tantek push the encoding responsibility to the last moment
# 22:16 tantek sandeepshetty - that's what I do with my own content!
# 22:16 sandeepshetty Thats how I would do it anyway.. its the responsibility of the templating engine in my case..
# 22:18 sandeepshetty also re composite streams (discussion from 2013-05-28): I guess I'm the only on that has only a single post type...
# 22:19 Loqi sandeepshetty meant to say: also re composite streams (discussione from 2013-05-28): I guess I'm the onely one that has onely a single post type...
# 22:19 tantek sandeepshetty - no, the default is that people only have a single post type. a blog post.
# 22:19 tantek what's different is having multiple post types
# 22:20 tantek sandeepshetty - because I like to post notes and articles.
# 22:21 tantek though for me replies aren't a new "type" as much as an aspect of any post type
# 22:22 aaronpk I did, but recently converted by notes to all plaintext for a number of reasons
# 22:23 tantek sandeepshetty - for me, the display is quite different
# 22:23 tantek because I want to make things look different, it makes sense to do so based on an explicit semantic difference.
# 22:23 aaronpk mostly due to syndicating content elsewhere. pushing to twitter, if I had <a href="http://tantek.com">Tantek</a> somewhere, twitter would only display Tantek. Same for when barnaby's site would pull out my h-entry.
# 22:24 tantek sandeepshetty no! UX should always dictate the design of EVERYTHING
b0bg0d joined the channel
# 22:28 sandeepshetty tantek: From a stream perspective it's all just content I'm publishing.... why the need for them to look different?
# 22:29 tantek sandeepshetty - we should document this as another POSSE to Twitter alternative approach
# 22:30 sandeepshetty I should mention I don't auto-post to twitter... I think each medium (twitter/facebook) has it nuances.. so I hand edit before posting..
# 22:31 tantek sandeepshetty - that's a totally fine approach to POSSE
# 22:32 tantek as long as you're *only* posting to Twitter stuff that is at least somewhat on your own site
# 22:32 aaronpk i wasn't posting markdown to twitter, I was posting the text to twitter converted from my HTML.
# 22:32 aaronpk so <a href="http://tantek.com">Tantek</a> would end up on twitter as just "Tantek"
# 22:33 aaronpk and if I linked to an article, it would just get the name of the link
# 22:33 aaronpk so I switched to plaintext just like twitter does it
# 22:33 tantek aaronpk - that's too bad - because you could auto-convert that to an @-reference
andreypopp joined the channel
# 22:38 tantek I see we agree on some things "only one way to do something"
# 22:39 sandeepshetty aaronpk: I also do extended markdown on sandeep.io (stuff like @names, hastags, etc..)
# 22:39 tantek sandeepshetty - yeah, some of it I like, others not
# 22:39 tantek I'm pretty big on the normalish readable text principle
# 22:40 sandeepshetty The big things for me there are the consistent link syntax... check img linking and regular linking..
# 22:41 sandeepshetty and I was going for faster typing.. because it almost always gets converted when viewing...
# 22:42 tantek all the indented list stuff you have gives up on readability IMO
# 22:42 tantek (it's one of my pet peeves with media wiki syntax)
# 22:46 sandeepshetty It's a tradeoff for being able to type in textareas... tabs are big pain in the *** inside textareas
josephboyle joined the channel
# 23:38 tantek um I just came up with I think another post type, that's kind of particular, maybe an edge case
# 23:39 tantek but I'd display it differently than just a photo
# 23:39 tantek because it has a name and caption built into the image
# 23:39 tantek but I'd want to reflect those semantics in alternate markup
# 23:41 aaronpk i think it's just a photo post that also has a name and text content
# 23:44 tantek one difference - a comic would likely have multiple panels
# 23:44 tantek and I'd want to mark that up some way so that it was accessible
# 23:48 tantek I guess I'd need to post a real world example to play with