Man, CoreData can be a pain! CoreData funkiness is currently the biggest thing holding back me getting the next beta of Indigenous for iOS out. Hopefully I can fix it soon so it doesn’t hold up 1.0 for the IndieWeb Summit 😞
{
"type": "entry",
"published": "2018-05-26T00:06:25-04:00",
"summary": "Man, CoreData can be a pain! CoreData funkiness is currently the biggest thing holding back me getting the next beta of Indigenous for iOS out. Hopefully I can fix it soon so it doesn\u2019t hold up 1.0 for the IndieWeb Summit \ud83d\ude1e",
"url": "https://eddiehinkle.com/2018/05/26/1/note/",
"category": [
"indieweb",
"indigenous",
"tech"
],
"content": {
"text": "Man, CoreData can be a pain! CoreData funkiness is currently the biggest thing holding back me getting the next beta of Indigenous for iOS out. Hopefully I can fix it soon so it doesn\u2019t hold up 1.0 for the IndieWeb Summit \ud83d\ude1e",
"html": "<p>Man, CoreData can be a pain! CoreData funkiness is currently the biggest thing holding back me getting the next beta of Indigenous for iOS out. Hopefully I can fix it soon so it doesn\u2019t hold up 1.0 for the IndieWeb Summit \ud83d\ude1e</p>"
},
"author": {
"type": "card",
"name": "Eddie Hinkle",
"url": "https://eddiehinkle.com/",
"photo": "https://aperture-media.p3k.io/eddiehinkle.com/cf9f85e26d4be531bc908d37f69bff1c50b50b87fd066b254f1332c3553df1a8.jpg"
},
"_id": "364878",
"_source": "226",
"_is_read": true
}
{
"type": "entry",
"published": "2018-05-25T18:08:15+00:00",
"url": "http://stream.boffosocko.com/2018/chronotope-im-curious-what-your-thoughts-were-on-dsearls-article",
"category": [
"IndieWeb"
],
"syndication": [
"https://twitter.com/ChrisAldrich/status/1000076129838002176"
],
"in-reply-to": [
"https://twitter.com/Chronotope/status/1000072108431593473"
],
"content": {
"text": "@Chronotope I'm curious what your thoughts were on @dsearls \u200farticle: http://blogs.harvard.edu/doc/2018/05/12/gdpr/\n\nIs there a better way for publishers to own their own adtech in a more decentralized #IndieWeb sort of way? What would that look like?",
"html": "<a href=\"https://twitter.com/Chronotope\">@Chronotope</a> I'm curious what your thoughts were on <a href=\"https://twitter.com/dsearls\">@dsearls</a> \u200farticle: <a href=\"http://blogs.harvard.edu/doc/2018/05/12/gdpr/\">http://blogs.harvard.edu/doc/2018/05/12/gdpr/</a><br />\nIs there a better way for publishers to own their own adtech in a more decentralized <a href=\"http://stream.boffosocko.com/tag/IndieWeb\" class=\"p-category\">#IndieWeb</a> sort of way? What would that look like?"
},
"author": {
"type": "card",
"name": "Chris Aldrich",
"url": "http://stream.boffosocko.com/profile/chrisaldrich",
"photo": "https://aperture-media.p3k.io/stream.boffosocko.com/d0ba9f65fcbf0cef3bdbcccc0b6a1f42b1310f7ab2e07208c7a396166cde26b1.jpg"
},
"_id": "363411",
"_source": "192",
"_is_read": true
}
{
"type": "entry",
"author": {
"name": "Kh\u00fcrt Williams",
"url": "https://islandinthenet.com/",
"photo": null
},
"url": "https://islandinthenet.com/does-gdpr-apply-to-eu-citizens-in-the-united-states/",
"published": "2018-05-25T01:36:13+00:00",
"content": {
"html": "Read <a href=\"https://www.compliancejunction.com/does-gdpr-apply-to-eu-citizens-in-the-united-states/\">Does GDPR apply to EU citizens in the United States</a> by GDPR News<em> (Compliance Junction)</em>\n<blockquote><p>If they deal with a business or organization in one of the non-EU countries they may be in, any personal data they provide is not covered by the GDPR rules, as they are not located within the EU at the time. It is not the citizenship of the person that is important, but where they are situated.</p>\n<p>Looking at another example helps to further illustrate who the GDPR applies to. A US citizen is temporarily residing or travelling in France, which is an EU country. They make a purchase from a local store and provide personal information during the transaction. This personal information is covered by GDPR as the person is located within the EU as the purchase takes place.</p>\n<p>From these examples you can see that the personal data of an EU citizen residing in the US, for example, would be dealt with according to individual data protection laws within the US and would not be subject to GDPR compliance, whereas the personal data of a US citizen residing in the EU would be subject to GDPR regulations.</p></blockquote>\n\nShort answer. It depends but ordinarily \u2026 NO!\n<p>IANAL but the information in this <a href=\"https://www.compliancejunction.com/does-gdpr-apply-to-eu-citizens-in-the-united-states/\">Compliance Junction article</a> seems legit. Two staff members from Pivoti covered PCI DSS and GDPR at last nights ( and at times contentious) <a href=\"https://islandinthenet.com/pci-dss-gdpr-compliance-event-with-isc2-new-jersey-chapter/\">GDPR and Privacy Event</a> of the <a href=\"https://isc2chapternj.org/about/\">New Jersey Chapter</a> of the <a href=\"https://www.isc2.org/About\">ISC2</a>.</p>\n<p>So \u2026 hey Europeans. If you come to the USA and shop at the small local shops in my town, don\u2019t expect you\u2019re EU legal rights to be respected. The local coffee shop which has no presence in the EU and has no website that sells/service EU citizens is not subject to GDPR. If you are a local business, the local business association or chamber of commerce in your town may be the best place to get help. EU laws do NOT apply to natural persons or US only businesses doing business in the USA.</p>\n<blockquote><p>\n The primary determining factor is the location of the individual when considering whether GDPR rules apply. Any business or organization that processes the data of people living within the EU, no matter where the group is located, should comply with the GDPR stipulations or face being fined for non-compliance.\n</p></blockquote>\n<p><a href=\"https://boffosocko.com/2018/05/10/an-indieweb-podcast-episode-4-webmentions-and-privacy/\">Chris Aldrich</a> and <a href=\"https://david.shanske.com/2018/05/13/1927/\">David Shanske</a>, I think that you will be happy to know that Webmentions should meet the intentions of the GDPR if:</p>\n<ul><li>they have a privacy policy in place that lists articulates the information their website collects,</li>\n<li>if they disable any sort of analytics,</li>\n<li>and have a way to remove/anonymise IP addresses in their database and logs,</li>\n<li>provide a way for users to remove ordinary comments (or move those to Disqus) since Webmentions already support deletion.</li>\n</ul><p>I am leaning toward using the open-source <a href=\"https://posativ.org/isso/\">Isso</a> on this website.</p>",
"text": "Read Does GDPR apply to EU citizens in the United States by GDPR News (Compliance Junction)\nIf they deal with a business or organization in one of the non-EU countries they may be in, any personal data they provide is not covered by the GDPR rules, as they are not located within the EU at the time. It is not the citizenship of the person that is important, but where they are situated.\nLooking at another example helps to further illustrate who the GDPR applies to. A US citizen is temporarily residing or travelling in France, which is an EU country. They make a purchase from a local store and provide personal information during the transaction. This personal information is covered by GDPR as the person is located within the EU as the purchase takes place.\nFrom these examples you can see that the personal data of an EU citizen residing in the US, for example, would be dealt with according to individual data protection laws within the US and would not be subject to GDPR compliance, whereas the personal data of a US citizen residing in the EU would be subject to GDPR regulations.\n\nShort answer. It depends but ordinarily \u2026 NO!\nIANAL but the information in this Compliance Junction article seems legit. Two staff members from Pivoti covered PCI DSS and GDPR at last nights ( and at times contentious) GDPR and Privacy Event of the New Jersey Chapter of the ISC2.\nSo \u2026 hey Europeans. If you come to the USA and shop at the small local shops in my town, don\u2019t expect you\u2019re EU legal rights to be respected. The local coffee shop which has no presence in the EU and has no website that sells/service EU citizens is not subject to GDPR. If you are a local business, the local business association or chamber of commerce in your town may be the best place to get help. EU laws do NOT apply to natural persons or US only businesses doing business in the USA.\n\n The primary determining factor is the location of the individual when considering whether GDPR rules apply. Any business or organization that processes the data of people living within the EU, no matter where the group is located, should comply with the GDPR stipulations or face being fined for non-compliance.\n\nChris Aldrich and David Shanske, I think that you will be happy to know that Webmentions should meet the intentions of the GDPR if:\nthey have a privacy policy in place that lists articulates the information their website collects,\nif they disable any sort of analytics,\nand have a way to remove/anonymise IP addresses in their database and logs,\nprovide a way for users to remove ordinary comments (or move those to Disqus) since Webmentions already support deletion.\nI am leaning toward using the open-source Isso on this website."
},
"name": "Does GDPR apply to EU citizens in the United States?",
"_id": "362726",
"_source": "242",
"_is_read": true
}
going to IndieWeb Summit 2018! June 26-27th at the Elliot Center in Portland, Oregon! This will be the #indieweb #openweb #dweb event of the year. RSVPs limited to 100 total, sign-up before tickets sell-out: https://2018.indieweb.org/
{
"type": "entry",
"published": "2018-05-24 18:18-0700",
"rsvp": "yes",
"url": "http://tantek.com/2018/144/t1/indieweb-summit",
"category": [
"indieweb",
"openweb",
"dweb"
],
"in-reply-to": [
"https://2018.indieweb.org/"
],
"content": {
"text": "going to IndieWeb Summit 2018! June 26-27th at the Elliot Center in Portland, Oregon!\nThis will be the #indieweb #openweb #dweb event of the year. RSVPs limited to 100 total, sign-up before tickets sell-out: https://2018.indieweb.org/",
"html": "going to IndieWeb Summit 2018! June 26-27th at the Elliot Center in Portland, Oregon!<br />This will be the #indieweb #openweb #dweb event of the year. RSVPs limited to 100 total, sign-up before tickets sell-out: <a href=\"https://2018.indieweb.org/\">https://2018.indieweb.org/</a>"
},
"author": {
"type": "card",
"name": "Tantek \u00c7elik",
"url": "http://tantek.com/",
"photo": "https://aperture-media.p3k.io/tantek.com/acfddd7d8b2c8cf8aa163651432cc1ec7eb8ec2f881942dca963d305eeaaa6b8.jpg"
},
"refs": {
"https://2018.indieweb.org/": {
"type": "entry",
"url": "https://2018.indieweb.org/",
"name": "2018.indieweb.org\u2019s post"
}
},
"_id": "360927",
"_source": "1",
"_is_read": true
}
{
"type": "entry",
"rsvp": "yes",
"url": "https://strugee.net/blog/2018/05/going-to-indieweb-summit-2018",
"category": [
"personal"
],
"in-reply-to": [
"https://2018.indieweb.org/"
],
"name": "Going to IndieWeb Summit 2018",
"content": {
"text": "Once again, I'll be attending the IndieWeb Summit this year. Probably I'll work on lazymention and the social-stream branch of this website. Maybe I'll work on Stratic too! I'm super excited.",
"html": "<p>Once again, I'll be attending the <a href=\"https://2018.indieweb.org/\" class=\"u-in-reply-to\">IndieWeb Summit</a> this year. Probably I'll work on <a href=\"https://github.com/strugee/lazymention\">lazymention</a> and the <a href=\"https://github.com/strugee/strugee.github.com/tree/social-stream\"><code>social-stream</code> branch</a> of this website. Maybe I'll work on <a href=\"https://stratic.js.org/\">Stratic</a> too! I'm super excited.</p>"
},
"author": {
"type": "card",
"name": "AJ Jordan",
"url": "https://strugee.net/",
"photo": null
},
"_id": "356796",
"_source": "207",
"_is_read": true
}
{
"type": "entry",
"author": {
"name": null,
"url": "https://strugee.net/blog/",
"photo": null
},
"url": "https://strugee.net/blog/2018/05/going-to-indieweb-summit-2018",
"published": "2018-05-23T18:14:52+00:00",
"content": {
"html": "<p>Once again, I'll be attending the <a href=\"https://2018.indieweb.org/\">IndieWeb Summit</a> this year. Probably I'll work on <a href=\"https://github.com/strugee/lazymention\">lazymention</a> and the <a href=\"https://github.com/strugee/strugee.github.com/tree/social-stream\"><code>social-stream</code> branch</a> of this website. Maybe I'll work on <a href=\"https://stratic.js.org/\">Stratic</a> too! I'm super excited.</p>",
"text": "Once again, I'll be attending the IndieWeb Summit this year. Probably I'll work on lazymention and the social-stream branch of this website. Maybe I'll work on Stratic too! I'm super excited."
},
"name": "Going to IndieWeb Summit 2018",
"_id": "356797",
"_source": "227",
"_is_read": true
}
Registration (on the microformats wiki) works fine. I just tried it and created a new account. If you are having trouble understanding the microformats wiki, whether with registration or anything, please state the problem as a question and check the FAQ accordingly: http://microformats.org/wiki/faq
Recommend closure of issue #3704, works for me, no changes to HTML Standard needed.
{
"type": "entry",
"published": "2018-05-23 18:34-0700",
"url": "http://tantek.com/2018/143/t6/",
"category": [
"3704"
],
"in-reply-to": [
"https://github.com/whatwg/html/issues/3704"
],
"content": {
"text": "Registration (on the microformats wiki) works fine. I just tried it and created a new account. If you are having trouble understanding the microformats wiki, whether with registration or anything, please state the problem as a question and check the FAQ accordingly: http://microformats.org/wiki/faq\n\nRecommend closure of issue #3704, works for me, no changes to HTML Standard needed.",
"html": "Registration (on the microformats wiki) works fine. I just tried it and created a new account. If you are having trouble understanding the microformats wiki, whether with registration or anything, please state the problem as a question and check the FAQ accordingly: <a href=\"http://microformats.org/wiki/faq\">http://microformats.org/wiki/faq</a><br /><br />Recommend closure of issue #3704, works for me, no changes to HTML Standard needed."
},
"author": {
"type": "card",
"name": "Tantek \u00c7elik",
"url": "http://tantek.com/",
"photo": "https://aperture-media.p3k.io/tantek.com/acfddd7d8b2c8cf8aa163651432cc1ec7eb8ec2f881942dca963d305eeaaa6b8.jpg"
},
"refs": {
"https://github.com/whatwg/html/issues/3704": {
"type": "entry",
"url": "https://github.com/whatwg/html/issues/3704",
"name": "issue 3704 of GitHub project \u201chtml\u201d"
}
},
"_id": "356629",
"_source": "1",
"_is_read": true
}
“It is common to refer to universally popular social media sites like Facebook, Instagram, Snapchat, and Pinterest as “walled gardens.” But they are not gardens; they are walled industrial sites, within which users, for no financial compensation, produce data which the owners of the factories sift and then sell. Some of these factories (Twitter, Tumblr, and more recently Instagram) have transparent walls, by which I mean that you need an account to post anything but can view what has been posted on the open Web; others (Facebook, Snapchat) keep their walls mostly or wholly opaque. But they all exercise the same disciplinary control over those who create or share content on their domain.”
{
"type": "entry",
"published": "2018-05-22T10:34:23-04:00",
"url": "https://martymcgui.re/2018/05/22/103423/",
"category": [
"domain-of-ones-own",
"IndieWeb",
"silos"
],
"bookmark-of": [
"http://www.iasc-culture.org/THR/THR_article_2018_Spring_Jacobs.php"
],
"content": {
"text": "\ud83d\udd16 Bookmarked http://www.iasc-culture.org/THR/THR_article_2018_Spring_Jacobs.php\n \n \n \n IASC: The Hedgehog Review - Volume 20, No. 1 (Spring 2018) - Tending the Digital Commons: A Small Ethics toward the Future -\n \n \n\u201cIt is common to refer to universally popular social media sites like Facebook, Instagram, Snapchat, and Pinterest as \u201cwalled gardens.\u201d But they are not gardens; they are walled industrial sites, within which users, for no financial compensation, produce data which the owners of the factories sift and then sell. Some of these factories (Twitter, Tumblr, and more recently Instagram) have transparent walls, by which I mean that you need an account to post anything but can view what has been posted on the open Web; others (Facebook, Snapchat) keep their walls mostly or wholly opaque. But they all exercise the same disciplinary control over those who create or share content on their domain.\u201d",
"html": "\ud83d\udd16 Bookmarked <a class=\"u-bookmark-of\" href=\"http://www.iasc-culture.org/THR/THR_article_2018_Spring_Jacobs.php\">http://www.iasc-culture.org/THR/THR_article_2018_Spring_Jacobs.php</a>\n \n \n \n <a class=\"u-url p-name\" href=\"http://www.iasc-culture.org/THR/THR_article_2018_Spring_Jacobs.php\">IASC: The Hedgehog Review - Volume 20, No. 1 (Spring 2018) - Tending the Digital Commons: A Small Ethics toward the Future -</a>\n \n <blockquote class=\"p-summary\">\n<p>\u201cIt is common to refer to universally popular social media sites like Facebook, Instagram, Snapchat, and Pinterest as \u201cwalled gardens.\u201d But they are not gardens; they are walled industrial sites, within which users, for no financial compensation, produce data which the owners of the factories sift and then sell. Some of these factories (Twitter, Tumblr, and more recently Instagram) have transparent walls, by which I mean that you need an account to post anything but can view what has been posted on the open Web; others (Facebook, Snapchat) keep their walls mostly or wholly opaque. But they all exercise the same disciplinary control over those who create or share content on their domain.\u201d</p>\n</blockquote>"
},
"author": {
"type": "card",
"name": "Marty McGuire",
"url": "https://martymcgui.re/",
"photo": "https://aperture-media.p3k.io/martymcgui.re/4f9fac2b9e3ae62998c557418143efe288bca8170a119921a9c6bfeb0a1263a2.jpg"
},
"refs": {
"http://www.iasc-culture.org/THR/THR_article_2018_Spring_Jacobs.php": {
"type": "entry",
"summary": "\u201cIt is common to refer to universally popular social media sites like Facebook, Instagram, Snapchat, and Pinterest as \u201cwalled gardens.\u201d But they are not gardens; they are walled industrial sites, within which users, for no financial compensation, produce data which the owners of the factories sift and then sell. Some of these factories (Twitter, Tumblr, and more recently Instagram) have transparent walls, by which I mean that you need an account to post anything but can view what has been posted on the open Web; others (Facebook, Snapchat) keep their walls mostly or wholly opaque. But they all exercise the same disciplinary control over those who create or share content on their domain.\u201d",
"url": "http://www.iasc-culture.org/THR/THR_article_2018_Spring_Jacobs.php",
"name": "IASC: The Hedgehog Review - Volume 20, No. 1 (Spring 2018) - Tending the Digital Commons: A Small Ethics toward the Future -"
}
},
"_id": "349115",
"_source": "175",
"_is_read": true
}
{
"type": "entry",
"published": "2017-12-05T12:30:51-08:00",
"url": "https://aaronparecki.com/2017/12/05/8/indieauth",
"category": [
"indieweb",
"indiewebchallenge",
"indieauth",
"oauth2",
"oauth"
],
"name": "Announcing the IndieAuth Spec!",
"content": {
"text": "It's been a long time coming, but I've finally published a proper IndieAuth spec!\nIndieAuth has been around for years, and is even referenced by the Micropub\u00a0spec. But until now, there wasn't a canonical version of the spec all in one place. Previously it existed as a series of how-to guides on the IndieWeb wiki. Arguably it's actually more useful that way, since the whole point of specs is to communicate a consistent way of implementing something. But it did make it awkward to refer to it formally.\nSo I'm happy to say that there is finally a spec for IndieAuth, at\u00a0https://indieauth.net/spec/\nThis document captures the current state of what has been implemented, and incorporates much of the feedback we've gathered over the years. Most of the document is split up into authentication and authorization sections, for when you are trying to just identify users for sign-in in vs when a Micropub client is trying to get an access token to post to the user's site. Formally it's an extension to OAuth 2.0, and makes several decisions that were left un-specified in the OAuth 2.0 core spec.\nIf you've implemented any part of this spec, or are thinking about it, I'd appreciate any feedback! Feel free to comment on this post, file an issue on GitHub, or drop a note in the IndieWeb chat!",
"html": "<p>It's been a long time coming, but I've finally published a proper <a href=\"https://indieauth.net/spec/\">IndieAuth spec</a>!</p>\n<p>IndieAuth has been around for years, and is even referenced by the <a href=\"https://www.w3.org/TR/micropub/\">Micropub</a>\u00a0spec. But until now, there wasn't a canonical version of the spec all in one place. Previously it existed as a series of how-to guides on the <a href=\"https://indieweb.org/Category:IndieAuth\">IndieWeb wiki</a>. Arguably it's actually more useful that way, since the whole point of specs is to communicate a consistent way of implementing something. But it did make it awkward to refer to it formally.</p>\n<p>So I'm happy to say that there is finally a spec for IndieAuth, at\u00a0<a href=\"https://indieauth.net/spec/\">https://indieauth.net/spec/</a></p>\n<p>This document captures the current state of what has been implemented, and incorporates much of the feedback we've gathered over the years. Most of the document is split up into <a href=\"https://indieauth.net/spec/#authentication\">authentication</a> and <a href=\"https://indieauth.net/spec/#authorization\">authorization</a> sections, for when you are trying to just identify users for sign-in in vs when a Micropub client is trying to get an access token to post to the user's site. Formally it's an extension to <a href=\"https://oauth.net/2/\">OAuth 2.0</a>, and makes several decisions that were left un-specified in the OAuth 2.0 core spec.</p>\n<p>If you've implemented any part of this spec, or are thinking about it, I'd appreciate any feedback! Feel free to comment on this post, file an issue <a href=\"https://github.com/aaronpk/indieauth.net/issues\">on GitHub</a>, or drop a note in the <a href=\"https://chat.indieweb.org/dev\">IndieWeb chat</a>!</p>"
},
"author": {
"type": "card",
"name": "Aaron Parecki",
"url": "https://aaronparecki.com/",
"photo": "https://aperture-media.p3k.io/aaronparecki.com/2b8e1668dcd9cfa6a170b3724df740695f73a15c2a825962fd0a0967ec11ecdc.jpg"
},
"_id": "347472",
"_source": "16",
"_is_read": true
}
{
"type": "entry",
"published": "2017-10-04T19:03:28-07:00",
"url": "https://aaronparecki.com/2017/10/04/23/passwordless-logins",
"featured": "https://aaronparecki.com/2017/10/04/23/image-1.jpg",
"category": [
"okta",
"security",
"password",
"login"
],
"name": "Passwordless Logins for Your Website",
"content": {
"text": "Why Passwordless Logins?\nThere are many reasons passwords are terrible, especially passwords that you have to remember. There are also many situations in which it's not practical to enter a password, or it's not safe.\nWhen I travel for IndieWebCamps or other conferences, I often need to log in to my website to give demos of things. Sometimes I'm giving a demo in front of a bunch of people, or using a computer that isn't mine. I can't be sure that there isn't a keylogger on the computer I'm using, or that my typing isn't being recorded by cameras for the livestream. It would be great if there was a way to log in on a guest computer without having to type in my password manually.\nI was able to create a workflow where I replaced the password box on my website with a button which sends a login request to my phone. I then have to unlock my phone and confirm the login request from the device, and then the session on the desktop that requested the login is confirmed and I'm logged in.\nBut first, a bit of background.\nAuthentication Factors\nThere are generally three categories of authentication factors talked about in security.\nSomething you know (Knowledge): A knowledge factor is something you know, such as your password.\n Something you have (Possession): Possession factors are something you have, such as a Yubikey, a phone, or some other physical security token.\n Something you are (Inherence): An Inherence factor is something you are, usually a biometric characteristic such as a fingerprint, voice pattern or iris pattern.\nFor most of computing history, only a knowledge factor (a password) was used. If you never wrote down the password, then a password is strictly a knowledge factor.\nLately, more systems are now requiring two factors of authentication, such as asking you for your password (Knowledge) and also requiring that you insert a security key (Possession). Apple accomplishes two-factor authentication with a password (Knowledge) and your fingerprint (Inherence). This obviously provides better security, since an attacker now needs to compromise two things with very different attack surface areas.\nWith the advent of password managers, more people are now turning passwords (Knowledge factors) into Possession factors. It's worth thinking about this from the threat model perspective. If someone is trying to hack into my account that has only a password, then it is possible to brute force the account eventually. If the account requires just a possession factor to log in, then if someone steals the physical device they can log in to my account. Password managers end up converting a password into a Possession Factor, since if someone steals the device that is storing my passwords, they would be able to use the passwords. Because of this risk, most password managers protect the device with either a \"master password\" (Knowledge Factor) or a biometric aspect, such as using Apple's TouchID (an Inherence Factor). \nThe Passwordless Workflow\nNow that we have that out of the way, let's get into how I can use an iPhone app as the primary authentication factor for logging in to my website.\nThe workflow that I ended up using, and that I'll document in a future blog post, works as follows:\nGo to the website and, click \"sign in\"\n Enter my username, and press the \"log in\" button\n A notification on my phone pops up asking to confirm the login\n Tap \"approve\", and swipe my thumbprint\n The website sees that I've confirmed the login request and starts the session\nNo password is required for this flow! Instead, we require two factors: something you have (your phone), and something you are (your fingerprint). This means we are now even more secure than using just a password.\u00a0\nTo implement this on my website, I used the Okta Verify app, since they've gone to great lengths to create a secure iPhone app and they run servers that will handle that aspect of the security.\nIn addition to the server no longer accepting a brute-forceable password, we rely on the security provided by the Okta app and their servers to handle the multi-factor aspect of security.\u00a0\nWhy is this more secure than TOTP?\nTOTP is the spec used by Google Authenticator and other similar apps that ask you to enter a 6-digit code. Typically setting this up will involve scanning a QR code into an app, and then it will generate 6 digits that change every 30 seconds. You might be tempted to use this as a primary login factor, since ultimately the end user flow for this ends up looking similar to the Okta Verify flow outlined above. However, there are a couple reasons using TOTP as a primary factor isn't secure.\nThe TOTP spec, used by Google Authenticator and many others, is acceptable as a second factor of authentication. However it was not designed to be the primary factor.\nIf you try to use TOTP as the only factor, it is essentially a really bad password. Since the length and character set of the TOTP codes are known, an attacker only has to try guessing 6 digit passwords until they get in. Another attack vector is if someone can watch you enter a valid code, they could steal the code and log in on another device, since the codes can typically be replayed.\nBecause of these issues, TOTP is only acceptable as an additional factor after already confirming a first authentication factor such as a password.\nImplementing the Flow\nIn a future blog post, I'll outline the steps required to actually implement this flow using the Okta Verify app.\u00a0",
"html": "<img src=\"https://aperture-media.p3k.io/aaronparecki.com/ea30048d91bf44cc58c630dfdf87643b02223383efac09f2d49824a3d33ef1f5.jpg\" alt=\"\" class=\"u-featured\" /><h2>Why Passwordless Logins?</h2>\n<p>There are many reasons passwords are terrible, especially passwords that you have to remember. There are also many situations in which it's not practical to enter a password, or it's not safe.</p>\n<p>When I travel for IndieWebCamps or other conferences, I often need to log in to my website to give demos of things. Sometimes I'm giving a demo in front of a bunch of people, or using a computer that isn't mine. I can't be sure that there isn't a keylogger on the computer I'm using, or that my typing isn't being recorded by cameras for the livestream. It would be great if there was a way to log in on a guest computer without having to type in my password manually.</p>\n<p>I was able to create a workflow where I replaced the password box on my website with a button which sends a login request to my phone. I then have to unlock my phone and confirm the login request from the device, and then the session on the desktop that requested the login is confirmed and I'm logged in.</p>\n<p>But first, a bit of background.</p>\n<h2>Authentication Factors</h2>\n<p>There are generally three categories of authentication factors talked about in security.</p>\n<ul><li>Something you know (Knowledge): A knowledge factor is something you know, such as your password.</li>\n <li>Something you have (Possession): Possession factors are something you have, such as a Yubikey, a phone, or some other physical security token.</li>\n <li>Something you are (Inherence): An Inherence factor is something you are, usually a biometric characteristic such as a fingerprint, voice pattern or iris pattern.</li>\n</ul><p>For most of computing history, only a knowledge factor (a password) was used. If you never wrote down the password, then a password is strictly a knowledge factor.</p>\n<p>Lately, more systems are now requiring two factors of authentication, such as asking you for your password (Knowledge) and also requiring that you insert a security key (Possession). Apple accomplishes two-factor authentication with a password (Knowledge) and your fingerprint (Inherence). This obviously provides better security, since an attacker now needs to compromise two things with very different attack surface areas.</p>\n<p>With the advent of password managers, more people are now turning passwords (Knowledge factors) into Possession factors. It's worth thinking about this from the threat model perspective. If someone is trying to hack into my account that has only a password, then it is possible to brute force the account eventually. If the account requires just a possession factor to log in, then if someone steals the physical device they can log in to my account. Password managers end up converting a password into a Possession Factor, since if someone steals the device that is storing my passwords, they would be able to use the passwords. Because of this risk, most password managers protect the device with either a \"master password\" (Knowledge Factor) or a biometric aspect, such as using Apple's TouchID (an Inherence Factor). </p>\n<h2>The Passwordless Workflow</h2>\n<p>Now that we have that out of the way, let's get into how I can use an iPhone app as the primary authentication factor for logging in to my website.</p>\n<p>The workflow that I ended up using, and that I'll document in a future blog post, works as follows:</p>\n<ul><li>Go to the website and, click \"sign in\"</li>\n <li>Enter my username, and press the \"log in\" button</li>\n <li>A notification on my phone pops up asking to confirm the login</li>\n <li>Tap \"approve\", and swipe my thumbprint</li>\n <li>The website sees that I've confirmed the login request and starts the session</li>\n</ul><p>No password is required for this flow! Instead, we require two factors: something you have (your phone), and something you are (your fingerprint). This means we are now even more secure than using just a password.\u00a0</p>\n<p>To implement this on my website, I used the Okta Verify app, since they've gone to great lengths to create a secure iPhone app and they run servers that will handle that aspect of the security.</p>\n<p>In addition to the server no longer accepting a brute-forceable password, we rely on the security provided by the Okta app and their servers to handle the multi-factor aspect of security.\u00a0</p>\n<h2>Why is this more secure than TOTP?</h2>\n<p>TOTP is the spec used by Google Authenticator and other similar apps that ask you to enter a 6-digit code. Typically setting this up will involve scanning a QR code into an app, and then it will generate 6 digits that change every 30 seconds. You might be tempted to use this as a primary login factor, since ultimately the end user flow for this ends up looking similar to the Okta Verify flow outlined above. However, there are a couple reasons using TOTP as a primary factor isn't secure.</p>\n<p>The TOTP spec, used by Google Authenticator and many others, is acceptable as a second factor of authentication. However it was not designed to be the primary factor.</p>\n<p>If you try to use TOTP as the only factor, it is essentially a really bad password. Since the length and character set of the TOTP codes are known, an attacker only has to try guessing 6 digit passwords until they get in. Another attack vector is if someone can watch you enter a valid code, they could steal the code and log in on another device, since the codes can typically be replayed.</p>\n<p>Because of these issues, TOTP is only acceptable as an additional factor after already confirming a first authentication factor such as a password.</p>\n<h2>Implementing the Flow</h2>\n<p>In a future blog post, I'll outline the steps required to actually implement this flow using the Okta Verify app.\u00a0</p>"
},
"author": {
"type": "card",
"name": "Aaron Parecki",
"url": "https://aaronparecki.com/",
"photo": "https://aperture-media.p3k.io/aaronparecki.com/2b8e1668dcd9cfa6a170b3724df740695f73a15c2a825962fd0a0967ec11ecdc.jpg"
},
"_id": "347476",
"_source": "16",
"_is_read": true
}
It is common to refer to universally popular social media sites like Facebook, Instagram, Snapchat, and Pinterest as “walled gardens.” But they are not gardens; they are walled industrial sites, within which users, for no financial compensation, produce data which the owners of the factories sift and then sell. Some of these factories (Twitter, Tumblr, and more recently Instagram) have transparent walls, by which I mean that you need an account to post anything but can view what has been posted on the open Web; others (Facebook, Snapchat) keep their walls mostly or wholly opaque. But they all exercise the same disciplinary control over those who create or share content on their domain.
Professor Alan Jacobs makes the case for the indie web:
We need to revivify the open Web and teach others—especially those who have never known the open Web—to learn to live extramurally: outside the walls.
What do I mean by “the open Web”? I mean the World Wide Web as created by Tim Berners-Lee and extended by later coders. The open Web is effectively a set of protocols that allows the creating, sharing, and experiencing of text, sounds, and images on any computer that is connected to the Internet and has installed on it a browser that can interpret information encoded in conformity with these protocols.
This resonated strongly with me:
To teach children how to own their own domains and make their own websites might seem a small thing. In many cases it will be a small thing. Yet it serves as a reminder that the online world does not merely exist, but is built, and built to meet the desires of certain very powerful people—but could be built differently.
{
"type": "entry",
"published": "2018-05-21T22:20:18Z",
"url": "https://adactio.com/links/13911",
"category": [
"indieweb",
"open",
"web",
"silos",
"future",
"teaching",
"building",
"digital",
"preservation",
"commons",
"ownership",
"decentralisation",
"facebook",
"twitter",
"instagram",
"pinterest"
],
"bookmark-of": [
"http://www.iasc-culture.org/THR/THR_article_2018_Spring_Jacobs.php"
],
"content": {
"text": "Tending the Digital Commons: A Small Ethics toward the Future\n\n\n\n\n It is common to refer to universally popular social media sites like Facebook, Instagram, Snapchat, and Pinterest as \u201cwalled gardens.\u201d But they are not gardens; they are walled industrial sites, within which users, for no financial compensation, produce data which the owners of the factories sift and then sell. Some of these factories (Twitter, Tumblr, and more recently Instagram) have transparent walls, by which I mean that you need an account to post anything but can view what has been posted on the open Web; others (Facebook, Snapchat) keep their walls mostly or wholly opaque. But they all exercise the same disciplinary control over those who create or share content on their domain.\n\n\nProfessor Alan Jacobs makes the case for the indie web:\n\n\n We need to revivify the open Web and teach others\u2014especially those who have never known the open Web\u2014to learn to live extramurally: outside the walls.\n \n What do I mean by \u201cthe open Web\u201d? I mean the World Wide Web as created by Tim Berners-Lee and extended by later coders. The open Web is effectively a set of protocols that allows the creating, sharing, and experiencing of text, sounds, and images on any computer that is connected to the Internet and has installed on it a browser that can interpret information encoded in conformity with these protocols.\n\n\nThis resonated strongly with me:\n\n\n To teach children how to own their own domains and make their own websites might seem a small thing. In many cases it will be a small thing. Yet it serves as a reminder that the online world does not merely exist, but is built, and built to meet the desires of certain very powerful people\u2014but could be built differently.",
"html": "<h3>\n<a class=\"p-name u-bookmark-of\" href=\"http://www.iasc-culture.org/THR/THR_article_2018_Spring_Jacobs.php\">\nTending the Digital Commons: A Small Ethics toward the Future\n</a>\n</h3>\n\n<blockquote>\n <p>It is common to refer to universally popular social media sites like Facebook, Instagram, Snapchat, and Pinterest as \u201cwalled gardens.\u201d But they are not gardens; they are walled industrial sites, within which users, for no financial compensation, produce data which the owners of the factories sift and then sell. Some of these factories (Twitter, Tumblr, and more recently Instagram) have transparent walls, by which I mean that you need an account to post anything but can view what has been posted on the open Web; others (Facebook, Snapchat) keep their walls mostly or wholly opaque. But they all exercise the same disciplinary control over those who create or share content on their domain.</p>\n</blockquote>\n\n<p>Professor Alan Jacobs makes the case for the indie web:</p>\n\n<blockquote>\n <p>We need to revivify the open Web and teach others\u2014especially those who have never known the open Web\u2014to learn to live extramurally: outside the walls.</p>\n \n <p>What do I mean by \u201cthe open Web\u201d? I mean the World Wide Web as created by Tim Berners-Lee and extended by later coders. The open Web is effectively a set of protocols that allows the creating, sharing, and experiencing of text, sounds, and images on any computer that is connected to the Internet and has installed on it a browser that can interpret information encoded in conformity with these protocols.</p>\n</blockquote>\n\n<p>This resonated strongly with me:</p>\n\n<blockquote>\n <p>To teach children how to own their own domains and make their own websites might seem a small thing. In many cases it <em>will</em> be a small thing. Yet it serves as a reminder that the online world does not merely exist, but is <em>built</em>, and built to meet the desires of certain very powerful people\u2014but could be built differently.</p>\n</blockquote>"
},
"_id": "347137",
"_source": "2",
"_is_read": true
}
{
"type": "entry",
"published": "2018-05-21T11:37:12-04:00",
"url": "https://martymcgui.re/2018/05/21/113712/",
"category": [
"podcast",
"IndieWeb",
"this-week-indieweb-podcast"
],
"audio": [
"https://aperture-media.p3k.io/media.martymcgui.re/9e3a7afa6f929ebef6eb3bdf9e3d36ad950a184b2286f4b2e9f22db9e3a090ae.mp3"
],
"syndication": [
"https://huffduffer.com/schmarty/482948",
"https://twitter.com/schmarty/status/998589121873567750",
"https://www.facebook.com/marty.mcguire.54/posts/10212079870254003"
],
"name": "This Week in the IndieWeb Audio Edition \u2022 May 12th - 18th, 2018",
"content": {
"text": "Notes from newcomers, 5 years of Ghosting, and uh-oh for dot-IO. It\u2019s the audio edition for This Week in the IndieWeb for May 12th - 18th, 2018.\n\nYou can find all of my audio editions and subscribe with your favorite podcast app here: martymcgui.re/podcasts/indieweb/.\n\nMusic from Aaron Parecki\u2019s 100DaysOfMusic project: Day 85 - Suit, Day 48 - Glitch, Day 49 - Floating, Day 9, and Day 11\n\nThanks to everyone in the IndieWeb chat for their feedback and suggestions. Please drop me a note if there are any changes you\u2019d like to see for this audio edition!",
"html": "<p>Notes from newcomers, 5 years of Ghosting, and uh-oh for dot-IO. It\u2019s the audio edition for <a href=\"https://indieweb.org/this-week/2018-05-18.html\">This Week in the IndieWeb for May 12th - 18th, 2018</a>.</p>\n\n<p>You can find all of my audio editions and subscribe with your favorite podcast app here: <a href=\"https://martymcgui.re/podcasts/indieweb/\">martymcgui.re/podcasts/indieweb/</a>.</p>\n\n<p>Music from <a href=\"https://aaronparecki.com/\">Aaron Parecki</a>\u2019s <a href=\"https://100.aaronparecki.com/\">100DaysOfMusic project</a>: <a href=\"https://aaronparecki.com/2017/03/15/14/day85\">Day 85 - Suit</a>, <a href=\"https://aaronparecki.com/2017/02/06/7/day48\">Day 48 - Glitch</a>, <a href=\"https://aaronparecki.com/2017/02/07/4/day49\">Day 49 - Floating</a>, <a href=\"https://aaronparecki.com/2016/12/29/21/day-9\">Day 9</a>, and <a href=\"https://aaronparecki.com/2016/12/31/15/\">Day 11</a></p>\n\n<p>Thanks to everyone in the <a href=\"https://chat.indieweb.org/\">IndieWeb chat</a> for their feedback and suggestions. Please drop me a note if there are any changes you\u2019d like to see for this audio edition!</p>"
},
"author": {
"type": "card",
"name": "Marty McGuire",
"url": "https://martymcgui.re/",
"photo": "https://aperture-media.p3k.io/martymcgui.re/4f9fac2b9e3ae62998c557418143efe288bca8170a119921a9c6bfeb0a1263a2.jpg"
},
"_id": "346057",
"_source": "175",
"_is_read": true
}
I started a Twitter account, and fell into a world of good, dumb, weird jokes, links to new sites and interesting ideas. It was such an excellent place to waste time that I almost didn’t notice that the blogs and link-sharing sites I’d once spent hours on had become less and less viable. Where once we’d had a rich ecosystem of extremely stupid and funny sites on which we might procrastinate, we now had only Twitter and Facebook.
And then, one day, I think in 2013, Twitter and Facebook were not really very fun anymore. And worse, the fun things they had supplanted were never coming back. Forums were depopulated; blogs were shut down. Twitter, one agent of their death, became completely worthless: a water-drop-torture feed of performative outrage, self-promotion, and discussion of Twitter itself. Facebook had become, well … you’ve been on Facebook.
{
"type": "entry",
"published": "2018-05-21T11:56:30Z",
"url": "https://adactio.com/links/13909",
"category": [
"indieweb",
"silos",
"twitter",
"facebook",
"browsers",
"web",
"history",
"fun",
"procrastination"
],
"bookmark-of": [
"http://nymag.com/selectall/2018/05/i-dont-know-how-to-waste-time-on-the-internet-anymore.html"
],
"content": {
"text": "I Don\u2019t Know How to Waste Time on the Internet Anymore\n\n\n\n\n I started a Twitter account, and fell into a world of good, dumb, weird jokes, links to new sites and interesting ideas. It was such an excellent place to waste time that I almost didn\u2019t notice that the blogs and link-sharing sites I\u2019d once spent hours on had become less and less viable. Where once we\u2019d had a rich ecosystem of extremely stupid and funny sites on which we might procrastinate, we now had only Twitter and Facebook.\n \n And then, one day, I think in 2013, Twitter and Facebook were not really very fun anymore. And worse, the fun things they had supplanted were never coming back. Forums were depopulated; blogs were shut down. Twitter, one agent of their death, became completely worthless: a water-drop-torture feed of performative outrage, self-promotion, and discussion of Twitter itself. Facebook had become, well \u2026 you\u2019ve been on Facebook.",
"html": "<h3>\n<a class=\"p-name u-bookmark-of\" href=\"http://nymag.com/selectall/2018/05/i-dont-know-how-to-waste-time-on-the-internet-anymore.html\">\nI Don\u2019t Know How to Waste Time on the Internet Anymore\n</a>\n</h3>\n\n<blockquote>\n <p>I started a Twitter account, and fell into a world of good, dumb, weird jokes, links to new sites and interesting ideas. It was such an excellent place to waste time that I almost didn\u2019t notice that the blogs and link-sharing sites I\u2019d once spent hours on had become less and less viable. Where once we\u2019d had a rich ecosystem of extremely stupid and funny sites on which we might procrastinate, we now had only Twitter and Facebook.</p>\n \n <p>And then, one day, I think in 2013, Twitter and Facebook were not really very fun anymore. And worse, the fun things they had supplanted were never coming back. Forums were depopulated; blogs were shut down. Twitter, one agent of their death, became completely worthless: a water-drop-torture feed of performative outrage, self-promotion, and discussion of Twitter itself. Facebook had become, well \u2026 you\u2019ve been on Facebook.</p>\n</blockquote>"
},
"_id": "345263",
"_source": "2",
"_is_read": true
}
{
"type": "entry",
"published": "2018-05-20T20:46:28Z",
"url": "https://bear.im/bearlog/2018/140/podcasting-patent-final-victory.html",
"category": [
"indieweb"
],
"name": "Podcasting patent final victory",
"content": {
"text": "Finally the lame and bogus Podcasting Patent has been trounced!\n\nRead about over on the EFF site",
"html": "<p>Finally the lame and bogus Podcasting Patent has been trounced!</p>\n\n<p>Read about over on the <a href=\"https://www.eff.org/deeplinks/2018/05/eff-wins-final-victory-over-podcasting-patent\">EFF site</a></p>"
},
"author": {
"type": "card",
"name": "Mike Taylor",
"url": "https://bear.im/",
"photo": "https://aperture-media.p3k.io/bear.im/3488535cc9cba5ef5417946923f38988c90c3a7f4d1338e13790b0b7845f4c69.jpg"
},
"_id": "344694",
"_source": "190",
"_is_read": true
}
{
"type": "entry",
"published": "2018-05-20T20:33:49Z",
"url": "https://bear.im/bearlog/2018/140/adding-a-privacy-policy.html",
"category": [
"indieweb"
],
"name": "Adding a Privacy Policy",
"content": {
"text": "With all of the tech world working on being compliant with GDPR, which judging from the amount of emails i'm getting from vendors and third-party sites, is everyone - I decided to look into adding a privacy policy myself.\n\nKnowing that the IndieWeb folks most likely have examples already in place, I headed over to there to look, and indeed found talk about it at Privacy Policy.\n\nI also came across a conversation in the IRC channel about a recent addition to dgold's site where he includes some great ideas and examples of now to get Nginx to anonymize IP addresses even!\n\nSo I've gone an adjusted all my site generation templates to include a footer reference to my shiny new Privacy Policy.",
"html": "<p>With all of the tech world working on being compliant with GDPR, which judging from the amount of emails i'm getting from vendors and third-party sites, is <em>everyone</em> - I decided to look into adding a privacy policy myself.</p>\n\n<p>Knowing that the <a href=\"https://indieweb.org\">IndieWeb</a> folks most likely have examples already in place, I headed over to there to look, and indeed found talk about it at <a href=\"https://indieweb.org/disclosure\">Privacy Policy</a>.</p>\n\n<p>I also came across a conversation in the IRC channel about a recent addition to <a href=\"https://ascraeus.org/micro/1526833446/\">dgold's site</a> where he includes some great ideas and examples of now to get Nginx to anonymize IP addresses even!</p>\n\n<p>So I've gone an adjusted all my site generation templates to include a footer reference to my shiny new <a href=\"https://bear.im/privacypolicy.html\">Privacy Policy</a>.</p>"
},
"author": {
"type": "card",
"name": "Mike Taylor",
"url": "https://bear.im/",
"photo": "https://aperture-media.p3k.io/bear.im/3488535cc9cba5ef5417946923f38988c90c3a7f4d1338e13790b0b7845f4c69.jpg"
},
"_id": "344695",
"_source": "190",
"_is_read": true
}
Thank you for this post! I’ve added some of these spots to my to do list for my wife and I! I’ve been really enjoying reading the articles and I just wanted to thank you for having an RSS feed outside of Facebook. I have recently been removing myself from Facebook after all the privacy drama and am reading all my news and blogs in an RSS reader, so I was pleasantly surprised to find this blog had its own RSS feed!
It’s great that you have a comment form on the posts. You might consider enabling Webmentions. It’s a way for people to post comments to your site from their own. (Like this comment was posted on my website before I posted it here: )
{
"type": "entry",
"published": "2018-05-20T13:38:12-04:00",
"summary": "Thank you for this post! I\u2019ve added some of these spots to my to do list for my wife and I! I\u2019ve been really enjoying reading the articles and I just wanted to thank you for having an RSS feed outside of Facebook. I have recently been removing myself from Facebook after all the privacy drama and am reading all my news and blogs in an RSS reader, so I was pleasantly surprised to find this blog had its own RSS feed!\nIt\u2019s great that you have a comment form on the posts. You might consider enabling Webmentions. It\u2019s a way for people to post comments to your site from their own. (Like this comment was posted on my website before I posted it here: )\nIf you are based on wordpress, here is some information: https://indieweb.org/Getting_Started_on_WordPress#Webmentions or if you are running your own website there is some more general information here: https://indieweb.org/Webmention",
"url": "https://eddiehinkle.com/2018/05/20/2/reply/",
"category": [
"indieweb",
"webmention"
],
"in-reply-to": [
"https://blog.virginia.org/2018/05/barbecue-in-virginia/#respond"
],
"content": {
"text": "Thank you for this post! I\u2019ve added some of these spots to my to do list for my wife and I! I\u2019ve been really enjoying reading the articles and I just wanted to thank you for having an RSS feed outside of Facebook. I have recently been removing myself from Facebook after all the privacy drama and am reading all my news and blogs in an RSS reader, so I was pleasantly surprised to find this blog had its own RSS feed!\n\nIt\u2019s great that you have a comment form on the posts. You might consider enabling Webmentions. It\u2019s a way for people to post comments to your site from their own. (Like this comment was posted on my website before I posted it here: )\n\nIf you are based on wordpress, here is some information: https://indieweb.org/Getting_Started_on_WordPress#Webmentions or if you are running your own website there is some more general information here: https://indieweb.org/Webmention",
"html": "<p>Thank you for this post! I\u2019ve added some of these spots to my to do list for my wife and I! I\u2019ve been really enjoying reading the articles and I just wanted to thank you for having an RSS feed outside of Facebook. I have recently been removing myself from Facebook after all the privacy drama and am reading all my news and blogs in an RSS reader, so I was pleasantly surprised to find this blog had its own RSS feed!</p>\n\n<p>It\u2019s great that you have a comment form on the posts. You might consider enabling Webmentions. It\u2019s a way for people to post comments to your site from their own. (Like this comment was posted on my website before I posted it here: )</p>\n\n<p>If you are based on wordpress, here is some information: <a href=\"https://indieweb.org/Getting_Started_on_WordPress#Webmentions\">https://indieweb.org/Getting_Started_on_WordPress#Webmentions</a> or if you are running your own website there is some more general information here: <a href=\"https://indieweb.org/Webmention\">https://indieweb.org/Webmention</a></p>"
},
"author": {
"type": "card",
"name": "Eddie Hinkle",
"url": "https://eddiehinkle.com/",
"photo": "https://aperture-media.p3k.io/eddiehinkle.com/cf9f85e26d4be531bc908d37f69bff1c50b50b87fd066b254f1332c3553df1a8.jpg"
},
"refs": {
"https://blog.virginia.org/2018/05/barbecue-in-virginia/#respond": {
"type": "entry",
"url": "https://blog.virginia.org/2018/05/barbecue-in-virginia/#respond",
"name": "https://blog.virginia.org/2018/05/barbecue-in-virginia/#respond"
}
},
"_id": "343718",
"_source": "226",
"_is_read": true
}
@jgmac1106 A few short thoughts:
1. The explanatory text is nice, but runs a bit long for the uninitiated. I'm always worried that the length turns folks off? Perhaps something shorter for the gist of the idea with a link instead to a particular page that lays it out in more detail? I've also considered hiding some of the extra explanation behind a pop up or by using an abbr (or other appropriate html) tag with appropriate CSS hover markup so that when one hovers over a portion, they get a title-like window with all the gory details. Ideally, over time, with the spread of the concept the explanation won't be necessary at all.
2. One potentially crucial piece you're missing is that the post on their webpage HAS to have the permalink URL for your post on the page, otherwise the webmention will fail. Worse, without this bit of knowledge they won't know why it failed.
{
"type": "entry",
"published": "2018-05-19T15:55:05+00:00",
"url": "http://stream.boffosocko.com/2018/jgmac1106-a-few-short-thoughts1-the-explanatory-text-is-nice",
"syndication": [
"https://twitter.com/ChrisAldrich/status/997868257175638016"
],
"in-reply-to": [
"https://twitter.com/jgmac1106/status/997470649818939393",
"https://jgregorymcverry.com/hey-edtechchat-digiuri-literacies-digped-friends-i-need-your-help-can-you-read-this-and-then-define-webmention/"
],
"content": {
"text": "@jgmac1106 A few short thoughts:\n\n1. The explanatory text is nice, but runs a bit long for the uninitiated. I'm always worried that the length turns folks off? Perhaps something shorter for the gist of the idea with a link instead to a particular page that lays it out in more detail? I've also considered hiding some of the extra explanation behind a pop up or by using an abbr (or other appropriate html) tag with appropriate CSS hover markup so that when one hovers over a portion, they get a title-like window with all the gory details. Ideally, over time, with the spread of the concept the explanation won't be necessary at all.\n\n2. One potentially crucial piece you're missing is that the post on their webpage HAS to have the permalink URL for your post on the page, otherwise the webmention will fail. Worse, without this bit of knowledge they won't know why it failed.",
"html": "@jgmac1106 A few short thoughts:<br />\n1. The explanatory text is nice, but runs a bit long for the uninitiated. I'm always worried that the length turns folks off? Perhaps something shorter for the gist of the idea with a link instead to a particular page that lays it out in more detail? I've also considered hiding some of the extra explanation behind a pop up or by using an abbr (or other appropriate html) tag with appropriate CSS hover markup so that when one hovers over a portion, they get a title-like window with all the gory details. Ideally, over time, with the spread of the concept the explanation won't be necessary at all.<br />\n2. One potentially crucial piece you're missing is that the post on their webpage HAS to have the permalink URL for your post on the page, otherwise the webmention will fail. Worse, without this bit of knowledge they won't know why it failed.<br />"
},
"author": {
"type": "card",
"name": "Chris Aldrich",
"url": "http://stream.boffosocko.com/profile/chrisaldrich",
"photo": "https://aperture-media.p3k.io/stream.boffosocko.com/d0ba9f65fcbf0cef3bdbcccc0b6a1f42b1310f7ab2e07208c7a396166cde26b1.jpg"
},
"_id": "341118",
"_source": "192",
"_is_read": true
}
@jgmac1106 If you're as poor a theme tinkerer as I am but about to embark on adding microformats to a theme, I might recommend taking a look at the individual commit changes that David Shanske goes through in converting the base Twenty Sixteen Theme into a more IndieWeb friendly theme. The list of commits with useful labels can be found here: https://github.com/dshanske/twentysixteen-indieweb/commits/master Clicking on each of the changes will give you highlighted changes for what he did.
I would recommend starting at the bottom and then slowly reading your way to the top to try to understand what he's doing in each section. Note that there are one or two places where he splits a particular change up between a few commits or occasionally backtracks. There's also a section in which he "rips" out the WP core functionality of Post Formats in favor of using the Post Kinds Plugin--I'd recommend you don't do this to make your resultant theme the most flexible. I believe there's also a section in which he adds a "comment walker" and later removes it because the experimentaly functionality was later merged into the Webmentions/Semantic Linkbacks plugin to better handle comments, so you can safely ignore may of those chunks which are now stable.
I suspect that between this and the code models for SemPress and Independent Publisher (which should also have some David Shanske specific commits and related discussion that you can look up) you may be somewhat better off.
{
"type": "entry",
"published": "2018-05-19T15:42:54+00:00",
"url": "http://stream.boffosocko.com/2018/jgmac1106-if-youre-as-poor-a-theme-tinkerer-as-i",
"syndication": [
"https://twitter.com/ChrisAldrich/status/997865235351506944"
],
"in-reply-to": [
"https://twitter.com/jgmac1106/status/997859786803867649",
"https://jgregorymcverry.com/end-goal-for-my-14-day-indieweb-wordpress-experiment"
],
"content": {
"text": "@jgmac1106 If you're as poor a theme tinkerer as I am but about to embark on adding microformats to a theme, I might recommend taking a look at the individual commit changes that David Shanske goes through in converting the base Twenty Sixteen Theme into a more IndieWeb friendly theme. The list of commits with useful labels can be found here: https://github.com/dshanske/twentysixteen-indieweb/commits/master Clicking on each of the changes will give you highlighted changes for what he did. \n\n\nI would recommend starting at the bottom and then slowly reading your way to the top to try to understand what he's doing in each section. Note that there are one or two places where he splits a particular change up between a few commits or occasionally backtracks. There's also a section in which he \"rips\" out the WP core functionality of Post Formats in favor of using the Post Kinds Plugin--I'd recommend you don't do this to make your resultant theme the most flexible. I believe there's also a section in which he adds a \"comment walker\" and later removes it because the experimentaly functionality was later merged into the Webmentions/Semantic Linkbacks plugin to better handle comments, so you can safely ignore may of those chunks which are now stable.\n\n\nI suspect that between this and the code models for SemPress and Independent Publisher (which should also have some David Shanske specific commits and related discussion that you can look up) you may be somewhat better off.\n\n\nGood luck! We're all cheering for you!",
"html": "@jgmac1106 If you're as poor a theme tinkerer as I am but about to embark on adding microformats to a theme, I might recommend taking a look at the individual commit changes that David Shanske goes through in converting the base Twenty Sixteen Theme into a more IndieWeb friendly theme. The list of commits with useful labels can be found here: <a href=\"https://github.com/dshanske/twentysixteen-indieweb/commits/master\">https://github.com/dshanske/twentysixteen-indieweb/commits/master</a> Clicking on each of the changes will give you highlighted changes for what he did. <br /><br />\nI would recommend starting at the bottom and then slowly reading your way to the top to try to understand what he's doing in each section. Note that there are one or two places where he splits a particular change up between a few commits or occasionally backtracks. There's also a section in which he \"rips\" out the WP core functionality of Post Formats in favor of using the Post Kinds Plugin--I'd recommend you don't do this to make your resultant theme the most flexible. I believe there's also a section in which he adds a \"comment walker\" and later removes it because the experimentaly functionality was later merged into the Webmentions/Semantic Linkbacks plugin to better handle comments, so you can safely ignore may of those chunks which are now stable.<br /><br />\nI suspect that between this and the code models for SemPress and Independent Publisher (which should also have some David Shanske specific commits and related discussion that you can look up) you may be somewhat better off.<br /><br />\nGood luck! We're all cheering for you!"
},
"author": {
"type": "card",
"name": "Chris Aldrich",
"url": "http://stream.boffosocko.com/profile/chrisaldrich",
"photo": "https://aperture-media.p3k.io/stream.boffosocko.com/d0ba9f65fcbf0cef3bdbcccc0b6a1f42b1310f7ab2e07208c7a396166cde26b1.jpg"
},
"_id": "341119",
"_source": "192",
"_is_read": true
}
Just FYI, I have some IndieAuth Swift classes in my Indigenous app. Eventually I want to turn them into a Swift library. However you are welcome to embed any of them in Icro that might help make login easier. Also, I’m happy to answer any questions you might have 🙂
{
"type": "entry",
"published": "2018-05-18T14:30:37-04:00",
"summary": "Just FYI, I have some IndieAuth Swift classes in my Indigenous app. Eventually I want to turn them into a Swift library. However you are welcome to embed any of them in Icro that might help make login easier. Also, I\u2019m happy to answer any questions you might have \ud83d\ude42",
"url": "https://eddiehinkle.com/2018/05/18/3/reply/",
"in-reply-to": [
"https://micro.blog/hartlco/570560"
],
"content": {
"text": "Just FYI, I have some IndieAuth Swift classes in my Indigenous app. Eventually I want to turn them into a Swift library. However you are welcome to embed any of them in Icro that might help make login easier. Also, I\u2019m happy to answer any questions you might have \ud83d\ude42",
"html": "<p>Just FYI, I have <a href=\"https://github.com/EdwardHinkle/indigenous-ios/tree/master/IndieAuth\">some IndieAuth Swift classes</a> in my Indigenous app. Eventually I want to turn them into a Swift library. However you are welcome to embed any of them in Icro that might help make login easier. Also, I\u2019m happy to answer any questions you might have \ud83d\ude42</p>"
},
"author": {
"type": "card",
"name": "Eddie Hinkle",
"url": "https://eddiehinkle.com/",
"photo": "https://aperture-media.p3k.io/eddiehinkle.com/cf9f85e26d4be531bc908d37f69bff1c50b50b87fd066b254f1332c3553df1a8.jpg"
},
"refs": {
"https://micro.blog/hartlco/570560": {
"type": "entry",
"url": "https://micro.blog/hartlco/570560",
"name": "https://micro.blog/hartlco/570560"
}
},
"_id": "338766",
"_source": "226",
"_is_read": true
}
