IndieWeb

www.kevinmarks.com/memex.html

Ben Werdmüller werd.io/profile/benwerd

Switching costs for an IndieAuth server

#site-update #IndieAuth

July 31, 2022 2:32pm -04:00

{
    "type": "entry",
    "published": "2022-07-31T14:32:34-0400",
    "url": "https://martymcgui.re/2022/07/31/switching-costs-for-an-indieauth-server/",
    "category": [
        "site-update",
        "IndieAuth"
    ],
    "name": "Switching costs for an IndieAuth server",
    "content": {
        "text": "One of the things I love about building with IndieWeb building blocks is that (sometimes through more work than anticipated) you can swap out pieces of your site without (much) disruption because the seams between building blocks are well specified.\n\nSo, this is me documenting how I replaced my IndieAuth setup to stop leaning on Aaron\u2019s IndieAuth.com (which has been on the verge of retiring any day now for some years).\n\nPlease excuse this long and rambling post. Feel free to skip around!\n\n\n\nWhat is IndieAuth?\n\nAt a high-level, IndieAuth is a way to sign in using your website as an identity.\n\nWithout digging too deeply into the plumbing, you start by updating your website\u2019s homepage with some extra header info that says \u201cmy IndieAuth service is over there\u201d. From there, you can sign into services that support IndieAuth (like the IndieWeb wiki, the social feed reader service Aperture, and more. And you can use your IndieAuth server to protect your own services, such as a Micropub server that can create new posts on your site.\n\nWhy switch?\n\nI\u2019ve been using indieauth.com as my IndieAuth setup since late 2016 because it was easy to set up, because it uses something called RelMeAuth to let me sign in using services I already trust (like GitHub).\n\nHowever, indieauth.com has been growing stale as the IndieAuth spec has evolved. indieauth.com\u2019s maintainer has been discussing replacing it since at least 2017.\n\nThe inciting incident for my switch was looking at OwnCast - a self-hostable video streaming service with attached chatroom. OwnCast\u2019s chat allows using IndieAuth to sign in, which sounded great to me, but OwnCast\u2019s implementation wasn\u2019t expecting indieauth.com\u2019s old-style response format.\n\nWhy set up my own?\n\nThere are a bunch of IndieAuth server implementations listed on the IndieWeb wiki. However: simplest of them (selfauth + mintoken) are now out of date with the spec and haven\u2019t been replaced, yet. Others tend to be built into other CMSes like WordPress. A couple of standalone servers exist but are in languages I am not comfortable working in (hello Rust and Go) or have deployment requirements I wasn\u2019t thrilled about supporting (hello Rails).\n\nI found Taproot/IndieAuth on this page and that looked promising - a PHP library intended to be deployed within a fairly standard PHP web app style (\u201cany PSR-7 compatible app\u201d).\n\nI knew this would be some work but it sounded promising and so I began the week-ish long process of actually writing and deploying that \u201cPSR-7 compatible app\u201d built on taproot/indieauth.\n\ntl;dr say hello to Belding\n\nBelding is an \u201cPSR-7 compatible\u201d PHP web app that provides a standalone IndieAuth endpoint for a single user with a simple password form for authentication.\n\nI would love to go into the process and pitfalls of putting it together, but instead I\u2019ll link to the README where you can learn more about how it works, how to use it, its limitations, etc.\n\nSwitching costs for an IndieAuth server\n\n1. Tell the World\n\nFirst up, you\u2019ll need to update the headers on your site. I switched my authorization_endpoint and token_endpoint to my new server from indieauth.com. Since I\u2019m updating to support the latest spec, I also added the indieauth-metadata header (which should eventually replace the other two).\n\nNow that your site is advertising the new IndieAuth server, you will likely experience logouts or weird access denied reponses everywhere that your site has been used with IndieAuth.\n\n2. Tell your own services\n\nI needed to configure my own \u201crelying apps\u201d so they know to talk to the new server when checking that a request is allowed. This list thankfully wasn\u2019t too long.\n\nMy Micropub server\nMy Micropub media server\nBeyond the effort of getting my server working as an indieauth.com replacement, I also took steps to try and support the latest in the IndieAuth spec. That meant updating these micropub servers to use the new \u201ctoken introspection\u201d feature which has some tighter security requirements.\n\n(Note: I initially made the same change for my self-hosted copy of Aperture, but found it would be too many changes for me to take on at the moment. Instead, I updated by IndieAuth server to allow the older and less secure token verification method used by Aperture.)\n\n3. Sign-in to all the things again \\o|\n\nOnce all my relying apps were all talking to the new IndieAuth server, it was time to re-sign-in to all the things:\n\nThe IndieWeb wiki\n\nMonocle social reader client\n\nQuill Micropub posting client\nOwnYourSwarm\niOS apps\n\nmicro.blog\nIndigenous\n\nManually issue new IndieAuth tokens for automation that uses them:\n\nMy personal YouTube manager\n\nMy command line tool for media uploads\niOS shortcuts like the one I use to post Caturday.\n\nTakeaways\n\nThere are a lot of improvements I\u2019d like to make to Belding, but in general I am happy that it seems to work and, outside of the time to develop the server itself, my website and the tools I use to manage it were only broken for about a day.\n\nI think it\u2019d also be really nice to wrap up Belding a bit so it\u2019s easy to configure and deploy on free-and-cheap platforms like fly.io. I believe it should be easier for folks to spin up and control their own IndieWeb building blocks where possible!\n\nIt\u2019s also become clear to me that there are some user- and developer-experience holes around setting up relying apps. The auth requirements for token introspection, for example, means you need a way to manage access for each \u201cbackend\u201d that you have that relies on IndieAuth to protect itself!\n\nLong story short (too late) I am finally able to sign into OwnCast server chat using my domain. \ud83d\ude02\ud83d\ude05",
        "html": "<p>One of the things I love about building with <a href=\"https://indieweb.org/Category:building-blocks\">IndieWeb building blocks</a> is that (sometimes through more work than anticipated) you can swap out pieces of your site without (much) disruption because the seams between building blocks are well specified.</p>\n\n<p>So, this is me documenting how I replaced my <a href=\"https://indieauth.spec.indieweb.org/\">IndieAuth</a> setup to stop leaning on <a href=\"https://aaronparecki.com/\">Aaron\u2019s</a> <a href=\"https://indieauth.com/\">IndieAuth.com</a> (which has been on the verge of retiring any day now for some years).</p>\n\n<p>Please excuse this long and rambling post. Feel free to skip around!</p>\n\n\n\n<h2>What is IndieAuth?</h2>\n\n<p>At a high-level, IndieAuth is a way to sign in using your website as an identity.</p>\n\n<p>Without digging too deeply into the plumbing, you start by updating your website\u2019s homepage with some extra header info that says \u201cmy IndieAuth service is over there\u201d. From there, you can sign into services that support IndieAuth (like the <a href=\"https://indieauth.org/\">IndieWeb wiki</a>, the social feed reader service <a href=\"https://aperture.p3k.io/\">Aperture</a>, and more. And you can use your IndieAuth server to protect your own services, such as a <a href=\"https://indieweb.org/Micropub\">Micropub server</a> that can create new posts on your site.</p>\n\n<h2>Why switch?</h2>\n\n<p>I\u2019ve been using indieauth.com as my IndieAuth setup since late 2016 because it was easy to set up, because it uses something called <a href=\"https://indieweb.org/RelMeAuth\">RelMeAuth</a> to let me sign in using services I already trust (like GitHub).</p>\n\n<p>However, indieauth.com has been growing stale as the IndieAuth spec has evolved. indieauth.com\u2019s maintainer has been <a href=\"https://chat.indieweb.org/dev/2017-12-17#t1513485617181300\">discussing replacing it since at least 2017</a>.</p>\n\n<p>The inciting incident for my switch was looking at <a href=\"https://owncast.online/\">OwnCast</a> - a self-hostable video streaming service with attached chatroom. OwnCast\u2019s chat allows using IndieAuth to sign in, which sounded great to me, but OwnCast\u2019s implementation wasn\u2019t expecting indieauth.com\u2019s old-style response format.</p>\n\n<h3>Why set up my own?</h3>\n\n<p>There are <a href=\"https://indieweb.org/IndieAuth#Server_Implementations\">a bunch of IndieAuth server implementations listed on the IndieWeb wiki</a>. However: simplest of them (selfauth + mintoken) are now out of date with the spec and haven\u2019t been replaced, yet. Others tend to be built into other CMSes like WordPress. A couple of standalone servers exist but are in languages I am not comfortable working in (hello Rust and Go) or have deployment requirements I wasn\u2019t thrilled about supporting (hello Rails).</p>\n\n<p>I found <a href=\"https://github.com/taproot/indieauth\">Taproot/IndieAuth</a> on this page and that looked promising - a PHP library intended to be deployed within a fairly standard PHP web app style (\u201cany PSR-7 compatible app\u201d).</p>\n\n<p>I knew this would be some work but it sounded promising and so I began the week-ish long process of actually writing and deploying that \u201cPSR-7 compatible app\u201d built on taproot/indieauth.</p>\n\n<h2>tl;dr say hello to Belding</h2>\n\n<p><a href=\"https://git.schmarty.net/schmarty/belding\">Belding</a> is an \u201cPSR-7 compatible\u201d PHP web app that provides a standalone IndieAuth endpoint for a single user with a simple password form for authentication.</p>\n\n<p>I would love to go into the process and pitfalls of putting it together, but instead I\u2019ll link to the <a href=\"https://git.schmarty.net/schmarty/belding#user-content-belding\">README</a> where you can learn more about how it works, how to use it, its limitations, etc.</p>\n\n<h2>Switching costs for an IndieAuth server</h2>\n\n<h3>1. Tell the World</h3>\n\n<p>First up, you\u2019ll need to update the headers on your site. I switched my <code>authorization_endpoint</code> and <code>token_endpoint</code> to my new server from indieauth.com. Since I\u2019m updating to support the latest spec, I also added the <code>indieauth-metadata</code> header (which should eventually replace the other two).</p>\n\n<p>Now that your site is advertising the new IndieAuth server, you will likely experience logouts or weird access denied reponses everywhere that your site has been used with IndieAuth.</p>\n\n<h3>2. Tell your own services</h3>\n\n<p>I needed to configure my own \u201crelying apps\u201d so they know to talk to the new server when checking that a request is allowed. This list thankfully wasn\u2019t too long.</p>\n\n<ul><li><a href=\"https://github.com/martymcguire/micropub-1\">My Micropub server</a></li>\n<li><a href=\"https://github.com/martymcguire/spano\">My Micropub media server</a></li>\n</ul><p>Beyond the effort of getting my server working as an indieauth.com replacement, I also took steps to try and support the latest in the IndieAuth spec. That meant updating these micropub servers to use the new \u201ctoken introspection\u201d feature which has some tighter security requirements.</p>\n\n<p>(<em><strong>Note:</strong> I initially made the same change for my self-hosted copy of Aperture, but found it would be too many changes for me to take on at the moment. Instead, I updated by IndieAuth server to allow the older and less secure token verification method used by Aperture.</em>)</p>\n\n<h3>3. Sign-in to all the things again \\o|</h3>\n\n<p>Once all my relying apps were all talking to the new IndieAuth server, it was time to re-sign-in to all the things:</p>\n\n<ul><li><a href=\"https://indieweb.org/\">The IndieWeb wiki</a></li>\n<li>\n<a href=\"https://indieweb.org/Monocle\">Monocle</a> social reader client</li>\n<li>\n<a href=\"https://indieweb.org/Quill\">Quill</a> Micropub posting client</li>\n<li><a href=\"https://indieweb.org/OwnYourSwarm\">OwnYourSwarm</a></li>\n<li>iOS apps\n\n<ul><li><a href=\"https://indieweb.org/Micro.blog\">micro.blog</a></li>\n<li><a href=\"https://indieweb.org/Indigenous_for_iOS\">Indigenous</a></li>\n</ul></li>\n<li>Manually issue new IndieAuth tokens for automation that uses them:\n\n<ul><li>My <a href=\"https://martymcgui.re/2020/10/03/unsubscribing-from-youtubes-recommender/\">personal YouTube manager</a>\n</li>\n<li>My command line tool for media uploads</li>\n<li>iOS shortcuts like the one I use to post <a href=\"https://martymcgui.re/tag/caturday/\">Caturday</a>.</li>\n</ul></li>\n</ul><h2>Takeaways</h2>\n\n<p>There are <a href=\"https://git.schmarty.net/schmarty/belding#user-content-possible-future-work\">a lot of improvements I\u2019d like to make to Belding</a>, but in general I am happy that it seems to work and, outside of the time to develop the server itself, my website and the tools I use to manage it were only broken for about a day.</p>\n\n<p>I think it\u2019d also be really nice to wrap up Belding a bit so it\u2019s easy to configure and deploy on free-and-cheap platforms like <a href=\"https://fly.io/\">fly.io</a>. I believe it should be easier for folks to spin up and control their own IndieWeb building blocks where possible!</p>\n\n<p>It\u2019s also become clear to me that there are some user- and developer-experience holes around setting up relying apps. The auth requirements for token introspection, for example, means you need a way to manage access for each \u201cbackend\u201d that you have that relies on IndieAuth to protect itself!</p>\n\n<p>Long story short (too late) I am finally able to sign into OwnCast server chat using my domain. \ud83d\ude02\ud83d\ude05</p>"
    },
    "author": {
        "type": "card",
        "name": "Marty McGuire",
        "url": "https://martymcgui.re/",
        "photo": "https://martymcgui.re/images/logo.jpg"
    },
    "post-type": "note",
    "_id": "30589793",
    "_source": "175",
    "_is_read": true
}

lukeb.co.uk/blog/2022/06/28/no-comment-2-the-webmentioning/

gRegor Morrill gregorlove.com

No Comment 2: The Webmentioning

#indieweb

July 29, 2022 2:09pm -07:00

{
    "type": "entry",
    "published": "2022-07-29 14:09-0700",
    "url": "https://gregorlove.com/2022/07/the-webmentioning/",
    "category": [
        "indieweb"
    ],
    "syndication": [
        "https://news.indieweb.org/en"
    ],
    "bookmark-of": [
        "https://lukeb.co.uk/blog/2022/06/28/no-comment-2-the-webmentioning/"
    ],
    "content": {
        "text": "No Comment 2: The Webmentioning",
        "html": "<p><a class=\"u-bookmark-of\" href=\"https://lukeb.co.uk/blog/2022/06/28/no-comment-2-the-webmentioning/\">No Comment 2: The Webmentioning</a></p>"
    },
    "author": {
        "type": "card",
        "name": "gRegor Morrill",
        "url": "https://gregorlove.com/",
        "photo": "https://gregorlove.com/site/assets/files/3473/profile-2016-med.jpg"
    },
    "post-type": "bookmark",
    "_id": "30564841",
    "_source": "95",
    "_is_read": true
}

fluffy beesbuzz.biz

fluffy rambles: VRChat continued

July 27, 2022 12:12am -07:00

{
    "type": "entry",
    "author": {
        "name": "fluffy",
        "url": "http://beesbuzz.biz/",
        "photo": null
    },
    "url": "http://beesbuzz.biz/blog/10109-VRChat-continued",
    "published": "2022-07-27T00:12:59-07:00",
    "content": {
        "html": "<a href=\"http://beesbuzz.biz/blog/?id=10109&amp;tag=vrchat\">#VRChat</a><a href=\"http://beesbuzz.biz/blog/?id=10109&amp;tag=vr\">#VR</a><a href=\"http://beesbuzz.biz/blog/?id=10109&amp;tag=indieweb\">#indieweb</a>",
        "text": "#VRChat#VR#indieweb"
    },
    "name": "fluffy rambles: VRChat continued",
    "post-type": "article",
    "_id": "30509167",
    "_source": "3782",
    "_is_read": true
}

Vika fireburn.ru

Proposal for a new-generation social reader concept

#IndieWeb #Microsub #social reader

{
    "type": "entry",
    "published": "2022-07-27T09:43:57.419006560+03:00",
    "url": "https://fireburn.ru/posts/a-new-generation-of-social-readers",
    "category": [
        "IndieWeb",
        "Microsub",
        "social reader"
    ],
    "syndication": [
        "https://news.indieweb.org/en"
    ],
    "name": "Proposal for a new-generation social reader concept",
    "content": {
        "text": "This content is also featured in IndieNews, the IndieWeb news aggregator.The new generation of my own website was in its early stages of development for way too long. Several years passed before I was able to finally ship even a proof-of-concept, and yet ambitious thoughts don't stop leaving my head. While not being able to use my website and fully engage with the IndieWeb, I was forced to regress to some older technologies, such as RSS feeds and traditional social network silos, and yet I think this might've inspired me to create something new.\nThis is a proposal for a new generation of social readers, built right into the browser and based on open standards, such as Microsub and Micropub; allowing the user to seamlessly transition from the old-style web that we know to the new generation of social web - self-hosted, self-sovereign and free of unneccesary corporate influence, while not being bound to inferior and redundant technologies such as the blockchain and the \"Web 3.0\" fad that it started.\nThe role of a modern web browser\nThe modern web landscape has significantly changed since the invention of the World Wide Web by Tim Berners-Lee in 1989. From a document sharing system it was then transformed by its users into a proto-social network of personal webpages that mixed graphical media with textual content. Then it was once again transformed by the \"dot-com boom\", which accelerated both development of the technology and its commercialization and centralization.\nThe modern web browser is now the center-piece of every computing device, since without the web, modern computing as we know it wouldn't exist. The Internet supports many usecases we have, from simple filesharing to videoconferencing, completely transforming our lives. And all of this in a single app. But... something is lacking here.\nCurrent social networks present in the Internet landscape are mostly designed to show undesirable and irrelevant advertisments to users, and not to connect them and facilitate communication. Many services which were used by friend groups to communicate now transition away from a social network paradigm and turn into content-pushing machines, where the only choice the user has is to whether scroll down or stay on the current page. Control is being slowly taken away from users, turning what was intended into a primary means of communication and information exchange in the 21st century into a glorified TV with a touchscreen instead of buttons.\nThe fundamental concepts of \"self-hosting\" and \"the social web\"\nBut control can be taken back. Taking control of one's own social web experience and shaping it can primarily be facilitated through the concept of \"self-hosting\" - provisioning resources for oneself that facilitate information exchange and are controlled by the user instead of third-parties. Delegation of control is possible when neccesary and authorized - but data souvereignity is a must. Corporations come and go; their services may come down and never return. By taking control of one's own data and the responsibility for hosting content produced, an individual will gain the ability to fully control and curate their own unique online experience.\n\n  The\u00a0IndieWeb\u00a0community is based on exactly that thought and is building new Internet protocols to help people reclaim their space on the modern web. As part of their work, open standards and protocols were developed to facilitate the new generation of social web and data exchange, using a personal website as the centerpoint of data souvereignity and control. The user, being in control of their website, uses it to engage with other people on the social web while staying in control of the content they produce and consume, unlike current social networks, where accounts can be banned instantly with all their data gone, and instead of choosing things to read or watch or listen to, content is being forced down a user's throat by a black-box set of numbers masquerading as \"artificial intelligence\" (which is sometimes acting directly against its own moniker, lacking any true intelligence or understanding of human nature and humanity's wishes).\n  \n\nHowever, this concept, while being perfect otherwise, is incomplete. The level of integration between the IndieWeb and its protocols and the old-style web is lower than it could be, and the main point where the two can be reconciled is what we use the most to interact with the web - the web browser itself.\nCurrent state of affairs in the social web\nIn the collection of protocols and concepts developed by the IndieWeb community, there is a certain one that stands out the most, encompassing one of the central concepts of any social network - the feed. It's called a \"social reader\" - an application, most commonly a web app, that presents to user a social network-style interactive feed or a set of feeds that allows not only to consume content, but actively engage and interact with it. It borrows from conventional social network experience, but uses modern IndieWeb protocols such as Microsub\u00a0to let the user stay in control of their data and prevent any third parties from messing with it without the user's explicit consent or disrespecting the user's freedoms in any way.\nThe social reader allows one to curate a set of feeds filled with content, and then interact with them, posting replies, comments and notes (and even bookmarking whole articles, or expressing their appreciation of content with a \"like\" post, mirroring the \"like\" feature of conventional social network silos) to one's own website, allowing the user to stay in control of their own data and rely on third parties as little as possible while retaining the ability to interact with the wider World Wide Web. Sadly, being often confined to a web application, social readers are limited in their ability to interact with anything outside of the user's feeds, which limits the user's reach on the social web. While discovery engines based on syndication (such as indieweb.xyz, created by the community, or the old-style \"planet\" content aggregators) allow to expand that, the current experience of discovering new content can eventually take the user out of the social reader on a standalone non-social-web-aware webpage, where social interactions on one's own website are harder to facilitate. Solutions are being explored to remedy that, such as \"webactions\" - custom protocol handlers that indicate a prompt for an action to be performed inside of a social reader app and posted to the user's website.\nHowever, webactions are not natively supported by browsers, requiring JavaScript polyfills and often degrading user experience because of that. The epitome of that concept would be integrating the social reader directly into the browser, allowing it to facilitiate social web interactions without any external client-side software.\nA new generation of social readers\nModern web browsers include a \"new tab\" page that opens whenever an empty tab or window is opened. This experience can be redesigned to take users straight to their social reader, integrated directly into the browser instead of being a standalone web page. This will allow users to never degrade their experience, even when they're taken out of their reader to a standalone webpage - the browser could show buttons corresponding to actions that can be taken on the current page being viewed - for example, posting a comment on one's own website and then notifying the author using a Webmention, or syndicating the content to one's own website (commonly called \"repost\" in social network silo parlance), or simply bookmarking it as something interesting to refer to in later discussions, or for personal use.\nNative UX should be designed so that the social reader doesn't feel like a wart on top of a browser, but a natural extension of it. Such a design could allow users to seamlessly interact even with pages that aren't aware of the new generation of \"social web\", since the user's website will still be able to retain their interactions with the old-style page.\nMost browsers allow usage of so-called \"Web Extensions\" to augment the browser experience. Sadly, this often leaves the \"extension\" with minimal UI to show the user, aside from a single button beside the omnibox, or injecting itself into every webpage and projecting its UI in there, potentially breaking the page's layout in process. This leaves this mechanism ill-suited for integrating a social reader experience into the browser. Therefore, development of a new browser chrome, powered by one of the conventional engines such as Gecko or Blink, would be the most likely way to proceed with the implementation of this concept.\u00a0\nWeb Extensions could still be used to prototype and experiment with the concept. Omnibear\u00a0is an existing extension that allows one to author posts and interact with the social web. However, it was abandoned around 2019, and doesn't provide the social reader experience - only minimal ways to send interactions with foreign content to one's own website. Some of the concepts are similar enough to be reused, and inspiration could be taken from its UX.\nThe endgame\nBy fully taking control of one's own data, the user will gain control over their social web life. A modern web browser must be augmented with features to faciliate social web interactions to prevent UX degradation when inevitably landing on a page not aware of social web features. This will help users have a more pleasant and seamless experience on the social web, and help boost adoption by enhancing experience where social web interactions aren't natively supported by the websites themselves, due to ignorance, oversight or corporate malice.",
        "html": "<p><i>This content is also featured in <a href=\"https://news.indieweb.org/en\" class=\"u-syndication\">IndieNews</a>, the IndieWeb news aggregator.</i></p><p>The new generation of my own website was in its early stages of development for way too long. Several years passed before I was able to finally ship even a proof-of-concept, and yet ambitious thoughts don't stop leaving my head. While not being able to use my website and fully engage with the IndieWeb, I was forced to regress to some older technologies, such as RSS feeds and traditional social network silos, and yet I think this might've inspired me to create something new.</p>\n<p>This is a proposal for a new generation of social readers, built right into the browser and based on open standards, such as Microsub and Micropub; allowing the user to seamlessly transition from the old-style web that we know to the new generation of social web - self-hosted, self-sovereign and free of unneccesary corporate influence, while not being bound to inferior and redundant technologies such as the blockchain and the \"Web 3.0\" fad that it started.</p>\n<h2>The role of a modern web browser</h2>\n<p>The modern web landscape has significantly changed since the invention of the World Wide Web by <a href=\"https://www.w3.org/People/Berners-Lee/\">Tim Berners-Lee</a> in 1989. From a document sharing system it was then transformed by its users into a proto-social network of personal webpages that mixed graphical media with textual content. Then it was once again transformed by the \"dot-com boom\", which accelerated both development of the technology and its commercialization and centralization.</p>\n<p>The modern web browser is now the center-piece of every computing device, since without the web, modern computing as we know it wouldn't exist. The Internet supports many usecases we have, from simple filesharing to videoconferencing, completely transforming our lives. And all of this in a single app. But... something is lacking here.</p>\n<p>Current social networks present in the Internet landscape are mostly designed to show undesirable and irrelevant advertisments to users, and not to connect them and facilitate communication. Many services which were used by friend groups to communicate now transition away from a social network paradigm and turn into content-pushing machines, where the only choice the user has is to whether scroll down or stay on the current page. Control is being slowly taken away from users, turning what was intended into a primary means of communication and information exchange in the 21st century into a glorified TV with a touchscreen instead of buttons.</p>\n<h2>The fundamental concepts of \"self-hosting\" and \"the social web\"</h2>\n<p>But control can be taken back. Taking control of one's own social web experience and shaping it can primarily be facilitated through the concept of \"self-hosting\" - provisioning resources for oneself that facilitate information exchange and are controlled by the user instead of third-parties. Delegation of control is possible when neccesary and authorized - but data souvereignity is a must. Corporations come and go; their services may come down and never return. By taking control of one's own data and the responsibility for hosting content produced, an individual will gain the ability to fully control and curate their own unique online experience.</p>\n<p>\n  The\u00a0<a href=\"https://indieweb.org/\" style=\"font-weight:bold;\">IndieWeb</a>\u00a0community is based on exactly that thought and is building new Internet protocols to help people reclaim their space on the modern web. As part of their work, open standards and protocols were developed to facilitate the new generation of social web and data exchange, using a personal website as the centerpoint of data souvereignity and control. The user, being in control of their website, uses it to engage with other people on the social web while staying in control of the content they produce and consume, unlike current social networks, where accounts can be banned instantly with all their data gone, and instead of choosing things to read or watch or listen to, content is being forced down a user's throat by a black-box set of numbers masquerading as \"artificial intelligence\" (which is sometimes acting directly against its own moniker, lacking any true intelligence or understanding of human nature and humanity's wishes).\n  <br /></p>\n<p>However, this concept, while being perfect otherwise, is incomplete. The level of integration between the IndieWeb and its protocols and the old-style web is lower than it could be, and the main point where the two can be reconciled is what we use the most to interact with the web - the web browser itself.</p>\n<h2>Current state of affairs in the social web</h2>\n<p>In the collection of protocols and concepts developed by the IndieWeb community, there is a certain one that stands out the most, encompassing one of the central concepts of any social network - the feed. It's called a \"<a href=\"https://indieweb.org/social_reader\">social reader</a>\" - an application, most commonly a web app, that presents to user a social network-style interactive feed or a set of feeds that allows not only to consume content, but actively engage and interact with it. It borrows from conventional social network experience, but uses modern IndieWeb protocols such as <a href=\"https://indieweb.org/Microsub\">Microsub</a>\u00a0to let the user stay in control of their data and prevent any third parties from messing with it without the user's explicit consent or disrespecting the user's freedoms in any way.</p>\n<p>The social reader allows one to curate a set of feeds filled with content, and then interact with them, posting replies, comments and notes (and even bookmarking whole articles, or expressing their appreciation of content with a \"like\" post, mirroring the \"like\" feature of conventional social network silos) to one's own website, allowing the user to stay in control of their own data and rely on third parties as little as possible while retaining the ability to interact with the wider World Wide Web. Sadly, being often confined to a web application, social readers are limited in their ability to interact with anything outside of the user's feeds, which limits the user's reach on the social web. While discovery engines based on syndication (such as <a href=\"https://indieweb.xyz/\">indieweb.xyz</a>, created by the community, or the old-style \"planet\" content aggregators) allow to expand that, the current experience of discovering new content can eventually take the user out of the social reader on a standalone non-social-web-aware webpage, where social interactions on one's own website are harder to facilitate. Solutions are being explored to remedy that, such as \"<a href=\"https://indieweb.org/webactions\">webactions</a>\" - custom protocol handlers that indicate a prompt for an action to be performed inside of a social reader app and posted to the user's website.</p>\n<p>However, webactions are not natively supported by browsers, requiring JavaScript polyfills and often degrading user experience because of that. The epitome of that concept would be integrating the social reader directly into the browser, allowing it to facilitiate social web interactions without any external client-side software.</p>\n<h2>A new generation of social readers</h2>\n<p>Modern web browsers include a \"new tab\" page that opens whenever an empty tab or window is opened. This experience can be redesigned to take users straight to their social reader, integrated directly into the browser instead of being a standalone web page. This will allow users to never degrade their experience, even when they're taken out of their reader to a standalone webpage - the browser could show buttons corresponding to actions that can be taken on the current page being viewed - for example, posting a comment on one's own website and then notifying the author using a <a href=\"https://indieweb.org/Webmention\">Webmention</a>, or syndicating the content to one's own website (commonly called \"repost\" in social network silo parlance), or simply bookmarking it as something interesting to refer to in later discussions, or for personal use.</p>\n<p>Native UX should be designed so that the social reader doesn't feel like a wart on top of a browser, but a natural extension of it. Such a design could allow users to seamlessly interact even with pages that aren't aware of the new generation of \"social web\", since the user's website will still be able to retain their interactions with the old-style page.</p>\n<p>Most browsers allow usage of so-called \"Web Extensions\" to augment the browser experience. Sadly, this often leaves the \"extension\" with minimal UI to show the user, aside from a single button beside the omnibox, or injecting itself into every webpage and projecting its UI in there, potentially breaking the page's layout in process. This leaves this mechanism ill-suited for integrating a social reader experience into the browser. Therefore, development of a new browser chrome, powered by one of the conventional engines such as Gecko or Blink, would be the most likely way to proceed with the implementation of this concept.\u00a0</p>\n<p>Web Extensions could still be used to prototype and experiment with the concept. <a href=\"https://indieweb.org/Omnibear\">Omnibear</a>\u00a0is an existing extension that allows one to author posts and interact with the social web. However, it was abandoned around 2019, and doesn't provide the social reader experience - only minimal ways to send interactions with foreign content to one's own website. Some of the concepts are similar enough to be reused, and inspiration could be taken from its UX.</p>\n<h2>The endgame</h2>\n<p>By fully taking control of one's own data, the user will gain control over their social web life. A modern web browser must be augmented with features to faciliate social web interactions to prevent UX degradation when inevitably landing on a page not aware of social web features. This will help users have a more pleasant and seamless experience on the social web, and help boost adoption by enhancing experience where social web interactions aren't natively supported by the websites themselves, due to ignorance, oversight or corporate malice.</p>"
    },
    "author": {
        "type": "card",
        "name": "Vika",
        "url": "https://fireburn.ru/",
        "photo": "https://avatars.githubusercontent.com/u/7953163?v=4"
    },
    "post-type": "article",
    "_id": "30507260",
    "_source": "1371",
    "_is_read": true
}

Vika fireburn.ru

did I just start an outline for a small essay on modern web and social readers?

this will be interesting, I promise

#IndieWeb

{
    "type": "entry",
    "published": "2022-07-27T08:17:46.839915260+03:00",
    "url": "https://fireburn.ru/posts/aZMUGLe",
    "category": [
        "IndieWeb"
    ],
    "content": {
        "text": "did I just start an outline for a small essay on modern web and social readers?\n\nthis will be interesting, I promise",
        "html": "<p>did I just start an outline for a small essay on modern web and social readers?</p>\n\n<p>this will be interesting, I promise</p>"
    },
    "author": {
        "type": "card",
        "name": "Vika",
        "url": "https://fireburn.ru/",
        "photo": "https://avatars.githubusercontent.com/u/7953163?v=4"
    },
    "post-type": "note",
    "_id": "30507261",
    "_source": "1371",
    "_is_read": true
}

Chris www.chrislockard.net

Found this place via indieweb.org. Hello, world!

July 27, 2022 2:21am +00:00

{
    "type": "entry",
    "author": {
        "name": "Chris",
        "url": "https://www.chrislockard.net",
        "photo": "https://avatars.micro.blog/avatars/2022/133557.jpg"
    },
    "url": "https://microblog.chrislockard.net/2022/07/26/found-this-place.html",
    "content": {
        "html": "<p>Found this place via <a href=\"https://indieweb.org.\">indieweb.org.</a> Hello, world!</p>",
        "text": "Found this place via indieweb.org. Hello, world!"
    },
    "published": "2022-07-27T02:21:48+00:00",
    "post-type": "note",
    "_id": "33379995",
    "_source": "7224",
    "_is_read": true
}

David Shanske david.shanske.com

Indiewebifying a WordPress Site – 2022 Edition - Sunday Sun June 12, 2022

June 12, 2022 3:19am -04:00

{
    "type": "entry",
    "published": "2022-06-12T03:19:26-04:00",
    "syndication": [
        "https://news.indieweb.org/en/david.shanske.com/2022/06/12/indiewebifying-a-wordpress-site-2022-edition/",
        "https://twitter.com/dshanske/status/1535885717653622784",
        "https://micro.blog/dshanske/13015162"
    ],
    "name": "Indiewebifying a WordPress Site \u2013 2022 Edition - Sunday Sun June 12, 2022",
    "author": {
        "type": "card",
        "name": "David Shanske",
        "url": "https://david.shanske.com/",
        "photo": "https://david.shanske.com/avatar/dshanske?s=96"
    },
    "post-type": "article",
    "_id": "30326944",
    "_source": "5",
    "_is_read": true
}

David Shanske david.shanske.com

IndieAuth Spec Updates 2022 - Thursday Thu April 21, 2022

April 21, 2022 11:47am -04:00

{
    "type": "entry",
    "published": "2022-04-21T11:47:38-04:00",
    "syndication": [
        "https://news.indieweb.org/en/david.shanske.com/2022/04/21/indieauth-spec-updates-2022/",
        "https://twitter.com/dshanske/status/1517168901976727553",
        "https://micro.blog/dshanske/12729173"
    ],
    "name": "IndieAuth Spec Updates 2022 - Thursday Thu April 21, 2022",
    "author": {
        "type": "card",
        "name": "David Shanske",
        "url": "https://david.shanske.com/",
        "photo": "https://david.shanske.com/avatar/dshanske?s=96"
    },
    "post-type": "article",
    "_id": "30326947",
    "_source": "5",
    "_is_read": true
}

webdevlaw.uk/2022/07/15/the-week-the-open-web-won/#more-10817

Jeremy Keith adactio.com

The week the open web won – Hi, I’m Heather Burns

So to me, this blog represents the original promise of the open web.

The one that’s here, and still is here, and always has been here, and is available to you.

Right now.

The one where you can speak the truths that you believe without the permission, or the editorial control, or the power dynamics, of anyone claiming to hold authority over you; or, perhaps, anyone keen to impose it.

Heather takes a break from her relentless crusading in favour of users against the idiocy of the UK government and reflects on the joy of doing it all from her own personal website.

And perhaps you should too, on your own blog, owned on your own hosting space, using your own words, and speaking your own truth. That sounds like a good little weekend project, don’t you think?

#indieweb #personal #publishing #independent #openweb #writing #sharing #blogging #blogs

July 17, 2022 9:41am +00:00

{
    "type": "entry",
    "published": "2022-07-17T09:41:05Z",
    "url": "https://adactio.com/links/19279",
    "category": [
        "indieweb",
        "personal",
        "publishing",
        "independent",
        "openweb",
        "writing",
        "sharing",
        "blogging",
        "blogs"
    ],
    "bookmark-of": [
        "https://webdevlaw.uk/2022/07/15/the-week-the-open-web-won/#more-10817"
    ],
    "content": {
        "text": "The week the open web won \u2013 Hi, I\u2019m Heather Burns\n\n\n\n\n  So to me, this blog represents the original promise of the open web.\n  \n  The one that\u2019s here, and still is here, and always has been here, and is available to you.\n  \n  Right now.\n  \n  The one where you can speak the truths that you believe without the permission, or the editorial control, or the power dynamics, of anyone claiming to hold authority over you; or, perhaps, anyone keen to impose it.\n\n\nHeather takes a break from her relentless crusading in favour of users against the idiocy of the UK government and reflects on the joy of doing it all from her own personal website.\n\n\n  And perhaps you should too, on your own blog, owned on your own hosting space, using your own words, and speaking your own truth. That sounds like a good little weekend project, don\u2019t you think?",
        "html": "<h3>\n<a class=\"p-name u-bookmark-of\" href=\"https://webdevlaw.uk/2022/07/15/the-week-the-open-web-won/#more-10817\">\nThe week the open web won \u2013 Hi, I\u2019m Heather Burns\n</a>\n</h3>\n\n<blockquote>\n  <p>So to me, this blog represents the original promise of the open web.</p>\n  \n  <p>The one that\u2019s here, and still is here, and always has been here, and is available to you.</p>\n  \n  <p>Right now.</p>\n  \n  <p>The one where you can speak the truths that you believe without the permission, or the editorial control, or the power dynamics, of anyone claiming to hold authority over you; or, perhaps, anyone keen to impose it.</p>\n</blockquote>\n\n<p>Heather takes a break from her relentless crusading in favour of users against the idiocy of the UK government and reflects on the joy of doing it all from her own personal website.</p>\n\n<blockquote>\n  <p>And perhaps you should too, on your own blog, owned on your own hosting space, using your own words, and speaking your own truth. That sounds like a good little weekend project, don\u2019t you think?</p>\n</blockquote>"
    },
    "author": {
        "type": "card",
        "name": "Jeremy Keith",
        "url": "https://adactio.com/",
        "photo": "https://adactio.com/images/photo-150.jpg"
    },
    "post-type": "bookmark",
    "_id": "30324501",
    "_source": "2",
    "_is_read": true
}

Ryan Barrett snarfed.org

My indieweb real estate website (part two)

July 11, 2022 2:19am +00:00

{
    "type": "entry",
    "published": "2022-07-11T02:19:49+00:00",
    "url": "https://werd.io/2022/my-indieweb-real-estate-website-part-two",
    "name": "My indieweb real estate website (part two)",
    "content": {
        "text": "A little earlier this year, I mentioned that I was building an indieweb real estate website.Preparing a home for sale is more difficult than I\u2019d accounted for. Digging our worldly possessions out of it, and then ensuring that the house was in the best shape it could be, took a lot of time. And in the meantime, a lot of life happened.Our family home in Santa Rosa is finally going on the market this week. And, although I\u2019ll likely keep working on it, I have my indieweb website ready to go.When I initially brought up the idea, I set myself two main restrictions. I said it needed to be online in two weeks, and I blew through that by months. But I also said:It needs to get an A for SEO, site performance, and security.It does. Here are its core web vitals via web.dev:And its security rating via Mozilla Observatory:It helped that I hand-rolled the site.You might note that performance remains at 97/100, while the other metrics are at 100. There is still a Cumulative Layout Shift at 0.14 seconds, which is almost certainly because there are a lot of images on the page which have dynamic heights and widths depending on the viewport. There\u2019s more I can do there to make those images a predictable size.There are a handful of non-obvious things I had to do. For example, both MLS and land parcels have a numeric identifier. If you view this on a phone, the mobile browser tries to intelligently turn those into phone numbers, creating unnecessary links. I didn\u2019t want to link out to a third-party site for MLS or land parcels, but it turns out you can suppress automatic phone number linking with the following meta tag:<meta name=\"format-detection\" content=\"telephone=no\">Each image is loaded from an image set; I hand-resized them for various reasonable viewport sizes. I also created independently-cropped images for Twitter and Facebook.To get the highest security rating possible, I made sure there was no inline code (no inline stylesheets or JS), and created a Content Security Policy that I apply via an .htaccess file.Finally, I said:It\u2019ll be a hand-rolled static site. No frameworks for the HTML, JS, or CSS, and no pre-set templates: just me, a text editor, and some design tools.And that\u2019s what I did. I wrote the HTML and CSS from scratch in VS Code, making liberal use of media queries and CSS grids. And I had a lot of fun doing it.My full code (which is really simple!) is available on GitHub, but the most existing way to take a look is to view the website itself at 5405spainave.com.And if you want a beautiful wine country home in Santa Rosa, California, you know who to talk to.*Some other ideas that came up:What about video or virtual reality? We didn\u2019t have a professionally-produced video of the home. We do have professionally-taken photographs, which I\u2019ve used liberally. I took some of the others (eg of wineries and Bodega Bay), and the rest came from Unsplash.What if we accepted crypto for the home? It\u2019s too difficult to do; agents, escrow, legal frameworks are not set up for this. Also, at least one member of our family makes a particular kind of face whenever crypto is mentioned. It had occurred to me that we could push the selling price for crypto sales a little higher: eg, sure, we\u2019ll take your ETH or BTC, but the dollar equivalent will be $2M. (If you would like to give us two million dollars for our home, please do get in touch.)What about a blog or regularly-updated content? Home sales in California are incredibly short. We could have written a blog about getting the home ready, but honestly, it was already a stressful enough process. We anticipate a very short sales window for the home itself, so we didn\u2019t do it. I\u2019ll likely add more narrative description in the our experience page.And analytics? The site doesn\u2019t set any cookies or collect any analytics on the front end. However, I do push it through Cloudflare\u2019s CDN, which gives me some simple stats to gauge success.It\u2019s a very simple website. Yes. And often, that\u2019s all you need.",
        "html": "<p><img src=\"https://werd.io/file/62cb885418bd47220a337442/thumb.jpg\" alt=\"\" width=\"1024\" height=\"652\" /></p><p>A little earlier this year, <a href=\"https://werd.io/2022/my-indieweb-real-estate-website-part-one\">I mentioned that I was building an indieweb real estate website</a>.</p><p>Preparing a home for sale is more difficult than I\u2019d accounted for. Digging our worldly possessions out of it, and then ensuring that the house was in the best shape it could be, took a lot of time. And in the meantime, a lot of life happened.</p><p>Our family home in Santa Rosa is finally going on the market this week. And, although I\u2019ll likely keep working on it, <a href=\"https://5405spainave.com\">I have my indieweb website ready to go</a>.</p><p>When I initially brought up the idea, I set myself two main restrictions. I said it needed to be online in two weeks, and I blew through that by months. But I also said:</p><blockquote><p>It needs to get an A for SEO, site performance, and security.</p></blockquote><p>It does. Here are its core web vitals <a href=\"https://web.dev/measure/?url=https%3A%2F%2F5405spainave.com\">via web.dev</a>:</p><p><img src=\"https://werd.io/file/62cb887118bd47220a337444/thumb.png\" alt=\"\" width=\"516\" height=\"146\" /></p><p>And its security rating <a href=\"https://observatory.mozilla.org/analyze/5405spainave.com\">via Mozilla Observatory</a>:</p><p><img src=\"https://werd.io/file/62cb889a937e5658a94eb2c2/thumb.png\" alt=\"\" width=\"483\" height=\"308\" /></p><p>It helped that I hand-rolled the site.</p><p>You might note that performance remains at 97/100, while the other metrics are at 100. There is still a Cumulative Layout Shift at 0.14 seconds, which is almost certainly because there are a lot of images on the page which have dynamic heights and widths depending on the viewport. There\u2019s more I can do there to make those images a predictable size.</p><p>There are a handful of non-obvious things I had to do. For example, both MLS and land parcels have a numeric identifier. If you view this on a phone, the mobile browser tries to intelligently turn those into phone numbers, creating unnecessary links. I didn\u2019t want to link out to a third-party site for MLS or land parcels, but it turns out you can suppress automatic phone number linking with the following meta tag:</p><p><code>&lt;meta name=\"format-detection\" content=\"telephone=no\"&gt;</code></p><p>Each image is loaded from <a href=\"https://developer.mozilla.org/en-US/docs/Learn/HTML/Multimedia_and_embedding/Responsive_images\">an image set</a>; I hand-resized them for various reasonable viewport sizes. I also created independently-cropped images for Twitter and Facebook.</p><p>To get the highest security rating possible, I made sure there was no inline code (no inline stylesheets or JS), and created <a href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP\">a Content Security Policy</a> that I apply via <a href=\"https://httpd.apache.org/docs/2.4/howto/htaccess.html\">an .htaccess file</a>.</p><p>Finally, I said:</p><blockquote><p>It\u2019ll be a hand-rolled static site. No frameworks for the HTML, JS, or CSS, and no pre-set templates: just me, a text editor, and some design tools.</p></blockquote><p>And that\u2019s what I did. I wrote the HTML and CSS from scratch in <a href=\"https://code.visualstudio.com/\">VS Code</a>, making liberal use of <a href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Media_Queries/Using_media_queries\">media queries</a> and <a href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Grid_Layout\">CSS grids</a>. And I had a lot of fun doing it.</p><p>My full code (which is really simple!) <a href=\"https://github.com/benwerd/5405spain\">is available on GitHub</a>, but the most existing way to take a look <a href=\"https://www.5405spainave.com/\">is to view the website itself at 5405spainave.com</a>.</p><p>And if you want <a href=\"https://www.5405spainave.com/\">a beautiful wine country home in Santa Rosa, California</a>, you know who to talk to.</p><p>*</p><p>Some other ideas that came up:</p><p><strong>What about video or virtual reality?</strong> We didn\u2019t have a professionally-produced video of the home. We <em>do</em> have professionally-taken photographs, which I\u2019ve used liberally. I took some of the others (eg of wineries and Bodega Bay), and the rest came from <a href=\"https://unsplash.com/\">Unsplash</a>.</p><p><strong>What if we accepted crypto for the home?</strong> It\u2019s too difficult to do; agents, escrow, legal frameworks are not set up for this. Also, at least one member of our family makes a particular kind of face whenever crypto is mentioned. It <em>had</em> occurred to me that we could push the selling price for crypto sales a little higher: eg, sure, we\u2019ll take your ETH or BTC, but the dollar equivalent will be $2M. (If you would like to give us two million dollars for our home, please do get in touch.)</p><p><strong>What about a blog or regularly-updated content?</strong> Home sales in California are incredibly short. We could have written a blog about getting the home ready, but honestly, it was already a stressful enough process. We anticipate a very short sales window for the home itself, so we didn\u2019t do it. I\u2019ll likely add more narrative description in the <a href=\"https://5405spainave.com/our-experiences.html\">our experience page</a>.</p><p><strong>And analytics?</strong> The site doesn\u2019t set any cookies or collect any analytics on the front end. However, I do push it through <a href=\"https://www.cloudflare.com/\">Cloudflare\u2019s CDN</a>, which gives me some simple stats to gauge success.</p><p><strong>It\u2019s a very simple website.</strong> Yes. <a href=\"https://5405spainave.com\">And often, that\u2019s all you need.</a></p>"
    },
    "author": {
        "type": "card",
        "name": "Ben Werdm\u00fcller",
        "url": "https://werd.io/profile/benwerd",
        "photo": "https://werd.io/file/5d388c5fb16ea14aac640912/thumb.jpg"
    },
    "post-type": "article",
    "_id": "30203645",
    "_source": "191",
    "_is_read": true
}

Vika fireburn.ru

It looks like Kittybox is close to its finish line and general protocol-compliance goal. The only unimplemented parts are:

In-house IndieAuth (auth and tokens)
Webmentions
WebSub pings

Then it will reach full protocol-compliance status, and I could go on to develop other things like pretty UI for posting, the Microsub server (because I really want my own!) etc.

#Kittybox

{
    "type": "entry",
    "published": "2022-07-10T15:03:18.287307354+03:00",
    "url": "https://fireburn.ru/posts/kittybox-status-update-2022-07-10",
    "category": [
        "Kittybox"
    ],
    "content": {
        "text": "It looks like Kittybox is close to its finish line and general protocol-compliance goal. The only unimplemented parts are:\n\nIn-house IndieAuth (auth and tokens)\n\nWebmentions\n\nWebSub pings\nThen it will reach full protocol-compliance status, and I could go on to develop other things like pretty UI for posting, the Microsub server (because I really want my own!) etc.",
        "html": "<p>It looks like Kittybox is close to its finish line and general protocol-compliance goal. The only unimplemented parts are:</p>\n\n<ul><li>In-house IndieAuth (auth and tokens)</li>\n\n<li>Webmentions</li>\n\n<li>WebSub pings</li>\n</ul><p>Then it will reach full protocol-compliance status, and I could go on to develop other things like pretty UI for posting, the Microsub server (because I really want my own!) etc.</p>"
    },
    "author": {
        "type": "card",
        "name": "Vika",
        "url": "https://fireburn.ru/",
        "photo": "https://avatars.githubusercontent.com/u/7953163?v=4"
    },
    "post-type": "note",
    "_id": "30194028",
    "_source": "1371",
    "_is_read": true
}

Vika fireburn.ru

Time to traumatize myself by implementing the entire IndieAuth spec by hand. The newest version that seems to be twice as complex as the one from three years ago.

I’m not sure if I should draft a will first, it seems overwhelming to me... (but I’m sure that in the event that I succeed, I will reap major rewards from it)

#IndieAuth #kittybox

{
    "type": "entry",
    "published": "2022-07-10T15:00:33.009962176+03:00",
    "url": "https://fireburn.ru/posts/indieauth-woes-part-0",
    "category": [
        "IndieAuth",
        "kittybox"
    ],
    "content": {
        "text": "Time to traumatize myself by implementing the entire IndieAuth spec by hand. The newest version that seems to be twice as complex as the one from three years ago.\n\nI\u2019m not sure if I should draft a will first, it seems overwhelming to me... (but I\u2019m sure that in the event that I succeed, I will reap major rewards from it)",
        "html": "<p>Time to traumatize myself by implementing <a href=\"https://indieauth.spec.indieweb.org/\">the entire IndieAuth spec</a> by hand. The newest version that seems to be twice as complex as the one from three years ago.</p>\n\n<p>I\u2019m not sure if I should draft a will first, it seems overwhelming to me... (but I\u2019m sure that in the event that I succeed, I will reap major rewards from it)</p>"
    },
    "author": {
        "type": "card",
        "name": "Vika",
        "url": "https://fireburn.ru/",
        "photo": "https://avatars.githubusercontent.com/u/7953163?v=4"
    },
    "post-type": "note",
    "_id": "30194029",
    "_source": "1371",
    "_is_read": true
}

fluffy beesbuzz.biz

IndieAuth for ProcessWire Released

#indieweb #processwire

July 4, 2022 3:18pm -07:00

{
    "type": "entry",
    "published": "2022-07-04 15:18-0700",
    "url": "https://gregorlove.com/2022/07/indieauth-for-processwire-released/",
    "category": [
        "indieweb",
        "processwire"
    ],
    "syndication": [
        "https://news.indieweb.org/en",
        "https://processwire.com/talk/topic/26220-module-indieauth-for-processwire/",
        "https://twitter.com/gRegorLove/status/1544096341986402304"
    ],
    "name": "IndieAuth for ProcessWire Released",
    "content": {
        "text": "IndieAuth lets you sign in to applications using your domain name and grant access to read/write to your site. This module adds IndieAuth support to your ProcessWire site, enabling two main things:\n\nAuthentication: When you visit a site like indielogin.com and enter your domain name, you will be taken to your ProcessWire admin area to sign in and approve the request. If you approve the request, you will be returned to the site and logged in as your domain name.\n\tAuthorization: When you visit an application like Quill, it needs to also get your permission to post to your site. You will be taken to your ProcessWire admin area to sign in and approve the request/scopes that the app is requesting (create, update, delete, etc.). If you approve the request, you will be returned to the app, logged in as your domain name, and the app will have an access token for your site.\nFeatures\n\nBrowse the applications you have granted access tokens to. See when each one was granted, last used, and will expire.\n\tRevoke any application\u2019s access tokens\n\tSet the default expiration period for new access tokens. The initial default is 14 days.\n\tAutomatically remove expired tokens\n\tDuring authorization, confirm and change the scopes granted to the application. For example, an app may request \u201ccreate\u201d and \u201cdelete\u201d scopes, but you can grant only \u201ccreate.\u201d\n\tDuring authorization, you can also choose to grant an access token with no expiration\nInstallation from GitHub\n\nThis module is currently pending approval to appear in the Directory of ProcessWire plugin modules. Until it is approved, please follow the instructions on GitHub to install. I will remove this notice once the module is in the directory.\n\nInstallation from Modules Directory\n\nThe recommended method is to use the ProcessWire admin area\u2019s module interface.\n\nNavigate to Modules > New. In the Module Class Name field, enter ProcessIndieAuth\n\n\tCopy the template files from the module\u2019s directory /extras/templates into your site\u2019s /site/templates directory.\n\tVerify that the plugin installed pages:\n\tIndieAuth Metadata Endpoint\n\t\tAuthorization Endpoint\n\t\tToken Endpoint\n\t\tToken Revocation Endpoint\n\t\tIndieAuth page under the admin\u2019s Access menu\n\t\n\tLook up the user(s) that you want to allow to use IndieAuth and assign them the \u201cindieauth\u201d role\n\tUpdate your home page template to add the link elements inside the <head> element:\n<?=$modules->get('ProcessIndieAuth')->getLinkElements();?>\n\nThis should result in three <link> elements in the source HTML:\n\n\n<head>\n    <link rel=\"indieauth-metadata\" href=\"/indieauth-metadata-endpoint/\">\n    <link rel=\"authorization_endpoint\" href=\"/authorization-endpoint/\">\n    <link rel=\"token_endpoint\" href=\"/token-endpoint/\">\n</head>\n\nSign In\n\nTo test signing in with IndieAuth, visit indielogin.com and enter your domain name. Follow the prompts to authenticate and you should end up back on indielogin.com with a success message.\n\nThe authentication prompt when signing in with IndieAuth\nSign In and Authorize\n\nTo authorize an application with IndieAuth, you site will first need a module that uses access tokens. I have a Micropub for ProcessWire module in development that does that. Micropub is a standard that lets you publish to your site using third-party clients. If you\u2019d like to try it out, follow the instructions on GitHub to install it.\n\nAfter installing, visit Quill and enter your domain name. Follow the prompts and note the additional fields for \u201cscope\u201d and \u201cexpiration,\u201d since you are authorizing an application to interact with your site. After successfully authorizing, try to post a short note from Quill. Quill should redirect you to the new post if it was successful.\n\nFor a list of other Micropub clients you can try, see https://indieweb.org/Micropub/Clients.\n\nThe authorization prompt\nAdmin and Options\n\nIn the admin, you can see which applications you have granted access tokens to. You can see when each token was issued, last accessed, and its expiration. You can also manually revoke a token at any time. Navigate to: Access > IndieAuth.\n\nThe admin page displaying access tokens you have granted\nThere are a couple options in the admin at: Modules > Configure > ProcessIndieAuth:\n\nDefault access token lifetime (in seconds): This defaults to 14 days and is what appears in the authorization screenshot above.\n\tAutomatically remove access tokens after expiration (enabled by default): When enabled, the site checks approximately every six hours and removes expired access tokens. Regardless of whether this option is enabled, the module will reject any application attempting to use an expired access token. Since access tokens cannot (currently) have their expiration extended, I recommend keeping this option enabled so the admin list stays tidy and current.\nFinally, this module writes some admin logs. Access those at: Setup > Logs > indieauth\n\nMore About IndieAuth\n\nIf you\u2019re interested in more details about IndieAuth, I recommend the article \u201cOAuth for the Open Web\u201d by Aaron Parecki (or the video presentation). If you are interested in implementing IndieAuth in your project, see the IndieAuth specification.",
        "html": "<p>IndieAuth lets you sign in to applications using your domain name and grant access to read/write to your site. This module adds IndieAuth support to your <a href=\"https://processwire.com/\">ProcessWire</a> site, enabling two main things:</p>\n\n<ol><li>Authentication: When you visit a site like <a href=\"https://indielogin.com/\">indielogin.com</a> and enter your domain name, you will be taken to your ProcessWire admin area to sign in and approve the request. If you approve the request, you will be returned to the site and logged in as your domain name.</li>\n\t<li>Authorization: When you visit an application like <a href=\"https://quill.p3k.io/\">Quill</a>, it needs to also get your permission to post to your site. You will be taken to your ProcessWire admin area to sign in and approve the request/scopes that the app is requesting (create, update, delete, etc.). If you approve the request, you will be returned to the app, logged in as your domain name, and the app will have an access token for your site.</li>\n</ol><h2>Features</h2>\n\n<ul><li>Browse the applications you have granted access tokens to. See when each one was granted, last used, and will expire.</li>\n\t<li>Revoke any application\u2019s access tokens</li>\n\t<li>Set the default expiration period for new access tokens. The initial default is 14 days.</li>\n\t<li>Automatically remove expired tokens</li>\n\t<li>During authorization, confirm and change the scopes granted to the application. For example, an app may request \u201ccreate\u201d and \u201cdelete\u201d scopes, but you can grant only \u201ccreate.\u201d</li>\n\t<li>During authorization, you can also choose to grant an access token with no expiration</li>\n</ul><h2>Installation from GitHub</h2>\n\nThis module is currently pending approval to appear in the <a href=\"https://processwire.com/modules/\" style=\"color:#523e02;font-weight:700;\">Directory of ProcessWire plugin modules</a>. Until it is approved, please follow the instructions on <a href=\"https://github.com/gregorlove/Processwire-IndieAuth\" style=\"color:#523e02;font-weight:700;\">GitHub</a> to install. I will remove this notice once the module is in the directory.\n\n<h2>Installation from Modules Directory</h2>\n\n<p>The recommended method is to use the ProcessWire admin area\u2019s module interface.</p>\n\n<ol><li>Navigate to Modules &gt; New. In the <i>Module Class Name</i> field, enter <code>ProcessIndieAuth</code>\n</li>\n\t<li>Copy the template files from the module\u2019s directory <code>/extras/templates</code> into your site\u2019s <code>/site/templates</code> directory.</li>\n\t<li>Verify that the plugin installed pages:\n\t<ul><li>IndieAuth Metadata Endpoint</li>\n\t\t<li>Authorization Endpoint</li>\n\t\t<li>Token Endpoint</li>\n\t\t<li>Token Revocation Endpoint</li>\n\t\t<li>IndieAuth page under the admin\u2019s Access menu</li>\n\t</ul></li>\n\t<li>Look up the user(s) that you want to allow to use IndieAuth and assign them the \u201cindieauth\u201d role</li>\n\t<li>Update your home page template to add the link elements inside the &lt;head&gt; element:<br /><code style=\"font-size:1.6rem;\">&lt;?=$modules-&gt;get('ProcessIndieAuth')-&gt;getLinkElements();?&gt;</code>\n</li>\n</ol><p>This should result in three &lt;link&gt; elements in the source HTML:</p>\n\n<pre>\n<code style=\"font-size:1.6rem;\">&lt;head&gt;\n    &lt;link rel=\"indieauth-metadata\" href=\"/indieauth-metadata-endpoint/\"&gt;\n    &lt;link rel=\"authorization_endpoint\" href=\"/authorization-endpoint/\"&gt;\n    &lt;link rel=\"token_endpoint\" href=\"/token-endpoint/\"&gt;\n&lt;/head&gt;</code></pre>\n\n<h2>Sign In</h2>\n\n<p>To test signing in with IndieAuth, visit <a href=\"https://indielogin.com\">indielogin.com</a> and enter your domain name. Follow the prompts to authenticate and you should end up back on indielogin.com with a success message.</p>\n\n<img alt=\"screenshot\" src=\"https://gregorlove.com/site/assets/files/6031/indieauth-for-processwire-authentication.1000x0-is.png\" /><p>The authentication prompt when signing in with IndieAuth</p>\n<h2>Sign In and Authorize</h2>\n\n<p>To authorize an application with IndieAuth, you site will first need a module that uses access tokens. I have a <a href=\"https://github.com/gregorlove/ProcessWire-Micropub\">Micropub for ProcessWire</a> module in development that does that. Micropub is a standard that lets you publish to your site using third-party clients. If you\u2019d like to try it out, follow the instructions on GitHub to install it.</p>\n\n<p>After installing, visit <a href=\"https://quill.p3k.io/\">Quill</a> and enter your domain name. Follow the prompts and note the additional fields for \u201cscope\u201d and \u201cexpiration,\u201d since you are authorizing an application to interact with your site. After successfully authorizing, try to post a short note from Quill. Quill should redirect you to the new post if it was successful.</p>\n\n<p>For a list of other Micropub clients you can try, see <a href=\"https://indieweb.org/Micropub/Clients\">https://indieweb.org/Micropub/Clients</a>.</p>\n\n<img alt=\"screenshot\" src=\"https://gregorlove.com/site/assets/files/6031/indieauth-for-processwire-authorization.1000x0-is.png\" /><p>The authorization prompt</p>\n<h2>Admin and Options</h2>\n\n<p>In the admin, you can see which applications you have granted access tokens to. You can see when each token was issued, last accessed, and its expiration. You can also manually revoke a token at any time. Navigate to: Access &gt; IndieAuth.</p>\n\n<img alt=\"screenshot\" src=\"https://gregorlove.com/site/assets/files/6031/indieauth-for-processwire-tokens.1000x0-is.png\" /><p>The admin page displaying access tokens you have granted</p>\n<p>There are a couple options in the admin at: Modules &gt; Configure &gt; ProcessIndieAuth:</p>\n\n<ol><li>Default access token lifetime (in seconds): This defaults to 14 days and is what appears in the authorization screenshot above.</li>\n\t<li>Automatically remove access tokens after expiration (enabled by default): When enabled, the site checks approximately every six hours and removes expired access tokens. Regardless of whether this option is enabled, the module will reject any application attempting to use an expired access token. Since access tokens cannot (currently) have their expiration extended, I recommend keeping this option enabled so the admin list stays tidy and current.</li>\n</ol><p>Finally, this module writes some admin logs. Access those at: Setup &gt; Logs &gt; indieauth</p>\n\n<h2>More About IndieAuth</h2>\n\n<p>If you\u2019re interested in more details about IndieAuth, I recommend the article \u201c<a href=\"https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web\">OAuth for the Open Web</a>\u201d by Aaron Parecki (or the <a href=\"https://youtu.be/EeCNlB7v08I\">video presentation</a>). If you are interested in implementing IndieAuth in your project, see the <a href=\"https://indieauth.spec.indieweb.org/\">IndieAuth specification</a>.</p>"
    },
    "author": {
        "type": "card",
        "name": "gRegor Morrill",
        "url": "https://gregorlove.com/",
        "photo": "https://gregorlove.com/site/assets/files/3473/profile-2016-med.jpg"
    },
    "post-type": "article",
    "_id": "30086026",
    "_source": "179",
    "_is_read": true
}

Ben Werdmüller werd.io/profile/benwerd

My text editors

July 3, 2022 6:32pm +00:00

{
    "type": "entry",
    "published": "2022-07-03T18:32:04+00:00",
    "url": "https://werd.io/2022/my-text-editors",
    "name": "My text editors",
    "content": {
        "text": "A text editor is just a text editor, right? Well, not really - and it turns out I use a variety of text editors for different purposes.iA Writer is how I draft and publish my blog posts and short stories. It\u2019s a beautiful, minimalist markdown editor that knows when to get out of my way. And it supports Micropub, which lets me publish pieces directly to my website.BBEdit is a professional text editor. I use it as my scratchpad; features like regular expression search and replace and smart syntax highlighting make it an easy place for me to inspect and adjust text files.Ulysses is a long-form writing app. I\u2019m writing a novel in it, and have a few abandoned starts to other long-form fiction. I haven\u2019t used its grammar checker or editing tools (in general, I hate and distrust grammar checkers), but I know they may come in handy later on.Obsidian is becoming my outboard brain. Some of those thoughts are public; you can find them at werd.cloud. I love that it\u2019s completely cross-platform.VSCode is my Integrated Development Environment of choice; if you\u2019re a programmer, it\u2019s a good chance it\u2019s yours, too. If you\u2019d told the me ten years ago that I\u2019d be regularly using a product with \u201cVisual Studio\u201d in the name, I would have laughed at you - but here we are. It\u2019s a testament to how much Microsoft has grown and changed.Nano is the editor I use inside my terminal window. I prefer it to vi and vim; I just do.Slab is how I write documentation to share with teams. It\u2019s dramatically better than Confluence, which I\u2019d used previously, for this purpose: lightning fast, with features that allow you to ensure documentation is current.Apple Notes (in concert with Reminders) has become my place to keep track of work notes. It\u2019s not perfect, but it\u2019s steadily improving, and it\u2019s always there, across my devices. The Quick Note feature is really neat, and I love that I can write in longhand with my Apple Pencil.Google Docs is how I collaborate on documentation with other people. It\u2019s easy, real-time, and cross-platform.Microsoft Word is how I talk to lawyers and format fiction manuscripts.What are your text editors of choice?",
        "html": "<p>A text editor is just a text editor, right? Well, not really - and it turns out I use a variety of text editors for different purposes.</p><p><a href=\"https://ia.net/writer\">iA Writer</a> is how I draft and publish my blog posts and short stories. It\u2019s a beautiful, minimalist markdown editor that knows when to get out of my way. And it supports <a href=\"https://micropub.net/\">Micropub</a>, which lets me publish pieces directly to my website.</p><p><a href=\"https://www.barebones.com/products/bbedit/\">BBEdit</a> is a professional text editor. I use it as my scratchpad; features like regular expression search and replace and smart syntax highlighting make it an easy place for me to inspect and adjust text files.</p><p><a href=\"https://ulysses.app/\">Ulysses</a> is a long-form writing app. I\u2019m writing a novel in it, and have a few abandoned starts to other long-form fiction. I haven\u2019t used its grammar checker or editing tools (in general, I hate and distrust grammar checkers), but I know they may come in handy later on.</p><p><a href=\"https://obsidian.md/\">Obsidian</a> is becoming my outboard brain. Some of those thoughts are public; you can find them at <a href=\"https://werd.cloud\">werd.cloud</a>. I love that it\u2019s completely cross-platform.</p><p><a href=\"https://code.visualstudio.com/\">VSCode</a> is my Integrated Development Environment of choice; if you\u2019re a programmer, it\u2019s a good chance it\u2019s yours, too. If you\u2019d told the me ten years ago that I\u2019d be regularly using a product with \u201cVisual Studio\u201d in the name, I would have laughed at you - but here we are. It\u2019s a testament to how much Microsoft has grown and changed.</p><p><a href=\"https://www.nano-editor.org/\">Nano</a> is the editor I use inside my terminal window. I prefer it to vi and <a href=\"https://www.vim.org/\">vim</a>; I just do.</p><p><a href=\"https://slab.com\">Slab</a> is how I write documentation to share with teams. It\u2019s dramatically better than <a href=\"https://www.atlassian.com/software/confluence\">Confluence</a>, which I\u2019d used previously, for this purpose: lightning fast, with features that allow you to ensure documentation is current.</p><p><a href=\"https://9to5mac.com/2022/06/07/apple-notes-app-new-features/\">Apple Notes</a> (in concert with Reminders) has become my place to keep track of work notes. It\u2019s not perfect, but it\u2019s steadily improving, and it\u2019s always there, across my devices. The Quick Note feature is really neat, and I love that I can write in longhand with my Apple Pencil.</p><p><a href=\"https://docs.google.com\">Google Docs</a> is how I collaborate on documentation with other people. It\u2019s easy, real-time, and cross-platform.</p><p><a href=\"https://www.microsoft.com/en-us/microsoft-365/word\">Microsoft Word</a> is how I talk to lawyers and format fiction manuscripts.</p><p>What are your text editors of choice?</p>"
    },
    "author": {
        "type": "card",
        "name": "Ben Werdm\u00fcller",
        "url": "https://werd.io/profile/benwerd",
        "photo": "https://werd.io/file/5d388c5fb16ea14aac640912/thumb.jpg"
    },
    "post-type": "article",
    "_id": "30065273",
    "_source": "191",
    "_is_read": true
}

lordmatt.co.uk/technology/the-internet/all-the-active-indieweb-sites-i-have-found-so-far-june-2022/

aaronparecki.com

Chris Aldrich stream.boffosocko.com/profile/chrisaldrich

Here's a list of sites within the Fediverse that report supporting Webmention:
https://the-federation.info/protocol/webmention

I'm not sure if Aaron Parecki has a public list of all the sites that are using webmention.io, but that would add a huge number as would all the native sites that are part of micro.blog. I'm not sure if either publishes a list of sites using their services for a variety of reasons.

June 25, 2022 12:11am +00:00

{
    "type": "entry",
    "published": "2022-06-25T00:11:33+00:00",
    "url": "http://stream.boffosocko.com/2022/heres-a-list-of-sites-within-the-fediverse-that-report",
    "in-reply-to": [
        "https://lordmatt.co.uk/technology/the-internet/all-the-active-indieweb-sites-i-have-found-so-far-june-2022/",
        "https://aaronparecki.com/"
    ],
    "content": {
        "text": "Here's a list of sites within the Fediverse that report supporting Webmention:\nhttps://the-federation.info/protocol/webmention\n\n\nI'm not sure if Aaron Parecki has a public list of all the sites that are using webmention.io, but that would add a huge number as would all the native sites that are part of micro.blog. I'm not sure if either publishes a list of sites using their services for a variety of reasons.",
        "html": "Here's a list of sites within the Fediverse that report supporting Webmention:<br /><a href=\"https://the-federation.info/protocol/webmention\">https://the-federation.info/protocol/webmention</a><br /><br />\nI'm not sure if Aaron Parecki has a public list of all the sites that are using webmention.io, but that would add a huge number as would all the native sites that are part of micro.blog. I'm not sure if either publishes a list of sites using their services for a variety of reasons."
    },
    "author": {
        "type": "card",
        "name": "Chris Aldrich",
        "url": "http://stream.boffosocko.com/profile/chrisaldrich",
        "photo": "http://stream.boffosocko.com/file/600427b81f7785e704eadfe511a9270f/thumb.jpg"
    },
    "post-type": "reply",
    "_id": "29906889",
    "_source": "192",
    "_is_read": true
}

The Quest for a Memex

Switching costs for an IndieAuth server

fluffy rambles: VRChat continued

Proposal for a new-generation social reader concept

Indiewebifying a WordPress Site – 2022 Edition - Sunday Sun June 12, 2022

IndieAuth Spec Updates 2022 - Thursday Thu April 21, 2022

The week the open web won – Hi, I’m Heather Burns

Bridgy stats update

A new CEO for Medium

My indieweb real estate website (part two)

Notes: Why The Indieweb?

Importing check-ins from Ohai

IndieAuth for ProcessWire Released

My text editors