Private, friends-only, IndieWeb stuff

Comments

Yesterday I participated in the IndieWeb sensitive data pop-up, or at least the first half of it (I had to disappear for my refrigerator delivery). It was really great to have some further discussion about what people want out of this stuff and how we’re all going to agree to get it.

Authentication stuff

One of the biggest pain points that keeps on coming up is there being no support for people to be able to get private posts without having to log in or be notified about them in side channels. Lots of people are doing things like making pages with unguessable URLs and then doing side-channel notification, but that’s unwieldy; fewer folks are doing things with actual login mechanisms.

Read more…

I’m warming up to ActivityPub

Comments

While Publ is still going to be an IndieWeb-first platform (simply because it’s so much easier to integrate – having modular Lego bricks and a pick-and-choose functionality set that is as simple as adding it to one’s HTML templates is a very compelling approach), I’ve had some good discussions regarding ActivityPub lately and it’s starting to seem a bit more possible to add that as an add-on for Publ.

Read more…

Re: Why Publ won’t support magic auth links

Comments

In response to a Publ blog post, Kicks Condor writes:

One question, though—could the Atom feed list rel alternate versions of the feed? (That would have type application/atom+xml?) It also seems like rel self could have the non-authenticated version of the feed. It doesn’t make sense for credentials to be in that URL. These are possibly naive suggestions—apologies, if so. Again, fantastic write-up!

The problem is that it’s up to the sharing news reader to know which URL to use for the sharing, and there’s no way to control what URL the reader happens to use. I know that Feed On Feeds will use the URL for the actual subscription (since that’s the only source URL it tracks in the first place), and who knows what other readers with sharing features will do!

And changing the rel="self" URL has a different problem – some readers (again, such as Feed On Feeds) treat that as the canonical URL and will update their subscriptions to point to that URL instead, so setting rel="self" to the unauthenticated feed means most users will be unable to remain logged in.

Basically, it’s a tricky issue that has no right answer with the Atom spec as it currently exists. So if some other mechanism has to be designed, it might as well be done in a safe, unambiguous way from the beginning. If some other use case for magic auth links comes up I’ll reconsider implementing them, but at least for friends-only subscription access, the privacy risks are simply not worth it.

IndieWeb Summit day 2: Authl finally gets some love

Comments

One of the biggest bits of functionality I want to get in the next milestone for Publ is private posts. Doing private posts requires some way of determining the identity of the person who is reading the site. There are a lot of mechanisms to choose from. Most of them are largely incompatible with one another, and there isn’t any single mechanism that checks all my boxes. And of course the standards keep on shifting, and keep on getting a new unifying standard that will fix everything.

So, IndieLogin is a really great way to get started with IndieWeb authentication for people who are in the IndieWeb ecosystem. If you have your own website on your own domain name and an account on one of its connected RelMeAuth providers, it covers everything. But not everyone who I want to grant stuff to has their own website, or the ability to set one up. Siloed OAuth is still useful. And being able to log in via email address is also beneficial.

Read more…

Keeping it personal

Comments

I just read this great essay by Matthias Ott. It does a great job of summarizing the state of affairs of blogging and social media, and how we can try to escape the current orbit to get back to where the web was meant to be.

I especially like the bit about “Don’t do it like me. Do it like you.” Because that is exactly why I’ve been building Publ the way I have; I have specific goals in mind for how I manage, maintain, and organize my site, and these goals are very different than what other existing blogging and site-management software has in mind. The fact that I post so many different kinds of content and that they need different organizational structures to make sense makes this a somewhat unique problem. I’d like to think that Publ is a very general piece of web-publishing software, but it’s probably so general because I have such specific needs. Which makes for an interesting paradox, I suppose.

I guess what I’m saying is that I want to see more types of web-based publishing where the schema and layout fit the content, not the other way around. But it also needs to be able to interoperate with other stuff, while still making sense from a producer-consumer UX perspective.

Read more…

Reblob!

Comments

Reblob!:

It’s been a while since I’ve worked on IndieWeb stuff, but I finally got around to releasing an extremely preliminary version of reblob, a little commandline thingus to make this stuff easier. Eventually I’ll also have a server-based version here, at least as an example.

Of course this is the first entry I’ve written actually using it. Lots of rough edges but whatever!

Tag-reply posts?

Comments

In response to my tagging announcement, Marty McGuire writes:

This could be a use case for tag-reply posts!

Brid.gy supports this for tagging people in Flickr posts, as well as adding labels to GitHub issues.

(wow I really have got to write some sort of reply-to post importer… hand-converting that to Markdown was way more work than it should have been!)

I’m not quite sure I understand the use case that’s being called for, here. Publ tags are “tags” in the Tumblr sense, where they’re used to filter and organize posts, like being able to limit things to rants or whatever; I get the feeling that this is confusion over multiple uses of the word “tag,” like how on Twitter/Facebook/Flickr/etc. “tagging” means signaling to someone that they should read a post (akin to “Tag! You’re it!”). Think Technorati tags from way back when, or Atom categories, which are most akin to hashtags on Twitter and Facebook.

I think a tag-as-in-notification thing would be implemented in Publ the same way I implement in-reply-to and so on – I have a corresponding header in the entry file and my template generates an invisible <a class="u-in-reply-to" href="..."> in the post body. The relevant bit in my entry template is:

{% for type in ('like-of', 'in-reply-to', 'repost-of', 'bookmark-of', 'mention-of', 'rsvp') %}
    {% for link in entry.get_all(type) %}
        <a href="{{link}}" class="u-{{type}}"></a>
    {% endfor %}
{% endfor %}

So in that sense Publ already supports that at the template level; I can simply add tag-of to the list of microformat types. Or am I completely misunderstanding what is being suggested?

So what is Subl, anyway?

Comments

So I’ve been talking about distributed social stuff a lot lately, especially Publ (my publishing engine, which runs this site, in case you are new here), and also ecosystem stuff for things like private entries and other things that have been pinging around in my head for a while.

A thing I keep on mentioning is Subl, but generally only talking about it tangentially without actually going into detail with what it even is. So, I guess I should talk about that at some point.

Read more…