This is an automatically-generated summary of the IndieWebCamp wiki edits from May 5-12, 2014
Created by Kylewm.com on May 9
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Python is a programming language and web server runtime environment used for many IndieWeb projects.
Contents |
Generally useful libraries being developed by IndieWeb participants in Python.
Non-IndieWeb-specific libraries that may still be of interest.
IndieWeb and interesting dependencies
Python does not have PHP's ubiquity, and finding hosting can be a little bit more of a challenge. See web_hosting for more details.
Created by Tantek.com on May 6
Notes taken by Ben Werdmüller at IIW on 2014-05-06 on https://etherpad.mozilla.org/iiw - archived here.
Word document (per IIW convention): copy paste this into a Terminal window:
Realized that we all made a big mistake back in the day - we let other people use our data.
Indie Box is an effort that allows us to control our data.
Where's our data? Not in the hands of the people - in Facebook, Flickr, Google, YouTube, Dropbox, plus various governments. We need to take our data back home!
Indie Box One is a personal cloud server that you place in your home.
Crowdfunding is live as of a few minutes ago. There will be lots of different kinds of hardware, but this is the first one - you take your own server and put your own personal data on that. If your data is your own, you control it. You unplug the server, nobody can access it at all!
Indie Box One (so, there will be many different kinds) has an energy efficient process. Designed to be the first box in from the web - it sits on the wire between your home network and the outside world. It can see everything that happens. In most cases, that would be a privacy violation - except, it's your box! You could run ad blockers on it, Tor if you were so inclined, site blocking for your kids, prevent your IoT devices from phoning home ...
What does it actually do?
An actual screenshot. Indie Box includes WordPress, Idno / Known, Mailpile, Mediagoblin, Owncloud, Selfoss, Shaarli
(Audience didn't understand what Idno was at all. Uh oh.)
Johannes has found himself bookmarking more stuff on the web now that he does it in his private space on his own server, rather than, eg, Delicious
Indie Box also comes with an app store, so you install and get new applications on it
Automatic software upgrades
Audience didn't like that it was online & the first box in from the Internet. Johannes pointing out that it doesn't _have_ to sit there - it's also a DHCP client.
Because the box is a DNS server itself, it works, but if you get your DNS from somewhere else, configuration is a little more complicated. But it can do both.
There are two hard drives in Indie Box One. They're mirrored, to help mitigate against hard drive failure.
Johannes looked at operating systems for a long time. In the Linux world, there are two "free" distros left: Debian and Arch. Johannes didn't want to tie it to some other company's strategy that wasn't necessarily entirely transparent. Chosen also because it has excellent ARM support - while Indie Box One is x86 based, the software platform works well on ARM, and probably in a year or two Indie Box will be based on ARM.
Audience is worried that automatic updates are a vector for hackers. Johannes points out that, essentially, you're damned if you do and damned if you don't: you'll be hacked if you don't update, too.
Audience asking if the concept is to create a warehouse for your data that bypasses many of the security issues in the wild - "is this just a small cloud for our data? Is that it?" Johannes explaining that, eg, for intra-family communications, there is added security by ensuring that communications never leave your home. You're almost always going via a large siloed provider. If you have your own server, you have this possibility.
Johannes: "what we're trying to do here is turn the Internet inside out. We're trying to put the Internet the way it was, where everyone has their own server."
This is particularly interesting wrt the Internet of Things: Johannes has a number of sensor devices in his own home, that right now go via, eg, Heroku. He has a front door sensor that goes via Heroku to let him know that his front door is opening. This makes no sense. Indie Box could fill that role.
Aaron Parecki pointing out that Philips also does this for their connected lightbulbs, ensuring that you have a connected architecture in your home. However, Johannes points out that you end up with multiple base-stations for different providers (although, the audience points out that they are using an open standard to communicate). Indie Box provides a central point in the home.
Audience asking if there's anything about this product that would enhance the user's relationship with third-party services. eg, discussing Spambox, which provides proactive email filtering via IMAP. It'd be cool to run something like that in Indie Box, to intercept IMAP communications and filter out spam.
Johannes says that WordPress and Idno will be preconfigured "the indieweb way" - so your content is syndicated to third-party services. This is one way in which your relationship with third-party services is enhanced.
Audience asking about where this relates to the PATRIOT Act! Apparently the laws are very strong about possession of data, where possession is defined as on your body or in your home. The cloud doesn't count. Therefore you have stronger data ownership / privacy protections against the PATRIOT Act with Indie Box than with a cloud service. Johannes would like people to check on the platform and audit it for security & privacy.
Audience asking, if you have 10,000 Indie Boxes, who pays for the electricity? What's the business model? Johannes discusses the app store, and the possibilities to act as a marketplace for third-party apps.
Johannes says that more integrations need to be done. He still needs to port much of his store code from Cloudstore, taking into account things like changing IP addresses (that are less likely to occur on servers in the cloud).
Johannes is keen to ensure that there is no lock-in, because otherwise you don't have full control & ownership. But on the other hand, lock-in is sort of required to run a business (ish). So Johannes is giving a percentage:
A percentage of the purchase price of the box goes towards the operating costs of the infrastructure that keeps the box running (updates, etc)
App store model - indiebox runs the marketplace, handles the billing, software authors get paid and removes hassle from the users.
Audience question - concerned with apps, what privacy agreement you sign, what is stopping apps running on the box from selling data? Do we end up in a sitaution where old data is stuck in the box like old LPs? Are there any protections from malicious apps shipping data elsewhere?
j12t: if there are 100,000 apps on the app store then there's bound to be mailcious apps, there's no magic. What happens if indiebox implodes and you want to migrate off? Already exists software to migrate one indiebox to another. Even if indiebox goes away, all the open source projects still exist and you can run them elsewhere.
It's not up to any single entity to make this successful. This can be a barn-raising effort.
The Indie Computing Corporation is going to be an uncorporation: no management, none of the trappings of a typical corporation. It's intended to be a vessel for projects like this. It's open entry; if you want to participate, come in and help. If there's money, you can get paid. You have code? Put it on! You want to help make dynamic DNS better? Come talk to me.
Audience worry: Heartbleed was from open source so open source must be bad. There's nothing we can do at indiebox that would have stopped heartbleed. "Open source coders even with their good intentions don't have the resources...."
Audience answer: Heartbleed is a success story. There was a problem, it was fixed.
j12t: One reason we have an app store ecosystem is to provide money back into the ecosystem for open source apps.
"No more Big-Sites-With-Lots-Of-Secrets-For-Sale - This is how we unbreak the Internet." - Brian Behlendorf
Johannes: "If you have an IDP app, we can include it." Aaron: "I have one!" Johannes: "Of course you do! I want it! -- This is how it works."
https://www.indiegogo.com/projects/indie-box-let-s-bring-our-data-home < Johannes encouraging donations.
Audience question about using Indie Box One in medical IT. Pointing out that it's probably more secure than many places for data. (Same audience member asked about using the apps with smartphones. Potential for interesting use cases involving hospital-hosted data accessed by staff on handheld devices throughout an institution.)
Audience concern about app security, and how you ensure that apps on the box are secure and aren't bad actors with your data. Johannes says it's too early to comprehensively tackle this - it's important to get something running first. Hinted at some sort of signing/app store verified thing. But he also points out that Linux namespaces may offer some interesting possibilities.
Johannes: '"We cannot put all of our eggs in one basket, unless we can watch that basket really well," as Mark Twain said. I am much more comfortable with a Linux box that is mine than anyone else's system.' Intends to seed the ecosystem with technical early adopters, and will work up to an easy-to-use device that is suitable for very non-technical users.
If everything the organization does is transparent, it's very difficult to defraud the public. Johannes is making the Indie Computing Corporation open and uncorporation-ey in order to help people feel secure with the product.
Johannes: email is difficult (he agrees that it's irredeemably broken). But there are possibilities when more people are running boxes that use the same open protocols as Indie Box. You don't have to use email protocols when you know that something else is available and usable. You can eliminate third parties from communications loops, enhancing security and adding new features in the process.
Notetaking ends from benwerd - now going to host a session introducing the indieweb.
Created by Tantek.com on May 5
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Contents |
Take collaborative realtime notes here:
2014-05-06:
Individual Session notes from Etherpad:
2014-05-07:
If you want to submit a Word document version, use this command line with the URL of the notes on the wiki:
echo "http://indiewebcamp.com/" | textutil -stdin -output worddoc.rtf -convert rtf
Created by Tantek.com on May 8
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Heartbleed was a security vulnerability announced 2014-04-08 in OpenSSL, a common open source library used in https connections.
The vulnerability has been widespread since 2012-03-14 when OpenSSL version 1.0.1 (with the bug) was released.[1] Any software or services which incorporated or updated OpenSSL since that date may have been (still be) vulnerable.
This page is for the indieweb community to keep track of various services and software that anyone in the community may have been using that was vulnerable to Heartbleed but has been patched since - please add to it.
Contents |
The following sites and services reported being affected, that is they admit being vulnerable, and possibly attacked (e.g. by email to their users, blog posts, or headers upon login)
Strong emphasis added.Subject: Security Update
A major vulnerability in the technology that powers encryption across much of the internet was discovered this week. Like many other teams, we took immediate action to patch the vulnerability in our infrastructure.
IFTTT is no longer vulnerable.
Though we have no evidence of malicious behavior ... We encourage you to change your password not only on IFTTT, but everywhere ...
A major vulnerability has been disclosed for the technology that powers encryption across the majority of the internet. That includes Tumblr. Our team took immediate action to fix the issue, but you should still take some time to change your password...
Strong emphasis added.Subject: [Venmo] Update on Heartbleed/OpenSSL
Last week, a major security flaw was detected in OpenSSL, the technology that powers encryption across much of the internet. Like many services, we took immediate steps to patch the potential vulnerability in our infrastructure.
We found no evidence of any malicious behavior, but to be extra cautious, we recommend that you change your Venmo password [...]
See also Wikipedia: Heartbleed
Please add any other sites or services (e.g. silos) that were vulnerable but which have been patched AND you've already changed your pw on. Provide a citation for the vulnerability (e.g. a blog post by the silo).
Please add any software that was vulnerable to Heartbleed but which has been patched AND you've already updated your install thereof (or your service provider has).
The following sites and services reported no signs of being targeted or otherwise attacked due to this vulnerability, but did explicitly provide notice to users anyway, typically with a caveat of maybe it happened and we didn't know, and thus still recommended change of passwords:
Strong emphasis added. Note that Sonic.net is an ISP so when they're suggesting you "change your ISP ... passwords" they are by implication including themselves.Subject: Protect your privacy: Heartbleed bug
Protect yourself against the Heartbleed bug: change your passwords!
Early this week a severe vulnerability in OpenSSL known as the Heartbleed bug was announced. Sonic.net is joining many other providers and recommending that you change your passwords for each your online services. [...] Do not forget to change your ISP and email account passwords! [...]
We do not have any reason to believe that we, or any of our users, were targeted. However, this attack was undetectable. and the cautious response is to assume that sensitive information has been leaked.
Created by Aaronparecki.com on May 10
You can help IndieWebCamp by downloading and keeping a backup of this wiki!
As of 2014-05-10 the wiki and images are about 70mb.
BB3SRZEPU6B4EUMMD5XDWZBY2RDZSN33Q
After adding the folder, your btsync client will begin downloading all the files!
rascul has a mirror at http://indiewiki.rascul.io. Easy to mirror it with wget or rsync:
wget -rm http://indiewiki.rascul.io
rsync -avz rsync://indiewiki.rascul.io:/indiewiki .
KB has placed a baseline archive at github as of May11, 2014 and will update it ad-hoc. Scripts/cronjobs (being tested on a laptop that perambulates between cafes) is at https://gist.github.com/kbsriram/0ae713dfa46f3676e2b5
rsync -avz --delete --stats rsync://[email protected]/indiewebcamp_wiki indiewebcamp
Pros
|
Cons
|
Pros
|
Cons
|
wget --execute robots=off --no-parent --wait=1 --mirror https://indiewebcamp.com/wiki/backup/data/
Pros
|
Cons
|
Pros
|
Cons
|
Created by Tantek.com on May 5
App Links are a technology launched 2014-04-30(?) by Facebook at their F8 Developer Conference.
They are intended to solve Ilya Sukhar's problem of feeling "trapped in the browser" when clicking a link in a mobile app. The intention is to enable cross-platform deep-linking into apps by providing a way for web pages to specify equivalent URLs and applications to load them in for iOS, Android, Windows Mobile and mobile web.
Contents |
App Links have a number of structural problems:
The Web and Android already have an adequate model for apps to use URLs. Android provides a mechanism for apps to claim URLs by regex, and a user-mediated way to resolve conflicts. On iOS this is not the case - apps can only claim schemes and there is no contention resolution. Imposing a new model atop this adds confusion.
By making the site the arbiter of what mobile apps will display it, this breaks the Web notion of User-Agent choice - the website becomes an appendage of the mobile app, as Instagram was historically. You may want to use a specific 3rd party app for Twitter, for example, and this will force you to use theirs. Similarly, the interstitial app downlaod antipattern can now be enforced by facebook and applink users before you even see the website, overriding your preference ot view in the browser.
By Facebook putting their own code in the middle of URL resolution, they can both track and redirect links themselves. At launch there were examples of them misdirecting links to Medium that were posted via Twitter Android goes to app store for Twitter iOS says Medium is Twitter
Sites could mischievously redirect certain platforms, for example rickrolling iOS or Android users selectively
As of 2014-05-05, Facebook doesn't markup their own webpages with applinks.org. (KevinMarks in IRC).
For example my facebook page could link to various FB apps, which would be useful for people-focused mobile communication
By marking up with this syntax, it may be possible to redirect webpages to a specific mobile browser on iOS rather then to Facebook's Safari-based webview. This could be useful for pages using web technologies nto yet in Safari, such as WebRTC.
Created by Tantek.com on May 6
Notes taken mostly by Aaron Parecki, with some remote notes by Tantek Çelik at IIW on 2014-05-06 on https://etherpad.mozilla.org/iiw - archived here.
Word document (per IIW convention): copy paste this into a Terminal window:
benwerd - Introduction to the IndieWeb
the real promise of the web is that we can all connect and learn from each other and you're not giving up control of your data and identity selfdogfooding - get something up and running for yourself and live it. if you expect people to live by a standard or principle, live it yourself first
building blocks - make it easy to get started quickly
because each of the building blocks are so small, people can pick up one of them and experiment and build something that works in a day.
how many people have their own domain name? all but 2 raised their hand [nice! -t]
how many people post regularly? most - does annual count?
"i used to" - 'why did you stop?' - twitter, it's faster
benwerd: I get to choose to syndicate to twitter and other silos
aaronpk: one of the challenges is to have a user interface to post to your own site that is as easy as Twitter. Some folks have built user interfaces on their own sites as simple as Twitter.
aaronpk: not everyone wants to build their own user interface. micropub lets apps post to indieweb sites.
kevinmarks demonstrating noterlive
benwerd demoing his site
would love to find a way to post HTML5 games so indie game developers could quickly host games. high scores could be received back with webmentions.
There's the IndieWebCamp wiki and IRC channel. Everyone is welcome.
There is no mailing list: http://indiewebcamp.com/FAQ#Is_there_an_IndieWeb_mailing_list
Q: can the "big guys" withdraw the APIs? A: of course! but it's not like they can disable an API key and the whole indieweb goes down. but it's also useful to note that we don't necessarily need them to have indieweb conversations. also they can't turn off their own HTML.
Q: if Google+ doesn't have an API, do they even really exist?
... Freedom box ... from Austria ... just got back from ouishare in Paris following indieweb on the sidelines ever since FSWS one of the powerful ideas of the indieweb is that it's loosely defined, so it's easy to get going and start using building blocks
Q: this is really interesting from a hacker perspective, but how mainstream can it go?
A: aaronpk, pretty much every question has an answer on the wiki. E.g. for this, see https://indiewebcamp.com/generations - right now we're mostly a hacker community. We saw the internet go from a hacker community and go completely mainstream. This is how it starts.
A: benwerd: 10 years ago, social web, people would say what? it's not mainstream. ... We're more likely to get there by iterating on working code.
KevinMarks: one of the arguments is, how much can you push statically? a bunch of us are doing this.
Aaronpk: when your website is a pile of HTML files and you can put it on any FTP server and still communicate with other sites? You end up with using a webmention service.
[12:37] <bretttt> its key to eventually get that service data INTO the html file itself. working on that now
KevinMarks: part of the point here is to NOT just build a monoculture. https://indiewebcamp.com/monoculture
because we started with 6 people writing their sites in 6 different programming languages, it made monoculture way less likely to happen
idno - currently PHP + MongoDB. going to be PHP+MySQL
idno -> known / withknown.com (sp?)
benwerd: As Kevin said, monocultures are bad. This only going to work if there are a number of platforms out there. Idno is one. p3k is another. Interesting things with WordPress plugins. Taproot. See https://indiewebcamp.com/projects
If anyone is here in this area, or Portland, or Chicago, there's a Homebrew Website Club every two weeks.
SF one is 18:30 on Wednesday:
Portland one is usually hosted by ESRIPDX or MozPDX but not this week.
Chicago one is usually at Intelligentsia.
KevinMarks: Do we want a satellite one here in MV?
Benwerd: not looking forward to driving back in rush hour
KevinMarks: we can grab a table at the Firehouse and make that the MV HWC
re: idno/known: "Known" is the company name. And the software name for now.
Created by Tantek.com on May 9
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
A backup of an indieweb site should have everything necessary to redeploy it on a new webhost. Typical backups include static files and database exports.
Contents |
The Indie Box Project has defined a general-purpose backup file format that supports multiple web apps installed at the same hostname (aka site), and multiple sites backed to the same zip file, with full meta-data.
Manage your all the files necessary to build your jekyll site in a git repository (or another distributed SCM system if you prefer). Make clones to all of your devices and create mirrors on free git hosting services like Github or Bitbucket. The key to this strategy is setting up a working environment on a number of different computers. Every time you revisit these different environments to make a post to the site, you are making a distributed backup of your website (through the pull, add, commit, push workflow). You must also back up any configuration or automation files of your web server (in the same or separate repo), unless you use a jekyll specific web server that mimics github-pages and does not require additional configuration. You can also look into setting up special git mirror remotes so that pushing changes to your build/web server pushes out multiple copies to multiple locations.
Just a quick pointer to a couple of things on managing backups in general (not specific to indieweb.) This polemic by jwz is a useful read - http://www.jwz.org/doc/backups.html
My personal preference is to have a local copy of anything before publishing it (and I don't publish much either.) I also like to have a local backup of my gmail, photos from my phone, shared facebook photos from select people and content from a few other silos. http://kbsriram.com/2014/05/sailing-through-my-online-life.html for some thoughts on why and what I try to preserve.
My solution is rather crude - I try to keep two hard-drives with monthly snapshots (rather than a "latest" backup) with something like
nohup rsync -aP --link-dest=/Volumes/Backup/macbook-home-2014-01-01 /Users/kbs /Volumes/Backup/macbook-home-2014-02-01
It also creates an encrypted tarball of critical folders to dropbox and gdrive at this time. A little app on my phone also uploads photos to dropbox, and my laptop periodically moves them into my personal photo folders so these are also backed up eventually.
Every two-three years (I've managed to do this for about 10 years now) I re-copy these two hard drives to new media, and leave the old media in one or other of my friends place.
Created by Kylewm.com on May 10
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Contents |
Choosing an open source license can be challenging, but it is important to make some statement about your software's free (or non-free) status. Without a license, the implication is that others are not free to use your code.
Permissive licenses generally require attribution and that the original license text be included in redistributions, but do not require that derivative works remain open source.
This category seems to be by far the most popular among IndieWebCamp participants
(10:58:48 PM) bear: i've used in the past: MIT, BSD 2-clause, MPL and plain ol' public domain
(10:59:25 PM) bear: MPL and Apache2 if I know it will be used commercially
Copyleft licenses require that derivative works remain open source, and often require they retain same license. For that reason, some critics consider these licenses "viral".
Created by Tantek.com on May 8
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
A proprietary API typically has one or more of the following characteristics:
By contrast, an open API or protocol is typically:
Contents |
Q: What, in practical terms, does it mean for one or more companies to “own” or “control” an API?
A: “control/ownership” in this case refers to:
Q: Is the Twitter API proprietary even though status.net implements it?
A: Yes it is proprietary because:
Created by Tantek.com on May 9
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Indie Box is a combination software and hardware project to build a personal home server that runs various web applications.
Sessions about Indie Box:
Articles about the Indie Box project:
Created by David.shanske.com on May 9
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
A gallery is a deliberately curated set of photos, that may itself be a post, or an archive view, or potentially dynamically created via tags.
Contents |
Gallery layouts are usually organized in some sort of grid fashion.
There are no known examples of IndieWeb publishers of gallery posts. If you know of one, please add it here!
Projects and other software platforms that have a notion / feature support of "gallery".
WordPress software offers two image related post formats.
Flickr confusingly has several different kinds of galleries each with their own quirky limitations:
Created by Bret.io on May 9
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Bitbucket is a source code silo and alternative to github as it offers free git (and mercurial) repository hosting for public and private projects for individuals.
Created by Dunlaps.net on May 9
Below are some notes on various hosting providers. Plans and technology change, so be sure to check details.
(Original document from Darius Dunlap for his own decision process. Just hoping it's helpful to others)
See also web_hosting for great info about hosting types and who uses what.
WPEngine - http://wpengine.com/plans/
$99/mo professional plan allows up to 10 wordpress installs and does SNI, though I’d probably want the extra $5/mo dedicated IP address so that I can have my own certs. (Need to look into that in more detail if I decide to consider this provider.)
http://wpengine.com/support/why-am-i-seeing-a-certificate-error-for-wpengine-com/
Limited other capabilities outside of WP.
Pair
Shared hosting:
http://www.pair.com/services/web_hosting/
VPS starting at $79/mo:
http://www.pair.com/services/vps/
SSL Support seems complicated and maybe the certs are only available through them? (expensive!)
SSL can be purchased and used with Basic, Advanced, Webmaster, Developer, and all High Volume hosting plans for a one-time $20 setup fee and a $10 per month fee. Individuals with QuickServe® dedicated servers can add SSL for a one-time setup fee of $20. QuickServe® dedicated servers are not charged a monthly fee for SSL.
http://www.pair.com/services/e-commerce/pairssl/
http://www.pair.com/support/knowledge_base/e-commerce/using_ssl.html
Dreamhost
http://www.dreamhost.com/servers/compare-our-products/
Shared with dedicated IP = $12.90/mo VPS starts at $18.95/mo (with dedicated IP address.
dedicated IP address is required for SSL Excellent wiki article on Secure hosting, SNI, etc.
http://wiki.dreamhost.com/Secure_Hosting
"DreamHost proudly offers free web hosting to non-profit, 501(c)(3) charitable orgs registered in the US.”
http://wiki.dreamhost.com/Non-profit
Empowering Media
Website does not provide a lot of easily accessible detail, but they've been around forever and are well regarded by many folks. It's unclear, for example, if they support SNI.
VPS service, Start at $80/mo:
http://empoweringmedia.com/solutions/hostcube.html
http://hostcube.com/hosting-solutions/managed-vps/
Shared Hosting:
http://empoweringmedia.com/solutions/hostasite.html
http://hostasite.com/small-business-web-hosting/
Fused
Shared hosting starting at $15/mo
Additional Domain: $12/yr Dedicated IP (for SSL): $24/yr, or Free with “Business” hosting
No useful answers about SSL
SiteGround
Shared hosting starting at $3.95/mo Unclear how much extra they charge for Dedicated IP Unclear whether they support SNI for multiple domains with SSL certificates
Arvixe
http://www.arvixe.com/linux_web_hosting
Shared hosting starting at $4 per month (limited to 6 domains) and $7/mo Dedicated IP address: $2/mo SSL Certificate: $25/year
Also have MS ASP shared servers for $5/mo and $8/mo. Includes MS SQL databases
NameCheap
https://www.namecheap.com/hosting/shared.aspx
Shared hosting starting at $3.98/mo (multi-year pre-pay) Good plans at $77.80/yr and $131.80/yr. (2014-05-08) Business SSD starting at $20/mo. (multi-year pre-pay)
Dedicated IP - $24/year
Support SNI as of 2013
https://www.namecheap.com/support/knowledgebase/article.aspx/9259/29/sni-technology
https://www.namecheap.com/support/knowledgebase/article.aspx/795/69/how-to-install-ssl-certificate
Seem like solid offerings.
Digital Ocean
Plans starting at $5/mo.
https://www.digitalocean.com/pricing/
Different distros and 1-click installs available
https://www.digitalocean.com/features/one-click-apps/
Comes with dedicated IP (assigned by droplet)
Easy spin-up of servers. Charged by the hour, so you can sling something up for some testing and then snapshot it for later and shut it down, just paying a few pennies for the whole process.
https://www.digitalocean.com/pricing/
https://www.digitalocean.com/help/getting-started/setting-up-your-server/
https://www.digitalocean.com/community/articles/how-to-set-up-a-host-name-with-digitalocean
https://www.digitalocean.com/community/questions/multiple-domains-on-the-same-droplet
Management of servers is much more complex than shared hosting systems. Much like manually managing a linux box.
Linode
$20/mo for a pretty beefy VPS on SSD
Very capable, but this is a bare linux server VPS (with some nice mgmt tools) that you have to manage yourself.
SSL support sounds strong
https://library.linode.com/security/ssl-certificates/subject-alternate-names
https://library.linode.com/securing-your-server
Good DNS configurability, of course:
https://library.linode.com/adding-dns-records#sph_advanced-dns-configurations
https://library.linode.com/hosting-website#sph_configuring-name-based-virtual-hosts
BlueHost
Shared hosting plans starting at $4.95/mo
https://www.bluehost.com/shared
Want to check features:
https://www.bluehost.com/hosting-features
Dedicated IP is $39/year (answer from support chat)
Seem to have good supportfor SSL, etc.
https://my.bluehost.com/hosting/help/600
Created by Tantek.com on May 7
Notes taken by Ben Werdmülller at IIW on 2014-05-06 on https://etherpad.mozilla.org/iiw - archived here.
Word document (per IIW convention): copy paste this into a Terminal window:
If you have signed into the indiewebcamp.com wiki, then you've already used IndieAuth. In this session, Aaron will get into the guts of it.
RelMeAuth: Your site <----> Multiple silos
Your domain is the identifier for the thing you're logging into; you're delegating the actual authentication to a third-party service (e.g. a service)
E.g., aaronparecki.com logs in using RelMeAuth using Aaron's GitHub account (github.com/aaronpk) to actually do the authentication.
Aaron apologizes for a slightly confusing indieauth.com site.
Initially, he wanted to write authentication for the indiewebcamp.com wiki. MediaWiki has a very convoluted codebase, and he was dreading diving into it. He knew that for every new authentication method he had to add, he'd have to do it all again. So instead he decided to write the integration code once, using indieauth.com as an integration point, and write all of the other authentication integrations for indieauth.com, which had a much cleaner codebase (as he was starting from scratch).
The integration mechanism is OAuth-like.
There is some discussion between Justin Richer at MITRE and Aaron Parecki about whether the indiewebcamp.com authentication mechanism is effectively siloed authentication. Aaron defended on the basis that OAuth 2.0 explicitly featured the ability to separate the auth service from identity. (It's a tactical decision to have a proprietary link between indiewebcamp.com and indieauth.com, although it's a little more exposed because the communication happens over HTTP. Justin notes that it would be better to use existing authentication protocols that are designed for security.)
Aaron discusses using IndieAuth with micropub, an API for using third-party apps to post to indieweb sites. The micropub-compatible app needs to be able to log into your personal site.
OwnYourGram.com: you log in via IndieAuth, authorize the app, and it reads your Instagram feed and autoposts it to your indieweb site using micropub.
Aaron took authorization & token endpoints from OAuth / OpenID connect; micropub is new.
A question came up about why this uses HTML vs using a .well-known address. The answer is that it's easier to code on a wider variety of platforms.
A further issue was brought up re: OAuth separating authorization and token endpoints, which is not something that is actually supported in OAuth. Aaron points out that you _can_ have them on separate servers, as long as they are tightly coupled - as is the case here.
Aaron: "avoid crypto". He likes the idea of signed tokens, but nobody can agree on the signing mechanism. Conversations tend to disappear down unproductive rabbitholes .....
Aaron discussed the OAuth workflow and how it relates to IndieAuth. IndieAuth assumes clients that have a web presence. It can be an internal part of the indieweb site, or it can be an adjacent service that the site delegates to.
---
Also see Kevin Marks' live notes: http://www.kevinmarks.com/iiw2014-05-06.html#IndieAuth
Created by Tantek.com on May 7
Notes taken mostly remotely by ben.thatmustbe.me & Tantek Çelik, with some taken in-person by Aaron Parecki at IIW on 2014-05-06 on https://etherpad.mozilla.org/iiw - archived here.
Word document (per IIW convention): copy paste this into a Terminal window:
Kevin Marks talking about How to join the IndieWeb
Kevin is starting with a short 5 minute intro to the IndieWeb to get those that missed earlier sessions caught up.
Describes the basics of IndieAuth but defers to the later session on the subject.
Brief description of POSSE.
Directing people to getting started link.
Audience is hosting their own sites in a number of places (in their basement, on a hosted server, etc)
Q: Just as a general user, I don't have a static IP, does it make sense for me to run this at home if I really want to own it?
A: What you really OWN is the URL, hosting can be anywhere, but it is the URL that is what verifies you.
Q: If I have an IndieBox can I run this?
A: You would need some sort of dynamic DNS, but that is an implementation detail.
If you are on your own domain, you are on the same level as silo's not underneath them. You can still go down, but you are able to back that all up yourself.
This isn't the app for everyone. We realize this. Only now are getting to points where there are bits of this that can be made easy for the people who aren't hackers.
The point is to have a lot of different implementations. Most attempts to replace sites like Facebook have always just made the assumption that they are a monolith as well. The point is to go back to the open standards and interoperability of the early web.
j12t: bridgy was kind of magical, I set it up on my site and forgot about it, then found a bunch of comments from people and realized they were from Facebook!
"I just logged into the wiki already, and it pointed out a few helpful problems with my rel-me links, so that's great!" (Steve Williams, sbw.org)
aaronpk: Step 1 try to sign-into the wiki
you need to add rel=me to the link to your other profiles, e.g. Twitter, Github
"speaking of Salmon - hahaha" (Kaliya)
Kaliya introduced Gabriel Scheer
"what's your domain name?" "futureoffish.org" "no, yours" "mine? gabrielscheer.com, but it hasn't been updated in months"
Why not about.me?
Note: people that were able to sign into the wiki from IIW for the first time!
(times are likely UTC, thus 7 hours later than PDT would indicate)
Created by Tantek.com on May 9
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Skype is a communication service that provides text chat, and audio/video calling service via native applications on desktop (Mac, Windows), and mobile (iOS, Android).
You can purchase "credit" on Skype and use it to make audio calls to telephone numbers.
If you don't use your Skype credit for 180 days, it becomes inactive.
"Once it becomes inactive, you can reactivate it whenever you're ready to use it. Simply sign into your account online and follow the option to Reactivate credit." - per email received by Tantek Çelik on 2014-04-29 with subject "Your credit will become inactive in 7 days".
Created by Www.atoddswithclarity.com on May 12
playground for brainTrain
https://www.atoddswithclarity.com
Created by Tantek.com on May 6
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Created by Paulmunday.net on May 9
Lives in Portland Oregon.
Personal site [paulmunday.net] built using Flask.
The code is available on github: Monomotapa.
tallpaul on Freenode IRC.
Created by Tantek.com on May 9
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
PHP is a programming language and web server runtime environment used for many IndieWeb projects.
Created by David.shanske.com on May 9
Created by Tantek.com on May 6
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
chicken is a type of post supported by idno.
Created by Kylewm.com on May 6
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Particularly those by or of interest to IndieWeb participants
Created by Tantek.com on May 5
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
A stub is an article that is brand new or considered incomplete by the authors/contributors, based on opinion or arbitrary measure. Contributors are encouraged to expand these articles.
The stub template should be used to indicate an article is a stub.
Created by Tantek.com on May 7
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
About.me is a homepage hosting silo.
Contents |
If you try to fetch about.me/kevinmarks with curl you get HTTP 418 error. - Kevin Marks (2014-05-06-iiw-join-indieweb)
They decided they don't want visible links, by that I mean links that are hidden to anything except a browser with javascript. - Kevin Marks (2014-05-06-iiw-join-indieweb)
Created by Bret.io on May 9
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Node.js is a platform for running javascript applications and runs on all modern operating systems.
A well developed microformat-node library is available for use as a building block in indieweb projects.
Created by Rascul.io on May 10
I like to make things.
My site will be at http://rascul.io but while I'm working on it you can probably check it out at http://crash.rascul.io.
Created by Aaronparecki.com on May 11
Created by Kylewm.com on May 11
Microformats2 utility for Python, to extract common features in comments and reply-contexts. mf2util is intended to be used in concert with mf2py.
The package can be installed from pypi: [1]
Source and more documentation is available on GitHub: [2].
Created by Tantek.com on May 8
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Respect Network appears to be a closed vaporware monoculture for-pay cloud service launched with a high-gloss marketingy website at www.respectnetwork.com.
Contents |
Per: https://twitter.com/benwerd/status/464502782276292608
Respect uses XDI as a transmission protocol. http://en.wikipedia.org/wiki/XDI The #indieweb approach, as a comparison: http://indiewebify.me/ #iiw
per https://twitter.com/benwerd/status/464503235739279360:
The Respect Network is closed and has tiered membership fees. Would prefer web-style free & open protocols. #iiw #indieweb
Strong emphasis added.
per https://twitter.com/benwerd/status/464503235739279360:
The Respect Network is closed and has tiered membership fees. Would prefer web-style free & open protocols. #iiw #indieweb
Strong emphasis added. And per https://twitter.com/benwerd/status/464506844627484674:
Personal clouds, business clouds, nfp clouds. All good. Why do we need to pay to join the network? I don't on the web. #iiw #indieweb
2014-05-08 related tweets from a session about Respect Network at IIW:
Created by Tantek.com on May 8
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
security in the context of the indieweb may refer to security concerns regarding personal domains, web hosting, https setup, private data, identity etc. Nearly everything on the indieweb has security concerns.
Security breaches as reported by sites
Created by Tantek.com on May 8
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
Delicious.com (originally launched in 2003 at del.icio.us) is a bookmarks silo that was among the first to implement tags, and user-tagging (AKA folksonomy), and present a UI of popular tags. Delicious was sold to Yahoo in 2005, neglected, then YouTube co-founders, and most recently to a former MySpace executive.[1]
Created by Tantek.com on May 9
This article is a stub. You can help the IndieWebCamp wiki by expanding it.
LiveJournal is a blogging silo.
If your account is inactive (haven't logged in or posted in a while), LiveJournal may delete it, including all posts & permalinks, with only a 15 day email notice.
Thus it appears LiveJournal is slowly and quietly deleting post permalinks from the web.
On 2014-05-05 Tantek Çelik received an email apparently from "[email protected]":
Subject: Purging of your LiveJournal account
We noticed that your account tantek has less than three entries and hasn't been logged into in over two years. LiveJournal is deleting inactive empty accounts. Pursuant to our housekeeping policy, your LiveJournal account tantek is scheduled to be deleted in 15 days.
If you wish to reactivate your account to avoid this deletion, please visit http://www.livejournal.com and log in within 15 days of this notification.
If you do not remember the password for your account, you can reset it: http://www.livejournal.com/support/faqbrowse.bml?faqid=17. Best regards,
LiveJournal Team
www.livejournal.com/
Created by Ben.thatmustbe.me on May 8
Contents |
OpenBlog is an open source blogging platform currently under development by User:ben.thatmustbe.me. OpenBlog is based on a fork of system libraries from OpenCart, an eCommerce software. OpenBlog uses a simple MVC architecture and uses PHP and MySQL.
Source code is publicly available on GitHub.
OpenBlog aims to be a platform for easy development of new features. The hope is to have as many test projects as possible incorporated in to OpenBlog and keep the ability to test new features as simple as possible.
