Conversation
Notices
-
mmn (mmn)'s status on Tuesday, 23-Feb-2016 17:13:12 CET mmn @moonman There are multiple ways of solving this without using public key cryptography. I support using OpenPGP to sign your accounts etc, but there's a huge problem if you lose your keys (or someone steals them). Another approach is:
1. Get multiple accounts with multiple providers
2. Let each OnlineAccount publish that they are "owl:sameAs" (or sioc:account_of) a certain identity, [arbitraryURI].
3. If you lose one account and go elsewhere, you could update the extra accounts to list your new one, and discovery can be made by iterating a list of "all accounts known for [arbitraryURI]".
A decentralised system would assign [arbitraryURI] to an account at first discovery of it and then build a network graph (using FOAF for example) when more data comes in.
The problems with this approach (of linked data in a public space) is that discovery is a hard nut to crack and that it requires a heckofalot of logic built in to clients. But that's decentralife for ya!-
mmn (mmn)'s status on Tuesday, 23-Feb-2016 21:21:51 CET mmn @verius In the case of a malicious server publishing false aliases neither of the other profiles you use (previously stored with remote nodes as verified/recognized as "yours") would acknowledge the newly added alias and thus the trustworthiness is low and it does not get (at least automatically) accepted.
Or similarly to #OpenPGP where the only way you can trust someone is who they say they are is to either verify yourself, or use verified and trustworthy friends.
This is why I said a heckofalot of logic is required. Also human interaction. This is also the reason no ordinary mortals bother with #OpenPGP and just trust centralised authorities instead. Because humanity is fucked up lazy. -
mmn (mmn)'s status on Tuesday, 23-Feb-2016 21:27:51 CET mmn @verius @jackmcbastard The methodology with a decentralised authorisation system doesn't require private keys and can rely solely on trustworthiness derived from a social graph. -
mmn (mmn)'s status on Tuesday, 23-Feb-2016 21:50:09 CET mmn @kevinmarks But rel="me" is only for HTML and microformats, right?
Oh and I'll get right on that stuff for !qvitter now :) -
mmn (mmn)'s status on Tuesday, 23-Feb-2016 22:26:08 CET mmn @kevinmarks https://git.gnu.io/h2p/Qvitter/merge_requests/22
Since Qvitter doesn't output the profile as HTML (just a blank page which loads everything with #javascript), I put it in <head><link ...>
Do you know if I can do h-card markup inside <head> or should I try to persuade @hannes2peer into accept outputting a (possibly hidden) h-card into <body>? (which increases load time before javascript kicks in, which is something I don't think he wants to change) -
mmn (mmn)'s status on Tuesday, 23-Feb-2016 22:27:28 CET mmn @kevinmarks PS. I love the fact that you have an image upload service focused on #SVG. Marvellous. -
Hannes (hannes2peer)'s status on Tuesday, 23-Feb-2016 22:42:25 CET Hannes @mmn you can add stuff like this if you (line 653) want http://qttr.at/16c7 mmn likes this. -
Hannes (hannes2peer)'s status on Tuesday, 23-Feb-2016 22:43:28 CET Hannes @mmn haha i put the paranthesis at the wrong place. you, line 653. -
mmn (mmn)'s status on Tuesday, 23-Feb-2016 22:45:38 CET mmn @hannes2peer Thanks, I'll remember that! But for now I think the rel="me" thing will do fine, I'll see what I can do about the h-card later this week. -
mmn (mmn)'s status on Tuesday, 23-Feb-2016 22:46:32 CET mmn @hannes2peer Phew, I thought you had uncovered my secret identity "Line 653". -
mmn (mmn)'s status on Wednesday, 24-Feb-2016 11:59:32 CET mmn @kevinmarks Minifying javascript is evil. No wonder Google suggests it! -
mmn (mmn)'s status on Wednesday, 24-Feb-2016 12:15:16 CET mmn @gjchen Yeah, minifying (if it's actually supposed to do any good) also makes the code unreadable by changing variable names to shorter ones, removing comments etc... Evil! Javascript is bad enough as it is in readable form. mcscx likes this. -
mmn (mmn)'s status on Wednesday, 24-Feb-2016 12:37:32 CET mmn @moonman I see a value in the fact that people have to tell others that "hey, I moved, you're welcome to follow me at my new place". That also lets the subscriber reconsider whether they actually want to continue subscribing. Not getting automatocally adjusted by some pseudosentient machine: http://cdn2.hubspot.net/hub/64283/file-2238801702-jpg/images/Wall-E-2-fat-humans.jpg
-