1. Kevin Marks: pondering webmentions of people with Aaron - it is tricky without a reader - should saying http://kevinmarks.com ping me?

    @kevinmarks depends if you want it to! I’d say yes, it’s analogous to a non-reply @mention on twitter. And whilst a reader w/ mentions feed+notifications is a good UI for consuming that data, you can have it on your own site too, e.g. aaronparecki.com/mentions, and even poll+post native OS notifications e.g.

    https://www.youtube.com/watch?v=CYyNexN1qPA

  2. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    

    Posting my first note over HTTPS, now at indiewebcamp.com/https level two with a self-signed certificate.

    I’ve also enabled HTTPS for Shrewdness (currently optional, will be required once I have a StartSSL cert) — if you want to add an exception, the signature is:

    02:55:68:37:c9:b2:32:89:f7:c7:b5:65:6e:20:b0:87:af:f6:
    1b:9e:c7:bb:2f:5b:0f:f5:23:04:74:47:76:78:7b:38:49:91:
    4b:c5:3e:66:16:32:67:5e:4c:e9:75:c5:b0:52:91:c9:67:cd:
    15:56:53:11:a2:38:5a:39:0e:1e:dd:f9:ec:2d:8e:aa:0f:78:
    47:af:87:48:66:22:7f:35:eb:6f:84:b5:fb:0c:75:c9:84:04:
    fc:c7:80:bf:71:f7:bb:b7:35:df:9c:8d:9f:1d:45:2c:93:a4:
    fe:5d:6a:b2:f5:a5:e5:87:71:6d:91:2d:04:a2:55:7f:a2:8c:
    5d:c6:1d:df:42:14:ea:f2:a6:6c:be:60:0a:88:5b:e8:e0:ed:
    1c:5e:41:63:bc:af:06:16:b8:32:49:d9:9d:c7:28:93:a6:f6:
    d9:18:43:37:bc:54:32:73:f8:ef:38:39:72:46:fa:bc:bc:57:
    19:0d:54:e6:22:a6:b2:93:85:64:3f:4c:f4:ad:91:ae:05:00:
    2a:7e:ff:43:55:01:eb:39:7d:bf:b3:39:17:d9:25:f7:a3:8c:
    11:06:d3:cd:4f:dd:c4:77:b7:b8:48:c6:cb:60:87:5c:ec:75:
    10:4b:88:3e:29:02:70:c1:b5:56:77:55:ec:29:63:48:d5:e0:
    ac:ff:02:fe
    
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
    Comment: GPGTools - http://gpgtools.org
    
    iQEcBAEBAgAGBQJUCXg5AAoJEI6GztMrK7tlnmAH/i+WbzD1gv0sgQs3di74bLL8
    W4Enkl6Nnc/raTC5Vd7G2QJ0+84x4+6r8uSG0cJln6S/VSo1zzb9sSKUZkZTX6Vd
    mDE9elfF60UqKTBKNWyzfSlcDPRgumwjWtHxwsAM80sJ0kX335XSTIIuKvsXePIq
    Kfx9hT6aYiXOZkf4yEUrviCZJp2qCaXJHtOMSusaFm6WvwsI4Wa3Go0IJPqLH9rA
    3rjA6YRGBT9gWn1UTel0Bu1xxvXtt92rjuCDbeyyfvkkSRZl9xrggV4pP79qtxm0
    n2SvbuDBN+f9U/6pxXopVm7AVigQK+xVl6wdjK4Nw3++1sqH4r5l/OW1QbKkYRI=
    =7E1S
    -----END PGP SIGNATURE-----
  3. Good pre-travel baking: Granola with @brennannovak of @rvkgranola, and Germknödel second attempt — first try wasn’t much good, this time they worked perfectly, expanding to twice their original size! First time I’ve managed to make a boiled dumpling with a bready texture.

  4. Experiencing serious Article Abstraction Addiction — what started as a simple post about code documentation has become this unwieldy epic which is trying to look at the big picture of how tools and materials evolve and affect each other and how each generation of tools embeds some of the assumptions from the ones used to create it, and will probablly never get published.

    At least I managed to impulsively write waterpigs.co.uk/notes/4Xu9i0 so that there’s something useful there.

  5. Marcus Povey: Spying on a website using Webmention and MF2

    @mapkyca good point, I hadn’t considered this problem with hotlinking profile photos before. I think some webmention implementors have started doing this, and I intend to do it within Shrewdness.

    It’s worth noting that the attack is not at all limited to profile photos though, rather any photo or otherwise automatically loaded content in the comment e.g. images or audio. Whilst caching profile photos is feasible, caching any media in comments is more difficult, and therefore a good reason for text-only comments.

    Text-only content is not an option in Shrewdness, but perhaps instead images could be cached, and other media loaded upon demand, removing the ability to arbitrarily spy on people.