Gregarius: self hosted, web based RSS/RDF/ATOM aggregator

[foxfirefey]

People looking to move from LiveJournal to self hosted solutions might really like a program called Gregarius to duplicate your friends list.

Comments

[chasethestars]

...using ?auth=digest (Which you can keep private, so their friended entries don't end up publicly displayed to the web!)

The word that concerns me here is can. Does that mean you have the choice of the feed being private or public, meaning that if someone doesn't select private, anyone can have access to the friends-only entries on their aggregated friends page? I don't typically FO posts, but I imagine a lot of people who do might freak out over this (if they found out about it).

[foxfirefey]

If you use that format, it will automatically set the feed to private, so in order for it to end up public, someone'd have to make the feed public on purpose.

I don't typically FO posts, but I imagine a lot of people who do might freak out over this (if they found out about it).

Well, they can't disable syndication and none of the previous protests garnered them anything beyond synlevel...which isn't documented in the FAQs, so I guess they're a bit out of luck on this one. They'll have to ask their friends not to use external feed readers or defriend them or put them on a filter and maybe set synlevel to title only or something.

[adudeabides]

Yes, that is how it works.

[troworld]

The wiki entry says "Gregarius will mark the feed as 'private'". So I assume it happens automatically and only the logged-in user can see it. But, yes, you totally could make it public and have google bot index everything. Then again, you could do this already by writing a simple script that publishes the contents of a ?auth=digest feed onto a web page.

And also

[foxfirefey]

Their freaking would be just like the Frienditto panic. The basic problem is, if you're handing out friended entries to people on your list, those people have the ability to turn around and make those public. The main problem here is that people can suck, and sometimes you don't know ahead of times which ones.

Gregarius doesn't enable them any more than Frienditto did, or taking a screencap and posting it to tinyurl, or copy pasting it into an email or onto Encyclopedia Dramatica, or any of the other mechanisms people use to dissemble protected content to people who weren't supposed to see it.

[livredor]

I'm not convinced it is the same thing as Frienditto and ED, actually. Reposting locked entries to gangs of morons who enjoy drama and harassing people can only be deliberately malicious. Reading your friends page off LJ and using ?auth=digest could easily be a matter of convenience plus an honest mistake in not understanding how Gregarius or whatever works.

I've seen Atom feeds of friends locked entries escaping onto Google for exactly this reason. Someone is watching Atom feeds in an RSS reader, logged in using their LJ cookie, and later on, another person using the same computer can see the FO stuff in Google's cache. There are a lot of things happening here which shouldn't; Google in theory shouldn't index Atom feeds anyway, and I really don't understand how the Google cache is picking up LJ auth. But to me, this is a much bigger security problem than Frienditto; it's one thing to trust your friends not to cause drama, but why should you "trust" your friends not to use RSS readers?

[foxfirefey]

Reading your friends page off LJ and using ?auth=digest could easily be a matter of convenience plus an honest mistake in not understanding how Gregarius or whatever works.

True, but fortunately Gregarius makes sure that feeds using ?auth=digest are private automatically! Someone'd have to make a conscious decision to turn that feed pbulic.

I've seen Atom feeds of friends locked entries escaping onto Google for exactly this reason. Someone is watching Atom feeds in an RSS reader, logged in using their LJ cookie, and later on, another person using the same computer can see the FO stuff in Google's cache. There are a lot of things happening here which shouldn't; Google in theory shouldn't index Atom feeds anyway, and I really don't understand how the Google cache is picking up LJ auth. But to me, this is a much bigger security problem than Frienditto; it's one thing to trust your friends not to cause drama, but why should you "trust" your friends not to use RSS readers?Hrm. It's a tough problem! In any case, you can't exactly trust