#indiewebcamp 2015-08-29

2015-08-29 UTC
#
bear when i'm doing an audit of our sites for CSP I tend to use http://www.cspplayground.com/resources
#
tantek bear - I looked into the nonce thing - that would involve writing more code to generate the nonce on every request. at that point I may as well figure out a better way to serve the script externally instead of inline.
#
tantek though I suppose the trade-off is another http request
#
bear yea, it's a balance on how tight you want the CSP to be
#
tantek going to give it more thought to figure out the various tradeoffs
#
tantek but I'm going to just keep documenting my work in progress with reasoning so far so anyone else can re-evaluate my work and then decide for themselves
#
bear yep
#
bear I looked at your site just now and your CSP is sound - no glaring holes or issues
#
bear the only thing I get nervous about is the media-src *; part
#
bear but you control the adding of external content by webmention vouch, so no one can inject a bad image
#
tantek my auto_link function does /auto-embed and as part of that turns any common audio file extension link into an <audio> and similarly with video file extension links and <video>
#
tantek hence why the media-src *
#
tantek note that img-src * is separate
colintedford joined the channel
#
bear yep
#
bear you could do that by having an external (again tradeoff) embed url so it's not *
#
bear so any embedded media are isolated
#
bear that would also allow you to isolate what mime types you allow - by using object-src and plugin-types
#
bear relurks for dinner
#
tantek the embed url (iframe) is auto-generated by the platform.twitter.com/widgets.js script - so I don't have control over that
#
bear oh - ouch
#
bear ok, so yea, caveat the workarounds for external silo stuff - your CSP is sound and clean of issues IMO
#
tantek.com edited /Content-Security-Policy (+618) "/* Tantek */ note reasons for child-src platform.twitter.com (without explicit https)" (view diff)
#
tantek bear++ thanks much for the review! appreciated!
#
Loqi bear has 70 karma
#
bear always glad to review security stuff for the early-example folks
#
tantek just documented the reasoning for child-src platform.twitter.com not requiring https
#
bear so we prevent any infosec leakage
#
tantek yeah totally, or just bad copypasta in general
#
bear yep
#
tantek I mean I'm fine being a guinea pig and selfdogfooding this stuff
#
bear waves and goes to find food
#
tantek I just worry about people copy what I write-up publicly and getting something wrong for themselves
#
tantek especially security related
#
tantek yes - go eat!
#
tantek.com edited /Content-Security-Policy (+846) "/* Allow Only Media From Anywhere */ explain why img-src * and why media-src *" (view diff)
#
tantek per bear's prodding ^^^
benwerd joined the channel
#
tantek.com edited /Content-Security-Policy (+5) "/* Tantek */ Note on new line for easier readability" (view diff)
#
tantek.com edited /Content-Security-Policy (+205) "/* Tantek */ expand on options for how to use only https child-src / frame-src" (view diff)
#
colintedford.com edited /User:Colintedford.com (+242) "/* Better archives */ More prominent display of current in-progress comic, with link to latest page. Maybe preview thumbnails for all comics." (view diff)
#
benward @tantek I'll check if there's a way to force SSL for widgets on HTTP, but I'm not 100% sure I understand your problem from skimming here.
#
colintedford.com edited /User:Colintedford.com (+101) "/* Current setup & practices */ WP shortlink plugin reported fixed; I haven't tested." (view diff)
#
tantek short version, widgets.js does a parent page protocol relative iframe src= thus forcing my http page to embed an http iframe from platform.twitter.com, thus I have to allow non-https platform.twitter.com in my CSP
#
tantek I'd prefer to restrict my external iframes to https platform.twitter.com
#
tantek even though my site is currently http
#
@t ATT wifi injects ads http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ = I learned+deployed CSP https://indiewebcamp.com/Content-Security-Policy You should too. #security (ttk.me t4cv2) (twitter.com/_/status/637422341673340928)
#
tantek alright I think the docs are thorough enough to explain the various options / decisions and why I chose the CSP I did
#
Loqi [mention] dr electronic max wrote a post that linked to an event: "Homebrew Website Club Meetup" https://indiewebcamp.com/events/2015-08-27-homebrew-website-club https://webmention.io/notification/i2XbIp9L0lHcQ_sCmAPUBQ
#
tantek hopefully that will be enough for people to intelligently copy/paste from one of the given examples, or if they want to take my CSP and improve upon it
#
colintedford aaronpk, did the "More Notes" link at the bottom of your homepage used to link lead to the relevant next date on the notes archive page?
#
colintedford Or am I just confused?
#
aaronpk it will i promise
#
colintedford Did it before?
#
aaronpk i dont think so
#
colintedford ok, thanks. not sure why i thought it did.
#
aaronpk probably cause it should :P
#
colintedford :)
#
@abraham RT @t: ATT wifi injects ads http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ = I learned+deployed CSP https://indiewebcamp.com/Content-Security-Policy You should too. #security (ttk.me t4cv2) (twitter.com/_/status/637424720384651264)
#
tantek.com edited /Content-Security-Policy (+519) "/* Allow Anywhere Media Whitelist Iframes */ explain why child-src for youtube and vimeo - embedding video players" (view diff)
#
@Phil_Wheeler RT @t: ATT wifi injects ads http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ = I learned+deployed CSP https://indiewebcamp.com/Content-Security-Policy You should too. #security (ttk.me t4cv2) (twitter.com/_/status/637425411136229376)
#
colintedford.com edited /User:Colintedford.com (+138) "/* Better archives */ rm erroneous reference, add dubious idea" (view diff)
#
Loqi [mention] Brad Fitzpatrick and She_Dupree wrote a post that linked to a photo: "Content-Security-Policy" https://indiewebcamp.com/Content-Security-Policy https://webmention.io/notification/pn8KC4Vc167hXUh4CfUGMw
#
tantek ok I think I'm pretty set with CSP for now, have documented where I can improve my setup etc. so I can forget what I did and just come back to the wiki page :)
#
tantek pretty happy about <24h from learn, to deploy, and document.
#
Loqi [mention] Daniel Burka, jden, ArneBabenhauserheide, Abraham Williams, Phil Wheeler, indistinct chatter, cbgreenwood, and вкαя∂εℓℓ wrote a post that linked to https://webmention.io/notification/4zhKvt8Eg1oDjff-PsTVJg
#
tantek hmm - wrote posts that linked to webmention.io ? that doesn't make sense
#
tantek no what they all actually did was *like* my POSSE copy of my post
#
tantek aaronpk ^^^ notification interpretation / text copy error there
#
colintedford.com edited /User:Colintedford.com (+83) "/* Note names */ break at parenthesis" (view diff)
#
tantek oh one more thing - how to test
[aaronpk] joined the channel
#
[aaronpk] That's odd... It's not recognizing it's a "like"
#
[aaronpk] Wonder what I broke
#
Loqi [mention] Richard Drake wrote a post that linked to https://webmention.io/notification/BDVhuAzAkG-RwZSOvCp5XA
#
colintedford.com edited /User:Colintedford.com (+148) "/* URL scheme */ prolly treat replies same as "regular" posts" (view diff)
#
tantek.com edited /Content-Security-Policy (+724) "/* How to */ subheads, Test your CSP" (view diff)
#
tantek.com edited /Content-Security-Policy (+197) "/* IndieWeb Examples */ add your site too" (view diff)
#
sparverius http://i.imgur.com/Axpicw6.jpg
#
sparverius my bad
#
@burdem RT @t: ATT wifi injects ads http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ = I learned+deployed CSP https://indiewebcamp.com/Content-Security-Policy You should too. #security (ttk.me t4cv2) (twitter.com/_/status/637431181655560192)
#
colintedford.com edited /User:Colintedford.com (-181) "/* Silo issues */ rm item that belongs elsewhere. Indiecard might help w/ preview problem." (view diff)
#
@matthewmspace RT @t: ATT wifi injects ads http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ = I learned+deployed CSP https://indiewebcamp.com/Content-Security-Policy You should too. #security (ttk.me t4cv2) (twitter.com/_/status/637431576079519744)
#
colintedford.com edited /User:Colintedford.com (+457) "/* Working on */ Post-WordPress markup" (view diff)
#
Loqi [mention] Ryan Barrett wrote a post that linked to "monoculture" https://indiewebcamp.com/monoculture https://webmention.io/notification/4IWit7tFZQJ0_Gqldc5ePA
almereyda joined the channel
#
Loqi [mention] Burak Demiröz, Steve Evans, and Matthew Miller wrote a post that linked to a photo: "Content-Security-Policy" https://indiewebcamp.com/Content-Security-Policy https://webmention.io/notification/KQCdcviJbIKc4EsHLOotzw
#
colintedford.com edited /jam (-181) "Undo revision 21564 by [[Special:Contributions/Colintedford.com|Colintedford.com]] ([[User talk:Colintedford.com|talk]]) On reread, I see "♫" isn't required to count as a jam." (view diff)
#
Loqi [mention] Nate Cook wrote a post that linked to https://webmention.io/notification/C4rHDRY8ngsbRhljSFxmug
#
colintedford.com edited /jam (+140) "/* Colin Tedford */ first use & backfill of "♫ "" (view diff)
wolftune joined the channel
#
Loqi [mention] Doug Turner wrote a post that linked to https://webmention.io/notification/FNhccpFkBtv5WEoUi2tHiw
wolftune joined the channel
#
colintedford.com edited /User:Colintedford.com (+69) "/* Noise filter */ save but de-emphasize older thoughts" (view diff)
#
Loqi [mention] someone wrote a post that linked to a photo: "Content-Security-Policy" https://indiewebcamp.com/Content-Security-Policy#Why https://webmention.io/notification/8JrgWRt-D0piO_wubfenJA
tjgillies__, yalamerde and [snarfed] joined the channel
#
[snarfed] hey aaronpk remind me, is it quill that doesn't support identity URL with path? or indieauth? or both do and he's just confused? https://wordpress.org/support/topic/any-chance-of-a-tutorial?replies=3#post-7352513
#
aaronpk It's Quill doing that. I should really fix it
#
KevinMarks kylewm said he had that issue with silo.pub too
#
aaronpk File an issue so I don't forget?
#
kylewm I can file an issue if nobody else is already
#
kylewm if you do please note that this line needs to change too https://github.com/indieweb/indieauth-client-php/blob/master/src/IndieAuth/Client.php#L17
#
aaronpk Oops yep
#
aaronpk File issues on both plz
#
aaronpk Not at computer right now
#
kylewm done-zo
#
[snarfed] thanks kylewm! currently time sharing btw this and Brooke :P
KartikPrabhu, wolftune, lewisnyman and [kevinmarks] joined the channel
#
[kevinmarks] http://svgur.com/s/29
#
[kevinmarks] png preview for slack, though fb doesn't want it
#
KevinMarks http://svgur.com/s/1c
#
[kevinmarks] http://svgur.com/s/1c
benwerd joined the channel
#
KevinMarks hm
#
KevinMarks facebook cropping out the middle isn't ideal
benwerd joined the channel
#
KevinMarks hm, appengine task queues are rather neat
#
@anomalily I’m serious. Wow. Can we get all the conservatives over to #indieweb? Please? https://www.youtube.com/ (twitter.com/_/status/637461090750717952)
snarfed, colintedford and indie-visitor joined the channel
#
Loqi Welcome, indie-visitor! Set your nickname by typing /nick yourname
bill_clinternet, laserco and wolftune joined the channel
#
@SeeEssPee RT @t: ATT wifi injects ads http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ = I learned+deployed CSP https://indiewebcamp.com/Content-Security-Policy You should too. #security (ttk.me t4cv2) (twitter.com/_/status/637485214223110144)
tantek joined the channel
#
Loqi [mention] Aaron Alexander and CSP4Life wrote a post that linked to a photo: "Content-Security-Policy" https://indiewebcamp.com/Content-Security-Policy https://webmention.io/notification/NHBQ2nqTwg1EAfYkb7XTCg
snarfed joined the channel
#
colintedford.com created /csp (+13) "redirect lower- to uppercase" (view diff)
#
colintedford.com edited /csp (+4) "oops, try again" (view diff)
wolftune and snarfed joined the channel
#
@jeffaustin81 RT @aaronpk: This is kind of amazing, we have Homebrew Website Club meetups in 6 cities this week! http://indiewebcamp.com/events/2015-08-26-homebrew-website-club (twitter.com/_/status/637509464212402180)
#
Loqi [mention] Jeff Austin wrote a post that linked to an event: "Homebrew Website Club Meetup" http://indiewebcamp.com/events/2015-08-26-homebrew-website-club https://webmention.io/notification/FoMFLmrZ7Er59iUHM7LuZQ
wolftune joined the channel
#
colintedford.com edited /Content-Security-Policy (+1) "/* Tantek */ fix link" (view diff)
squeakytoy2 and mblaney joined the channel
#
mblaney tantek if ATT can modify your content they can modify headers too yes? re: CSP
tantek joined the channel
#
tantek.com edited /Content-Security-Policy (+1262) "FAQ / Why bother if attacker can hack CSP too" (view diff)
#
mblaney fair enough.
#
mblaney I'll go back to working on my indie-config setup now :-)
#
voxpelli mblaney++
#
Loqi mblaney has 1 karma
#
mblaney did you or aaronpk get any further working out what's wrong with my irc-people entry?
#
voxpelli Looking forward seeing more indie-config live
#
mblaney voxpelli++ for indie-config
#
Loqi voxpelli has 43 karma
indie-visitor, j12t and fkooman joined the channel
#
@chuckle_h0und RT @t: ATT wifi injects ads http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ = I learned+deployed CSP https://indiewebcamp.com/Content-Security-Policy You should too. #security (ttk.me t4cv2) (twitter.com/_/status/637573353629446145)
#
Loqi [mention] Denis Elistratov and Chris wrote a post that linked to a photo: "Content-Security-Policy" https://indiewebcamp.com/Content-Security-Policy https://webmention.io/notification/h1vusMdwQWYZm6svAPddzw
Rev_Illo and j12t joined the channel
#
@VSChawathe RT @t: ATT wifi injects ads http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ = I learned+deployed CSP https://indiewebcamp.com/Content-Security-Policy You should too. #security (ttk.me t4cv2) (twitter.com/_/status/637579986686251012)
#
Loqi [mention] Vipul Chawathe wrote a post that linked to https://webmention.io/notification/cfPdLDCr3XjcSCHX7uB6hQ
yoroy, wolftune, eschnou, j12t, djwesto, mapkyca, yalamerde, terminalpixel, danfowler, finchd, benborges, benwerd, scor, rMdes, rMdes_ and kylewm joined the channel
#
Loqi [mention] ericbalasbas wrote a post that linked to https://webmention.io/notification/twNiUy6Td4qB81cUQb8Pug
wolftune, j12t and mdik joined the channel
#
@veganstraightedge @gruber This is how @t turned off ad injection on his site. https://indiewebcamp.com/Content-Security-Policy (twitter.com/_/status/637652539874279425)
j12t joined the channel
#
@benwerd Do you want to sell subscriptions to premium content on your website? (A podcast? Maybe analysis?) I'd love to talk to you. #indieweb (twitter.com/_/status/637655250564808704)
snarfed and j12t joined the channel
#
KevinMarks https://twitter.com/jowyang/status/637623897391656961
#
@jowyang Is Facebook a walled garden if most of the Internet is on it? (twitter.com/_/status/637623897391656961)
snarfed and scor joined the channel
#
M-kegan Yes. Yes it is.
#
M-kegan https://en.m.wikipedia.org/wiki/Closed_platform has nothing to do with the size of the garden >_>
#
@muhhbot Die ganzen IndieWeb Plugins für Wordpress reizen mich immer die Verbindung stirbt, wird die Telekom mir so nichts mehr verkaufen. (twitter.com/_/status/637668023361531904)
#
GWG The Google Translation on that isn't helpful.
#
KevinMarks it's a markov bot
#
KevinMarks which works less well in german
#
KevinMarks https://twitter.com/muhh/status/479332006283603969
#
@muhh Die ganzen IndieWeb Plugins für Wordpress reizen mich ja am meisten. http://byzero.de/2014/06/18/31/ (twitter.com/_/status/479332006283603969)
#
KevinMarks so he was irritated las june and his bot just attached a non sequitur about his connection going down
#
GWG Ok
j12t joined the channel
#
snarfed.org edited /original-post-discovery (+2828) "extended backlink interpretation/heuristics" (view diff)
#
snarfed.org edited /original-post-discovery (+46) "/* Problem */ link to bridgy issue" (view diff)
scor joined the channel
#
snarfed !tell KevinMarks,kylewm,tantek wrote up the new OPD heuristic idea: https://indiewebcamp.com/original-post-discovery#Extended_backlink_interpretation . feedback is welcome!
#
Loqi Ok, I'll tell them that when I see them next
#
KevinMarks also, if there is a rel-syndication link in the post, you know it is POSSE, so check that first
#
Loqi KevinMarks: snarfed left you a message 2 minutes ago: wrote up the new OPD heuristic idea: https://indiewebcamp.com/original-post-discovery#Extended_backlink_interpretation . feedback is welcome! http://indiewebcamp.com/irc/2015-08-29/line/1440870730486
#
snarfed KevinMarks: yup. the whole algorithm is above in that page. i was only trying to revise the backlink interpretation part, not the whole thing
#
KevinMarks do you currently default to assuming that it is POSSE? Which way the ambiguous cases fall makes a difference
#
snarfed currently yes
#
snarfed with edit distance, i guess the main tuning knob is the numeric threshold
#
KevinMarks so I'd flip that default per the discussion - the case we are trying to filter out is the POSSE as self-comment
#
snarfed right. i guess my point is there's no boolean default with this new proposal, instead there's a numeric threshold
danfowler, j12t, uhhyeahbret and JasonO joined the channel
#
aaronparecki.com edited /The_Grid (+71) "add criticism" (view diff)
j12t, JasonO, ttepasse, eschnou and wolftune joined the channel
#
snarfed woo scraping G+ with a cookie and converting to atom works! https://github.com/snarfed/granary/blob/master/granary/googleplus.py#L290
#
snarfed shipping soon
#
aaronpk wow
#
snarfed i feel dirty (again)
#
KartikPrabhu you should
#
snarfed :P
#
Loqi definitely
#
snarfed i'd feel dirtier if there was another way...but there isn't
#
snarfed silos gonna silo
j12t joined the channel
#
Loqi [mention] Twitter Open Source wrote a post that linked to https://webmention.io/notification/HRRI9VvSteMxJHZGt-PbgA
#
aaronpk orly
davidmead joined the channel
#
aaronpk oh weird, the SSL cert that cloudflare generates automatically is actually signed for like a dozen domains
#
@pypi_updates went 0.0.14: Tools for implementing a webmention enpoint. https://pypi.python.org/pypi/went/0.0.14 (twitter.com/_/status/637718867087900672)
#
@artwisanggeni #python went 0.0.14: Tools for implementing a webmention enpoint. https://pypi.python.org/pypi/went/0.0.14 (twitter.com/_/status/637722191329521665)
j12t, JasonO, snarfed, wolftune and tantek joined the channel
#
tantek good afternoon #indiewebcamp!
#
Loqi tantek: snarfed left you a message 3 hours, 48 minutes ago: wrote up the new OPD heuristic idea: https://indiewebcamp.com/original-post-discovery#Extended_backlink_interpretation . feedback is welcome! http://indiewebcamp.com/irc/2015-08-29/line/1440870730486
#
tantek appears my domain went inactive while I was flying across the Atlantic. now investigating what my webhost wants.
#
aaronpk oh dear
#
KartikPrabhu sounds like more money! ;)
#
aaronpk I'm not a fan of hosts that do that
#
aaronpk at least not without lots of warning
#
aaronpk wow it's like my webmention.io code has reverted to an old version except it hasn't
#
@kevinmarks @carlmalamud indeed - you might find #indieweb webactions interesting http://indiewebcamp.com/webactions (twitter.com/_/status/637743449974767616)
lewisnyman joined the channel
#
tantek And I just checked both billing contact email and the billing UI on my webhost and there is ZERO notification / information about any problems with my account / site.
#
Loqi [bridgy] Carl Malamud replied '@kevinmarks very useful. @t always has good things to say. thanks!' to a tweet http://indiewebcamp.com/webactions (https://twitter.com/carlmalamud/status/637744069968531456)
#
tantek Just filed a support ticket. We'll see what happens. I'm a little disappointed that my sent went "inactive" without any warning or notification!
#
tantek s/support/billing
#
Loqi tantek meant to say: Just filed a billing ticket. We'll see what happens. I'm a little disappointed that my sent went "inactive" without any warning or notification!
#
tantek alright, also filed a tech support ticket, since technically my site is down and I have received ZERO notification about any billing issues, thus I'm treating it as THEIR error that they should fix ASAP and then they can notify me about any billing issues separately.
#
tantek did someone link to me and cause a lot of traffic? CSP related?
#
tantek checks logs
#
tantek lol at how many different people are all "Can't ATT strip that CSP header too?" Glad I documented that FAQ ;) https://indiewebcamp.com/Content-Security-Policy#Why_bother_if_attacker_can_hack_CSP_too
#
tantek e.g. https://twitter.com/dougturner/status/637435311656595456
#
@dougturner @t can't att strip that header? (twitter.com/_/status/637435311656595456)
#
tantek snarfed, will do - I'll take a look after I get my site up again :)
#
aaronpk fixed the latest bugs in irc notifications
#
tantek nice
#
tantek site is up again
#
aaronpk hoping to finish this blog post soon then work on Quill
#
tantek apparently I exceeded my bandwidth quota (!!!)
#
tantek will investigate why later
#
snarfed glad it's back up tantek
#
snarfed in other words, launched the G+ cookie scraping Atom feed converter! https://plusstreamfeed.appspot.com/
#
snarfed feedback is welcome
tjgillies__ joined the channel
#
aaronpk wow I might actually give that a shot. sounds much nicer than using the G+ interface
#
snarfed not having G+ in my reader has rankled (me) for a long time
#
snarfed it's been the only one like that, for years
#
snarfed is happy
#
aaronpk nice. glad you got that launched!
#
snarfed thanks!
#
KevinMarks I put facebook in my reader and it swamped it a bit
#
snarfed heh
#
snarfed it should be capped somewhat, at e.g. FB's own news feed velocity
#
snarfed (or G+'s, etc.)
#
KevinMarks right, but as the reader is polling every hour, and fb tries not to repeat things, it gets a lot of posts
#
KevinMarks also I do have ~700 people on fb
#
snarfed ah yeah it does depend on reader fetch interval, and on how aggressively FB turns over the news feed contents per fetch
#
snarfed sounds like a good load test for reader UX design :P
#
KevinMarks I should put it in a tab or something
#
KevinMarks I get a 500
#
KevinMarks https://plusstreamfeed.appspot.com/cookie?SID={{REDACTED}}
#
KevinMarks hm, that wasn't a good idea for this channel was it
#
snarfed :( no it wasn't
#
snarfed time to log out and probably change your password
#
snarfed looking into the 500
#
KevinMarks I logegd out and it chanegd the cookies
#
KevinMarks aaronpk: if you could edit that out of logs that would be nice
#
aaronpk done, but I can't promise it hasn't already escaped into the world
#
snarfed the downside of putting creds directly into urls :/
#
kylewm will a G+ session cookie log you into like... gmail too?
#
Loqi kylewm: snarfed left you a message 4 hours, 50 minutes ago: wrote up the new OPD heuristic idea: https://indiewebcamp.com/original-post-discovery#Extended_backlink_interpretation . feedback is welcome! http://indiewebcamp.com/irc/2015-08-29/line/1440870730486
#
KevinMarks these are gogole.com cookies not plus.google.com
#
aaronpk i doubt it, google's auth stuff is pretty well scoped
#
KevinMarks so maybe
#
snarfed yes, google cookies are pretty well compartmentalized
#
kylewm google+++
#
Loqi google has -2 karma
#
kylewm :)
#
snarfed but mostly by internal means, not by subdomain-specific cookies
#
snarfed (mostly)
wilfredh joined the channel
#
aaronpk incoming
#
aaronpk crossing my fingers the clustering works :)
#
snarfed woo me too
#
Loqi [mention] Aaron Parecki posted "Why I Live in IRC" http://aaronparecki.com/articles/2015/08/29/1/why-i-live-in-irc that linked to http://indiewebcamp.com/irc/today and https://indiewebcamp.com/reader https://webmention.io/notification/xyzFIqVsumsUqdvqvKMMWg
#
aaronpk woo
#
snarfed KevinMarks: fixed the 500. thanks for the report! https://github.com/snarfed/granary/commit/00cd08337adcd9e78978eb9db92e0319d3be1c31
#
KevinMarks hm, unmung didn't like it
#
snarfed hm
#
KevinMarks no published dates
#
snarfed true
#
snarfed will fix
#
KevinMarks I should guard against that unmung
#
snarfed (newsblur was happy with it. meh.)
#
snarfed but yeh atom does require them
#
Loqi yea
#
aaronpk woo finished my post documenting everything, now I can actually start sketching out my new interface :)
#
KevinMarks looks liek they were there but set to None
#
KevinMarks 'published': u''
#
KevinMarks yes <published></published> <updated></updated> is not exactly helpful
#
KevinMarks OK, patching unmung for that
#
aaronpk !tell mblaney I fixed the IRC logs! the irc-people update script broke a few days ago http://indiewebcamp.com/irc/2015-08-29/line/1440832270546
#
Loqi Ok, I'll tell them that when I see them next
KartikPrabhu joined the channel
#
KevinMarks <name>Kevin Marks &amp;#10;(kevinmarks@gmail.com)</name> is a bit odd too
snarfed joined the channel
#
@matro RT @t: ATT wifi injects ads http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ = I learned+deployed CSP https://indiewebcamp.com/Content-Security-Policy You should too. #security (ttk.me t4cv2) (twitter.com/_/status/637769509378506752)
#
snarfed KevinMarks: yes it is
#
snarfed KevinMarks: fixed timestamps. https://github.com/snarfed/granary/commit/dd6edd00c5cc033b7041abf3ccdb12231dc12fee
#
KevinMarks wo, really big photos in that feed
#
KevinMarks I should make them fit width in unmung
#
Loqi definitely
#
KevinMarks put the g+ feed into unmung and the photos are much wider than the screen
j12t joined the channel