#indieweb 2016-12-09

2016-12-09 UTC
rrix joined the channel
#
GWG Good evening all
KevinMarks1 joined the channel
#
KevinMarks1 evening
davidmead joined the channel
#
GWG Hello, KevinMarks1. How are you and KevinMarks?
KartikPrabhu joined the channel
#
KevinMarks We are on nodding terms
#
GWG I've always wanted an extra me to do all the things I don't have time for. However, he'd probably want equal pay
Kamelreiter_ and tantek joined the channel
#
GWG I did make some progress on my location UI elements
wolftune and KevinMarks1 joined the channel
#
KevinMarks1 years ago when I was scheduling CD-ROM projects I had to put 2 of me in to make MS project timelines work out
#
GWG Who had to work the night shift?
wolftune, tantek and mlncn joined the channel
#
KevinMarks I was basically doing manager things in the day and coding at night
begriffs, KevinMarks, tantek, wolftune, mlncn, DanC_ and KevinMarks_ joined the channel
#
GWG tantek: Do you remember who did the 360 picture at IWC NYC2? It is escaping me
#
tantek escaping me too!
#
Loqi tantek: petermolnar left you a message 13 hours, 28 minutes ago: Y U NO https on ttk.me?
#
tantek lol - I saw all the memes
#
tantek (the archives show them inline)
#
tantek !tell petermolnar I've been trying to convince my webhost to support Letsencrypt for all customers, like with a simple checkbox. But if I don't get that soon, I'll likely do it in the next few weeks manually for myself.
#
Loqi Ok, I'll tell them that when I see them next
wolftune joined the channel
#
Loqi Just generated the first draft of this week's newsletter! https://indieweb.org/this-week/2016-12-09.html I'll generate a draft again tomorrow, so please add to it before then! https://indieweb.org/this-week#How_to
#
tantek hmm - didn't we have a HWC this week somewhere in Europe?
#
tantek yup https://indieweb.org/events/2016-12-07-homebrew-website-club
#
tantek hmm, now we need a photo for HWC Nurnberg
#
tantek !tell jkphl is there a photo for this week's HWC Nürnberg?
#
Loqi Ok, I'll tell them that when I see them next
#
tantek well that will get it listed as a recent event at least
#
tantek still need a photo
j12t_, wolftune, ChrisAldrich and [schmarty] joined the channel
#
[schmarty] evening, #IndieWeb! I was the NYC2 360 panorama person.
#
[schmarty] https://martymcgui.re/2016/08/28/114014/
#
Loqi [Marty McGuire] A nice 360 photo of the nice folks in the Content session on day one of IndieWebCamp NYC2 https://martymcgui.re/assets/posts/2016/08/28/114014/R0010079_20160827134454.JPG
#
GWG [schmarty]: I got a cheap 360 camera and was trying to remember the setup for embedding.
#
[schmarty] @GWG I used Google's "VR" viewer which has a decently open license. Feel free to peek at the source on any of my panorama posts.
#
GWG First, I need to charge this thing and get it to work.
#
[schmarty] I think I linked to where I found it on the IWC wiki
#
[schmarty] Oop, yep: http://indieweb.org/Photo#Marty_McGuire
#
[schmarty] Which camera did you get? Mine were made with the Ricoh Theta S.
#
GWG I know. This is an LG 360. It was inexpensive.
wolftune joined the channel
#
[schmarty] oh nice! i was not aware of this camera.
#
GWG I wasn't interested enough for the price of a Theta S, but for $99.
#
GWG I may do my own 360 photo posts soon
#
[schmarty] i am excited to see how it works for posting! my own camera has been collecting dust for a bit, so i should get it back out.
mlncn joined the channel
#
GWG [schmarty]: I'll try to find somewhere to go that is 360 worthy.
Pierre-O, Pierre-O1, wolftune, kbs`, KevinMarks, kbs``, sl007, KevinMarks_, cweiske and jihaisse joined the channel
#
pfefferle good morning
#
cweiske hiho
#
Loqi good morning
pindonga, Pierre-O, glennjones, begriffs and j4y_funabashi joined the channel
#
j4y_funabashi morning
julianf, julianf_, Pierre-O, pindonga and [jeremycherfas] joined the channel
#
[jeremycherfas] chrisaldrich++ and thanks for helping me with my twitter formatting
#
Loqi chrisaldrich has 8 karma in this channel (10 overall)
chrisaldrich1 joined the channel
#
cweiske [jeremycherfas], how did you solve it?
sl007, KevinMarks, KevinMarks_, julianf_, pindonga, nitot, camerongray, Pierre-O, glennjones, Pierre-O1 and adactio joined the channel
#
adactio I'm trying to figure out why the Brighton Homebrew Website Club never shows up by default on any event pages. There's a comment there saying the event is monthly, which isn't true. I have no idea how to change this.
Pierre-O, Boobie, nikivi, John_Duh, Garbee, ehlovader and mlncn joined the channel
#
aaronpk adactio: the event pages are all manually copied from previous dates
#
adactio aaronpk: Then why do I keep having to delete that comment every time? There must a template.
#
aaronpk Cause whoever made the page copied from an older one?
#
aaronpk The whole event thing on our wiki is way more manual than it should be right now
ehlovader, leg, Pierre-O, pfefferle, jmelesky and wolftune joined the channel
#
@kevinmarks This progressive web app AMP combo sounds great for a feed reader https://www.smashingmagazine.com/2016/12/progressive-web-amps/ #Indieweb (twitter.com/_/status/807272949510062080)
#
Loqi [indieweb] "This progressive web app AMP combo sounds great for a feed reader https://www.smashingmagazine.com/2016/12/progressive-web-amps/ #Indieweb" by Kevin Marks on 2016-12-09 http://known.kevinmarks.com/2016/this-progressive-web-app-amp-combo-sounds-great-for-a
wolftune joined the channel
#
sknebel aaronpk: has anyone scripted something against the wiki before? I looked into it a while back, but got lost somewhere between the not-so-recent mediawiki version and indieauth
#
aaronpk sknebel: Loqi uses the MW API, but I had to hard-code its login in order to get the API authentication to work.
#
aaronpk the only scripting done in the wiki right now is Loqi
#
sknebel derp, of course Loqi does.
wolftune joined the channel
#
aaronpk I don't think the API has changed too much in newer versions, so most things you'd expect should work. It's also a self-documenting API so once you start poking around it tells you what fields are expected and things.
gRegorLove joined the channel
#
gRegorLove Morning, indieweb
ehlovader and snarfed joined the channel
#
snarfed morning gRegorLove!
#
gRegorLove What's new, snarfed?
#
snarfed work and parenting, always work and parenting :P
#
snarfed you?
snarfed joined the channel
#
gRegorLove Mostly work, some improv classes, no parenting yet :)
ehlovader, leg, wolftune, mlncn, snarfed, duper and thebaer joined the channel
#
prtksxna aaronpk: Special:APISandbox is pretty neat too
wolftune, pfefferle, gavinc, KevinMarks1 and ehlovader joined the channel
#
@ChrisAldrich Joining the #IndieWeb can keep this from happening to you like it did to @miel https://www.youtube.com/watch?v=T9t1ORfVTXU&feature=youtu.be #SayNoToTheSilo #quitsharecropping (twitter.com/_/status/807312414878367744)
#
Loqi [indieweb] "Joining the #IndieWeb can keep this from happening to you like it did to @miel https://youtu.be/T9t1ORfVTXU #SayNoToTheSilo #quitsharecropping" by Chris Aldrich on 2016-12-09 http://stream.boffosocko.com/2016/joining-the-indieweb-can-keep-this-from-happening-to-you
aegibsonme1, julianf, snarfed and wolftune joined the channel
#
julianf Been wondering something about IndieAuth. If a rel-me link can be anywhere on one's home page, and if it's moderately common for a home page to include a feed of third-party comments etc... doesn't that lead to an easy attach vector for bogus rel-me links into anyone's page who isn't taking great care to filter them out?
#
julianf Is this a well known issue, and if so is it documented somewhere?
wolftune joined the channel
#
snarfed julianf: commenting systems that support html generally sanitize it
#
snarfed if you're allowing raw html input, you have much bigger problems than this
#
julianf Erm... you haven't really convinced me :-)
#
julianf IndieWeb encourages DIY implementations.
#
julianf Existing systems generally don't know about the use of rel-me for auth.
#
julianf Etc.
#
KevinMarks Integrating https://ericandrewlewis.com/2016/12/using-gomix-to-share-a-javascript-example-with-npm-dependencies/
#
Loqi [Eric] Using Gomix to share a JavaScript example with npm dependencies
ehlovader joined the channel
#
KevinMarks s/Integrating/interesting/
#
KevinMarks Julianf when we built the Social Graph API a while back we looked at that, and most sites didn't allow you to add rel to links that you posted
#
julianf At this stage I'm just thinking it's a topic I'd expect to be addressed in a "Security considerations" section in the spec.
#
KevinMarks Can you find a site that does allow that?
wolftune joined the channel
#
aaronpk also i'm not convinced of "moderately common for a home page to include a feed of third-party comments"
#
ben_thatmustbeme my home page shows a feed, but it doesn't include the comments in it, and i always filter out html from comments anyway
#
julianf And I'm wondering how much it's been investigated. Good to hear you (plural) looked and found "most sites didn't allow" it. I haven't gone looking yet. I'm asking the question first.
#
aaronpk my home page only has my own posts
#
aaronpk and any comment text i show on post permalinks is thoroughly sanitized, only allowing microformats2 class names and a handful of basic html tags
#
ben_thatmustbeme it certainly could be an attack vector if someone found a page that did have comments on the home page and copied full html
#
aaronpk it's probably worth adding a note on any of our wiki pages that talk about displaying comments that you should never blindly pass through the HTML from comments
#
aaronpk although that's such a basic part of web development that nobody should be surprised about it
#
ben_thatmustbeme yeah, there are definitely a LOT more attack vectors if you do that
#
jonnybarnes aaronpk how are you sanitising the comments?
#
jonnybarnes I’m currently using HTMLpuifier
#
aaronpk same
#
aaronpk i wrote a custom filter for it
#
aaronpk https://github.com/aaronpk/XRay/tree/master/lib/Formats
#
aaronpk oops i mean https://github.com/aaronpk/XRay/blob/master/lib/Formats/HTMLPurifier_AttrDef_HTML_Microformats2.php
#
aaronpk and https://github.com/aaronpk/XRay/blob/master/lib/Formats/Mf2.php#L481
wolftune, j12t and chrisaldrich1 joined the channel
#
Loqi Just generated this week's newsletter! You still have a few minutes to make changes, and I'll re-generate it 10 minutes before it gets sent out at 3pm Pacific time. https://indieweb.org/this-week/2016-12-09.html
#
jonnybarnes if a micropub client queries for syndication targets, but you don’t have any, what should the response be?
tantek joined the channel
#
jonnybarnes at the moment my code is running json_encode(['syndicate-to' => null]) when no targets are defined
#
ben_thatmustbeme am empty array, or syndicate-to being empty, either way the client should be prepared for it
#
aaronpk aw no nurnberg photo?
chrisaldrich_ and wolftune joined the channel
#
gRegorLove Hm. Twitter API adds original in-reply-to usernames to the tweet even if you didn't include it.
#
gRegorLove *additional* in-reply-to usernames, I should clarify.
#
gRegorLove https://gregorlove.com/2016/12/sarah5-youre-supposed-to-think/ vs the syndicated tweet via Bridgy Publish
#
Loqi [gRegor Morrill] @sarah5 You’re supposed to think it to yourself! But thanks. :)
#
gRegorLove That seems weird.
tantek and wolftune joined the channel
#
gRegorLove Slow week in wiki edits.
wolftune and KevinMarks joined the channel
#
aaronpk I thought that was part of their changes to make @reply names not count towards the char limit?
#
aaronpk weird that it has unexpected side effects for you
#
tantek they reverted it right?
#
tantek https://www.buzzfeed.com/alexkantrowitz/twitter-rolls-back-update-after-mass-uproar
#
aaronpk I'm out of the loop apparently
#
tantek before the newsletter goes out
#
tantek aaronpk: can you confirm venue for HWC PDX 2016-12-14? https://indieweb.org/events/2016-12-14-homebrew-website-club#Where
#
tantek !tell Jeena can you confirm venue for HWC Göteborg 2016-12-14? https://indieweb.org/events/2016-12-14-homebrew-website-club#Where
#
Loqi Ok, I'll tell them that when I see them next
#
tantek !tell KevinMarks,benwerd can you confirm venue for HWC SF 2016-12-14? https://indieweb.org/events/2016-12-14-homebrew-website-club#Where
#
Loqi Ok, I'll tell them that when I see them next
#
tantek Looks like LA is virtual this week
#
aaronpk hm gotta find a new neighborhood spot
KevinMarks, aegibsonme and rrix joined the channel
#
Loqi Generated the final version of the newsletter! This will be sent out at 3pm Pacific time. https://indieweb.org/this-week/2016-12-09.html
#
@HongPong we have to look at http://indieweb.org and move forward making independent platforms. they can filter out left-… https://twitter.com/i/web/status/807358995283476480 (twitter.com/_/status/807358995283476480)
#
Loqi [indieweb] "Homebrew Website Club PDX" on 2016-12-09 http://calagator.org/events/1250471174
#
Loqi Homebrew Website Club PDX on Wednesday, Dec 14, 7:30pm at Sam's Billiards
mlncn, Pauho, KevinMarks and tantek joined the channel
#
@indiewebcamp This week in the #indieweb https://indieweb.org/this-week/2016-12-09.html (twitter.com/_/status/807362950881099776)
[kevinmarks] joined the channel
#
[kevinmarks] Twitter has been testing the invisible canoe update for a while in buckets
#
Loqi [kevinmarks]: tantek left you a message 55 minutes ago: can you confirm venue for HWC SF 2016-12-14? https://indieweb.org/events/2016-12-14-homebrew-website-club#Where
#
[kevinmarks] I asked Stacey, we'll see. If not it may be a coffee shop/bar
KevinMarks joined the channel
#
gRegorLove What's invisible canoe update?
wolftune, nikivi and KevinMarks joined the channel