#dev 2017-01-05

2017-01-05 UTC
tantek joined the channel
#
tantek.com uploaded /Special:Log/upload "uploaded "[[File:2017-01-04-itunes-bad-network-alert.png]]""
#
tantek.com edited /iTunes (+1447) "Misleading iTunes Store error alert" (view diff)
#
loqi.me created /We_could_not_complete_your_iTunes_Store_request (+55) "prompted by tantek and dfn added by tantek" (view diff)
miklb and chrisaldrich joined the channel
#
tantek.com edited /LiveJournal (+349) "/* Criticisms */ Controlled by Russia with citation" (view diff)
miklb joined the channel
#
tantek what the what. since when has github wikis had "Edit mode:" where you can switch from Markdown to Mediawiki and back?!?
#
tantek oh haha it doesn't actually translate it back/forth, it just re-interprets the "source" ?
#
Loqi nice
KevinMarks joined the channel
#
tantek markdownhyperlinksyntax--
#
Loqi markdownhyperlinksyntax has -1 karma
#
tantek seriously wtf
KevinMarks joined the channel
#
loqi.me created /app_quits (+22) "prompted by tantek and dfn added by tantek" (view diff)
#
tantek.com edited /app-quits (+313) "Ben Werdmuller FB & Twitter" (view diff)
#
loqi.me edited /identity (+72) "/* See Also */ new section" (view diff)
#
loqi.me edited /like (+105) "tantek added "https://www.fastcodesign.com/3066415/how-stories-solved-instagrams-biggest-threat-self-conscious-users" to "See Also"" (view diff)
#
tantek.com edited /design (+20) "/* See Also */ design-satire" (view diff)
#
tantek.com created /design-satire (+730) "try stubbing this in a way which obscures the profanity to at least the casual viewer" (view diff)
chrisaldrich, tantek and cweiske joined the channel
#
@htmlvv @nhoizey @borisschapira Tu as déjà fouillé un peu ? Bridgy ? IndieAuth ? (twitter.com/_/status/816925840193765376)
#
@nhoizey @htmlvv Je dois me mettre plus sérieusement à Webmention et Micropub, pour commencer. +@borisschapira (twitter.com/_/status/816928863951458308)
#
myfreeweb why does woodwind say no feeds found for rhiaro.co.uk? there are some h-entries…
#
rhiaro It's probably not sending an accept header, and getting JSON instead of HTML
#
rhiaro Everyone is having this problem with my site at the moment :)
#
rhiaro Lesson: if you can only handle one content type, ask for it
#
rhiaro Lesson 2: rhiaro makes things too complicated, don't parse her stuff
#
myfreeweb heh, i remember some content-type/accept issues on my stuff as well :D
#
Zegnat not defaulting to HTML is an interesting move on HTTP, rhiaro. Not sure how I feel about that.
kants and petermolnar joined the channel
#
rhiaro I figured that HTML is for browsers and browsers send accept headers
#
rhiaro Scripts which don't bother probably want JSON
#
rhiaro Except for all this microformats stuff, though that usually ends up as JSON anyway so things that are converting could request JSON
#
cweiske do you send a special content type with your mf json?
#
cweiske Content-Type: application/ld+json
#
Zegnat It just isn’t very Hypertext, imho ;)
#
petermolnar I see rhiaro is embracing the "machine first" directive
#
petermolnar advice for many: the setup of having a host which forwards with iptables into an lxc container, which has an nginx, which proxies based on domain into other lxc containers on the same host effects your network quite bad
#
myfreeweb heh i'm planning the setup for moving unrelenting.technology to a new vps… i think i'll set up an nginx in a jail with host networking, proxying to apps in their own jails over unix sockets
#
myfreeweb i wrote a thing to run apps on demand and shut them down when unused https://github.com/myfreeweb/soad
#
petermolnar unix sockets might be fine, and from the word jail I assue *BSD, which is a different best
#
petermolnar beast
#
myfreeweb yeah i run freebsd everywhere i can
#
petermolnar this was over tcp on an internal veth
#
petermolnar on debian
#
petermolnar had I done it over unix sockets, I probably would have prevented the issue
#
petermolnar for now I got tired and fed up with the thing and moved all the mind blowing number of 7 sites of friends onto the same lxc container
#
petermolnar and now it's happy
#
myfreeweb freebsd's veth like thing (vimage/vnet) was buggy for a while, they fixed it now… but there always was the other option — you just assigned ip addresses to jails, and they were set up as aliases on your net interface. i don't think linux has such a setup?
#
myfreeweb what exactly was the issue with veth? more latency?
#
petermolnar latenxy for sure, not rare enough cases of connection reset
#
petermolnar I've been planning to move to freebsd for more than a year, but never got the time to learn the bare minimums enough :(
#
petermolnar nice, I see ips trying to reach my no-more-existing wp-admin.php ... shall I assume those are not visitors? :D
#
GWG petermolnar, I see that from bots on sites run on and off WordPress
#
cweiske the 404 list on my page is very long, mostly from bots checking if I run some vulnerable software
#
cweiske 710 requests to /wp-login.php in 5 days
#
@nhoizey Essentiel pour IndieAuth, d’ailleurs… https://twitter.com/loicmathaud/status/817001648388239365 (twitter.com/_/status/817002353337450496)
#
aaronpk is there something i can do to punish bots that probe for wp-login.php? can i send back like super large files or something? redirect them to a 100mb video file?
#
petermolnar fail2ban
#
petermolnar but the streaming them a large file is not a bad idea
#
petermolnar however, if you do that, you're essentially dosing yourself
#
petermolnar see slowloris.pl
#
petermolnar (script, not site)
#
petermolnar just fail2ban and either DROP or REJECT
#
petermolnar DROP is probably punishing enough
#
aaronpk yeah that's probably a good idea
#
petermolnar https://petermolnar.net/secure-wordpress-with-nginx-and-fail2ban + https://petermolnar.net/fail2ban-nat-hosts, if you need it
#
aaronpk thx
#
aaronpk i haven't used it before actually
#
petermolnar wow, you're a brave man :D
#
aaronpk sadly this is not a visible improvement so won't count towards #100daysofindieweb
#
petermolnar well... that depends where you cross the line with indieweb
#
petermolnar if you run your own server, I'd count this in
#
aaronpk eh, the goal was visible improvements specifically
#
aaronpk "It must be something with a publicly visible result (e.g. has a visible effect on the presentation of your web page, or is an improvement to an open source tool)"
#
aaronpk https://indieweb.org/100DaysOfIndieWeb
#
aaronpk i just have to pick a small improvement and get that out of the way first :)
#
@ajspadial Hi there @ChrisAldrich! I'd like to add webmentions, but I haven't worked on it yet. What kind of collaboration are you thinking about? (twitter.com/_/status/817032275183472640)
#
sebsel petermolnar So when I post a link here to petermolnar.net's wp-login.php, Loqi gets banned? :o
#
petermolnar only if Loqi does that for 3 times :)
#
aaronpk heh
#
sebsel That's better. But someone else can potentially exclude your posts from showing up in webmentions.io
#
sebsel for example.
#
aaronpk loqi and webmention.io both use XRay to fetch the post, which is on appengine, so it may use different IPs
#
petermolnar now that's an interesting attack vector
#
petermolnar essentially forcing me to ban services by asking services to poke me
#
petermolnar I don't really like that idea
#
petermolnar because I have no idea how to prevent it
#
sebsel yeah :(
#
aaronpk hm should i be adding rel=nofollow to links in comments?
#
voxpelli aaronpk: if you don't trust the author of it, then yes?
#
aaronpk ah good point
#
aaronpk !tell tantek what is h-cassis-username? e.g. in http://tantek.com/2016/301/t3/why-twitter-growth-stalled-broken-locked
#
Loqi Ok, I'll tell them that when I see them next
#
Loqi [Tantek Çelik] Why @Twitter growth stalled: 1 Broken sign-up https://aaronparecki.com/2016/10/15/11/twitter 2 Locked new @PostTypeDisc for 2 account follows...
#
aaronpk hm i have an autolinking problem
#
aaronpk i want to autolink @-mentions in text, but not if the @-mention is already in an <a> tag
#
aaronpk looks at cassis source
#
voxpelli that sounds like a superfun challenge :P
#
aaronpk hm cassis gets it right
KartikPrabhu and gRegorLove joined the channel
#
gregorlove.com edited /Convoy (+31) "link name" (view diff)
#
aaronpk opens up casses
#
aaronpk runs away in terror
#
aaronpk sure would be nice if these variables were named something where i could understand what they are for
#
aaronpk $spe = substr($spliti, -2, 2); ?
#
aaronpk ???? !preg_match('/(?:\\=[\\"\\\']?|t;)/', $spe)
KartikPrabhu joined the channel
#
gRegorLove Haha
#
Loqi gRegorLove: tantek left you a message 2 weeks, 2 days ago: not seeing the link to LA/Planning from /Planning#Completed but that approach sounds good
#
Loqi gRegorLove: lol
#
gregorlove.com edited /Planning (+64) "/* Completed */ LA 2016 planning notes" (view diff)
tantek joined the channel
#
aaronpk edge cases man
#
aaronpk autolinking is hard, why hasn't this been solved once?
#
aaronpk cassis does too much autolinking so i don't want to use it
#
aaronpk notices the "do embeds or not" option and tries it out
#
aaronpk oh yeah, with cassis autolink i can't override what happens with the @names
#
aaronpk i'm also mildly amused that cassis autolink doesn't catch tantek's permashortcitations
#
tantek huh?
#
Loqi tantek: aaronpk left you a message 1 hour, 53 minutes ago: what is h-cassis-username? e.g. in http://tantek.com/2016/301/t3/why-twitter-growth-stalled-broken-locked
#
tantek it's a one-off library specific object just for folks to pull out that auto-linked user as an object. barnabywalters uses it
#
aaronpk ooh i think i found a bug
#
tantek I believe it :)
#
tantek what kind of @-name override functionality are you looking for?
#
aaronpk i want to override @-names from my nicknames cache
#
tantek also, permashortcitations are *not* supposed to be auto-linked
#
tantek if they were linked they would be permashortlinks
#
aaronpk okay well if PSCs aren't supposed to be autolinked, then it should probably not autolink the domain in them
#
tantek sigh yeah I need to figure that out
#
aaronpk right now it turns (ttk.me t4m92) into (<a href="http://ttk.me/">ttk.me</a> t4m92)
#
Loqi Tantek Çelik h
#
tantek perhaps I'll not autolink a domain if it is preceded by '(' and suffixed with ' '
#
tantek I think that will precisely catch those cases
#
tantek did you already file an issue on this?
#
aaronpk i can
#
aaronpk i have another one
#
aaronpk related
#
tantek I think this one is worth a specific issue
#
aaronpk in <a href="http://example.com/">from example.com!</a> the autolinker catches the inner domain name and puts an <a> in the <a>
#
aaronpk yeah i guess those are different
#
tantek wait a minute, I didn't say it can auto-link HTML !
#
aaronpk it's supposed to be idempotent
#
tantek if it's HTML, you've presumably already got links!
#
tantek yes it is, on its own output
#
tantek it would never generate <a href="http://example.com/">from example.com!</a>
#
aaronpk hm
#
tantek :P
#
aaronpk why is autolinking comment text so hard
#
tantek that's a good use-case
#
tantek because I'm not displaying comments yet?
#
tantek (so haven't had to scratch that itch yet ;) )
#
tantek aaronpk do you have suggestions for how to support @-names linking via a nicknames cache?
#
tantek pass in a @-names dictionary?
#
tantek have it check there first, and then if not found, just link to Twitter?
#
aaronpk hm that could work... the other option is providing a callback function so I can run whatever code when a nickname is found
#
aaronpk the dictionary might be too big
#
tantek both have perf implictions
#
aaronpk i think the dictionary leads to worse performance because it will load it for autolinking every comment even if there are no nicknames
#
tantek that dictionary being too big (i.e. too many people have their own websites) would be a good problem to have ;)
#
tantek oh right
#
tantek it could call out to a custom @-name auto-link function
#
tantek if provided, otherwise it would just do its default @-name linking
#
aaronpk yeah maybe the cassis way of doing it would be to check for the existence of a named function (either window.whatever in JS or function_exists('whatever') in PHP)
#
tantek yeah - good point!
#
aaronpk i'm not sure if you can do actual callback functions the same way in JS and PHP
#
aaronpk so my broader problem is that I don't know whether the comment text is HTML or not
#
tantek wait a minute, I thought we totally solved that problem
#
tantek you should know from the microformats
#
aaronpk or another way of phrasing it is, "http://example.com" is valid HTML and I would still want to autolink that even if the author did not
#
Loqi yea!
#
tantek forget auto-linking, you need to know for escaping
#
aaronpk also even if HTML is provided, I can't be sure that the author has linked hashtags or @-names in their HTML so I want to do a pass on those too
#
tantek that's a different problem and I'm totally not going to solve that one
#
tantek processing arbitrary HTML -> HTML is definitely not on my list
#
aaronpk that's already mostly done for me by XRay. it sanitizes HTML, and leaves only a small list of tags as well as mf2 classes.
#
tantek auto-linking arbitrary (even semi-processed) HTML requires a very different approach. You basically have to parse the HTML completely, and then apply plain-text auto-linking to each text-node.
#
aaronpk each text-node that is not in an anchor tag
#
tantek or <button>
#
aaronpk or <script> :P
#
tantek yep, make a list
#
aaronpk oh boy
#
tantek this is why I didn't bother
#
aaronpk but i want it
#
tantek I can see why for @-names in comments, but I'm not so sure about arbitrary URLs
#
tantek at least in articles, I've written domains and URLs that I deliberately don't want linked
#
aaronpk well the same problem applies to @-names and hashtags
#
tantek either to not give them search juice, or traffic, or to add a barrier to a bad site
#
aaronpk <a href="http://example.com">hello #world</a> should not be autolinked, but "hello #world" should
#
ben_thatmustbeme ironically in my irc client it autolinked 'http//example.com' because it doesn't understand html
#
ben_thatmustbeme heh
#
aaronpk mine did it worse https://media.aaronpk.com/Screen-Shot-2017-01-05-11-38-55.png
#
tantek lol
#
ben_thatmustbeme lol, acutally, mine autolinks '#world</a>' but it doesn't turn it blue
#
ben_thatmustbeme '#world</a' rather
#
ben_thatmustbeme which is really odd
#
ben_thatmustbeme although i clicked it and it created that room, so i guess thats technically the correct thing to do if IRC supports chat names like that
#
tantek I think my IRC client auto-handles clicks on any #-name or use of a nickname in plain text, and either joins that room or opens a pm window respectively
#
tantek cursor just changes from arrow to hand with pointer finger, no other visual cue
#
ben_thatmustbeme i have underline on room names and people names, blue on urls
#
ben_thatmustbeme err underline when hovering on both of those things actually
#
aaronpk okay yeah i can see dropping autolinking plaintext URLs in HTML
#
aaronpk so then the problem is just: avoid autolinking @-names and #hashtags if they are inside specific HTML elements
#
aaronpk and then a separate issue for p3k is knowing whether the comment was parsed as HTML vs plaintext which it does not right now
#
tantek a-ha! yes that's key information to pass along from the microformats parsing
#
aaronpk i think it gets lost from the webmention.io web hook to p3k so that should be easy
#
tantek avoid *any* auto-linking inside specific HTML elements (A, AREA, BUTTON, SCRIPT, TEXTAREA, ... ?)
#
loqi.me created /LFNW (+112) "prompted by tantek and dfn added by Salt" (view diff)
#
loqi.me created /FLOSS (+72) "prompted by tantek and dfn added by Salt" (view diff)
#
aaronpk ah yes, webmention.io indicates whether the comment was parsed as HTML or text
#
aaronpk okay this is progress. now i'm only running autolink on plaintext comments
#
tantek makes sense
#
aaronpk here's an example from boffosocko.com where i want to autolink the @name but it's in HTML https://aaronparecki.com/2017/01/03/10/day14-alexa-app
#
Loqi [Aaron Parecki] Day 14: Posting to my Website from Alexa #100DaysOfIndieWeb
#
aaronpk other than that, this looks better
#
aaronpk not trying to messily autolink html sovled a lot of my edge cases :)
#
aaronpk tantek++
#
Loqi tantek has 2 karma in this channel (311 overall)
#
tantek yay!
#
Loqi ?
#
aaronpk ellipsizing HTML has similar challenges
pfefferle and tantek joined the channel
#
aaronpk heh, now that i show images in comments, i'm going to have to start archiving those and rewriting the img tag
#
tantek whoa
#
tantek so I'm auto-internet-archiving any images I link to
#
tantek but that's not the same thing
#
tantek though potentially more helpful to more people? since the archive is available to anyone
#
aaronpk that'd be another way to do it
#
aaronpk i'm just going to have the same problem i had with broken avatars soon
#
tantek right
#
tantek though people don't often embed images in your comments do they?
#
tantek I mean, I should be seeing this problem with external images right?
#
aaronpk i have a recent one from a facebook comment
#
tantek (though in my primary posts, not in comments obv)
#
tantek interesting!
#
tantek what is an image comment?
#
Loqi It looks like we don't have a page for "image comment" yet. Would you like to create it?
#
tantek what is a photo comment?
#
Loqi photo comment is what a photo reply looks like in the context of the original post that it is in-reply-to https://indieweb.org/photo_comment
#
tantek image comment is [[photo comment]]
#
Loqi ok
#
loqi.me created /image_comment (+26) "prompted by tantek and dfn added by tantek" (view diff)
#
tantek what is a photo reply?
#
Loqi photo reply is a reply with a photo, thus also a photo post that is in-reply-to another post https://indieweb.org/photo_reply
#
tantek in case that helps aaronpk
#
aaronpk aw crap my image data URI handling broke
#
aaronpk well that was a surprisingly complicated one
KevinMarks joined the channel
#
tantek aaronpk, really? "thoroughly sanitized" ?
#
tantek nudges bear ;)
#
aaronpk what you think i am not sanitizing it enough?
#
tantek I am saying I don't think that is a "solved problem" from a security perspective, and that asserting "thoroughly" is perhaps a bit naive
#
aaronpk http://htmlpurifier.org/
#
paultibbetts.uk edited /events/2017-01-25-homebrew-website-club (+673) "adds Birmingham, UK" (view diff)
#
tantek lol: htmlpurifier.org/##Hall of Shame
#
tantek aaronpk, I'd want to see some security testimonials on their home page
#
tantek from security professionals who have code-reviewed and or tried to exploit it
#
tantek that being said, it would be interesting to try to develop a subset of HTML that was "safe" as it were, a profile that could be used as the target of a purifier like that
#
tantek (nevermind that any security professional will first balk at them not using https!)
#
tantek hah! the downloads are also http-only!
#
aaronpk they run it against the big list of XSS attacks http://htmlpurifier.org/live/smoketests/xssAttacks.php
#
tantek aaronpk are you using that? and did you check their sha-1 checksums of their downloads?
#
aaronpk that's what i'm using yes. i installed it via composer
#
tantek huh, also looks like it is available via github, so that's https at least
#
aaronpk which gets it from github
#
tantek hey aaronpk, what no CASSIS auto_link love in your post? ;)
#
aaronpk i'm not using it, sorry!
#
tantek oh! I thought you were
#
aaronpk i was considering it, but changed my mind
#
tantek what did you end up using? or did you fork it?
#
tantek I was wondering how / what you link hashtags in comments to
#
aaronpk they link to my tag pages
#
gregorlove.com moved /LFNW to /LinuxFest_Northwest "Canonical name"
#
tantek hmm - do you think that reflects commenter intent?
#
aaronpk hard to say. for silo posts, i suppose the "correct" thing is to link to the tag page on the silo
#
aaronpk but, for non-silo posts...
#
tantek is it? I'm not sure either
#
gregorlove.com edited /LinuxFest_Northwest (+40) "canonical name, link" (view diff)
#
aaronpk what is a tag comment?
#
Loqi It looks like we don't have a page for "tag comment" yet. Would you like to create it?
#
tantek what is a tag reply?
#
Loqi A tag reply is a response to a post that tags that post with one or more tags https://indieweb.org/tag-reply
#
gRegorLove what is lfnw
#
Loqi LinuxFest Northwest (LFNW) is an annual Spring FLOSS conference in Bellingham, WA https://indieweb.org/LFNW
#
aaronpk so it's a step in the direction of a tag-reply
#
tantek tag comment is what a [[tag reply]] looks like in the context of the original post that it is [[in-reply-to]]
#
loqi.me created /tag_comment (+141) "prompted by aaronpk and dfn added by tantek" (view diff)
#
Loqi ok
#
tantek aaronpk, not quite
#
tantek a tag reply is a reply that is tagging *your* original post
#
KevinMarks Gah, I was replying in slack
#
aaronpk oops sorry
#
tantek aaronpk, so in that situation, the tag intention is clear, it *is* intended to be tagged within the context of your site
#
KevinMarks So when I do a tweet quote from a piece and add #indieweb does that qualify?
#
tantek a tag reply is very different than a reply with hashtags
#
aaronpk i don't really care enough about this to think about it right now
#
tantek looks up the /quotation page for this
#
KevinMarks Well, when I do that my goal is to tag it in my bookmarks (on pinboard) and I know it will show up here too
#
tantek KevinMarks: right, personal context intent, not necessarily back to the original
#
KevinMarks Deciding how to link a tag yourself is fine. I cite Technorati tags as precedent
#
aaronpk because i'm only autolinking plaintext, the tweet replies from bridgy actually link to twitter hashtag pages
#
KevinMarks What do known ones do?
#
tantek KevinMarks, you'll have to disambiguate known
#
tantek waits for aaronpk to build his own personal taggregator
#
KevinMarks Ah, with known you get an html comment, so it links to the hashtags on my known site
#
tantek aaronpk, how much work would it be for Loqi to ping internet archive for all the links in anything said in IRC that it is saving / showing in the logs?
#
tantek e.g. if we paste a tweet here, then Loqi pings internet archive to archive it as well as saving the IRC text to its logs database
#
tantek the goal/effect is that all links in our IRC logs get save in the internet archive, so if (when?) those links die, the IRC log could redirect to the internet archive version instead
#
KevinMarks Svgur.com now pings Internet archive for each svg uploaded
#
aaronpk pinging is easy
#
tantek nice
#
gregorlove.com created /events/2017-01-11-homebrew-website-club (+7529) "basic event info, venues TBD" (view diff)
#
tantek aaronpk, in that case there's an easy project for you ;)
#
tantek (for tomorrow or whenever :) )
#
www.boffosocko.com edited /RSS (+1324) "Chris Aldrich example; some additional projects; reference for WordPress" (view diff)
#
tantek what is internet archive?
#
Loqi The Internet Archive is a non-profit organization that is building a digital library, including archival copy of much of the public web https://indieweb.org/Internet_Archive
#
tantek aaronpk, for your convenience: https://indieweb.org/Internet_Archive#Trigger_an_Archive
#
tantek Kevinmarks, so svgur.com pings IA for svgur posts themselves?
#
gregorlove.com edited /events/2017-01-11-homebrew-website-club (-7) "/* Where */ Bellingham" (view diff)
#
KevinMarks Yes
#
tantek like a way of auto-backing-up svgur posts?
#
tantek interesting
#
aaronpk done
#
tantek wat
#
tantek this isn't 101indiewebprojects :P
#
aaronpk i just added it to the code that does link previews
#
KevinMarks It also makes the hash stuff work
#
gregorlove.com edited /events/2017-01-11-homebrew-website-club (+14) "/* Bellingham WA */ +me" (view diff)
#
aaronpk let's see if it works https://aaronparecki.com/2017/01/05/6/day-16-comments
#
Loqi [Aaron Parecki] Day 16: Improved Comments Display for p3k #100DaysOfIndieWeb
#
gregorlove.com edited /next-hwc (+0) "next" (view diff)
#
gregorlove.com edited /Main_Page (+74) "/* Homebrew Website Club */ next two hwc" (view diff)
#
bear hmm, that would be a fun project - a test app that checks html sanitizers against known attacks
#
tantek yes!
#
tantek what is an html sanitizer?
#
Loqi It looks like we don't have a page for "html sanitizer" yet. Would you like to create it?
#
tantek hmm I thought we had something
#
tantek what is sanitize?
#
Loqi sanitize, specifically "sanitizing HTML", "sanitizing for (display inside) HTML", or "sanitization" is a common operation performed by any site which displays content from external sources, including user entry https://indieweb.org/sanitize
#
tantek html sanitizer is sanitize
#
loqi.me created /html_sanitizer (+58) "prompted by tantek and dfn added by tantek" (view diff)
#
Loqi ok
#
bear adds that to his todo list
#
tantek oops
#
tantek makes the same mistake he pointed out like a day or two ago
#
KevinMarks Repeated mistakes imply a ux change
#
tantek sanitize << http://htmlpurifier.org/
#
loqi.me edited /sanitize (+27) "tantek added "http://htmlpurifier.org/" to "See Also"" (view diff)
#
Loqi ok, I added "http://htmlpurifier.org/" to the "See Also" section of /sanitize
#
tantek KevinMarks: in this case I don't think I made the mistake *before* someone else did *and* I pointed it out! It was like pointing out the mistake trained my brain to then repeat it!
#
tantek (that's a nasty meme)
#
tantek sanitize << http://htmlpurifier.org/live/smoketests/xssAttacks.php
#
loqi.me edited /sanitize (+57) "tantek added "http://htmlpurifier.org/live/smoketests/xssAttacks.php" to "See Also"" (view diff)
#
Loqi ok, I added "http://htmlpurifier.org/live/smoketests/xssAttacks.php" to the "See Also" section of /sanitize
#
gregorlove.com edited /Homebrew_Website_Club (-140) "/* Bellingham */ rm hiatus note" (view diff)
#
petermolnar damn, I have a shortcode collision when the post time is the same on two posts
#
tantek same # of seconds?!?
#
aaronpk well that's odd
#
petermolnar I can manually add the post publish date
#
aaronpk oh hm maybe there's just a delay
#
aaronpk looking up a URL posted in here on the wayback machine says it wasn't archived yet. but then changing https to http made it show up
#
aaronparecki.com edited /100DaysOfIndieWeb (+211) "more 100 days projects" (view diff)
#
tantek aaronpk, I've seen similar IA weirdness with http(s)
#
aaronpk i think it might just be a caching/delay thing actually
#
aaronpk so i'm pretty sure the automatic archiving from links here works but haven't actually confirmed it yet
#
tantek it takes up to about 60 sec in experience
#
tantek depends on how busy their crawlers are
#
tantek I'm guessing they may be particularly busy crawling things that could change drastically in ~15 days.
#
loqi.me created /OSCON (+79) "prompted by tantek and dfn added by Salt" (view diff)
#
KevinMarks Also backing up everything to Canada
#
gregorlove.com edited /Planning (+160) "/* Seattle */ Possible dates/Other events" (view diff)
#
loqi.me created /robots (+124) "prompted by tantek and dfn added by bear" (view diff)
#
loqi.me created /denyhost (+167) "prompted by tantek and dfn added by bear" (view diff)
#
loqi.me edited /admin (+16) "tantek added "[[admin tax]]" to "See Also"" (view diff)
#
loqi.me edited /admin (+15) "tantek added "[[fail2ban]]" to "See Also"" (view diff)
#
loqi.me edited /admin (+15) "tantek added "[[denyhost]]" to "See Also"" (view diff)
#
loqi.me edited /robots.txt (+51) "/* See Also */ new section" (view diff)
#
tantek.com moved /Robots.txt to /robots_txt "because URL overloading"
#
tantek.com deleted /Robots.txt "content was: "#REDIRECT [[robots txt]]" (and the only contributor was "[[Special:Contributions/Tantek.com|Tantek.com]]")"
#
aaronparecki.com deleted /robots.txt "delete to make room for [[robots txt]]"
#
loqi.me created /robots.txt (+23) "prompted by aaronpk and dfn added by aaronpk" (view diff)
#
tantek.com deleted /robots.txt "content was: "#REDIRECT[[robots txt]]" (and the only contributor was "[[Special:Contributions/Loqi.me|Loqi.me]]")"
#
bear.im edited /fail2ban (+265) "add see also's and whitelist note" (view diff)
#
bear.im edited /denyhost (+250) "add see also's and whitelist note" (view diff)
#
tantek hey, out of curiosity, does anyone's site here have a posted data retention policy?
#
KartikPrabhu what's that?
#
tantek you know, of any data your server keeps about any visitor
#
tantek part of a privacy policy / ToS
#
tantek sometimes a /disclosure of sorts
#
tantek things like web server logs
#
tantek or especially if your site has user accounts
#
tantek e.g. any Known or WordPress site
#
tantek might want to figure that out in the next 15d
#
tantek KartikPrabhu: the corresponding silo related concerns: https://twitter.com/search?f=tweets&vertical=default&q=from%3Apinboard%20delete
#
tantek This might be good advice for indieweb sites (and software) also: https://twitter.com/Pinboard/status/796348048049782784
#
Loqi [@Pinboard] @printfJess delete whatever you can, don’t collect data, if you have to collect it, don’t store it, if you store it, don’t store it for long
#
tantek There's a natural tension between that and caching though
#
tantek How shall we document this for indieweb? E.g. what are best practices, examples thereof, software implementations etc.